Program, information processing device, information processing system, and information processing method
The SaaS management program dynamically adjusts service content based on user account states to address account compromises and status changes, ensuring secure and continuous SaaS service usage.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- HENNGE CO LTD
- Filing Date
- 2025-12-05
- Publication Date
- 2026-07-08
AI Technical Summary
Existing SaaS systems face issues with account infringement, leading to information leakage and service disruptions, and require flexible security measures to allow continuous and appropriate use by users transitioning through different states such as account breaches, user departures, or changes in user status.
A SaaS management program that includes a content control unit to dynamically adjust SaaS service content based on user account states, allowing for secure and continuous service usage by configuring service levels in response to account compromises or status changes.
Enables secure and continuous use of SaaS services by dynamically adjusting service content in response to account compromises or status changes, ensuring security without disrupting user access.
Smart Images

Figure 2026114968000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a program, an information processing apparatus, an information processing system, and an information processing method.
Background Art
[0002] Conventionally, there exists an apparatus for managing SaaS (SaaS is an abbreviation for Software as a Service, the same applies hereinafter) (for example, Patent Document 1). SaaS is cloud-based application software. For example, the software is managed on a cloud server on the Internet, and users enjoy the service by accessing it through a web browser or a dedicated application. SaaS is highly convenient because users do not need to install or maintain the software on a local server and can be used from anywhere with an Internet connection.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In recent years, there have been cases of account infringement where a third party illegally accesses a user's SaaS account, impersonates a legitimate user, and causes information leakage or abuse.
[0005] In an organization such as a company, the infringement of a user's account puts the user's personal privacy and business confidential information at risk. In the use of SaaS, it is important to be aware of security measures.
[0006] Furthermore, in the event of an account breach, to prevent significant damage, users may be logged out indiscriminately and their sessions for the services they are using may be disabled. However, such measures can lead to problems such as users being unable to access necessary data. Therefore, it is desirable to allow users whose accounts have been breached to continue using SaaS services by, for example, modifying the service they receive (e.g., lowering the service level).
[0007] Furthermore, for example, when a user leaves an organization such as a company (e.g., resigns), it becomes necessary to strengthen security for the person who is about to leave. Therefore, it is desirable to allow users who are leaving the organization to change the service content in advance (e.g., lower the service level) so that they can continue to use the SaaS service.
[0008] Furthermore, for example, if a user returns to Japan from abroad, it may be necessary to relax user security and improve convenience. In other words, it is desirable to modify the service content for that user (for example, by raising the service level) so that they can continue to use the SaaS service.
[0009] In view of the above-mentioned problems, the present invention aims to provide a program, an information processing device, an information processing system, and an information processing method that enable the appropriate and continuous use of SaaS services. [Means for solving the problem]
[0010] (1) The present invention is It is a SaaS management program, The management department manages the SaaS provided to the user, associated with the user's account, A configuration section that pre-configures the contents of a specific SaaS service in relation to the user's account, When a user's account transitions to a specific state, the computer functions as a content control unit that changes the SaaS service content of that account to the SaaS service content of that specific state. The content control unit, This invention relates to a program that determines that a user's account has entered a specific state when the user's status reaches a predetermined state.
[0011] The present invention relates to an information storage medium storing the above-mentioned program, an information processing device (for example, a server device) configured as the above-mentioned parts, an information processing system configured as the above-mentioned parts, and an information processing method for executing the above-mentioned parts.
[0012] According to the present invention, when a user's status reaches a predetermined state, it is determined that the user's account has entered a specific state. Then, when the user's account transitions to the specific state (enters the specific state), the present invention changes the SaaS service content of the account to the SaaS service content of the specific state. Therefore, the present invention enables the appropriate and continuous use of SaaS services.
[0013] (2) The present invention is It is a SaaS management program, The management department manages the SaaS provided to the user, associated with the user's account, A configuration section that pre-configures the contents of a specific SaaS service in relation to the user's account, When a user's account transitions to a specific state, the computer functions as a content control unit that changes the SaaS service content of that account to the SaaS service content of that specific state. The setting unit is, When multiple SaaS applications are managed in association with a user account, you can configure the specific state of the SaaS service for each SaaS application. The content control unit, This program is characterized by changing the SaaS service content for each SaaS associated with a user's account to reflect the SaaS service content of the specified state when the account for at least one of several SaaS applications associated with that user's account transitions to a specific state.
[0014] The present invention relates to an information storage medium storing the above program, an information processing apparatus (e.g., a server apparatus) configured as the above respective parts, an information processing system configured as the above respective parts, and an information processing method for executing the above respective parts.
[0015] When the user's account transitions to a specific state, the present invention changes the SaaS service content of the account to the SaaS service content in the specific state, so that the SaaS service can be appropriately continued. Further, the present invention can appropriately continue to use each SaaS.
[0016] (3) Also, in the program, information storage medium, information processing apparatus, information processing system, and information processing method of the present invention, the content control unit, when detecting an infringement state of a SaaS account, may determine that the user's account has become a specific state.
[0017] According to the present invention, when detecting an infringement state of a SaaS account, it is determined that the user's account has become a specific state, and the SaaS service content of the account is changed to the SaaS service content in the specific state. Therefore, when the SaaS account is in an infringement state, security measures can be taken and the SaaS service can be continued to be used.
[0018] (4) Also, in the program, information storage medium, information processing apparatus, information processing system, and information processing method of the present invention, the setting unit, sets the service content of multiple stages of SaaS in a specific state, the content control unit, when the user's account transitions to a specific state, sets the SaaS service content of the account to the service content of the first stage of SaaS in the specific state, Based on predetermined conditions, the SaaS service content of the account may be set to the service content of the second stage of SaaS in a specific state.
[0019] According to the present invention, when the user's account transitions to a specific state, the service content of the first stage is quickly set, and then, based on predetermined conditions (for example, instructions of a predetermined user, elapse of a predetermined period from the time when the specific state is detected, etc.), it can be set to the service content of the second stage. Therefore, furthermore, appropriate SaaS service content can be set.
[0020] (5) Also, in the program, information storage medium, information processing apparatus, information processing system, and information processing method of the present invention, the setting unit when there are a plurality of users, for each user, the SaaS service content in a specific state may be set in advance in association with the user's account.
[0021] According to the present invention, for each user, the SaaS service content in a specific state can be appropriately performed for the user.
[0022] (6) The present invention is an information processing system in which a server device and a SaaS providing server that provides an email service are connected via the Internet, wherein the server device includes a management unit that manages the SaaS provided by the SaaS providing server in association with the user's account, a setting unit that sets the SaaS service content when an infringement state of the user's SaaS account is detected in association with the user's account, and a content control unit that changes the SaaS service content of the user by transmitting a setting command regarding the SaaS service content when the infringement state of the user's SaaS account is detected to the SaaS providing server via a communication interface when the infringement state of the user's account is detected. The aforementioned setting command is: The present invention relates to an information processing system characterized by a command that restricts the sending and / or receiving of emails from the aforementioned SaaS account.
[0023] The present invention relates to an information storage medium storing a program for making a computer function as one of the above components, an information processing device (for example, a server device) that constitutes one of the above components, and an information processing method for executing one of the above components.
[0024] According to the present invention, when a user's account is found to be compromised, a configuration command regarding the content of the SaaS service in the event of a compromise in the user's SaaS account is sent to the SaaS provider server via a communication interface, thereby changing the content of the user's SaaS service. Here, the configuration command is a command that restricts the sending and / or receiving of emails from the SaaS account. Therefore, the present invention enables users to continue to use the SaaS service appropriately even if their account is compromised.
[0025] (7) Furthermore, in the information processing system, program, information storage medium, information processing device, and information processing method of the present invention, The command to restrict the sending of the aforementioned email is: The command to stop sending the aforementioned email, The command to postpone sending the aforementioned email, A command to send the aforementioned email after approval by a designated user, or A command to delete the aforementioned email to be sent, It may include any of the following:
[0026] According to the present invention, it is possible to restrict email sending while ensuring security without deleting user accounts.
[0027] (8) Furthermore, in the information processing system, program, information storage medium, information processing device, and information processing method of the present invention, The command to restrict the receipt of the aforementioned email is: The command to stop receiving the aforementioned email, Command to postpone receiving the aforementioned email, A command to receive the aforementioned email after approval by a designated user, or A command to delete the aforementioned email that is to be received. It may include any of the following:
[0028] According to the present invention, it is possible to restrict email reception while ensuring security without deleting user accounts.
[0029] (9) Furthermore, in the information processing system, program, information storage medium, information processing device, and information processing method of the present invention, The content control unit, The user's email history may be kept accessible.
[0030] According to the present invention, even when the sending and / or receiving of emails is controlled, past history can be retained and referenced, thereby ensuring the continuity of the email service. (10) Furthermore, in the information processing system, program, information storage medium, information processing device, and information processing method of the present invention, The setting unit is, Set the content of the first SaaS service when a first level of intrusion is detected, and the content of the second SaaS service when a second level of intrusion is detected. The content control unit, When a first level of intrusion is detected, a first configuration command relating to the content of the SaaS service at that first level is sent to the SaaS provider server via the communication interface, thereby changing the content of the user's SaaS service. When a second level of intrusion is detected, the SaaS service content for the user is modified by sending a second configuration command relating to the content of the second level of SaaS service to the SaaS provider server via the communication interface. The above first setting command is, This is a command to restrict the sending of emails from the aforementioned SaaS account. The second setting command is: This could also be a command to restrict sending and receiving emails to the aforementioned SaaS account.
[0031] According to the present invention, the SaaS service content can be changed in stages from transmission restrictions to transmission and reception restrictions in response to an increase in the level of infringement, thereby achieving both enhanced security and service continuity.
[0032] (11) Furthermore, in the information processing system, program, information storage medium, information processing apparatus, and information processing method of the present invention, The aforementioned SaaS provider server is When the server device receives the configuration command, it may execute the configuration command to change the content of the SaaS service when it detects that the user's SaaS account is compromised.
[0033] According to the present invention, a SaaS provider server can automatically change the service content when it receives a configuration command from a server device, enabling flexible changes to the SaaS service content. [Brief explanation of the drawing]
[0034] [Figure 1] An example of a network diagram of the information processing system of this embodiment. [Figure 2] An example of a functional block diagram of the server device of this embodiment. [Figure 3] An example of a functional block diagram of the terminal device of this embodiment. [Figure 4] A diagram illustrating the infringement state in chronological order according to this embodiment. [Figure 5] A diagram illustrating the retirement preparation state in chronological order according to this embodiment. [Figure 6] An example of setting the service content for the infringement state in this embodiment. [Figure 7] An example of setting the service content for a predetermined state in this embodiment. [Figure 8] An example of a flowchart diagram of this embodiment. [Figure 9] A diagram illustrating the process for changing the content of the SaaS service in this embodiment. [Figure 10] An example of setting the service content for the infringement state in this embodiment. [Figure 11] An example of setting service content for each level of infringement according to this embodiment. [Figure 12] An example of a flowchart diagram of the server device 10 in this embodiment. [Figure 13] An example of a flowchart diagram of the SaaS provider server 30 in this embodiment. [Modes for carrying out the invention]
[0035] The following describes this embodiment. Note that the embodiment described below does not unduly limit the scope of the present invention as described in the claims. Furthermore, not all of the configurations described in this embodiment are necessarily essential components of the present invention.
[0036] [1] Network Figure 1 shows an example of a network diagram of an information processing system. The information processing system in this embodiment includes a server device 10 and a terminal device 20.
[0037] In this embodiment, the information processing system consists of a server device 10 and a user terminal device 20, both connected via a network (such as the Internet or an intranet). Hereafter, terminal device 20 will refer to one of terminal device 20A, terminal device 20B, or terminal device 20C.
[0038] The server device 10 is an information processing device that can configure, under given conditions, the service content provided by each SaaS provider server 30 that is available to users of terminal devices 20 connected via the Internet.
[0039] Furthermore, the server device 10 of this embodiment may notify the user's terminal device 20 when setting the service content provided by each SaaS provider server 30 under given conditions.
[0040] The terminal device 20 is a client device, and is an information processing device such as a smartphone, mobile phone, PHS, computer, game device, PDA, or image generation device, and is a device that can connect to the server device 10 via a network such as the Internet (WAN) or LAN.
[0041] The SaaS server 30 is a server device that provides SaaS. SaaS stands for Software as a Service. The SaaS server 30 is a server for providing specific software applications that are accessible on the cloud, that is, via the internet. For example, the SaaS server 30 has the functions necessary for service provision, such as executing applications (application programs), managing data, and processing user requests. Hereafter, the SaaS server 30 refers to one of several SaaS servers, such as SaaS server 30A (e.g., file sharing service), SaaS server 30B (e.g., email delivery service), SaaS server 30C (e.g., account management service), etc.
[0042] The server device 10 can connect to each SaaS provider server 30 via the internet. The terminal device 20 can also connect to each SaaS provider server 30 via the internet.
[0043] [2] composition (1) Functional configuration of server device 10 Figure 2 is an example of a functional block diagram of the server device 10 of this embodiment. The server device 10 of this embodiment does not need to include all the parts shown in Figure 2, and may be configured with some parts omitted.
[0044] The memory unit 170 serves as a work area for the processing unit 100 and other components, and can store programs for making the computer function as each component of this embodiment (programs that cause the computer to execute the processing of each component).
[0045] The storage unit 170 stores programs and data that cause the computer to perform processing in this embodiment, and its function can be realized using computer-readable information storage media such as RAM (VRAM), optical discs (CD, DVD), magneto-optical discs (MO), magnetic discs, hard disks, magnetic tapes, or memory (ROM).
[0046] In this embodiment, the storage unit 170 stores a main storage unit 171, a user information storage unit 172, and a management information storage unit 173. In this embodiment, part or all of the storage unit 170 may be a storage area on the internet (a storage area on the cloud).
[0047] The main memory unit 171 is used as the work area.
[0048] User information is stored in the user information storage unit 172. The user information storage unit 172 stores the user's (for example, an employee's) email address, the login password for the user UI (UI stands for user interface, the same applies hereinafter), and information about the department to which the user belongs (department ID), etc., associated with the user identification information (user ID).
[0049] Management information storage unit 173 stores management information related to SaaS.
[0050] The information storage medium 180 (a medium readable by a computer) stores programs, data, etc., and its function can be realized by optical discs (CDs, DVDs), magneto-optical discs (MOs), magnetic discs, hard disks, magnetic tapes, or memory (ROMs).
[0051] The processing unit 100 performs various processes of this embodiment based on the program (data) stored in the information storage medium 180. That is, the information storage medium 180 stores programs that cause the computer to function as each part of this embodiment (programs that cause the computer to execute the processing of each part).
[0052] The communication unit 196 performs various controls for communication with external devices (for example, terminal devices 20, other server devices, or other network systems), and its functions can be realized by hardware such as various processors or communication ASICs, or by programs.
[0053] The processing unit 100 performs various processes according to this embodiment based on the program (data) stored in the storage unit 170 or the information storage medium 180.
[0054] The processing unit 100 (processor) performs various processes using the main memory unit 171 within the storage unit 170 as the work area. The functions of the processing unit 100 can be realized by hardware such as various processors (CPU, DSP, etc.) or by programs.
[0055] The processing unit 100 includes at least a communication control unit 110, a reception unit 111, a management unit 112, a setting unit 113, a detection unit 114, a content control unit 115, a notification unit 116, and a display control unit 117.
[0056] The communication control unit 110 transmits and receives data with the terminal device 20 and other server devices. For example, the communication control unit 110 receives (accepts) information sent from the user's terminal device 20 or other server devices. The communication control unit 110 also transmits information to the user's terminal device 20 or other server devices.
[0057] The reception unit 111 receives information from users. For example, the reception unit 111 receives given information from each user's terminal device 20 managed by the server device 10.
[0058] The management unit 112 manages SaaS applications. For example, the management unit 112 may manage multiple SaaS applications.
[0059] The configuration unit 113 pre-configures the contents of a specific SaaS service in association with the user's account.
[0060] The configuration unit 113 may configure the SaaS service details for each SaaS if multiple SaaS applications are managed in association with a user's account.
[0061] The configuration unit 113 may configure multiple stages of service content for a SaaS in a specific state.
[0062] The configuration unit 113 may, when there are multiple users, pre-configure the content of a specific SaaS service in a particular state for each user, associating it with the user's account. For example, the content of a specific SaaS service in a particular state may differ for administrator users and non-administrator users. Also, the content of a specific SaaS service in a particular state may differ for user A and user B.
[0063] The detection unit 114 detects when a user's account or the user enters a specific state (when they transition to a specific state).
[0064] For example, the detection unit 114 detects, for instance, that a SaaS account has been compromised. In other words, a specific state includes, for example, a compromised state in which a SaaS account is compromised. Note that the compromised state may also include a state of risk of compromise for the SaaS account.
[0065] Furthermore, the detection unit 114 detects, for example, that the user's status has changed. In other words, the specific state includes a predetermined state of the user's status in the SaaS account.
[0066] The content control unit 115 changes the SaaS service content of a user's account to the SaaS service content of the specified state when the user's account transitions to a specific state.
[0067] The content control unit 115 may determine that a user's account has entered a specific state when it detects that a SaaS account has been compromised. In other words, when a SaaS account is compromised, the content control unit 115 may change the SaaS service content of that account to reflect the compromised state of the account.
[0068] The content control unit 115 may determine that a user's account has entered a specific state when the user's status reaches a predetermined state. In other words, the content control unit 115 may change the SaaS service content of the account to the SaaS service content of the predetermined state when the user's status reaches a predetermined state.
[0069] The content control unit 115 may, if the account for at least one of the multiple SaaS services associated with a user's account is compromised, change the SaaS service content for each SaaS service associated with that account to a specific state of that SaaS service content.
[0070] The content control unit 115 may, when a user's account transitions to a specific state, set the SaaS service content of that account to the first stage of the SaaS service content in the specific state, and based on predetermined conditions (for example, instructions from a specific user, the elapsed of a predetermined period of time from the time the specific state was detected, etc.), set the SaaS service content of that account to the second stage of the SaaS service content in the specific state.
[0071] The notification unit 116 notifies the user of information. For example, the notification unit 116 notifies the user of the given information via email. Note that the notification method is not limited to email; it may also be push notification or browser notification.
[0072] For example, the notification unit 116 notifies the administrator that a user's account has entered a specific state (e.g., a compromised state) when the user's account transitions to a specific state. The user may also be notified that their account has entered a specific state (e.g., a compromised state).
[0073] The display control unit 117 displays information on the user's terminal device 20. For example, the display control unit 117 controls the display unit 290 of the user's terminal device 20 to display information.
[0074] (2) Functional configuration of terminal device 20 Figure 3 is an example of a functional block diagram of the terminal device 20 of this embodiment. The terminal device 20 of this embodiment does not need to include all the parts shown in Figure 3, and may have a configuration in which some parts are omitted.
[0075] The memory unit 270 serves as a work area for the processing unit 200 and other components, and can store programs for making the computer function as each component of this embodiment (programs that cause the computer to execute the processing of each component).
[0076] The storage unit 270 stores programs and data that cause the computer to perform processing in this embodiment, and its function can be realized using computer-readable information storage media such as RAM (VRAM), optical discs (CD, DVD), magneto-optical discs (MO), magnetic discs, hard disks, magnetic tapes, or memory (ROM).
[0077] In this embodiment, the storage unit 270 stores the main storage unit 271. The main storage unit 271 is used as a work area. In this embodiment, part or all of the storage unit 270 may be a storage area on the internet (a storage area on the cloud).
[0078] The information storage medium 280 (a medium readable by a computer) stores programs, data, etc., and its function can be realized by optical discs (CDs, DVDs), magneto-optical discs (MOs), magnetic discs, hard disks, magnetic tapes, or memory (ROMs).
[0079] The processing unit 200 performs various processes of this embodiment based on the program (data) stored in the information storage medium 280. That is, the information storage medium 280 stores programs that cause the computer to function as each part of this embodiment (programs that cause the computer to execute the processing of each part).
[0080] The display unit 290 outputs information according to this embodiment, and its function can be realized by a monitor, CRT, LCD, touch panel display, or HMD (head-mounted display), etc.
[0081] The communication unit 296 performs various controls for communication with external devices (for example, terminal devices 20, other server devices, or other network systems), and its functions can be realized by hardware such as various processors or communication ASICs, or by programs.
[0082] The processing unit 200 performs various processes according to this embodiment based on the program (data) stored in the storage unit 270 or the information storage medium 280.
[0083] The processing unit 200 (processor) performs various processes using the main memory unit 271 within the storage unit 270 as the work area. The functions of the processing unit 200 can be realized by hardware such as various processors (CPU, DSP, etc.) or by programs.
[0084] The processing unit 200 includes at least a communication control unit 210 and a display control unit 211.
[0085] The communication control unit 210 sends and receives data with the server device 10, the SaaS provider server 30, other server devices, and other users' terminal devices 20. For example, the communication control unit 210 receives (accepts) information sent from the server device 10, the SaaS provider server 30, and other users' terminal devices 20.
[0086] For example, the communication control unit 210 transmits a given information to the server device 10. The communication control unit 210 also receives information transmitted from the server device 10.
[0087] The display control unit 211 controls the display unit 290 (for example, a monitor) to display given information.
[0088] [3] Overview In this embodiment, user information about SaaS is managed. For example, the server device 10 in this embodiment manages user accounts (username, email address, and other information that identifies the user), authentication information, service details, user licenses, etc., for each SaaS managed by an organization such as a company.
[0089] In particular, the server device 10 of this embodiment pre-configures the content of the SaaS service to be provided in a specific state, associated with the user's account, as the "service content for that specific state." For example, the service content for a specific state may have a lower or higher service level than the service content for a normal state. The service content for a normal state refers to the content of the SaaS service provided when the user is not in a specific state.
[0090] In this embodiment, when a user's account transitions to a specific state, the SaaS service content of that account is changed to the SaaS service content of that specific state.
[0091] For example, when a user's status reaches a predetermined state, the system determines that the user's account has entered a specific state and changes the SaaS service content for that account to the SaaS service content for that specific state. To explain in more detail, for example, when a user enters a state of preparing to leave the company organization (an example of a predetermined state), the SaaS service content is changed from the normal service content to the service content for the preparing-to-leave state. In this way, when a user's account enters a state of preparing to leave, the service level for the user in that state is changed (for example, lowered) from the normal state, allowing them to continue using the SaaS service.
[0092] Furthermore, for example, if a user returns to Japan from abroad (an example of a predetermined state), the SaaS service content is changed from the service content for when the user is abroad to the service content for when the user has returned to Japan. In this way, when a user's account returns to Japan, the service level for the user who has returned to Japan is changed (for example, increased) from the service level for when the user is abroad, allowing them to continue using the SaaS service.
[0093] Furthermore, if a compromised state of a SaaS account (an example of a specific state) is detected, the system determines that the user's account has entered a specific state and changes the SaaS service content for that account to reflect that specific state. Specifically, for example, if a user's account is detected to have been compromised, the SaaS service content is immediately changed from the normal service content to the compromised service content. In this way, when a user's account transitions to a specific state, instead of haphazardly logging the account out and invalidating the session for the SaaS service they are using, the system can change the service level (for example, lower it) for the user in that specific state, allowing them to continue using the SaaS service.
[0094] Thus, in this embodiment, it is possible to perform SaaS management that enables the appropriate and continuous use of SaaS services.
[0095] For the sake of clarity, the following explanation will use a company as an example of an organization. We will describe an example where the account of User A, an employee of a company, is compromised.
[0096] [4] Description of specific conditions [4.1] Description of the infringement In this embodiment, when a compromised state of a SaaS account (an example of a specific state) is detected, it is determined that the user's account has entered a specific state.
[0097] Account compromise refers to a situation where someone other than the legitimate user (hereinafter referred to as the "infringer") gains access to the account. For example, account compromise includes the infringer illegally logging into the account, obtaining the account's password, and gaining access rights to the account. Account compromise can also be referred to as account intrusion.
[0098] In this embodiment, an account being compromised is detected as a compromised state (an example of a specific state).
[0099] In this embodiment, the infringement state also includes the account infringement risk state. In other words, an infringement state is detected even when an infringer is attempting to exploit information associated with an account; that is, an infringement risk state where an infringement has not actually occurred but the likelihood of an infringement has increased due to some factor or circumstance. The infringement risk state can also be described as an attempted unauthorized access state or an attempted account infringement state.
[0100] In this embodiment, various methods are used to detect the compromised state of an account.
[0101] For example, in this embodiment, the server device 10 detects that an account is compromised if a login occurs using an account from a region other than the user's area of activity (e.g., Japan) during an unusual time of day (e.g., outside of business hours).
[0102] Furthermore, if the server device 10 detects that an account is compromised if there are multiple failed login attempts in the period immediately preceding the login attempt (for example, within 5 minutes).
[0103] Furthermore, if the server device 10 detects a login attempt originating from a suspicious IP address that has been registered in advance, it will detect that the account is compromised.
[0104] Furthermore, if the server device 10 receives information that abnormal activity has been detected from the audit logs of the SaaS provided to the user by the administrator, it will detect that the account in question is compromised. For example, the administrator can determine abnormal activity from the user's actions, login history, and data download history.
[0105] Furthermore, in this embodiment, the compromised state of an account may be detected based on the user history information of the SaaS. For example, if a user has a history of downloading more than a predetermined value of data within a predetermined period, sending more than a predetermined number of emails, or making more than a predetermined number of setting changes, at least one of these conditions is met, it is determined to be abnormal activity, and the account is detected as being compromised.
[0106] Furthermore, in this embodiment, a dedicated security tool may be used to detect if an account is compromised.
[0107] Furthermore, if the SaaS server 30 is equipped with security features, the security features of the SaaS server 30 may be used to detect account compromise.
[0108] Figure 4 is an explanatory diagram of the compromised state. In this embodiment, as shown in Figure 4, the compromised state of the account occurs at timing T1, and then the server device 10 detects the compromised state of the account at timing T2. Subsequently, at a given timing T3, the compromised state of the account is resolved and it returns to the normal state. In other words, the period of the compromised state of the account is from T1 to T3. Note that the time of the compromise occurrence T1 and the time of detection of the compromised state T2 may be the same time or approximately the same time.
[0109] [4.2] Description of a predetermined state In this embodiment, it may be determined that a user's account has entered a specific state when the user's status reaches a predetermined state (an example of a specific state).
[0110] A specified state, in a broad sense, is a specific state. Status refers to the user's state. A specified state could be, for example, employed, resigned, preparing to resign, hired, preparing to hire, regular employment, updating authentication device, lost authentication device, re-registering authentication device, on leave, returned, abroad, returned to Japan, etc.
[0111] For example, if a user is currently employed by a company, their status is set to "Employed" (e.g., status value 1). If the user leaves the company, their status is set to "Left" (e.g., status value 2). Also, if the user is preparing to leave the company, their status is set to "Preparing to Leave" (e.g., status value 3).
[0112] In this embodiment, different status values are set for each user according to a predetermined type of user state.
[0113] Figure 5 shows an example of an explanatory diagram for retirement preparation as an example of a predetermined state. In this embodiment, as shown in Figure 5, it is assumed that the timing of the user's regular employment is T11. Then, when it is decided to retire at T13, retirement preparation begins at timing T12, which is a predetermined period before T13 (for example, one month before). In other words, the period of the user's retirement preparation state is from T12 to T13.
[0114] [4.3] Others In this embodiment, a compromised SaaS account is an example of a specific state, and a predetermined user state is also an example of a specific state. Furthermore, there are multiple predetermined states. In other words, in this embodiment, there are multiple specific states.
[0115] Furthermore, multiple specific states may overlap. For example, there may be a period during which the compromised state, the retirement preparation state, and the authentication device update state overlap.
[0116] [4.4] Detection of a specific state In this embodiment, when it is detected that a user's account has entered a specific state, the user's account is transitioned to that specific state. The method for detecting (determining) the specific state in this embodiment is as follows.
[0117] For example, the server device 10 of this embodiment receives input from users belonging to an organization (e.g., users A, B, K, etc.) indicating that a given user (e.g., user A) is in a specific state. At the moment the server device 10 receives input indicating that a given user (e.g., user A) is in a specific state, it detects (determines) that the user (e.g., user A) is in a specific state.
[0118] Furthermore, in this embodiment, a specific state may be detected (determined) based on information received from an external service (such as an external server).
[0119] For example, if an external service detects that an email received by a user of a SaaS account contains a malicious URL, if there is a suspicious login notification for that user, if abnormal activity history (log history) is detected for that user, or if a large number of failed login attempts are detected for that user, the server device 10 will detect that the user's SaaS account has been compromised (transitioned to a compromised state).
[0120] The server device 10 may use an external security API (Application Programming Interface) to detect a user's SaaS account compromise.
[0121] For example, server device 10 uses an external security API to send log data such as the user's login IP address, user's device information, user's geographical location information, and user request frequency to an external security server. The external security server analyzes this data and sends the analysis results to server device 10. Server device 10 receives the analysis results from the external security server, determines whether the user's account is compromised, and detects that the user's account is compromised at the time of determination.
[0122] The server device 10 may use a predetermined time period in advance to detect that a specific state is in place.
[0123] For example, the server device 10 receives input of user A's retirement date from, for example, administrator K. Then, if the server device 10 detects that it is a predetermined period before user A's retirement date (for example, one month before), it determines that user A has entered the retirement preparation state.
[0124] The server device 10 may use notification information received from an external system to detect that a specific state is in place.
[0125] For example, the server device 10 detects (determines) that a given user is in a predetermined state (e.g., a retirement preparation state) when it receives notification information from an external system (e.g., a Human Resources system) that it is transitioning to a predetermined state.
[0126] In other words, when the server device 10 receives notification information from an external system, for example, that a given user should transition to a predetermined state (e.g., a retirement preparation state), user A transitions to that predetermined state (e.g., a retirement preparation state).
[0127] [5] Controlling the content of SaaS services In this embodiment, the contents of a specific SaaS service are pre-configured in association with the user's account.
[0128] Then, when a user's account transitions to a specific state, the SaaS service content associated with that account is changed to the SaaS service content of that specific state.
[0129] For example, in this embodiment, when a compromised state of a SaaS account is detected, it is determined that the user's account has entered a specific state, and the SaaS service content for that account is changed to the SaaS service content of that specific state.
[0130] Furthermore, in this embodiment, for example, when the user's status reaches a predetermined state, it is determined that the user's account has reached a specific state, and the SaaS service content for that account is changed to the SaaS service content for that specific state.
[0131] [6] Example of a file sharing service SaaS The SaaS provider server 30A for the file sharing service shares files owned by users belonging to the organization with other users based on access rights. In this embodiment, an example of how the server device 10 controls the service content in the SaaS related to the file sharing service will be described. For example, the server device 10 cooperates with the SaaS provider server 30A and transmits service content configuration information. The SaaS provider server 30A controls the SaaS service for the file sharing service based on this configuration information.
[0132] [6.1] Sharing files First, let's explain basic file sharing control. For example, suppose user X is the owner (e.g., creator) of a file (filename: File01.txt). User X may want to share the file (filename: File01.txt) with users A, B, and C. In this case, based on user X's sharing instructions, access rights for each of users A, B, and C to the file (filename: File01.txt) are determined, and the file sharing settings are configured accordingly.
[0133] For example, if user X wants to allow user A to view and edit a file (filename: File01.txt), then, based on user X's instructions, user A will be granted permission to view and edit the file, and the file will be shared.
[0134] On the other hand, if you want to allow users B and C to view only the file (filename: File01.txt), you can share the file with them by setting their permissions to view only, based on user X's instructions. Note that setting permissions to view only means prohibiting any operations other than viewing (for example, editing).
[0135] Access rights refer to the permissions that define what operations a specific user or group can perform on resources such as files. Examples include permissions for viewing, editing, and commenting.
[0136] Then, user X shares a file (filename: File01.txt) with user A, granting permission for viewing and editing, and shares the same file with users B and C, granting permission for viewing only. After this, user A can view and edit the file, and users B and C can view the file.
[0137] As described above, file sharing control can be performed for each file. In this embodiment, all users managed by the server device 10 can share each file they own with other users.
[0138] [6.2] Owned files In this embodiment, the user owns the files they create and the files they obtain.
[0139] In other words, in this embodiment, the file is basically accessible to the owner. Accessibility means, for example, having the authority to view, edit, delete the file, and share it with other users (including other users belonging to other groups).
[0140] In this embodiment, access to owned files can be controlled to be prohibited depending on the settings of the service content for a specific state.
[0141] [6.3] Setting service details for specific states In this embodiment, the service content for a specific state is set in advance. In this embodiment, different service content may be set for each user.
[0142] In this embodiment, when a specific state of a SaaS account is detected, the SaaS service content of that account is changed to the SaaS service content of that specific state.
[0143] In this embodiment, since there are multiple types of specific states, the service content may be set according to the type of specific state. Alternatively, the service content may be set for each user according to the type of specific state. For example, for user A, service content may be set corresponding to the compromised state, the retirement preparation state (an example of a predetermined state), and the authentication device update state (an example of a predetermined state).
[0144] [6.3.1] Setting the Service Details of a Broken Service In this embodiment, access rights (an example of service content) to shared files are set for a user in a compromised state (an example of a specific state). A shared file refers to a file that a user has received from another user.
[0145] In this embodiment, access rights indicating an account compromise state may be set uniformly for all users.
[0146] Figure 6 shows an example of setting the service content in a compromised state. For example, as shown in Figure 6, access rights to compromised shared files are uniformly set to prohibited for all users, including user A, user B, and user C, in advance.
[0147] In this embodiment, access rights to compromised shared files may be set individually for each user.
[0148] Although not shown in the diagram, for example, the access rights to compromised shared files for user A may be set to read-only, while the access rights to compromised shared files for users B and C may be set to no sharing.
[0149] Furthermore, in this embodiment, access rights (an example of service content) to files owned by a user in a compromised state (an example of a specific state) are set.
[0150] In this embodiment, access rights to compromised files owned by all users may be set uniformly. For example, the access rights to compromised files owned by all users, including users A, B, and C, may be set uniformly to the same content (e.g., access prohibited).
[0151] Furthermore, in this embodiment, access rights to compromised files may be set individually for each user.
[0152] To illustrate with a specific example, as shown in Figure 6, access rights to files owned by user A in an compromised state are set to read-only. Similarly, access to files owned by user B in an compromised state is set to prohibited. Prohibiting access means disabling all permissions, including the ability to view owned files. In other words, user B is prohibited from accessing any files they created while in a compromised state, including viewing them. Furthermore, if user C becomes compromised, access to files owned by user C is set to prohibited, similar to user B.
[0153] [6.3.2] Setting the service content for a predetermined state In this embodiment, access rights (an example of service content) to shared files are set for a user in a predetermined state (an example of a specific state). In this embodiment, there are multiple predetermined states (for example, there are multiple states such as preparing for retirement and preparing for employment). In this embodiment, service content may be set for each type of predetermined state. For the sake of explanation, the retirement preparation state will be used as an example below.
[0154] In this embodiment, access rights to shared files in the retirement preparation state may be set individually for each user.
[0155] Figure 7 shows an example of setting the service content for the retirement preparation state. For example, the access rights for User A's shared files in the retirement preparation state can be set to read-only. Alternatively, the access rights for User B's shared files in the retirement preparation state can be set to no sharing, and the access rights for User C's shared files in the retirement preparation state can be set to read-only.
[0156] In this embodiment, access rights may be uniformly set to a retirement preparation state (an example of a predetermined state) for all users.
[0157] For example, although not shown in the diagram, access rights to shared files in the retirement preparation state may be uniformly set to "no sharing" for all users, including User A, User B, and User C.
[0158] Furthermore, in this embodiment, access rights (an example of service content) to owned files are set for users in a retirement preparation state (an example of a predetermined state).
[0159] In this embodiment, access rights to files owned by accounts in the retirement preparation state may be set uniformly for all users. For example, the access rights to files owned by accounts in the retirement preparation state may be set uniformly to the same content (e.g., access prohibited) for all users, including users A, B, and C.
[0160] In this embodiment, access rights to owned files in a retirement preparation state may be set individually for each user.
[0161] To give a concrete example, as shown in Figure 7, the access rights for user A's owned files while they are preparing to retire are set to only edit, view, and delete. In other words, while user A is preparing to retire, they can only edit, view, and delete their owned files.
[0162] Additionally, access to files owned by User B in the retirement preparation state will be prohibited. Furthermore, access to files owned by User C in the retirement preparation state will be set to read-only.
[0163] [6.4] Others In this embodiment, the service content for each user's specific state may be set in advance based on the administrator's input, or the service content for each user's specific state may be set based on computer control.
[0164] [6.5] Controlling the content of services in specific states In this embodiment, when a SaaS account transitions to a specific state, the SaaS service content of that account is changed (configured and updated) to reflect the SaaS service content of that specific state. In other words, when a transition to a specific state occurs, the SaaS service content is changed to either lower or raise the service level.
[0165] [6.5.1] Controlling the Service Content of a Broken Service Below, we will explain specific examples of what could happen if the accounts of users A, B, and C were compromised.
[0166] In this embodiment, to minimize damage in the event of an account breach, as soon as a user's account breach is detected, the SaaS service content for that user is immediately changed to the SaaS service content corresponding to the breached state (an example of a specific state). This allows for rapid security enhancement even while the administrator is considering countermeasures for the account breach. Alternatively, based on the administrator's operational information, the SaaS service content for the compromised user's account may be changed (configured and updated) to reflect the SaaS service content corresponding to the breached state of that user's account.
[0167] According to this embodiment, in the event of an account breach, it is possible to maintain the existence of the account and provide services to the account by lowering the service level, without taking extreme measures such as deleting the breached account.
[0168] (1) About User A For example, as shown in Figure 4, if the server device 10 detects at timing T2 that user A's account has been compromised, it will set the SaaS service content for user A's account to the service content of user A's compromised state, triggered by timing T2.
[0169] To explain in more detail, in this embodiment, after timing T2, shared files shared by other users are set to access permissions that indicate an infringement. For example, as shown in Figure 6, for user A, the access permissions for the infringed shared file are set to "sharing prohibited," so the shared file is set to "sharing prohibited."
[0170] For example, if user X has created a file (filename: File01.txt) and shared it with user A, user A's access rights to that file are set to allow viewing and editing. In other words, under normal circumstances (when user A's account has not been compromised), user A can view and edit the file.
[0171] However, if it is detected that user A's account has been compromised, at timing T2, the access rights to user A's shared files will be immediately set to no sharing. In other words, if user A's account is compromised at timing T2, file sharing of the file in question (filename: File01.txt) will be prohibited from timing T2 until timing T3 when the compromise is resolved.
[0172] In this embodiment, for user A, from timing T2 until timing T3 when the infringement is resolved, all shared files other than the file in question (filename: File01.txt) are also set to be disabled for sharing.
[0173] Furthermore, in this embodiment, after timing T2, the access permissions for user A's owned files are set to the infringed state. For example, as shown in Figure 6, since the access permissions for user A's owned files in the infringed state are set to read-only, the owned files are set to be read-only.
[0174] In this embodiment, for user A, from timing T2 until timing T3 when the infringement state is resolved, control is implemented so that only viewing is possible for files owned by user A.
[0175] (2) Regarding User B For example, suppose user X has created a file (filename: File01.txt) and is sharing it with user B, and the access permissions for that file allow viewing. In a normal state where user B's account has not been compromised, user B can view the file.
[0176] Furthermore, if User B's account is compromised, since User B's access rights to the compromised shared file are pre-set to prohibit sharing, for example, if User B's account is detected as compromised at that moment, sharing of the file (filename: File01.txt) will be prohibited from that point until the compromise is resolved.
[0177] Furthermore, in this embodiment, after detecting an infringement of User B's account, User B's owned files are set to access permissions that reflect the infringed state. For example, as shown in Figure 6, since User B's access permissions for the infringed owned files are set to "access denied," User B is denied access to the files they own.
[0178] In this embodiment, access to files owned by User B is prohibited from the time a breach of User B's account is detected until the breach is resolved.
[0179] (3) Regarding User C In this embodiment, user C's service details for compromised shared files and owned files are configured in the same way as user B's. Therefore, if user C's account is compromised, the service details for the compromised state are configured in the same way as for user B.
[0180] For example, if user C's account is compromised, and the access rights to the compromised shared file for user C are pre-set to prohibit sharing, then, for example, when the compromise of user C's account is detected, sharing of the file in question (filename: File01.txt) will be prohibited.
[0181] Furthermore, for example, if user C's account is compromised, access to files owned by user C will be prohibited from the time the compromise is detected until the compromise is resolved.
[0182] [6.5.2] Control of service content in a predetermined state For example, as shown in Figure 5, if User A's resignation time is T13, the period of one month preceding User A's resignation time T13 is defined as the period of resignation preparation (an example of a predetermined state). For example, the period of resignation preparation for User A is from timing T12 to timing T13.
[0183] In this embodiment, for User A, the period after regular employment and before preparing for retirement (for example, the period from T11 to T12) is considered a normal state, and User A can receive SaaS service content (for example, services such as viewing, editing, transferring, printing, and downloading).
[0184] In this embodiment, during the retirement preparation period (for example, the period from T12 to T13), the SaaS service content of User A's account is set to the retirement preparation service content. In other words, User A is granted "view only" permission for shared files when the retirement preparation period begins at T12. For example, for shared files that User A could view, edit, transfer, print, and download during the period from T11 to T12, editing, transfer, printing, and downloading are prohibited from the start of the retirement preparation period at T12 until the end at T13, and only viewing is possible.
[0185] Furthermore, in this embodiment, from the start of the retirement preparation period T12 until the end of the retirement preparation period T13, user A is only allowed to edit, view, and delete files owned by user A. For example, for shared files that user A could edit, view, delete, transfer, print, and download during the period T11-T12, from the start of the retirement preparation period T12 until the end of the period T13, transfer, printing, and downloading are prohibited, and only editing, viewing, and deletion are possible.
[0186] Thus, in this embodiment, for example, security is enhanced even for users who are preparing to retire, while the service level is reduced, allowing them to continue using the SaaS.
[0187] Furthermore, user A may be notified at a given time during the period T11-T12 (for example, before the start of the retirement preparation period) that the service content will be changed (for example, information that shared files will be changed to "view only", and information that owned files will be changed to "edit, view, and delete only").
[0188] Furthermore, in this embodiment, when users B and C enter a state of preparing for retirement, the service details for shared files and owned files in that state are also set.
[0189] [7] Example of a SaaS for mail delivery services In its normal state, the SaaS provider server 30B for the email delivery service delivers, holds (holds for self-approval or third-party approval) or cancels delivery (deletes) emails received by the server device 10 to each user belonging to an organization, according to predetermined conditions. In this embodiment, an example of how the server device 10 controls the service content in the SaaS provider server 30B for the email delivery service will be described. For example, the server device 10 cooperates with the SaaS provider server 30B and transmits setting information for the service content in a specific state. The SaaS provider server 30B controls the SaaS service for the email delivery service based on the setting information received from the server device 10.
[0190] [7.1] Setting the Service Details of a Broken Service In this embodiment, in preparation for the event of an account breach of a user belonging to the organization, the service content for emails sent as the sender of the compromised user is pre-configured. For example, in the case of a breach of user A's account, the service content is configured to delete emails sent as the sender of user A. Furthermore, in the case of a breach of user B's account, the server device 10 is configured to either deliver or delete (cancel delivery) emails sent as the sender of user B after receiving approval instructions from a predetermined user (user B's superior).
[0191] [7.2] Changes to the services in a compromised state In this embodiment, if user A's account is compromised, the server device 10 determines that user A's account is in a compromised state and sends a message to the SaaS provider server 30B of the email delivery service indicating that user A's account is in a compromised state.
[0192] Furthermore, if User A's account is compromised, the SaaS server 30B of the email delivery service will delete any email sent by User A if it receives such an email. For example, under normal circumstances, User A would deliver, hold, or delete emails sent by User A based on predetermined conditions, but if User A's account is compromised, User A will delete emails sent by User A regardless of those conditions.
[0193] Once User A's account is cleared of the compromise status, the services provided to User A will be restored to their normal state.
[0194] In this embodiment, if user B's account is compromised, the server device 10 determines that user B's account is in a compromised state and sends a message to the SaaS provider server 30B indicating that user B's account is in a compromised state.
[0195] Furthermore, if User B's account is compromised, the SaaS server 30B of the email delivery service, upon receiving an email sent by User B, will hold all emails received by User B as the sender, and will only deliver each held email if User N, User B's superior, approves it.
[0196] Once User B's account is cleared of the compromise status, the services provided to User B will be restored to their normal state.
[0197] [7.3] Setting the service content for a predetermined state In this embodiment, when a user's status reaches a predetermined state (e.g., preparing for retirement), the service content for emails sent by that user is pre-configured. For example, when user A's status reaches a predetermined state (e.g., preparing for retirement), the service content is configured to either deliver or cancel (delete) emails sent by user A after receiving approval instructions from a predetermined user (user A's supervisor).
[0198] [7.4] Changes to the service content under specified conditions In this embodiment, when the server device 10 determines that user A's status has reached a predetermined state (for example, preparing for retirement), it sends a message to the email delivery service SaaS provider server 30B indicating that user A's status is in the predetermined state.
[0199] The SaaS server 30B providing the email delivery service then holds all emails received by user A as the sender when user A's status is in a predetermined state, and delivers each held email only when user N, user A's superior, has given an approval instruction.
[0200] Furthermore, when User A's status is reset from a predetermined state, the services provided to User A will revert to their normal state.
[0201] [8] Example of a SaaS account management service In the normal state of the SaaS server 30C providing the account management service, the administrator has the authority to add, delete, and change the permissions of new users.
[0202] In this embodiment, an example is described in which the server device 10 controls the service content in the SaaS provider server 30C of the account management service. For example, the server device 10 cooperates with the SaaS provider server 30C and transmits setting information for a specific service content. Based on the setting information received from the server device 10, the SaaS provider server 30C controls SaaS services such as adding, deleting, and changing permissions for accounts.
[0203] [8.1] Setting the Service Details of a Broken Service In this embodiment, in preparation for the possibility of an administrator's account being compromised, the service settings are configured in advance to disable the administrator K's (user K's) authority to add new users, delete users, and change user permissions if the administrator K's account is compromised.
[0204] [8.2] Changes to the services under breach In this embodiment, if the server device 10 determines that administrator K's (user K's) account has been compromised, it sends a message to the SaaS provider server 30C of the account management service indicating that the administrator's account is compromised.
[0205] For example, if the SaaS server 30C of the account management service is compromised, it will disable the authority for administrator K to add new users, delete users, and change user permissions for the duration of the compromise. For example, once the compromised state of administrator K is detected and the compromise is resolved, administrator K will be unable to add a new user P, delete user Q, or grant user R the authority to add new users.
[0206] In this way, even if an account intruder gains administrator privileges, it is possible to prevent the intruder from granting administrator-level privileges to non-administrator users, thereby minimizing the damage caused by the account intrusion.
[0207] Furthermore, once User K's status is cleared from the compromised state, the services provided to User K will be reverted to their normal state.
[0208] [8.3] Setting the service content for a predetermined state In this embodiment, the service settings are configured in advance so that when the status of administrator K (user K) reaches a predetermined state, the administrator K's authority to add new users is disabled.
[0209] [8.4] Changes to the service content under specified conditions In this embodiment, when the server device 10 determines that user K's status has reached a predetermined state (for example, a state of preparing for retirement), it sends a message to the SaaS provider server 30C of the account management service indicating that user K's status is in the predetermined state.
[0210] Then, the SaaS server 30C providing the account management service disables the administrator K's authority to add new users for the duration of the administrator K's predetermined status, if the user K's status is in a predetermined state.
[0211] Furthermore, when User K's status is released from a predetermined state, the services provided to User K will be reverted to their normal state.
[0212] [9] Example of a SaaS email archiving service SaaS email archiving services have the functionality to move and store copies of emails sent and received within an organization (company) on a device separate from the mail server, and to allow searching and viewing as needed.
[0213] Under normal circumstances, each user within an organization can search and view their own email sending and receiving history, as well as the email sending and receiving history of the team they belong to.
[0214] In addition, under normal circumstances, only the organization's administrator (for example, user K) may be able to search and view not only their own email sending and receiving history, but also the email sending and receiving history of each other user belonging to the organization.
[0215] In this embodiment, an example is described in which the server device 10 controls the service content in the SaaS provider server 30 for the email archiving service. For example, the server device 10 cooperates with the SaaS provider server 30 and transmits setting information for a specific service content state. Based on the setting information received from the server device 10, the SaaS provider server 30 controls SaaS services such as saving, searching, and viewing emails.
[0216] [9.1] Setting the Service Details of a Broken State In this embodiment, in preparation for a user account breach within the organization, the scope of what the user can search and view is set to a predetermined range when the user's account is breached.
[0217] For example, in the event of a compromised state for User A, the service settings are configured in advance to prevent User A from searching for and viewing emails where the sender (From) is User A's email address, the recipient (To) is User A's email address, the sender (From) is the email address of the team to which User A belongs, and the recipient (To) is the email address of the team to which User A belongs.
[0218] Furthermore, if user K, who is the administrator, becomes compromised, the service settings will be configured in advance to revoke their administrator privileges, restrict them to searching and viewing only their own email sending and receiving history, and prohibit them from searching and viewing the email sending and receiving history of other users belonging to the organization.
[0219] [9.2] Changes to the services in a compromised state In this embodiment, if user A's account is compromised, the server device 10 determines that user A's account is in a compromised state and sends a message to the SaaS provider server 30 of the email archiving service indicating that user A's account is in a compromised state.
[0220] When the SaaS provider server 30 for the email archiving service detects that user A's account is compromised, it changes the service provided to user A to a predetermined service setting for when the account is compromised. For example, while user A's account is compromised, the SaaS provider server 30 for the email archiving service prevents user A from searching for and viewing emails where the sender (From) is user A's email address, emails where the recipient (To) is user A's email address, emails where the sender (From) is the email address of the team user A belongs to, and emails where the recipient (To) is the email address of the team user A belongs to.
[0221] Once User A's account is cleared of the compromise status, the services provided to User A will be restored to their normal state.
[0222] Furthermore, if the administrator user K's account is compromised, the server device 10 of this embodiment determines that user K's account is compromised and sends a message to the SaaS provider server 30 of the email archiving service indicating that user K's account is compromised.
[0223] When the SaaS provider server 30 for the email archiving service detects that user K's account is compromised, it changes the service provided to user K to a predetermined service setting for when the account is compromised. For example, the SaaS provider server 30 for the email archiving service revokes administrator privileges for user K while user K is compromised. In other words, while user K is compromised, user K is only allowed to search and view the history of their own email sending and receiving, and is prohibited from searching and viewing the history of email sending and receiving of other users belonging to the organization. In short, user K can search and view emails where the sender (From) is user K's email address and the recipient (To) is user K's email address, but cannot search or view the history of email sending and receiving of other users in the organization.
[0224] Once the compromised status of user K's account is cleared, the services provided to user K will be restored to their normal state.
[0225] [9.3] Setting the service content for a predetermined state In this embodiment, when a user's status reaches a predetermined state (for example, preparing to retire), the service settings are configured in advance to prevent user A from searching for and viewing emails that are from the email address of the team to which user A belongs, and emails that are to which the recipient (To) is the email address of the team to which user A belongs.
[0226] Furthermore, the service settings are configured in advance so that when the status of user K, who is an administrator, reaches a predetermined state (for example, preparing to retire), administrator privileges will be revoked, and K will only be able to search and view their own email sending and receiving history, while being prohibited from searching and viewing the email sending and receiving history of other users belonging to the organization.
[0227] [9.4] Changes to the service content under specified conditions In this embodiment, when the server device 10 determines that user A's status has reached a predetermined state (for example, preparing for retirement), it sends a message to the SaaS provider server 30 of the mail archiving service indicating that user A's status is in the predetermined state.
[0228] Then, when the SaaS provider server 30 of the email archiving service detects a predetermined state in user A's account (for example, preparing to retire), it changes the service for user A to the predetermined service content for that state. While user A is in the predetermined state (for example, preparing to retire), the SaaS provider server 30 of the email archiving service prevents searching and viewing emails from the sender (From) email address of the team to which user A belongs, and emails from the recipient (To) email address of the team to which user A belongs.
[0229] Furthermore, when User A's status returns from a predetermined state to a normal state, the services provided to User A will also be restored to their normal state.
[0230] In this embodiment, when the server device 10 determines that the status of user K, who is the administrator, has reached a predetermined state (for example, a state of preparing for retirement), it sends a message to the SaaS provider server 30 of the mail archiving service indicating that user K's status is in the predetermined state.
[0231] Then, when the SaaS provider server 30 for the email archiving service detects a predetermined state in user K's account (for example, preparing to retire), it changes the service for user K to the predetermined service content for that state. The SaaS provider server 30 for the email archiving service revokes administrator privileges for user K while user K is in the predetermined state (for example, preparing to retire). In other words, user K is only allowed to search and view the history of emails sent and received by user K, and is prohibited from searching and viewing the history of emails sent and received by other users belonging to the organization.
[0232] Furthermore, when User K's status returns from a predetermined state to a normal state, the services provided to User K will also be reverted to the normal service content.
[0233]
[10] Other SaaS In this embodiment, in various SaaS applications such as cloud-based video chat services (e.g., Zoom®) and messaging services (e.g., Slack®), the service content for each user in a specific state may be set in advance, as described above, in preparation for a specific state. Then, when a user's account transitions to a specific state, the service content for that account is set to the service content for that specific state.
[0234]
[11] SaaS management In this embodiment, one or more of the above-mentioned SaaS services may be managed. Furthermore, the content of each SaaS may be pre-configured to reflect specific states (e.g., breached state, predetermined state, etc.).
[0235]
[12] Measures for multiple SaaS The server device 10 in this embodiment manages the SaaS applications for each of the multiple users belonging to the organization.
[0236] For example, in this embodiment, if multiple SaaS services (e.g., file sharing service, email delivery service, account management service, email archiving service, cloud-based video chat service, messaging service, etc.) are managed in association with user A's account, a specific state of the SaaS service content is set for each SaaS.
[0237] In this embodiment, when the account for at least one SaaS (e.g., file sharing service) among multiple SaaS services associated with user A's account transitions to a specific state, the SaaS service content is changed for each SaaS service associated with user A's account to reflect the specific state of that SaaS service. In other words, for user A, not only the file sharing service, but also the email delivery service, account management service, email archiving service, cloud video chat service, and messaging service are changed to reflect the specific state of that SaaS service.
[0238] In this way, even if a specific condition occurs for one SaaS (for example, an account breach or a predetermined condition), appropriate services can be provided not only for that SaaS but also for specific conditions in other SaaS applications.
[0239]
[13] Multiple levels of service In this embodiment, multiple stages of service content for a SaaS in a specific state may be configured. For example, in the case of a file sharing service, the first stage of service content for user A in a specific state is set to "disable sharing of shared files and allow viewing only of owned files." Then, the second stage of service content for user A in a specific state is set to "disable sharing of shared files and prohibit access to owned files."
[0240] Then, if user A is determined to be in a specific state (for example, account compromise state, or the user's status is in a predetermined state), the SaaS service content for user A's account is set to the service content for the first stage of user A's specific state, that is, "shared files are prohibited from being shared, and owned files are only allowed to be viewed."
[0241] Then, based on instructions from a designated user (for example, user N, who is user A's superior), the SaaS service content for user A's account is set to the second stage service content for user A's specific state, that is, "shared files are prohibited from being shared, and access to owned files is prohibited."
[0242] In this way, for example, if a specific state is compromised, security can be enhanced by quickly lowering the service level when an account is compromised, while still ensuring the continued provision of services. Furthermore, security can be further enhanced by lowering the service level to a second level based on the user's consent.
[0243] In this embodiment, multiple stages of service content for a specific SaaS state may be configured for each user.
[0244] Alternatively, instead of following instructions from a designated user (for example, user N, who is user A's superior), the SaaS service content for user A's account may be set to the service content of the second stage of user A's specific state after a predetermined period has elapsed since user A entered a specific state. In other words, after a predetermined period has elapsed since user A's specific state was detected, the SaaS service content for user A's account may be set to "prohibit sharing of shared files and prohibit access to owned files."
[0245]
[14] Discontinuation of certain SaaS services under specific conditions In this embodiment, the provision of some SaaS may be suspended under certain conditions. For example, in this embodiment, the SaaS to be provided to a user under certain conditions is set in advance and associated with the user's account.
[0246] In this embodiment, under specific conditions for user A, it is pre-configured that, of the multiple SaaS services associated with user A's account, such as a file sharing service, email delivery service, account management service, email archiving service, and messaging service, only the messaging service is permitted, while the file sharing service, email delivery service, account management service, and email archiving service are disabled.
[0247] Furthermore, if User A is determined to be in a specific state, only the SaaS services authorized for provision will be provided to User A's account. In other words, only the messaging service for User A will be permitted. On the other hand, if User A's account is compromised, the file sharing service, email delivery service, account management service, and email archiving service will be suspended for User A's account.
[0248] This approach allows for the provision of a minimum level of service to users in specific situations when offering multiple SaaS applications. Furthermore, it ensures that messaging services are the last resort for internal communication.
[0249]
[15] Release of specific status In this embodiment, based on instructions from a designated user, such as an administrator, the user's account may be deselected and the SaaS service content provided for that user's account may be returned to the normal service content.
[0250]
[16] Flowchart The flow of controlling the SaaS service content of the server device 10 according to this embodiment will be described using FIG. 8. For the sake of convenience of explanation, the flow of controlling one piece of SaaS service content will be described.
[0251] First, SaaS service content in a specific state is set in association with the user's account (step S1). The specific state is, for example, the state of account infringement, the user's status being in a predetermined state (for example, the state of preparing for retirement), and the like. Also, for each user belonging to an organization, SaaS service content in a specific state is set.
[0252] Note that it is preferable to set the SaaS service content in a specific state before providing the SaaS to the user, but it may also be done during the period when the SaaS is being provided to the user.
[0253] Next, it is determined whether the user's account has transitioned to a specific state (step S2). For example, it is determined whether the user's account has transitioned to a state of being infringed. Also, it is determined whether the user's status has transitioned to a predetermined state (for example, the state of preparing for retirement).
[0254] When the user's account has transitioned to a specific state (Y in step S2), the SaaS service content of the account is changed to the SaaS service content in a specific state (step S3).
[0255] Note that when the user's account has not transitioned to a specific state (N in step S2), the process returns to step S2. The process ends here.
[0256]
[17] Supplementary explanation [17.1] SaaS logout function In this embodiment, after changing the user's authority (access right) of a SaaS (for example, a SaaS of a file sharing service), the login state of the user of the SaaS may be logged off.
[0257] This approach allows users to be prompted to log in again, even if they are already logged into the SaaS application via single sign-on. This ensures that any changes to the user's permissions are reliably enabled.
[0258] [17.2] Supplementary information regarding the status of updating, losing, and re-registering authentication devices An authentication device is a device used to verify the user's identity. It is used to verify the user's identity when accessing SaaS services or the server device 10 in this embodiment. Specific examples of authentication devices include smartphones, security tokens (physical devices), biometric authentication devices (fingerprint authentication, facial recognition, etc.), and authentication applications.
[0259] In this embodiment, when the user's status becomes an authentication device update state (an example of a predetermined state), the user's permissions (access rights) in the SaaS (for example, a file sharing service SaaS) may be changed to the service content corresponding to the authentication device update state. After changing the service content, a new authentication device may be registered.
[0260] Furthermore, in this embodiment, if the user's status becomes that of a lost authentication device (an example of a predetermined state), the user's permissions (access rights) in the SaaS (for example, a file sharing service SaaS) may be changed to reflect the lost authentication device status. After changing the service, a new authentication device may be registered.
[0261] Furthermore, in this embodiment, when the user's status becomes a state of re-registration of the authentication device (an example of a predetermined state), the user's permissions for the SaaS may be restored (returned to the normal state).
[0262] This approach allows for flexible and easy updating of authentication devices and changes to user permissions for the SaaS application in the event of a lost authentication device. For example, if an authentication device is being updated, the user's permissions for the SaaS application can be reduced to a minimum; once the update is complete, the user's permissions can be restored to their normal state; and if an authentication device is lost, it can be deleted (disabled).
[0263] In this embodiment, the authentication device may be registered after identity verification using a facial photograph and a facial photograph on a My Number Card, etc.
[0264] This approach makes it easy to perform user authentication, which is necessary before updating authentication devices or changing user permissions for the SaaS due to the loss of an authentication device.
[0265] [17.3] Supplementary explanation regarding the status of users, such as leave of absence and return to work. In this embodiment, when a user's status becomes one of leave of absence (an example of a predetermined state), the user's permissions (access rights) for the SaaS (for example, a file sharing service SaaS) may be changed to reflect the service content of the leave of absence.
[0266] Furthermore, in this embodiment, when a user's status changes from leave of absence to a return state (an example of a predetermined state), the user's permissions (access rights) for the SaaS (for example, a file sharing service SaaS) may be changed to reflect the service content of the return state.
[0267] This approach makes it possible to flexibly and easily change the permissions of users of the SaaS application in connection with leave of absence and return to work.
[0268] For example, if user A is preparing for leave of absence (e.g., the day before the leave date), user A's permissions will be revoked for all services except SaaS that are commonly used by all users.
[0269] Also, if User A is on leave (e.g., a holiday), the rights of users to SaaS that all users commonly use, except for some SaaS for communication (e.g., messaging services), will be revoked.
[0270] Also, if the user is in a state of preparing to return to work (e.g., the day before returning from leave), the rights of the user to SaaS that all users commonly use will be restored (returned to the normal state). Also, rights other than those to SaaS that all users commonly use, which were revoked from the user, may be restored simultaneously.
[0271] [17.4] Supplementary Explanation Regarding the State of the User's Going Abroad and Returning In this embodiment, when the status of the user becomes a state of going abroad (an example of a predetermined state), the rights (access rights) of the user to SaaS (e.g., SaaS of a file sharing service) may be changed to the service content for the state of going abroad. Note that going abroad means moving from one's own country to a country other than one's own country (e.g., Japan), or staying in a country other than one's own country. The state of going abroad may be various states such as the state on the day of moving abroad (e.g., a business trip overseas), the state after the day following the day of moving abroad, and so on.
[0272] Also, in this embodiment, when the status of the user becomes a state of returning (an example of a predetermined state), the rights (access rights) of the user to SaaS (e.g., SaaS of a file sharing service) may be changed to the service content for the state of returning. The state of returning is, for example, returning from abroad (e.g., returning to Japan). The state of returning may be various states such as the state on the day of returning, the state after the day following the day of returning, and so on.
[0273] By doing so, it is possible to perform the operation of changing the rights of the user to the relevant SaaS flexibly and easily when going abroad or returning.
[0274] For example, if User A is in the state on the day of moving abroad, the rights of the user to the relevant SaaS will be changed from allowing access from both inside and outside the country to allowing access.
[0275] Furthermore, if User A is in a state of being on or after the day following their overseas travel, the user's permissions for the SaaS will be changed to prohibit access from within Japan and allow access from outside Japan.
[0276] Furthermore, if User A has returned to Japan from abroad the day before, the user's permissions for the SaaS will be changed to prohibit access from abroad and allow access from within Japan.
[0277] Furthermore, "overseas" can refer to any country other than one's own country (for example, Japan), or it can be limited to the destination country and transit countries (countries where you temporarily stop on your way to your destination country).
[0278] In this embodiment, the status, such as domestic, overseas, or in transit, may be determined based on the IP address of the user terminal (source IP address).
[0279] Furthermore, in this embodiment, the status such as domestic, overseas, or in transit may be determined based on the schedule described in the approval document or other documents submitted by the user.
[0280] Furthermore, in this embodiment, the status of the flight, such as whether it is domestic, international, or in transit, may be determined based on the flight schedule using the dates and flight numbers described in the approval documents submitted by the user.
[0281] Furthermore, in this embodiment, the status of the flight, such as whether it is domestic, overseas, or in transit, may be determined by using a language model to obtain the flight status from the schedule and flight number described in the approval document submitted by the user, and then making a decision based on the results.
[0282] A language model is an external language model accessible via the internet and operated on a device outside the network managed by the organization (including devices on the cloud). For example, an external language model could be a large-scale language model such as GPT-4®. A language model could also be an internal language model managed on a device located on the same network as the server device 10 (e.g., an intranet). In other words, in this embodiment, the language model may be managed on a device located on the same network as the server device 10 managed by the organization.
[0283]
[18] Application examples [18.1] Simulation of a predetermined state In this embodiment, the system may have a function that simulates (assumes) a user being in a predetermined state. For example, assuming that user A is in a predetermined state (a state of resignation), the system may tentatively set user A's state to that of a resigned user, even if user A is not actually in that predetermined state (a state of resignation).
[0284] For example, if we consider a scenario where User A leaves the company, we would temporarily set User A's status to "left the company." Then, we would configure the SaaS service content for User A according to their departure status. In this way, User A, as well as other users within the organization, can check the risks associated with User A's departure in advance and prevent problems before they occur.
[0285] In this embodiment, the SaaS service content for a predetermined state (for example, retirement status) is pre-configured in association with user A's account.
[0286] Next, in this embodiment, the state of user A is provisionally set to a predetermined state (for example, retirement) based on administrator or computer control.
[0287] In this embodiment, it is determined that User A's status has reached a predetermined state (for example, the state of having left the company), and that User A's account has reached a specific state. The SaaS service content for User A's account is then changed to the SaaS service content corresponding to the predetermined state (for example, the state of having left the company).
[0288] Subsequently, the administrator or computer control will cancel the provisional setting of a predetermined state for User A (for example, retirement status), and the simulation of that specific state will end.
[0289] [18.2] Simulation of SaaS service termination In this embodiment, the system may have a function that simulates (assumes) the termination of a SaaS service. For example, user A may want to switch from the first file sharing service SaaS to the second file sharing service SaaS and want to terminate the first file sharing service SaaS. In this case, user A may be unsure whether it is really okay to terminate the first file sharing service.
[0290] Therefore, in this embodiment, the SaaS termination state is simulated. In other words, even if user A is actually receiving the SaaS, user A may be provisionally set to the SaaS termination state.
[0291] In this way, user A, who belongs to the organization, and other users within the organization can check in advance the risks of user A not using the SaaS service and prevent problems before they occur.
[0292] Next, in this embodiment, the administrator or computer control temporarily sets User A to a SaaS service termination state. The SaaS service termination state means that User A's account does not exist, that is, the account has been revoked.
[0293] In this embodiment, after temporarily setting the SaaS service to terminate for user A, the content of the SaaS service is not provided to user A.
[0294] Subsequently, based on administrator or computer control, the temporary setting of SaaS termination is removed for User A, and the simulation is terminated.
[0295]
[19] Specific explanation of the management, configuration, and modification of the SaaS server. The following provides a detailed explanation of how the server device 10 manages, configures, and modifies the SaaS delivery server 30.
[0296] The management unit 112 communicates with the SaaS provider server 30 and manages the SaaS.
[0297] The management unit 112 manages each user's SaaS application. For example, for each SaaS application, the management unit 112 adds, deletes, and renews licenses for users who use the SaaS.
[0298] The management unit 112 stores user information (account, email address, permission information, authentication information (access token and API key), etc.) for each user using the SaaS in the storage unit 170. This user information includes not only general users but also administrator user information. Administrators have strong permission information. For example, they have the permission to change the service content of the SaaS.
[0299] The management unit 112 may receive operation input from the administrator and manage the SaaS in accordance with said operation input.
[0300] The configuration unit 113 configures the SaaS service details for each SaaS application, associating them with the user's account for each user.
[0301] SaaS service details refer to configuration information including functions permitted to the user, functions restricted to the user, and available functions.
[0302] The SaaS service content may be information for generating configuration commands, or it may be the configuration commands themselves to be sent to the SaaS provider server 30.
[0303] The configuration unit 113 may configure the SaaS service content for each user and for each user state. For example, the configuration unit 113 may configure the SaaS service content for the normal state, the SaaS service content for the compromised state, and the SaaS service content when the user is in a predetermined state.
[0304] The configuration unit 113 may configure the SaaS service content for each user when the user is in a compromised state. Alternatively, the configuration unit 113 may configure the SaaS service content for each user according to the level of the user's compromised state.
[0305] The content control unit 115 performs processing to change the content of the SaaS service. Specifically, as shown in Figure 9, when the content control unit 115 detects a compromised state (an example of a specific state), it sends a configuration command regarding the compromised SaaS service content from the server device 10 to the SaaS provider server 30 via a communication interface (e.g., API) based on the SaaS service content of the compromised state. API stands for Application Programming Interface. APIs allow software and applications to exchange data and cooperate functionally.
[0306] Configuration commands are, for example, commands used to degrade service levels in the event of a security breach. Depending on the type of SaaS, configuration commands may also be used to change the features allowed or restricted for each user. For example, in the case of an email service SaaS, these might be commands to restrict sending emails and commands to restrict receiving emails.
[0307] The content control unit 115 may generate configuration commands to send to the SaaS provider server 30. For example, it may generate a command to restrict email sending to the account of a user who has been found to be compromised. It may also generate a command to restrict email receiving to the account of a user who has been found to be compromised.
[0308] Then, as shown in Figure 9, the SaaS provider server 30 executes the configuration command received from the server device 10. The SaaS provider server 30 sends the result of the configuration command execution to the server device 10.
[0309] Then, as shown in Figure 9, the content control unit 115 receives a response from the SaaS provider server 30 and determines the success or failure of the process based on that response. The content control unit 115 may also query the SaaS provider server 30 as needed to verify whether the modified state matches the current state (for example, the compromised state) of the SaaS service content.
[0310] Furthermore, the content control unit 115 performs retries or rollbacks when an error occurs, and stores the final processing result as an audit log in the storage unit 170.
[0311] The server device 10 may also include an authentication linkage unit, an audit log unit, and a linkage adapter unit.
[0312] The authentication linkage unit obtains and updates API keys and OAuth tokens (such as access tokens and refresh tokens) to enable the server device 10 to securely connect to the SaaS provider server 30, securely stores this authentication information, and grants it as needed.
[0313] The audit log unit stores information about users who have modified the SaaS service, the time of modification, the details of the modification, and other history information in the storage unit 170.
[0314] The integration adapter unit performs processing to absorb the differences in specifications of each SaaS provider server 30. The integration adapter unit converts the configuration command into a format that conforms to the public API specifications of the SaaS provider server 30 and sends it. The integration adapter unit may also convert the response from the SaaS provider server 30 into a common format.
[0315]
[20] Specific description of email service In this embodiment, an example of a mail delivery service (mail sending service) was described (see [7] Example of a SaaS for a mail delivery service). This embodiment is applicable not only to mail delivery services (mail sending services) but also to mail receiving services. Below, a specific example of a SaaS provider server 30D for an email service (also called a mail service) that sends and receives emails will be further described. The SaaS provider server 30D is, for example, an email service such as Gmail®. Note that this is applicable to other email services as well.
[0316] This embodiment describes an example of an information processing system in which a server device 10 and a SaaS provider server 30D that provides email services are connected via the Internet.
[0317] First, the server device 10 manages the SaaS that the SaaS provider server 30D provides to a user, associating it with the user's account. For example, the server device 10 manages the user information (account information and permission information) of each user who holds a license for the SaaS provider server 30D.
[0318] Furthermore, the server device 10 configures the SaaS service content to be accessed when a compromised state is detected in the user's SaaS account, in association with the user's account.
[0319] In this embodiment, as shown in Figure 10, the content of the SaaS service to be used when a compromised state is detected in the user's SaaS account is pre-configured for each user.
[0320] In this embodiment, when the user is in a normal state, they are able to send, receive, and view emails. In other words, in a normal state, the user is in the normal service state for sending, receiving, and viewing Gmail®.
[0321] For example, the service settings can be configured to restrict the sending of emails created by User A when a compromised state is detected. However, since there are no restrictions on receiving emails when User A is compromised, emails addressed to User A can still be received.
[0322] Furthermore, the service settings will be configured to restrict the sending of emails created by User B when a compromised state of User B is detected. In addition, since receiving is restricted when User B is compromised, the service settings will be configured to restrict the receiving of emails addressed to User B when a compromised state of User B is detected.
[0323] To explain in more detail, when the server device 10 detects that user A's account is compromised, it sends a configuration command regarding the SaaS service content in the event of a compromise in user A's SaaS account to the SaaS provider server 30D via a communication interface (e.g., API).
[0324] For example, server device 10 sends a configuration command to the SaaS provider server 30D via a communication interface (e.g., API) to restrict the sending of emails from user A's SaaS account.
[0325] When the SaaS provider server 30D receives a configuration command from the server device 10, it executes the configuration command to restrict user A's email sending.
[0326] Furthermore, if the server device 10 detects that user B's account is compromised, it sends a configuration command regarding the SaaS service content in the event of a compromise in user B's SaaS account to the SaaS provider server 30D via a communication interface (e.g., API).
[0327] For example, server device 10 sends a configuration command to the SaaS provider server 30D via a communication interface (e.g., API) to restrict the sending and receiving of emails for user B's SaaS account.
[0328] When the SaaS provider server 30D receives a configuration command from the server device 10, it executes the configuration command to restrict user B's sending and receiving of emails.
[0329] In this embodiment, the SaaS provider server 30D does not execute any configuration commands that would delete or disable the user's SaaS account, so the user can continue using the service in a reduced state, such as with restrictions on sending data. Furthermore, since the SaaS provider server 30D does not delete the user's SaaS account, it can quickly return to its original normal state after the compromised state is resolved.
[0330] (1) Description of the command to restrict sending emails Commands that restrict the sending of emails include any of the following: (A) a command to stop sending emails, (B) a command to postpone sending emails, (C) a command to send the emails after approval by a designated user, or (D) a command to delete the emails that were to be sent.
[0331] In other words, if the server device 10 detects that a user's account is compromised and the service is configured to restrict the sending of emails to that user, it sends one of the following commands to the SaaS provider server 30D via the communication interface (API): (A) a command to stop sending emails from the compromised user; (B) a command to postpone sending emails from the compromised user; (C) a command to send emails from the compromised user after approval by a designated user; or (D) a command to delete emails that were to be sent by the compromised user. The SaaS provider server 30D then executes this command. If an email is postponed without being sent, it is stored in a storage area for postponements. Furthermore, a postponement refers to a permanent postponement that is not released as long as the compromised state persists, rather than a temporary postponement (the same applies hereinafter).
[0332] (2) Description of the command to restrict receiving emails A command to restrict the reception of emails includes any of the following: (A) a command to stop receiving emails, (B) a command to postpone receiving emails, (C) a command to receive the emails after approval by a designated user, or (D) a command to delete the emails that were to be received.
[0333] In other words, if the server device 10 detects that a user's account is compromised and the service is configured to restrict the receipt of emails for that user, it sends one of the following commands to the SaaS provider server 30D via the communication interface (API): (A) a command to stop receiving emails from the compromised user; (B) a command to postpone receiving emails from the compromised user; (C) a command to receive emails from the compromised user after approval by a designated user; or (D) a command to delete emails that were to be received by the compromised user. The SaaS provider server 30D then executes this command. If an email that was to be received is postponed without being received, it is stored in a storage area for postponements.
[0334] (3) Available for viewing In particular, in this embodiment, as shown for users A and B, the email history may be made viewable. That is, in this embodiment, there are no restrictions on viewing the email sending history or receiving history, so users A and B can at least check the content of emails they have sent in the past and the content of emails they have received in the past.
[0335] In this embodiment, if a user's account is compromised, access may be restricted in addition to sending and receiving. Even in such cases, the account is not deleted despite the restriction on access. This way, the account remains active, and by allowing access along with sending and receiving once it returns to a normal state, the email service can be provided promptly.
[0336] (4) Multi-tiered SaaS service content In this embodiment, for each user, a first level of SaaS service content may be set for when a first level of intrusion is detected for that user, and a second level of SaaS service content may be set for when a second level of intrusion is detected.
[0337] For example, as shown in Figure 11, if a first level of compromise is detected for user A, the first level of SaaS service content is changed to sending restrictions. Then, if a second level of compromise is detected for user A, the second level of SaaS service content is changed to sending restrictions and receiving restrictions.
[0338] For example, server device 10 uses a dedicated security tool to obtain the number of account compromise detections. If the number of compromise detections is 1, it is classified as Level 1, and if the number of compromise detections is 2 or more, it is classified as Level 2. Level 2 indicates a more serious breach situation than Level 1.
[0339] In this embodiment, when the server device 10 detects a first level of compromise for user A, it modifies the user's SaaS service content by sending a first setting command regarding the content of the first level of SaaS service to the SaaS provider server 30D via a communication interface (e.g., API).
[0340] Here, the first configuration command is a command that restricts the sending of emails from the SaaS account (User A) that has been found to be compromised.
[0341] Then, when the server device 10 detects a second level of intrusion, it modifies the user's SaaS service content by sending a second configuration command relating to the content of the second level of SaaS service to the SaaS provider server 30D via a communication interface (e.g., API).
[0342] Here, the second configuration command restricts the sending and receiving of emails from the SaaS account (User A) that has been detected as compromised. In other words, when User A is compromised at the second level, the situation is more serious than when compromised at the first level, so receiving emails is also restricted.
[0343] When the SaaS server 30D receives the second configuration command, it executes the second configuration command and restricts user A's sending, receiving, and viewing of emails.
[0344] Furthermore, as shown in Figure 11, a third level may exist. For example, if the number of detected infringements is 1, it is considered the first level; if the number of detected infringements is 2 or more, it is considered the second level; and if the number of detected infringements is 3 or more, it is considered the third level. The third level indicates the most serious infringement situation.
[0345] In this embodiment, a third level of SaaS service content may be set when a third level of intrusion is detected.
[0346] For example, if a third level of compromise is detected for user A, the third level of SaaS service content may be defined as sending restrictions, receiving restrictions, and viewing restrictions.
[0347] In this embodiment, when the server device 10 detects a third level of compromise for user A, it modifies the user's SaaS service content by sending a third configuration command regarding the content of the third level of SaaS service to the SaaS provider server 30D via a communication interface (e.g., API).
[0348] The third configuration command restricts the sending, receiving, and viewing of emails from the SaaS account (User A) that has been found to be compromised.
[0349] When the SaaS provider server 30D receives the third configuration command, it executes the third configuration command and restricts user A's sending, receiving, and viewing of emails.
[0350] (5) Functional configuration Further explanation will be given regarding the functional configuration of the server device 10 in this embodiment.
[0351] The management unit 112 manages the SaaS that the SaaS provider server provides to a user, associating it with the user's account.
[0352] The configuration unit 113 sets the SaaS service content to be used when a compromised state is detected in the user's SaaS account, in association with the user's account.
[0353] Furthermore, the configuration unit 113 may set multiple levels of compromise status and configure the SaaS service content according to the detected level of compromise status.
[0354] For example, the configuration unit 113 may configure a first SaaS service content to be used when a first level of intrusion is detected, and a second SaaS service content to be used when a second level of intrusion is detected.
[0355] When the content control unit 115 detects that a user's account has been compromised, it modifies the user's SaaS service content by sending a configuration command regarding the SaaS service content in the event of a compromise in the user's SaaS account to the SaaS provider server via the communication interface. Here, the configuration command is a command to restrict the sending and / or receiving of emails to the SaaS account.
[0356] Restricting the sending and / or receiving of emails includes all three patterns: restricting both sending and receiving, restricting sending only, and restricting receiving only.
[0357] Furthermore, the “command to restrict sending emails” includes any of the following: a command to stop sending emails, a command to postpone sending emails, a command to send the emails after approval by a designated user, or a command to delete the emails that were to be sent.
[0358] Furthermore, the “command to restrict email reception” includes any of the following: a command to stop receiving emails, a command to postpone receiving emails, a command to receive the emails after approval by a designated user, or a command to delete the emails that were to be received.
[0359] Furthermore, the content control unit 115 may maintain access to the user's email history when it detects that the user's account has been compromised. On the other hand, the content control unit 115 may restrict access to the user's email history when it detects that the user's account has been compromised.
[0360] Furthermore, the content control unit 115 may change the user's SaaS service content by sending a first setting command relating to the first SaaS service content to the SaaS provider server via the communication interface when it detects a first level of intrusion, and may change the user's SaaS service content by sending a second setting command relating to the second SaaS service content to the SaaS provider server via the communication interface when it detects a second level of intrusion.
[0361] Here, the first configuration command is a command to restrict the sending of emails from the SaaS account in question.
[0362] The second configuration command restricts the sending and receiving of emails for that SaaS account.
[0363] (6) Description of SaaS server 30D When the SaaS provider server 30D receives a configuration command from the server device 10, it executes the configuration command. For example, the server device 10 sends the user information of user K, who has administrator privileges, to the SaaS provider server 30D, and the SaaS provider server 30D authenticates based on the user information of user K received from the server device 10. After granting authentication, if the SaaS provider server 30D receives a configuration command, it executes the configuration command at the time of receipt, based on the operation of user K, who has administrator privileges.
[0364] This allows the SaaS provider server 30D to automatically and promptly modify the SaaS service content when it detects that a user's SaaS account has been compromised.
[0365]
[21] Processing flow when a breach is detected In this embodiment, the processing flow when a breach is detected in the server device 10 will be explained using Figure 12.
[0366] First, associate the user's account with the details of the compromised SaaS service (step S11).
[0367] Next, it is determined whether or not a compromised state of the user's account has been detected (step S12).
[0368] If a compromised state of a user's account is detected (Y in step S12), a configuration command regarding the SaaS service content in the case of a compromised state of the user's SaaS account is sent to the SaaS provider server via the communication interface (step S13).
[0369] For example, in the case of a SaaS email service, the configuration command is a command to restrict sending and / or receiving emails for the SaaS account. This completes the process.
[0370] Next, the processing flow when a compromised state is detected by the server device 10 in the SaaS provisioning server 30 of this embodiment will be explained using Figure 13.
[0371] First, it is determined whether or not a configuration command has been received from the server device 10 (step S21). Then, if a configuration command has been received from the server device 10 (Y in step S21), the configuration command is executed (step S22). For example, in the case of a SaaS email service, if the SaaS provider server 30D receives a configuration command to restrict sending and / or receiving emails for the SaaS account, it executes the configuration command. This completes the process.
[0372]
[22] Processing for SaaS providers that do not support APIs If the SaaS provider server 30 does not support configuration change functionality via a communication interface (e.g., API), the server device 10 may send (notify) the change information to the administrator terminal so that the administrator can check the change information regarding the SaaS service content corresponding to the compromise status. An administrator using the administrator terminal can manually change the SaaS service content for the user based on the notified change information. This ensures that even if the SaaS provider server 30 does not have an automatic configuration change functionality via API, the SaaS service content for the user can be reliably changed when a compromise status is detected.
[0373]
[23] Others The present invention is not limited to the embodiments described above, and various modifications are possible. For example, terms cited as broad or synonymous in the specification or drawings may be replaced with broad or synonymous terms in other descriptions in the specification or drawings.
[0374] The present invention includes configurations that are substantially identical to those described in the embodiments (for example, configurations with the same function, method, and result, or configurations with the same purpose and effect). Furthermore, the present invention includes configurations in which non-essential parts of the configurations described in the embodiments are replaced. Furthermore, the present invention includes configurations that produce the same effects or achieve the same purpose as those described in the embodiments. Furthermore, the present invention includes configurations that add known technology to the configurations described in the embodiments.
[0375] As described above, embodiments of the present invention have been explained in detail, but it will be readily apparent to those skilled in the art that many modifications are possible without substantially departing from the novel aspects and effects of the present invention. Therefore, all such modifications are included within the scope of the present invention. [Explanation of Symbols]
[0376] 10 server devices, 20 terminal devices, 30 SaaS provisioning servers, 100 Processing unit, 110 Communication control unit, 111 Reception unit, 112 Management unit, 113 Setting unit, 114 Detection unit, 115 Content control unit, 116 Notification unit, 117 Display control unit, 170 Storage unit, 171 Main memory unit, 172 User information storage unit, 173 Management information storage unit, 180 Information storage media, 196 Communications Department, 200 Processing unit, 210 Communication control unit, 211 Display control unit, 270 Storage section, 271 Main storage section, 280 Information storage medium, 290 Display section, 296 Communication section
Claims
1. A program for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account. A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. When a user's account transitions to a specific state, the computer functions as a content control unit that changes the SaaS service content of that account to the SaaS service content of that specific state. The content control unit, A program characterized by determining that a user's account has entered a specific state when the user's status reaches a predetermined state.
2. A program for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account. A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. When a user's account transitions to a specific state, the computer functions as a content control unit that changes the SaaS service content of that account to the SaaS service content of that specific state. The aforementioned setting unit is, When multiple SaaS services are managed in association with a user account, you can configure the specific SaaS service content for each SaaS service. The content control unit, A program characterized by changing the SaaS service content for each SaaS associated with a user's account to the content of the SaaS service associated with that account when the account of at least one SaaS among multiple SaaS services associated with that account transitions to a specific state.
3. In claim 1 or 2, The content control unit, A program characterized by determining that a user's account has entered a specific state when a compromised SaaS account is detected.
4. In claim 1 or 2, The setting unit is, Configure the multi-stage service content of a SaaS in a specific state. The content control unit, When a user's account transitions to a specific state, the SaaS service content for that account is set to the first stage service content of the SaaS in that specific state. A program characterized by setting the SaaS service content of an account to the second stage of a specific SaaS state based on predetermined conditions.
5. In claim 1 or 2, The aforementioned setting unit is, A program characterized by pre-configuring the content of a specific SaaS service for each user, associated with their account, when multiple users exist.
6. An information processing device for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account. A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. Includes a content control unit that changes the SaaS service content of a user's account to the SaaS service content of the specified state when the user's account transitions to a specific state, The content control unit, An information processing device characterized by determining that a user's account has entered a specific state when the user's status reaches a predetermined state.
7. An information processing device for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account. A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. Includes a content control unit that changes the SaaS service content of a user's account to the SaaS service content of the specified state when the user's account transitions to a specific state, The aforementioned setting unit is, When multiple SaaS services are managed in association with a user account, you can configure the specific SaaS service content for each SaaS service. The content control unit, An information processing device characterized by changing the SaaS service content for each SaaS associated with a user account to the SaaS service content of the SaaS in the specified state when the account of at least one of the multiple SaaS associated with a user account transitions to a specific state.
8. An information processing system for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account. A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. Includes a content control unit that changes the SaaS service content of a user's account to the SaaS service content of the specified state when the user's account transitions to a specific state, The content control unit, An information processing system characterized by determining that a user's account has entered a specific state when the user's status reaches a predetermined state.
9. An information processing system for managing SaaS, A management department manages the SaaS provided to a user, associated with that user's account, A configuration section that pre-configures the SaaS service content in a specific state, associated with the user's account. Includes a content control unit that changes the SaaS service content of a user's account to the SaaS service content of the specified state when the user's account transitions to a specific state, The setting unit is, When multiple SaaS services are managed in association with a user account, you can configure the specific SaaS service content for each SaaS service. The content control unit, At least one of several SaaS applications associated with the user's account. An information processing system characterized by changing the content of the SaaS service associated with an account to the content of the SaaS service associated with that account when the account transitions to a specific state.
10. A method for managing SaaS, Management steps that manage the SaaS provided to a user in association with the user's account, A configuration step to pre-configure the SaaS service content in a specific state, associated with the user's account, This includes a content control step that, when a user's account transitions to a specific state, changes the SaaS service content of that account to the SaaS service content of the specific state. The aforementioned content control step is: An information processing method characterized by determining that a user's account has entered a specific state when the user's status reaches a predetermined state.
11. A method for managing SaaS, Management steps that manage the SaaS provided to a user in association with the user's account, A configuration step to pre-configure the SaaS service content in a specific state, associated with the user's account, This includes a content control step that, when a user's account transitions to a specific state, changes the SaaS service content of that account to the SaaS service content of the specific state. The aforementioned setup step is, When multiple SaaS services are managed in association with a user account, you can configure the specific SaaS service content for each SaaS service. The aforementioned content control step is: An information processing method characterized by changing the SaaS service content for each SaaS associated with a user account to the SaaS service content of the SaaS in the specified state when the account of at least one SaaS among multiple SaaS associated with a user account transitions to a specific state.
12. An information processing system in which a server device and a SaaS provider server that provides email services are connected via the Internet, The server device is A management unit manages the SaaS provided by the SaaS provider server to the user, associated with the user's account. A configuration unit that associates with a user's account and sets the SaaS service content to be used when a compromised state is detected in the user's SaaS account, The system includes a content control unit that, upon detecting a compromise in a user's account, modifies the SaaS service content for that user by sending a configuration command regarding the SaaS service content in the event of a compromise in the user's SaaS account to the SaaS provider server via a communication interface. The aforementioned setting command is: An information processing system characterized by a command that restricts the sending and / or receiving of emails from the aforementioned SaaS account.
13. In claim 12, The command to restrict the sending of the aforementioned email is: The command to stop sending the aforementioned email, The command to postpone sending the aforementioned email, A command to send the aforementioned email after approval by a designated user, or A command to delete the aforementioned email to be sent, An information processing system characterized by including any of the following.
14. In claim 12 or 13, The command to restrict the receipt of the aforementioned email is: The command to stop receiving the aforementioned email, Command to postpone receiving the aforementioned email, A command to receive the aforementioned email after approval by a designated user, or A command to delete the aforementioned email that is to be received. An information processing system characterized by including any of the following.
15. In claim 12 or 13, The content control unit, An information processing system characterized by maintaining the user's email history in a viewable format.
16. In claim 12 or 13, The setting unit is, The system sets the content of the first SaaS service when a first level of compromise is detected, and the content of the second SaaS service when a second level of compromise is detected. The content control unit, When a first level of intrusion is detected, a first setting command relating to the content of the SaaS service at that first level is sent to the SaaS provider server via the communication interface, thereby changing the content of the user's SaaS service. When a second level of intrusion is detected, the SaaS service content for the user is modified by sending a second configuration command relating to the SaaS service content of that second level to the SaaS service content via the communication interface to the SaaS provider server. The first setting command is, This is a command to restrict the sending of emails from the aforementioned SaaS account. The second setting command is, An information processing system characterized by a command that restricts the sending and receiving of emails from the aforementioned SaaS account.
17. In claim 12 or 13, The aforementioned SaaS provider server is An information processing system characterized by changing the content of a SaaS service when a compromised state of the user's SaaS account is detected by executing the setting command upon receiving the setting command from the server device.
18. An information processing device for managing SaaS, A management unit manages the SaaS provided by the SaaS provider server to the user, associated with the user's account. A configuration unit that associates with a user's account and sets the SaaS service content to be used when a compromised state is detected in the user's SaaS account, The system includes a content control unit that, upon detecting a compromise in a user's account, modifies the SaaS service content for that user by sending a configuration command regarding the SaaS service content in the event of a compromise in the user's SaaS account to the SaaS provider server via a communication interface. The aforementioned SaaS is, This service provides email services to the user in question. The aforementioned setting command is: An information processing device characterized by being a command that restricts the sending and / or receiving of emails from the aforementioned SaaS account.
19. A method for managing SaaS, Computers are Management steps that manage the SaaS provided by the SaaS provider server to the user, associated with the user's account, A configuration step that sets the SaaS service content to be used when a compromised state is detected in the user's SaaS account, associated with the user's account, The system includes a content control step that, when a compromised state of a user's account is detected, modifies the SaaS service content of the user by sending a configuration command regarding the SaaS service content in the event of a compromised state of the user's SaaS account to the SaaS provider server via a communication interface, The aforementioned SaaS is, This service provides email services to the user in question. The aforementioned setting command is: An information processing method characterized by a command that restricts the sending and / or receiving of emails from the aforementioned SaaS account.