JP2002300655A - System and method for authentication, network system, recording medium, computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system in which spoof can be prevented at the time of accessing information. SOLUTION: Upon receiving an access request from a portable telephone, an authentication server transmits a program to that portable telephone (S3202). That program reads out data of individual number (e.g. production number) recorded on the scratch pad of the portable telephone and transmits it to the authentication server. Upon accepting the data of production number transmitted upon starting the program (S3202), the authentication server compares the production number with the data of identification number of each portable telephone held in the authentication server (S3203). If that production number matches any one of the production numbers held in the authentication server (S3203: YES), that access is authenticated.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication technique used when an information providing service is provided using a portable radio terminal or another user terminal.

[0002] Using a wired / wireless communication means, a PDA (Personal Digit) which allows a user to appropriately connect to the Internet.
al Assistants) or information tools (hereinafter, referred to as “user terminals”) such as notebook computers and mobile phones having an Internet connection function or an e-mail function have become widespread. Using such a user terminal as an Internet mail service terminal, the server side provides information providing services for individual users, and provides services such as business communication between companies or within a company, and provides services such as the Internet. Active use of computer networks has recently become popular.

[0003] Such a service is realized by controlling communication between the user terminal and the user terminal via the Internet and access to a specific server accompanying the service on the server side. This type of service using user terminals is
Usually, the service is provided only to a specific person managed by the service provider, that is, a person registered in advance. From such a viewpoint, when executing the above-mentioned service, it is necessary to perform an authentication procedure for confirming whether or not the person requesting the service is a person under the control of the service provider. Become.

[0004] Authentication is generally performed using some kind of permission information, for example, a user name or other user ID or password. In other words, the user ID and password sent by the user from the user terminal are compared with the user ID and password managed by the service provider, and if they match, the user is a legitimate person; Judge that he is not a legitimate person. Then, only a user determined to be a legitimate person can enjoy a predetermined service prepared on the server side. However, such an authentication method is not without its problems. That is, if the user ID and password are stolen by another person, the other person can use it to impersonate a legitimate user.

[0005]

SUMMARY OF THE INVENTION The present invention provides a new authentication technique which can surely prevent the above-mentioned "spoofing" problem which could not be prevented by using the conventional authentication method. That is the subject. Another object of the present invention is to provide an application technique of the authentication technique.

[0006]

SUMMARY OF THE INVENTION The occurrence of "spoofing" is caused by the fact that permission information conventionally used for authentication can be used irrespective of a user terminal as long as it can be obtained. . Contrary to this, most spoofing can be prevented by using information unique to the user terminal for authentication and making sure that the access is made by a valid user only when the terminal is used. be able to. The present invention has been made based on such findings.

According to the present invention, first, when a user terminal used by a user to which predetermined user identification information is assigned accesses predetermined information, authentication of whether the user terminal is legitimate is performed. An authentication device having the following configuration that is performed based on terminal identification information assigned to each user terminal is proposed. That is, the authentication device of the present invention includes: a user identification information recording unit in which the user identification information is recorded; and user identification information of a user who uses the user terminal from the user terminal. A user identification information determining unit that compares the user identification information recorded in the user identification information recording unit with the user identification information to determine whether the user identification information is valid; and that the received user identification information is valid. Terminal identification information generating means for generating terminal identification information to be recorded in the user terminal when the determination is made and transmitting the terminal identification information to the user terminal; and terminal identification information recording for recording the terminal identification information. Means, the terminal identification information received when the user terminal accesses the predetermined information, and the terminal identification information recording means. Authentication means for determining whether the terminal identification information is valid by comparing the received terminal identification information, and permitting the access by the user terminal when the received terminal identification information is valid Permission means for performing the operation.

[0008] The authentication apparatus can execute a process of issuing terminal identification information unique to a user terminal to each user terminal and a process of performing authentication using the terminal identification information. In other words, the information used for authentication by this authentication device is terminal identification information unique to each user terminal. Therefore, if something tries to impersonate another user, the user terminal of the user who is the spoofing partner is assumed. It is essential to obtain Therefore, this authentication device has higher authentication reliability than the conventional authentication device. In issuing terminal identification information to each user terminal by the authentication device, user identification information unique to each user is used.
The terminal identification information is substantially invisible to the user. Therefore, according to the authentication device of the present invention, the possibility of impersonation is markedly reduced by combining the terminal identification information that each user cannot know in principle and the user identification information that each user knows. Can be reduced. However, when performing the authentication process, the authentication device may be able to use not only the terminal identification information but also the user identification information. Note that “access” in the present specification is a concept including various instructions such as a FAX instruction and a print instruction in addition to a request and acquisition of information.

In the terminal identification information recording means of the authentication apparatus, the terminal identification information may be recorded in combination with range information indicating a range of information accessible by the user terminal indicated by each terminal identification information. good. In this case, the permission unit may permit the user terminal to access the range indicated by the range information.
The range information is information indicating a range of information that can be accessed by the user terminal, as described above. For example, it is information including an access destination address registered in advance for each user terminal. From the range information, it is possible to know what information the user terminal accesses when performing authentication.

The user identification information may be any information as long as it is unique for each user who can identify each user. For example, the user identification information is
It may be composed of a set of ID and password assigned to each user. The above-mentioned range information may be, for example, a combination of the above-mentioned address and the above-mentioned user identification information. Also, one set of ID and password is associated with one piece of user identification information, and even if the set of ID and password is assigned as a general ID and password when the access destination is plural. good. In this case, the authentication device may further include means for stopping or canceling the use of the overall ID and password at once.

[0011] The authentication apparatus of the present invention further comprises means for holding a program for transmitting the terminal identification information possessed by the user terminal to be authenticated to the user terminal; Means for transmitting a program may be further provided. By doing this,
The terminal identification information can be transmitted to the authentication device even from a user terminal that does not provide any special function. The above-mentioned program may also be for causing the operator of the user terminal to transmit each of the terminal identification information to the user terminal to be authenticated in a form that cannot be known. In this case, the program may disappear after the user terminal that has sought authentication is transmitted with the terminal identification information. The user terminal may be provided with means for recording this program. In such a case, the terminal identification information is transmitted from the user terminal requesting authentication to the authentication device by a function formed by activating the program recorded in the above-described means for recording the program. May be. For example, a Java program can be used as such a program, and its execution environment is JVM (Java (registered trademark)).
virtual Machine) and KVM (compact JVM for mobile terminals such as mobile phones). This program may be such as to realize transmission of the terminal identification information to the authentication device by cooperation of the program and predetermined hardware provided in the user terminal. The transmission of the terminal identification information to the authentication device may be realized by cooperation between the terminal identification information and a predetermined program of the user terminal.

As the user terminal, a portable radio terminal can be used. Mobile wireless terminals include, for example, mobile phones,
PHS (Personal Handyphone System), mobile phones and P
PDA (Personal Digital Assistant) using HS
s) or a laptop computer.

The information to be accessed by the user terminal exists, for example, in a predetermined network where security is required, and at least a part of the information is shared with a file existing outside the network. It can be recorded information of a maintained common file.

The authentication device of the present invention is a means for recording an e-mail address used by each user in association with the user identification information assigned to each user, and transmitting the terminal identification information to one user. At this time, the electronic mail address assigned to the one user is read out from the means for recording an electronic mail address, and a predetermined process for causing the electronic mail address to execute transmission of the terminal identification information is performed. Means for transmitting an e-mail including information for causing the one user to transmit the approval information for confirming whether or not the one user himself / herself has performed, and receiving the e-mail from the user who has received the e-mail. Based on the approval information, it is determined whether or not the user has performed a predetermined process for executing the transmission of the terminal identification information. Together with a process of collectively suspending and canceling the use of the general ID and password when it is determined that the transmission of the terminal identification information is based on the action of the user himself or the terminal identification information Means for executing one of the processes of collectively stopping the use of the general ID and password when it is determined that the transmission of the one is not based on the one's own action. Good. The authentication device in this case includes a unit that receives the authentication information transmitted from the user in the form of an electronic mail, detects an electronic mail address of a source of the received approval information, and converts the electronic mail address into an electronic mail address. Means for collating with the e-mail address recorded in the means for recording; and, as a result of collation, when both e-mail addresses match, processing for collectively stopping and canceling the use of the general ID and password, or Means for executing one of the processes of collectively stopping the use of the general ID and password when the two e-mail addresses do not match. In addition, the mobile phone number used by each user,
Means for recording in association with the user identification information assigned to each user, means for receiving the authentication information transmitted from the user in the form of telephone communication, and a telephone number of the source of the received approval information Means for detecting and comparing the telephone number with the telephone number recorded in the means for recording the telephone number; and, when the two telephone numbers match as a result of the comparison, the use of the general ID and password is collectively performed. And a means for executing one of a process of releasing the suspension and a process of collectively suspending the use of the general ID and password when both telephone numbers do not match.

According to the present invention, there is provided a first server storing information accessible by a user terminal, and authentication of whether the user terminal trying to access the information recorded on the first server is legitimate. The first server searches for the corresponding information in response to the access from the user terminal determined to be valid, and transmits the searched information to the user terminal that is the source of the access. The present invention can also be applied to a network system configured to send data to a network. The authentication device in this case includes a user identification information recording unit in which predetermined user identification information assigned in advance to the user is recorded, and a user who receives and receives the user identification information of the user who uses the terminal from the user terminal. User identification information determining means for comparing identification information with user identification information recorded in the user identification information recording means to determine whether or not the user identification information is valid; Terminal identification information generating means for generating terminal identification information to be recorded on the user terminal when determined to be valid and transmitting the terminal identification information to the user terminal; and recording the terminal identification information. Terminal identification information recording means, terminal identification information received when the user terminal accesses predetermined information, and the terminal identification An authentication unit for comparing the terminal identification information recorded in the report recording unit with the terminal identification information to determine whether the terminal identification information is valid; and a user terminal when the received terminal identification information is valid. Permission means for permitting the access according to the above.

The present invention can be applied to a network system in which the first server can be connected afterwards. In this network system, means for enabling a first server storing information accessible by a user terminal to be communicable in a predetermined network, and a user terminal attempting to access the information through the network are valid. And an authentication device for performing authentication of whether or not the authentication is successful. The first server searches for the corresponding information in response to the access from the user terminal determined to be valid,
The retrieved information is transmitted to the user terminal that is the source of the access. The authentication device is
User identification information recording means in which user identification information previously assigned to a user is recorded, user identification information of a user who uses the terminal from the user terminal, and the received user identification information and the user identification information recording means User identification information determining means for comparing the user identification information recorded in the user identification information to determine whether or not the user identification information is valid, and when the received user identification information is determined to be valid Terminal identification information generating means for generating terminal identification information to be recorded on the user terminal and transmitting the terminal identification information to the user terminal; terminal identification information recording means for recording the terminal identification information; Is stored in the terminal identification information recording means and the terminal identification information received when accessing the predetermined information. Authentication means for comparing the terminal identification information with the terminal identification information to determine whether the terminal identification information is valid, and permission means for permitting the access by the user terminal when the received terminal identification information is valid Is provided.

[0017] The first server has a common file in which a second server existing outside the network within the network (a file of the first server and at least a part of the recording information thereof are maintained in common with each other). Server) and a dedicated line or a virtual dedicated line. In this case, the authentication device is configured to authenticate whether the user terminal that attempts to access the record information of the common file of the first server is legitimate. In the case of a network system in which the first server and the second server are connected, each of these servers, when the recording information of its own common file changes,
The difference data before and after the change is sent to the other server, and when the difference data is received from the other server, a copy task of copying the difference data to its own common file can be automatically executed. . Second
According to the present invention, a configuration in which a server is provided corresponding to each of the plurality of first servers is also possible.

[0018] The authentication device provided in the network system of the present invention includes: an extracting unit for extracting information transmitted from the first server to the user terminal; and data for transmission information indicating what information has been transmitted. Transmission information recording means for recording for each user terminal may be further provided. Alternatively, the apparatus further comprises transmission information presentation means for generating data for displaying transmission information on the user terminal on a display of the user terminal based on the data recorded on the transmission information recording means. May be. With such an authentication device, sending information about information once used by the user is
It can be displayed on the user terminal in a state like a heading, which is convenient for the user.

The former network system and the latter network system to which the first server is connected are groupware for each user company (generally, the term “groupware” refers to work performed by a group having a common task or purpose). Although this refers to supporting computer software, in this patent specification, it means a concept that also includes hardware resources for realizing it.) It is possible to easily construct an environment for realizing the concept. The form of business in a company is diversified, and it is rare for businesses to converge on their own.
A plurality of people cooperate with each other using groupware. Groupware, for example,
A plurality of user terminals (client terminals) operated by employees and a first server that accepts access from the user terminals under certain conditions are connected to an intranet protected by a firewall. It is realized by mounting a computer program for forming a security function or the like.

Usually, a WWW (World Wide Web) server of an Internet provider is also connected to the intranet, and electronic mail can be transferred from an external terminal to the intranet via the Internet. If a server that manages the company's in-house information is provided on the intranet of the company and an environment that can connect the various terminals described above to this server can be constructed, employees of the company can access the in-house information from any location at any time. This is extremely preferable as a utilization form for business of a company. However, there are the following issues to utilize the intranet. (1) In the access form of in-house information premised on the use of the Internet mail service, since a WWW server operated by a person who does not have confidentiality intervenes, it is not known whether sufficient security can be ensured. (2) In order to secure security, for example, various terminals for realizing groupware are all connected by a dedicated line, or the intranet of the corporate head office and the intranet of each branch, and the intranet of the head office and each branch are connected to each other. It is conceivable to connect all with dedicated lines,
This inevitably necessitates the installation of a large number of dedicated lines, resulting in a dramatic increase in the cost of maintaining the operation, resulting in high costs. (3) When attempting to use an existing Internet mail service for business, the Internet mail service provided by a mobile phone service provider as a standard requires, for example, the number of characters of one mail depending on service conditions set by the service provider. , The number of mails that can be stored on the mail server,
Due to restrictions on the format of attached documents, it is difficult to transmit large data.In the case of mobile phones, since the operation method of the mail function is slightly different for each model, unified education and proficiency in operation are provided. Since it becomes difficult, the operability of the groupware is not good. (4) The company staff that has received the notification from the mobile phone manually activates the application program of the notification content, or a computer prepared in a specific service provider by wire communication transmits an application program registered in advance to a digital wire terminal. Decoding the content of the control signal input from the PC and automatically starting and executing the same has been conventionally performed, but without using the existing infrastructure (infrastructure) by the above service provider or the like, At this time, the application program prepared as described above is arbitrarily started and executed from a mobile phone terminal or the like, and a problem remains in the extensibility of the groupware. Each of the above network systems solves such a problem.

According to the present invention, there is also provided a network system in which a first server in which information accessible to a user terminal is recorded in a predetermined network exists, whether the user terminal attempting to access the information is legitimate. An authentication device for performing authentication of whether or not the user terminal is provided, the user identification information assigned to the user in advance is recorded on the authentication device, and the user identification information of the user who uses the user terminal from the user terminal that requested the authentication. When the received user identification information matches any of the recorded user identification information, the user terminal is determined to be valid, and the received user identification information is determined to be valid Generating terminal identification information to be recorded in the user terminal and transmitting the generated terminal identification information to the user terminal. Recorded, comparing the terminal identification information received when the user terminal accesses the predetermined information and the already recorded terminal identification information to determine whether the terminal identification information is valid, Permitting the access by the user terminal if it is legitimate,
An authentication method for a user terminal in a network system is provided.

According to the present invention, there is also provided a first server in which information accessible to a user terminal is recorded in a predetermined network, and the first server stores the corresponding information in response to a request from a legitimate user terminal. And providing a computer program for causing a computer provided in a network system that transmits the retrieved information to the user terminal to execute the following processing. (1) a process of recording predetermined user identification information assigned to a user in advance, (2) receiving at least user identification information of a user who uses the user terminal from a user terminal that has requested authentication, and accepting the received user identification information Is determined that the user terminal is legitimate when it matches any of the user identification information already recorded, and processing for generating terminal identification information to be recorded in the user terminal, (3) A process of transmitting and recording the generated terminal identification information to the user terminal, and (4) recognizing the terminal identification information received when the user terminal accesses predetermined information and the terminal identification information already recorded. In contrast,
A process of determining whether the received terminal identification information is valid, and (5) a process of permitting the access by the user terminal when the received terminal identification information is valid.

[0023]

Next, a preferred embodiment of the present invention will be described with reference to the drawings. <Overall Configuration> FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied. The network system according to the present embodiment is a network system that can be constructed afterward and has a secure intranet LN installed in a management company in which a public communication network DN is laid. The intranet LN has a plurality of segments Sa to Sn that can be connected to the private line network PN.
The segments Sa to Sn are the host servers 10a and 10 which are the first servers of the user companies to be managed, respectively.
assigned to deploy b,... An authentication server 1, a firewall (FW) 11 and a router 12 are provided near the entrance of the intranet LN, and only a specific access from a legitimate user terminal T1 passes through any one of the inside of the intranet LN. The segment is guided to the segments Sa to Sn. That is, security against access from outside the intranet LN is maintained.

The firewall 11 has a user terminal T
1 from the mobile phone network MN including the wireless network WN.
Is guided through a public communication network DN connected via a router 14 in the mobile telephone network MN and a router 12 connected via the public communication network DN. Mobile phone network MN
Is managed by an entity that provides a mobile phone communication service business. In addition, in the mobile phone mentioned here, in addition to a mobile phone in a narrow sense (mobile phone radio), PHS
It is assumed that the following is included.

The user terminal T1 is a notebook computer or a PD.
It is a combination of a terminal such as A and the above-mentioned mobile phone. In the case of an intelligent mobile phone (a mobile phone having an information processing mechanism), the mobile phone alone can be a user terminal. A browser program for forming a browser screen is mounted on the user terminal T1. This browser program may be installed in the user terminal T1 from the beginning, and may be transmitted from the host server 10 each time as a “Java applet (Java is a trademark of Sun Microsystems, USA)”. good.

The user terminal T1 has a built-in recording medium for recording terminal identification information described later. This recording medium is at least writable information,
For example, it is constituted by a RAM. When the user terminal T1 is a Java-compatible i-mode (registered trademark) mobile phone terminal, this recording medium is configured by a scratch pad (ScratchPad). The user terminal T1 also has a program for reading and transmitting the terminal identification information described above. For example, a program described in a language other than Java is installed. Further, by using KVM, which is one of the execution environments of Java, for the user terminal T1, an environment is prepared in which the terminal identification information can be read from its ROM in the case of a mobile phone. ing. In the user terminal T1,
In addition, an input unit including a numeric keypad or the like is provided so that an ID (authentication ID and user ID described later) and a password (authentication password and user password described later) can be input.

As well known, a DNS (Domain Name Server) 30 is provided in the mobile telephone network MN, and a global DNS 40 is also provided in the Internet IN.
Is provided. Each of the DNS 30 and the DNS 40 has an address table in which a correspondence between a domain name and an IP (Internet Protocol) address is described. Has become.

The leased line network PN is formed from a set of leased lines or virtual leased lines (for example, a line (virtual private network) in which a public line is virtually dedicated between parties using encryption technology and capsule technology). Communication network. As the leased line network PN, a so-called next-generation communication network (for example, a dedicated line network called “PRISM (PRISM is a registered trademark of Japan Telecom Co., Ltd.)”) is in the area of practical use. Since the access point is prepared, the operation cost can be reduced by using the access point. In the present embodiment, the local servers 20a and 20b, which are examples of the second server of the user company located in a remote place, are connected to the leased line network PN from the nearest access points, respectively, and the corresponding services are provided via the leased line network PN. Host server 10a,
10b in a form capable of two-way communication.

<Configuration of Intranet> FIG. 2 shows a detailed configuration example of the intranet LN. FIG. 2 shows an example of an intranet LN including five segments Sa to Se. Each segment, for example, segment Sa,
It has a plurality of connection ports. One is connected to the host server 10a, and the other is connected to the router 13. By connecting a specific line of the private line network PN to the port of the router 13, the user company can individually use the segment Sa. Note that a switching hub (intelligent communication path switching device) or a router may be provided between the segment Sa and the private line network PN, and connected to the private line network PN via this. Other segments Sb to Se
The same applies to.

The connection ports of the segments Sa to Se are
In a state where the host servers 10a to 10e are provided and a local server is connected to each of the host servers 10a to 10e via the switching hub 14 and the private line network PN, a secure housing is constructed in the intranet LN. That is, all the host servers 10a-1
0e and the corresponding local server are connected by the dedicated line network PN, so there is no room for a third party to intervene, and the segments Sa to Se in which the host servers 10a to 10e are deployed.
Are protected by the firewall 11, so that the housing is difficult for an unauthorized access person to enter. Therefore, by allocating the individual segments Sa to Se of the housing for the user company, the user company can construct a secure network environment (or groupware environment) dedicated to the company at a low cost. .

<Router Configuration> Routers 12, 13, 14
Performs routing at the third layer (network layer) of the OSI (Open Systems Interconnection) basic reference model. OSI because it is connected at the network layer
Data can be relayed even if the layers below the second layer (data link layer) of the basic reference model are different. Router 12,1
Since the networks 3 and 14 also have a route setting function, different networks such as the intranet LN and the public communication network DN, and the intranet LN and the private line network PN can be connected.

FIG. 3 is a diagram showing a configuration example of a router. In order to perform bi-directional routing, the router provides a receiving receiver RR and a receiving buffer RB and a transmitting driver SD and a transmitting buffer SB symmetrically with respect to the transmission lines R1 and R2.
T (Network Address Translation) tables NT, R
An IP (Routing Information Protocol) execution unit U2 is provided. The reception receiver RR receives data from the transmission lines R1 and R2. The reception buffer RB is
It stores received data. Transmission driver S
D transmits (transfers) data to the transmission lines R1 and R2. The transmission buffer SB stores data to be transmitted (transferred). Routing execution unit U1
Is to process a received RIP, perform address conversion, and establish a communication path. The RIP execution unit U2 sends a necessary RIP to the transmission lines R1 and R2. N
The AT table NT includes an address used for address translation, that is, “Destinatio” representing a destination address.
"n" and "Source" representing the address of the caller are recorded.

FIG. 4 is a diagram showing an example of the contents of the NAT table provided in the router 12 outside the intranet LN. FIG. 4A shows a NAT for routing data from the public communication network DN to the firewall 11.
FIG. 4B is a table showing N when routing data from the firewall 11 to the public communication network DN.
4 shows an example of an AT table. `` 2xx.111.22.33 ''
Is the local server 20 of the user company registered in the domain
“1 × .111.22.33” is the IP address of the host server 10, “2 × .444.55.6” is the IP address of the transmitting terminal on the Internet, and “1 × .444.5”
5.6 ”is the I of the calling terminal that can be recognized on the intranet LN.
P address. By setting the NAT table as shown in FIG. 4, it becomes possible to access the intranet LN with an IP address different from the Internet.

In the router 13, the address of the originating terminal of the access that has passed through the firewall 11 and the address of the host server to be managed are set in its NAT table. By setting the NAT table in this way, a communication path control unit that selectively establishes a communication path between an access transmitting terminal that has passed through the firewall 11 and a segment (a host server disposed therein) is realized. be able to. When a router is used instead of the switching hub 14, an address is set in the NAT table in the same procedure.

<Host server and local server> Host server (10a, 10b in FIG. 1, 10a to 10 in FIG. 2)
e, hereinafter, when it is not necessary to identify individual items, the suffix is omitted and denoted by reference numeral 10) and the local server (20a and 20b in FIG. 1; suffix is omitted when individual items do not need to be identified) Will be described. In principle, one local server 20 corresponds to one host server 10, and each is connected via a dedicated line network PN.
However, a plurality of local servers 20 may correspond to one host server 10.
Unique L that one or more client terminals are connected to
An AN (Local Area Network) may be connected.
In short, the host server 1 existing in the intranet LN
0 and a local server 2 outside the intranet LN
It suffices if 0 and 1 correspond one-to-one.

The host server 10 has a web mail server function capable of transferring data, a search function, a copy function, a scheduler function, and further stores a database including a mail file, a schedule file, and the like, which are information the user wants to access. Computer. The search function is a function for searching for a corresponding file in the database, and the copy function is a function for starting and executing a copy task for copying data corresponding to a change in the database with the local server 20. The schedule function is a function for managing a schedule file prepared for each registered user company. The local server 20 is a computer having at least the above-described copying function and database.

Although not necessary, in this embodiment, at least some of the files in the databases provided in each of the host server 10 and the local server 20 are maintained in common with those of the other server. It is a common file. When the host server 10 and the local server 20 form groupware, the file is a common file having common contents in the groupware. For example, the contents of the mail file and the schedule file in the local server 20 are directly stored in the host server 1.
It becomes the contents of the mail file and schedule file in 0. Therefore, accessing the common file of the host server 10 is substantially equivalent to accessing the common file managed by the local server 20.

Various forms can be considered for maintaining the contents of the common file of the host server 10 and the local server 20 in common. In this embodiment, this is realized by executing the copy task between the servers. I do. That is, when the local server 20 changes its own common file, the difference data before and after the change is stored in the host server 1.
0, and upon receiving the difference data from the host server 10, copies the difference data to its own common file. The copying task when the common file of the host server 10 is changed is performed in the same manner.

<Configuration of Authentication Server> Next, the authentication server 1
Will be described. The authentication server 1 is equivalent to the authentication device in the present invention. When the user terminal T1 requests access to information recorded in a common file of the host server 10, the user terminal T1 is authenticated. Authentication is performed as to whether or not there is a user terminal, and when the user terminal T1 that has made the access request is legitimate, the above access by the user terminal T1 is permitted.

The authentication server 1 is realized by a server main body and a computer program recorded on a computer-readable recording medium. The computer program is usually recorded on a recording device provided in the server main body, and the CPU of the server main body reads and executes the computer program as appropriate from the recording device.
It may be recorded on a portable recording medium such as M or DVD-ROM. Alternatively, the program may be downloaded through a predetermined computer network.

FIG. 7 is a functional block diagram formed by the CPU of the server main body reading and executing the computer program. In this embodiment,
An input / output unit 31 and a processing unit 32 are formed. Input / output unit 3
1 is between the user terminal T1 and the host server 10
Communication is performed while controlling the flow of data between and. More specifically, for example, user identification information and terminal identification information (both of which will be described later) are received from the user terminal T1, and an authentication result is returned to the user terminal T1 to control subsequent data entry and exit. Or notifies the host server 10 of the result of the authentication. When guiding the result of the authentication to the host server 10, the input / output unit 31 also guides the subsequent access of the user terminal T1 to the host server 10.

The processing section 32 performs authentication and processing related to authentication, and can exchange data with the input / output section 31. As shown in FIG. 7, the processing unit 32 in this embodiment includes a control unit 32a, a terminal identification information issuing unit 32b, a program transmission unit 32c, an authentication unit 32
d, an identification information recording unit 32e, a transmission information management unit 32f, and a transmission information recording unit 32g.

The control section 32a controls the basic operation of the entire apparatus. The terminal identification information issuing unit 32b, the program transmission unit 32c, the authentication unit 32d, the information recording unit 32e, the transmission information management unit 32f, and the transmission information recording unit 32g all operate under the control of the control unit 32a. The control unit 32a also has a part of the function of the permission unit in the present invention. When the authentication unit 32d, which will be described later, authenticates the user terminal T1 requesting the authentication as a legitimate one, Access to the record information of ten common files is permitted. The control unit 32a
Further, based on the data described below recorded in the transmission information recording unit 32e, the transmission information for each user terminal T1 is
It also has a function of generating data to be displayed on the display of the user terminal. In this regard, the control unit 32
"a" also has a function as transmission information presenting means in the present invention.

The terminal identification information issuing section 32b has the functions of the terminal identification information issuing means and the terminal identification information generating means of the present invention. Terminal identification information issuing unit 3
2b receives, from the user terminal T1 requesting access, user identification information assigned in advance to the user who uses the user terminal T1. The received user identification information is compared with the assigned user identification information, which is the user identification information recorded in the identification information recording unit 32g as described later, and It has a function of determining whether or not it is the same as any of the user identification information recorded in the identification information recording unit 32g. If the received user identification information is the same as any of the user identification information recorded in the identification information recording unit 32g, the user requesting the access request based on the user identification information is valid. Is determined, terminal identification information recorded in the user terminal is generated, and this is transmitted to the user terminal. In addition to being sent to the user terminal, the terminal identification information is also sent to the identification information recording unit 32g, where it is recorded. The user identification information is unique information capable of identifying each user from other users, and is not limited to this. In this embodiment,
It consists of a user ID and a password. The user identification information is assigned to each user in advance, and the identification information recording unit 32
g. The user identification information may be, for example, appropriately allocated to each user by a network administrator, or may be appropriately selected by each user under the control of the network administrator for the purpose of preventing duplication. . On the other hand, the terminal identification information is unique information capable of identifying each user terminal T1 from other user terminals T1.

The program transmitting section 32c transmits a program described in Java, for example, to the user terminal when an access request is received from the user terminal T1. Such transmission is performed via the input / output unit 31 described above. The transmission of the program is performed by the user terminal T1.
May be performed every time there is a request from the user terminal T1, and only when an access request is first made from the user terminal T1, or only when the user terminal T1 does not have the program. It may be. This program uses the user terminal T to be authenticated.
1 is a program for transmitting the terminal identification information.

When the access request from the user terminal T1 reaches the authentication server 1, the authentication unit 32d determines whether or not the user terminal T1 is appropriate. The authentication unit 32d specifically includes the terminal identification information received from the input / output unit 31, the terminal identification information input from the user terminal T1 requesting the authentication, and the terminal identification information recorded in the information recording unit 32e. The decision is made by looking at the consistency of the information. The authentication unit 32d thus determines the validity of the access requester based on the consistency of the terminal identification information, but determines the validity of the access requester based on the validity of the terminal identification information and the user identification information. You may be able to. In the information recording unit 32e, terminal identification information required for authentication is recorded. Also, in this embodiment,
User identification information is also recorded in the information recording unit 32e.
The recorded terminal identification information and user identification information are for all of the plurality of user terminals T1 to be authenticated.

FIG. 8 shows an example of the authentication information. Here, as a simple example, a set of a user ID (UserID) and a password (PASSWORD), and an authentication URL as an example of range information in which each of the user terminals T1 is permitted to communicate.
(E.g., the URL of the desired host server 10) includes an individual number, which is an example of terminal identification information, and 1 in principle.
It is recorded as an authentication table in a one-to-one correspondence.
However, two or more user IDs may be assigned to one individual number. In this case, the user I
A different authentication URL is assigned to each of D. In the example of FIG. 8, two user IDs are assigned to the individual number 00102, and different authentication URLs are assigned to each of them. The user ID and the password in this example include only numbers, only alphabets, or a combination thereof.

In the example of the authentication table shown in FIG. 8, the individual number and the authentication URL have a one-to-one correspondence in principle. Therefore, in a simple system in which only one user terminal T1 (individual number) needs to consider only the correspondence with one or two or more host servers 10 (authentication URLs), a preferable authentication mode can be achieved. User ID and user I for authentication
Even when D and password are used, a set of a user ID, a password, and an individual number, which is used for authentication, and an authentication URL correspond one-to-one in principle. Therefore, the user only has to log in with the currently known user ID / password according to the authentication URL to be accessed. This simplifies the login process. As described above, a simple system can be a preferable authentication mode. When a user accesses a plurality of host servers 10 with one user terminal T1 to receive services, or when a plurality of service programs are provided in one host server 10 and each of them needs to be authenticated, Since a login screen must be created for each host server or service program, and a user ID and password must be stored, maintenance of the system is complicated. In some cases, it is necessary that the user loses the user terminal T1 or is stolen so that the user ID and password cannot be used. In such a case, it must be performed for all the host servers or service programs recorded in the authentication table, which is complicated.

Therefore, in the case of a large-scale system in which one user terminal T1 may receive a large number of services, for example, an authentication master table shown in FIG. 9A and an authentication table shown in FIG. (Same as that of FIG. 8) is preferable to manage the authentication data hierarchically. The authentication master table is an upper table of the authentication table linked by the individual number, and one field is prepared for one individual number. The authentication ID and the authentication password (authentication PS)
W), a recording area (stop) of the stop flag for the user terminal is formed.

The authentication ID (same as the user ID) is ID information serving as a master ID assigned to only one user terminal T1. Even if is recorded, it is used to make the authentication valid by using it. The same applies to the authentication password. The recording area of the stop flag is an updatable area. When the flag “1” is set, it is used to stop all use of the authentication table for the user terminal T1. When the suspension is released, the authentication table can be used by deleting the flag “1”.

As described above, by using the two tables hierarchically, even if there are a plurality of host servers 10 and service programs that can be accessed, the user can obtain the authentication ID.
It is only necessary to know D and the authentication password, and the work at the time of access is simplified. Also, for each host server,
Alternatively, it is not necessary to create a login screen for each service program, and even if the user terminal T1 is lost, it is sufficient to set "1" in the stop flag recording area. The work is also simplified.

The authentication unit 32d determines the terminal identification information received from the user terminal T1 (although the present invention is not limited to this, the individual number automatically sent by the program from the authentication server is the terminal identification information). Shall be.)
And the individual number recorded in the information recording unit 32e, and also compares the user ID or authentication ID received from the user terminal T1 with the user ID or authentication ID recorded in the information recording unit 32e, Further, the user terminal T1
Is compared with the password or authentication password recorded in the information recording unit 32e. Then, the received terminal identification information and user ID (authentication I
D) If the set of the password (authentication password) matches the terminal identification information, the user ID (authentication ID), and the password (authentication password) for a certain user terminal T1, the user terminal requesting access T1 is authenticated as valid. Information indicating that it is legitimate
The information is sent to the control unit 32a together with the information on the authentication URL associated with the above authentication table. The control unit 32a that has received this guides the access from the user terminal T1 to the corresponding authentication URL. Thereby, communication between the user terminal T1 that has accessed and the target host server 10 becomes possible.

The transmission information management section 32f manages data to be recorded in the transmission information recording section 32g. Transmission information management unit 3
2f extracts information transmitted from the host server 10 to the user terminal T1, generates transmission information indicating what information has been transmitted, associates this with each user terminal T1, and outputs the information to the transmission information recording unit. 32 g is recorded. In this regard, the transmission information recording unit 32g has a function as an extraction unit. The transmission information management unit 32
f also has a function of reading data recorded in the transmission information recording unit 32g. The read data is sent to the control unit 32a, and is used to generate data for displaying the transmission information on the display of the user terminal T1 in a visible state. This data is
The information is sent to the user terminal T1 via the input / output unit 31.

The operation mode of the network system configured as described above is as follows, for example. As described above, the segments Sa to Se of the intranet LN are:
Since each of them is allocated to a host server of a user company to be managed, it can be used by the user company in segment units. The form of use provided to the user company may be only the segments Sa to Se (in this case, the user company brings the host server 10 and the local server 20 corresponding to the host server 10), and has a predetermined function. The segments Sa to Se in which the mounted host server 10 is deployed may be used. The latter is
This is suitable when the user company already has the local server 20 corresponding to the host server 10.

When the user company to be managed, the segment, and the host server 10 to be deployed in the intranet LN are determined, the system administrator sets the firewall 11
, Various conditions (protocol, system-specific data format,
The address of the host server 10 is registered, and the address of the host server 10 is registered in the address table of the router 13 in the intranet LN as the destination and the source in the intranet LN. Further, the address of the host server 10 is registered as a connection source of the switching hub 14. Further, the information recording unit 32e in the authentication server 1
The terminal identification information (in this example, an individual number), user identification information (in this example, a user ID (or authentication ID), a password (or authentication password)), and an authentication URL for each user terminal T1 Record each data.

The members (usually employees) of the user company are:
By operating the user terminal T1, an IP address (for example, ×
(Xxx @@ xxx.co.jp) to access information to the desired host server 10. This access is transferred from the wireless network WN to the DNS 30 connected to the mobile phone network MN. The DNS 30 sends a global IP address (for example, 2 ×× 111.2) for the user company from the global DNS 40 based on the domain name included in the access.
2.33) is obtained and transferred to the router 12.

The router 12 has the NAT of the contents shown in FIG.
Referring to the table, the global IP address given from the DNS is changed to the IP address (1
Xx.111.22.33), and at the same time, the global IP address (2 × .444.55.6) of the user terminal T1 is converted into an IP address (1 × .444.55.6). Then, using the routing function, the access is performed by the firewall 11.
Transfer to. The firewall 11 determines whether or not this access conforms to a pre-registered condition, and if so, passes the access and transfers it to the authentication server 1. The authentication server 1 determines whether or not the user terminal T1 that has made the access request is appropriate, and sends the access to the router 13 when it is authenticated that the user terminal T1 is appropriate. This authentication process will be described later.

The router 13 decodes the contents of the access, finds the corresponding segment and the host server 10, and transfers the access to the host server 10. The host server 10 searches the common file for data corresponding to the access request, and retrieves the data from the router 13 and the authentication server 1.
Then, a reply is sent to the router 12 via the firewall 11. The router 12 converts the address of the host server 10 into the IP address of the user terminal T1 by referring to the NAT table of the content of FIG. Transfer to the user terminal T1 via the WN.

Since the copy task is executed between the host server 10 and the local server 20 via the private line network PN, and the identity of the contents of the common file is maintained between the two, the above-mentioned host server The information returned from 10 has the same contents as the information held by the local server 20. Therefore, by using this network system, it is possible to easily realize a low-cost company-dedicated system in which security is ensured. In particular, from the user terminal T1 whose location is not specified, the local server 20
Information (e.g., mail file, schedule file, etc.) can be obtained securely, as if the user terminal T1 and the local server 20 were connected via a dedicated line, and there was no third-party intervention. It is extremely convenient in handling information. Further, according to this network system, for example, all the information handled by the local server at the head office of the company and the local servers at each of the plurality of branches are made into a common file, and this is centrally managed by the host server in the intranet LN. In addition, by making the common file accessible from the user terminal T1 at any time and from any place, consistent in-house information can be accessed by a unified operation. The form is easily realized.

<Application Example 1: In-house Mailing System> Next, an application example of the network system will be described. Here, an example in which a specific segment of the intranet LN is assigned to a certain user company and applied to an in-house mailing system that accesses in-house information of the user company using the user terminal T1 will be described. "Email" here
Is a concept that includes not only ordinary e-mail documents but also various list data, edited data, and various documents registered in advance. In addition, this is a web mail that can be attached to a document without limitation on the number of usable characters or the number of stored cases. By using web mail, the user terminal T1
Mail can be exchanged by a unified operation that does not depend on the device model.

The user terminal T1 is, for example,
Since mobile phones that can be user terminals having a web mail function by themselves, such as “i-mode terminals” provided by TTI DoCoMo, have become widespread, they can be used. However, the mail server is "i-mode
A web mail server function prepared by the host server 10 is used instead of the i-mode server for “terminal”. This allows the i-mode terminal to use the i-mode terminal's standard operating environment for browser functions as it is.
Restrictions on various uses by the e-server, for example, restrictions on the type, size, and number of data that can be transmitted and received can be released. In addition, it becomes possible to realize a unified operation environment that absorbs differences between models.

[0062] Host server 10 and local server 20
For example, a computer provided with "DOMINO server (DOMINO (or Domino) is a trademark of DOMINO, hereinafter the same)" provided by Lotus Corporation of the United States can be used.
The “DOMINO server” is equipped with functions suitable for carrying out the present invention, such as a communication function, a mail function, a server function (especially an HTTP server function), a schedule function, and a copy function as standard equipment. It is convenient to take advantage of programming as it is allowed to improve functionality. A web mail server function suitable for carrying out the present invention, such as editing a menu list dedicated to in-house mail, adding fee information for each document, and automatically transferring a large amount of data according to the memory capacity of a receiving destination. To send a message in pieces, reduce the size of the attached document in a limited display area on the mobile phone, or restrict the display when there are many e-mail destinations and display only the text, This can be easily realized by creating an additional application program separately from the standard mail function provided by the "DOMINO server". In addition, a function of constantly monitoring the current time and extracting only a schedule after the current time as a schedule function can be easily realized by additionally creating an application program.

FIG. 5 is a functional block diagram of the host server 10 using the “DOMINO server”. The host server 10 includes a CPU 101 operating under the control of a predetermined OS (operating system), a RAM 102,
M103 and a mail file 10 built on a fixed storage device such as a hard disk readable by the CPU 101.
4. Communication for controlling communication between the router 13 and the employee database 105 recording the mail address book and personal information of the employee, the document database 106 recording the HTTP document and the like, the schedule file 107 recording the in-house schedule data. And an adapter 108.
In the RAM 102, a DOMINO engine, a duplication task, an HTTP task,
In addition to the schedule management task, a program for realizing a web mail server function for employees is stored.
The ROM 103 has a basic input output system (BIOS).
tem) are recorded. DO
The MINO engine is a platform and network O
It provides a unified operating environment by absorbing differences in S, and can realize a powerful document management function including document integration and search.

The HTTP task is executed from the mobile phone via the HTTP task.
When a transmission request is received, the task is to specify a data file corresponding to the HTTP transmission request and convert the data file into an HTML format. Since the extended URL can be used, the data file corresponding to the HTTP transmission request can be dynamically converted to the HTML format. The local server 20 can also use the above-mentioned DOMINO server.

Host server 10 and local server 20
Are designed to maintain the common file identity with each other by the duplication task shown in FIG. That is, based on the configuration of each directory, the duplication task is started at regular time intervals, and a comparison is made as to whether the own common file is different from the other common file. If there is a difference, the difference data is transferred bi-directionally and reflected in the contents of its own common file. The duplication is performed in units of fields as shown. It differs from normal "file copy" in that only the changed fields are copied.

Next, referring to FIG. 10 to FIG. 29, a usage form of the in-house mail system will be described. (Advance preparation) A client terminal (not shown) of the local server 20 is operated in advance to set a set of a user ID and a password as permission information. In this example, the employee ID is used as the user ID. The set contents are stored in the employee database 1 of the host server 10.
05 is reflected. What is set here is authentication required when accessing the intranet LN from the mobile phone and information required for billing. Employee I in this example
D or a password is assigned identification data for each group in order to enable charging for each group (department). Charges when a mobile phone is used are made according to the total amount of data (total amount of packet size), so that this can be totaled for each identification data. In the employee database 105, a mobile phone address is set in advance. In addition, terminal identification information, a user ID, a password, and information of an authentication URL are set in the authentication server 1.

(Creation of Address Book for Cellular Phone) Addresses for about 10 persons are extracted from the in-house address book of the employee database 105, and can be transmitted to the cellular phone at any time. This is performed in principle at the client terminal described above. The procedure in this case is shown in FIGS. Referring to FIG. 10, first, a list of user addresses in an in-house address book is displayed on a display device of a mobile phone as a user terminal (S101). The system waits for the occurrence of a click event (the displayed event selected by the operator's click operation, the same applies hereinafter) (S102), and if a click event has occurred, its content is determined (S1).
03). If the click event is a "selection column", a selection mark is displayed in front of a specific person from the user address list, and the process returns to S103 (S104). In the case of the "copy button", the data of the person with the selection mark is copied to the personal address book, and the process returns to S101 (S1).
05). In the case of the “end button”, end processing is performed (S1
06). Thus, a personal address book including addresses of several persons is generated.

When extracting the address to be actually used from the personal address book, the process is performed according to the procedure shown in FIG. First, a list of user addresses in the personal address book is displayed on the display of the client terminal (S20).
1). It waits for a click event to occur (S202), and if a click event has occurred, determines its contents (S203). If the click event is a "selection field", a selection mark is displayed in front of a specific person from the user address list, and the process returns to S203 (S204).
In the case of the "copy button", the data with the selection mark is sequentially copied to the mail file, and the process returns to S201 (S205). In the case of the "end button", an end process is performed (S206). The process of extracting an address from the in-house address book and creating an address book for a mobile phone can also be performed from the mobile phone. However, in this case, selection is made directly from the in-house address book instead of being copied once to the personal address book.

(Authentication and Information Access) Next, an operation procedure when a member of a user company accesses the host server 10 from a mobile phone will be described. FIG. 12 is an explanatory diagram of the overall procedure of the information access method. First, an access request is made with a mobile phone. At the same time as the access request, a URL about the connection request destination is sent from the mobile phone to the authentication server. Next, a login screen is displayed on the display unit of the mobile phone (S301). As shown in FIG. 27A, an input area 51 for a user ID (here, an employee ID, the same applies hereinafter) and a password is displayed on the login screen. If the user ID and the password have been input, login authentication is performed (S302). If the authentication fails, the process returns to S302. If the authentication is successful, that is, if the user is an authorized user, the main screen is displayed (S303: Yes, S3
04). The main screen is, for example, as shown in FIG. 27B, and displays a reception / transmission / search / schedule event selection area 52 and a SUBMIT selection area 53.

FIG. 13 shows the login authentication described above.
This will be described in detail with reference to FIG. FIG. 13 is a diagram illustrating a procedure of an individual numbering process performed prior to login authentication. As described above, the individual number unique to each user terminal T1 is used for authentication in this embodiment, and this individual number is assigned to each user terminal T1 by the authentication server S1. This individual number is assigned to each user terminal T1 as follows. First, the user terminal T1 is connected to the authentication server S1 (S310).
1). More specifically, U
By inputting the RL, the user terminal T1 is sent to the authentication server 1.
Connect. When such a connection is made, the user terminal T1
27, a screen similar to that shown in FIG. 27A is displayed. The user inputs a user ID and a password assigned to the user in the input area 51 in accordance with the screen instructions. User I entered
Data on D and the password are sent from the user terminal T1 to the authentication server S1. This data is sent to the terminal identification information issuing unit 32 in the processing unit 32 via the input / output unit 31.
b (S3102).

Terminal identification information issuing section 32b (see FIG. 7)
Determines whether the user ID and the password indicated by the received data match any one of the pair of the user ID and the password recorded in advance in the identification information recording unit 32e (S3103). Terminal identification information issuing unit 3
2b, if the user ID and password indicated by the received data match one of the pair of user ID and password recorded in advance in the identification information recording unit 32e (S3103: Yes), the access is valid. Is determined (S3104). If it is determined that the access is valid (S3104), the terminal identification information issuing unit 32b generates data on an individual number unique to each user terminal T1 (S310).
5), an individual number is issued (S3106). The individual number issuance process is specifically performed by sending data on the generated individual number to the identification information recording unit 32e and the user T1. The data on the individual number sent to the identification information recording unit 32e is, as shown in FIG.
It is recorded in a state where it is associated with the authentication URL, User Id (user ID), and PASSWORD (password) of the user terminal T1. On the other hand, the data sent to the user terminal T1 is recorded on a recording medium built therein. When the user terminal T1 is, for example, a Java-compatible i-mode mobile phone terminal, the data indicating the individual number is recorded on the scratch pad as described above. This individual number is recorded on the mobile phone terminal in a form that cannot be recognized by the user, and the user does not generally recognize the individual number assigned to his or her own user terminal T1.

User I indicated by received data
If D and the password do not match any of the combination of the user ID and the password recorded in advance in the identification information recording unit 32e (S3103: No), it is determined that the access is improper. In this case, the process returns to the data input and transmission process (S3102) for the user ID and the password, and the process is performed again. This process is repeated until a correct user ID and password are input.
If the correct user ID and password are not input after all, the process ends here. It should be noted that a limit is set on the number of times the user ID and password are input, and if the user ID and the password are input only for the limited number of times, if the access is not determined to be valid, further access is performed. The reception of the user ID and the password may be stopped, and the process may be forcibly terminated there.

It is sufficient to execute the above processing for assigning the individual number. In this embodiment, the following processing is further executed. In this case, the identification information recording unit 32g is associated with each of the user identification information in addition to the user identification information including the user ID and the password, and the user identified by each of the user identification information is stored in the identification information recording unit 32g. The e-mail address to be used is recorded. This e-mail address is not limited to this, but in this embodiment, it is assumed that the e-mail address can be used at the user terminal T1 to which the individual information has been sent (the user terminal T1 that the user intends to use in this system). ing. Here, when the above-mentioned individual number is issued, the control unit 32a reads, from the identification information recording unit 32g, the e-mail address associated with the user identification information used when issuing the individual number, An e-mail for notifying the user that the registration of the individual number has been completed is transmitted to the e-mail address (S3107).
This e-mail is sent to a predetermined e-mail address recorded in advance in the identification information recording unit 32g, regardless of whether the person who operated the user terminal T is a valid person. It is practically possible for a third party who knows the user identification information to perform the above-described processing for registering the individual number by some method. However, it is unlikely that the third party knows the above-mentioned e-mail address registered by a legitimate user, and even if he or she knows the e-mail address, the e-mail by the e-mail address In order to send and receive the user ID, a further user ID
Usually, a password or the like is required. Therefore, a third party who knows the user identification information of a certain user can use another user terminal T1 other than the user terminal T1 used by the user.
, The third party cannot receive the above-mentioned e-mail notifying that the registration has been completed, even if the user is impersonated as a valid user and obtains the individual number. On the other hand, a user who has registered user identification information and an e-mail address in advance, even if the above-described processing for assigning an individual number is performed by the user himself or a third party impersonating the user Then, the above-mentioned mail notifying the completion of the registration of the individual number is received from the authentication server 1. If the legitimate user has performed the above-described processing for assigning the individual number, the user who has received the above-described electronic mail notifying the completion of the individual number registration can understand the meaning of the electronic mail. Upon receiving this, the user sends an e-mail to the authentication server 1 with information, e.g., by e-mail, to approve the registration. On the other hand, if a third party impersonating a legitimate user has performed the above-described processing, the user who has received the above-described e-mail notifying the completion of individual number registration cannot understand the meaning of the e-mail. Upon receiving this, the user sends an e-mail and other information to the authentication server 1 notifying the registration. In any case, the authentication server 1 receives information on whether or not to approve the registration from the user.
As a result, the authentication server 1 can check whether or not the above-described procedure for assigning the individual number has been performed by a valid user. When the authentication server 1 receives the above information, the information is sent to the control unit 32a. The control unit 32a determines whether or not the content indicated by the information indicates that the user has approved the procedure for assigning the individual number (S3109). The user has approved the procedure for assigning the individual number (S3109:
If Yes, the above procedure for assigning an individual number is determined to have been performed by a valid user, and the procedure for assigning an individual number ends. On the other hand, if the user does not approve the procedure for assigning an individual number (S3109: No), it is determined that the above procedure for assigning an individual number has not been performed by a valid user (S311).
0). In this case, the control unit 32a sets a stop flag for stopping the process of assigning the individual number using the user ID and the password used for issuing the individual number and the process for login authentication described later ( S3111), the individual number assignment process ends. This flag is generated by mistake, for example, in spite of the fact that the user should have sent information to the effect that the registration is approved to the authentication server 1 with respect to the e-mail notifying the completion of the individual number registration. Until the cause of the flag being set, such as sending information that the registration is not approved, is kept as it is. This prevents a third party from illegally acquiring the individual number.

The processing after step (S3107) has the following variations. First, in the above-described example, the user who has received the e-mail in the process of step (S3107) is to transmit information on the approval of registration by e-mail (the authentication server 1 receives this information). (S3108)), but instead, the user can transmit such information by telephone. In order to realize this, the information about the telephone number used by the user may be recorded in the identification information recording unit 32g in addition to the information about the e-mail address used by the user. This telephone number can be made available to the user terminal T1 to which the individual information has been sent (the user terminal T1 that the user intends to use in this system). In this variation, after the issuance of the individual number, the control unit 32a completes the registration of the individual number in the mail sent to the e-mail address associated with the user identification information used when issuing the individual number. To inform the user of the fact and to indicate whether to approve the registration completion,
And information requesting a call to a predetermined telephone number. The user who receives this calls the designated telephone number and sends information about registration approval. The device that has accepted the access from the user terminal T1, for example, sends a message to the user terminal T1 of the user who made the call, "An individual number has been assigned. If not, press the 1 key. "The information for outputting the voice message from the user terminal T1 may be sent to the user terminal T1. By operating the 0 or 1 key, the user who has listened to the above-mentioned voice message transmits information for performing the approval of the registration processing of the individual number or indicating the intention of not performing the approval. This information is directly or indirectly received by the authentication server 1. The control unit 32a of the authentication server 1 having received this determines whether or not the above-described procedure for assigning the individual number has been approved by the user (S3109). Subsequent procedures are the same as those described above. The advantage of this is that, for example, the authentication server 1 checks the legitimacy of the other party that has transmitted the information on the approval of the registration processing of the individual number by transmitting the telephone number recorded in the identification information recording unit 32g and the information. It can be checked by checking the caller ID of the other party. Of course, even in the case of using an e-mail, the validity of the other party who transmitted the information is checked by comparing the e-mail address of the sender with the e-mail address recorded in the identification information recording unit 32b. It is possible. However, it is technically much more difficult to falsify the caller's caller number than to falsify the sender's mail address with an e-mail. Therefore, by implementing such a variation, the possibility of spoofing can be further reduced. Other variations include the following. In the above-described example, the control unit 32a determines whether or not the user has been approved based on the information on the approval of the registration process received by e-mail or telephone, and the user has approved the procedure for assigning the individual number. If (S3109: Yes), it is determined that the above procedure for assigning an individual number has been performed by a valid user, and the user has not approved the procedure for assigning an individual number (S3109: No). If so, it is determined that the above procedure for assigning an individual number has not been performed by a valid user (S3110). If it is determined that the legitimate user has performed the procedure for assigning the individual number, the procedure for assigning the individual number is terminated, and it is determined that the unauthorized user has performed the procedure for assigning the individual number. If so, a stop flag is set (S3111). This variation reverses the handling of the stop flag from that described above. In this variation, a stop flag is set in an initial state. If it is determined that the legitimate user has performed the procedure for assigning the individual number, the stop flag is turned off, and the procedure is terminated after the individual number and the like can be used. On the other hand, when it is determined that the unauthorized user has performed the procedure for assigning the individual number, the procedure is terminated with the stop flag set as it is. In this way, in principle, the use of individual numbers and the like is restricted, and the use of individual numbers and the like can be performed only when formal procedures are taken, so that the occurrence of spoofing can be further reduced. Become.

FIG. 14 shows a specific procedure for login authentication performed in principle based on the procedure for assigning an individual number as described above. As described above, the login authentication is started when the mobile phone makes an access request. At the same time as the access request, the URL of the connection request destination is sent from the mobile phone to the authentication server, and a login screen is displayed on the display unit of the mobile phone (S301). This is as described above. When the login screen is displayed, the authentication server 1 reads out the individual number of the mobile phone and transmits a program for transmitting the individual number to the authentication server 1 to the mobile phone (S3201). More specifically, information indicating that there is an access request is sent to the control unit 31 via the input / output unit 31.
sent to a. The control unit 31a that has received this transmits a command to transmit the program to the program transmission unit 32c. Based on this command, the program transmission unit 32c transmits the above-described program to the mobile phone via the input / output unit 31. In this example, the above-described program is described in, for example, Java, and is executed on the KVM of the mobile phone. In any case, it operates under the execution environment prepared for the mobile phone. This program activates a program for reading the individual number of the mobile phone from a scratch pad or the like. The function realization body generated in this way sends the individual information read from the ROM or the like to the authentication server 1. This process is performed automatically. Also, this process may be performed in a form that the user cannot recognize. In addition, this program is such that it reads out the individual number of the user terminal T1 and transmits the data on the individual number of the user terminal T1 to the authentication device 1, and then disappears. It does not matter. On the other hand, this program remains after the function of reading the individual number of the user terminal T1 and transmitting the data on the individual number of the user terminal T1 to the authentication device 1 is exhibited. May be. In this case, the above-described program is recorded on a predetermined recording medium of the user terminal T1, reads out the individual number of the user terminal T1, and transmits data on the individual number of the user terminal T1 to the authentication device 1. Each time the function of performing the operation is required, it can be read from the recording medium. When such a program is used, the above-mentioned program is transmitted only when an access request is made from the user terminal T1, and only when the access request is made for the first time. However, after that, if it becomes particularly necessary, for example, when the program disappears from the above-mentioned recording medium for some reason, the program may be transmitted again.
The recording medium on which the program is recorded is the user terminal T1.
However, for example, in the case of a Java-compatible i-mode mobile phone, it can be configured by a built-in nonvolatile memory. If the user terminal T1 does not follow the above-described procedure for assigning an individual number and does not have an individual number, even if the above-described program is accepted and executed, Even if the program is read and executed, the individual number is not transmitted from the user terminal T1 to the authentication server 1. If the transmission of the individual number has not been performed, the authentication server 1 requests the user to transmit the user ID and the password, and executes the above-described procedure for assigning the individual number. In this case, the procedure from the individual number assignment to the authentication is performed in a series.

Upon receiving the individual number (S3202),
The authentication unit 32d of the authentication server 1 determines whether the individual number matches one of the individual numbers recorded in the information recording unit 30d (S3203). When the received individual number does not match any of the recorded individual numbers (S3203: No), data for displaying information indicating that on the display of the mobile phone is generated, and this is generated. (S3204). In this case, the mobile phone is not authenticated as being legitimate, and the access from the mobile phone is not permitted. In this embodiment, the control unit 32a generates data for displaying an image on the display of the mobile phone. When the received individual number matches any of the recorded individual numbers (S3203: Ye
In s), go to the next step.

Next, the user ID and password input by the user are received from the mobile phone (S3205), and the user ID and password are stored in the information recording unit 30d. The authentication unit 32d determines whether or not it matches the associated one (S3206). Note that user I
Accepting D and password from mobile phone (S3205)
Is performed independently of the reception of the individual number, and thus may be executed before step S3011. When the received user ID and password do not match the one associated with the individual number among the user IDs and passwords recorded in the information recording unit 30d (S3
206: No) generates data for displaying information indicating the fact on the display of the mobile phone, and sends it to the mobile phone in the same manner as described above (S3204). The received user ID and password are stored in the information recording unit 30d.
Of the user ID and password recorded in the user ID and the password associated with the individual number described above (S
3206: Yes), proceed to the next step.

If the individual number, the user ID and the password match the individual number, the user ID and the password recorded in the information recording unit 30d in association with each other, the mobile phone which made the access request is an authorized one. However, in this embodiment, the following processing is performed in order to further increase the reliability of the authentication. That is, the URL of the connection request destination that has been received earlier is the authentication URL recorded in the information recording unit 30d.
A determination is made as to whether or not L matches the one associated with the received individual number, user ID, and password (S3207). This determination is also made by the authentication unit 32d.
When the received URL does not match the one associated with the received individual number and user ID among the authentication URLs recorded in the information recording unit 30d (S320).
7: No), the process proceeds to S3014, as in the case described above. If they match (S3207: No), the mobile phone is authenticated as a legitimate one and the port is opened (S3208). Note that, in this example, a case is described in which authentication is performed using all of the terminal identification information, which is an individual number, the user identification information, which is a user ID and a password, and the authentication URL, or the terminal identification information and the user identification information. Although described, the authentication may be performed using only the terminal identification information or the terminal identification information and the authentication URL.

Returning to FIG. 12, after that, the occurrence of a click event is waited for (S302). When the click event has occurred, its content is determined (S303). If the click event is "reception", a reception process is performed according to the procedures shown in FIGS. 15 to 20 (S304). If it is "transmission", transmission processing is performed according to the procedure of FIG. 21 (S305). If it is "search", a search process is performed according to the procedures of FIGS. 22 to 24 (S306). If it is "scheduled", a scheduled process is performed according to the procedures of FIGS. 25 and 26 (S307). When these processes are completed, the process returns to the step S302. Hereinafter, the contents of the reception process, the transmission process, the search process, and the schedule process will be described in detail.

= Reception Processing = The reception processing of S304 will be described. In the receiving process,
As shown in FIG. 15, data is sorted in descending order according to the reception date of the reception box of the mobile phone, and data numbers are numbered from “1” in order of “+1” (S401). The sorted data is selected ten by ten in ascending order, and the first one is set as START (first data number, the same applies hereinafter) (S402). afterwards,
The selected data is displayed in the reception list display area (S
403). In the reception list display area, FIG.
As shown in (d), the subject area 54 and the fee area 55 indicating the fee information required to receive the subject are displayed as a pair. By displaying the fee information required for reception in this way, the operator of the mobile phone can be informed of the data size and the cost at that time. The mobile phone operator (that is, an employee) judges whether the reading of the subject is worth the cost by looking at the title of the subject and the amount of the fee, or estimating the time required for reception based on the amount of the fee, and Can be determined to be read now or later. Also, since a large amount of data, such as 20,000 words, is sent while being automatically split by the mail function using the web mail function, it can be browsed halfway and the browsing of subsequent split mail stopped. Forms are also possible. At the bottom of the reception list display area, selection buttons for “Previous” and “Next” are also displayed. It waits for a click event to occur (S404), and if a click event has occurred, determines its contents (S405). If the click event is “next”, “+9” is set to START (S406), and S
Select 10 items from TART. When START is less than 10, only the existing data is displayed (S40).
7). If the click event was "Previous",
"-9" is set as START (S408), and STAR
Select 10 items from T. If START is less than 10, "1" is set in START (S409). If the click event is "document number", a received message display process is performed (S410).

The details of the received sentence process in S410 are as shown in FIG. When it is detected that the operator of the mobile phone has clicked a desired document number on the display unit (S50).
1) The document of the clicked document number is displayed on the display unit (S502). The display at this time is, for example, as shown in FIG.
(E). If there is an attached document, a notification indicating its presence is displayed on the display unit. This is due to the web mail server function of the host server 10. If the attached document is a table object or bitmap data, by clicking on the attached document, it can be displayed as an HTML document according to the size of the display area. Also, assuming that the number of destinations of the document is large, the destination part in the frame of the received text is not displayed in advance. As a result, only the text can be displayed on the display unit of the mobile phone. However, since the destination information is managed on the side of the host server 10, when it is desired to confirm the destination from a mobile phone, it is instructed from a browser screen (icons or command characters are prepared). , Can be displayed. In the case of received text processing, "Delete", "Reply",
A “transfer” and “FAX” selection area 56 is displayed. Waiting for the click event to occur (S503), and when the click event has occurred, its content is determined (S50).
4). The click event includes a “delete” process (S50).
5), "Reply" processing (S506), "Transfer" processing (S5)
07) and “FAX” processing (S508).

FIG. 17 shows the procedure of the "delete" process in step S505, that is, the process when "delete" is selected in the display contents of FIG. 27 (e). While deleting the current document (S601), "Delete"
d ”is displayed (S602).

The procedure of the "reply" process in step S506, that is, the process when "reply" is selected in the display content of FIG. 27E is as shown in FIG. First, a new document for reply is created (S701). Then, the sender of the received document is set as the destination (S702), the character "Re:" is added to the subject of the subject of the received document (S703), and the new document is displayed (S70).
4). It waits for a click event to occur (S705), and if a click event has occurred, determines its contents (S706). If the click event is "subject", the subject editing process is performed (S707). If the click event is "content", the document content is edited (S708). If the click event is "new destination", the new destination is edited (S709). In the case of "CC new", a new editing process of the CC (carbon copy) destination is performed (S710). After each end, the process returns to S705.

If the click event determined in step S706 is “destination”, destination editing processing is performed (S7).
11). At this time, a list of mobile personal destinations (personal address book) is displayed (S712). Then, the selected destination is set as “TO” (S713). afterwards,
It returns to the process of S705. If the click event is "CC", a CC destination editing process is performed (S714). At this time,
A list of mobile personal destinations (personal address book) is displayed (S715). Then, the selected destination is set as “CC” (S716). After that, the process returns to S705. If the click event is "SUBMIT", the new document is transmitted (S717), "Formprocessed" is displayed, and the reply process ends (S718).

The procedure of the "transfer" process in step S507, that is, the process when "transfer" is selected in the display content of FIG. 27E is as shown in FIG. Processing details (S8
01 to S818) are substantially the same as those in FIG.
In step S803, “FW:” is added to the head of the subject of the received document in the subject.
The only difference is that the character is added. The procedure of the “FAX” process in step S508, that is, the process when “FAX” is selected in the display content of FIG. 27E is as shown in FIG. First, a new document for FAX is created (S
901). Then, the content of the received document is set in the content column (S902), the character “FW:” is added to the subject of the received document at the beginning of the subject (S903), and the new document is displayed (S904). It waits for a click event to occur (S905), and if a click event has occurred, determines its contents (S906). If the click event is "subject", the subject is edited (S90
7) In the case of "FAX number", a FAX number editing process is performed (S908), and after each, the process returns to S905. If the click event is "send", the new document is sent (S909), "Formprocessed" is displayed, and the FAX data sending process ends (S910). The data transmitted in this manner is fax-printed at the fax number destination. Note that the fax printing described above may be realized as one of the functions of the DOMINO engine.
The application program for X printing may be installed in the host server 10 and may be activated by starting the program at any time.

= Transmission Processing = Next, the transmission processing in step S305 in FIG. 12 will be described. In the transmission process, as shown in FIG. 21, a new document for transmission is created (S1001), and the new document is displayed on the display unit (S1002). Subsequent processing (S10
03 to S1016) is the same procedure as steps S707 to S718 of the return process shown in FIG. However, the display content of the display unit of the mobile phone changes as shown in FIG.

= Search Process = Next, the search process in step S306 in FIG. 12 will be described. The search process is executed when the user selects “search”, as shown in FIG. In this process, as shown in FIG. 22, first, the data in the search view is sorted in ascending alphabetical order, and ten items are selected (S1101). After that, the search list is displayed in the list display area (S1102). The system waits for a click event to occur (S1103). If a click event has occurred, its content is determined (S1104). If the click event is "next", +10 data is set from the tenth page of the page being displayed (S1105). afterwards,
The set data is selected. If the data is less than 10, only the existing data is selected (S1106).
After that, the process returns to S1102. If the click event is "Previous", from the tenth page on the page being displayed-
Ten data are set (S1107). After that, the set data is selected. If there is no data, the data of the current page is reselected (S1108). afterwards,
It returns to the process of S1102.

When the click event is “search list display”, the display contents of the display unit of the mobile phone are as shown in FIG.
The list is changed from (a) to the keyword list searched in the past. FIG. 28B shows this state. In the figure, "ito
"h", "okada", and "suzuki" are the searched keywords. The procedure of this search list display processing is as shown in FIG. That is, the system waits for the occurrence of a click event (S1201), and when it is detected that the first and last name of the alphabet (for example, “itoh”) is clicked, displays all documents including the clicked first and last name (S1202, S1203).

If the click event is "new keyword", a search process using the new keyword is performed.
At this time, the display content on the display unit changes to a new keyword input screen as shown in FIG. In this case, as shown in FIG. 24, the process waits for the occurrence of a click event (S1301), and when the click event occurs, determines its content (S1302). If the click event is "new keyword", a new keyword is edited (S1301), and the process returns to S1301.
If the click event is “SUBMIT”, the keyword is transmitted (S1304), “Formprocessed” is displayed, and the process is terminated (S1305). Host server 1
If the search result is transmitted from 0, the process proceeds to a search list display process as appropriate. The screen of the display unit changes as shown in FIG. 28D. When the alphabet (for example, “pat”) is clicked, all the documents including “pat” are displayed as shown in FIG. 28E. .

= Scheduling Process = Next, the scheduling process in step S307 in FIG. 12 will be described. The schedule process is executed when the user selects “schedule” as shown in FIG. In this process, as shown in FIG. 25, first, the data in the scheduled view is sorted in descending order by date, and ten items are selected (S140).
1). After that, the schedule list is displayed in the list display area of the display unit (S1402). FIG. 29B shows an example of the list display area 60, in which a click on a certain date displays a time zone set for that date and a brief description. At the top of the display,
An area for selecting an event of "Previous", "Next", or "Create" is formed. It waits for the occurrence of a click event (S1403), and if a click event has occurred, its content is determined (S1404). If the click event is “Next”, + from the 10th page of the page being displayed
Ten data are set (S1405). Thereafter, the set data is selected. If the data is less than 10, only the existing data is selected (S1406). After that, the process returns to S1402. If the click event is "Previous", the number of the page being displayed is -10
Is set (S1407). After that, the set data is selected. If there is no data, the data of the current page is selected again (S1408). Then, S1
It returns to the process of 402. The data in the event view is
Only those after "Today's date" are eligible. That is,
Those scheduled after the date are extracted from the schedule file 107, and the list is made into a list (View in the DOMINO server) so that it can be viewed on the mobile phone.
With this configuration, it is possible to prevent a situation in which data relating to past schedules is recorded on the mobile phone, and it is possible to effectively use the memory of the mobile phone. The host server 1 stores data on schedules before the date and before the current time.
0 may be automatically deleted from the schedule file 107. In this case, unnecessary data is sequentially deleted from the schedule file 107 (the same applies to the local server 20).
There is an advantage that the memory area of the local server 20 (similarly) can be effectively utilized at the same time, and the leakage of the in-house information is reliably prevented.

If the click event is "new creation", that is, if "create" is selected in the display contents of FIG. FIG. 26 is a flowchart of the new creation process. In this process, first, a schedule creation menu is displayed (S150).
1). For example, as shown in FIG. 29D, the schedule creation menu includes schedule registration, conference call, event, confirmation,
An anniversary selection area 61 is formed. The user can arbitrarily select any of these. Wait for the click event to occur (S1502), and if the click event has occurred, determine its contents (S150).
3). If a specific menu is selected from the selection area 61, data input and editing are performed (S1504), and S15
It returns to the process of 02. Click event is "SUBMI
In the case of "T", the input data is transmitted (S150
5) “Formprocessed” is displayed and the process is completed (S
1506). FIG. 29E is a diagram showing an example of the contents of the data input area 62 when “2. Convene Meeting” is selected. A brief description and a time are associated with each date. Note that the data input area 62 scrolls. The data input in this manner is reflected on the schedule file 107 of the host server 10 and further reflected on the local server 20.

As a part of the scheduled process or as a process separate from the scheduled process, a so-called “To Do List” function, that is, a function of managing the work to be performed and the work performed, is performed by operating the mobile phone. It can be configured to be executed at the opportunity. In this case, "DOMIN
By creating an application program in addition to the standard scheduler function of "O server R5", it can be easily realized.

As described above, in the in-house mail system, the host server 1 can be accessed from an arbitrary place at any time from a mobile phone.
0 can access the company information managed by the company. The mode of access is various as described above, and it is as if accessing from a fixed terminal inside the intranet LN or a client terminal of the local server 20. Since the in-house information of the host server 10 is common to that of the local server 20 connected via the private line network PN, it is possible to indirectly communicate with a person connected to the network to which the local server 20 belongs. Thus, the groupware can be operated efficiently.

In this system, the reception processing,
When the transmission processing, the search processing, the schedule processing, and the like are executed, the information transmitted from the host server 10 to the mobile phone is monitored by the transmission information management unit 32f. This monitoring is performed, for example, by extracting the URL of the page browsed by the user by the transmission information management unit 32f. By performing such information extraction, the transmission information management unit 32f outputs transmission information, which is information on what information has been transmitted from the host server 10 to the mobile phone, that is, which page the user has viewed. Is generated and recorded in the transmission information recording unit 32g. This transmission information is recorded for each mobile phone, and is recorded in the transmission information recording unit 32g while clarifying the corresponding mobile phone.

This transmission information can be used as data when charging each mobile phone. In addition, in order to reduce the effort required when a user accesses the host server 10, the following method can be used. That is, the transmission information is used to display the menu screen on the display of the mobile phone. In this case, when there is an access request and the mobile phone making the access request is authenticated as a legitimate one, for example, the following processing may be executed. First, the transmission information management unit 32f reads out, from the transmission information recording unit 32g, the transmission information of the mobile phone that has made the access request from the recorded transmission information, and sends it to the control unit 32a. Next, the control unit 32a that has received this generates data for displaying a predetermined image on the display of the mobile phone, and sends the data to the mobile phone via the input / output unit 31. Based on this, a predetermined menu image is displayed on the display of the mobile phone. The displayed menu image is shown in FIG.
, But the menu displayed there is different for each mobile phone.

<Application Example 2: Application Remote Operation System> The network system of the present invention can be applied as an application remote operation system instead of, or together with, an in-house mail system. The configuration in this case is basically the same as that of the in-house mail system. However, the local server 20 is provided with a predetermined application program, for example, a search program for searching for information from an external database which is not a common file, A printing program that automatically prints specific information inside, an automatic control program for in-house office equipment, etc. are installed, and the operation image for starting the application program is displayed on the web mail screen displayed on the display of the mobile phone as a browser The difference is that it is formed on the screen or a dedicated command can be input.

In operation, a person carrying a mobile phone accesses the host server 10 by selecting, for example, an operation image on a browser screen. The host server 10 decodes the contents of the command corresponding to this access, notifies the contents of the command to the local server 20, and starts and executes the corresponding application program. After the application program is executed, the host server 10 obtains information of the execution result from the local server 20 and notifies the mobile phone of the obtained information.
In this way, not only the transfer of the in-house information, but also the in-house application program can be remotely activated from the mobile phone from the outside, so that a highly expandable in-house dedicated network system can be easily constructed.

In this embodiment, it is assumed that the network constituting the housing is the intranet LN. However, any network may be used as long as it can be protected by a firewall. The housing can also be configured on a normal local network. Further, as a preferred embodiment, the description has been given assuming that the mobile phone passes through the firewall 11, but access from a mobile wired terminal via the Internet IN, that is, a notebook computer performed via a wired communication network It can be configured to allow access through the firewall 11 under certain conditions even when accessing from a PDA or PDA. However, in this case,
It is necessary to keep in mind that the access from an unspecified user connected to the Internet IN is allowed, and thus the load on the firewall 11 increases.

[0099]

As is clear from the above description, according to the present invention, since "spoofing" can be reliably prevented, it is possible to easily construct an environment for realizing dedicated groupware ensuring security. Become like

[Brief description of the drawings]

FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied.

FIG. 2 is a diagram showing a detailed configuration example of an intranet.

FIG. 3 is a diagram showing a configuration example of a router.

FIG. 4 is a diagram showing the N provided in a router outside the intranet.
It is an explanatory view of the contents of an AT table, (a) shows an example in the case of routing data going from a public communication network to a firewall, and (b) shows an example in the case of routing data going from a firewall to a public communication network. .

FIG. 5 is a functional configuration diagram of a host server using a DOMINO server.

FIG. 6 is an explanatory diagram showing a mechanism of replication executed between a host server and a local server.

FIG. 7 is a functional block diagram showing a configuration of an authentication server.

FIG. 8 is an explanatory diagram for explaining data recorded in an information recording unit of the authentication server.

FIGS. 9A and 9B show examples of a hierarchy table used in a large-scale system in which a single user terminal may receive a large number of services.

FIG. 10 is an explanatory diagram of a procedure for copying a personal address book for about 10 persons from an in-house address book.

FIG. 11 is an explanatory diagram of a procedure for copying a personal address book to a mail file.

FIG. 12 is an explanatory diagram of a procedure when an employee accesses a host server.

FIG. 13 is an explanatory diagram of a procedure of a reception process.

FIG. 14 is an explanatory diagram illustrating a procedure of an individual number assignment process.

FIG. 15 is an explanatory diagram of a procedure for explaining a flow of a process executed by the authentication server at the time of authentication.

FIG. 16 is an explanatory diagram of a procedure of received message processing.

FIG. 17 is an explanatory diagram of a procedure of a deletion process.

FIG. 18 is an explanatory diagram of a procedure of a reply process.

FIG. 19 is an explanatory diagram of a transfer process.

FIG. 20 is an explanatory diagram of a procedure of a facsimile process.

FIG. 21 is an explanatory diagram of a procedure of a transmission process.

FIG. 22 is an explanatory diagram of a procedure of a search process.

FIG. 23 is an explanatory diagram of a search list display process.

FIG. 24 is an explanatory diagram of a procedure of a new keyword process.

FIG. 25 is an explanatory diagram of a procedure of a schedule process.

FIG. 26 is an explanatory diagram of a procedure of a new schedule list creation process.

27A and 27B are diagrams illustrating examples of display screens on a display unit of a mobile phone, where FIG. 27A illustrates a login screen, FIG. 27B illustrates a main screen, FIGS. Is a document display screen, and (f) is a screen at the time of transmission processing.

28A is a main screen showing a state in which a search is selected, FIG. 28B is a screen at the time of search processing, FIG. 28C is a screen for inputting a new keyword, and FIG. (E) is a document display screen after the search.

29A is a main screen showing a state in which a schedule is selected, FIG. 29B is a screen of a list display area of a schedule list, FIG. 29C is a selection screen of a schedule creation menu, and FIG. It is a data input screen for new creation of a list.

[Explanation of symbols]

 LN Intranet WN Wireless network MN Mobile phone network DN Public communication network PN Private line network IN Internet T1 User terminal (mobile phone) Sa-Se segment 10, 10a-10e Host server 1 Authentication server 31 Input / output unit 32 Processing unit 32a Control unit 32c Program transmission unit 32d Authentication unit 32e Information recording unit 32f Transmission information management unit 32f Transmission information recording unit 101 CPU 102 RAM 103 ROM 104 Mail file 105 Employee database 106 Document database 107 Schedule file 108 Communication adapter 11 Firewall 12, 13, 14 Router 14 Switching hub 20, 20a, 20b Local server 30, 40 DNS

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5J104 AA07 KA02 KA15 NA05 PA01 PA02 PA07 PA08 PA11 5K067 AA30 AA32 BB04 DD17 EE02 FF07 GG01 HH22 HH24 KK15

Claims (23)

[Claims] When a user terminal used by a user to which predetermined user identification information is assigned accesses predetermined information, authentication of whether the user terminal is legitimate is performed for each user terminal. An apparatus for performing based on terminal identification information assigned to a user identification information recording unit, wherein the user identification information is recorded, and user identification information of a user who uses the user terminal is received from the user terminal. A user identification information determining unit that compares the received user identification information with the user identification information recorded in the user identification information recording unit and determines whether the user identification information is valid; If it is determined that the identification information is valid, the terminal generates terminal identification information to be recorded in the user terminal and generates the terminal identification information. Terminal identification information generating means for transmitting identification information to the user terminal, terminal identification information recording means for recording the terminal identification information, terminal identification information received when the user terminal accesses predetermined information, and the terminal An authentication unit for comparing the terminal identification information recorded in the identification information recording unit with the terminal identification information to determine whether the terminal identification information is valid; and when the received terminal identification information is valid, An authentication device comprising: a permission unit that permits the access by a user terminal. 2. The terminal identification information recording means, wherein the terminal identification information is recorded in combination with range information indicating a range of information accessible by a user terminal indicated by each terminal identification information, The authentication device according to claim 1, wherein the permission unit is configured to permit access to the user terminal in a range indicated by the range information. 3. The authentication device according to claim 2, wherein the range information includes an access destination address registered in advance for each user terminal. 4. The authentication device according to claim 1, wherein the user identification information includes a set of an ID and a password assigned to each user. 5. The authentication device according to claim 2, wherein the range information is a set of the address and the user identification information. 6. A set of ID and password is associated with one piece of the user identification information, and the set of ID and password is assigned as a general ID and password when the access destination is plural. The authentication device according to claim 1 or 2, wherein 7. The authentication apparatus according to claim 6, further comprising: means for collectively stopping or canceling the use of the general ID and password. 8. A means for holding a program for transmitting the terminal identification information possessed by the user terminal to be authenticated to the user terminal, and means for transmitting the program to the user terminal which has sought authentication. The authentication device according to claim 1, further comprising: 9. The user terminal includes means for recording the program, and the terminal identification information is a function formed by activating the program recorded in the means for recording a program. The authentication device according to claim 8, wherein the authentication device is configured to be transmitted from the user terminal that requests authentication. 10. The authentication device according to claim 1, wherein the user terminal is a portable wireless terminal. 11. A means for recording an e-mail address used by each user in association with the user identification information assigned to each user, and when transmitting the terminal identification information to one user, The e-mail address assigned to the user is read out from the means for recording the e-mail address, and the one user himself performs a predetermined process for causing the e-mail address to transmit the terminal identification information. Means for transmitting an e-mail including information for causing the one user to transmit approval information for confirming whether or not the e-mail has been transmitted, based on the approval information received from the user who received the e-mail. Determining whether or not the one user has performed a predetermined process for executing the transmission of the terminal identification information; When it is determined that the transmission of the identification information is based on the action of the one user himself, the process of collectively suspending and canceling the use of the general ID and password, or the transmission of the terminal identification information is performed by the user. The authentication according to claim 7, further comprising: means for executing one of processes for collectively stopping the use of the general ID and password when it is determined that the use is not based on one user's own action. apparatus. 12. A means for receiving the authentication information transmitted from the user in the form of an e-mail, detecting an e-mail address of a source of the received approval information, and recording the e-mail address and the e-mail address Means for collating with the e-mail address recorded in the means, and processing for collectively suspending and canceling the use of the general ID and password when both e-mail addresses match as a result of the collation, or 12. The authentication apparatus according to claim 11, further comprising: means for executing one of a process of collectively stopping the use of the general ID and password when the email addresses do not match. 13. A means for recording a telephone number of a mobile phone used by each user in association with the user identification information assigned to each user, and said authentication information transmitted from the user in a form of telephone communication. Means for accepting, and detecting the telephone number of the sender of the accepted approval information,
Means for collating the telephone number with the telephone number recorded in the means for recording the telephone number; and, if the collation results in a match, the use of the general ID and password is stopped collectively. Release process, or if the phone numbers do not match,
The authentication device according to claim 11, further comprising: means for executing one of a process of collectively stopping use of D and a password. 14. The information which the user terminal tries to access exists in a predetermined network where security is required, and at least a part of the file has a common content with a file existing outside the network. The authentication device according to any one of claims 1 to 13, wherein the authentication information is recording information of a common file maintained in a storage device. 15. A first server on which information accessible by a user terminal is recorded, and authentication for authenticating whether the user terminal attempting to access the information recorded on the first server is legitimate. The first server retrieves the corresponding information in response to an access from a legitimate user terminal, and transmits the retrieved information to the user terminal that is the source of the access. The authentication device includes: a user identification information recording unit in which predetermined user identification information assigned to a user is recorded; and a user terminal that receives and receives user identification information of a user who uses the user terminal from the user terminal. And compares the user identification information with the user identification information recorded in the user identification information recording means to determine whether the user identification information is valid. User identification information determining means for determining, when the received user identification information is determined to be valid, generating terminal identification information to be recorded on the user terminal and addressing the terminal identification information to the user terminal Terminal identification information generating means for transmitting the terminal identification information, terminal identification information recording means for recording the terminal identification information, and terminal identification information received when the user terminal accesses predetermined information and recorded in the terminal identification information recording means. Authentication means for determining whether the terminal identification information is valid by comparing the terminal identification information with the user terminal, and permitting the access by the user terminal when the received terminal identification information is valid. A network system, comprising: 16. The first server is connected to a second server existing outside the network by a dedicated line or a virtual dedicated line in a network, and the first server and the second server are respectively connected to the first server and the second server. The authentication device has a common file in which at least a part of the record information is maintained in common contents with each other, and the authentication device is a device in which a user terminal that attempts to access the record information of the common file of the first server is legitimate. 16. The network system according to claim 15, wherein authentication is performed to determine whether or not the password is valid. 17. When each of the first server and the second server changes the record information of its own common file, the first server and the second server send difference data before and after the change to the other server, and the first server and the second server transmit the difference data before and after the change. 15. The network system according to claim 14, wherein when receiving the difference data, a copy task for copying the difference data to its own common file is automatically executed. 18. The network system according to claim 16, wherein there are a plurality of said first servers, and said second server is provided corresponding to each of said plurality of first servers. 19. The authentication apparatus records, for each user terminal, data on information transmitted from the first server to the user terminal, the extracting unit extracting information transmitted from the first server to the user terminal. The network system according to claim 15, further comprising: transmission information recording means. 20. Transmission information for generating, by the authentication device, data for displaying transmission information for the user terminal on a display of the user terminal based on the data recorded in the transmission information recording means. The network system according to claim 15, further comprising: a presentation unit. 21. Means for enabling a first server storing information accessible by a user terminal to communicate in a predetermined network, and a user terminal attempting to access said information through said network is valid. An authentication device for performing authentication as to whether or not the first server retrieves the corresponding information in response to an access from a valid user terminal, and transmits the retrieved information to a user who is a source of the access. The authentication device is configured to transmit to the terminal, the authentication device includes a user identification information recording unit in which predetermined user identification information assigned to the user is recorded, and a user of a user who uses the terminal from the user terminal. The identification information is received, and the received user identification information is compared with the user identification information recorded in the user identification information recording means. User identification information determining means for determining whether the user identification information is valid, and generating terminal identification information to be recorded on the user terminal when the received user identification information is determined to be valid Terminal identification information generating means for transmitting the terminal identification information to the user terminal; terminal identification information recording means for recording the terminal identification information; and terminal identification information received when the user terminal accesses predetermined information. Authentication means for comparing information and terminal identification information recorded in said terminal identification information recording means to determine whether or not the terminal identification information is valid; and that the received terminal identification information is valid. A permission unit for permitting the access by the user terminal in a certain case. 22. In a network system in which a first server in which information accessible to a user terminal is recorded in a predetermined network exists, authentication as to whether the user terminal accessing the information is legitimate. An authentication device for performing the authentication is arranged, the user identification information assigned to the user is recorded in advance in the authentication device, and the user identification information of the user who uses the user terminal is received from the user terminal that requested the authentication, and the received authentication information is received. If the user identification information matches any of the already recorded user identification information, the user terminal is determined to be valid, and terminal identification information to be recorded on the user terminal is generated. The terminal identification information is transmitted to the user terminal and recorded, and received when the user terminal accesses predetermined information. The received terminal identification information is compared with the terminal identification information recorded in the own device in advance to determine whether or not the received terminal identification information is valid. A method for authenticating a user terminal in a network system, wherein said access is permitted by the method described above. 23. A first server in which information accessible to a user terminal is recorded in a predetermined network, wherein the first server searches for the information in response to a request from a legitimate user terminal, A computer program for causing a computer provided in a network system that sends out the retrieved information to the user terminal to execute the following processing. (1) a process of recording predetermined user identification information assigned to a user in advance, (2) receiving at least user identification information of a user who uses the user terminal from a user terminal that has requested authentication, and accepting the received user identification information Is determined that the user terminal is legitimate when it matches any of the user identification information already recorded, and processing for generating terminal identification information to be recorded in the user terminal, (3) A process of transmitting and recording the generated terminal identification information to the user terminal, and (4) recognizing the terminal identification information received when the user terminal accesses predetermined information and the terminal identification information already recorded. In contrast,
A process of determining whether the received terminal identification information is valid, and (5) a process of permitting the access by the user terminal when the received terminal identification information is valid.