JP2003242124A - Content management system and content management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a content management system and content management method for comprehensively managing contents stored in a plurality of remote sites including updating contents in a general center, and safely and surely delivering contents of individual sites in response to a user's request according to the instruction from the general center. <P>SOLUTION: The general center has a user authentication means and an access verification means, and a plurality of sites comprises access authentication means and content transmitting means. The general center receives content transmission request information from a user terminal through a network, forms a server access URL after performing the user authentication and access verification, and transmits it to the user terminal. The user terminal transmits the URL to a site, and the site transmits content data to the user terminal after performing the access authentication. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a content management system for managing content and a content management method.

[0002]

2. Description of the Related Art Conventionally, for example, in a large-scale plant such as a nuclear power plant or a tunnel facility in a highway, contents such as specifications and instruction manuals regarding facilities and equipment in a plurality of sites that are geographically separated from each other are not available. , Is stored and managed for each site in the plant. In this case, in the case of a user, for example, in the case of a nuclear power plant, in response to a content transmission request from the management department of an electric power company, the content stored in the plurality of sites is handled differently for each site, and However, it is not always safe from the aspect of information leakage, and user management is complicated across sites, which is a factor of high cost.

[0003]

In the conventional content management system as described above, the management of various contents stored in a plurality of sites on the Web basis is not unified, and the handling method and contents When a delivery request is received, measures against leakage of secrets are not always adequately performed.
If a case occurs in which the content included in the content is known to a person, it may not only be a problem between the parties, but may be a social problem in some cases. Furthermore,
Since each site individually manages the update of the content, there is a problem that the distribution to users is not unified and the cost is high.

The present invention has been made in order to solve such a problem, and comprehensively manages contents stored in a plurality of geographically distant sites, including updated contents, in a centralized center. However, it is an object of the present invention to provide a content management system and a content management method for safely and reliably delivering the content of each site to the user in response to a request from the user according to an instruction from the control center.

[0005]

In a content management system according to the present invention, a user authentication means and an access verification means are provided in a centralized center, and an access authentication means and a content transmission means are provided in a plurality of sites. The centralized center receives the ID and password from the user terminal, performs user authentication and access verification, creates a server access URL, and sends it back to the user terminal. The user terminal sends the URL to the site, This site transmits the content data to the user terminal after the access authentication.

In addition to the above, the centralized center is provided with a signature generation means, and a plurality of sites is provided with a signature verification means. The verification means verifies the signature with the credit and authenticates the access.

In addition to the above, the control center is provided with an encryption means and a plurality of sites with a decryption means, and the control center creates a credit with a digital signature after user authentication and access verification. After the data is encrypted and decrypted by the decryption means of the specified site, the signature is verified and the access is authenticated.

In addition to the above, the centralized center is provided with a common key collaborating means and a common key generating means, and a plurality of sites are provided with a common key collaborating means, and the centralized center encrypts the credit with a digital signature. After generating the common key and encrypting the common key with the common key cooperation means, the key is sent to the specified site, and the common key encrypted with the common key cooperation means at the site is decrypted and signature verification is performed. , Access authentication is performed.

In addition to the above, the centralized center is provided with a time acquisition means, and the common key generation means acquires the current time information from the time acquisition means to generate a common key.

The centralized center is provided with a user authentication means, an access verification means, and a time acquisition means. A plurality of sites are provided with an access authentication means and a content transmission means. The URL for server access after access verification is created, the current time is acquired from the time acquisition means, the expiration date is added to the credit information, and the plurality of sites transmits the content data after access authentication by the URL to the user terminal. is there.

In addition to the above, the centralized center is provided with a time synchronization means, and the plurality of sites are provided with a time acquisition means and a time synchronization means, and the time synchronization means is provided between the centralized center and the plurality of sites. The synchronized time is acquired and the time of the time acquisition means of a plurality of sites is adjusted to the time of the central control center.

The centralized center is provided with a user authentication means, an access verification means, and a content update means, and a plurality of sites are provided with an access authentication means, a content transmission means, and a content registration update means, and a plurality of sites. The content update information transmitted from the outside is updated by the content registration update means to update the content in the site and is also sent to the content update means of the central control center to update the content.

Further, the centralized center is provided with a user authentication means, an access verification means, and a directory / access control management table, and this management table manages contents for each directory.

Further, the access verification means provided in the control center carries out the access verification with the information on the organization to which the user belongs.

Further, the centralized center is provided with a user authentication means, an access verification means, a content update means and a decryption means, and a plurality of sites has an access authentication means, a content transmission means, a content registration update means and an encryption means. The contents registration / update means updates the contents in a plurality of sites with external information, and the contents are encrypted by the encryption means and transmitted to the contents update means of the control center, and the contents in the control center after decryption are provided. Is to be updated.

Further, the centralized center is provided with a user authentication table, a user management table in which user certificates are registered, and an access verification means. The user certificate is installed in the user terminal, and a plurality of sites are accessed. An authentication means and a content transmission means are provided, and the control center performs user authentication and access verification when receiving the user authentication certificate, ID, and password from the user terminal, and after multiple sites access access authentication by the server access URL,
The content data is transmitted to the user terminal.

Further, the centralized center is provided with a user authentication means, an accessible list creation means, and an access verification means, and a plurality of sites are provided with an access authentication means and a content transmission means. At the same time, the accessible list creating means creates an accessible list, and after access verification, the server access U
A plurality of sites by RL transmits content data to the user terminal after access authentication.

In addition to the above, a plurality of sites are provided with content compression means, the centralized center transmits an accessible list after user authentication to the user terminal, and the user terminal selects and accesses a plurality of contents. The URL for server access after access verification is transmitted to the verification means and is transmitted to a plurality of sites, and the plurality of content data are collectively compressed by the content compression means and transmitted to the user terminal.

The content management method according to the present invention has the following steps (1) to (8). (1) The user ID and password are transmitted from the user terminal to the control center via the network, (2) the user authentication means authenticates the user, and the content list is returned to the user terminal. (3) The user terminal selects the necessary content and sends it to the access verification means, and (4) after confirming that the access verification means is accessible content,
(5) A URL for server access is created by combining the URL and the credit information, and the URL is returned to the user terminal. (6) Using the URL, the user terminal issues a request to access authentication means of a plurality of sites, (7) authenticates the URL with credit information, and sends the URL to the content transmission means.
(8) After acquiring the content data, the data is transmitted to the user terminal.

Further, instead of the steps (5) to (8), the following steps (5) to (12) are included. (5) The access verification means transmits the credit information to the signature generation means, and (6) after generating the hash value from the credit information, the center private key is acquired, a digital signature is created, and the credit information with the digital signature is obtained. Reply to access verification means.
(7) The access verification means creates a URL for server access and sends it back to the user terminal, (8) the user terminal uses the URL to issue a request to the access authentication means to a plurality of sites, and (9) the URL The URL is authenticated by the credit information with digital signature, the credit information with digital signature is transmitted to the signature verification means, (10) Hash value 1 is generated from the credit information, the center public key is obtained, and then digitalized with this key. The signature is verified and the hash value 2 is obtained. (1
1) Hash values 1 and 2 are compared, the matching result is returned to the access authentication means, and after authentication, the URL is transmitted to the content transmission means, (12) content data is acquired, and the data is sent to the user terminal. Send.

Further, instead of the steps (7) to (12), the following steps (7) to (13) are included. (7) The access verification means creates a URL for server access, sends the URL to the encryption means, and (8) the encryption means specifies the site and obtains the public key, and the credit with a digital signature is obtained using this public key. Is encrypted and returned to the access verification means. (9) A server access URL encrypted by the encryption means is created and returned to the user terminal, (10) the URL is used, and the user terminal issues a request to the access authentication means of the specified site, (11) The credit information with a digital signature is transmitted to the decryption means, (12) the site private key is acquired, the encrypted credit information with the signature is decrypted, and then the URL is transmitted to the content transmission means. )
The content data is acquired and the data is transmitted to the user terminal.

Further, instead of the steps (8) to (13), the following steps (8) to (13) are included. (8) The encryption means identifies the site, acquires the common key from the common key cooperation means, encrypts the digitally signed credit with this common key, and then returns it to the access verification means. (9) The server access URL Create and reply to the user terminal, (1
0) Using the URL, the user terminal issues a request to the access authentication means of the specified site, and (11) sends the digital signature credit information to the decryption means, (1)
2) A common key is acquired from the common key coordinating means of the specified site, the encrypted signed credit information is decrypted, and then the URL is transmitted to the content transmitting means, and (13) content data is acquired. Then, the data is transmitted to the user terminal.

Further, instead of the steps (8) and (12), the following steps (8) and (12) are included. (8) The encryption means specifies the site, the common key generation means connected to the common key cooperation means generates a common key at the time acquired from the time acquisition means, and transmits this common key to the common key cooperation means. The encrypted common information is encrypted, and the credit information with a digital signature is encrypted and returned to the access verification means. (12) The decryption means decrypts the encrypted credit information with signature using the common key, and then returns it to the access authentication means and sends the URL to the authenticated content transmission means.

Further, instead of the step (5) of [0019] described above, the following step (5) is included. (5) A URL for server access is created by combining the URL and credit information, the current time is acquired from the time acquisition means, the credit information is added with an expiration date, and then returned to the user terminal.

Further, instead of the step (5), the following step (5) is included. (5) A URL for server access is created by combining the URL and credit information, and the current time is acquired from the time acquisition means to add an expiration date to the credit information. After synchronizing the time with and, reply to the user terminal.

The steps (1) to (8) of [0019] described above are referred to as steps (2) to (9), and the following steps are added to form step (1). (1) The content updating means of the plurality of sites updates the content of the plurality of sites with the content update information transmitted from the outside, and also updates the content of the central control center.

Further, instead of the step (1), the following step (1) is included. (1) The directory access control management table in the centralized center manages individual contents for each directory.

Further, instead of the step (4) of [0019] described above, the following step (4) is included. (4) The access verification means confirms that the content is accessible based on the organization information to which the user belongs,

The steps (1) to (8) of [0019] described above are set as steps (3) to (10), and the following steps are added to form steps (1) and (2). Is. (1) The content update means of the plurality of sites updates and encrypts the content of the plurality of sites by the content update information transmitted from the outside, and transmits the encrypted content to the content update means of the central control center. (2) The content is decrypted by the decryption means in the control center.

The steps (1) to (8) of [0019] described above are referred to as steps (2) to (9), and the following steps are added to form step (1). (1) The centralized center issues a user certificate, registers it in the user management table, and installs the user certificate in the user terminal.

Further, the following step (2) is provided instead of the step (2) of [0019] described above. (2) The user authenticating unit authenticates the user, creates the accessible list by the accessible creating unit, and returns information including the accessible content list to the user terminal.

Further, instead of the steps (3) and (8), the following steps (3) and (8) are included. (3) The user terminal selects a plurality of necessary items from the accessible list, and (8) after the content transmission unit acquires the plurality of content data, the plurality of content data are collectively compressed by the content compression unit, and the user terminal Send to.

[0033]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiment 1. Hereinafter, the content management system according to the first embodiment of the present invention will be described with reference to the drawings and flowcharts. In the content management system shown in FIG. 1, a user terminal 100, a control center 200, and servers 500 at a plurality of sites are connected via the Internet 1. The centralized center 200 has a user authentication means 21, an access verification means 22, and a user management table 2.
3, an access control management table 24 and a content management table 25 are provided, and the servers 5 of a plurality of sites are provided.
00 is an access authentication means 51 and a content transmission means 5
2, content data 53, content management table 5
4 are provided. 2 and 3 show the content management flow, and the "user authentication flow" shown in FIGS.
The procedure of content management according to the first embodiment will be described with reference to "access verification flow", "access authentication flow", and "content transmission flow". (1) From the user terminal 100 (browser) to the control center 2
The user ID and password are transmitted to the user authentication means 21 on the 00 side. (2) The user authentication means 21 refers to the user management table 23 registered in advance on the centralized center 200 side, and if the user and password are valid, the user is authenticated and an identifier including user information and login time ( The session ID) and the content list managed by the control center 200 are returned to the user terminal 100. (3) The user terminal 100 transmits the content name and session ID to the access verification means 22 on the control center 200 side by selecting the content to be referenced from the content list. (4) The access verification unit 22 refers to the access control management table 24 that associates the content with the accessible user, and confirms that the content is accessible. (5) The access verification unit 22 refers to the content management table 25 that associates the content with the URL,
Get the URL. The URL and credit information (OK if accessible, otherwise NG, information including user ID, center ID, etc.) are combined to create a URL for server access to the site, and the URL is returned to the user terminal 100. (6) The user terminal 100 uses the received URL for server access to issue a request to the access authentication means 51 on the side of the plurality of sites 500. (7) The access authentication means 51 is a server access UR
L is divided into credit information and data URL. (8) Based on the credit information, the access authentication means 51 determines that the server access URL has been correctly sent from the center 200 and is an accessible content, and authenticates it. (9) After the authentication is completed, the access authentication means 51 passes the URL to the content transmission means 52. (10) The content transmission unit 52 uses the content management table 5 that associates the URL with the content storage location.
4, the storage location in the content data 53 is acquired. The content information is acquired from the content data 53 and returned to the user terminal 100. As described above, according to the first embodiment, the content data that is distributed and stored in the servers 500 at a plurality of sites requested to be sent from the user terminal 100 is stored in the central center 20.
Since it is a system that transmits to the user terminal 100 under the control of 0, the centralized center 200 can reliably manage the information of each user.

Embodiment 2. Next, FIG. 4 shows the main part of the management system according to the second embodiment of the present invention, and FIG. 5 shows the main part of the management flow. In addition, this Embodiment 2
In addition to the third to fourteenth embodiments to be described below, FIG. 1 shown in the first embodiment is used as a basic configuration diagram, and various constituent elements are added to this FIG. That is, the centralized center 200 and the site 500 of FIG. 4 have the signature generation means 26, the private key storage 27, the signature verification means 55 and the public key table 56 in the basic configuration diagram shown in FIG. 1 of the first embodiment. Other means not shown in FIG. 4, such as the user authenticating means 21 in the centralized center 200 and the content transmitting means 52 in the site server 500, are not shown. The content management procedure by the content management system of the second embodiment is to replace the procedures 1 and 8 of the above-described embodiment as follows. That is, the following procedure (5-1) to (5-7) is performed instead of the procedure (5) of 1. (5-1) The access verification means 22 is the signature generation means 26.
Send credit information to. (5-2) The signature generation means 26 generates a hash value (digest value) from the credit information. (5-3) The signature generation means 26 acquires the center private key stored in the private key storage 27. (5-4) The signature generation means 26 creates a digital signature from the center private key and hash value. (5-5) The signature generation means 26 adds a digital signature to the credit information. (5-6) The signature generation means 26 returns the credit information with digital signature to the access verification means 22. (5-7) The access verification means 22 determines the content and the UR.
The URL is acquired by referring to the content management table 25 associated with L. A URL for server access is created by combining the URL and the credit information, and the user terminal 100
Reply to. Further, the following procedures (8-1) to (8-6) are performed instead of the procedure (8) of the first embodiment described above. (8-1) The access authentication means 51 has the signature verification means 55.
Send credit information with digital signature to. (8-2) The signature verification means 55 generates a hash (digest value) value 1 from the credit information. (8-3) The signature verification means 55 acquires the center public key stored in the public key table 56. (8-4) The signature verification unit 55 verifies the digital signature with the center public key and obtains the hash value 2. (8-5) The signature verification unit 55 returns the comparison result of the hash value 1 and the hash value 2 to the access authentication unit 51. (8-6) The access authentication unit 51 authenticates the signature based on the hash value matching result. In other words, the procedure of the content management system according to the second embodiment is the same as the procedure (1)-(4) described in the first embodiment, and then the steps (5-1)-(5-).
7), then steps 6 and 7 of the first embodiment, then (8-1) to (8-6), and finally steps 9 and 10 of the first embodiment. Is. As described above, the content management system according to the second embodiment has a function of preventing falsification during network communication by digitally signing the credit information with the center private key.

Embodiment 3. FIG. 6 shows the main part of the management system of the third embodiment, and FIG. 7 shows the main part of the management flow. Note that FIG. 6 of the third embodiment is basically the same as the above-described second embodiment (unless otherwise described below) unless the basic contents management system shown in FIG. In addition to FIG. 4 shown in the second embodiment, the encryption means 28 and the public key management table 29 are provided in the centralized center 200 in the server 500 at the site as shown in FIG. A decryption means 57 and a private key storage 58 are additionally provided. The content management procedure according to the third embodiment is the same as the above-described procedure (5-1) to (5-) of the second embodiment.
Instead of 7), the following procedures (5-1) to (5-12)
And (5-1) The access verification means 22 is the signature generation means 26.
Send credit information to. (5-2) The signature generation means 26 generates a hash value from the credit information. (5-3) The signature generation means 26 acquires the center private key stored in the private key storage 27. (5-4) The signature generation means 26 creates a digital signature from the center private key and hash value. (5-5) The signature generation means 26 adds a digital signature to the credit information. (5-6) The signature generation means 26 returns the credit information with digital signature to the access verification means 22. (5-7) The access verification means 22 determines the content and the UR.
The URL is acquired by referring to the content management table 25 associated with L. A URL for server access is created by combining the URL and credit information. (5-8) The access verification means 22 sends the URL for server access to the encryption means 28. (5-9) The encryption unit 28 identifies the destination site 500 based on the server URL. (5-10) The encryption means 28 uses the public key management table 2
The server public key specified from 9 is acquired. (5-11) The encryption means 28 encrypts the credit information with digital signature with the server public key. (5-12) The encryption unit 28 returns the encrypted credit-signed credit information to the access verification unit 22, and the access verification unit 22 returns the server access URL to the user terminal 100. Further, the following procedure (6) is used instead of the procedure (6) of the second embodiment. (6) The user terminal 100 uses the received server access URL to issue a request to the access authentication means 51 of the specified site. Further, the following procedures (8-1) to (8-9) are used instead of the procedures (8-1) to (8-6) of the second embodiment described above. (8-1) The access authentication means 51 has the signature verification means 55.
Send credit information with digital signature to. (8-2) The signature verification means 55 generates the hash value 1 from the credit information. (8-3) The signature verification means 55 acquires the center public key stored in the public key table 56. (8-4) The signature verification unit 55 verifies the digital signature with the center public key and obtains the hash value 2. (8-5) The signature verification unit 55 returns the comparison result of the hash value 1 and the hash value 2 to the access authentication unit 51. (8-6) The access authentication means 51 transmits the encrypted signed credit information to the decryption means 57. (8-7) The decryption means 57 acquires the server private key stored in the private key storage 58. (8-8) The decryption means decrypts the encrypted signed credit information with the server private key. (8-9) The decryption unit 57 sends back the decrypted signed credit information to the access authentication unit 51 for authentication. That is, the procedure of the third embodiment is the same as the procedure (1) to (4) shown in the second embodiment, and then the steps (5-1) to (5-
12), then the procedure (6) of the second embodiment is replaced by the above (6), followed by (7) of the second embodiment, and the above (8-1) to (8-9). It is constructed in the order of steps 9 and 10 of form 2. As described above, the content management system according to the third embodiment, in addition to the second embodiment, encrypts the credit information with the server public key to provide the confidential function to the server of the site,
It has a function to prevent wiretapping.

Fourth Embodiment FIG. 8 shows the main part of the management system of the fourth embodiment, and FIG. 9 shows the main part of the management flow. This Embodiment 4 is the same as Embodiment 3 described above.
In addition to FIG. 6, the common key cooperation means 31 is additionally provided in the centralized center 200 and the common key cooperation means 59 is additionally provided in the server 500 of the site as shown in FIG. The content management procedure according to the fourth embodiment is the following procedures (5-1) to (5-11) instead of the procedures (5-1) to (5-12) of the third embodiment. . (5-1) The access verification means 22 is the signature generation means 26.
Send credit information to. (5-2) The signature generation means 26 generates a hash value from the credit information. (5-3) The signature generation means 26 acquires the center private key stored in the private key storage 27. (5-4) The signature generation means 26 creates a digital signature from the center private key and hash value. (5-5) The signature generation means 26 adds a digital signature to the credit information. (5-6) The signature generation means 26 returns the credit information with digital signature to the access verification means 22. (5-7) The access verification means 22 determines the content and the UR.
The URL is acquired by referring to the content management table 25 associated with L. A URL for server access is created by combining the URL and credit information. (5-8) The access verification means 22 sends the URL for server access to the encryption means 28. (5-9) The encryption unit 28 acquires the common key from the common key cooperation unit 31. (5-10) The encrypting unit 28 encrypts the signed credit information with the common key. (5-11) The encryption unit 28 returns the encrypted signed credit information to the access verification unit 22, and the access verification unit 22 returns the server access URL to the user terminal 100. In addition, the procedure (8-1) to the third embodiment described above
Instead of (8-9), the following (8-1) to (8-9) are used. (8-1) The access authentication means 51 has the signature verification means 55.
Send credit information with digital signature to. (8-2) The signature verification means 55 generates the hash value 1 from the credit information. (8-3) The signature verification means 55 acquires the center public key stored in the public key table 56. (8-4) The signature verification unit 55 verifies the digital signature with the center public key and obtains the hash value 2. (8-5) The signature verification unit 55 returns the comparison result of the hash value 1 and the hash value 2 to the access authentication unit 51. (8-6) The access authentication means 51 transmits the encrypted signed credit information to the decryption means 57. (8-7) The decryption unit 57 acquires the common key from the common key cooperation unit 59. (8-8) The decryption means 57 decrypts the encrypted signed credit information with the common key. (8-9) The decryption unit 57 sends back the decrypted signed credit information to the access authentication unit 51 for authentication. That is, the procedure of the fourth embodiment is the same as the procedure (1) to the procedure (4) described in the third embodiment, and is the same as (5-1) to (5-1).
1), then steps 6 and 7 of the third embodiment, then the steps (8-1) to (8-9), and finally steps 9 and 10 of the third embodiment. is there. As described above, in the content management system according to the fourth embodiment, in addition to the third embodiment, a common key is created by the centralized center 200, and the common key is linked by the common key linking means 31, 59.
00 and the server 500 of the site are linked, and the credit information is encrypted with this common key, which enables a high-speed request. The common key cooperating means 31 and 59 of the centralized center 200 and the server 500 of the site share the common key by the following procedures (A) to (C). Further, FIG. 10 shows a flow between those constituent elements. (A) The common key generation means 30 of the center 200 generates a common key. (A) The common key cooperation means 31 of the center acquires and holds the common key from the common key generation means 30. (C) The common key cooperating means 31 of the center acquires the server public key of the transmission destination from the public key management table 29. (D) The common key cooperation means 31 of the center encrypts the common key with the server public key of the transmission destination. (E) The common key cooperation means 31 of the center sends the encrypted common key to the common key cooperation means 59 of the site. (Power) Repeat (c) and (d) for the number of sites. (G) The common key cooperation means 59 of the site receives the encrypted common key. (H) The common key cooperation means 59 of the site is the secret key storage 5
Obtain the server secret key from 9. (X) The site common key cooperation means 59 decrypts the common key encrypted with the server private key. The common key cooperation means 59 of the (co) site holds a common key.

Embodiment 5. FIG. 11 shows the main part of the management system according to the fifth embodiment. In addition to the configuration shown in FIG. 8 of the fourth embodiment, the fifth embodiment has a time acquisition means 32 additionally provided in the centralized center 200 as shown in FIG. The content management procedure according to the fifth embodiment is the following procedure (5-9) instead of the procedure (5-9) of the fourth embodiment. (5-9) The encryption unit 28 acquires and encrypts the common key at the time that the common key cooperation unit 31 has acquired from the time acquisition unit 32 by the common key generation unit 30. Further, the following procedure (8-7) is used instead of the procedure (8-7) of the fourth embodiment described above. (8-7) The decryption means 57 acquires the encrypted common key from the common key cooperation means 59. In other words, the procedure of the fifth embodiment is the same as the procedure 1 to 4 shown in the fourth embodiment, the procedure (5-1) to (5-8) of the fourth embodiment, and then the procedure described above. (5-
9), followed by steps (5-10) to (5) of the fourth embodiment.
-11), and then steps 6, 7 (8-1) of the fourth embodiment.
(8-6), followed by the procedure of (8-7), then the procedures (8-8) and (8-9) of the fourth embodiment, and finally the procedures 9 and 10 of the fourth embodiment. It is built in order. As described above, in the content management system according to the fifth embodiment, in addition to the above-described fourth embodiment, common key generation and cooperation are carried out at the time when the information is acquired, so that higher security is possible.

Sixth Embodiment FIG. 12 shows the main part of the management system of the sixth embodiment, and FIG. 13 shows the main part of the management flow. In the sixth embodiment, a time acquisition means 32 is added to the access verification means 22 in the control center 200 shown in FIG. 1 of the first embodiment.
The procedure of content management according to the sixth embodiment is the following procedure (5) instead of the procedure (5) of the first embodiment described above. (5) The access verification unit 22 refers to the content management table 25 in which the content and the URL are associated with each other, and
Get L. The URL and the credit information are combined to create a server access URL for the site, the current time is acquired from the time acquisition means 32, and the credit information is added to the expiration date and returned to the user terminal 100. As described above, the content management system according to the sixth embodiment can prevent reuse of past credit information and maintain higher security by adding the expiration date of use to the credit information.

Embodiment 7. FIG. 14 shows the main part of the management system according to the seventh embodiment. In the seventh embodiment, the time synchronization means 33 is provided in the access verification means 22 and the content transmission means 52 is provided in the site server 500 in the control center 200 shown in FIG.
And a time synchronization means 62 is added. The procedure of content management according to the seventh embodiment is the following procedure (5) instead of the procedure (5) of the sixth embodiment described above. (5) The access verification unit 22 refers to the content management table 25 in which the content and the URL are associated with each other, and
Get L. A URL for accessing the server of the site is created by combining the URL and the credit information, the current time is acquired from the time acquisition means 33, an expiration date is added to the credit information, and the time synchronization means 33, 62 further causes the centralized center to operate. 200 and the servers 500 of a plurality of sites acquire the synchronized time, and the time of the time acquisition means 61 of the server 500 of the plurality of sites is set to the control center 20.
After setting the time of the time acquisition means 32 to 0, the reply is sent to the user terminal 100. As described above, in the content management system according to the seventh embodiment, the centralized center 200 and the plurality of sites 500 are time-synchronized, so that a more accurate expiration date of use is possible.

Embodiment 8. FIG. 15 shows the main part of the management system of the eighth embodiment, and FIG. 16 shows the main part of the management flow. In the eighth embodiment, the content updating means 33 is provided in the access verifying means 22 in the control center 200 shown in FIG. 1 of the first embodiment, and the content registration updating means 63 is provided in the content transmitting means 52 in the server 500 of the site. Is added. The content registration / update means 63 performs registration of new content, deletion of old content, etc. with respect to the content data 53 and the content management table 54 on the server 500 side of the site, and according to the update information transmitted from the center 20.
The content update means 33 updates the access control table 24 and the content management table 25 in 0. Here, the content information such as new / updated / deleted is, for example, C
It is passed as an external storage such as a D-ROM. Then, the content registration update means 63 on the server 500 side of the site
At the same time as copying the contents in the external storage to the contents data 53 and the contents management table 54,
The content registration update unit 63 internally stores the update status of each content as update information. CD-RO
When the processing of all the contents in M is completed, the content registration update means 63 sends the content update information stored therein to the content update means 33 on the side of the center 200. The content updating means 33, based on the sent update information, has its own internal content management table 2
5 and the access control management table 24 are updated. The procedure of content management by the content management system of the eighth embodiment having such a configuration is as follows at the beginning of the procedures (1) to (8) of the first embodiment described below.
1) is added. (-1) The content registration update means 63 of the servers 500 of a plurality of sites registers the content data 53 and the content management table 54 with the content update information transmitted from the outside of the site, and the update information is stored in the centralized center 200. It transmits to the content update means 33, and updates the content management table 25 and the access control management table 24 based on the update information. In this way, the content management system according to the eighth embodiment can link the update information between the centralized center 200 and the site server 500 when the content on the server 500 side of the site is updated.

Ninth Embodiment FIG. 17 shows the main part of the management flow of the management system of the ninth embodiment. In the ninth embodiment, a directory access control management table is used instead of the access control management table 24 in the control center 200 shown in FIG. 1 of the first embodiment. The name of each content is, for example, '
It is divided by a symbol such as / '. As an example, as shown in FIG. 17, ccc. pdf is DIR1 / ccc. It is described as pdf. By managing the individual contents for each directory in this directory / access control management table, the search time of the access control management table is reduced. The content management procedure according to the ninth embodiment is as follows.
Instead of the access control management table in the procedure (4) of the first embodiment, the directory access control management table is used as described above. Other than this, it is the same as the steps (1) to (8) of the first embodiment.

Embodiment 10. FIG. 18 shows the management system of the tenth embodiment, and FIG. 19 shows the main part of the management flow. The tenth embodiment differs from the first embodiment in the following points. That is, after user authentication is performed with the user ID and password, at the time of access verification,
The access verification unit 22 refers to the user management table 23 and acquires the job system corresponding to the user ID. The access verification unit 22 refers to the access control management table 24 and confirms that the content is accessible based on the acquired job system. The procedure of content management according to the tenth embodiment is the following procedure (4) instead of the procedure (4) of the first embodiment. (4) The access verification unit 22 refers to the access control management table 24 that associates the content with the accessible office system, and compares it with the office system information to which the user belongs to confirm that the content is accessible. Check. As described above, the content management system according to the tenth embodiment has the directory format in which the job management information of the user is added to the user management table 23, and the cooperation between the user information and the access control management table 23 can be simplified and speeded up. .

Eleventh Embodiment FIG. 20 shows the main part of the management flow of the eleventh embodiment. In the eleventh embodiment, the content update information from the server 500 at the site shown in the eighth embodiment to the centralized center 200 is encrypted with a public key and a secret key. In addition, this Embodiment 1
The illustration of the content management system diagram of No. 1 is omitted, and the description is given in the main part of the management flow. That is, the procedure of content management by the content management system according to the eleventh embodiment is the same as the procedure (1) to (8) according to the eighth embodiment.
The following procedure (-2) and (-1) is used instead of the procedure (-1) added at the beginning of the procedure. That is, the procedure of the eleventh embodiment is the procedure of (-2) and (-1) below, followed by (1) to (8) shown in the eighth embodiment. (-2) While the content registration update means 63 of the servers 500 of the plurality of sites registers the content data 53 and the content management table 54 by the content update information transmitted from outside the site, the server 50 of the site.
Content update information is encrypted with the server public key of the public key management table 29 provided in
It is transmitted to the content updating means 33 within 0. (-1) The transmitted decryption means 28 in the control center 200 decrypts the transmitted content update information with a secret key, and updates the content management table and the access control management table based on the information. As described above, the content management system according to the eleventh embodiment is configured such that the server 500 on the site operates the central control center 200.
By encrypting the content update information to the center public key, it has a confidential function, and it is possible to prevent tampering with update information and wiretapping.

Twelfth Embodiment FIG. 21 shows a management system according to the twelfth embodiment. The twelfth embodiment is obtained by adding the following to the first embodiment. That is,
At the time of user registration, the centralized center 200 side issues a user certificate and registers it in the user management table 23. The user certificate is installed on the user terminal 100. This user terminal 100 (browser) is installed on the centralized center 200 side. The user authentication means 21 is accessed to send the user ID, password and certificate. User authentication means 21
Refers to the user management table 23, and returns an identifier (session ID) including user information and login time and a content list to the user terminal 100 if the user is a valid user, a password, and a user certificate. In the content management procedure of the twelfth embodiment, the following procedure (-1) is added to the beginning of the procedures (1) to (8) of the first embodiment. (-1) The centralized center 200 issues a user certificate and registers it in the user management table 23, and at the same time, the user terminal 1
00 to install the user certificate. Further, the following procedures (1) and (2) are used instead of the procedures (1) and (2) of the first embodiment. (1) From the user terminal 100 (browser) to the control center 2
The user ID, the password, and the user certificate are sent to the user authentication means 21 on the 00 side together with the information requesting the content list. (2) The user authentication unit 21 refers to the user management table 23 registered in advance on the centralized center 200 side, and if the user is a valid user and password and the user authentication certificate, authenticates the user, and then user information and login. An identifier (session ID) including time and a content list managed by the control center 200 are returned to the user terminal 100. In the content management system according to the twelfth embodiment, by installing the authentication certificate of each user in the user terminal 100, the user authentication means 21 performs authentication by the user authentication certificate in addition to the user authentication of the user ID + password. Is possible.

Thirteenth Embodiment FIG. 22 shows a management system diagram of the thirteenth embodiment, and FIG. 23 shows a main part of the management flow. The thirteenth embodiment is obtained by adding the following to the first embodiment. That is, as shown in FIG. 22, accessible list creating means 34 in the centralized center 200.
The hash value creating means 35 is provided, and after the user authentication is performed, the user authenticating means 21 passes the user ID to the accessible list creating means 34. The accessible list creating means 34 refers to the access control management table 24, acquires all the content names accessible by the user, and obtains the content name and the hash value (created by the hash value creating means 35 from the content name and the random number value). An associated accessible list is created and returned to the user authentication means 21. The user authentication means 21 that has received the reply uses the session I
D and the accessible list are returned to the user terminal 100. The user terminal 100 transmits the content name and session ID to the access verification means 22 on the centralized center 200 side by selecting the content to be referenced from the accessible list. If the hash value corresponding to the content name is correct, the access verification means 22 that has received this refers to the content management table 25 to determine the URL.
To get. A URL for server access is created by combining the URL and the credit information, and the URL is returned to the user terminal 100. The content management procedure of the thirteenth embodiment is the following procedures (2) and (3) in place of the procedures (2) and (3) of the first embodiment. (2) The user authenticating means 21 refers to the user management table 23 registered in advance on the centralized center 200 side, and if the user is a valid user and password, authenticates the user and accesses the accessible list creating means 34. An available list is created and an identifier (session ID) including user information and login time and the accessible list are returned to the user terminal 100. (3) The user terminal 100 selects the content to be referenced from the accessible list, and transmits the content name and session ID to the access verification means 22 on the centralized center 200 side. In the content management system according to the thirteenth embodiment, since the list of accessible contents and the user terminal 100 are sent in advance when the user authentication is completed, the user requests only the accessible information,
The subsequent procedure by the access verification means 22 will be simplified.

Fourteenth Embodiment FIG. 24 shows a management system diagram of the fourteenth embodiment, and FIG. 25 shows a main part of the management flow. In the fourteenth embodiment, as shown in FIG. 24, the content compression means 64 is additionally provided in the server 500 of the site in the thirteenth embodiment, and the following operations (A) to (K) are added. Is. That is, (a) By means similar to those shown in the thirteenth embodiment,
The accessible list is received by the user terminal 100 side. (A) The user terminal 100 selects a plurality of contents to be referenced from the accessible list, thereby obtaining a plurality of content names and session IDs in the central control center 200.
It is transmitted to the access verification means 22 on the side. (C) The access verification unit 22 confirms the session ID and, if the session ID is valid, refers to the content management table 25 and acquires a plurality of URLs. Multiple U
A URL for server access is created by combining the URL including the RL information and the credit information, and the URL is returned to the user terminal 100. (D) The user terminal 100 uses the received server access URL to issue a request to the access authentication means 51 on the server 500 side of the site. (E) The access authentication means 51 is a server access UR
L is divided into credit information and data URL. (F) The access authentication means 51 determines, based on the credit information, that the server access URL has been correctly sent from the control center 200 and that the content is accessible, and authenticates. (G) After the authentication is completed, the access authentication means 51 passes the URL to the content transmission means 52. (H) The content transmission means 52 uses the URLs as a plurality of URs.
It is divided into L and the storage location corresponding to each URL is acquired from the content management table 54. (K) The content transmission means 52 uses the content data 5
A plurality of content data are acquired from within 3. (C) The content transmission means 52 collectively compresses a plurality of content data by the content compression means 64,
Reply to the user terminal 100. The content management procedure of the fourteenth embodiment is as follows.
The following procedure (10) is performed instead of the procedure (10) of the thirteenth embodiment described above. (10) The content transmission unit 52 uses the content management table 5 that associates the URL with the content storage location.
4, the storage location in the content data 53 is acquired. A plurality of pieces of content information are acquired from the content data 53, are collectively compressed by the content compression means 64, and are returned to the user terminal 100. In the content management system according to the fourteenth embodiment, the user terminal 100 can specify a large number of contents at the time of request and can send back contents in the archive + compressed format.

The present invention is not limited to the above-mentioned embodiments, and it goes without saying that some of the above-mentioned embodiments may be combined.

[0048]

Since the present invention employs the management system as described above, it has the following effects.

In the content management system, the user terminal, the control center, and a plurality of sites are connected via a network, and the content transmitted between these is managed. The control center has a user authentication means and an access verification means. However, an access authentication means and a content transmission means are provided at a plurality of sites, and when the centralized center receives a content transmission request from a user terminal, after performing user authentication and access verification, a server access URL is created. It is a system and management method in which the user terminal sends the URL to the site, and the plurality of sites sends the content data to the user terminal after the access authentication, so that the control center ensures the information of each user. It has an excellent effect of being able to grasp and manage it.

In addition to the above, the centralized center is provided with a signature generation means, and a plurality of sites is provided with a signature verification means. Is a system and a management method for verifying a signature by the above-mentioned credit and for performing access authentication, and thus has an excellent effect that it is possible to prevent falsification during network communication.

In addition to the above, the control center is provided with an encryption means, and a plurality of sites is provided with a decryption means. Similarly, after the user authentication and access verification, the control center creates a credit with a digital signature. Since it is a system and management method that encrypts the data with the specified site and decrypts the specified site by verifying the signature after decryption and performing the access authentication, it is possible to prevent data sniffing by providing a confidential function. Play.

Further, in addition to the above, the centralized center is provided with a common key coordinating means and a common key generating means, and a plurality of sites are provided with a common key coordinating means for encrypting a credit with a digital signature to obtain a common key. A system for encrypting a common key by the generated common key cooperation means and then transmitting the key to the specialized site, and for decrypting the common key encrypted by the common key cooperation means at the site and for performing signature verification and access authentication, and Since it is a management method, the centralized center and the site server are linked by a common key linking means, and the credit information is encrypted with the common key. In addition to the above effects, the excellent effect of enabling high-speed requests is achieved. Play.

Further, in addition to the above, the centralized center is provided with time acquisition means, and the common key generation means acquires the current time from the time acquisition means to generate a common key. Since it is a system and a management method that can be executed periodically and the common key can be changed successively, it has an excellent effect of enabling higher security.

After authentication and verification by the user authentication means and access verification means provided in the control center, a server access URL is created, the current time is acquired from the time acquisition means, and an expiration date is added to the credit information. Since the plurality of sites are the management system and method for transmitting the content data after the access authentication to the user terminal, it has an excellent effect that the past credit information cannot be reused and high security is enabled.

In addition to the above, the centralized center is provided with a time synchronization means, and the plurality of sites are provided with a time acquisition means and a time synchronization means to acquire the synchronized time between the centralized center and the plurality of sites. Since the management system and method match the times of the time acquisition means of a plurality of sites with the times of the centralized center, the excellent effect of enabling more accurate expiration date management is achieved.

Further, a content updating means is added to the centralized center and a content registration updating means is added to a plurality of sites, and the content update information transmitted from outside the site is used to update the content by the content registration updating means. Since the system and the management method are for transmitting to the content updating means of the centralized center and updating the content, when the content on the server side of the site is updated, the excellent effect of linking the update information between the centralized center and the site Play.

Furthermore, a directory /
The access control management table is added to the system and the management method for managing the contents for each directory. Therefore, it is possible to simplify the access control management table and speed up the access verification.

Further, the access verification means of the control center is
Since this is a system and a management method for verifying access based on the organization information to which the user belongs, it is possible to simplify the cooperation between the user information and the access control management table, and achieve the excellent effect of enabling faster content management.

Further, a decryption means is added to the centralized center, and a content registration update means and an encryption means are added to a plurality of sites. The contents of a plurality of sites are updated with external information and encrypted. It is a system and management method that sends to the control center and updates the content of the control center after decryption. Therefore, by encrypting the content management information from the site to the control center, a confidential function is provided, and data tampering + wiretapping It has the excellent effect of preventing

A user management table in which a user certificate is registered is added to the central center, the user certificate is installed in the user terminal, and the user authentication is performed when the central center receives information including the user certificate. Since it is a system and management method for performing the above, it has an excellent effect of ensuring user authentication.

Further, since the centralized center is provided with an accessible list creating means and has a system and a management method for creating an accessible list, a list of accessible contents is sent to the content transmitting means in advance when user authentication is completed. By doing so, there is an excellent effect that access verification can be simplified.

Content compression means is added to the plurality of sites. The user terminal selects a plurality of contents and transmits them to the site, and the content is compressed by the compression means into a plurality of content data, and the user terminal is compressed. Since it is a system and a management method for transmitting a plurality of contents, it has an excellent effect that a plurality of contents can be requested.

[Brief description of drawings]

FIG. 1 is a diagram of a content management system according to a first embodiment of the present invention.

FIG. 2 is a content management flow chart according to the first embodiment of the present invention.

FIG. 3 is a content management flow chart according to the first embodiment of the present invention.

FIG. 4 is a diagram showing a main part of a content management system according to a second embodiment of the present invention.

FIG. 5 is a diagram showing a main part of a content management flow according to the second embodiment of the present invention.

FIG. 6 is a diagram showing a main part of a content management system according to a third embodiment of the present invention.

FIG. 7 is a diagram showing a main part of a content management flow according to the third embodiment of the present invention.

FIG. 8 is a diagram showing a main part of a content management system according to a fourth embodiment of the present invention.

FIG. 9 is a diagram showing a main part of a content management flow according to the fourth embodiment of the present invention.

FIG. 10 is a diagram showing a flow between constituent elements showing that the common key cooperating means according to the fourth embodiment of the present invention shares a common key.

FIG. 11 is a diagram showing a main part of a content management system according to a fifth embodiment of the present invention.

FIG. 12 is a diagram showing a main part of a content management system according to a sixth embodiment of the present invention.

FIG. 13 is a diagram showing a main part of a content management flow according to the sixth embodiment of the present invention.

FIG. 14 is a diagram showing a main part of a content management system according to a seventh embodiment of the present invention.

FIG. 15 is a diagram showing a main part of a content management system according to an eighth embodiment of the present invention.

FIG. 16 is a diagram showing a main part of a content management flow according to the eighth embodiment of the present invention.

FIG. 17 is a diagram showing a main part of a content management flow according to the ninth embodiment of the present invention.

FIG. 18 is a diagram showing a content management system according to a tenth embodiment of the present invention.

FIG. 19 is a diagram showing a main part of a content management flow according to the tenth embodiment of the present invention.

FIG. 20 is a diagram showing a main part of a content management flow according to the eleventh embodiment of the present invention.

FIG. 21 is a diagram of a content management system according to a twelfth embodiment of the present invention.

FIG. 22 is a diagram of a content management system according to a thirteenth embodiment of the present invention.

FIG. 23 is a diagram showing a main part of a content management flow according to the thirteenth embodiment of the present invention.

FIG. 24 is a diagram of a content management system according to a fourteenth embodiment of the present invention.

FIG. 25 is a diagram showing a main part of a content management flow according to the fourteenth embodiment of the present invention.

[Explanation of symbols]

1 internet, 21 user authentication means, 22 access verification means, 23 user management table, 24 access control management table, 25 content management table, 26 signature generation means, 27 private key storage, 28
Encryption means, 29 public key management table, 30 common key generation means, 31 common key cooperation means, 32 time acquisition means, 33 time synchronization means, 34 accessible list creation means, 35 hash value creation means, 51 access authentication means, 52 content transmission means, 53 content data, 54 content management table, 55 signature verification means, 56 public key table, 57 decryption means, 5
8 secret key storage, 59 common key cooperation means, 60 secret key storage, 61 time acquisition means, 62 time synchronization means,
63 content registration update means, 64 content compression means, 100 user terminals, 200 control center, 50
0 site.

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Shin Hasegawa             2-3 2-3 Marunouchi, Chiyoda-ku, Tokyo             Inside Ryo Electric Co., Ltd. F-term (reference) 5B085 AE02 AE03 AE29 BA06 BG02                       BG03 BG07                 5J104 AA07 AA09 EA26 GA03 JA03                       NA02 NA05 NA12

Claims (28)

[Claims] 1. A content management system in which a user terminal, a centralized center, and a plurality of sites are connected via a network and manages contents transmitted between them, wherein the centralized center has a user authentication means and a user authentication means. Access verification means is provided, access authentication means and content transmission means are provided at the plurality of sites, the centralized center receives an ID and a password from the user terminal, and the user authentication means performs user authentication. And the access verification means performs access verification and
A server access URL for a site is created by combining the RL and credit information and transmitted to the user terminal, the user terminal transmits the server access URL to the plurality of sites, and the access of the plurality of sites is performed. The content management system, wherein the authentication means performs access authentication based on the credit information, and the content transmission means acquires the content data and then transmits the content data to the user terminal. 2. A content management system in which a user terminal, a centralized center, and a plurality of sites are connected via a network, and manages content transmitted between them, wherein the centralized center has a user authentication means. An access verification unit and a signature generation unit are provided, an access authentication unit, a content transmission unit, and a signature verification unit are provided in the plurality of sites, and the control center receives an ID and a password from the user terminal. The user authenticating means authenticates the user, the access verifying means verifies the access, and the credit information is digital signature giving credit information by the signature generating means, and the centralized center has the URL and the digital signature giving credit information. After creating the URL for server access of the site by combining The user terminal transmits the server access URL to the plurality of sites, the access authentication means of the plurality of sites performs access authentication with the credit information, and transmits the credit information to the signature verification means. After the verification, the content management system returns to the access authentication means, the content transmission means acquires the content data, and then transmits the content data to the user terminal. 3. A content management system in which a user terminal, a control center, and a plurality of sites are connected via a network and manages contents transmitted between them, wherein the control center includes a user authentication means. An access verification unit, a signature generation unit, and an encryption unit are provided, an access authentication unit, a content transmission unit, a signature verification unit, and a decryption unit are provided in the plurality of sites. The ID and password are received from the terminal, the user authentication means authenticates the user, the access verification means verifies the access, and the credit information is transmitted to the signature generation means to be the digital signature-granting credit information. The site is specified by the encryption means to encrypt the digital signature-giving information, and the centralized center U
The server access URL of the site is created by combining the RL and the encrypted digital signature-giving information, and then transmitted to the user terminal, and the user terminal transmits the server access URL to the specified site. The access authentication means of the specified site transmits the encrypted digital signature-granting information to the decrypting means and decrypts it, and then authenticates the digital signature-giving information with the access authenticating means. The content management system, wherein the content transmission means transmits the content data to the user terminal after acquiring the content data. 4. A content management system in which a user terminal, a control center, and a plurality of sites are connected via a network and manages content transmitted between these sites, wherein the control center includes a user authentication means. Access verification means, signature generation means, encryption means, common key generation means, and common key cooperation means are provided, and the plurality of sites have access authentication means, content transmission means, signature verification means, decryption means, and common key. Coordinating means is provided, the centralized center receives the ID and password from the user terminal, the user authenticating means performs user authentication, the access verifying means performs access verification, and the credit information is signed by the signature. The information is transmitted to the generation means and used as digital signature giving credit information, the site is identified by the encrypting means, and the digital signature giving credit information is specified. And encrypts the common key by the common key coordinating means after the common key generating means generates the common key, and transmits the encrypted common key to the common key coordinating means of the specified site. As well as
The centralized center creates a server access URL of the site by combining the URL and the encrypted digital signature-giving information, and then transmits the URL to the user terminal, and the user terminal identifies the server access URL. To the site, the access authentication means of the specified site sends the encrypted digital signature-granting information to the decryption means, and the common key cooperation means obtains the encrypted common key. Then, after decrypting the encrypted digital signature-giving information, the access authenticating means authenticates the digital signature-giving information, and the content transmitting means refers to the content management table to obtain the content data. The content management system, characterized in that the content data is transmitted to the user terminal after the acquisition. 5. A content management system for managing content transmitted between a user terminal, a control center, and a plurality of sites via a network, wherein the control center includes user authentication means. Access verification means, signature generation means, encryption means, common key generation means, common key cooperation means, and time acquisition means are provided, and access authentication means, content transmission means, signature verification means, and decryption are provided at the plurality of sites. Means and a common key cooperating means are provided, the centralized center receives an ID and a password from the user terminal, the user authentication means performs user authentication by referring to a user management table, and the access verification means Access verification is performed by referring to the content management table, and credit information is sent to the signature generating means to send a digital signature. After creating the added credit information, the encryption means identifies the site to encrypt the digital signature added credit information, and the common key generation means acquires the current time information from the time acquisition means to obtain the common key. After the generation, the common key cooperation means encrypts the common key, the encrypted common key is transmitted to the common key cooperation means of the specified site, and the centralized center is encrypted with the URL. The server access URL of the site is created after being combined with the digital signature imparting information and transmitted to the user terminal, and the user terminal transmits the server access URL to the specified site, The access authentication means sends the encrypted digital signature-giving information to the decryption means, and the common key cooperation means sends the encrypted common key. After obtaining and decrypting the encrypted digital signature-giving information, the access authenticating means authenticates the digital signature-giving information, and the content transmitting means refers to the content management table to obtain the content data. The content management system, characterized in that the content data is transmitted to the user terminal after the acquisition. 6. A content management system in which a user terminal, a control center, and a plurality of sites are connected via a network, and the content transmitted between these is managed, wherein the control center includes a user authentication means. Access verification means and time acquisition means are provided, access authentication means and content transmission means are provided at the plurality of sites, and the centralized center receives the ID and password from the user terminal and performs the user authentication. The means authenticates the user, the access verification means verifies the access, and then the URL
And the credit information are combined to create a server access URL for the site, the current time is acquired from the time acquisition means, and the credit information is sent to the user terminal after an effective expiration date is added to the user terminal. Transmits the server access URL to the plurality of sites, the access authentication means of the plurality of sites performs access authentication based on the credit information, and the content transmission means acquires the content data, and then, to the user terminal. A content management system characterized by transmitting the content data. 7. A content management system in which a user terminal, a control center, and a plurality of sites are connected via a network, and the content transmitted between these is managed, wherein the control center has a user authentication means. Access verification means, time acquisition means and time synchronization means are provided, access authentication means, content transmission means, time acquisition means and time synchronization means are provided at the plurality of sites, and the centralized center is the user After receiving the ID and password from the terminal, the user authentication means performs user authentication, the access verification means performs access verification, and then the URL
And credit information are combined to create a URL for server access of the site, the current time is acquired from the time acquisition means, and the valid expiration date is added to the credit information. After synchronizing the time between sites, send to the user terminal,
The user terminal transmits the server access URL to the plurality of sites, and the access authentication means of the plurality of sites performs access authentication based on the credit information,
The content management system, wherein the content transmitting means transmits the content data to the user terminal after acquiring the content data. 8. The centralized center is provided with a user authentication means, an access verification means, and a content update means, and a plurality of sites are provided with an access authentication means, a content transmission means, and a content registration update means. The content registration update means updates the content in the plurality of sites with content update information transmitted from the outside of the plurality of sites, and transmits the content update means of the centralized center to the content in the centralized center. The content management system according to claim 1, further comprising: 9. The centralized center is provided with a user authentication means, an access verification means, and a directory access control management table, and the directory access control management table manages contents for each directory. The content management system according to claim 1. 10. The content management system according to claim 1, wherein the access verification means of the centralized center performs the access verification with the organization information to which the user belongs. 11. The centralized center is provided with a user authenticating means, an access verifying means, a content updating means and a decrypting means, and a plurality of sites are provided with an access authenticating means, a content transmitting means, a content registration updating means and an encrypting means. And the content registration update means of the site updates the content within the site with the content update information transmitted from outside the site, and after the content update information is encrypted by the encryption means. The content management system according to claim 1, wherein the content management system transmits the content update means of the centralized center, and the decryption means decrypts the content update information to update the content in the centralized center. 12. A content management system in which a user terminal, a centralized center, and a plurality of sites are connected via a network and manages contents transmitted between them, wherein the centralized center includes a user authentication means. A user management table in which a user certificate is registered and access verification means are provided, the user certificate is installed in the user terminal, and access authentication means and content transmission means are provided in the plurality of sites. The control center receives the ID and password from the user terminal and the user certificate, the user authenticating means performs user authentication, the access verifying means performs access verification, and then the URL and credit. Combined with the information to create the server access URL of the site and send it to the user terminal , The user terminal transmits the server access URL to the plurality of sites, the access authentication means of the plurality of sites performs access authentication based on the credit information, and the content transmission means acquires content data, A content management system, characterized in that the content data is transmitted to the user terminal. 13. A content management system for managing content transmitted between a user terminal, a control center, and a plurality of sites via a network, wherein the control center includes a user authentication means. An accessible list creation means and an access verification means are provided, an access authentication means and a content transmission means are provided at the plurality of sites, and the centralized center receives an ID and a password from the user terminal, The user authentication means performs user authentication, the accessible list creating means creates an accessible list and sends it to the user terminal, the user terminal sends information received from the centralized center to the access verification means, After the access verification means verifies the access, it combines the URL and the credit information to support. Create a server access URL and send it to the user terminal,
The user terminal transmits the server access URL to the plurality of sites, and the access authentication means of the plurality of sites performs access authentication based on the credit information,
The content management system, wherein the content transmission means transmits the content data to the user terminal after acquiring the content data. 14. A content management system in which a user terminal, a control center, and a plurality of sites are connected via a network, and the content transmitted between these is managed, wherein the control center has a user authentication means. An accessible list creating unit and an access verifying unit are provided, an access authenticating unit, a content transmitting unit, and a content compressing unit are provided at the plurality of sites, and the central center receives an ID and a password from the user terminal. Upon reception, the user authentication means authenticates the user, the accessible list creating means creates an accessible list and sends it to the user terminal, and the user terminal selects a plurality of contents from the information received from the centralized center. Select and send to the access verification means, and the access verification means After the certification, the URL including the plurality of contents and the credit information are combined to create the server access URL of the site and the URL is transmitted to the user terminal, and the user terminal transmits the server access URL to the plurality of URLs. The content is transmitted to a site, the access authentication means of the plurality of sites authenticates the access by the credit information, the content transmission means acquires a plurality of content data, and then the content compression means collects the plurality of content data. A content management system, which compresses and transmits the compressed data to the user terminal. 15. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means is accessible content. (5) A step in which the access verification means combines a URL and credit information to create a server access URL for the site and returns the URL to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step of transmitting the content data to the user terminal after the content transmission means acquires the content data by referring to the server access URL and the content management table. 16. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means can access the content. (5) A step in which the access verification means transmits credit information to the signature generation means. (6) The signature generation means generates a hash value from the credit information, acquires a center private key from a private key storage, creates a digital signature from the center private key and the hash value, and then adds credit information with a digital signature. And returning to the access verification means. (7) A step in which the access verification means creates a URL for server access of the site that combines the credit information with the digital signature and a URL, and returns the URL to the user terminal. (8) A step in which the user terminal uses the server access URL to issue a request to access authentication means of a plurality of sites. (9) A step in which the access authentication unit authenticates the server access URL with the digital signature-added credit information of the URL and transmits the digital signature-added credit information to the signature verification unit. (10) A step in which the signature verification means generates a hash value 1 from the credit information with the digital signature, obtains a center public key from a public key storage, and verifies the digital signature with this key to obtain a hash value 2. (11) The signature verifying unit compares the hash values 1 and 2 and returns a coincident result to the access authenticating unit, and the access authenticating unit authenticates and then the U for server access.
Sending the RL to the site content sending means. (12) The content transmission means is a server access URL
And acquiring the content data and transmitting the content data to the user terminal. 17. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means can access the content. (5) A step in which the access verification means transmits credit information to the signature generation means. (6) The signature generation unit generates a hash value from the credit information, acquires a center private key from a private key storage, creates a digital signature from the center private key and the hash value, and then adds credit information with a digital signature. And a step of replying to the access verification means. (7) A step in which the access verification means creates a server access URL of a site that combines the digitally signed credit information and a URL, and sends the server access URL to an encryption means. (8) A step in which the encryption means specifies a site, obtains a site public key, encrypts the digitally signed credit information with the site public key, and then returns the encrypted information to the access verification means. (9) A step in which the access verification unit returns a server access URL of a site, which is a combination of the encrypted digitally signed credit information and a URL, to the user terminal. (10) The user terminal uses the server access URL
Requesting the access authentication means of the specified site by using. (11) A step in which the access authentication means transmits the encrypted credit-signed credit information to the decryption means. (12) After the decryption means obtains the site private key and decrypts the encrypted signed credit information with the site private key, the decryption means sends back to the access authentication means, and after the access authentication means authenticates, Sending the server access URL to the content sending means of the specified site. (13) A step in which the content transmission unit refers to the server access URL, acquires content data, and transmits the content data to the user terminal. 18. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) The user authentication means refers to the user management table, and if the user and password are valid, user authentication is performed,
Returning the content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means can access the content. (5) A step in which the access verification means transmits credit information to the signature generation means. (6) The signature generation unit generates a hash value from the credit information, acquires a center private key from a private key storage, creates a digital signature from the center private key and the hash value, and then adds credit information with a digital signature. And a step of replying to the access verification means. (7) A step in which the access verification means creates a server access URL of the site combining the credit information with the digital signature and the URL, and then transmits the URL to the encryption means. (8) A step in which the encryption unit identifies a site, generates a common key from the common key cooperation unit, encrypts the credit information with the digital signature with the common key, and then returns the encrypted information to the access verification unit. (9) A step in which the access verification means returns a server access URL, which is a combination of the encrypted digitally signed credit information and a URL, to the user terminal. (10) The user terminal uses the server access URL
Using, to make a request to the access verification method of the specified site. (11) The access authentication means uses the encrypted digitally signed credit information to access the server access URL.
Authenticating, and transmitting the digitally signed credit information to the decryption means. (12) The decryption means obtains a common key from the common key cooperation means of the specified site, decrypts the encrypted signed credit information with the common key, and then returns it to the access authentication means. After the authentication, the access authentication means sends the server access URL to the content transmission means. (13) A step in which the content transmitting unit refers to the server access URL and the content management table, acquires content data, and transmits the content data to the user terminal. 19. A content management method characterized by performing the following steps (8) and (12) instead of the steps (8) and (12) described in claim 18. (8) The encryption unit specifies the site, the common key generation unit connected to the common key cooperation unit generates a common key at the time acquired from the time acquisition unit, and transmits this common key to the common key cooperation unit. And the encrypted common key, and the credit information with the digital signature is encrypted and returned to the access verification means. (12) The decryption means obtains an encrypted common key from the common key cooperation means of the specified site, decrypts the encrypted signed credit information with the common key, and then performs the access authentication. Reply to the means, and the access authentication means authenticates and then sends the server access UR to the content transmission means.
Step of sending L. 20. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means is accessible content. (5) The access verification means creates a URL for server access of the site by combining the URL and the credit information, acquires the current time from the time acquisition means, adds an expiration date to the credit information, and then Step of replying to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step in which the content transmission unit refers to the server access URL, acquires content data, and then transmits the content data to the user terminal. 21. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means is accessible content. (5) The access verifying unit refers to the content management table, combines the URL and the credit information to create the server access URL of the site, acquires the current time from the time acquisition unit, and sets the expiration date in the credit information. In addition, a step of synchronizing the time between the centralized center and the plurality of sites by the time synchronizing means, and then returning to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step in which the content transmission unit refers to the server access URL, acquires content data, and then transmits the content data to the user terminal. 22. A content management method comprising the following steps. (1) Content registration update means of a plurality of sites via the network updates the content in the plurality of sites with the content update information transmitted from the outside of the plurality of sites and also updates the content in the centralized center. Steps to take. (2) A step of transmitting the user ID and password from the user terminal to the user authentication means of the centralized center. (3) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (4) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (5) A step of confirming that the access verification means is accessible content. (6) The access verification means combines the URL and credit information to create a URL for server access to the site,
Returning to the user terminal. (7) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (8) A step in which the access authentication unit authenticates the server access URL based on the credit information and sends the server access URL to the content transmission unit. (9) A step of transmitting the content data to the user terminal after the content transmitting means refers to the server access URL to acquire the content data. 23. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) The access verification means refers to the directory / access control management table and confirms that the content is accessible. (5) A step in which the access verification means combines a URL and credit information to create a server access URL for the site and returns the URL to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step of transmitting the content data to the user terminal after the content transmitting means refers to the server access URL to acquire the content data. 24. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (3) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (4) A step in which the access verification means confirms that the content is accessible according to the organization information to which the user belongs. (5) A step in which the access verification means combines a URL and credit information to create a server access URL for the site and returns the URL to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication unit authenticates the server access URL based on the credit information and sends the server access URL to the content transmission unit. (8) A step of transmitting the content data to the user terminal after the content transmitting means refers to the server access URL to acquire the content data. 25. A content management method comprising the following steps. (1) Content registration and update means of a plurality of sites via a network updates and encrypts the content in the plurality of sites by content update information transmitted from outside the plurality of sites, and encrypts the content in the central control center. Step of sending to update means. (2) A step of decrypting the content by the decryption means in the centralized center and updating the content held therein. (3) A step of transmitting the user ID and password from the user terminal to the user authentication means of the centralized center. (4) A step of authenticating the user if the user authentication means is a valid user and password, and returning a content list to the user terminal. (5) A step in which the user terminal selects a necessary one from the content list and sends it to the access verification means of the centralized center. (6) A step in which the access verification means confirms that the content is accessible. (7) A step in which the access verification means combines a URL and credit information to create a server access URL of the site and sends the URL back to the user terminal. (8) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (9) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (10) A step of transmitting the content data to the user terminal after the content transmission means refers to the server access URL and the content management table to obtain content data. 26. A content management method comprising the following steps. (1) A step of issuing a user certificate at the control center via the network, registering the user certificate in the user management table, and installing the user certificate in the user terminal. (2) A step of transmitting the user ID, the password, and the user certificate from the user terminal to the user authentication means of the control center. (3) A step of authenticating the user if the user authenticating means is a valid user, a password, and a user certificate, and returning a content list to the user terminal. (4) A step in which the user terminal selects a necessary one from the content list and transmits it to the access verification means of the centralized center. (5) A step of confirming that the access verification means is accessible content. (6) A step in which the access verification means combines a URL and credit information to create a server access URL for the site, and returns the URL to the user terminal. (7) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (8) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (9) A step of transmitting the content data to the user terminal after the content transmitting means refers to the server access URL to acquire the content data. 27. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, creating an accessible list by the accessible list creating means, and returning the accessible list to the user terminal. (3) A step in which the user terminal selects a necessary one from the accessible list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means is accessible content. (5) A step in which the access verification means combines a URL and credit information to create a server access URL for the site and returns the URL to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step of transmitting the content data to the user terminal after the content transmitting means refers to the server access URL to acquire the content data. 28. A content management method comprising the following steps. (1) A step of transmitting a user ID and a password from a user terminal to a user authentication means of a centralized center via a network. (2) A step of authenticating the user if the user authentication means is a valid user and password, creating an accessible list by the accessible list creating means, and returning the accessible list to the user terminal. (3) A step in which the user terminal selects a necessary one from the accessible list and transmits it to the access verification means of the centralized center. (4) A step of confirming that the access verification means is accessible content. (5) A step in which the access verification means combines a URL and credit information to create a server access URL for the site and returns the URL to the user terminal. (6) The user terminal uses the server access URL
Using, to submit a request to the access authentication method of multiple sites. (7) A step in which the access authentication means authenticates the server access URL based on the credit information and sends the server access URL to the content transmission means. (8) A step in which the content transmitting unit refers to the server access URL and obtains a plurality of content data, and then the content compressing unit collectively compresses the plurality of content data and transmits the content data to the user terminal.