JP2017167947A - Information processing device, information processing system, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it unnecessary for a user to select an authentication system.SOLUTION: This device is an information processing device connected to a server device which provides a predetermined service, which comprises: storage means for storing information on a plurality of authentication systems to be used for authentication in the case of using the service in association; display mean for displaying a screen for enabling a user to input authentication information to be used for authentication by preliminarily selected one authentication system among the plurality of authentication systems in the case of using the service provided by the server device; and authentication means for performing authentication by the one authentication system by using the authentication information input on the screen displayed by the display means. The authentication means is configured to, when authentication by the one authentication system succeeds, perform authentication by the other authentication system by using each of one or more other authentication systems stored in association with the information on the one authentication system among the information on the plurality of authentication systems in the storage means.SELECTED DRAWING: Figure 12

Description

  The present invention relates to an information processing apparatus, an information processing system, an information processing method, and a program.

  2. Description of the Related Art Document management systems are known in which document data such as purchase orders, reports, forms, drawings, and the like are centrally managed by a document management server. In such a document management system, a user uses the same document data as when he / she is in the office, for example, outside the office or on a business trip by accessing the document management server using a client terminal. be able to.

  In addition, in a communication terminal device, when biometric information is registered together with user information, a technique is known that makes it unnecessary to input a passcode by performing authentication based on biometric information (see, for example, Patent Document 1).

  Here, when a user accesses a document management server using a client terminal, it may be necessary to use an authentication method according to the environment in which the client terminal is placed.

  That is, when the client terminal is in an in-house environment, the user can use various authentication methods used in, for example, HTTP (HyperText Transfer Protocol) connection or UNC (Universal Naming Convention) connection. On the other hand, when the client terminal is in an outside environment, the user needs to use an authentication method used in, for example, an HTTP connection.

  For this reason, the user has to select an authentication method to be used according to the environment in which the client terminal is placed.

  Embodiments of the present invention have been made in view of the above points, and an object thereof is to eliminate the need for a user to select an authentication method.

  In order to achieve the above object, an embodiment of the present invention is an information processing apparatus connected via a network to a server apparatus that provides a predetermined service, and uses the service provided by the server apparatus In the case of using the service provided by the server device and the storage means for associating and storing information on a plurality of authentication methods used for authentication in the case, one authentication selected in advance among the plurality of authentication methods Authentication using the one authentication method is performed using display means for displaying a screen for allowing the user to input authentication information used for authentication by the method, and authentication information input on the screen displayed by the display means. Authentication means for performing, when the authentication means succeeds in authentication by the one authentication method, the authentication means relates to the plurality of authentication methods. Of the information that is carried out by using respectively one or more other authentication method stored in the storage means in association with the information for one authentication method, the authentication by the another authentication method, respectively.

  According to the embodiment of the present invention, selection of an authentication method by a user can be made unnecessary.

It is a figure which shows the system configuration | structure of an example of the document management system which concerns on this embodiment. It is a figure which shows the hardware constitutions of an example of the computer which concerns on this embodiment. It is a figure which shows the function structure of an example of the document management system which concerns on this embodiment. It is a sequence diagram which shows an example of the pre-registration process before using a document management service. It is a figure which shows an example of the screen for registering server information and an authentication system. It is a figure which shows an example of integrated authentication information. It is a figure which shows an example of the integrated authentication information represented by the XML format. It is a sequence diagram (the 1) which shows an example of the initial process of each authentication system. It is a figure which shows an example of the screen for registering a passcode. It is a sequence diagram (the 1) which shows an example of the initial process of each authentication system. It is a figure which shows an example of the screen for inputting a user name and a password, and selecting a domain name. It is a sequence diagram which shows an example of the process using a document management service. It is a figure which shows an example of the screen for authenticating with a passcode. It is a figure which shows an example of the utilization screen of a document management service. It is a figure which shows the other example of the utilization screen of a document management service.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<System configuration>
First, the system configuration of the document management system 1 according to the present embodiment will be described with reference to FIG. FIG. 1 is a diagram showing a system configuration of an example of a document management system according to the present embodiment.

  A document management system 1 illustrated in FIG. 1 includes a client terminal 10 and a document management server 20. The client terminal 10 and the document management server 20 are communicably connected via a network N1 such as an in-house LAN (Local Area Network) in the in-house environment E1, or a wide area network N2 such as the Internet or a telephone line network. Yes.

  The client terminal 10 is an information processing apparatus such as a notebook PC (personal computer), a tablet terminal, or a smartphone used by a user. The user can use the client terminal 10 to browse, edit, upload, download, etc. various document data managed by the document management server 20.

  That is, the user of the client terminal 10 can use the document management service provided by the document management server 20 via the network N1 in the in-house environment E1. In addition, the user of the client terminal 10 performs document management provided by the document management server 20 via the network N2 (more precisely, via the network N2 and the network N1) in the external environment E2 other than the internal environment E1. You can use the service.

  Here, the client terminal 10 according to the present embodiment uses UNC connection when using the document management service in the in-house environment E1. At this time, it is assumed that the client terminal 10 according to the present embodiment needs to perform authentication by using Windows (registered trademark) authentication.

  In addition, the client terminal 10 according to the present embodiment uses an HTTP connection when using the document management service in the external environment E2. At this time, it is assumed that the client terminal 10 according to the present embodiment needs to perform authentication by passcode authentication as an authentication method.

  The passcode authentication means that the identification information of the client terminal 10 that uses the document management service is registered in the document management server 20 in advance so that the client terminal 10 can authenticate the passcode input by the user. This is the authentication method to be performed.

  However, the authentication method when using the document management service by HTTP connection is not limited to passcode authentication. The client terminal 10 may use various authentication methods such as Basic authentication and Digest authentication when using the document management service by HTTP connection.

  Further, the passcode authentication according to the present embodiment is performed by the client terminal 10, but is not limited thereto, and the document management server 20 may perform the passcode authentication.

  Further, the client terminal 10 according to the present embodiment uses the document management service through UNC connection in the in-house environment E1, but is not limited thereto, and also uses the document management service through HTTP connection in the in-house environment E1. May be.

  The document management server 20 is an information processing apparatus that provides a document management service to the client terminal 10.

  In the document management system 1 illustrated in FIG. 1, the document management server 20 is configured by one information processing apparatus, but is not limited thereto, and may be configured by a plurality of information processing apparatuses. Further, the document management system 1 shown in FIG. 1 shows an example in which one document management server 20 is included. However, the present invention is not limited to this, and a plurality of document management servers 20 (for example, the document management server 20A and the document Management server 20B etc.) may be included.

<Hardware configuration>
Next, the hardware configuration of the client terminal 10 and the document management server 20 according to the present embodiment will be described. The client terminal 10 and the document management server 20 according to the present embodiment can be realized by a computer 300 shown in FIG. 2, for example. FIG. 2 is a diagram illustrating a hardware configuration of an example of a computer according to the present embodiment.

  A computer 300 shown in FIG. 2 includes an input device 301, a display device 302, an external I / F 303, and a RAM (Random Access Memory) 304. The computer 300 includes a ROM (Read Only Memory) 305, a CPU (Central Processing Unit) 306, a communication I / F 307, and a storage device 308. These pieces of hardware are connected to each other by a bus B.

  The input device 301 is a keyboard, mouse, touch panel, or the like, and is used to input various types of information to the computer 300. The display device 302 includes a display and the like, and displays a processing result by the computer 300. Note that the document management server 20 may be configured to use at least one of the input device 301 and the display device 302 connected to the bus B when necessary.

  The external I / F 303 is an interface with an external device. An example of the external device is a recording medium 303a.

  Examples of the recording medium 303a include a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card (SD memory card), a USB memory (Universal Serial Bus memory), and the like. The computer 300 can read and write to the recording medium 303a via the external I / F 303.

  The RAM 304 is a volatile semiconductor memory that temporarily stores programs and data. The ROM 305 is a nonvolatile semiconductor memory that can retain data even when the power is turned off. The CPU 306 is an arithmetic device that reads programs and data from the storage device 308, the ROM 305, and the like onto the RAM 304 and executes various processes.

  The communication I / F 307 is an interface for connecting the computer 300 to the network N1 or the network N2.

  The storage device 308 is a non-volatile memory that stores programs and data. Examples of the program and data stored in the storage device 308 include a program that implements the present embodiment and an OS (Operating System) that is basic software that controls the entire computer 300.

  The client terminal 10 and the document management server 20 according to the present embodiment can implement various processes to be described later using, for example, the computer 300 illustrated in FIG.

<Functional configuration>
Next, the functional configuration of the document management system 1 according to the present embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating a functional configuration of an example of the document management system according to the present embodiment.

  The client terminal 10 shown in FIG. 3 includes an input / output control unit 101, a registration processing unit 102, and an authentication processing unit 103. Each of these units is realized by processing executed by the CPU 306 by one or more programs installed in the client terminal 10.

  The client terminal 10 illustrated in FIG. 3 includes an integrated authentication information storage unit 104. The storage unit can be realized using the storage device 308, for example.

  The input / output control unit 101 receives input of various operations from the user and displays various processing results. For example, the input / output control unit 101 accepts input of a passcode used for passcode authentication, a user name and a password used for Windows authentication, and the like. In addition, for example, the input / output control unit 101 displays a screen for inputting a passcode used for passcode authentication, a screen for inputting a user name and password used for Windows authentication, and the like on the display device 302. .

  The registration processing unit 102 performs processing for creating integrated authentication information 104D, which will be described later, and storing (registering) it in the integrated authentication information storage unit 104. Here, the integrated authentication information 104D is information that associates information (server information) about the document management server 20 with information about various authentication methods (authentication method information).

  That is, the registration processing unit 102 performs authentication by various authentication methods by the authentication processing unit 103, and acquires authentication information of these various authentication methods. Then, the registration processing unit 102 creates the integrated authentication information 104D by associating the authentication method information including the acquired authentication information with the server information.

  As a result, the client terminal 10 according to the present embodiment performs authentication using one authentication method (for example, passcode authentication), and thereby another authentication method (for example, Windows authentication) associated with the one authentication method. ) Can also be authenticated.

  The authentication processing unit 103 performs processing related to authentication by various authentication methods. That is, the authentication processing unit 103 performs authentication by various authentication methods, registration of authentication information, and the like in response to a request from the registration processing unit 102. The authentication processing unit 103 performs authentication using various authentication methods based on the integrated authentication information 104D when starting to use the document management service. Here, the authentication processing unit 103 includes a first authentication unit 113 and a second authentication unit 123.

  The first authentication unit 113 performs processing related to passcode authentication, which is an authentication method when using the document management service by connecting to the document management server 20 through HTTP connection. That is, the first authentication unit 113 performs registration of a passcode used for passcode authentication, authentication of a passcode input by a user, and the like.

  The second authentication unit 123 performs processing related to Windows authentication, which is an authentication method when the document management server 20 is used by connecting to the document management server 20 through UNC connection. That is, the second authentication unit 123 requests the document management server 20 to authenticate the user name and password input by the user.

  In addition to the first authentication unit 113 and the second authentication unit 123, the authentication processing unit 103 performs, for example, an authentication unit that performs processing related to basic authentication, an authentication unit that performs authentication related to digest authentication, and authentication based on biometric authentication. You may have various authentication parts, such as an authentication part.

  The integrated authentication information storage unit 104 stores integrated authentication information 104D for each server information. As described above, the integrated authentication information 104D is associated with server information and authentication method information based on various authentication methods. Details of the integrated authentication information 104D will be described later.

  The document management server 20 illustrated in FIG. 3 includes an authentication processing unit 201 and a document management processing unit 202. These units are realized by processing executed by the CPU 306 by one or more programs installed in the document management server 20.

  The document management server 20 shown in FIG. 3 has a document management database (hereinafter referred to as “document management DB”) 203. The DB can be realized using the storage device 308, for example. The document management DB 203 may be realized by a storage device or the like connected to the document management server 20 via a network.

  The authentication processing unit 201 performs processing related to authentication by various authentication methods. Here, the authentication processing unit 201 includes a first authentication unit 211 and a second authentication unit 221.

  The first authentication unit 211 performs processing related to passcode authentication. That is, when the first authentication unit 211 registers a passcode in the client terminal 10, the first authentication unit 211 uses the identification information (for example, terminal ID and telephone number) of the client terminal 10 in a predetermined storage area of the document management server 20. Remember (register).

  The second authentication unit 221 performs processing related to Windows authentication. That is, when the second authentication unit 221 receives an authentication request from the client terminal 10, the second authentication unit 221 authenticates a user name and a password included in the request.

  In addition to the first authentication unit 211 and the second authentication unit 221, the authentication processing unit 201 performs processing related to biometric authentication, such as an authentication unit that performs processing related to basic authentication, an authentication unit that performs authentication related to digest authentication, and the like. You may have various authentication parts, such as an authentication part to perform.

  If the authentication processing unit 201 succeeds in authentication, the document management processing unit 202 provides a document management service to the client terminal 10. That is, the document management processing unit 202 provides the client terminal 10 with usage (for example, browsing, editing, uploading, downloading, etc.) of various document data stored in the document management DB 203.

  The document management DB 203 stores various document data. The document management DB 203 stores various document data (including drawing data) such as an order form, a report, a form, and a drawing.

<Details of processing>
Next, details of processing of the document management system 1 according to the present embodiment will be described.

  First, pre-registration processing before the user of the client terminal 10 uses the document management service will be described with reference to FIG. FIG. 4 is a sequence diagram illustrating an example of pre-registration processing before using the document management service.

  First, the user operates the client terminal 10 to perform an operation for starting registration of the document management server 20 used by the user (step S401).

  When receiving the operation, the input / output control unit 401 of the client terminal 10 displays, for example, a server information registration screen 1100 illustrated in FIG. 5A on the display device 302 (step S402).

  A server information registration screen 1100 shown in FIG. 5A is a screen for registering information (server information) related to the document management server 20 used by the user. The server information registration screen 1100 shown in FIG. 5A includes an IP (Internet Protocol) address setting field 1101, a display name setting field 1102, an OK button 1103, and the like.

  The user sets the IP address and display name of the desired document management server 20 in the IP address setting field 1101 and the display name setting field 1102 on the server information registration screen 1100 shown in FIG. A button 1103 is pressed. Then, the input / output control unit 401 of the client terminal 10 displays an authentication method registration screen 1200 shown in FIG.

  Note that the IP address set in the IP address setting field 1101 may be set, for example, when the user selects a desired document management server 20 from the list of document management servers 20. The IP address setting field 1101 is not limited to an IP address, and for example, a host name may be set.

  An authentication method registration screen 1200 shown in FIG. 5B is a screen for registering one or more authentication methods for registering authentication information and an authentication method used by the user among these authentication methods. The authentication method registration screen 1200 shown in FIG. 5B includes an authentication method list 1201 to be registered, an authentication method selection column 1202 to be used, an OK button 1203, and the like.

  The user can add or delete an authentication method for registering authentication information using a check box of the authentication method list 1201 to be registered on the authentication method registration screen 1200 shown in FIG. In addition, the user himself / herself is selected from among the authentication methods registered in the list of authentication methods to be registered 1201 in the authentication method selection column 1202 to be used in the authentication method registration screen 1200 shown in FIG. Can select the authentication method used.

  In the authentication method selection column 1202 to be used, the simplest authentication method may be selected in advance from the authentication methods registered in the authentication method list 1201 to be registered (that is, most) A simple authentication method may be selected by default). Here, the simplest authentication method is, for example, an authentication method in which the amount of authentication information input by the user (for example, the number of characters of authentication information influential by the user) is the smallest.

  The user selects the authentication method to be registered and the authentication method to be used from the list of authentication methods 1201 to be registered and the authentication method selection column 1202 to be used on the authentication method registration screen 1200 shown in FIG. After that, an OK button 1103 is pressed.

  Here, in the authentication method registration screen 1200 shown in FIG. 5B, “passcode authentication” and “Windows authentication” in the authentication method list 1201 to be registered are “passcode authentication” in the authentication method selection column 1202 to be used. It is assumed that “authentication” is selected by the user.

  Then, the registration processing unit 102 of the client terminal 10 requests the authentication processing unit 103 for initial processing of each authentication method to be registered. Then, the authentication processing unit 103 of the client terminal 10 performs initial processing for each authentication method to be registered (step S403). That is, for example, the authentication processing unit 103 of the client terminal 10 performs the initial processing of passcode authentication by the first authentication unit 113 and then performs the initial processing of Windows authentication by the second authentication unit 123.

  Here, in the initial processing of passcode authentication, the identification information of the client terminal 10 is registered in the document management server 20 and the passcode used for authentication is registered in the client terminal 10. Thereby, authentication information included in the authentication method information for passcode authentication is created.

  In the first process of Windows authentication, the document management server 20 authenticates the user name and password input by the user. Thereby, authentication information included in the authentication method information of Windows authentication is created.

  The details of the initial passcode authentication process and the initial Windows authentication process will be described later.

  When the initial processing of each authentication method is successful (that is, when authentication by passcode registration and Windows authentication is successful), the registration processing unit 102 of the client terminal 10 creates and registers integrated authentication information 104D ( Step S404).

  That is, for example, the registration processing unit 102 creates the integrated authentication information 104D illustrated in FIG. 6 and stores (registers) the created integrated authentication information 104D in the integrated authentication information storage unit 104.

  Here, in the integrated authentication information 104D shown in FIG. 6, server information indicating the document management server 20 used by the user and authentication method information indicating an authentication method used for authentication of the document management server 20 are associated with each other.

  In the server information, the IP address set in the IP address setting field 1101 of the server information registration screen 1100 shown in FIG. Authentication method information for each authentication method is set in the authentication method information.

  For example, the authentication method information of “passcode authentication” included in the authentication method information includes a connection method “HTTP” for authentication by the passcode authentication method, and authentication information of the passcode authentication method (that is, the passcode authentication method). Code) and a use authentication method “true”.

  Further, for example, the authentication method information of “Windows authentication” included in the authentication method information includes a connection method “UNC” for performing authentication by the Windows authentication method, authentication information of the Windows authentication method, and an authentication method of use. “False” is included.

  Here, the authentication information included in the authentication method information of each authentication method is authentication information created in the initial process of each authentication method. Further, the use authentication method included in the authentication method information of each authentication method is “true” in the authentication method selected in the authentication method selection column 1202 to be used on the authentication method registration screen 1200 shown in FIG. Is set. On the other hand, “false” is set to an authentication method not selected in the authentication method selection field 1202.

  Furthermore, as a connection method included in the authentication method information of each authentication method, for example, a connection method determined in advance for each authentication method is set.

  The integrated authentication information 104D shown in FIG. 6 is created and registered in the XML (Extensible Markup Language) format by the registration processing unit 102 as shown in FIG. 7, for example. Here, in the integrated authentication information 104D shown in FIG. 7, the value defined by the <Value> tag (for example, “1234” indicating the passcode) is defined after being encrypted by a predetermined encryption algorithm. The

  However, the integrated authentication information 104D is not limited to the XML format, and may be created in various data formats such as a JSON (JavaScript Object Notation) format and a CSV (Comma-Separated Values) format.

  As described above, in the document management system 1 according to the present embodiment, the authentication method information of the authentication method used in the document management server 20 is associated with the server information of the document management server 20 used by the user in the client terminal 10. Integrated authentication information 104D is registered.

  Here, the initial process of each authentication method in step S403 will be described. First, the initial process of passcode authentication will be described below with reference to FIG. FIG. 8 is a sequence diagram (part 1) illustrating an example of the initial process of each authentication method.

  First, when the first authentication unit 113 receives a request for initial processing from the registration processing unit 102, the input / output control unit 101 displays, for example, a work selection screen 2100 shown in FIG. 9A (step S801).

  Here, the work selection screen 2100 shown in FIG. 9A is a screen for starting registration of a passcode, and includes a device registration button 2101.

  The user presses the device registration button 2101 on the work selection screen 2100 shown in FIG. Then, the input / output control unit 101 of the client terminal 10 displays a passcode registration screen 2200 shown in FIG.

  A passcode registration screen 2200 shown in FIG. 9B is a screen for inputting a passcode to be registered in the client terminal 10, and includes a passcode input field 2201, an OK button 2202, and the like.

  On the passcode registration screen 2200 shown in FIG. 9B, the user inputs a desired passcode in the passcode input field 2201, and then presses an OK button 2202 (step S802). That is, the user performs an authentication information registration operation. Then, the input / output control unit 101 of the client terminal 10 receives the registration operation.

  When the input / output control unit 101 accepts an authentication information registration operation, the first authentication unit 113 of the client terminal 10 transmits a terminal registration request to the document management server 20 (step S803). The registration request includes identification information of the client terminal 10 (for example, a terminal ID or a telephone number).

  At this time, the first authentication unit 113 of the client terminal 10 stores (registers) the passcode input by the user in a predetermined storage area managed by the first authentication unit 113.

  When the first authentication unit 211 of the document management server 20 receives the registration request for the terminal, the first authentication unit 211 stores the identification information included in the registration request in a predetermined storage area managed by the first authentication unit 211 (registration). Then, a registration completion response is returned to the client terminal 10.

  Finally, when receiving the registration completion response, the first authentication unit 113 of the client terminal 10 creates authentication information for passcode authentication (step S804). That is, the first authentication unit 113 uses the passcode registered in the predetermined storage area in step S803 as authentication information.

  As described above, the authentication information (that is, the passcode) used for the passcode authentication is registered in the client terminal 10 according to the present embodiment, and the initial passcode authentication process is completed. Thereby, in the client terminal 10 according to the present embodiment, authentication information included in the authentication method information for passcode authentication is created.

  Next, the initial processing of Windows authentication will be described with reference to FIG. FIG. 10 is a sequence diagram (part 1) illustrating an example of the initial process of each authentication method.

  First, when the second authentication unit 123 receives a request for initial processing from the registration processing unit 102, the input / output control unit 101 displays, for example, a Windows authentication screen 3100 shown in FIG. 11 (step S1001).

  A Windows authentication screen 3100 shown in FIG. 11 is a screen for inputting authentication information (domain name, user name, and password) used for Windows authentication. A Windows authentication screen 3100 shown in FIG. 11 includes a user name input field 3101, a password input field 3102, a domain name selection field 3103, an OK button 3104, and the like.

  In the Windows authentication screen 3100 shown in FIG. 11, the user selects his / her domain name from the domain name selection field 3103 and inputs his / her user name and password in the user name input field 3101 and password input field 3102. Then, the user presses an OK button 3104 on the Windows authentication screen 3100 shown in FIG. 11 (step S1002). That is, the user performs an authentication information input operation. Then, the input / output control unit 101 of the client terminal 10 receives the input operation.

  When the input / output control unit 101 accepts an input operation for authentication information, the second authentication unit 123 of the client terminal 10 transmits an authentication request based on Windows authentication to the document management server 20 (step S1003). The authentication request includes the user name and password input by the user and the selected domain name.

  When the second authentication unit 221 of the document management server 20 receives the authentication request, the second authentication unit 221 authenticates the authentication information included in the authentication request and returns the authentication result to the client terminal 10. Here, it is assumed that the second authentication unit 221 returns an authentication result indicating a successful authentication to the client terminal 10.

  Lastly, when the second authentication unit 221 of the client terminal 10 receives the authentication result, it creates authentication information for Windows authentication (step S1004). That is, the second authentication unit 221 uses the user name, password, and domain name input or selected by the user in step S1002 as authentication information.

  As described above, the initial processing of Windows authentication is completed in the client terminal 10 according to the present embodiment. Thereby, in the client terminal 10 according to the present embodiment, authentication information (that is, a user name, a password, and a domain name) included in the authentication method information for Windows authentication is created.

  Next, processing when the user of the client terminal 10 uses the document management service will be described with reference to FIG. FIG. 12 is a sequence diagram illustrating an example of processing using the document management service.

  First, the user operates the client terminal 10 to select the document management server 20 that the user desires to use, and thereby performs an operation for starting use of the document management service provided by the document management server 20. This is performed (step S1201). This can be performed, for example, by selecting the display name of the document management server 20 used by the user from the display names of the document management server 20 registered by the user in the pre-registration process shown in FIG. Then, the input / output control unit 101 of the client terminal 10 receives the operation.

  When the input / output control unit 101 accepts an operation for starting use of the document management service, the authentication processing unit 103 of the client terminal 10 specifies the authentication method used by the user (step S1202). That is, the authentication processing unit 103 acquires the integrated authentication information 104D including the server information of the document management server 20 selected in step S1201 from the integrated authentication information storage unit 104. Then, the authentication processing unit 103 acquires authentication method information whose use authentication method is “true” among the authentication method information included in the acquired integrated authentication information 104D. Thereby, the authentication method used by the user is specified.

  Hereafter, it is assumed that authentication method information for passcode authentication is acquired from the authentication method information included in the integrated authentication information 104D shown in FIG. 6 in step S1202.

  When the authentication processing unit 103 identifies the authentication method used by the user, the input / output control unit 101 of the client terminal 10 displays an authentication screen for inputting authentication information of the authentication method (step S1203). That is, the input / output control unit 101 displays, for example, a passcode input screen 3000 shown in FIG.

  A passcode input screen 3000 shown in FIG. 13 is a screen for the user to input authentication information (passcode) used for passcode authentication, and includes a passcode input field 3001, an OK button 3002, and the like.

  In the passcode input screen 3000 shown in FIG. 13, the user inputs a passcode registered in advance in the passcode input field 3001, and then presses an OK button 3002 (step S1204). That is, the user performs an authentication information input operation. Then, the input / output control unit 101 of the client terminal 10 receives the input operation.

  When the first authentication unit 113 of the client terminal 10 receives an input operation of authentication information from the input / output control unit 101, the first authentication unit 113 performs authentication using the use authentication method (step S1205). That is, the first authentication unit 113 performs authentication by passcode authentication.

  Here, the first authentication unit 113 receives the passcode input in the passcode input field 3001 and the authentication information (passcode) included in the authentication method information for passcode authentication acquired in step S1203 above. Authentication is performed by determining whether or not they match. However, the first authentication unit 113 is not limited to this, and the first authentication unit 113 may use the passcode input in the passcode input field 3001 and the passcode registered in advance in a predetermined storage area managed by the first authentication unit 113. Authentication may be performed depending on whether or not and.

  Hereinafter, the description will be continued assuming that the authentication by the use authentication method in step S1205 is successful. If the authentication in step S1205 fails, the first authentication unit 113 causes the input / output control unit 101 to display, for example, a message indicating that the authentication has failed on the display device 302.

  The authentication processing unit 103 of the client terminal 10 acquires authentication method information whose use authentication method is “false” among the authentication method information included in the integrated authentication information 104D acquired in step S1202 (step S1206). That is, the authentication processing unit 103 includes authentication method information associated with the authentication method information for passcode authentication (that is, authentication method information for Windows authentication) among the authentication method information included in the integrated authentication information 104D illustrated in FIG. To get.

  Next, the authentication processing unit 103 of the client terminal 10 performs authentication processing for each authentication method based on the authentication method information acquired in step S1206 (step S1207). That is, the authentication processing unit 103 uses the second authentication unit 123 to perform authentication by Windows authentication using authentication information (user name, password, and domain name) included in the authentication method information of Windows authentication.

  If a plurality of authentication method information is acquired in step S1206, the authentication processing unit 103 of the client terminal 10 uses the authentication information included in each of the acquired plurality of authentication method information, and each corresponding authentication method. Authentication by.

  Then, the input / output control unit 101 of the client terminal 10 displays a use screen of the document management service provided by the document management processing unit 202 of the document management server 20 (step S1208). As a result, the user of the client terminal 10 can start using the document management service.

  Thus, the client terminal 10 according to the present embodiment performs authentication using a predetermined authentication method (that is, an authentication method used by the user). When the client terminal 10 according to the present embodiment succeeds in authentication by the authentication method, the client terminal 10 performs authentication by another authentication method using the authentication information of each authentication method information included in the integrated authentication information 104D.

  As a result, the user of the client terminal 10 according to the present embodiment performs authentication by a predetermined authentication method (for example, passcode authentication), thereby simultaneously performing authentication by another authentication method (for example, Windows authentication). Will be able to do.

  Therefore, the user may perform authentication by passcode authentication, for example, without being aware of whether the client terminal 10 is in the internal environment E1 or the external environment E2. At this time, for example, when the client terminal 10 is in the in-house environment E1, the client terminal 10 is authenticated by both authentication methods of passcode authentication and Windows authentication. On the other hand, for example, when the client terminal 10 is in the external environment E2, the client terminal 10 is authenticated by an authentication method for passcode authentication.

  In addition, the user can perform authentication by another authentication method such as Windows authentication at the same time by performing authentication using a simple authentication method such as passcode authentication using the client terminal 10. Therefore, the user of the client terminal 10 according to the present embodiment does not need to manage authentication information used for authentication by a plurality of authentication methods, and manages only authentication information of a simple authentication method (for example, passcode authentication). I will do better.

  Here, functions that can be used in the document management service provided by the document management processing unit 202 of the document management server 20 may differ depending on the authentication method in which the authentication is successful. For example, when the client terminal 10 uses the document management service using “passcode authentication” by HTTP connection, “item 1” that is bibliographic information of document data can be acquired, while “item 2” that is bibliographic information. May not be obtained. Similarly, for example, when the client terminal 10 uses the document management service by using “Windows authentication” by UNC connection, “item 2” that is the bibliographic information of the document data can be acquired, while the bibliographic information “ Item 1 ”may not be acquired.

  At this time, if the authentication is successful in both “passcode authentication” and “Windows authentication”, the input / output control unit 101 of the client terminal 10 displays a document management service use start screen 4000 shown in FIG. 14, for example.

  In the use start screen 4000 of the document management service shown in FIG. 14, in addition to the bibliographic information “name” and “size” of each document data stored in the document management DB 203, “item 1” acquired through the HTTP connection. "Item 2" acquired by UNC connection is displayed.

  On the other hand, when the “Windows authentication” authentication fails, the input / output control unit 101 of the client terminal 10 displays, for example, a document management service use start screen 5000 shown in FIG.

  In the use start screen 5000 of the document management service shown in FIG. 15, in addition to the bibliographic information “name” and “size” of each document data stored in the document management DB 203, “item 1” acquired by the HTTP connection. Is displayed. On the other hand, “item 2” acquired by UNC connection is displayed with “function restricted” indicating that the information of “item 2” cannot be acquired.

  As described above, in the document management system 1 according to the present embodiment, when the bibliographic information of the document data that can be acquired from the document management server 20 differs depending on the connection method, the document management system 1 responds to the authentication result by the authentication method corresponding to the connection method. Display. That is, in the document management system 1 according to the present embodiment, if there is bibliographic information or the like that cannot be acquired due to failure of authentication, the item indicating the bibliographic information or the like is, for example, “functionally restricted”. Is displayed. Thereby, the user of the client terminal 10 can know that there is a function that cannot be used in the document management service.

  In the above description, the specific bibliographic information of the document data cannot be acquired as a specific example of the function restriction. However, the present invention is not limited to this. For example, when various functions such as encryption and compression of document data cannot be used depending on the connection method, a message indicating that the function cannot be used is displayed for the function that cannot be used according to the authentication method that has failed authentication. Also good.

  Although the embodiments of the present invention have been described in detail above, the present invention is not limited to such specific embodiments, and various modifications are possible within the scope of the gist of the present invention described in the claims.・ Change is possible.

DESCRIPTION OF SYMBOLS 1 Document management system 10 Client terminal 20 Document management server 101 Input / output control part 102 Registration process part 103 Authentication process part 104 Integrated authentication information memory | storage part 113 1st authentication part 123 2nd authentication part 201 Authentication process part 202 Document management process Part 203 Document management DB
211 First authentication unit 221 Second authentication unit

Japanese Patent No. 4724028

Claims (8)

An information processing apparatus connected via a network to a server apparatus that provides a predetermined service,
Storage means for storing information related to a plurality of authentication methods used for authentication when using the service provided by the server device;
When using the service provided by the server device, a display for displaying a screen for allowing a user to input authentication information used for authentication by a preselected authentication method among the plurality of authentication methods. Means,
Using the authentication information input on the screen displayed by the display means, authentication means for performing authentication by the one authentication method;
Have
The authentication means includes
When authentication by the one authentication method is successful, one or more other authentication methods stored in the storage unit in association with information on the one authentication method among the information on the plurality of authentication methods are respectively used. An information processing apparatus that performs authentication by the other authentication method. The storage means
Storing information related to a plurality of authentication methods used for authentication when using the service provided by the server device in association with identification information of the server device;
The authentication means includes
When the authentication by the one authentication method is successful, the information on the one authentication method among the information on the plurality of authentication methods stored in the storage means in association with the identification information of the server device that provides the service; The information processing apparatus according to claim 1, wherein authentication is performed using each of one or more other authentication methods associated with each other and stored in the storage unit. The information related to the authentication method includes authentication information used for authentication by the authentication method,
The authentication means includes
If the authentication by the one authentication method is successful, the information on the plurality of authentication methods is included in one or more other authentication methods stored in the storage unit in association with the information on the one authentication method. The information processing apparatus according to claim 1, wherein authentication information is acquired, and authentication is performed by the other authentication method using the acquired authentication information. The information related to the authentication method includes information indicating whether or not the user inputs authentication information used for authentication by the authentication method,
The display means includes
When using the service provided by the server device, one of the information on the plurality of authentication methods corresponds to information on one authentication method including information indicating that the user inputs authentication information. The information processing apparatus according to any one of claims 1 to 3, wherein a screen for allowing the user to input authentication information used for an authentication method is displayed.   5. The information processing according to claim 1, wherein the plurality of authentication methods include an authentication method based on a passcode using HTTP connection and an authentication method based on Windows authentication using UNC connection. apparatus. An information processing system comprising a server device that provides a predetermined service and a client device connected to the server device via a network,
Storage means for storing information related to a plurality of authentication methods used for authentication when using the service provided by the server device;
When using the service provided by the server device, a display for displaying a screen for allowing a user to input authentication information used for authentication by a preselected authentication method among the plurality of authentication methods. Means,
Using the authentication information input on the screen displayed by the display means, authentication means for performing authentication by the one authentication method;
Have
The authentication means includes
When authentication by the one authentication method is successful, one or more other authentication methods stored in the storage unit in association with information on the one authentication method among the information on the plurality of authentication methods are respectively used. An information processing system that performs authentication by the other authentication methods. An information processing apparatus connected to a server apparatus that provides a predetermined service via a network, and stores information related to a plurality of authentication methods used for authentication when the service provided by the server apparatus is used In an information processing apparatus having storage means for
When using the service provided by the server device, a display for displaying a screen for allowing a user to input authentication information used for authentication by a preselected authentication method among the plurality of authentication methods. Procedure and
An authentication procedure for performing authentication by the one authentication method, using the authentication information input on the screen displayed by the display procedure;
Have
The authentication procedure includes:
When authentication by the one authentication method is successful, one or more other authentication methods stored in the storage unit in association with information on the one authentication method among the information on the plurality of authentication methods are respectively used. An information processing method for performing authentication by the other authentication methods. An information processing apparatus connected to a server apparatus that provides a predetermined service via a network, and stores information related to a plurality of authentication methods used for authentication when the service provided by the server apparatus is used An information processing apparatus having storage means for
When using the service provided by the server device, a display for displaying a screen for allowing a user to input authentication information used for authentication by a preselected authentication method among the plurality of authentication methods. means,
Authentication means for performing authentication by the one authentication method using authentication information input on the screen displayed by the display means;
Function as
The authentication means includes
When authentication by the one authentication method is successful, one or more other authentication methods stored in the storage unit in association with information on the one authentication method among the information on the plurality of authentication methods are respectively used. And a program for performing authentication by the other authentication methods.