JP2006079598A - Access control system, access control method, and access control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To verify whether or not an access request is issued from a regular accessing person. <P>SOLUTION: A service center generates an access URL including an access permitted person address, a resource identifier, and a validation condition, which are accepted from a manager, as a key. When accepting an access request using an access URL from an accessing person, the service center reports a password to an access permitted person address included in this access URL on condition that a validation condition included in the access URL is satisfied. Furthermore, the service center accepts input of a password from the accessing person and permits him or her to access a resource specified by a resource identifier included in the access URL on condition that the password accepted from the accessing person corresponds to the password reported to the access permitted person address beforehand. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access control system, an access control method, and an access control program for controlling access by an accessor.

  2. Description of the Related Art Conventionally, in a Web server or the like on a network such as the Internet, access is permitted after authenticating the identity of a user who is an accessor. As such an authentication method, password authentication as disclosed in Patent Document 1 (Japanese Patent Laid-Open No. 2004-200740), that is, a user ID and a password of a user permitted to access are previously associated with a database (DB). Add the user ID and password to the user who has requested access, and allow access on condition that the user ID and password entered by the user are registered in association with the DB The technique to do is common.

  The existence of other documents corresponding to the prior art documents cannot be known at the time of filing a patent application, and patent documents describing conventional technical contents cannot be found. The technical scope searched is as follows. Search target: Application publications after 1993 and patent publications after 1994. Search method: Search the full text with a search formula consisting of keywords such as Web, authentication, and email address.

JP 2004-200740 A

  By the way, as described below, the conventional technology described above is described below from the viewpoints of authenticity of accessor authentication, burden on accessor and service provider, leakage of user ID and password, database resources, and the like. There is a problem to do.

  That is, in the password authentication described above, even if an unauthorized third party who has stolen the user ID and password of a legitimate user requests access, the user ID and password entered by the third party are associated with the database. If it is registered, access is permitted, so there is a problem that accessor authentication is insufficient.

  Further, in the above password authentication, there is a burden that the user must remember his / her user ID and password continuously. Since these are often forgotten by the user, there are many inquiries from the user to the service provider, and there is a problem that the burden on the service provider required for resetting the password is increased. In addition, in order not to forget the user ID and password, the user often writes them down continuously by taking notes, etc., but this increases the risk of the user ID and password leaking to a third party. There is also a problem.

  Also, in the above password authentication, every time an access right is given to a certain user, the user ID and password must be registered in the database, so the system storage resource is proportional to the number of access rights granted to the user. There is also a problem that becomes larger.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an access control system capable of reliably authenticating whether or not the access request is made by a legitimate accessor, and access It is an object to provide a control method and an access control program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 is an access control system for controlling access by an accessor, and addresses one or a plurality of access permitters to which access is permitted. An access code generating means for generating an access code in association with such information, and an authentication for receiving an access code from the accessor and notifying predetermined authentication information to the address of the authorized person obtained based on the access code An information notifying means; and an access control means for accepting authentication information from the accessor and permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notifying means; It is provided with.

  Further, in the invention according to claim 2, in the above invention, the access code generation means generates an access code including information related to addresses of one or a plurality of access authorized persons permitted to access with a predetermined key. Then, the authentication information notification means receives an access code from the accessor, acquires the address of the access permitter included in the access code, and notifies predetermined authentication information to the address of the access permitter It is characterized by that.

  Further, in the invention according to claim 3, in the above invention, the access code generation means generates an access code including the address itself as information relating to the address of the access authorized person, and the authentication information notification means Obtains the address of the authorized person included in the access code and notifies the authentication information to the address.

  Further, the invention according to claim 4 is the access code generation means according to the above invention, further comprising address storage means for storing the address of the access authorized person and address identification information for identifying the address in association with each other. Generates an access code including address identification information corresponding to the address as information relating to the address of the access authorized person, and the authentication information notifying means includes the address stored in the address storage means. An address corresponding to the address identification information included in the access code is acquired, and the authentication information is notified to the address.

  Further, in the invention according to claim 5, in the above invention, the authentication information notification means further accepts the accessor's address together with the access code from the accessor, and the access obtains the address from the access code. The authentication information is notified to the address of the authorized person on condition that the address corresponds to the authorized person's address.

  Further, in the invention according to claim 6, in the above invention, when a plurality of addresses are acquired from the access code, the authentication information notifying unit receives the address from the accessor among the plurality of addresses. The authentication information is notified to the corresponding address from among the plurality of addresses on condition that there is one corresponding to the address.

  According to a seventh aspect of the present invention, in the above invention, for each access code generated by the access code generation means, an access code storage means for storing information relating to an address of an access authorized person corresponding to each access code The authentication information notifying unit receives an access code from the accessor, and obtains the address of the access permitted person corresponding to the access code among the addresses of the access permitted person stored in the access code storage unit. The predetermined authentication information is notified to the address of the access authorized person.

  In the invention according to claim 8, the access code storage means stores the address itself as information relating to the address of the access authorized person, and the authentication information notification means is stored in the access code storage means. The access permitter's address corresponding to the access code is acquired from the access permitter's address, and the authentication information is notified to the address.

  The invention according to claim 9 is the above invention, further comprising address storage means for storing the address of the authorized person and address identification information for identifying the address in association with each other, and the access code generating means Generates an access code associated with the address identification information corresponding to the address as information relating to the address of the access authorized person, and the authentication information notifying means is configured from the address stored in the address storage means. The access authorized person's address corresponding to the access code is acquired from the access authorized person's address stored in the access code storage means, and the authentication information is notified to the address.

  In the invention according to claim 10, in the above invention, the authentication information notifying unit further accepts the accessor's address together with the access code from the accessor, and the address is stored in the access code storage unit. The authentication information is notified to the address of the permitted access person on the condition that it corresponds to the address of the permitted access person acquired from the information related to the address of the permitted access person corresponding to the access code. To do.

  In the invention according to claim 11, in the above invention, the authentication information notifying unit may receive a plurality of addresses from information related to an access authorized person address corresponding to the access code stored by the access code storage unit. If it is acquired, the authentication information is notified to the corresponding address from the plurality of addresses, provided that there is one corresponding to the address received from the accessor among the plurality of addresses. It is characterized by doing.

  In the invention according to claim 12, in the above invention, the access code generation means generates an access code including an address verification code for verifying the address as information related to the address of the access authorized person. The authentication information notifying means further accepts the address of the accessor together with the access code from the accessor, and the address verification code generated from the address corresponds to the address verification code included in the access code. As a condition, the authentication information is notified to an address received from the accessor.

  Further, in the invention according to claim 13, in the above invention, the access code generation means generates an access code further including information relating to a valid condition required for the access permitter, and the authentication information notification means Is characterized in that the authentication information is notified on condition that the valid condition acquired from the access code is satisfied.

  In the invention according to claim 14, in the above invention, the access code generation means includes information related to a period, time, the number of times, or a combination thereof, in which access is permitted, as the information related to the valid condition. An access code is generated.

  Further, in the invention according to claim 15, in the above invention, the access code generation means provides information on the message address, telephone number or both of the access permitter as information on the address of the access permitter. An access code is generated, and the authentication information notifying means notifies the authentication information to the message address, the telephone number, or both of the access permitter.

  In the invention according to claim 16, in the above invention, the access code generation means is a communication different from a communication path for receiving an access code and authentication information from the accessor as information related to the address of the access authorized person. An access code including information about an address using the route is generated, and the authentication information notifying unit uses the communication route different from the communication route for receiving the access code and the authentication information from the accessor, and sends the authentication code to the address. It is characterized by notifying information.

  The invention according to claim 17 is characterized in that, in the above invention, the authentication information notifying means randomly generates and notifies different authentication information every time an access code is received from the accessor.

  The invention according to claim 18 is the authentication information storage according to the above invention, wherein a session ID for uniquely identifying the authentication information notification procedure and the authentication information notified in the session ID notification procedure are stored in association with each other. The access control means transmits a message including the session ID to the user terminal of the accessor, and accepts a response message including the session ID and the authentication information as a response to the message. The access by the accessor is permitted on the condition that the session ID and authentication information are stored in association with the authentication information storage means.

  The invention according to claim 19 is characterized in that, in the above invention, ID generation for uniquely specifying the authentication information notification procedure and generating a session ID containing authentication information including the authentication information notified in the notification procedure. The access control means further transmits a message including the session ID containing authentication information generated by the ID generation means to the user terminal of the accessor, and enters the authentication information as a response to the message. Accepting a response message including a session ID and the authentication information, and permitting access by the accessor on condition that the authentication information included in the response message corresponds to the authentication information included in the session ID. Features.

  The invention according to claim 20 is the above invention, wherein the access code generating means generates an access code by further associating information related to an access destination address indicating an access destination of the access authorized person, and The control means permits access by the accessor with respect to an access destination address specified based on the access code.

  The invention according to claim 21 is the above invention, wherein the access code generation means associates a file name, a folder name, a directory name, or a combination thereof specifying an access destination resource as the access destination address. Generating an access code, and the access control means permits access by the accessor for a resource specified by a file name, a folder name, a directory name or a combination thereof associated with the access code. And

  The invention according to claim 22 is the above invention, wherein the authentication server has the authentication information notification means and the access control means to authenticate the accessor, and manages the content provided to the accessor. When the access control unit of the authentication server permits access by the accessor, the access control unit of the authentication server acquires content to be provided to the accessor from the content management server and sends the content to the accessor. It is disclosed in the above.

  The invention according to claim 23 is the above invention, wherein the authentication information notifying means is provided to notify the accessor of the authentication information, and the access control means is provided to the accessor. A content management server for managing the provided content, wherein the authentication information notifying means of the authentication server receives an access code from the accessor via the content management server, and the access control means of the content management server includes the When the access by the accessor is permitted, the content is disclosed to the accessor.

  The invention according to claim 24 is the above invention, wherein the authentication server having the authentication information notification means and the access control means and authenticates the accessor, and manages the content provided to the accessor The access control means of the authentication server generates a secondary access code for accessing the content management server when permitting access by the accessor, and stores the secondary access code It is disclosed to the accessor.

  The invention according to claim 25 is the above invention, wherein the authentication server has the authentication information notification means and the access control means to authenticate the accessor, and manages the content provided to the accessor. An access control unit of the authentication server that receives an access code from the accessor via the content management server, acquires content to be provided to the accessor from the content management server, and The access control means of the management server, when permitting access by the accessor, discloses the content acquired from the content management server to the accessor.

  According to a twenty-sixth aspect of the present invention, in the above invention, when access by the accessor is permitted by the access control means, an access ID for uniquely identifying the permitted access and a control content for the access are provided. Access ID storage means for storing the information in association, access ID notification means for notifying the access person of the access ID stored in the access ID storage means, and access ID notified by the access ID notification means for the access person And an access continuation control means for continuously controlling the access of the accessor based on the control contents stored in the access ID storage means in association with the access ID. To do.

  In addition, the invention according to claim 27 includes, in the above-described invention, when access by the accessor is permitted by the access control means, uniquely identifies the permitted access and includes control contents for the access. An access ID generating means for generating an access ID, an access ID notifying means for notifying the accessor of the access ID generated by the access ID generating means, and the access ID notified by the access ID notifying means for the access And an access continuation control means for continuously controlling the access by the accessor based on the control content included in the access ID.

  Further, in the invention according to claim 28, in the above invention, the access ID generation unit uniquely specifies an access source of the accessor when access by the accessor is permitted by the access control unit. Source information is acquired, the access ID is generated in association with the access source information of the accessor, and the access continuation control unit receives the access ID generated by the access ID generation unit from the accessor and The access source information of the accessor is acquired, and on the condition that the acquired access source information corresponds to the access source information associated with the access ID, based on the control content associated with the access ID It is characterized by continuously controlling access by the accessor.

  In the invention according to claim 29, in the above invention, when access by the accessor is permitted by the access control means, access source information for uniquely identifying the access source of the accessor and the accessor Access source information storage means for storing the control contents in association with each other, and when an access request is received from the accessor, the access source information included in the access request is acquired, and the access is associated with the access source information. Access continuation control means for continuously controlling the access by the accessor based on the control content stored in the original information storage means is further provided.

  Further, in the invention according to claim 30, in the above invention, as the information for specifying an access code to be invalidated, condition information relating to the access code itself or predetermined invalidation information derivable from the access code or The revocation information storage unit stores condition information related to predetermined revocation information associated with the access code, and the authentication information notification unit receives the access code when the access code is received from the accessor. The address of the access permitted person acquired based on the access code on the condition that the invalidation information is acquired based on the condition and the invalidation information does not match the condition information stored in the invalidation information storage unit It is characterized by notifying predetermined authentication information to the address.

  The invention according to claim 31 is the above invention, wherein the invalidation information storage means stores the condition information related to the access code until an expiration date set in the access code elapses. Features.

  The invention according to claim 32 is the above invention, wherein the invalidation information storage means is a predetermined invalidity that can be derived from the access code of the access source notified of the authentication information or from the access code of the access source. Storing the condition information related to the activation information or the condition information related to the predetermined invalidation information associated with the access code of the access source, and when the authentication information notification means receives the access code from the accessor, The predetermined authentication information is notified to the address of the access authorized person acquired based on the address code on condition that the access code does not match the condition information stored by the invalidation information storage means. To do.

  According to a thirty-third aspect of the present invention, there is provided an access control method for controlling access by an accessor, wherein an access code is generated in association with information relating to addresses of one or a plurality of access permitters who are permitted to access. An access code generating step; an authentication information notifying step for receiving an access code from the accessor and notifying predetermined authentication information to the address of the access permitted person obtained based on the access code; and an authentication information from the accessor And an access control step of permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notification step.

  In the invention according to claim 34, in the above invention, the access code generation step generates an access code including information related to addresses of one or a plurality of access authorized persons permitted to access with a predetermined key. In the authentication information notification step, an access code is received from the accessor, the address of the access permitter included in the access code is acquired, and predetermined authentication information is notified to the address of the access permitter. It is characterized by that.

  The invention according to claim 35 is the access code storing step of storing information relating to the address of the access authorized person corresponding to each access code for each access code generated by the access code generating step in the above invention. The authentication information notifying step receives an access code from the accessor, and obtains the address of the access permitted person corresponding to the access code among the addresses of the access permitted person stored in the access code storing step. The predetermined authentication information is notified to the address of the access authorized person.

  According to a thirty-sixth aspect of the present invention, there is provided an access control program for controlling access by an accessor, wherein an access code is generated in association with information related to an address of one or a plurality of access permitters permitted to access. An access code generation procedure, an authentication information notification procedure for receiving an access code from the accessor, and notifying predetermined authentication information to the address of the access authorized person acquired based on the access code, and authentication information from the accessor And an access control procedure for permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notification procedure.

  In the invention according to claim 37, in the above invention, the access code generation procedure generates an access code including information related to addresses of one or a plurality of access authorized persons permitted to access with a predetermined key. The authentication information notification procedure receives an access code from the accessor, acquires the address of the access permitter included in the access code, and notifies predetermined authentication information to the address of the access permitter. It is characterized by that.

  According to a thirty-eighth aspect of the present invention, in the above-mentioned invention, for each access code generated by the access code generating means, an access code storing procedure for storing information related to an address of an access authorized person corresponding to each access code The authentication information notification procedure receives an access code from the accessor, and obtains the address of the access permitter corresponding to the access code among the addresses of the access permitter stored in the access code storage procedure. The predetermined authentication information is notified to the address of the access authorized person.

  According to the invention of claim 1, 33 or 36, even if a third party who obtained the access code illegally requests access, the authentication information is only sent to the address of the authorized person who is an authorized access person. The authentication information is not notified to the unauthorized accessor, and the unauthorized access request is rejected. Therefore, it is possible to reliably authenticate whether the access request is made by the authorized accessor. In addition, since the authentication information is paid out in response to the access request by the accessor, the accessor does not need to remember the authentication information continuously, and the accessor is less likely to forget the authentication information. And the burden on the service provider can be reduced. In addition, since it is not necessary for the accessor to continuously write down the authentication information with a memo or the like, the risk of leaking the authentication information to a third party can be reduced. Further, since the access code is not stored in the database every time the access code is generated, the access code can be authenticated without consuming the storage resources of the system. Further, since the access code is generated using the key, it is difficult to illegally generate or falsify the access code by a malicious third party, and it is possible to realize highly secure access control.

  According to the invention of claim 2, 34 or 37, an access code including information related to the address of one or a plurality of access-permitted users whose access is permitted is generated by a predetermined key, and the access code is received from the accessor. Is acquired, the address of the authorized person included in the access code is acquired, and the predetermined authentication information is notified to the address of the authorized person, so that the access code is stored in the database every time the access code is generated. As a result, the access code can be authenticated without consuming the storage resources of the system by the access code.

  Further, according to the invention of claim 3 or 8, since the access code including the address of the access authorized person itself is generated, the database for storing the address of the accessor can be made completely unnecessary and stored in this respect. Resource consumption can be suppressed.

  According to the invention of claim 4 or 9, address identification information for identifying the address of the authorized person is included in the access code, and the address itself is stored in the database in association with the address identification information. It is possible to reduce the amount of information included in the access code as compared to the case where is included in the access code. Even if you want to change the address after generating the access code, you can simply change the address stored in the database without generating a new access code, and you can continue to use the access code. become.

  Further, according to the invention of claim 5 or 10, since the address is received from the accessor prior to the notification of the authentication information, the authentication information is notified on the condition that the address corresponds to the address acquired from the access code. It is possible to eliminate in advance an unauthorized accessor who does not even know the access permitter address. Also, if the access permitter address is kept in a secret state, even if an accessor terminal that receives notification of authentication information (for example, a mobile phone terminal if the access permitter address is a mobile mail address) is stolen. Thus, notification of authentication information to such an accessor terminal can be prevented, and an unauthorized access request can be reliably rejected.

  According to the invention of claim 6 or 11, when a plurality of addresses (for example, each address possessed by a plurality of access permitters, a plurality of addresses possessed by one access permitter) are obtained from the access code, Instead of notifying authentication information to multiple addresses, the authentication information is notified to the corresponding address on condition that the address received from the accessor corresponds to one of the multiple addresses. It is possible not only to eliminate the user in advance but also to notify the authentication information to the necessary address without waste.

  According to the invention of claim 7, 35 or 38, the contents and number of the information related to the address are updated at any time without changing the access code by changing the database by including the information related to the address in the database. It becomes possible to do.

  According to the twelfth aspect of the present invention, the address verification code (at least the address is not included), not including the address itself of the access authorized person in the access code but storing the address identification information and the address in association with each other in the database. The access code that includes the hash value generated from the access code is generated, so that address identification information and address leakage can be prevented, and the amount of information included in the access code can be reduced without using the database as described above become. Even if the address itself is not included in the access code and is not stored in the database as described above, the authentication information is not unconditionally notified to the address received from the accessor, but the address is not received. Since the authentication information is notified on the condition that the encrypted data corresponds to the encrypted data included in the access code, it is possible to eliminate unauthorized access persons in advance.

  According to the invention of claim 13, as a result of notifying the authentication information on the condition that the effective condition acquired from the access code is satisfied, the access effective condition (for permitting access) from a viewpoint different from the accessor authentication. Condition) can be requested separately, and unauthorized access that does not satisfy the valid condition can be eliminated in advance. Also, instead of accumulating valid conditions in the database every time an access code is generated, information related to valid conditions (valid conditions themselves or identification information for identifying valid conditions stored in the database) is stored in the access code. Therefore, unauthorized access can be eliminated without requiring a database as described above.

  According to the fourteenth aspect of the invention, since the period, time, number of times or the combination of access is permitted as an effective condition, not only the reliable access authentication but also the viewpoint of the effective period, the effective time, and the number of effective times From this, practical access authorization can be realized.

  Further, according to the invention of claim 15, since the authentication information is notified by using the access permitter's message address or telephone number as the access permitter's address, the access permitter can authenticate without taking time from receiving the access code. It becomes possible to obtain information immediately.

  According to the sixteenth aspect of the present invention, the authentication information is notified to an address using a communication path different from the communication path for receiving the access code and the authentication information from the accessor, so that it is compared with the case where the same communication circuit is used. Therefore, it is possible to achieve high security against leakage of authentication information.

  According to the invention of claim 17, since authentication information is randomly generated and notified each time an access request from an accessor is received, analysis of authentication information by a malicious third party is difficult, and safety is ensured. High access control can be realized.

  According to the invention of claim 18, the session ID and the authentication information are registered in the database in association with each other, and the authentication information is received from the accessor through a message including the session ID. Even when processing and receiving authentication information from a plurality of accessors at the same time, a plurality of access authentications can be reliably performed.

  According to the invention of claim 19, since the session ID including the authentication information is generated, a database for storing the session ID and the authentication information in association with each other can be completely eliminated. Consumption can be suppressed.

  According to the twentieth aspect of the present invention, the access code and the access destination address are not stored in the database every time the access code is generated, but the information related to the access destination address (the access destination address itself or stored in the database). The identification information for specifying the access destination address) is included in the access code, so that it is possible to specify the access destination without requiring the database as described above.

  According to the invention of claim 21, since the file name, the folder name, and the directory name are used as the access destination address, for example, the access destination resource can be fixed by using the file name as the access destination. Also, even if you want to change the access target after generating the access code by setting the folder name or directory name as the access destination, resources in the folder or under the directory without generating a new access code It is only necessary to replace the, and the access code can be used continuously.

  According to the invention of claim 22, as a result of providing the content only to the authentication server, the content providing server can facilitate setting of access control in the content providing server. As the authentication server centrally grasps the content provided to the accessor from the content provider, it is possible to charge the accessor in a lump sum. It becomes possible to provide recommendations.

  According to the invention of claim 23, as a result of the content providing server providing the content to the accessor, it is possible to prevent load concentration on the authentication server as compared with the case where the authentication server provides the content. In addition, since the authentication server notifies the authentication information, the content provider can perform appropriate access control without knowing information related to the address of the accessor, and the anonymity of the accessor can be controlled with respect to the content provision server. It becomes possible to secure.

  According to the invention of claim 24, as a result of the access person once authenticated by the authentication server holding the secondary access code, the access person can directly access the desired content providing server at a desired timing. .

  According to the invention of claim 25, as a result of providing the content only to the authentication server, the content providing server can facilitate the access control setting in the content providing server. In addition, as a result of the access person communicating the request to the content providing server without going through the authentication server, it becomes possible for the content providing server to perform access control after processing and generating the content according to the access person's request. Become.

  According to the invention of claim 26, when the accessor has the authority to access a plurality of contents deployed in the authentication server, the user can access by the session ID after being authenticated once through the authentication procedure. Therefore, it is possible to reduce the labor of inputting authentication information.

  According to the invention of claim 27, since the authentication result is included by the key in the session ID presented by the accessor, it is not necessary to store the authentication result while preventing falsification of the authentication result.

  According to the invention of claim 28, even when the access ID is leaked to a third party, only access from a specific accessor is accepted, and impersonation can be prevented.

  According to the invention of claim 29, the accessor can continuously access without newly holding a session ID.

  According to the invention of claim 30, it becomes possible to invalidate the access code issued by the issuer by mistake.

  According to the invention of claim 31, it is possible to prevent an increase in the number of access codes to be invalidated with continuous operation of the system.

  According to the thirty-second aspect of the present invention, it is possible to limit access to one person at a time and prevent a plurality of persons from accessing simultaneously.

  Embodiments 1 to 3 of an access control system, an access control method, and an access control program according to the present invention will be described below in detail with reference to the accompanying drawings.

  In the first embodiment, the case where the access control according to the present invention is applied to a resource disclosure service on the Web is taken as an embodiment, and after describing the terms used in the first embodiment, the outline and features of the access control system according to the first embodiment, The configuration of the access control system, the details of each device in the system, the flow of processing from the URL generation request to the reception of the access result, the details of each processing procedure, and the like will be described. Finally, the effects of the first embodiment will be described.

[Explanation of Terms (Example 1)]
First, main terms used in Example 1 will be described. “Accessor B” used in the first embodiment is a user who accesses a resource (file) using an access URL (UniformResourceLocator) described later. The “manager A” used in the first embodiment is a user who manages resources accessed by the accessor. That is, in the first embodiment, it is assumed that resources owned by a plurality of administrators A are disclosed in response to an access request from the accessor B.

  The “access URL (corresponding to the“ access code ”described in the claims)” used in the first embodiment is a code that is presented when the accessor B accesses the resource. It is generated as a URL including a mail address (such as an Internet mail address) of an authorized access person and a “valid condition” described later using a key. In the first embodiment, an accessor permitted to access is abbreviated as “access permitter”, and a mail address of the access permitter is abbreviated as “access permitter address”.

  The “authentication information” used in the first embodiment is a password presented to prove that the accessor B is an authorized person, and is generated as, for example, a numeric string as illustrated in FIG. Is done. The “valid condition C” used in the first embodiment is a condition required for access by an access permitter (a condition necessary for permitting access by an access permitter). For example, access by an access permitter For example, the valid period designation that designates the period (valid period) for which permission is permitted. In other words, in the first embodiment, it is assumed that access to the resource is permitted on the condition that the accessor B is an access permitter and the valid condition C is satisfied.

[System overview and features]
Next, the outline and features of the access control system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining the outline of the access control system according to the first embodiment.

  The outline of the access control system according to the first embodiment is as follows. For an accessor B who makes an access request to a resource (file) managed by each of a plurality of administrators A on the Web, the accessor B is an authorized person. Whether or not there is a resource is authenticated, and the resource is disclosed only to the accessor B who is properly authenticated. The access URL is used for authentication of the accessor B. In the first embodiment, even if an unauthorized third party who is not an access permitter attempts to use the access URL illegally, the authorized accessor (access The main feature is that it is possible to reliably authenticate whether or not the access request is issued by an authorized person.

  This will be briefly described with reference to FIG. 1 and the like. In the access control system according to the first embodiment, a third party other than the administrator A and the accessor B (for example, a service center that provides a resource disclosure service on the Web) ) Stores resources (files) owned by a plurality of administrators A in the resource management unit.

  When the administrator A makes an access URL generation request to the service center, the service center generates an access URL and notifies the access permitter (accessor B who is permitted to access) of the generated access URL. (Refer to (1) to (3) in FIG. 1). Specifically, an access permitter address (email address of an accessor permitted to access), a resource identifier (identifier for identifying a resource permitting access), and a valid condition C (valid period for permitting access) are set. URL received from the administrator A and having the character string obtained by encrypting the access permitter address, the resource identifier, and the valid condition C with a predetermined key as illustrated in FIG. 8 and FIG. 9 as a “path name portion” Generate an address. In addition, “P” shown in the figure means that a key is used.

  Thereafter, when the access person B makes an access request to the service center by Web access using the access URL, the service center performs notification determination, generation, registration, notification, etc. of authentication information as follows (FIG. 1). (Refer to (4) to (7)). That is, the service center decrypts the access URL used by the accessor B with a predetermined key, extracts the access permitter address, the resource identifier, and the valid condition C, and determines whether the valid condition C (valid period) is satisfied. judge. Note that “Q” shown in the figure means that extraction is performed using a key.

  In addition, when the service condition satisfies the validity condition C, the service center generates authentication information (password) using a random number, and generates a session ID that uniquely identifies the notification procedure of the generated authentication information. The session ID and password are stored in association with the authentication information table. Further, the service center sends an email (see FIG. 11) with the access permitted person address extracted from the access URL as the destination address and the password described in the text (see FIG. 11), and an authentication page (see FIG. 12) including the session ID. ) Is transmitted to the user terminal of the accessor B, and the password input by the accessor B is accepted.

  When the accessor B enters the password on the authentication page and transmits it to the service center, the service center authenticates the accessor B, discloses resources, etc. as follows ((7) in FIG. 1). To (10)). That is, the service center determines whether or not the session ID and password included in the authentication page received from the accessor B are stored in association with the authentication information table. It authenticates that it is an access request by a legitimate accessor (access permitter).

  Then, the service center acquires a resource corresponding to the resource identifier extracted from the access URL from the resource management unit, and displays the resource disclosure page (see FIG. 13) describing the contents of the resource as the user of the accessor B. Send to the terminal. Note that if the session ID and password included in the authentication page are not stored in association with the authentication information table, the access (disclosure) of the resource is not permitted as an access request by an unauthorized accessor B.

  As described above, according to the access control system (mail transfer system) according to the first embodiment, even if a third party who illegally obtained the access URL requests access, the authorized accessor B who is the authorized accessor B Since the password is notified only to the address, the unauthorized accessor B is not notified of the password, and the unauthorized access request is rejected, so that the access request by the authorized accessor B is as described above. It becomes possible to authenticate whether or not.

[System Configuration (Example 1)]
Subsequently, the configuration of the access control system according to the first embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating the configuration of the access control system according to the first embodiment.

  As shown in the figure, this access control system includes an administrator terminal 1, an accessor terminal 2, and an access processing server 10 connected to a network (an administrator IP network 5, an accessor IP network 6, the Internet 7, a LAN 8). , A communication network formed by a router R, a firewall FW, and the like) so that they can communicate with each other. The role and configuration of each device will be described below.

[Administrator terminal (Example 1)]
Among these, the administrator terminal 1 is a known personal computer or workstation, home game machine, Internet TV, PDA, or mobile phone or PHS in which at least communication software such as e-mail software or Web browser is installed. Mobile communication terminal. More specifically, the administrator terminal 1 is a terminal used by the administrator A, and mainly plays a role of transmitting a login request message (see FIG. 6) to the access processing server 10, and an access URL generation request message (FIG. 7). For example) and a role for receiving an access URL generation response message (see FIG. 8) from the access processing server 10.

[Accessor terminal (Example 1)]
Similarly to the administrator terminal 1, the accessor terminal 2 is a known personal computer or workstation, home game machine, Internet TV, PDA, or the like installed with at least communication software such as e-mail software and a web browser. A mobile communication terminal such as a mobile phone or PHS. More specifically, the accessor terminal 2 is a terminal used by the accessor B. The accessor terminal 2 mainly receives an access URL generation notification mail (see FIG. 9) from the access processing server 10, and an access request message based on the access URL. The role of transmitting (see FIG. 10) to the access processing server 10, the role of receiving the notification mail of password as authentication information (see FIG. 11) from the access processing server 10, and the authentication request message with the password entered (see FIG. 12). ) To the access processing server 10 and a role of receiving a resource disclosure message (see FIG. 13) in which resources are disclosed from the access processing server 10.

[Access processing server (first embodiment)]
The access processing server 10 is a server device that provides a resource disclosure service on the Web. As shown in FIG. 2, the access processing server 10 is closely related to the present invention. , Administrator authentication unit 13, issue key storage unit 14, URL generation unit 15, resource management unit 21, notification determination unit 22, authentication information notification unit 23, authentication information table 24, and access control unit 25. With. The URL generation unit 15 corresponds to the “access code generation unit” described in the claims, and the notification determination unit 22 and the authentication information notification unit 23 also correspond to the “authentication information notification unit”, and the authentication information table 24. Corresponds to “authentication information storage means”, and the access control unit 25 also corresponds to “access control means”.

  Among these, the communication unit 21 is a processing unit that controls communication with the caller terminal 2 according to a communication protocol such as so-called SMTP (SimpleMailTransferProtocol) or HTTP (HyperTextTransferProtocol). Specifically, a process for receiving a login request message (see FIG. 6) and an access URL generation request message (see FIG. 7) from the administrator terminal 1, and an access URL generation response message (see FIG. 8) to the administrator terminal 1. A process of transmitting, a process of receiving an access request message (see FIG. 10) using an access URL from the accessor terminal 2 and an authentication request message (see FIG. 12) with a password input, an access URL generation notification mail (see FIG. 9), Processing for transmitting an authentication information notification mail (see FIG. 11) and a resource disclosure message (see FIG. 13) to the accessor terminal 2 is executed.

  The administrator information table 12 is a storage unit (database) that stores information related to the administrator A. Specifically, as illustrated in FIG. 3, the administrator information table 12 is managed in association with the user ID of each administrator A. Storing a password for user authentication and a path name indicating the storage location of the resource.

  The administrator authentication unit 13 is a processing unit that authenticates whether or not the administrator A is a valid user who can request generation of an access URL. Specifically, when a login request message including information input on the login screen (see FIG. 8) is received from the administrator terminal 1, the administrator ID and password included in the request message are stored in the administrator information table 11. It is confirmed whether it is stored in association with. As a result, if the administrator authentication is successful, the fact is transferred to the URL generation unit 15 described later, and if the administrator authentication fails, a message to that effect is returned to the administrator terminal 1.

  The issuance key storage unit 14 is a means for storing an issuance key (secret key) used to generate an access URL, and this issuance key is also used as a verification key in the decryption of the access URL by the notification determination unit 22 described later. . As a key, a common key or a public key can be used as appropriate.

  The URL generation unit 15 is a processing unit that generates an access URL using the issue key stored in the issue key storage unit 14 when the administrator authentication unit 12 succeeds in the administrator authentication. The access URL generation process will be described in detail later with reference to FIG.

  The resource management unit 21 is a storage unit (database) that stores and manages resources (files) owned by each administrator A. Note that the administrator A may access the access processing server 10 from the administrator terminal 1 to add, edit, delete, etc. his own file stored in the resource management unit 21.

  Whether or not to notify the accessor B of the authentication information (password) by determining the valid condition C included in the access URL when the notification determination unit 22 receives an access request based on the access URL from the accessor terminal 2 It is a processing unit for determining whether or not. The authentication information notification determination process will be described in detail later with reference to FIG.

  The authentication information notification unit 23 is a processing unit that notifies the authentication information to the access authorized person address included in the access URL when the notification determination unit 22 recognizes the notification of the authentication information. The authentication information notification process will be described in detail later with reference to FIG.

  The authentication information table 24 is a storage means (database) that stores authentication information notified to the access authorized person address. Specifically, as illustrated in FIG. 4, authentication information transmitted to the accessor terminal 2 is stored. The session ID included in the page (see FIG. 12), authentication information notified to the access permitted person address, and a resource identifier indicating a resource permitted to be accessed by the accessor are stored in association with each other. .

  The access control unit 25 receives the authentication information from the accessor terminal 2 through the authentication page (see FIG. 12), and the authentication information corresponds to the authentication information notified to the access authorized person address by the authentication information notification unit 23. It is a processing unit that permits access by the accessor B to the conditions. Details of the access control processing will be described later with reference to FIG.

[Flow of Processing from URL Generation Request to Access Result Reception (Example 1)]
Next, a processing flow from a URL generation request to access result reception will be described with reference to FIG. FIG. 5 is a sequence diagram showing a flow of processing from the URL generation request by the administrator A to the access result reception by the accessor B.

  As shown in the figure, when an access request message is transmitted from the administrator terminal 1 to the access processing server 10 (step S501), the access processing server 10 starts from the “login page” as illustrated in FIG. Is sent to the administrator terminal 1 (step S502).

  Subsequently, when an administrator ID and a password are input to the “login page” in the administrator terminal 1 and a login request message (see FIG. 6) including these input information is transmitted to the access processing server 10 (steps). S503), the access processing server 10 authenticates whether or not the administrator ID and password included in the request message are stored in association with the administrator information table 12 (step S504). The administrator authentication is not limited to the password authentication as described above, and any other authentication method such as a digital certificate (for example, authentication using an access URL employed in the present invention) may be employed.

  As a result, if the administrator authentication is successful (when the administrator ID and password are stored in association with the administrator information table 12), the access processing server 10 issues an “access URL issue” as illustrated in FIG. A response message composed of “page” is transmitted to the administrator terminal 1 (step S505). On the other hand, if the administrator authentication fails (when the administrator ID and password are not stored in association with the administrator information table 12), the access processing server 10 responds to the administrator terminal 1 to that effect. .

  Then, with respect to the “access URL issue page” at the administrator terminal 1, an access authorized person address (email address of an authorized access person), a resource identifier (identifier for identifying a resource to which access is permitted), and When the valid condition C (valid period for permitting access) is input and an access URL generation request message (see FIG. 7) including these pieces of input information is transmitted to the access processing server 10 (step S506), the access processing server 10 Generates an access URL (step S507). Specifically, a URL address is generated in which a character string obtained by encrypting the access permitter address, the resource identifier, and the valid condition C with the issuance key stored in the issuance key storage unit 14 is “path name portion”. The access URL generation process will be described in detail later with reference to FIG.

  Subsequently, the access processing server 10 transmits an access URL generation response message (see FIG. 8) including the generated access URL to the administrator terminal 1 (step S508). Furthermore, the access processing server 10 generates an access URL generation notification mail (see FIG. 9) including the generated access URL with the access permitted person address as the destination, and transmits this to the access terminal 2 of the access permitted person. (Step S509). In the accessor terminal 2, the content of the generation notification mail as illustrated in FIG. 9 is output to a monitor or the like. When the access URL is designated by the accessor B on the mail via a keyboard or a mouse. The accessor terminal 2 registers the specified access URL in a predetermined storage unit (so-called Web browser software bookmark).

  Thereafter, the accessor terminal 2 transmits an access request message (see FIG. 10) based on the access URL acquired above to the access processing server 10 in accordance with the instruction of the accessor or periodically at predetermined time intervals (step 10). S510). Then, the access processing server 10 decrypts the access URL with the issuance key of the issuance key storage unit 14, takes out the access permitter address, the resource identifier, and the valid condition C (valid period), and determines the valid condition C. Thus, it is determined whether or not to notify the accessor B of authentication information (password) (step S511). The authentication information notification determination process will be described in detail later with reference to FIG.

  When the notification of the authentication information is accepted by the notification determination process, the access processing server 10 notifies the authentication information to the access authorized person address included in the access URL (step S512). Specifically, an e-mail (see FIG. 11) in which the access permitting person address extracted from the access URL is set as the destination address and the authentication information (password) generated using a random number is described in the text is transmitted. The authentication information notification process will be described in detail later with reference to FIG.

  Subsequently, the access processing server 10 accepts a password from the accessor terminal 2 through the authentication page (see FIG. 12) (steps S513 and S514), and that the password and the password notified to the access authorized person address correspond to each other. The access by the accessor B is permitted under the conditions, and a resource disclosure message (see FIG. 13) is transmitted to the accessor terminal 2 (step S515). Details of the access control processing will be described later with reference to FIG.

[Access URL Generation Processing (Example 1)]
Next, the access URL generation processing (processing corresponding to step S507 shown in FIG. 5) by the access processing server 10 will be described with reference to FIG. FIG. 14 is a flowchart showing details of the access URL generation processing.

  As shown in the figure, the access processing server 10 receives an access URL generation request message (see FIG. 7) from the accessor terminal 2 and inputs an access permitter address, a resource identifier, and a valid condition C to the URL generation unit 15. Then, the URL generation unit 15 adds the stroke “|” as a delimiter to the end of the access permitter address (for example, “tanaka@somewhere.ne.jp”) to generate data A (step S1401). ).

  The URL generation unit 15 adds a resource identifier (for example, “/suzuki/private_schedule.txt”) as character string data after the data A, and further adds a stroke symbol “|” as a delimiter at the end. (Step S1402). If the resource identifier received from the administrator A is not registered in the administrator information table 12, the request for generating the access URL is rejected in response to the administrator terminal 1.

  Further, the URL generation unit 15 generates the following 1-bit control code (data B) from the valid condition C (step S1403). That is, when the effective period is specified as the effective condition C, the data B is set to “1”, and when the effective period is not specified, the data B is set to “0”. In the “access URL issuance page” illustrated in FIG. 7, the issuance period is input by designating “number” and “year, month, or day”.

  Then, when the valid period is designated in the above step S1403, the URL generation unit 15 counts the expiration date of the valid period from January 1, 2004, and quantifies the number of days in 13-bit. Data B1 is generated by encoding as an integer value, and this data B1 is added to the end of the data B (step S1404).

  Thereafter, the URL generation unit 15 encrypts data obtained by concatenating the data A obtained in step S1402 and the data B obtained in step S1404 with the issue key of the issue key storage unit 14, and the encrypted data Is added to the end of the server URL (for example, “http://authenticationServer.co.jp/”) of the access processing server 10 to generate an access URL (step S1405). ).

  The access processing server 10 transmits an access URL generation response message (see FIG. 8) including the access URL generated by the URL generation processing described above to the administrator terminal 1 and uses the access authorized person address as the destination. An access URL generation notification mail including the URL (see FIG. 9) is transmitted to the access terminal 2 of the access permitted person.

[Authentication Information Notification Determination Processing (Example 1)]
Next, authentication information notification determination processing (processing corresponding to step S511 shown in FIG. 5) by the access processing server 10 will be described with reference to FIG. FIG. 15 is a flowchart showing details of the notification determination process.

  As shown in the figure, when the access processing server 10 receives an access request message (see FIG. 10) based on the access URL from the accessor terminal 2 and the access URL is input to the notification determination unit 22, the notification determination unit 22. Restores data from the access URL as follows (step S1501). That is, as shown in the figure, data obtained by BASE32 decryption of the access URL is further decrypted with the issue key of the issue key storage unit 14 to restore “data X”. The second stroke “|” is restored as “data A”, and the second and subsequent strokes “|” from the beginning of data X are restored as “data B”.

  In addition, the notification determination unit 22 determines whether or not to notify the accessor B of authentication information (password) by determining the valid condition C included in the access URL (step S1502). Specifically, when the first bit of data B is “1” (when a valid period is specified), the number obtained by regarding the 13 bits following the first bit as an integer value (number of days) is January 2004 The expiration date of the effective period is calculated by adding one day. Then, it is determined whether or not the current date has passed the expiration date. If the expiration date has not passed, the process proceeds to step S1503 shown below. If the expiration date has passed, A response message (a page describing that authentication information cannot be notified) is transmitted to the accessor terminal 2 and the notification determination process is terminated.

  Furthermore, when the current date has not passed the expiration date (or when the validity period is not designated), the notification determination unit 22 acquires the access permitted person address and the resource identifier from the access URL (step S1503). ). Specifically, the data up to the first stroke “|” from the beginning of data A is acquired as the access authorized person address, and the data after the first stroke “|” from the beginning of data A is the resource identifier. Get as. The notification determination unit 22 outputs the acquired access authorized person address and resource identifier to the authentication information notification unit 23 together with the notification determination result (notification OK).

[Authentication Information Notification Process (Example 1)]
Next, the authentication information (password) notification process (process corresponding to step S512 illustrated in FIG. 5) by the access processing server 10 will be described with reference to FIG. FIG. 16 is a flowchart showing details of the authentication information notification processing.

  As shown in the figure, in the access processing server 10, notification OK is determined in the notification determination processing shown in FIG. 15, and the access permitted person address and the resource identifier acquired from the access URL are input to the authentication information notification unit 23. Then, the authentication information notification unit 23 generates authentication information (password) and a session ID (step S1601). Specifically, a random number algorithm is used to randomly generate a password (for example, a 6-digit number string), and a session ID that uniquely specifies the notification procedure of the generated authentication information (for example, incremented in the order of generation 8 Digit string).

  The authentication information notification unit 23 registers the password and session ID generated in step S1601 and the resource identifier acquired in the notification determination process illustrated in FIG. 15 in association with the authentication information table 24 (step S1602). The authentication information notification unit 23 outputs the session ID registered in the authentication information table 24 to the access control unit 25 following this processing.

  Further, the authentication information notification unit 23 uses the access permitted person address acquired in the notification determination process shown in FIG. 15 as the destination address and the authentication information notification mail (FIG. 15) in which the password generated in step S1601 is described in the text. 11) is created and transmitted (step S1603). If the accessor B who has requested access to the access processing server 10 using the access URL is an access permitter, that is, the address set in the accessor terminal 2 of the accessor B is included in the access URL. If it is the access permitter address, the accessor B can receive the authentication information notification mail transmitted in step S1603 at the accessor terminal 2 thereof.

[Access control processing (first embodiment)]
Next, an access control process (a process corresponding to steps S513 to S515 illustrated in FIG. 5) by the access processing server 10 will be described with reference to FIG. FIG. 17 is a flowchart showing details of such access control processing.

  As shown in the figure, in the access processing server 10, when the session ID generated in the authentication information notification process shown in FIG. 16 is input to the access control unit 25, the access control unit 25 sets the session ID to the HIDDEN parameter. Is sent to the accessor terminal 2 and the password input by the accessor B is accepted.

  Subsequently, when a password is input to the “authentication page” in the accessor terminal 2 and an authentication request message (see FIG. 12) including the password and the session ID is received from the accessor terminal 2, the access control unit 25 Then, it is authenticated whether or not the access person B is a legitimate access person (access authorized person) (step S1701). Specifically, it is authenticated whether the session ID and password included in the received authentication page are stored in association with the authentication information table 24.

  As a result, if the authentication of the accessor B is successful (when the session ID and password are stored in association with the authentication information table 24), the access control unit 25 proceeds to the process of step S1702 shown below. If authentication of the accessor B fails (when the session ID and password are not stored in association with the authentication information table 24), a response message (a page describing that authentication has failed) is accessed. To the user terminal 2 and the access control process ends.

  Furthermore, when the authentication of the accessor B is successful, the access control unit 25 permits the access by the accessor B and transmits the access result to the accessor terminal 2 (step S1702). Specifically, after reading the resource identifier stored in association with the session ID and the password from the authentication information table 24, the resource (file) corresponding to the resource identifier is read from the resource management unit 21 and the resource. A disclosure page (see FIG. 13) is created, and the created resource disclosure page is transmitted to the accessor terminal 2.

[Effects of Example 1]
As described above, according to the first embodiment, even if a third party who illegally obtained an access URL requests access, the authentication information (only for the address of the authorized person who is an authorized access person) Password), authentication information is not notified to an unauthorized accessor, and the unauthorized access request is rejected. Therefore, it is possible to reliably authenticate whether the access request is made by an authorized accessor. become.

  Further, according to the first embodiment, authentication information is paid out in response to an access request by the accessor, so that the accessor does not need to remember the authentication information continuously, and the accessor forgets the authentication information. Therefore, the burden on the accessor and service provider can be reduced. In addition, since it is not necessary for the accessor to continuously write down the authentication information with a memo or the like, the risk of leaking the authentication information to a third party can be reduced.

  Further, according to the first embodiment, the access URL is not stored in the database every time the access URL is generated, so that the access user can be authenticated without consuming the storage resources of the system by the access URL. Become. Furthermore, since the access URL is generated using the key, it is difficult to illegally generate or falsify the access URL by a malicious third party, and it is possible to realize highly secure access control.

  Further, according to the first embodiment, the access URL including the address of the access permitter itself is generated, so that a database for storing the address of the accessor can be made completely unnecessary. It becomes possible to suppress.

  Further, according to the first embodiment, the authentication information is notified on condition that the effective condition acquired from the access URL is satisfied. Therefore, the access effective condition (condition for permitting access) from a viewpoint different from the accessor authentication. Can be requested separately, and unauthorized access that does not satisfy the valid condition can be eliminated in advance. In addition, the validity condition is not stored in the database every time the access URL is generated, but the information related to the validity condition (valid condition itself) is included in the access URL. Access can be eliminated.

  Further, according to the first embodiment, the authentication information is notified by using the access permitted person's e-mail address as the access permitted person's address, so that the access permission person quickly obtains the authentication information without taking time from accepting the access URL. It becomes possible to do.

  Also, according to the first embodiment, authentication information is notified to an e-mail address that uses a communication path (communication path using SMTP) different from a communication path (communication path using HTTP) that accepts an access URL and authentication information from an accessor. Compared with the case where the same communication circuit is used, it is possible to realize higher security against leakage of authentication information.

  In addition, according to the first embodiment, authentication information is randomly generated and notified each time an access request from an accessor is received, which makes it difficult to analyze the authentication information by a malicious third party and has high safety. Access control can be realized.

  Further, according to the first embodiment, the session ID and the authentication information are associated and registered in the authentication information table 25, and the authentication information is received from the accessor through the authentication page including the session ID. Even when authentication information is received from a plurality of accessors at the same time and at the same time, a plurality of access authentications can be reliably performed.

  Further, according to the first embodiment, the access URL and the access destination address (resource identifier) are not stored in the database every time the access URL is generated, but the resource identifier is included in the access URL. It becomes possible to specify the access destination without needing it.

  Further, according to the first embodiment, since the file name for specifying the access destination resource is the resource identifier, the access destination resource (file) is compared with the case where the folder name or directory name is the resource identifier. Can be fixed.

  Although the access control system according to the first embodiment has been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, in the following, as the access control system according to the second embodiment, various different embodiments are classified into (1) to (16) and described.

(1) Access URL including address identifier
For example, in the above-described embodiment, the case where the access URL including the e-mail address of the access permitter itself is generated has been described. However, the present invention is not limited to this and is illustrated in FIGS. 18 and 19. While storing in the database (address storage unit), the address identifier (for example, user name, user number, etc.) for uniquely identifying the e-mail address of the access permitter and the address identifier for uniquely identifying the e-mail address. May be included in the access URL.

  In this case, in the authentication information notification process, the mail address corresponding to the address identifier extracted from the access URL is read from the address storage unit, and the authentication information is notified to the mail address. In this way, if the address identification information for identifying the address of the authorized person is included in the access URL and the address itself is stored in the database in association with the address identification information, the address itself is included in the access URL. Compared to the above, the amount of information included in the access URL can be reduced.

  Also, even if you want to change the address after generating the access URL, you only need to change the address stored in the database without generating a new access URL, and you can continue to use the access URL. become. Note that a database that stores address identification information and addresses in association with each other is necessary. However, addresses are not newly stored in the database every time an access URL is generated (that is, address identification for a certain user). Even when a plurality of access URLs having the same information are generated, it is only necessary to store only one address identification information and address correspondence in the database). It becomes possible to suppress.

(2) Address Inquiry to Accessor In the above embodiment, only the valid condition is determined in the authentication information notification determination. However, the present invention is not limited to this, and FIG. As illustrated, in the determination of notification of authentication information, the accessor B receives its own address (the address that will be embedded in the access URL as an access permitter address), and performs the determination of notification using this address as well. Also good.

  In this case, in the authentication information notification determination, it is determined whether the address received from the accessor B through the screen illustrated in FIG. 20 matches the access permitted person address acquired from the access URL. Notification of authentication information is allowed on condition that both match.

  In this way, if the address is received from the accessor prior to the notification of the authentication information and the authentication information is notified on the condition that the address corresponds to the address acquired from the access code, even the access permitter address can be obtained. It is possible to eliminate in advance unauthorized users who do not know. Further, if the access permitter address is kept secret, it is assumed that the accessor terminal 2 (for example, a mobile phone terminal when the access permitter address is a mobile mail address) that receives notification of authentication information is stolen. However, it is possible to prevent notification of authentication information to the accessor terminal 2 and to reliably reject an unauthorized access request.

(3) Access URL including the hash value of the address
In the above embodiment, the case where the access URL including the access permitter address itself is generated or the access URL including the address identifier corresponding to the access permitter address stored in the database has been described. The present invention is not limited to this, and as illustrated in FIG. 21, an access URL including a hash value of an access authorized person address may be generated.

  In this case, in the authentication information notification determination, the hash value of the access permitted person address is extracted from the access URL, and the hash value is obtained for the address received from the accessor B through the screen illustrated in FIG. It is determined whether or not the hash values match, and notification of authentication information is allowed on the condition that both match. In the authentication information notification process, the authentication information is notified to the address received from the accessor B.

  In this way, the address of the access authorized person itself is not included in the access URL, but the address identification information and the address are not associated with each other and stored in the database, but the address verification code (at least a hash value generated from the address, etc.) ) Is generated, it is possible to prevent address identification information and address leakage and to reduce the amount of information included in the access URL without using the database as described above.

  In addition, even if the address itself is not included in the access URL and is not stored in the database as described above, the authentication information is not unconditionally notified to the address received from the accessor, but the address is not received. Since the authentication information is notified on the condition that the encrypted data corresponds to the encrypted data included in the access URL, it is possible to eliminate unauthorized access persons in advance.

(4) Multiple Access Permitted Addresses In the above embodiment, the case where an access URL including one access permitted person address is generated has been described. However, the present invention is not limited to this. 22, an access URL including a plurality of access permitter addresses, a plurality of address identifiers, a plurality of hash values, or a group ID (a group ID associated with a plurality of access permitter addresses) is generated. You may do it.

  In this case, in the authentication information notification process, the authentication information may be notified to each of a plurality of access permission addresses acquired from the access URL. However, the present invention is not necessarily limited to this. The address received from the accessor B through the screen illustrated in FIG. 20, and the address (or the hash value of the address) received from the accessor B among the plurality of access-permitted user addresses (or the hash value of the address) acquired from the access URL. ), The authentication information may be notified only to the address received from the accessor B.

  In this way, when a plurality of addresses (for example, each address possessed by a plurality of access permitters and a plurality of addresses possessed by one access permitter) are acquired from the access URL, authentication information is notified to the plurality of addresses. If the authentication information is notified to the corresponding address on condition that the address received from the accessor B corresponds to one of a plurality of addresses, the unauthorized accessor is excluded in advance. In addition to this, it is possible to notify authentication information only to a necessary address without waste.

(5) Effective condition C
In the above embodiment, the case where the effective period during which access by the accessor B is permitted is designated as the effective condition C has been described. However, the present invention is not limited to this, and for example, access is permitted. Time limit (for example, until year, month, and day), time when access is permitted (for example, from 0:00 to 0:00), number of times access is permitted (for example, ○. In this case, access history is stored in the database. Other valid conditions C may be specified, such as managing and determining valid conditions while referring to such a database.

  In other words, as illustrated in FIG. 23, an access URL including an access permission period, an access permission time limit, an access permission time, an access permission count, or a combination thereof as the valid condition C may be generated. In this way, if the period, time, number of times or the combination of access is permitted, the effective condition is not only reliable access authentication, but also practical access authorization from the viewpoint of effective period, effective time, and number of effective times. Can be realized.

(6) Invalidation of access URL In the above-described embodiment, the case where the access URL once generated is valid semi-permanently has been described. However, the present invention is not limited to this and has already been generated. If the access URL is invalidated, the authentication information notification determination may be performed on the condition that the access URL is not invalidated. That is, in this case, an invalidation table that stores information for specifying the access URL to be invalidated is further provided, and the access URL received from the accessor is invalidated in the authentication information notification determination process. Is further determined based on the invalidation table, and authentication information notification processing is executed on the condition that it is not invalidated.

  Here, as a method of invalidating the access URL, as illustrated in FIG. 24, the access URL itself to be invalidated is registered in the invalidation table, and the access URL received from the accessor is registered in the invalidation table. If registered, a method for disabling notification of authentication information and information related to generation of an access URL (that is, an access authorized person address, a resource identifier, a valid condition, or a combination thereof) are registered in the invalidation table. If the access permitter address, the resource identifier, the valid condition, or a combination thereof extracted from the access URL received from the accessor is registered in the invalidation table, it is possible to adopt a method for disabling notification of authentication information. .

  Further, as illustrated in the figure, identification information separately included in the access URL (for example, identification information for uniquely identifying a generation requester, identification information given for each generation request procedure, or a combination thereof) If the identification information extracted from the access URL received from the accessor is registered in the invalidation table and registered in the invalidation table, the authentication information cannot be notified, or the generation information separately included in the access URL (For example, the generation number, the generation date and time, or a combination thereof, which is larger as it is generated later) is registered in the invalidation table, and the generation information extracted from the access URL received from the accessor is registered in the invalidation table. If it is, the method of disabling notification of authentication information, the range of generation information separately included in the access URL (for example, the generation number) And the generation date and time range or both ranges) are registered in the invalidation table, and the generation information extracted from the access URL received from the accessor belongs to the generation information range registered in the invalidation table. For example, it is possible to adopt a technique for disabling notification of authentication information.

  As described above, if access by the invalidated access URL is not permitted, the access URL is invalidated when it is desired to stop the access due to the abuse of the predetermined access URL. By making it, it becomes possible to reject access by the access URL later.

  Further, in the above embodiment, even when there are a plurality of accessors who request access to the access processing server using the access URL acquired at the same time, the notification determination process and the authentication information notification process are performed for all the accessors. However, the present invention is not limited to this, and other access users may be disabled until the access person terminates the access.

  Specifically, as shown in FIG. 32, the access URL (http: // XXX) received from the accessing user A who has accessed is registered in the invalidation table, and then the accessing user B accesses. When the access URL (http: // XXX) of the access person B is stored in the invalidation table, the authentication information notification process is not performed for the access of the access person B. When the access of the access person A is completed, the access URL of the access person A registered in the invalidation processing table is deleted, and the above process is repeated thereafter.

  As described above, until the access ends, the access URL, the condition information related to the predetermined invalidation information that can be derived from the access URL, or the condition information related to the predetermined invalidation information associated with the access code is stored. Since it is memorized, it is possible to limit the number of users who can access at one time to one, and to prevent multiple people from accessing at the same time.

  In the above embodiment, the case where the access URL or the information corresponding to the access URL is continuously stored after being registered in the invalidation table has been described. However, the present invention is not limited to this, for example, As shown in FIG. 33, when an expiration date corresponding to the above-described validity condition is set in the access URL registered in the invalidation table, the access URL is held until the set expiration date, and valid The access URL may be deleted after the expiration date.

  Thus, by deleting the access URL after the expiration date in the invalidation table, it becomes possible to prevent the invalidation database entry from increasing with the continuous operation of the system.

(7) Authentication Information In the above-described embodiment, the case where authentication information (password) composed of a 6-digit number string is generated has been described. However, the present invention is not limited to this, and for example, FIG. As described above, a password composed of an arbitrary character string may be generated. In the above embodiment, the case where the password is generated using the random number algorithm has been described. However, the present invention is not limited to this, and for example, the accessor B from a plurality of passwords prepared in advance. You may make it select the password notified to.

  In the above embodiment, a case has been described in which a session ID is generated together with a password and both are registered in the authentication information table 24. However, the present invention is not limited to this, for example, as shown in FIG. As described above, a session ID including a password may be generated without providing the authentication information table 24. That is, in this case, in the access control process, after the session ID is extracted from the authentication page, a password is further extracted from the session ID, and it is determined whether this password matches the password entered by the accessor B. As described above, if the session ID including the authentication information is generated, a database for storing the session ID and the authentication information in association with each other can be completely eliminated, and the consumption of storage resources is suppressed in this respect. It becomes possible.

  In the above-described embodiment, the case where the transaction of the authentication information notification process is specified by the session ID has been described. However, the present invention is not limited to this, for example, as shown in FIG. A session ID may be made unnecessary by generating an incoming password. That is, in this case, in the access control process, the time stamp is extracted from the password received from the accessor B, and it is determined whether or not it belongs to a predetermined time range. The present invention is not limited to the password authentication described above, and any password authentication may be adopted as long as it is a password that can be exchanged between the access processing server 10 and the access authorized person.

(8) Resource identifier In the above embodiment, the case where a file name is specified as a resource identifier has been described. However, the present invention is not limited to this, and as illustrated in FIG. A folder name, a directory name, or a combination thereof, and a command for reading and writing a predetermined file may be designated.

  Here, when a folder name or directory name is specified as a resource identifier, all resources (files) in the folder or under the directory may be disclosed to the accessor B at a time, but the present invention However, the present invention is not necessarily limited to this, and a predetermined resource (file) may be disclosed according to the access target selected by the accessor. When resources are sequentially disclosed by such selection, the same session ID is maintained as the session ID embedded in the Web page, and if this session ID is stored in the authentication information table 25, the authentication information is the same. Access permission is continued only within the folder or directory stored in the table 25.

  In this way, if the folder name or directory name is designated as the access destination address, even if it is desired to change the access target after the access URL is generated, the access URL is not generated anew, but is in the folder or under the directory. It is only necessary to replace the resources, and the access URL can be used continuously. That is, as illustrated in FIG. 27, the access control system can be separated into an access processing server 10 that manages and controls access rights and a content management server 30 that manages and controls contents. The changes do not affect each other, and convenience can be improved.

  In addition, when sequentially disclosing content, the session ID may be newly created and transmitted to the accessor when authentication is successful without using the session ID used at the time of authentication, It is also possible to store the ID and the authentication result that can uniquely identify the caller, such as the originating IP address, and store them in association with each other, and control access based on the originating IP address of the access request. Furthermore, access control can be performed without storing the content identifier in the authentication information table by transmitting to the accessor session information in which the authentication result and the content identifier are encrypted with the issue key instead of the session ID.

(9) Access URL generation requester In the above-described embodiment, the case where the administrator A makes an access URL generation request has been described. However, the present invention is not limited to this. B may acquire a keyword from an administrator, present the keyword, and access person B may generate an access URL by making an access URL generation request. In this case, the access processing server 10 authenticates the keyword, thereby authenticating whether the access person B is permitted to generate an access URL by the administrator as an access permitter.

(10) Notification of access URL In the above embodiment, the case where the access URL generated by the access processing server 10 is directly notified to the access authorized person has been described. However, the present invention is not limited to this. The generated access URL may be transmitted only to the administrator A, and the access permitter may acquire the access URL from the administrator A.

  In the above embodiment, the case where the accessor authorized person obtains the access URL by e-mail has been described. However, the present invention is not necessarily limited to this. For example, the access URL can be accessed on a homepage or bulletin board on a network. Regardless of whether you are online or offline, such as publishing the URL separately, mailing the document containing the access URL to the access permitter, or telling the access URL to the access permitter by telephone or verbally Any mode may be used as long as the access permitter acquires the access URL through the means.

(11) Access URL generation entity and verification entity In the above embodiment, a third party (service center) who is neither the administrator A nor the accessor B generates and verifies access URLs (authentication information notification determination, authentication). The case of performing notification of information and access control) has been described, but the present invention is not limited to this, and all or part of the generation and verification of the access URL in the administrator A (that is, the administrator terminal 1). May be performed. As described above, if the administrator A generates and verifies the access URL, the burden on the service center side can be distributed.

  Further, the generation of the access URL is not limited to the service center or the administrator A. For example, the access URL is generated in the access terminal 2 of the access authorized person, and the service center or the administrator terminal 1 verifies this. You may do it. That is, in this case, an access URL is generated using the access permitter's private key, and the service center or the administrator terminal 1 verifies the access URL using the access permitter's public key.

(12) Information included in access URL In the above-described embodiment, the case where an access URL including an access authorized person address, a resource identifier, and a valid condition is generated has been described. However, the present invention is not limited to this. Instead, as shown in FIG. 28, any access URL including at least information related to the address of the access permitter (for example, the access permitter address, the address identifier, the hash value of the address or the group ID) may be used.

  That is, in addition to the information related to the address, information related to the effective condition (effective condition, or an identifier of the effective condition when the effective condition is registered in the DB), information related to the access destination (access destination address or access destination) In the case of registering the address in the DB, it may be an access URL including an identifier of an access destination address) or a combination thereof.

(13) Access Permitted Address In the above embodiment, the case where a mail address is designated as the access permitted person address has been described. However, the present invention is not limited to this, and as illustrated in FIG. , PC mail address (Internet mail address), mobile mail address (also PHS mail address), other message address (address of SIP message), fixed phone number, mobile phone number, IP phone number, extension phone number, or a combination thereof Any address that can be a notification destination of authentication information may be used.

  Here, when a plurality of addresses are designated for the same access-permitted person, the password is notified to a plurality of addresses, so that it is possible to ensure acquisition of the password by the access-permitted person. In addition, by specifying a fixed telephone number, an extension telephone number, or the like, it becomes possible to avoid unauthorized acquisition of a password due to theft of a user terminal (for example, a mobile phone).

(14) Format of Access Code In the above embodiment, the case where an access code in the URL format is used has been described. However, the present invention is not limited to this, and as illustrated in FIG. UniformResourceIdentifier) format, message address format, telephone number format, ticket format, barcode format, various card information (for example, card magnetic information, IC card built-in information), etc. The present invention can be similarly applied.

  More specifically, in the case of the message address format, the access request is received by a message such as an email, and the access result is transmitted by an email. In the case of the telephone number format, an access request with the telephone number as the connection destination is received from the accessor's telephone terminal, and the access result is returned to the accessor's telephone terminal. Further, in the case of the barcode format, for example, a barcode-attached medium (for example, a business card or a prepaid card) is read by a barcode reader (corresponding to the access processing server 10 described above), and the barcode reader is used. The access result is output from the display device connected to.

(15) Types of access control In the above-described embodiment, the case where the present invention is applied to information disclosure (content disclosure) as access control for resources has been described. However, the present invention is not limited to this. For example, as shown in FIG. 31, the present invention can be applied to authenticating an accessor in any service such as message transfer, telephone connection transfer, and user authentication (for example, user authentication in room management).

  That is, for example, in the case of a telephone connection transfer service, a telephone connection request having a telephone number format access code as a connection destination number is accepted from an accessor's telephone terminal, and addressed to an access permitter address extracted from the access code. The telephone connection request is transferred to the telephone number of the access destination address extracted from the access code on the condition that the password is input from the telephone terminal. In the case of identity authentication (for example, identity authentication in entrance management), the access control device reads the access code as magnetic information from the accessor's card that requests entry, and sends it to the access permitting person's address extracted from this access code. The password is notified and the access person is allowed to enter the room on condition that the password is input to the room entrance control device.

(16) System Configuration The components of each device illustrated in the above embodiment (particularly, the access processing server 10 illustrated in FIG. 2) are functionally conceptual and are not necessarily physically illustrated. It doesn't need to be configured. That is, the specific form of distribution / integration of each device is not limited to the one shown in the figure. For example, the access processing server 10 can be accessed URL generation processing, authentication information notification determination processing, authentication information notification processing, access control processing, resource management processing. Alternatively, all or a part of each device may be functionally or physically distributed and integrated in arbitrary units according to various loads and usage conditions, such as separating each combination. be able to. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  In addition, among the processes described in the above embodiments, all or part of the processes described as being performed automatically can be manually performed, or the processes described as being performed manually. All or a part of the above can be automatically performed by a known method. In addition, information including processing procedures, control procedures, specific names, various data and parameters shown in the document and drawings (for example, information stored in the administrator information table 12 and the authentication information table 24) About can be changed arbitrarily unless otherwise specified.

  In the above embodiment, each device (the manager terminal 1, the accessor terminal 2, and the access processing server 10) that implements the present invention has been described in terms of functions. However, each function of each device is a personal computer or workstation. It can also be realized by causing a computer to execute the program. That is, the various processing procedures described in the first embodiment can be realized by executing a program prepared in advance on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. That is, for example, an access processing server program as described in the first embodiment (more specifically, an access URL generation program, an authentication information notification determination program, an authentication information notification program, an access control program, etc.) is stored. A CD-ROM may be distributed, and each computer may read and execute a program stored in the CD-ROM.

(17) Continuous Access after Successful Authentication In the above embodiment, the case where the access control process using the authentication information is performed every time an access request is made from the accessor terminal has been described. It is not limited. When access is once permitted and then accessed again, an access ID that uniquely identifies the permitted access (for example, data obtained by encrypting information such as control information with a predetermined key) Or information such as control information added with electronic signature data generated by a secret key) may be used to continuously control access.

  That is, when access by an accessor is permitted, an access ID that uniquely identifies the permitted access and a control content (expiration date, resource identifier) for the access are stored in association with each other, and the stored access The accessor is notified of the ID, the notified access ID is received from the accessor, and the accessor's access is continuously controlled based on the control content stored in association with the access ID.

  Specifically, when access by the accessor is permitted, as shown in FIG. 34, the access ID, expiration date, and resource identifier are associated with each other and stored in the access ID table, and the access ID is notified to the accessor. The notified access ID is received from the accessor. Access is permitted within the expiration date stored in the access ID table in association with the access ID and within the resource specified by the resource identifier.

  As described above, when access by an accessor is permitted, an access ID that uniquely identifies the permitted access and a control content (expiration date, resource identifier) for the access are stored in association with each other and stored. If the access ID is notified to the access person, the notified access ID is received from the access person, and the access of the access person is continuously controlled based on the control content stored in association with the access ID, Once authenticated through an authentication procedure, access can be made with an access ID, so that it is possible to reduce the trouble of inputting authentication information.

  In the above embodiment, the case where the access ID and the control content (expiration date, resource identifier) for the access are stored in association with each other and the access is continuously controlled has been described. Source information (IP address, hash value of IP address, terminal name, etc.) is further acquired and stored, and when an access request is received by the access ID, the source information obtained from the access ID and the access ID are presented and accessed. The access control according to the control information may be performed on the condition that comparison is made with the transmission source information of the requesting accessor and the two correspond. Thus, even when the access ID is leaked to a third party, only access from a specific accessor is accepted, and impersonation can be prevented.

  In the above embodiment, the case where the access ID and the control content (expiration date, resource identifier) for the access are stored in association with each other and the access is continuously controlled has been described. The access may be continuously controlled including the original information. Specifically, when access by an accessor is permitted, as shown in FIG. 35, an access ID including control information (expiration date, resource identifier) and source information is created, and the access ID is accessed. May be received from the accessor, and access control may be performed based on the control information or the sender information included in the access ID.

  As described above, when access by the accessor is permitted, access control is performed based on the control information and the transmission source information included in the access ID, so that the authentication result is stored while preventing the authentication result from being falsified. It is possible.

  Further, in the above-described embodiment, the case where the access ID is continuously controlled by including the control information in the access ID has been described. However, access source information (for example, IP address, terminal name, etc.) that uniquely identifies the access source of the accessor Etc.) may be used to continuously control access. Specifically, when access by the accessor is permitted, as shown in FIG. 36, the accessor's access source information and control information (expiration date, resource identifier) are associated and stored in the access source information table. . Then, when an access request is received from an accessor, the access source information included in the access request may be acquired, and access control may be performed based on the control content associated with the access source information.

(18) Reverse proxy type In the above embodiment, the case where the access processing server that performs the access processing is provided has been described. However, the present invention is not limited to this, and authentication information notification and access control are performed. You may make it provide the authentication server which authenticates an accessor, and the content provision server which manages the content provided to an accessor.

  Specifically, as shown in FIG. 37, after successful authentication (step S3705), the authentication server acquires content from the content providing server (step S3706) and discloses it to the accessor (step S3707). That is, as shown in FIG. 38, in the access control process in the authentication server, instead of acquiring the content from the content management unit, a request is transmitted to the content providing server based on the content identifier including the URL of the content providing server. Then, what is necessary is just to acquire a content as the response. In the content providing process performed by the content providing server, a content request including a content identifier is received from the authentication server, and after confirming that the request source is the authentication server (step S3801), the content is returned (step S3801). Step S3802).

  As described above, when the access by the accessor is permitted, the content provided to the accessor is acquired from the content management server and the content is disclosed to the accessor. As a result of providing the content, it is possible to facilitate the setting of access control on the content providing server, and the authentication server intensively grasps the content provided to the accessor from multiple content providers. Thus, it is possible to charge the access person collectively, and it is possible to provide advertisements and recommendations according to the access history.

(19) Notification request type In the above embodiment, the case where the access processing server that performs the access processing is provided has been described. However, the present invention is not limited to this, and the authentication server that authenticates the accessor and the access A content management server that manages content provided to the user, and authentication information notification and content provision may be performed by a separate server.

  Specifically, as shown in FIG. 39, by setting the server URL included in the access URL generated by the access URL generation process performed by the authentication server as the URL of the content providing server, the access request from the accessor can be changed to the content. Accepted by the providing server (step S3901). Then, the content providing server that has received the access URL transmits the access URL to the authentication server and requests notification of authentication information to the user who is permitted to access (step S3902). After that, the authentication server determines whether or not notification is possible based on the access URL (step S3903). If it is determined that notification is possible, the authentication server performs authentication information notification processing as described below (step S3904). ).

  As shown in FIG. 40, in the authentication information notification process, first, authentication information is generated (step S4001), a mail addressed to an access authorized person address including the authentication information is created and transmitted (step S4002), and further, Then, an authentication information response including the authentication information is transmitted to the content providing server (step S4003).

  After that, the content providing server that has received the authentication information response performs an access response process in order to return an authentication page to the accessor terminal (step S3905). In such an access response process, a session ID is first created as shown in FIG. Then, the authentication information, session ID, and content identifier are registered in the authentication information table. Further, an authentication page including the session ID is transmitted to the accessor terminal. The subsequent processing is the same as that of the authentication server in the first embodiment.

  In this way, the authentication server accepts an access code from the accessor via the content management server, and the content management server discloses the content to the accessor when permitting access by the accessor. By providing the content to the user by the content providing server, the content providing server provides the content, and the content providing server prevents content concentration on the authentication server compared to the case where the authentication server provides the content. is there. In addition, since the authentication server notifies the authentication information, the content provider can perform appropriate access control without knowing the information related to the accessor's address, and the accessor's anonymity can be ensured. is there.

  In the above embodiment, the case where the access processing server that performs the access processing is provided has been described. However, the present invention is not limited to this, and the authentication server that authenticates the accessor and the accessor are provided. A content management server for managing the content to be managed, and the content providing server may directly provide the content to the accessor based on the authentication result of the authentication server.

  Specifically, as shown in FIG. 42, the procedure up to access control is the same as that in the first embodiment, but the access control processing in the authentication server determines whether access is possible as shown in FIG.

  Furthermore, when it is determined that access is possible, the authentication server performs secondary access URL generation processing as shown in FIG. In the secondary access URL generation process, first, data with “|” added to the end of the IP address of the accessor terminal is set as data A (step S4401), a content identifier is added to data A as a character string, and the end is further added. "|" Is added to (step S4402). Then, the data obtained by counting the current time from 0:00 on January 1, 2004 and digitized in minutes is defined as data B (step S4403). Further, the data obtained by concatenating the data A and the data B is encrypted with the issuance key, and the encoded data obtained by BASE32 encoding the encrypted data is added to the tail of the content providing server URL. An access URL is created (step S4404).

  The authentication server transmits a secondary access URL as a response to the accessor, urges the accessor to access, and issues an access request to the secondary access URL of the accessor who has received the secondary access URL. FIG. 45 shows an access determination process flow of the content providing server that has received the secondary access URL from the accessor. When the content providing server receives the secondary access URL from the accessor, the content providing server first acquires data following the content providing server URL of the secondary access URL and sets it as data T (step S4501). Then, the data T and the IP address R of the accessor are transmitted to the authentication server, and an authentication result and a content identifier are inquired (step S4502). Of the authentication result and content identifier obtained by inquiring the authentication server, if the authentication result is OK, the access determination result is OK, and if the authentication result is NG, the access determination result is NG. (Step S4503). If the access determination result is OK, the content corresponding to the content identifier is acquired from the content management unit in the content providing server and disclosed to the accessor.

  On the other hand, FIG. 46 shows an authentication result response process performed by the authentication server that has received the data T and the IP address R of the accessor from the content providing server to acquire the authentication result and the content identifier.

  First, the authentication server obtains data X obtained by further decrypting the data T obtained after the content providing server URL in the secondary access URL by BASE32 decryption with the issue key (step S4601). The data from the head of the data X to the second “|” is data A, and the data after the second “|” from the head of the data X is data B. Further, the data from the top of the data A to the first “|” is acquired as the data G, and the data after the first “|” from the top is acquired as the content identifier (step S4602).

  Next, the data G and the IP address R are compared (step S4603 does not match). If they do not match, the authentication result is NG. If they match (step S4603 match), the data obtained by counting the current time from January 1st, 2004 00:00 and digitized in minutes is set as data C (step S4604), and data C-data B is 0. If it is not less than 30 and not less than 30 (step S4605 is not established), the authentication result is NG, and if it is not less than 0 and less than 30 (step S4605 is established), the authentication result is OK.

  As a result, when the access is permitted by the accessor, the authentication server generates a secondary access address for accessing the content management server and discloses the secondary access address to the accessor. Based on the authentication result, the content providing server can directly provide the content to the accessor. Note that the above embodiment is not limited to the method using the secondary access URL. For example, the authentication server issues an authentication result identifier specifying the authentication result to the accessor and stores it in association with the authentication result, and the content providing server accepts the authentication result identifier from the accessor and authenticates to the authentication server. The same can be done by inquiring about the authentication result associated with the result identifier.

(Billing management type)
In the above embodiment, the case where the access processing server that performs the access processing is provided has been described. However, the present invention is not limited to this, and the authentication server that authenticates the accessor and the content provided to the accessor And a content management server that manages the content, the accessor may acquire the content from the content providing server via the authentication server.

  Specifically, as shown in FIG. 47, the server URL included in the access URL generated in the access URL generation process performed by the authentication server is set as the URL of the content providing server, and “? Content = "And the content identifier are added, so that an access request (step S4701) from an accessor can be received by the content providing server and the content identifier can be acquired from the access URL. FIG. 48 shows the access URL generation process.

  In the access request from the accessor, preference information relating to the format and quality of the content data desired by the accessor, for example, information such as the bitmap format and image quality is accepted as the request. In addition to accepting the request, the content providing server and the accessing user may interact interactively in order to adjust the request of the accessing user and the providing capability of the content providing server.

  In response to a request from the accessor, the content providing server generates a new content from the content held based on the content identifier included in the access URL, or processes the content according to the request from the accessor Is generated (step S4702). Specifically, the content is converted into a designated format and the image quality is adjusted.

  Next, the content providing server generates a random number string having a length sufficient to identify the access by the accessor as a transaction ID, and transmits it to the authentication server together with the access URL and the content. The authentication server stores the transaction ID, access URL, and content in association with each other in the database.

  Further, the content providing server notifies the transaction ID and transmits a transfer message to guide the accessor to the authentication server. The access person who has received the transfer message transmits a transaction ID to the authentication server and makes an access request. Then, the authentication server that has received the transaction ID acquires an access URL from the database based on the transaction ID, and uses “? Content =” in the access URL and subsequent data including the access URL as the access URL, as in the first embodiment. Notification determination processing (step S4704), authentication information notification processing (step S4705), and access control processing (step S4708) are performed.

  In the access control process, as shown in FIG. 49, the validity condition is determined, and the content identifier included after “? Content =” of the access URL is included in the access URL after being encrypted. Judgment is made. Specifically, among the data after the content providing server URL in the access URL, data after “? Content =” is data Y, and data obtained by BASE32 decoding data before “? Content =” is further obtained. Data obtained by decrypting with the issue key is defined as data X. Further, the data from the top of the data X to the second “|” is data A, and the data after the second “|” from the top is data B (step S4901).

  When the first bit of data B is “1”, that is, when an expiration date is designated, the number obtained by regarding the 13 bits following the first bit as an integer value is the number of days representing the expiration date. The expiration date of the expiration date is calculated by adding to the first day of the month, and it is determined whether the current date has passed the expiration date. If it has passed, authentication information notification is disabled (step S4902).

  Further, the data from the top of data A to the first “|” is acquired as an access permitter address, and the data after the first “|” from the top of data A is acquired as a content identifier. If the content identifiers do not match, authentication information notification is disabled (step S4903).

  The subsequent processing is the same as in the first embodiment. However, in the access control process, the content to be disclosed to the accessor is acquired from the database based on the transaction ID, not from the content management unit. As shown in FIG. 46, after providing content to an accessor, the content providing server may be notified of whether or not the disclosure has been successful, but this is not essential.

  As described above, the authentication server receives the access code from the accessor via the content providing server, acquires the content provided to the accessor from the content providing server, and the content providing server permits access by the accessor. Since the content acquired from the content providing server is disclosed to the accessor, the content providing server only provides the content to the authentication server without performing authentication, so that it is easy to set access control on the content providing server. become.

  By the way, in the above-described first embodiment, a case has been described in which access information is controlled by including information related to the address of an authorized person in an access URL using a predetermined key, but the present invention is not limited to this, Information related to the address of the permitter may be stored in a database in association with the access URL to control access.

  Therefore, in the following third embodiment, the access control system according to the third embodiment will be described with reference to FIG. 50 as a case where the information related to the address of the authorized person is stored in the database in association with the access URL to control access. The outline of will be described. FIG. 50 is a diagram for explaining the outline of the access control system according to the third embodiment.

  As shown in FIG. 50, the access control system according to the third embodiment stores the information related to the address of the access authorized person in the database in association with the access URL as compared with the access control system according to the first embodiment. The difference is in controlling. Specifically, after the administrator makes an access URL generation request to the service center, the service center generates an access URL and associates the address of the authorized person with the access URL in the URL table. The access URL that is stored and generated is notified to the authorized person (see (1) to (3) in FIG. 50). Specifically, an access permitter address (email address of an accessor permitted to access), a resource identifier (identifier for identifying a resource permitting access), and a valid condition C (valid period for permitting access) are set. A character string obtained by encrypting the resource identifier, the valid condition C, and the random number data having a length sufficient to ensure the uniqueness of the generated URL with the predetermined key as the “path name portion”. A URL address is generated, and the access authorized person address is associated with the generated access URL and stored in the URL table.

  Thereafter, after the access person makes an access request to the service center by Web access using the access URL, the service center obtains an access permitting person address corresponding to the access URL used by the accessor from the URL table, and performs such acquisition. The e-mail (see FIG. 11) with the access permitted person address set as the destination address and the password described in the text is transmitted, and an authentication page including the session ID is transmitted to the accessor's user terminal. The password input is accepted (see (4) to (6) in FIG. 50).

  Then, as in the first embodiment, when the accessor B enters the password on the authentication page and transmits it to the service center, the service center authenticates the accessor, discloses resources, etc. ((7 in FIG. 50) ) To (10)).

  As described above, according to the third embodiment, for each generated access URL, the information related to the address of the access authorized person corresponding to each access URL is stored, so that the access code can be changed by changing the database. It is possible to update the contents and sum of the information related to the address as needed.

  In the above embodiment, the case where the access URL and the mail address of the access authorized person are stored in association with each other has been described. However, the present invention is not limited to this, and the address identification information and the access URL are associated with each other. May be stored in a database, and the address identification information and the e-mail address of the access permitted person may be associated with each other and stored separately in the database. As a result, even when it is desired to change the mail address after paying out a plurality of access URLs for one mail address of the access permitted person, it is only necessary to change the mail address of the access permitted person in the database.

  Further, the case where only the valid condition is determined in the authentication information notification determination has been described. However, the present invention is not limited to this, and the address is received from the accessor B in the authentication information notification determination. May also be used to make notification determination. Thus, if the address is received from the accessor prior to the notification of the authentication information and the authentication information is notified on the condition that the address corresponds to the address acquired from the access code, even the access permitter address can be obtained. It is possible to eliminate in advance unauthorized users who do not know.

  In the above embodiment, the access permitter address itself and the access URL are stored in the database in association with each other, or the address identifier corresponding to the access permitter address stored in the database and the access URL are stored in association with each other. However, the present invention is not limited to this, and the hash value of the access permitter address and the access URL may be stored in association with each other. In this way, the address of the access authorized person itself is not included in the access URL, but the address identification information and the address are not associated with each other and stored in the database, but the address verification code (at least a hash value generated from the address, etc.) ), It is possible to prevent leakage of address identification information and addresses.

  In the above embodiment, the case where the access URL including one access permitter address is stored has been described. However, the present invention is not limited to this, and as illustrated in FIG. An access URL including an access permitter address, a plurality of address identifiers, a plurality of hash values, or a group ID (a group ID associated with a plurality of access permitter addresses) may be stored.

  In this way, when a plurality of addresses (for example, each address possessed by a plurality of access permitters and a plurality of addresses possessed by one access permitter) are acquired from the access URL, authentication information is notified to the plurality of addresses. If the authentication information is notified to the corresponding address on condition that the address received from the accessor B corresponds to one of a plurality of addresses, the unauthorized accessor is excluded in advance. In addition to this, it is possible to notify authentication information only to a necessary address without waste.

  As described above, the access control system, the access control method, and the access control program according to the present invention are useful when controlling access by an accessor, and in particular whether or not an access request is issued by a legitimate accessor. Suitable for authenticating.

1 is a diagram for explaining an overview of an access control system according to a first embodiment. 1 is a diagram illustrating a configuration of an access control system according to a first embodiment. It is a figure which shows the example of the information memorize | stored in an administrator information table. It is a figure which shows the example of the information memorize | stored in an authentication information table. It is a sequence diagram which shows the flow of a process from the URL production | generation request | requirement by an administrator to access result reception by an accessor. It is a figure which shows the example of the screen which concerns on an administrator's login request. It is a figure which shows the example of the screen which concerns on the production | generation request | requirement of access URL. It is a figure which shows the example of the screen which concerns on the production | generation response of access URL. It is a figure which shows the example of the mail which concerns on the production | generation notification of access URL. It is a figure which shows the example of the screen which concerns on the access request by access URL. It is a figure which shows the example of the mail which concerns on the notification of authentication information. It is a figure which shows the example of the screen which concerns on an accessor's authentication request | requirement. It is a figure which shows the example of the screen which concerns on an access result. It is a flowchart which shows the detail of an access URL production | generation process. It is a flowchart which shows the detail of a notification determination process. It is a flowchart which shows the detail of an authentication information notification process. It is a flowchart which shows the detail of an access control process. It is a figure for demonstrating the Example which memorize | stores an access permission person address in a database. It is a figure for demonstrating the Example which memorize | stores an access permission person address in a database. It is a figure for demonstrating the Example which inquires an access person about an access permission person address. It is a figure for demonstrating the Example which includes the hash value of an access permission person address in access URL. It is a figure for demonstrating the Example which acquires several access authorized person addresses from access URL. It is a figure for demonstrating the kind of effective condition contained in access URL. It is a figure for demonstrating the Example which invalidates access URL. It is a figure for demonstrating the kind of authentication information. It is a figure for demonstrating the kind of resource identifier. It is a figure for demonstrating the Example which isolate | separates management control of access right and management control of content. It is a figure for demonstrating the kind of information contained in access URL. It is a figure for demonstrating the kind of access permission person address. It is a figure for demonstrating the format of an access code. It is a figure for demonstrating the kind of access control. It is a figure for demonstrating the Example which invalidates access URL. It is a figure which shows the example of the information memorize | stored in the invalidation table. It is a figure which shows the example of the information memorize | stored in an access ID table. It is a figure for demonstrating access ID. It is a figure which shows the example of the information memorize | stored in an access source information table. FIG. 10 is a sequence diagram for explaining an embodiment in which an accessor makes an authentication request to an authentication server and content is also provided by the authentication server. It is a flowchart for demonstrating an access control process. FIG. 10 is a sequence diagram for explaining an embodiment in which an accessor makes an authentication request to a content server and content is also provided by the content server. It is a flowchart for demonstrating an authentication information notification process. It is a flowchart for demonstrating an access response. It is a sequence diagram for demonstrating the Example which an accessor performs an authentication request | requirement with respect to an authentication server, and a content server provides a content. It is a flowchart for demonstrating an access control process. It is a flowchart for demonstrating a secondary access URL production | generation process. It is a flowchart for demonstrating an access determination process. It is a flowchart for demonstrating an authentication result response. It is a sequence diagram for demonstrating the Example which an accessor performs an authentication request | requirement with respect to a content server, and an authentication server performs content provision. It is a flowchart for demonstrating an access URL generation process. It is a flowchart for demonstrating notification determination processing. FIG. 10 is a diagram for explaining an overview of an access control system according to a third embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Administrator terminal 2 Caller terminal 4 Accessor mail server 5 Administrator IP network 6 Accessor IP network 7 Internet 8 LAN (Local Area Network)
DESCRIPTION OF SYMBOLS 10 Access processing server 11 Communication part 12 Administrator information table 13 Administrator authentication part 14 Issuance key memory | storage part 15 URL generation part 21 Resource management part 22 Notification determination part 23 Authentication information notification part 24 Authentication information table 25 Access control part

Claims (38)

An access control system for controlling access by an accessor,
An access code generating means for generating an access code in association with information related to the address of one or a plurality of access permitted users whose access is permitted;
An authentication information notifying means for receiving an access code from the access person and notifying predetermined authentication information to the address of the access authorized person obtained based on the access code;
Access control means for accepting authentication information from the accessor and permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notifying means;
An access control system comprising: The access code generating means generates an access code including information related to the address of one or more access authorized persons permitted to access with a predetermined key,
The authentication information notification means receives an access code from the accessor, acquires the address of the access permitter included in the access code, and notifies predetermined authentication information to the address of the access permitter. The access control system according to claim 1, wherein: The access code generation means generates an access code including the address itself as information related to the address of the access authorized person,
The access control system according to claim 1, wherein the authentication information notification unit acquires an address of the access authorized person included in the access code, and notifies the authentication information to the address. Address storage means for storing the address of the authorized person and address identification information for identifying the address in association with each other,
The access code generating means generates an access code including address identification information corresponding to the address as information related to the address of the access authorized person,
The authentication information notifying unit acquires an address corresponding to the address identification information included in the access code from the addresses stored in the address storage unit, and notifies the authentication information to the address. The access control system according to claim 1 or 2.   The authentication information notification means further accepts the accessor's address together with the access code from the accessor, and the access permission is provided on the condition that the address corresponds to the accessor's address acquired from the access code 5. The access control system according to claim 1, 2, 3 or 4, wherein the authentication information is notified to a person's address.   When a plurality of addresses are acquired from the access code, the authentication information notifying unit is provided on the condition that some of the plurality of addresses correspond to an address received from the accessor. 6. The access control system according to claim 5, wherein the authentication information is notified from the addresses to the corresponding address. For each access code generated by the access code generating means, comprising an access code storage means for storing information relating to the address of an access authorized person corresponding to each access code,
The authentication information notifying unit receives an access code from the accessor, acquires the address of the access permitted person corresponding to the access code among the access permitted person addresses stored in the access code storage unit, and 2. The access control system according to claim 1, wherein predetermined authentication information is notified to the address of the permitter. The access code storage means stores the address itself as information relating to the address of the access authorized person,
The authentication information notifying means acquires the access authorized person's address corresponding to the access code from the access authorized person's address stored in the access code storing means, and notifies the authentication information to the address. 8. The access control system according to claim 1 or 7, wherein: Address storage means for storing the address of the authorized person and address identification information for identifying the address in association with each other,
The access code generating means generates an access code as information relating to the address of the access authorized person in association with address identification information corresponding to the address,
The authentication information notifying unit obtains the address of the access permitted person corresponding to the access code among the addresses of the permitted access person stored in the access code storing unit from the addresses stored in the address storage unit. The access control system according to claim 8, wherein the authentication information is notified to the address.   The authentication information notification means further receives the accessor's address together with the access code from the accessor, and the address relates to an access permitter's address corresponding to the access code stored by the access code storage means The access control according to claim 1, 7, 8 or 9, wherein the authentication information is notified to the address of the access permitted person on condition that the address corresponds to the address of the access permitted person acquired from the access point. system.   When the authentication information notifying unit obtains a plurality of addresses from the information related to the address of the access authorized person corresponding to the access code stored by the access code storage unit, the authentication information notifying unit includes the plurality of addresses in the plurality of addresses. 11. The access control system according to claim 10, wherein the authentication information is notified to the corresponding address from among the plurality of addresses on condition that there is an address corresponding to an address received from an accessor. . The access code generating means generates an access code including an address verification code for verifying the address as information related to the address of the access authorized person,
The authentication information notification means further accepts the accessor's address together with the access code from the accessor, and the address verification code generated from the address corresponds to the address verification code included in the access code. The access control system according to any one of claims 1 to 11, wherein the authentication information is notified to an address received from the accessor. The access code generating means generates an access code by further associating information related to a valid condition required for the access authorized person,
The access control according to any one of claims 1 to 12, wherein the authentication information notification unit notifies the authentication information on condition that an effective condition acquired based on the access code is satisfied. system.   The access code generation means generates an access code as information related to the valid condition in association with information related to a period, time, number of times, or a combination of which access is permitted. The described access control system. The access code generating means generates an access code by associating information on the access permitted person's message address, telephone number or both as information relating to the access permitted person's address,
The access according to any one of claims 1 to 14, wherein the authentication information notification means notifies the authentication information to a message address, a telephone number, or both of the access permitter. Control system. The access code generation unit generates an access code by associating information on an address using a communication path different from a communication path for receiving an access code and authentication information from the accessor as information on the access permitted person's address. ,
The authentication information notifying unit notifies the authentication information to the address using a communication path different from a communication path for receiving an access code and authentication information from the accessor. The access control system according to any one of the above.   The access control system according to any one of claims 1 to 16, wherein the authentication information notification unit randomly generates and notifies different authentication information every time an access code is received from the accessor. . Further comprising authentication information storage means for storing the session ID uniquely identifying the authentication information notification procedure and the authentication information notified in the session ID notification procedure in association with each other;
The access control means transmits a message including the session ID to the user terminal of the accessor, accepts a response message including the session ID and the authentication information as a response to the message, 18. The access control system according to claim 17, wherein access by the accessor is permitted on the condition that authentication information is stored in association with the authentication information storage unit. An identification generating means for uniquely identifying the authentication information notification procedure and generating a session ID containing authentication information including the authentication information notified in the notification procedure,
The access control means transmits a message including the session ID containing authentication information generated by the ID generation means to the user terminal of the accessor, and the authentication information containing session ID and the authentication as a response to the message A response message including information is received, and access by the accessor is permitted on the condition that the authentication information included in the response message corresponds to the authentication information included in the session ID. The access control system according to claim 18. The access code generation means generates an access code by further associating information related to an access destination address indicating an access destination of the access permitted person,
The access control system according to any one of claims 1 to 19, wherein the access control unit permits access by the accessor for an access destination address specified based on the access code. The access code generation means generates an access code by associating a file name, a folder name, a directory name or a combination thereof specifying the access destination resource as the access destination address,
The access control means permits access by the accessor to a resource specified by a file name, a folder name, a directory name or a combination thereof associated with the access code. Access control system. An authentication server that has the authentication information notification unit and an access control unit to authenticate the accessor, and a content management server that manages content provided to the accessor,
The access control means of the authentication server obtains content to be provided to the accessor from the content management server when the access by the accessor is permitted, and discloses the content to the accessor. The access control system according to any one of claims 1 to 21. An authentication server that has the authentication information notification means and notifies the access information to the accessor, and a content management server that has the access control means and manages the content provided to the accessor,
The authentication information notification means of the authentication server receives an access code from the accessor via the content management server,
The access according to any one of claims 1 to 21, wherein the access control means of the content management server discloses the content to the accessor when permitting access by the accessor. Control system. An authentication server that has the authentication information notification unit and an access control unit to authenticate the accessor, and a content management server that manages content provided to the accessor,
The access control means of the authentication server generates a secondary access code for accessing the content management server when permitting access by the accessor, and discloses the secondary access code to the accessor. The access control system according to any one of claims 1 to 21, wherein An authentication server that has the authentication information notification unit and an access control unit to authenticate the accessor, and a content management server that manages content provided to the accessor,
The access control means of the authentication server receives an access code from the accessor via the content management server, acquires content to be provided to the accessor from the content management server,
The access control means of the content management server discloses the content acquired from the content management server to the accessor when permitting access by the accessor. The access control system according to claim 1. An access ID storage means for storing an access ID for uniquely specifying the permitted access and a control content for the access in association with each other when access by the access person is permitted by the access control means;
Access ID notification means for notifying the accessor of the access ID stored in the access ID storage means;
The access ID notified by the access ID notifying unit is received from the accessor, and the accessor's access is continuously controlled based on the control content stored in the access ID storage unit in association with the access ID. Access continuation control means,
The access control system according to claim 1, further comprising: An access ID generating means for uniquely identifying the permitted access and generating an access ID including a control content for the access when access by the accessor is permitted by the access control means;
Access ID notification means for notifying the accessor of the access ID generated by the access ID generation means;
An access continuation control means for receiving an access ID notified by the access ID notification means from the accessor and continuously controlling the access of the accessor based on the control content included in the access ID;
The access control system according to any one of claims 1 to 26, further comprising: The access ID generation unit obtains access source information for uniquely specifying the access source of the accessor when access by the accessor is permitted by the access control unit, and the access source information of the accessor Correspondingly generating the access ID,
The access continuation control unit receives the access ID generated by the access ID generation unit from the accessor and acquires the access source information of the accessor, and the acquired access source information is associated with the access ID. 28. The access control according to claim 26 or 27, wherein the access by the accessor is continuously controlled based on the control content associated with the access ID on condition that the access source information corresponds. system. When access by the accessor is permitted by the access control means, access source information storage means for storing the access source information for uniquely specifying the access source of the accessor and the control content for the accessor in association with each other;
When an access request is received from the accessor, the access source information included in the access request is acquired, and the access source information is stored in the access source information storage unit in association with the access source information. An access continuation control means for continuously controlling access by the accessor;
The access control system according to any one of claims 1 to 28, further comprising: As information for specifying an access code to be invalidated, the access code itself, condition information related to predetermined invalidation information derivable from the access code, or predetermined invalidation information associated with the access code Comprising invalidation information storage means for storing condition information;
When the authentication information notifying unit receives an access code from the accessor, the authentication information notifying unit acquires the invalidation information based on the access code, and the invalidation information is stored in the invalidation information storage unit. The access according to any one of claims 1 to 29, wherein predetermined authentication information is notified to the address of the access authorized person acquired based on the access code on condition that the access code does not match. Control system.   31. The invalidation information storage unit stores condition information related to an access code until an expiration date set in the access code elapses. Access control system. The invalidation information storage unit corresponds to the access code of the access source notified of the authentication information, the condition information related to the predetermined invalidation information derivable from the access code of the access source, or the access code of the access source Storing the condition information related to the given invalidation information attached,
The authentication information notifying unit, when receiving an access code from the accessor, acquired based on the address code on the condition that the access code does not match the condition information stored by the invalidation information storage unit 32. The access control system according to claim 1, wherein predetermined authentication information is notified to the address of the access authorized person. An access control method for controlling access by an accessor,
An access code generating step for generating an access code in association with information related to the address of one or more access authorized users who are permitted to access;
An authentication information notification step of receiving an access code from the accessor and notifying predetermined authentication information to the address of the access permitted person acquired based on the access code;
An access control step for accepting authentication information from the accessor, and permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notification step;
An access control method comprising: The access code generation step generates an access code including information related to addresses of one or a plurality of access authorized persons permitted to access with a predetermined key;
The authentication information notifying step receives an access code from the accessor, obtains the address of the access permitter included in the access code, and notifies predetermined authentication information to the address of the access permitter. 34. The access control method according to claim 33, wherein For each access code generated by the access code generation step, including an access code storage step of storing information relating to the address of an access authorized person corresponding to each access code,
The authentication information notification step receives an access code from the accessor, obtains the address of the access permitter corresponding to the access code among the access permitter addresses stored in the access code storage step, and 34. The access control method according to claim 33, wherein predetermined authentication information is notified to the address of the permitter. An access control program for causing a computer to execute an access control method for controlling access by an accessor,
An access code generation procedure for generating an access code in association with information relating to the address of one or a plurality of access permitted users who are permitted to access;
An authentication information notification procedure for receiving an access code from the accessor and notifying predetermined authentication information to the address of the access permitted person obtained based on the access code;
An access control procedure for accepting authentication information from the accessor and permitting access by the accessor on the condition that the authentication information corresponds to the authentication information notified by the authentication information notification procedure;
An access control program for causing a computer to execute. The access code generation procedure generates an access code including information related to addresses of one or a plurality of access-permitted users who are permitted to access using a predetermined key,
The authentication information notification procedure receives an access code from the accessor, obtains the address of the access permitter included in the access code, and notifies predetermined authentication information to the address of the access permitter. 37. The access control program according to claim 36, wherein For each access code generated by the access code generating means, an access code storing procedure for storing information related to the address of an access authorized person corresponding to each access code,
The authentication information notification procedure receives an access code from the accessor, obtains an access permitter address corresponding to the access code among the access permitter addresses stored in the access code storage procedure, and 37. The access control program according to claim 36, wherein predetermined authentication information is notified to the address of the permitter.

Images