JP2020181395A - Content user authentication system and content user authentication method - Google Patents

Abstract

To provide a content user authentication system and a method capable of adjusting strength of authentication and difficulty of an operation of authentication processing according to a terminal operation level of a user.SOLUTION: A content user authentication system includes a content distribution server 1 that distributes content via an open network; and an edge server 2 that distributes content via a private network. When distributing content from the content distribution server 1, authentication processing is performed based on first authentication information individual to a user. When distributing the same content from the edge server 2, authentication conditions of a user terminal are set, from an administrator terminal, to the edge server via the content distribution server 1. When there is a content distribution request to the user terminal, from the administrator terminal to the edge server 2, second authentication information is issued to the administrator terminal. The user who has acquired the second authentication information from an administrator requests distribution from the user terminal to the edge server 2 based on the second authentication information, and the edge server performs the authentication processing based on the authentication conditions.SELECTED DRAWING: Figure 1

Description

The disclosure in this specification relates to a content user authentication system and a method thereof in content distribution via a communication network.

Generally, when a web service delivers content to a specific person, the user of the delivered content is required to generate authentication information. When the user makes a browsing request based on the generated authentication information using the user terminal, the content distribution server distributes the content to the user terminal after performing personal authentication. There are various authentication methods such as so-called knowledge authentication, property authentication, biometric authentication, two-factor authentication by a combination of these, and two-step authentication.

In particular, in the case where a plurality of user terminals receive common content distribution under the control of the administrator terminal and use the content, it is necessary to protect the content and strengthen the security, while the user. It is also necessary to consider the convenience of the terminal user.

In recent years, learning using cloud computing has gradually expanded in educational settings such as schools. Educational content provided using such cloud computing includes materials and videos that are uniformly distributed to user terminals whose users are children and students, and are simply viewed, as well as children and students at school. Distribution of different content, such as content used for learning according to one's ability and progress of learning, content used for group discussion and activities, etc., individual for children and students There are various contents such as distribution of contents that reflect the data of. In particular, in order to store and view personal information of individual children and students, such as the learning status of children and students, the above-mentioned personal authentication is indispensable.

On the other hand, many communication network environments in general educational settings are undeveloped from the viewpoint of security. Furthermore, the security policy differs depending on the municipality that has jurisdiction over each school.

In addition, it is often difficult for children and students, especially in the lower grades, to apply the various authentication methods. That is, in the case of knowledge authentication, it is often difficult to memorize and input complicated authentication information (password) that increases the security level. Also, in the case of property authentication, there is a risk of losing the tool to be used, and in the case of biometric authentication, the physical characteristics change with growth, and it becomes necessary to change the authentication information each time it changes, which is complicated. There is a risk that it will end up.

For such a task, for example, when a class is selected on the teacher terminal and a lesson number including the class ID (furthermore, the teacher ID) is requested, the issued lesson number is received by the teacher terminal and a predetermined on the browser. A learning support device or the like that is displayed on a page and that a child who sees it inputs on a child terminal has been proposed (see, for example, Patent Document 1).

Further, in another prior art, when user data including group data corresponding to each of a plurality of groups and user ID data belonging to each group is transmitted to a client computer, the user selects the group data from the group data. The number of people selected by each group is counted, the accessible group is specified based on the count number, and the specified group is selected by the user from the user ID data. A user authentication system has been proposed that identifies the affiliation or non-existence of a user ID and permits access to a client computer that selects a user ID identified as a user ID belonging to the specific group (for example, Patent Document 2). reference.).

Furthermore, for children in the lower grades of elementary school who have difficulty in keyboard input, a user interface that displays the grade, group, and name by GUI is presented, and the child can log on by simply selecting the group and name to which they belong with the mouse (pointing device). A system has been proposed (see, for example, Non-Patent Document 1).

Japanese Patent No. 5966042 Japanese Patent No. 4617971

Sky Co., Ltd. homepage, news, "Integrated lesson support software" SKYMENU Pro Ver.7 "released", [Online], April 6, 2005, [Search on April 7, 2019], Internet <https: //Www.skygroup.jp/news/050406/>

All of the above-mentioned prior arts are considered to be means for solving the above-mentioned problems in terms of reducing the input load of children and students in the personal authentication process, that is, proposing simplification of authentication information. Also provides content via the open network (Internet), and by simplifying the input of authentication information, there is a risk of allowing access to an unspecified number of people, and it does not reach the security level required in educational settings. There was a problem. In addition, the structure of the prior art specializes in dealing with classes in the school, and cannot be applied in the case of homework such as homework.

In the above example, the problem of personal authentication for children and students in the lower grades has been described in the educational field, but the problem is not limited to the educational field. For example, the same problem occurs when using a web service at a study session for a plurality of elderly people. That is, it is a problem related to the authentication process when the common content is distributed by a plurality of user terminals.

The disclosure in this specification is for solving the above-mentioned problems, and the strength of authentication and the operation for authentication processing are performed according to the terminal operation level of the user who receives the content distribution using the web service. It is an object of the present invention to provide a content user authentication system and a method thereof that can freely adjust the difficulty level.

In order to achieve the above object, the content user authentication system and its authentication method according to the disclosure of this specification include a content distribution server that distributes the content to a user terminal as a server that distributes the content via an open network. In addition, an edge server that distributes via a private network is provided, and when the content is distributed from the content distribution server to the user terminal, an authentication process is performed based on the first authentication information individually set for the user. When the same content is distributed from the edge server, the authentication condition of the user terminal is transmitted from the setter terminal to the edge server via the content distribution server to be set, and the user terminal is managed. When the edge server for which the authentication conditions are set from the administrator terminal receives a request for distribution of the content to the user terminal, the second authentication information is issued to the administrator terminal, and the second authentication information is used by the administrator. When the user obtained from the user requests distribution from the user terminal to the edge server based on the second authentication information, the most important thing is to perform the authentication process based on the authentication conditions set on the edge server side. Features.

That is, the content user authentication system according to the disclosure of this specification is a content user authentication system for distributing content from a content distribution server to a user terminal via an open network.
An edge server that is communicably connected to the content distribution server via the open network and communicably connected to the user terminal via a private network is provided.
The content distribution server includes a storage unit that stores the content and a storage unit.
The first authentication information individually set for the user of the content in order to read the content requested to be distributed from the user terminal from the storage unit and distribute it to the user terminal via the open network. From the user terminal and the first authentication unit that performs a predetermined authentication process,
The first distribution unit that distributes the content requested to be distributed to the user terminal authenticated by the first authentication unit via the open network.
Along with the authentication conditions of the content distribution server, the authentication conditions for distributing the contents from the edge server to the user terminal via the private network are used by the setter who is allowed to set the authentication conditions. A setting instruction unit that receives from the setter terminal and instructs the edge server to set the authentication condition.
Have,
The edge server includes a storage unit that distributes and stores the content stored in the storage unit from the first distribution unit.
Issuance of second authentication information set to the user when the content is distributed from the administrator terminal to the user terminal in accordance with the authentication condition instructed by the setting instruction unit via the private network. The reception department that accepts requests and
The issuing unit that generates the second authentication information and issues it to the administrator terminal in response to the issuing request received by the receiving unit.
The user acquires the second authentication information from the administrator who uses the administrator terminal issued by the issuing unit, and the user terminal requests the distribution of the content together with the second authentication information. Then, the second authentication unit that performs the predetermined authentication process and
A second distribution unit that distributes the content requested for distribution to the user terminal authenticated by the first authentication unit via the private network.
It is characterized by having.

Further, the content user authentication related to the disclosure of this specification is a content user authentication method for distributing content from a content distribution server to a user terminal via an open network.
The content distribution server stores the content and distributes the same content as the content via the open network to an edge server communicably connected to the user terminal via the private network. The edge server stores the delivered content, and receives the content distribution request from the user terminal via the open network by the first authentication information individually set for the user of the user terminal. Then, the step of reading the content and performing the first authentication process and
In order to distribute the content from the edge server to the user terminal from the administrator terminal that manages the user terminal among the user terminals together with the authentication conditions of the content distribution server via the private network. And the step of instructing the edge server to set the authentication condition,
When the edge server receives the authentication condition and sets the authentication condition,
The second authentication information set for the user when the content is distributed to the user terminal from the administrator terminal via the private network to the edge server according to the set authentication conditions. Steps to accept issuance requests and
In response to the received request for issuing the second authentication information, the step of generating the second authentication information and issuing it to the administrator terminal, and
The user acquires the second authentication information issued to the administrator terminal from an administrator who uses the administrator terminal, and from the user terminal to the edge server together with the second authentication information. When the content distribution request is made, the step that the edge server performs the second authentication process and
The edge server delivers the content requested to be delivered to the user terminal via the private network, and
It is characterized by having.

According to this configuration, when a content distribution request is made to the content distribution server, the authentication process is performed by inputting the authentication information (first authentication information) set for each user, which is generally performed in the past. However, when requesting the edge server to deliver the same content, the delivery request is made using the second authentication information directly presented by the user, and the edge server performs the authentication process based on the second authentication information. It can be performed.

According to the disclosure of the present specification, the strength of authentication and the difficulty of operation for authentication processing can be freely adjusted according to the terminal operation level of the user who receives the content distribution using the web service. In personal authentication, in a situation where there is a trade-off between the magnitude of security risk and ease of operation, it is possible to select an appropriate authentication strength by achieving both the risk and ease of operation according to the user's situation. It plays the effect.

FIG. 1 is a configuration diagram of a content user authentication system according to the disclosure of the present specification. FIG. 2 is a block configuration diagram of a content distribution server and an edge server. FIG. 3 is a system diagram of login in a child / student terminal. FIG. 4 is an example of the first authentication information and the second authentication information (password) setting screen. FIG. 5 shows an example of a login screen for a child / student terminal, (A) is an example of a login screen for a content distribution server, and (B) is an example of a login screen for an edge server. 6A and 6B are examples of screen display of a content group, FIG. 6A is an example of a group setting screen of a teacher terminal, and FIG. 6B is an example of a content display screen of a child / student terminal. FIG. 7 is a sequence diagram showing a content user authentication method related to the disclosure of the present specification, (A) is a sequence diagram when logging in to a content distribution server from a child / student terminal, and (B) is an authentication. The condition setting sequence diagram (C) is a sequence diagram when logging in to the edge server from the child / student terminal.

Hereinafter, modes for implementing the systems and methods disclosed in the present specification will be described with reference to the drawings. When a subsequent embodiment has a component corresponding to the embodiment described above, the same reference numerals may be given and duplicate description may be omitted. Further, when only a part of the configuration is described in each embodiment, the reference reference numerals of the embodiments described above may be used for the other parts of the configuration. Even if it is not clearly stated that the combinations are possible in each embodiment, it is possible to partially combine the embodiments as long as the combination does not cause any trouble.

In the present embodiment, the following, the teacher and the child / student have terminals that can communicate via various networks, and the teacher is mainly the administrator, and the child / student is the user, and the content related to education is provided to each terminal. Will be described as an example of the case of delivering. However, the content user authentication system related to the disclosure of this specification is not intended to be limited to educational sites. It is applicable as long as the administrator and the user have the communicable terminal and have a form in which common contents are distributed to the user under the control of the administrator.

FIG. 1 is a configuration diagram of a content user authentication system according to the disclosure of the present specification. The content distribution server 1 is communicably connected to the edge server 2 (2A, 2B, 2C) via an open network, and is also communicably connected to the setter terminal C and the child / student terminal P. Here, the open network is a communication network to which an unspecified number of communication terminals can be connected, and typically corresponds to the Internet. In addition, the setter terminal is a terminal used by the person in charge of determining the security policy of the entire system, and corresponds to, for example, a terminal used by the principal or a local government described later. Hereinafter, in the present embodiment, the Internet 3 will be described as an example. Although not shown, the teacher terminal T is also connected to the Internet 3 in a communicable manner like the child / student terminal P. Further, in the present embodiment, the content is, for example, a digital textbook, a video teaching material, an animation teaching material, or the like that can be provided via a communication network.

The edge server 2 is communicably connected to the teacher terminal T and the child / student terminal P via a private network. Here, the private network means a network in which the connection of the unspecified number of communication terminals is refused and is not open to the outside. The private network specifically corresponds to, for example, an intranet. Hereinafter, in the present embodiment, the intranet 4 (4A, 4B) will be described as an example. Although not shown, the setter terminal C is also connected to the intranet 4 in a communicable manner like the teacher terminal T and the child / student terminal P.

The edge server 2 may be installed in units of schools, or may be installed in units of boards of education that have jurisdiction over schools in units of local governments such as prefectures and municipalities. In the present embodiment, the intranet 4A includes an edge server 2A and an edge server 2B installed in each school, and a plurality of teacher terminals T and child / student terminals communicably connected to the edge servers 2A and 2B. It is composed of P. Further, the intranet 4B is composed of an edge server 2C installed in the board of education, a plurality of teacher terminals T and a child / student terminal P communicatively connected to the edge server 2C.

Hereinafter, the configurations of the content distribution server 1 and the edge server 2 will be described with reference to FIG. The content distribution server 1 has a storage unit 11 that stores various educational contents. The first authentication unit 12 performs an authentication process in response to a distribution request for the content stored in the storage unit 11 from the child / student terminal P. The content distribution request is transmitted to the content distribution server 1 via the Internet 3. The authentication process of the first authentication unit 12 is a general authentication process, for example, authentication information composed of an ID assigned to each child / student and a password set individually to the child / student (hereinafter, "first authentication information"). ”) Is entered and it is sufficient to authenticate this. The first distribution unit 13 distributes the content requested to be distributed to the child / student terminal P that has been authenticated by the first authentication information.

On the other hand, the edge server 2 has a storage unit 21 that stores the content distributed from the first distribution unit 13 of the content distribution server 1. Therefore, the same content as the content stored in the edge server 2 is stored in the storage unit 11 of the content distribution server 1. However, the edge server 2 distributes the same content as the content distribution server 1 to the child / student terminal P by an authentication process different from the authentication process of the content distribution server 1.

The authentication conditions for content distribution stored in the edge server 2 are set in the setter terminal C and transmitted to the content distribution server 1 via the Internet 3. The content distribution server 1 that has received the authentication condition has a setting instruction unit 14 that instructs the edge server 2 to set the authentication condition.

In order to perform an authentication process different from that of the content distribution server 1, the edge server 2 uses the authentication information (hereinafter, "second authentication information") for distributing the content by the edge server 2 from the teacher terminal T via the intranet 4. The second authentication information is issued to the reception unit 22 that accepts the issuance request and the teacher terminal T that generates the second authentication information based on the issuance request and makes the issuance request via the intranet 4. It has a issuing unit 23 to be used.

The teacher who has received the issuance of the second authentication information on the teacher terminal T provides the second authentication information to the child / student. At this time, the method for the child / student to acquire the second authentication information from the teacher (Fig. 2, broken line arrow) is not limited to a specific method. For example, there are a method of acquiring by text transmission such as oral or board writing of a teacher, and a method of acquiring from a teacher terminal T by a child / student terminal P in a classroom via short-range wireless communication.

Then, when the child / student who has acquired the second authentication information requests the distribution of the content from the child / student terminal P via the intranet 4, the edge server 2 sets the content distribution server 1. It has a second authentication unit 24 that authenticates according to the authentication conditions set instructed by 14 and a second distribution unit 25 that distributes contents to the authenticated child / student terminal P via the intranet 4.

As described above, in order to instruct and set the authentication conditions of the edge server 2 for the predetermined content from the content distribution server 1, the content distribution server 1 and the edge server 2 cooperate with each other for the predetermined content. Even if the same child / student requests distribution of the same content with different authentication information (first authentication information and second authentication information) via the child / student terminal P, the desired content is distributed. be able to.

FIG. 3 is a system diagram of login in the child / student terminal P. As described above, the content distribution request from the child / student terminal P is sent to the content distribution server 1 via the Internet 3 to the system that logs in through the authentication process using the first authentication information and the edge server 2. Then, there is a system for logging in via the intranet 4 via the authentication process based on the second authentication information. However, since the latter login is not an authentication process using authentication information set uniquely to the child / student, the case of logging in using the second authentication information is hereinafter referred to as "login assist". Further, as will be described later, there is also a system in which the login to the edge server 2 is logged in via the intranet 4 by the authentication information unique to the child / student, similarly to the login to the content distribution server 1. In this case, as will be described later, in order to limit the contents that can be distributed, a process of forcibly selecting a content group is involved.

Since the content distribution request based on the first authentication information of the child / student terminal P accesses the content distribution server 1 via the Internet 3, general personal authentication is required. In the educational field described in the present embodiment, for example, when a child / student learns at home or the like, the distribution request may be requested from the child / student terminal P at home to the content distribution server 1.

On the other hand, for the content distribution request based on the second authentication information of the child / student terminal P, a simple login can be selected because the edge server 2 is accessed via the intranet 4. It may be difficult to memorize the general structure of the first authentication information, that is, the ID and password for children and lower grade students. When there is a teacher who is an administrator, as in a classroom lesson, the teacher obtains second authentication information such as a so-called master key and discloses it to all children and students in the classroom on a board. If the input is made on each child / student terminal P, the problem as in the case of requesting content distribution by the first authentication information does not occur. Specifically, the second authentication information is composed of, for example, an ID given to the teacher and a password issued by the issuing unit 23, and the child / student is given the teacher's ID and the issued password. May be input from the child / student terminal P.

As described above, the password of each child / student is excluded from the personal authentication, and the authentication by the password commonly used by the plurality of child / student terminals P is permitted. However, with the edge server 2 via the intranet 4. Since the configuration is completed by communication, security risks due to unspecified number of accesses such as content distribution requests on the Internet are eliminated.

The content distribution server 1 and the edge server 2 also have a password reset function when logging in (that is, when login assist is not used). This is a process to reset the password if you forget it.

FIG. 4 is a setting screen example CA of the authentication condition in the setter terminal C. FIG. 4A is an example of the first authentication information and the second authentication information (password) setting screen. Setting screen example CA is a setting screen of a security policy regarding a password in the present embodiment. The setting screen example CA is composed of a password setting field CA1 and a setting field CA2 for setting authentication conditions for the edge server 2 for the setting contents in the password setting field CA1. The password setting field CA1 allows the password length (number of characters), password renewal deadline, password complexity condition (selection of character type), and the like to be set numerically. Therefore, for example, the second authentication information issued by the issuing unit 23 can be set to be invalid after a predetermined period of time has elapsed. As for the password, the issuing unit 23 may generate a different password each time the issuing request is made, like a so-called one-time password.

On the other hand, the authentication condition setting field CA2 for the edge server 2 sets the suitability of the edge server 2 for the password set by the password setting field CA1. That is, in the edge server 2, the selection of whether or not to apply the security policy regarding the password set in the password setting field CA1, the selection of whether or not to enable the login assist by the teacher, the edge server 2 from the child / student terminal P When the delivery request is made directly without going through the login assist, it is possible to set whether or not to forcibly select the content group (described later). With such a configuration, it is possible to make settings based on the information security policy of the local government or school in advance, and the governance of the local government can be maintained.

As described above, the content distribution server 1 and the edge server 2 cooperate in the authentication process by receiving the authentication condition of the edge server 2 as well as the authentication condition of the content distribution server 1 from the setter terminal C to the content distribution server 1. be able to.

As described above, when the authentication conditions are set, the login screen on the child / student terminal P will be displayed to each child / student as shown in FIG. 5A when requesting the content distribution server 1 to distribute the content. The input field for the assigned login ID and the input field for the individual password are displayed. However, when requesting the edge server 2 to distribute the content using the login assist, as shown in FIG. 5 (B). , In addition to the login ID input field, there is no individual password input field, instead the teacher's ID input field and "secret password" (password that can be used any number of times within the specified period) input field are displayed. Will be done. As described above, the teacher's ID and "secret input" are disclosed to the child / student by the teacher on the board or the like, so that the child / student can use the disclosed teacher's ID and "secret" from the child / student terminal P. Since you only have to enter "secret message", the authentication process can proceed smoothly.

FIG. 6 is a screen display example of the content group. When a large amount of content is stored in the storage unit 21 of the edge server 2, it is necessary to specify the content to be distributed to the child / student terminal P and restrict the distribution of other content. For example, when the teacher content is mixed in the storage unit 21, the teacher content must not be accessible on the child / student terminal P. Hereinafter, the function of generating a content group used to restrict the distribution of specific content will be described with reference to FIG.

As shown in FIG. 6A, the name of the teacher authenticated by the authentication process is displayed in the name display field TG1 on the display screen TG of the teacher terminal T. In all the content display fields TG3, all the contents stored in the edge server 2, that is, the contents A to N are displayed in an archive. When the faculty member selects specific contents according to a predetermined purpose and groups them, each group icon is displayed in the content group display field TG2. In the grouping, for example, a new content group folder is created in the content group display field TG2, and the archive display of the content to be grouped from the content display field TG3 is put in the created content group folder. Just do it. In the present embodiment, content groups 1 to 3 are generated and displayed. The generated content group is individually given the identification information (group ID) of the content group. Since this content group can be shared among faculty members, content groups generated by other faculty members may also be displayed.

When the teacher terminal T requests the setting instruction unit 14 from the child / student terminal P to the edge server 2 without using the login assist (that is, the child / student terminal is requested by the first authentication information). (When requesting distribution individually from P), check "Forcibly select the content group" and send the authentication conditions. When the child / student terminal P requests the edge server 2 to distribute the content after the authentication condition is transmitted, the content group is assigned to the content group together with the login screen displayed in FIG. 5A or after the login screen is displayed. A field for entering unique group identification information (group ID) is displayed (not shown). At this time, the group ID constitutes the first authentication information. Therefore, in the child / student terminal P, it is necessary to input the group ID in addition to the input of the login ID and the password of the first authentication information.

FIG. 6B is a display screen PG of the child / student terminal P when the group ID is input. On the display screen PG of the child / student terminal P, the names of the children / students requested to be delivered to the edge server 2 are displayed in the name display field of the child / student in PG1. Then, in the content group display field PG2, the input content group name and group ID are displayed. In the present embodiment, the content group name is "content group 2" and the group ID is "0002". In the content display field PG3, only the content included in the content group 2 is displayed. In this embodiment, only content A, content C, and content F are displayed.

FIG. 7 is a sequence diagram showing a content user authentication method according to the disclosure of the present specification. First, a method for logging in to the content distribution server 1 from the child / student terminal P will be described with reference to FIG. 7A.

When a login request (distribution request) is made from the child / student terminal P to the content distribution server 1 via the Internet 3 (S1), the content distribution server 1 performs an authentication process (first authentication process) to authenticate (1st authentication process). S2), the content is distributed (S3). At this time, the first authentication information is transmitted from the child / student terminal P at the time of the login request S1.

The content distribution server 1 stores the content in advance, and distributes the same content as the content to the edge server 2 which is communicably connected to the child / student terminal P via the intranet 4 via the Internet 3. , The edge server 2 stores the delivered content (not shown).

Next, the authentication condition setting method will be described with reference to FIG. 7B.

The content distribution server 1 accepts the authentication conditions for distributing the content from the setter terminal C to the child / student terminal P from the edge server 2 via the intranet 4 (S11), and accepts the content to the edge server 2. Instruct the setting of the authentication condition (S12). The edge server 2 that has received the instruction for setting the authentication condition sets the authentication condition (S13). By setting the authentication conditions of the edge server 2, for example, during class, the content can be distributed to the child / student terminal P via the edge server 2 at the selection of the teacher.

Next, a method of logging in to the edge server 2 from the child / student terminal P will be described with reference to FIG. 7B.

The second authentication information set for the child / student when the content is delivered from the teacher terminal T to the edge server 2 via the intranet 4 according to the set authentication condition to the child / student terminal P. Upon receiving the issuance request (S21), the edge server 2 generates the second authentication information in response to the received second authentication information issuance request and issues the second authentication information to the teacher terminal T via the intranet 4 (S22). ).

The child / student acquires the second authentication information issued to the teacher terminal T from the teacher who uses the teacher terminal T (S23), and the edge server from the child / student terminal P used by the acquired child / student. When a login request (delivery request) for the content is made to 2 together with the second authentication information (S24), the edge server 2 performs the second authentication process (S25). There are various methods for the child / student to obtain the second authentication information from the teacher, such as oral, board writing, and short-range wireless notification, and the method is not particularly limited.

When the edge server 2 completes the second authentication process, the edge server 2 distributes the content requested to be distributed to the child / student terminal P via the intranet 4 (S26).

The techniques disclosed herein are not limited to the embodiments. That is, it includes the embodiments shown exemplifiedly and the modifications by those skilled in the art based on them. It also includes the replacement or combination of elements between one embodiment and the other. Furthermore, the technical scope disclosed is not limited to the description of the embodiments. The technical scope disclosed is indicated by the description of the scope of claims, and further includes all modifications within the meaning and scope equivalent to the description of the scope of claims.

1 Content distribution server 2 Edge server 3 Internet 4 Intranet 11 Storage unit 12 1st authentication unit 13 1st distribution unit 14 Setting instruction unit 21 Storage unit 22 Reception unit 23 Issuing department 24 2nd authentication department 25 2nd distribution department T Teacher terminal P child / student terminal

Claims (7)

It is a content user authentication system for distributing content from a content distribution server to a user terminal via an open network.
An edge server that is communicably connected to the content distribution server via the open network and communicably connected to the user terminal via a private network is provided.
The content distribution server includes a storage unit that stores the content and a storage unit.
The first authentication information individually set for the user of the content in order to read the content requested to be distributed from the user terminal from the storage unit and distribute it to the user terminal via the open network. From the user terminal and the first authentication unit that performs a predetermined authentication process,
The first distribution unit that distributes the content requested to be distributed to the user terminal authenticated by the first authentication unit via the open network.
Along with the authentication conditions of the content distribution server, the authentication conditions for distributing the contents from the edge server to the user terminal via the private network are used by the setter who is allowed to set the authentication conditions. A setting instruction unit that receives from the setter terminal and instructs the edge server to set the authentication condition.
Have,
The edge server includes a storage unit that distributes and stores the content stored in the storage unit from the first distribution unit.
When the content is distributed from the administrator terminal that manages the user terminal to the user terminal in accordance with the authentication condition instructed by the setting instruction unit via the private network among the user terminals. The reception unit that accepts the issuance request of the second authentication information set for the user, and
The issuing unit that generates the second authentication information and issues it to the administrator terminal in response to the issuing request received by the receiving unit.
The user acquires the second authentication information from the administrator who uses the administrator terminal issued by the issuing unit, and the user terminal requests the distribution of the content together with the second authentication information. Then, the second authentication unit that performs the predetermined authentication process and
A second distribution unit that distributes the content requested for distribution to the user terminal authenticated by the first authentication unit via the private network.
A content user authentication system characterized by having. The content user according to claim 1, wherein a plurality of the user terminals managed by the administrator terminal exist, and the second authentication information is commonly used by the plurality of the user terminals. Authentication system. The content user authentication system according to claim 1 or 2, wherein the issuing unit generates different second authentication information each time the issuance request is made. The content according to any one of claims 1 to 3, wherein the second authentication information issued by the issuing unit is set to be invalid after a lapse of a predetermined period of time. User authentication system. The second authentication information is composed of a password issued by the issuing unit and an ID given to the administrator, and the second authentication information is claimed according to claim 1, wherein the password is issued by the issuing unit. The content user authentication system according to any one of items up to item 4. When the setting instruction unit receives the authentication condition including the group condition for grouping the predetermined content into one group from the administrator terminal, the setting instruction unit configures the first authentication information in the group. When a unique group identification information is given and a distribution request is made from the user terminal by the first authentication information, the second authentication unit performs an authentication process for distributing only the distribution of the content included in the group. The content user authentication system according to any one of claims 1 to 5, wherein only the content included in the group is distributed from the second distribution unit. It is a content user authentication method for distributing content from a content distribution server to a user terminal via an open network.
The content distribution server stores the content and distributes the same content as the content via the open network to an edge server communicably connected to the user terminal via the private network. The edge server stores the delivered content, and receives the content distribution request from the user terminal via the open network by the first authentication information individually set for the user of the user terminal. Then, the step of reading the content and performing the first authentication process and
The authentication condition for distributing the content from the edge server to the user terminal via the private network is received from the setter terminal used by the setter who is allowed to set the authentication condition, and the above The step of instructing the edge server to set the authentication conditions, and
When the edge server receives the authentication condition and sets the authentication condition,
Along with the authentication conditions of the content distribution server, among the user terminals, the administrator terminal that manages the user terminals sends the edge server to the edge server via the private network according to the set authentication conditions. A step of accepting a request for issuing a second authentication information set for the user when delivering the content to the user terminal, and
In response to the received request for issuing the second authentication information, the step of generating the second authentication information and issuing it to the administrator terminal, and
The user acquires the second authentication information issued to the administrator terminal from an administrator who uses the administrator terminal, and from the user terminal to the edge server together with the second authentication information. When the content distribution request is made, the step that the edge server performs the second authentication process and
The edge server delivers the content requested to be delivered to the user terminal via the private network, and
A content user authentication method characterized by having.

Images