Information processing device
The information processing apparatus addresses the inefficiencies of software authentication updates by automating the process across different software types, ensuring timely and integrated security updates.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- HITACHI HIGH TECH CORP
- Filing Date
- 2025-08-19
- Publication Date
- 2026-06-18
AI Technical Summary
Existing software authentication information update processes are cumbersome due to software-specific methods requiring different update tools and manual management, even when automated, leading to inefficiencies.
An information processing apparatus that integrates authentication information updates across diverse software by determining update targets, generating new information, and executing update programs, with optional user notification and management of update processes.
Automates authentication information updates for multiple software types, simplifying management and ensuring timely security updates without manual intervention.
Smart Images

Figure JP2025029074_18062026_PF_FP_ABST
Abstract
Description
Information processing apparatus
[0001] The present invention relates to an information processing apparatus.
[0002] When using software, it may be necessary to input authentication information such as a password. Software that requires authentication information includes operating systems, middleware (e.g., database servers), and any other application software.
[0003] In order to maintain the security of software, it is desirable to update authentication information regularly. However, the work of updating authentication information requires a certain amount of workload. Therefore, a technology for automatically updating authentication information is expected. Patent Document 1 describes a technology for periodically and automatically updating the password of software.
[0004] Japanese Patent Application Laid-Open No. 2023-135948
[0005] Software may use its own unique authentication information, and the method of updating the authentication information for each software may also differ for each software. For example, a software-specific update tool may be required to update the authentication information. Then, it may be cumbersome for the user to manually update the authentication information. Even when automatically updating the authentication information, it is necessary to provide different update programs for each software, and these update programs must be managed individually, so the management work may still be cumbersome.
[0006] The present invention has been made in view of the above problems, and an object thereof is to provide a technology that can automatically update the authentication information of each software and integrally manage the update process when the methods for updating the authentication information of software are different from each other.
[0007] The information processing apparatus according to the present invention determines software to be updated that updates authentication information, generates the authentication information for the software to be updated, and completes the reflection by executing an update program that reflects the generated authentication information to the software to be updated.
[0008] According to the information processing device of the present invention, even when the methods for updating the authentication information of each software differ, the authentication information of each software can be automatically updated, and the update process can be managed integrally. Other problems, configurations, advantages, etc. of the present invention will become clear from the following description of embodiments.
[0009] This is a diagram showing the configuration of the information processing device 100. This is a sequence diagram showing the operation procedure of the information processing device 100. This is a data table of the management DB 103. This is a data table of the decision DB 101. This is a data table of the generation DB 106. This is a data table of the update DB 107 in Figure 1. This is a diagram showing an example of an email display that notifies the user of an update. This is a diagram showing an example of an email display that requests an update from the user.
[0010] Figure 1 is a diagram showing the configuration of an information processing device 100 according to an embodiment of the present invention. The information processing device 100 includes a decision database (DB) 101, a decision unit 102 for deciding on authentication information updates, a management DB 103, a control unit 104 for controlling authentication information updates, a generation unit 105 for generating authentication information, a generation DB 106, an update DB 107, an update unit 108 for updating authentication information, and a first software group 109. Each DB will be described later in Figure 3 and subsequent figures.
[0011] The control unit 104 controls the management DB 103, the decision unit 102, the generation unit 105, and the update unit 108.
[0012] When the decision unit 102 receives a request from the control unit 104, it refers to the decision DB 101 and determines whether or not to update the authentication information for each row of identification number 301 (the contents of the columns in each DB will be described later in Figure 3 and thereafter, and the same applies hereinafter).
[0013] When the generation unit 105 receives a request from the control unit 104, it refers to the rule 309 for generating authentication information and generates a new password (hereinafter referred to as PW).
[0014] When the update unit 108 receives a request from the control unit 104, it applies new authentication information (e.g., password) to the first software group 109, or requests the user's contact person 311 to update the authentication information of the second software group 111 of the external device 110.
[0015] The first software group 109 is a collection of one or more software programs that have authentication information and are included in the information processing device 100.
[0016] The external device 110 has a second software group 111 and is connected to the information processing device 100 via a network 113 (Internet).
[0017] The second software group 111 has authentication information and represents a collection of one or more software programs included in the external device 110.
[0018] The mail server 112 is a device that, upon receiving a request from the information processing device 100, notifies the user's contact 311 of the update or requests an update.
[0019] The information processing device 100, the external device 110, and the mail server 112 are connected to the network 113.
[0020] Figure 2 is a sequence diagram showing the operation procedure of the information processing device 100. Each step in Figure 2 will be explained below.
[0021] S200: The information processing device 100 starts up and activates the control unit 104.
[0022] S201: The control unit 104 activates the determination unit 102, the generation unit 105, and the update unit 108.
[0023] S202: When the decision unit 102 receives a request from the control unit 104 to determine whether or not the authentication information needs to be updated, the decision unit 102 refers to the decision DB 101 to obtain the identification number 301, the update cycle 307, and the latest update time 308, and obtains the current time from the information processing device 100.
[0024] S203: The determination unit 102 identifies the row with identification number 301 that satisfies the following condition as the "update target" and passes the row with identification number 301 that has been updated to the control unit 104. Alternatively, if there is no row with identification number 301 that satisfies the following condition, the process ends: Condition: (Current time) > (Update cycle) + (Last update time)
[0025] S204: After the control unit 104 receives the identification number 301 of the update target from the determination unit 102, it refers to the management DB 103 to obtain the location information 303 of the update target. The location information 303 indicates whether or not the update needs to be performed within the information processing device 100.
[0026] S205: If the location information 303 to be updated is "in", the control unit 104 passes the identification number 301 and PW 306 of the update target to the generation unit 105. If the location information 303 to be updated is "out", proceed to S207.
[0027] S206: If the location information 303 to be updated is "in", the generation unit 105 receives the identification number 301 and the PW 306 of the update target from the control unit 104, and then refers to the generation DB 106 to obtain the rule 309 of the update target. The generation unit 105 generates a new PW according to the rule 309 of the update target and passes it to the control unit 104.
[0028] S207: If the location information 303 to be updated is "in", the identification number 301 of the update target passed in S206, the location information 303 of the update target, and the new PW generated in S206 are passed to the update unit 108. If the location information 303 of the update target is "out", the identification number 301 of the update target and the location information 303 of the update target are passed to the update unit 108.
[0029] S208: If the location information 303 to be updated is "in", the update unit 108 receives the identification number 301, location information 303, and password 306 of the update target from the control unit 104, then refers to the update DB 107 to obtain the update program 310 and the contact information 311 of the user to be updated, and calls and executes the update program 310. The update program 310 applies the new password to the update target software of the first software group 109, and then verifies whether the updated authentication information has been correctly applied to the update target software with the new password. If the verification is successful, the update unit 108 notifies the contact information 311 of the user to be updated of the fact that the password 306 has been updated via the mail server 112, and reports to the control unit 104 that the notification has been sent. If the location information 303 to be updated is "out", the update unit 108 sends a notification to the contact information 311 of the user to be updated via the mail server requesting an update of the authentication information, and reports to the control unit 104 that the notification has been sent.
[0030] S208: Supplement: When requesting contact 311 to update authentication information, the update result does not necessarily need to be managed in the management DB 103. This is because it is assumed that the user at contact 311 will manage the authentication information.
[0031] S209: If the location information 303 to be updated is "in", the control unit 104 receives a report from the update unit 108, saves the new PW as PW306 in the management DB 103, and requests the decision unit 102 to update the latest update time 308. If the location information 303 to be updated is "out", the control unit 104 receives a report from the update unit 108, and then requests the decision unit 102 to update the latest update time 308.
[0032] S210: After receiving a request from the control unit 104, the decision unit 102 refers to the decision DB 101, changes the latest update time 308 to the current time obtained in S202, and reports this to the control unit 104.
[0033] S211: After receiving a report from the control unit 104, the control unit 104, the control unit 104, the generation unit 105, and the update unit 108 are shut down, and the process is terminated.
[0034] Figure 3A is the data table of the management DB 103. The management DB 103 contains information on identification number 301, device 302, software location information 303, software 304, user ID 305, and PW 306.
[0035] Identification number 301 is a number assigned to distinguish which device and which software a user is using, and it corresponds to the primary key in the database. Each row of the data table can be referenced using identification number 301.
[0036] Device 302 is data used to determine whether it is the information processing device 100 or the external device 110 in Figure 1, and corresponds to the value of the software's location information 303.
[0037] The software location information 303 is data used to distinguish whether the device 302 containing the software is an information processing device 100 or an external device 110. The value is "in" if the device 302 is an information processing device 100, and "out" if the device 302 is an external device 110.
[0038] Software 304 is data located inside the device 302 that distinguishes software that uses authentication information.
[0039] User ID 305 is an ID used to distinguish users who use the software 304 of device 302.
[0040] PW306 is data used to authenticate whether a user using the software 304 of a specific device 302 is a legitimate user, and it has a one-to-one relationship with user ID 305.
[0041] Figure 3B is the data table of the decision DB 101. The decision DB 101 contains information such as the identification number 301, the update cycle 307, and the latest update time 308.
[0042] The update cycle 307 is data representing the update cycle for software authentication information, taking into account the software's security level, and has a one-to-one relationship with software 304.
[0043] The latest update time 308 is the data of the time when the user last updated the authentication information of the software 304, and has a one-to-one relationship with the identification number.
[0044] Figure 3C is a data table of the generation DB 106. The generation DB 106 has the identification number 301 and the information of the rule 309.
[0045] The rule 309 is data that describes a rule for restricting the password to be a password that can ensure security when generating a new PW, and has a one-to-one relationship with the software 304.
[0046] Figure 3D is a data table of the update DB 107 in FIG. 1. The update DB 107 has the identification number 301, the update program 310, and the information of the user's contact information 311. The update program 310 is a program that applies a new password in S207 (in the case of in), or transmits a password update request to the contact information 311.
[0047] Figure 4 is a diagram showing an example display of an email notifying the user of an update fact. This email has the subject, sender, and destination as the header, and the email body includes the time when the PW 306 was updated, the device 302 to be updated, the software 304, the user ID 305, and the next update time. This email is transmitted to the contact information 311 by the update program in S208.
[0048] Figure 5 is a diagram showing an example display of an email requesting an update from the user. This email has the subject, sender, and destination as the header, and the email body includes the time when the PW 306 was updated, the device 302 to be updated, the software 304, the user ID 305, and the next update time. This email is transmitted to the contact information 311 by the update program in S208.
[0049] <Regarding the modification example of the present invention> In the above embodiments, an example where each of the external devices 110 is one has been shown. However, there may be a plurality of external devices 110.
[0050] In the embodiments described above, the network 113 was shown as the internet. However, the network 113 is not limited to the internet; other networks such as a company network or a hospital network may also be used.
[0051] In the embodiments described above, the location information 303 is not limited to "in" and "out," but may also be a URL or IP address used to identify the location on the network where the software is installed. For example, if the IP address belongs to the information processing device 100, it can have the same role as "in" in the embodiments described above.
[0052] In the above embodiment, S205 shows an example in which the control unit 104 issues an execution instruction to the generation unit 105 only when the location information 303 is "in". However, the execution instruction to the generation unit 105 is not limited to when the location information 303 is "in". In that case, for example, a column indicating whether or not a password needs to be generated may be added to the management DB 103 separately from the location information 303. An example of a procedure for processing authentication information generated when the location information 303 is "out" will be described later.
[0053] In the above embodiment, the PW306 used in S205 can also function as a history of past PWs. For example, if rule 309 requests the PW history up to n times (where n is a constant), a column for storing the PW history up to n times may be added to the management DB 103, and the control unit 104 may refer to the management DB 103 and pass the PW history up to n times.
[0054] In the embodiments described above, S208 is described as requesting the contact 311 to update the authentication information if the location information 303 is "out". Alternatively, or in combination therewith, the update unit 108 may remotely update the authentication information of the second software group 111 by remotely accessing the external device 110. In this case, the update unit 108 accesses the second software group 111 using, for example, the user ID 305 and the password before the update 306, and reflects the password generated by the generation unit 105 to the second software group 111. Furthermore, the updated password is stored in the management DB 103.
[0055] In S208, if the location information 303 is "out", the update unit 108 may request the user's contact 311 to update the authentication information of the second software group 111 of the external device 110, receive the result including the updated authentication information, and store the received result in the management DB 103.
[0056] In S208, if the location information 303 is "out", the update unit 108 may directly update the authentication information of the second software group 111 of the external device 110 via remote access and notify the user (contact person 311) of the update.
[0057] In the embodiments described above, S208 shows an example of sending an email to the user informing them of a password update. However, notification is not required. Alternatively, notification may be sent by other means, such as notifying a linked system using the REST API, displaying it on a screen provided by the information processing device, or storing it as log data.
[0058] In the embodiments described above, S202 indicates that an update time is set for each individual software and user, and that a decision is made to regenerate authentication information that has exceeded its update deadline based on the time information. However, the authentication information of one or more software may be updated based on the user's request. Furthermore, the authentication information of one or more software may be updated based on a request from an external device 110, such as during device setup or when software is updated. In this case, in S202, the decision to update the authentication information of the software to be updated may be made based on the external input described above, rather than the time information. The user determining the password to be updated is useful for, for example, changing from the initial password, updating the password in the event of a password leak or according to operational needs.
[0059] In the embodiments described above, S209 shows an example in which the password in the management DB 103 is stored in plain text. However, since password information is confidential information, it is desirable to store these DBs securely by setting appropriate access permissions or by storing passwords and other information in an encrypted state.
[0060] In the embodiments described above, rule 309 illustrates an example of a one-to-one relationship with software 304. However, the relationship between rule 309 and software 304 is not limited to a one-to-one relationship; it may also be a one-to-many or many-to-many relationship.
[0061] In the above embodiments, a column for user privilege level may be added as rule 309, and different password generation rules may be used depending on the user privilege level.
[0062] In the embodiments described above, each functional unit (determination unit 102, control unit 104, generation unit 105, update unit 108) of the information processing device 100 can be configured by hardware such as circuit devices that implement these functions, or by a computing device such as a CPU (Central Processing Unit) executing software that implements these functions.
[0063] 100... Information processing device, 101... Decision database, 102... Decision unit, 103... Management database, 104... Control unit, 105... Generation unit, 106... Generation database, 107... Update database, 108... Update unit, 109... First software group.
Claims
1. An information processing device for updating authentication information for obtaining permission to use software, comprising: a control unit that controls the process of updating the authentication information; a management database that stores the authentication information of one or more software; a determination unit that determines which of the one or more software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the software to be updated, the control unit, when the determination of the determination unit determines that the first software is the software to be updated, the generation unit generates the authentication information for the first software, the control unit, when the determination of the determination unit determines that the first software is the software to be updated, the control unit, the update unit, executes a first program to update the authentication information of the first software to the new authentication information generated by the generation unit.
2. The information processing apparatus according to claim 1, wherein, if the determination of the decision unit determines that the second software among the one or more softwares is the software to be updated, the control unit causes the generation unit to generate the authentication information for the second software, and if the determination of the decision unit determines that the second software is the software to be updated, the control unit causes the update unit to execute a second program that updates the authentication information for the second software with the new authentication information generated by the generation unit.
3. The information processing apparatus further comprises a decision database storing: identification information for identifying one or more software programs; the update cycle of the software identified by the identification information; and the last update date and time of the authentication information for the software identified by the identification information, wherein the decision unit, upon receiving an instruction from the control unit to determine whether or not it is necessary to update the authentication information, determines, based on the update cycle and the last update date and time, whether or not the authentication information has not been updated for a predetermined period of time or longer, and determines, based on the result of that determination, whether or not it is necessary to update the authentication information, as described in claim 1.
4. The information processing apparatus further comprises a generation database that stores data describing rules for generating the authentication information, and the generation unit, upon receiving an instruction from the control unit to generate new authentication information, generates new authentication information in accordance with the rules, as described in claim 1.
5. The information processing apparatus further comprises an update database storing information that identifies the update program for each of the one or more software programs, and the update unit identifies the update program according to the information stored in the update database and updates the authentication information of the software to be updated by executing the identified update program, as described in claim 1.
6. The information processing apparatus further comprises an update database that stores contact information of users who use the software, the update unit updates the authentication information of the software to be updated, and notifies the contacts of the users who use the software to be updated that the authentication information of the software to be updated has been updated, as described in claim 1.
7. The information processing apparatus according to claim 1, wherein the management database further stores location information of a device that runs the software, and the update unit updates the authentication information of the software to be updated by executing the update program if the location information indicates that the device is the information processing apparatus, and the update unit sends an update request requesting that the authentication information of the software run by the device be updated if the location information indicates that the device is not the information processing apparatus.
8. The information processing apparatus further comprises an update database storing contact information of a user using the software, and the update unit, when the location information indicates that the device is not the information processing apparatus, sends the update request to the contact of the user using the software to be updated, according to claim 7.
9. The management database further stores location information of a device running the software, and the update unit remotely updates the authentication information of the software to be updated by remotely accessing the device via the update program if the location information indicates that the device is not the information processing device, and the update unit stores the updated authentication information of the software to be updated in the management database.