JP2005303530A - Access relay apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access relay apparatus, capable of excluding an access by an unspecified third party who does not have legitimate access right, and to avoid having the host name of a contents server, existing in an intranet from passing through over the Internet. <P>SOLUTION: When an authentication processing by an authentication processing section 12 admits an access right of a client terminal 1, while collecting the terminal information unique to the terminal 1 from the client terminal 1, the access relay apparatus generates a tentative server ID for identifying the contents server connected to the intranet 6, transmits the tentative server ID to the client terminal 1; and upon the receipt of an access request, including the tentative server ID and the terminal information from the client terminal 1, the access relay apparatus transfers the access request to the contents server, corresponding to the tentative server ID. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access relay device that relays access to a content server connected to an internal network such as an intranet.

Conventionally, when a packet communication device corresponding to an access relay device is connected to a client terminal and the client terminal accesses a content server connected to the Internet, an intranet, or the like, a URL indicating a destination address is transmitted to the packet communication device. .
When receiving the URL from the client terminal, the packet communication device determines whether the destination address indicated by the URL is an intranet address or a global address.

If the destination address indicated by the URL is an intranet address, the packet communication device requests address resolution from a name server in the intranet. If the destination address indicated by the URL is a global address, the packet communication device resolves the address to an Internet name server. Request.
Accordingly, the client terminal can access a content server connected to the Internet or an intranet without performing address resolution on its own (see, for example, Patent Document 1).

JP 2002-208964 (paragraph numbers [0015] to [0019], FIG. 1)

Since the conventional access relay apparatus is configured as described above, if the destination address indicated by the URL is an intranet address, it requests address resolution from a name server in the intranet, and the destination address indicated by the URL is a global address. If so, it can request address resolution from an Internet name server. However, when a client terminal existing on the Internet accesses a content server existing in the intranet, in order to perform the above address resolution, the addresses of all the content servers in the intranet must be disclosed on the Internet. I must. In addition, even if all the content server addresses are disclosed on the Internet, since the addresses are exchanged on the Internet, there is a risk that the address of the content server in the intranet may be stolen on the Internet. there were. As a means for avoiding the risk that the address of the content server in the intranet is stolen on the Internet, the Internet VPN exists, but a dedicated VPN device is required, and both sides of the VPN device (the client side and the content server) Side), the communication load becomes excessive. Further, since Internet VPN is a technology for encrypting data, it is not concealed by successively replacing the IP address or host name of the server on the receiving side at regular intervals. Also, if the data encryption is broken, the internal address will be known to the eavesdropper.
In addition, there is a method of concealing the IP of the server to another one, where there is a method of placing a load distribution device in front of the content server. This method replicates the same content server to multiple machines and distributes the load among them. As a result, it is possible to hide the IP and host name of the content server in the intranet, but the number of servers is usually limited to a few, and they must be content servers with the same contents .

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide an access relay device that can eliminate access by an unspecified third party who does not have a legitimate access authority. .

  The access relay device according to the present invention collects terminal-specific terminal information from the client terminal when the access authority of the client terminal is recognized by the authentication processing of the authentication processing means, while the content server connected to the internal network An initial setting means for creating a temporary server ID for identifying the server and transmitting the temporary server ID to the client terminal is provided, and when an access request including the temporary server ID and terminal information is received from the client terminal, the temporary server ID is included in the access request. If the terminal information collected matches the terminal information collected by the initial setting means, the access request is transferred to the content server corresponding to the temporary server ID.

  According to this invention, when the access authority of the client terminal is recognized by the authentication processing of the authentication processing means, the terminal information specific to the terminal is collected from the client terminal, and the content server connected to the internal network is identified. An initial setting unit for creating a temporary server ID and transmitting the temporary server ID to the client terminal is provided. When an access request including the temporary server ID and terminal information is received from the client terminal, the temporary server ID is included in the access request. If the terminal information and the terminal information collected by the initial setting means match, the access request is transferred to the content server corresponding to the temporary server ID. This has the effect of eliminating access by a specific third party.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing a WEB system to which an access relay apparatus according to Embodiment 1 of the present invention is applied. In FIG. 1, a client terminal 1 is a terminal such as a personal computer used by a client, and is connected to an external network. A function to connect to a certain Internet 2 is provided. The client terminal 1 accesses the access relay device 4 through the Internet 2, and the server list from the access relay device 4 (the server list is a list of content servers 7 and 8 in the intranet 6 accessible by the client terminal 1, for example). , The temporary server ID for identifying the content servers 7 and 8 and the expiration date of the temporary server ID are stored) while the content server 7 and 8 in the intranet 6 is accessed. The access request including the temporary server ID stored in is transmitted to the access relay device 4 through the Internet 2.

The firewall 3 is installed between the Internet 2 and the intranet 6 and has a function of preventing unauthorized attacks on the content servers 7 and 8 and the access relay device 4 connected to the intranet 6.
The access relay device 4 is installed, for example, in a DMZ (DeMitarized Zone) area of the firewall 3. When an access is received from the client terminal 1 through the Internet 2, the access relay device 4 performs an authentication process for the client terminal 1, and If it has access authority to the relay device 4), terminal information unique to the terminal is collected from the client terminal 1, while a server list is transmitted to the client terminal 1. Further, when an access request including a temporary server ID and terminal information is received from the client terminal 1 through the Internet 2, if the terminal information included in the access request and the terminal information collected earlier from the client terminal 1 match. When the access request is transferred to the content server (for example, the content server 7) corresponding to the temporary server ID and the content is received from the content server 7, the content is returned to the client terminal 1.

The user management DB 5 is arranged on the same network segment as the access relay device 4, and the temporary server ID created by the access relay device 4, the expiration date of the temporary server ID, the access permission period of the client terminal 1, the terminal of the client terminal 1 Information is managed.
The content servers 7 and 8 are computers connected to the intranet 6 that is an internal network and managing the content. When an access request is transferred from the access relay device 4, the content servers 7 and 8 return the content to the access relay device 4.
The administrator terminal 9 is a terminal such as a personal computer used by the administrator of the access relay device 4. The mail server 10 is a server that distributes mail related to a temporary account, for example.

FIG. 2 is a block diagram showing an access relay apparatus according to Embodiment 1 of the present invention. In the figure, the Internet I / F unit 11 has a function of connecting to the Internet 2, and includes various functions such as the client terminal 1 and the user management DB 5. It is equipped with a data communication device that transmits and receives information and data.
When the Internet I / F unit 11 receives an access from the client terminal 1, the authentication processing unit 12 performs an authentication process for the client terminal 1, and the client terminal 1 has an access right to itself (the access relay device 4). Judge whether or not. The authentication processing unit 12 constitutes an authentication processing unit.

  When the access authority of the client terminal 1 is recognized by the authentication processing of the authentication processing unit 12, the agent software installation unit 13 downloads and installs the agent software on the client terminal 1 via the Internet I / F unit 11. The terminal information collection unit 14 negotiates with the agent software installed in the client terminal 1 to collect terminal information collected from the client terminal 1 (for example, registry information of the client terminal 1, LAN card information, file information, folder configuration information). The software installation status, the setting information of the installed software, etc.) are set, and terminal-specific terminal information is collected from the client terminal 1 via the Internet I / F unit 11.

The server list transmission unit 15 creates a temporary server ID for identifying the content servers 7 and 8 connected to the intranet 6, and a server list including the temporary server ID and the like (the server list is accessed by, for example, the client terminal 1) A list of possible content servers 7 and 8 in the intranet 6, a temporary server ID for identifying the content servers 7 and 8, an expiration date of the temporary server ID, etc.) are stored in the Internet I / F unit 11. And the server list and the like are registered in the user management DB 5.
The agent software installation unit 13, the terminal information collection unit 14, and the server list transmission unit 15 constitute an initial setting unit.

  When the Internet I / F unit 11 receives an access request including a temporary server ID and terminal information from the client terminal 1, the request transfer unit 16 is a terminal whose terminal information included in the access request is managed in the user management DB 5 If the information matches the information, the access request is transferred to the content server (for example, the content server 7) corresponding to the temporary server ID via the intranet I / F unit 17. The request transfer unit 16 constitutes a request transfer unit.

The intranet I / F unit 17 has a connection function to the intranet 6 and is equipped with a data communication device that transmits and receives various types of information and data to and from the content servers 7 and 8.
When the intranet I / F unit 17 receives the content from the content server (the content server to which the access request is transferred from the request transfer unit 16), the content reply unit 18 sends the content to the client terminal via the Internet I / F unit 11. Reply to 1. The content reply unit 18 constitutes a content reply unit.

The authentication processing unit 12, the agent software installation unit 13, the terminal information collection unit 14, the server list transmission unit 15, the request transfer unit 16, and the content return unit 18 that are components of the access relay device 4 are, for example, a CPU or the like. It may be configured individually using an IC integrated circuit having an information processing function, but when the access relay device 4 is configured from a computer, the agent software installation unit 13, the terminal information collection unit 14, the server list A program in which processing contents of the transmission unit 15, the request transfer unit 16, and the content return unit 18 are described may be stored in a memory, and the CPU of the computer may execute the program.
FIG. 3 is a sequence diagram showing exchanges between the client terminal, the access relay device, and the content server. FIG. 4 is a flowchart showing the processing contents of the access relay apparatus according to Embodiment 1 of the present invention.

Next, the operation will be described.
A case where the client terminal 1 in which the agent software is not installed accesses the access relay device 4 for the first time will be described.
The client operates the client terminal 1 to specify the URL (global address published on the Internet) of the access relay device 4.
The client terminal 1 accesses the access relay device 4 through the Internet 2 by outputting the URL designated by the client to the Internet 2 (step SQ1 in FIG. 3 and step ST1 in FIG. 4).

When the Internet I / F unit 11 receives access from the client terminal 1 when the Internet I / F unit 11 receives access from the client terminal 1, if the access is the first access (step ST 2 in FIG. 4), the authentication processing unit 12 A reply is made to the client terminal 1 (step SQ2 in FIG. 3).
When the login page of the access relay device 4 is displayed on the display of the client terminal 1, the client inputs authentication information (for example, a user ID and a password) on the login page.

When the client terminal 1 completes the authentication information input operation by the client, the client terminal 1 transmits the authentication information to the access relay device 4 (step SQ3).
However, if the client terminal 1 has previously installed authentication information such as a digital certificate or a USB token from the access relay device 4, the client authentication information is automatically transmitted at the time of the first access. No authentication information input operation is required.

When the Internet I / F unit 11 receives authentication information from the client terminal 1, the authentication processing unit 12 of the access relay device 4 performs authentication processing on the client terminal 1.
That is, if the same authentication information as that authentication information is registered in the user management DB 5, it is determined that the client terminal 1 has access authority to itself (the access relay device 4), and the same authentication information as the authentication information. If the authentication information is not registered in the user management DB 5, it is determined that the client terminal 1 does not have access authority for itself (the access relay device 4).

If the authentication processing unit 12 of the access relay apparatus 4 determines that the client terminal 1 does not have access authority, a message indicating that access is not permitted is sent to the client terminal 1 via the Internet I / F unit 11. Send.
On the other hand, when it is determined that the client terminal 1 has the access authority, when the access to the content servers 7 and 8 is desired, a message indicating that the agent software needs to be downloaded and installed is displayed on the client terminal. 1 (step SQ4).

When the Internet I / F unit 11 receives the agent software download request from the client terminal 1 (step SQ5), the agent software installation unit 13 of the access relay apparatus 4 sends the agent software to the client via the Internet I / F unit 11. Download and install in the terminal 1 (step SQ6 in FIG. 3, step ST3 in FIG. 4).
When the installation of the agent software on the client terminal 1 is completed, the terminal information collection unit 14 of the access relay device 4 negotiates with the agent software installed on the client terminal 1 to collect the types of terminal information collected from the client terminal 1 In addition, the terminal information transmission timing is determined (step SQ7 in FIG. 3 and step ST4 in FIG. 4). The agreement information is set as an operation parameter of the agent software.

Here, as the terminal information, for example, registry information of the client terminal 1, LAN card information (for example, MAC address, IP address), file information (for example, OS installation stamp, specific file size), folder configuration information ( For example, there is information on which drive has what name folder), software installation status, installed software setting information (for example, the address set in the mail software), etc. Any unique terminal information that can be collected from 1 is not limited thereto.
As an example, the access relay device 4 creates a predetermined folder or file on the client terminal 1 during the negotiation. The name of the folder or file created here is a special long name, and the hierarchical structure is created at a deep position.
In subsequent access, since the check is performed based on whether or not the folder and file exist, it is difficult for a third party to forge a specially named folder or file, and impersonation can be prevented.

When the type of terminal information collected from the client terminal 1 is determined, the terminal information collection unit 14 of the access relay device 4 collects terminal information specific to the terminal from the client terminal 1 via the Internet I / F unit 11 (step SQ8 ).
The terminal information collection unit 14 registers the terminal information collected from the client terminal 1 in the user management DB 5.

The server list transmission unit 15 of the access relay device 4 refers to the authentication information transmitted from the client terminal 1, and among the content servers connected to the intranet 6, the content in the intranet 6 accessible by the client terminal 1 Search for a server. For example, if the servers in the accessible intranet 6 are the content servers 7 and 8, a server list that is a list indicating that the accessible servers are the content servers 7 and 8 is created.
The server list transmission unit 15 creates a temporary server ID for identifying the content servers 7 and 8 and inserts the temporary server ID, the expiration date of the temporary server ID, and the access permission period into the server list.

However, when the server list transmission unit 15 creates a temporary server ID for identifying the content servers 7 and 8, a different temporary server ID is created for each client terminal 1. That is, even if the temporary server IDs identify the same content server, different temporary server IDs are created if the client terminal 1 that desires access is different.
Even if the same client terminal 1 has different access dates, different temporary server IDs are created.

When creating the server list including the temporary server ID, the server list transmission unit 15 of the access relay apparatus 4 transmits the server list to the client terminal 1 via the Internet I / F unit 11 (step SQ9).
Further, the server list transmission unit 15 registers the server list in the user management DB 5.
Here, FIG. 5 is an explanatory diagram showing the original URL and temporary server ID of the content server.

Next, the case where the client terminal 1 in which the agent software is installed accesses the content server via the access relay device 4 will be described.
The agent software installed in the client terminal 1 is automatically started as a resident process when the client terminal 1 is started (the agent software can be manually stopped by the client) and connected to the intranet 6 at the time of startup or periodically. It is investigated whether there is a change in the content server that has been changed (for example, whether a content server accessible to the client terminal 1 has been added, whether the host name of the content server has been changed, etc.) investigate). The investigation is performed by the agent software exchanging information with the access relay device 4. If there is a change, the server list in the client terminal 1 transmitted and stored earlier from the access relay device 4 is updated.

The client operates the client terminal 1 and designates a content server desired to be accessed on the browser.
For example, when the client specifies the content server 7, the following URL is input on the browser.
http: // server name / folder name of content server 7 / ˜

When the client inputs the URL on the browser, the agent software installed in the client terminal 1 refers to the server list and determines whether or not the URL specifies a server in the intranet 6.
If the URL does not specify a server in the intranet 6, the agent software transfers the URL as it is to the Internet 2, but the URL specifies a server in the intranet 6 and is accessible content If it is the URL of the server 7, 8, the URL is changed.

That is, when the content server that is desired to be accessed is the content server 7, the agent software has a URL in which the temporary server ID of the content server 7 is added to the server name of the access relay device 4 as shown below. Change to
http: // server name of access relay device 4 / temporary server ID of content server 7 / folder name / ˜

Further, when the agent software changes the URL to the format with the temporary server ID of the content server 7 added, the terminal information of the client terminal 1 (in advance, the terminal information collection unit 14 of the access relay device 4) is included in the access request including the URL. Terminal information) and a flag indicating that the agent software has created (hereinafter referred to as an agent flag) is added, and the access request with the terminal information added is transferred to the Internet 2 ( Step SQ10).
Here, FIG. 6 is an explanatory diagram showing a packet configuration example of an access request transmitted from the client terminal.

Since the URL and IP address of the access relay device 4 are published on the Internet 2, the name is resolved on the Internet 2, and the access request reaches the access relay device 4.
Even if an unspecified third party transfers a URL that directly specifies the server name of the content server 7 to the Internet 2, the IP address of the content server 7 is not disclosed on the Internet, so the content server 7 is accessed. Can not do it. Also, even if an attempt is made to access the access relay device 4, the top page of the access relay device 4 can be reached, but since the initial authentication there fails, access to the intranet cannot be made.

When the Internet I / F unit 11 receives the access request including the temporary server ID, the terminal information, and the agent flag from the client terminal 1 (step ST5), the request transfer unit 16 of the access relay device 4 receives the request that is valid. Terminal information is extracted from the access request, and it is determined whether the same terminal information as the terminal information is registered in the user management DB 5 or not (step ST6).
When the same terminal information as the terminal information included in the access request is not registered in the user management DB 5 or when the agent flag is not included in the access request, the request transfer unit 16 Although access is denied, if the same terminal information is registered in the user management DB 5 and the agent flag is included in the access request, the temporary server ID is extracted from the access request and is the same as the temporary server ID. It is determined whether or not the temporary server ID is registered in the user management DB 5.

When the same temporary server ID as the temporary server ID included in the access request is not registered in the user management DB 5, the request transfer unit 16 rejects access from the client terminal 1, but the same temporary server ID is If registered in the user management DB 5, a URL including the server name and IP address of the content server 7 corresponding to the temporary server ID included in the access request is created (step ST 7), and the intranet I / F unit 17 is set. Then, the URL is transferred as an access request to the content server 7 (step SQ11 in FIG. 3 and step ST8 in FIG. 4).
Here, if the access request is not a legitimate request, access from the client terminal 1 is immediately rejected, but retransmission of the terminal information and the like is requested to the agent software of the client terminal 1 (step ST10), and the client terminal When it is not recognized that the request is valid even when referring to the terminal information retransmitted from one agent software, the access from the client terminal 1 may be rejected (step ST11).

When the access request is transferred from the access relay device 4 through the intranet 6, the content server 7 returns the content to the access relay device 4 (step SQ12).
When the intranet I / F unit 17 receives the content from the content server 7, the content reply unit 18 of the access relay device 4 encrypts the content as necessary, and transmits the content via the Internet I / F unit 11. A reply is made to the client terminal 2 (step SQ13 in FIG. 3, step ST9 in FIG. 4).

Thus, when the agent software of the client terminal 1 receives the content from the access relay device 4 through the Internet 2, the content is transferred to the browser.
The browser of the client terminal 1 displays the content on the display of the client terminal 1.

  As apparent from the above, according to the first embodiment, when the access authority of the client terminal 1 is recognized by the authentication process of the authentication processing unit 12, the terminal information unique to the terminal is collected from the client terminal 1. A temporary server ID for identifying a content server connected to the intranet 6 is created, the temporary server ID is transmitted to the client terminal 1, and access including the temporary server ID and terminal information is transmitted from the client terminal 1 through the Internet 2. When the request is received, if the terminal information included in the access request matches the terminal information collected earlier, the access request is transferred to the content server corresponding to the temporary server ID. Eliminate access by unspecified third parties who do not have legitimate access rights Rukoto an effect that can.

  Further, according to the first embodiment, when collecting terminal information from the client terminal 1, the agent software is installed in the client terminal 1 and negotiated with the agent software in the client terminal 1 to obtain the terminal information. Therefore, it is possible to automatically search and collect unique terminal information that can be collected from the client terminal 1.

  Further, according to the first embodiment, when an access request to the content server is received from the client, the agent software having a function of generating an access request including the temporary server ID and the terminal information is installed in the client terminal 1. Thus, the content server URL can be prevented from leaking onto the Internet 2.

  Furthermore, according to the first embodiment, when the agent software installed in the client terminal 1 generates an access request, the agent flag is included in the access request. If the agent flag is not included in the access request transmitted from the eavesdropper client terminal 1 even if the terminal information is wiretapped (the agent including the agent flag in the eavesdropper client terminal 1) Since no software is installed, an agent flag is not included in the access request transmitted from the eavesdropper's client terminal 1), and it is possible to confirm that it is an unauthorized access request.

  Further, according to the first embodiment, even if it is the same content server, since it is configured to create a different temporary server ID for each client terminal, even if an access request is stolen on the Internet 2, An eavesdropper has an effect that the access request cannot be used permanently.

  Further, according to the first embodiment, even if the same client terminal is configured to create a different temporary server ID for each access date and time, even if an access request is stolen on the Internet 2, An eavesdropper has an effect that the access request cannot be used permanently.

  When a link from one content server to another content server is described with an absolute path, and the host name of the content server is not disclosed on the Internet 2, the link can usually be traced as it is. Can not. However, in the first embodiment, since the list of content servers connected to the intranet 6 and the temporary server ID of the content server are registered in advance in the server list of the client terminal 1, the content server If the user has access authority to the server, a link from one content server to another content server can be pasted.

Embodiment 2. FIG.
In the first embodiment, when the server list transmission unit 15 of the access relay apparatus 4 creates a temporary server ID and the client inserts the temporary server ID into the server request, the expiration date of the temporary server ID is set. Although the expiration date of the temporary server ID is also shown to be inserted into the server request, the server list transmission unit 15 of the access relay device 4 manages the expiration date of the temporary server ID, and the temporary server ID has passed after a certain period of time. When the valid period expires, the temporary server ID may be updated, and the updated temporary server ID may be transmitted to the client terminal 1 and the user management DB 5.

Thereby, even if the temporary server ID is wiretapped, there is an effect that an eavesdropper cannot permanently use the temporary server ID.
The temporary server ID update process is executed in the background between the server list transmission unit 15 of the access relay device 4 and the agent software installed in the client terminal 1, but the temporary server ID has expired. The client may perform the operation manually, for example, by outputting a message indicating closeness.

Embodiment 3 FIG.
In the first and second embodiments, the client terminal 1 transmits the access request including the temporary server ID, the terminal information, and the agent flag to the access relay device 4, but the client terminal 1 further includes the previous access information ( For example, the temporary server ID and the access time at the previous access may be included in the access request and transmitted to the access relay device 4.

When the request transfer unit 16 of the access relay apparatus 4 receives the access request including the previous access information, the previous access information included in the access request, the previous access information managed in the user management DB 5, and If they match, the validity of the access information is certified.
The request transfer unit 16 adds that the validity of the previous access information is recognized to one of the transfer conditions of the access request, and transfers the access request to the content server when the validity of the previous access information is recognized. Like that.
Thereby, compared with the said Embodiment 1, 2, there exists an effect which can exclude the unauthorized access by an unspecified third party severely.

Embodiment 4 FIG.
In the first to third embodiments, the content server 7 returns the content to the access relay device 4 when the access request is transferred from the access relay device 4. ) May be requested to transmit authentication information (for example, user ID, password).
In this case, the access relay device 4 transmits a request for transmitting authentication information to the client terminal 1, and transfers the authentication information transmitted from the client terminal 1 to the content server 7.
Then, the content server 7 refers to the authentication information, and if it is found that the client terminal 1 has an access authority to itself (content server 7), the content server 7 returns the content to the access relay device 4. To do.

  As a result, unauthorized access by an unspecified third party can be more strictly excluded than in the first to third embodiments. However, each time the client terminal 1 accesses the content server 7, the authentication information is stored in the content. It is necessary to send to the server 7 for authentication processing, and the operation of the client is troublesome.

Therefore, in the fourth embodiment, when the terminal information collection unit 14 of the access relay device 4 negotiates with the agent software of the client terminal 1 to collect terminal information, authentication information for the content server 7 is sent to the client terminal 1. to download.
On the other hand, when the agent software of the client terminal 1 transmits an access request to the access relay device 4, the authentication information for the content server 7 downloaded earlier is included in the access request and transmitted to the access relay device 4.

Then, the request transfer unit 16 of the access relay device 4 transfers an access request including authentication information for the content server 7 to the content server 7.
As a result, when the access request is transferred from the access relay device 4, the content server 7 does not transmit the authentication information transmission request to the access relay device 4, and the client terminal 1 has access authority to itself (content server 7). It is possible to determine whether or not it has

  In the fourth embodiment, the request transfer unit 16 of the access relay apparatus 4 transfers the authentication information included in the access request transmitted from the client terminal 1 to the content server 7. When the request transfer unit 16 of the device 4 receives an access request from the client terminal 1, authentication information for the content server 7 may be acquired from the user management DB 5 and the authentication information may be transferred to the content server 7.

Embodiment 5 FIG.
Although not particularly mentioned in the first to fourth embodiments, after the client terminal 1 downloads and installs the agent software, the agent software is lost or cannot be used due to data corruption. The client contacts the relay server administrator and requests the reset of download completion information.
Thereafter, the client operates the client terminal 1 to directly specify the URL of the access relay device 4 again, and by performing the initial authentication again in the same manner as in the first embodiment, the agent software and the server list are again displayed. Can be downloaded.

Further, when the terminal information of the client terminal 1 is changed, the request transfer unit 16 of the access relay device 4 detects the discrepancy of the terminal information, so that the access from the client terminal 1 is recognized as unauthorized access as it is.
Therefore, when the terminal information of the client terminal 1 is changed, the agent software checks the terminal information when the client terminal 1 is started or periodically, and if the terminal information is changed, the terminal information Is reported to the access relay device 4.
Alternatively, when the access relay device 4 detects a discrepancy in the terminal information, a warning message is transmitted to the client terminal 1 to request an update of the terminal information. Thereby, the client can transmit the updated terminal information to the access relay apparatus 4 by performing a predetermined operation.

In Embodiments 1 to 4 described above, the client terminal 1 is prompted to input authentication information to the access relay device 4 when it first accesses the access relay device 4. 12 may prompt the input of authentication information not only at the time of the first access but also periodically.
As a result, even if the temporary server ID is wiretapped, the eavesdropper does not know the authentication information for the access relay device 4, so that an access by the eavesdropper can be eliminated.

Embodiment 6 FIG.
In the first to fifth embodiments, in addition to a list indicating the content servers 7 and 8 in the intranet 6 accessible by the client terminal 1, a server list including a temporary server ID for identifying the content servers 7 and 8 is provided. Although what is transmitted to the client terminal 1 has been described, there is no content server in the intranet 6 that can be accessed by the client terminal 1, but there may be a content server that permits access for temporary access. is there.
In such a case, the access relay apparatus 4 creates a temporary account for permitting temporary access instead of the original system account of the content server, and transmits a server list including the temporary account to the client terminal 1. When the access request including the temporary account and the terminal information is received from the client terminal 1 through the Internet 2, if the terminal information included in the access request and the terminal information collected earlier match, The access request is transferred to the corresponding content server.

Specifically, the sixth embodiment is effective when a totally external user who does not have a content server in the accessible intranet 6 needs to temporarily access the intranet 6. It is.
FIG. 7 is a flowchart showing the processing contents of the access relay apparatus according to Embodiment 6 of the present invention.

A case will be described in which an external user terminal (client terminal 1) without agent software installed first accesses the access relay apparatus 4.
The external user operates the client terminal 1 and designates the URL (global address published on the Internet) of the access relay device 4.
The client terminal 1 accesses the access relay device 4 through the Internet 2 by outputting the URL designated by the external user to the Internet 2 (step ST21).

As a result, the top page of the access relay device 4 is displayed on the display of the client terminal 1, and a list of content servers that are permitted to access by the “temporary account” is displayed therein. The external user selects a content server desired to be accessed from the list (step ST22).
When an external user selects a content server that the user wishes to access, a screen for the external user to input personal information is displayed on the display of the client terminal 1, and the personal information (for example, address, name, phone number, An e-mail address, sex, age, etc.) are input (step ST23).
When the input operation of the personal information by the external user is completed, the client terminal 1 transmits the personal information to the access relay device 4.

When the Internet I / F unit 11 receives personal information from the client terminal 1, the authentication processing unit 12 of the access relay device 4 refers to the personal information and checks its validity.
For example, the access relay apparatus 4 automatically transmits a test mail to the electronic mail address input by the external user (step ST24). When the reply is returned correctly, the existence of the external user is confirmed (step ST25). Alternatively, the administrator of the access relay device 4 may actually make a call to the telephone number input by the external user and confirm the identity of the person.

If the administrator of the access relay device 4 confirms the existence of the external user and determines that the temporary account may be created for the external user by looking at the reply content of the test mail (step ST26), the management screen of the access relay device 4 A predetermined operation is performed above (step ST27).
After this operation, a mail is transmitted to the external user who has requested access (step ST28), and the access to the access relay device 4 is requested again. At this time, since the authentication information for the access relay device 4 is written in the mail, the authentication for the access relay device 4 is received using this authentication information (step ST29). As a result, the authentication of the access relay device 4 is completed, and the agent software and server list are downloaded as in the first embodiment.

  However, in the sixth embodiment, only temporary access is permitted. Therefore, unlike the first embodiment, the agent software installed in the client terminal 1 is forced to the client terminal after a certain period of time. It is assumed that the program is uninstalled from 1.

  When the installation of the agent software on the client terminal 1 is completed, the terminal information collection unit 14 of the access relay device 4 negotiates with the agent software installed on the client terminal 1 in the same manner as in the first embodiment, and the client software Arrangements such as the type of terminal information collected from the terminal 1 and the transmission timing of the terminal information are made.

When the type of terminal information collected from the client terminal 1 is determined, the terminal information collection unit 14 of the access relay device 4 is unique to the terminal from the client terminal 1 via the Internet I / F unit 11 as in the first embodiment. Collect terminal information for.
The terminal information collection unit 14 registers the terminal information collected from the client terminal 1 in the user management DB 5.

The server list transmission unit 15 of the access relay device 4 refers to the personal information of the client and searches for content servers that permit temporary access to the client terminal 1 among the content servers connected to the intranet 6. For example, if the servers that permit temporary access are the content servers 7 and 8, a server list that is a list indicating that the servers that permit temporary access are the content servers 7 and 8 is created.
In addition, the server list transmission unit 15 creates a temporary server ID for identifying the content servers 7 and 8 and inserts the temporary server ID and the expiration date of the temporary server ID into the server list.

When the above process ends, the access relay device 4 starts creating a temporary account.
The temporary account is created based on the access date and time, the MAC address, and the like of the client terminal 1 in addition to the account creation key set in advance by the administrator.
Therefore, even if the temporary account identifies the same content server, if the client terminal 1 desiring access is different, a different temporary account is created.
Even if the same client terminal 1 has different access dates, different temporary accounts are created.
If the expiration date of the temporary account expires, it is forcibly disabled in the same way as the agent software. Also, the temporary server ID is not updated many times like the temporary server ID in the first embodiment.

When the server list transmission unit 15 of the access relay apparatus 4 creates a server list including the temporary server ID and the temporary account, the server list transmission unit 15 transmits the server list to the client terminal 1 via the Internet I / F unit 11.
Further, the server list transmission unit 15 registers the server list in the user management DB 5.

Next, the case where the client terminal 1 in which the agent software is installed accesses the content server via the access relay device 4 will be described.
The agent software installed in the client terminal 1 is automatically started as a resident process when the client terminal 1 is started up, as in the first embodiment, and is started or periodically on the content server connected to the intranet 6. Investigate whether there is a change (for example, investigate whether a content server allowing temporary access to the client terminal 1 has been added, whether the host name of the content server has been changed, etc.) ). As a result of the investigation, if there is a change, the server list in the client terminal 1 transmitted and stored earlier from the access relay device 4 is updated.

The external user operates the client terminal 1 and designates a content server desired to be accessed on the browser.
For example, when the client specifies the content server 7, the following URL is input on the browser. The URL specified on the browser is written in the mail automatically transmitted from the administrator of the access relay apparatus 4 after the input of the personal information, so this character string is input.
http: // server name / folder name of content server 7 / ˜

If the agent software installed in the client terminal 1 inputs a URL on the browser, the client software 1 refers to the server list and specifies whether the URL specifies a server in the intranet 6 as in the first embodiment. Judge whether or not.
If the URL does not specify a server in the intranet 6, the agent software transfers the URL as it is to the Internet 2, but the URL specifies a server in the intranet 6, and temporary access If the URL of the content server 7 or 8 is permitted, the URL is changed.

That is, when the content server that is desired to be accessed is the content server 7, the agent software has a URL in which the temporary server ID of the content server 7 is added to the server name of the access relay device 4 as shown below. Change to
http: // server name of access relay device 4 / temporary server ID of content server 7 / folder name / ˜

  Further, when the agent software changes the URL to the format in which the temporary server ID of the content server 7 is added, the terminal information of the client terminal 1 (the terminal information previously negotiated with the terminal information collecting unit 14 of the access relay device 4) is added to the URL. ), An agent flag indicating that the agent software has been created, and a URL to which the terminal information is added is transferred to the Internet 2 as an access request.

Since the URL and IP address of the access relay device 4 are published on the Internet 2, the name is resolved on the Internet 2, and the access request reaches the access relay device 4.
Even if an unspecified third party transfers a URL that directly specifies the server name of the content server 7 to the Internet 2, the IP address of the content server 7 is not disclosed on the Internet, so the content server 7 is accessed. Can not do it. Also, even if an attempt is made to access the access relay device 4, the top page of the access relay device 4 can be reached, but since the initial authentication there fails, access to the intranet cannot be made.

When the Internet I / F unit 11 receives an access request including a temporary server ID, a temporary account, terminal information, and an agent flag from the client terminal 1, the request transfer unit 16 of the access relay apparatus 4 extracts the terminal information from the access request. Then, it is determined whether or not the same terminal information as the terminal information is registered in the user management DB 5.
When the same terminal information as the terminal information included in the access request is not registered in the user management DB 5 or when the agent flag is not included in the access request, the request transfer unit 16 Access is denied, but if the same terminal information is registered in the user management DB 5 and the agent flag is included in the access request, the temporary server ID and temporary account are extracted from the access request and are the same as the value It is determined whether or not the temporary server ID and temporary account are registered in the user management DB 5.

  If the same value as the temporary server ID and temporary account included in the access request is not registered in the user management DB 5, the request transfer unit 16 rejects access from the client terminal 1, but the same temporary server ID And a temporary account are registered in the user management DB 5, a URL including the server name and IP address of the content server 7 corresponding to the temporary server ID included in the access request is created, and the intranet I / F unit 17 is Then, the URL is transferred to the content server 7 as an access request.

When the access request is transferred from the access relay device 4 through the intranet 6, the content server 7 returns the content to the access relay device 4.
When the intranet I / F unit 17 receives the content from the content server 7, the content reply unit 18 of the access relay device 4 encrypts the content as necessary, and transmits the content via the Internet I / F unit 11. A reply is sent to the client terminal 2.

Thus, when the agent software of the client terminal 1 receives the content from the access relay device 4 through the Internet 2, the content is transferred to the browser.
The browser of the client terminal 1 displays the content on the display of the client terminal 1.

  As is apparent from the above, according to the sixth embodiment, a temporary account for permitting temporary access is created instead of a regular account of a certain content server, and a server list including the temporary account is created. When an access request including a temporary server ID, a temporary account, and terminal information is received from the client terminal 1 through the Internet 2 and transmitted from the client terminal 1, the terminal information included in the access request and the previously collected terminal information are combined. If so, since the access request is transferred to the content server corresponding to the temporary account, temporary access is made to a completely external user who does not have the accessible content server in the intranet 6. The effect which can be permitted is produced.

  In addition, since the temporary account created here is automatically generated based on a unique key called account creation key and has a limited validity period, the content server administrator applies to the server for use. Every time there is no need to create a fixed account for external users. Accordingly, the burden of account management is lightened, and there is less room for security holes.

Embodiment 7 FIG.
In the sixth embodiment, there is no content server in the intranet 6 that can be accessed by the client terminal 1, but when there is a content server that allows temporary access, the regular content server of the content server with the access relay device 4 exists. Although a temporary account for permitting temporary access in place of an account is created and a server list including the temporary account and a temporary server ID is transmitted to the client terminal 1, it is connected to the intranet 6. If a content server that can be accessed by the client terminal 1 and a content server that permits temporary access are mixed, a temporary server ID and a temporary account are created, and the temporary server ID And the server list containing the temporary account It may be transmitted to one.

Specifically, it is as follows.
When the client inputs authentication information on the login page of the access relay apparatus 4 and transmits the authentication information to the access relay apparatus 4 in the same manner as in the first embodiment, the server list transmission unit 15 of the access relay apparatus 4 However, referring to the authentication information, the content server in the intranet 6 accessible by the client terminal 1 among the content servers connected to the intranet 6 is searched.

  For example, if the content server 7 is an accessible server, the server list transmission unit 15 creates a list indicating that the accessible server is the content server 7, but the remaining content servers 8 are temporarily stored. If the server permits access, a list indicating that the server permitting temporary access is the content server 8 is created, and the list is included in the server list.

In addition, the server list transmission unit 15 creates a temporary server ID for identifying the content server 7, creates a temporary server ID for identifying the content server 8 and a temporary account, and stores the temporary server ID and the temporary account in the server list. To include.
Then, the server list transmission unit 15 transmits the server list to the client terminal 1 via the Internet I / F unit 11.

  When the client terminal 1 accesses the content server 7, it is accessed in the same manner as in the first embodiment, and when the client terminal 1 accesses the content server 8, it is accessed in the same manner as in the sixth embodiment. Description of the operation is omitted.

  As is apparent from the above, according to the seventh embodiment, among the content servers connected to the intranet 6, the content server that can be accessed by the client terminal 1, the content server that permits temporary access, If the server is mixed, a temporary server ID and a temporary account are created, and a server list including the temporary server ID and the temporary account is transmitted to the client terminal 1. The terminal 1 has an effect of being able to temporarily access a content server that permits temporary access.

BRIEF DESCRIPTION OF THE DRAWINGS It is a block diagram which shows the WEB system with which the access relay apparatus by Embodiment 1 of this invention is applied. It is a block diagram which shows the access relay apparatus by Embodiment 1 of this invention. It is a sequence diagram which shows the exchange between a client terminal, an access relay apparatus, and a content server. It is a flowchart which shows the processing content of the access relay apparatus by Embodiment 1 of this invention. It is explanatory drawing which shows original URL, temporary server ID, etc. of a content server. It is explanatory drawing which shows the packet structural example of the access request transmitted from a client terminal. It is a flowchart which shows the processing content of the access relay apparatus by Embodiment 6 of this invention.

Explanation of symbols

  1 client terminal, 2 Internet (external network), 3 firewall, 4 access relay device, 5 user management DB, 6 intranet (internal network), 7 content server, 8 content server, 9 administrator terminal of access relay device, 10 mail Server, 11 Internet I / F unit, 12 Authentication processing unit (authentication processing unit), 13 Agent software installation unit (initial setting unit), 14 Terminal information collection unit (initial setting unit), 15 Server list transmission unit (initial setting unit) ), 16 request transfer unit (request transfer unit), 17 intranet I / F unit, 18 content reply unit (content reply unit).

Claims (11)

  When access is received from a client terminal, authentication processing means for performing authentication processing on the client terminal, and when the access authority of the client terminal is recognized by the authentication processing of the authentication processing means, terminal information specific to the terminal from the client terminal Initial setting means for creating a temporary server ID for identifying a content server connected to the internal network and transmitting the temporary server ID to the client terminal, and the temporary server ID and the terminal from the client terminal. When the access request including the information is received, if the terminal information included in the access request matches the terminal information collected by the initial setting means, the access request is sent to the content server corresponding to the temporary server ID. Request forwarding means to forward and Receives the content from the content server, the access relaying apparatus and a content returning means for returning the contents to the client terminal.   The initial setting means, when collecting terminal information from the client terminal, installs agent software on the client terminal, negotiates with the agent software in the client terminal, and sets the type of the terminal information The access relay apparatus according to claim 1.   3. The initial setting means, when receiving an access request for a content server from a client, installs agent software having a function of generating an access request including a temporary server ID and terminal information in the client terminal. The access relay device described.   4. The access relay apparatus according to claim 3, wherein the agent software installed by the initial setting means includes a flag indicating that the access request is generated by the agent software when the access request is generated. .   2. The access relay apparatus according to claim 1, wherein the initial setting means creates a different temporary server ID for each client terminal even for the same content server.   6. The initial setting means creates a different temporary server ID if the access date / time is different even when the same client terminal sends a request to the same content server. Access relay device.   The access relay apparatus according to claim 1, wherein the initial setting means sets an expiration date of the temporary server ID and updates the temporary server ID when the expiration date expires.   The initial setting means, if there is no content server that can be accessed by the client terminal among the content servers connected to the internal network, a temporary account for permitting temporary access instead of a regular account for the system When the request transfer means receives an access request including the temporary account and the terminal information from the client terminal, the terminal information included in the access request and the initial information are transmitted to the client terminal. 2. The access relay apparatus according to claim 1, wherein if the terminal information collected by the setting means matches, the access request is transferred to the content server corresponding to the temporary account.   When the content server connected to the internal network includes a content server that can be accessed by the client terminal and a content server that allows temporary access, the initial setting means is temporarily stored in addition to the temporary server ID. A temporary account for permitting a general access is transmitted, the temporary server ID and the temporary account are transmitted to the client terminal, and the request transfer means receives an access request including the temporary account and terminal information from the client terminal. If the terminal information included in the access request matches the terminal information collected by the initial setting means, the access request is transferred to the content server corresponding to the temporary account. 1. The access relay device according to 1.   When the request transfer means receives the access request including the previous access information in addition to the temporary server ID and the terminal information from the client terminal, the terminal information included in the access request and the terminal information collected by the initial setting means The access relay apparatus according to claim 1, wherein the access request is transferred to a content server corresponding to the temporary server ID if the access information is correct and the previous access information is valid.   2. The access relay apparatus according to claim 1, wherein when transferring the access request to the content server, the request transfer means transmits client authentication information for the content server to the content server.

Images