JP4650368B2 - Client server connection system, client server connection method, connection server, and program - Google Patents

Description

  The present invention relates to a client server connection system, a client server connection method, a connection server, and a program, and more particularly to a technique for connecting a client terminal installed in a shared facility that can be used by a plurality of organizations / organizations to a server.

  With the background of recent social circumstances, the use of part-timers, the use of outsourcing, and collaboration with a wide variety of companies have progressed further than ever for the purpose of operational efficiency. Opportunities to work are increasing and the personnel accessing the information system are becoming more complex. In addition, organizations such as companies are repeatedly merged and divided, making the configuration and management of information systems more complex. Under such circumstances, sharing and coexistence among many organizations / organizations has become frequent. Furthermore, there are high expectations for the realization of a ubiquitous society such as telecommuting and teleworking, and the use of information systems and the use of work places are becoming increasingly complex.

  On the other hand, there is a growing demand for improved security for information systems, mainly for personal information protection, and a more robust information system is required. Thin client terminals are highly regarded for their high information security and easy operation management compared to personal computers (hereinafter referred to as PCs), and have recently attracted a great deal of attention mainly by organizations and companies that emphasize information security. The introduction is progressing. There have been many requests for installing PCs in shared facilities such as conference rooms and shared work places, but there are concerns about operational efforts, management and security, and there are many cases where hesitated to introduce them. It was. Thin client terminals are also expected to be used at shared facilities as a means of resolving such anxiety.

  For example, a conventional thin client system in which a thin client terminal is installed in a shared facility has a configuration in which the thin client terminal is connected to a thin client server of company A and a thin client server of company B via a network. In this configuration, the employees of Company A and Company B share a thin client terminal and connect to the Thin Client Server of Company A or the Thin Client Server of Company B to download data on the thin client server. Various services can be received by executing applications, and services equivalent to those at Company A or Company B can be received.

  Accordingly, it is not necessary to bring a PC or a storage medium into the shared facility, and it is not necessary to prepare or clean up the PC, such as installation, removal, or network installation. In addition, there is no need to take out a PC or storage medium storing confidential information of each company outside the company (shared facility), and there is no risk of information leakage due to the loss of the PC or storage medium, so that the environment can be used safely.

  Now, users such as employees of Company A and Company B need to connect to their own thin client server when using the thin client terminal. Therefore, when using the thin client terminal, the user must first perform a connection operation to his / her thin client server. As a connection operation method, for example, there is a method in which the user inputs the network address (for example, IP address) of the connection destination of the company's thin client server, but the network address has a large number of digits and the user cannot easily memorize it. In addition, the operation is easy to make mistakes and troublesome.

  In order to facilitate the input operation, for example, the invention disclosed in Japanese Patent Application Laid-Open No. 2002-318788 stores server connection information in a storage medium such as an IC card and attaches the storage medium to the thin client terminal. The connection information is read and connected to the server, and when the storage medium is removed from the thin client terminal, the connection information is automatically deleted.

JP 2002-318788 A

  However, although the connection method of the invention of Japanese Patent Laid-Open No. 2002-318788 can facilitate the connection operation, it is necessary for each company to unify the card information format at a certain level. Issuing is not desirable from a security standpoint. In addition, it is expected that there will be great difficulty in unifying in practice. Such a problem exists not only in a thin client system but also in a general client server system.

  An object of the present invention is to provide a client server connection system, a client server connection method, a connection server, and a program that solve the above-described conventional problems. Therefore, the present invention provides a connection server that provides connection information for connecting a client terminal to a desired server as an alternative to a storage medium such as an IC card that stores connection information to the server. .

A first client-server connection system of the present invention connects a client terminal and a plurality of servers providing services and a connection server via a network,
The client terminal connects to the desired server with reference to a connection table held by the connection server that associates server identification information with server connection information necessary for connecting to the server.

The second client-server connection system of the present invention is a client-server connection system in which a client terminal installed in a shared facility and a plurality of servers that connect to the client terminal and provide services are connected via a network.
Connecting a connection server having a connection table associating server identification information for identifying the server with server connection information necessary for connecting to the server to the network;
When the connection server receives the server identification information from the client terminal, the server connection information is read from the connection table according to the received server identification information, and returned.
The client terminal is connected to the server using the received server connection information.

  According to a third client-server connection system of the present invention, in the second client-server connection system of the present invention, the connection server has a user table that associates user identification information for identifying a user with the server identification information. When the user identification information is received from the client terminal in addition to the server identification information, the user table is searched with the received server identification information and user identification information, and the received server identification information and user identification information are If it is registered in the user table, it is determined that the authentication is successful, and corresponding server connection information is read from the connection table and returned.

According to a fourth client-server connection system of the present invention, in the second client-server connection system of the present invention, a plurality of authentication servers having user identification information for identifying a user and a user table for associating the server identification information. Connect to the network in association with each server,
The connection table holds an entry that associates authentication server connection information necessary for connecting to the authentication server in addition to server identification information and server connection information,
When receiving the user identification information in addition to the server identification information from the client terminal, the connection server reads the corresponding authentication server connection information from the connection table according to the received server identification information, and receives the received user identification information. Forward to the authentication server,
The authentication server returns authentication success if the received user identification information is registered in the user table,
The connection server reads out the corresponding server connection information from the connection table according to the server identification information received only when the authentication success is received, and returns it.

A fifth client-server connection system according to the present invention is the second client-server connection system according to the present invention, wherein the server identification information and the user are identified from a portable storage medium installed in the shared facility and possessed by the user. Connecting an entry / exit reader for reading the user identification information to the network,
The entrance / exit reader reads the server identification information and the user identification information from the portable storage medium when an entry procedure operation is performed, sends the entry procedure request to the connection server,
When the connection server receives the admission procedure request, it registers an entry in which the facility code is added to the received server identification information and user identification information in the entrance / exit table,
When receiving the user identification information in addition to the server identification information from the client terminal, refer to whether the entry including the received server identification information, the user identification information and the facility code of the transmission source is registered in the entrance / exit table, If registered, the server connection information is read from the connection table according to the received server identification information and returned.

A sixth client-server connection system of the present invention is the second client-server connection system of the present invention, which reads server identification information and user identification information from a portable storage medium installed in the shared facility and possessed by the user. Connect the entry / exit reader to the network,
The entrance / exit reader reads the server identification information and the user identification information from the portable storage medium when an entry procedure operation is performed, sends the entry procedure request to the connection server,
The connection server has a terminal table that holds an entry including a network code of the client terminal or the entrance / exit leader and a facility code for identifying the shared facility,
Upon receiving an admission procedure request, the facility code of the entry / exit server is read from the terminal table, an entry including the read facility code, the received server identification information and user identification information is created and registered in the entry / exit table,
When user identification information is received from the client terminal in addition to server identification information, the facility code of the client terminal of the transmission source is read from the terminal table, and includes the read facility code, the received server identification information, and user identification information Only when the entry is registered in the entry / exit table, corresponding server connection information is read from the connection table by the received server identification information and returned.

According to a seventh client-server connection system of the present invention, in the second client-server connection system of the present invention, the client terminal receives media data from a portable storage medium storing server identification information in a storage format different for each server. Having a reader to read, and when the reader reads the medium data from the portable storage medium, it transmits to the connection server;
The connection server has an extraction routine for extracting server identification information from the medium data for each storage format. When the medium data is received, the connection server sequentially executes the extraction routine, and the server identification information is obtained by executing the extraction routine corresponding to the storage format. The server connection information is extracted and the corresponding server connection information is read out from the connection table according to the extracted server identification information and returned.

An eighth client-server connection system of the present invention is a client-server connection system in which a client terminal installed in a shared facility and a plurality of servers that connect to the client terminal and provide services are connected via a network.
A connection table that associates server identification information for identifying the server and server connection information necessary for connecting to the server, a network address of each client terminal, server identification information, and the client terminal connected to the server Connecting a connection server having a terminal table holding an entry including a flag indicating that the network is in the network;
When the connection server receives server identification information from the client terminal, the server connection information is read from the connection table according to the received server identification information and returned, and the flag of the terminal table is turned on and received in the terminal table. Register server identification information,
When the client terminal uses the received server connection information to connect to the server, determines that the connection with the server has been canceled, transmits a flag-off instruction to the connection server, and detects a power-off operation Send a power off notification to
The connection server turns off the flag of the terminal table when receiving a flag off instruction, refers to the terminal table when receiving a power-off notification, and connects with the server identification information registered in the terminal table when the flag is on The server connection information is read with reference to the table, and the logoff request of the client terminal is transmitted to the corresponding server.

  According to a ninth client-server connection system of the present invention, in the eighth client-server connection system of the present invention, the client terminal has a reader for reading server identification information from a portable storage medium, and the reader is a portable storage device. When server identification information is read from the medium, the server identification information is transmitted to the connection server, and a flag off instruction is transmitted to the connection server upon receiving a notification from the reader that the portable storage medium has been removed.

A first client-server connection method of the present invention connects a client terminal and a plurality of servers providing services and a connection server via a network,
The client terminal connects to the desired server with reference to a connection table held by the connection server that associates server identification information with server connection information necessary for connecting to the server.

A second client-server connection method of the present invention is a client-server connection method in which a client terminal installed in a shared facility and a plurality of servers that connect to the client terminal and provide services are connected via a network.
Connecting a connection server having a connection table associating server identification information for identifying the server with server connection information necessary for connecting to the server to the network;
When the connection server receives the server identification information from the client terminal, the server connection information is read from the connection table according to the received server identification information, and returned.
The client terminal is connected to the server using the received server connection information.

  A third client-server connection method of the present invention is the second client-server connection method of the present invention, wherein the connection server has a user table for associating user identification information for identifying a user with the server identification information. When the user identification information is received from the client terminal in addition to the server identification information, the user table is searched with the received server identification information and user identification information, and the received server identification information and user identification information are If it is registered in the user table, it is determined that the authentication is successful, and corresponding server connection information is read from the connection table and returned.

A fourth client server connection method of the present invention is the second client server connection method of the present invention, wherein the server identification information and the user are identified from a portable storage medium installed in the shared facility and possessed by the user. Connecting an entry / exit reader for reading the user identification information to the network,
The entrance / exit reader reads the server identification information and the user identification information from the portable storage medium when an entry procedure operation is performed, sends the entry procedure request to the connection server,
When the connection server receives the admission procedure request, it registers an entry in which the facility code is added to the received server identification information and user identification information in the entrance / exit table,
When receiving the user identification information in addition to the server identification information from the client terminal, refer to whether the entry including the received server identification information, the user identification information and the facility code of the transmission source is registered in the entrance / exit table, If registered, the server connection information is read from the connection table according to the received server identification information and returned.

According to a fifth client-server connection method of the present invention, in the second client-server connection method of the present invention, the client terminal receives media data from a portable storage medium that stores server identification information in a different storage format for each server. Having a reader to read, and when the reader reads the medium data from the portable storage medium, it transmits to the connection server;
The connection server has an extraction routine for extracting server identification information from the medium data for each storage format. When the medium data is received, the connection server sequentially executes the extraction routine, and the server identification information is obtained by executing the extraction routine corresponding to the storage format. The server connection information is extracted and the corresponding server connection information is read out from the connection table according to the extracted server identification information and returned.

A sixth client-server connection method of the present invention is a client-server connection method in which a client terminal installed in a common facility and a plurality of servers that connect to the client terminal and provide services are connected via a network.
A connection table that associates server identification information for identifying the server and server connection information necessary for connecting to the server, a network address of each client terminal, server identification information, and the client terminal connected to the server Connecting a connection server having a terminal table holding an entry including a flag indicating that the network is in the network;
When the connection server receives server identification information from the client terminal, the server connection information is read from the connection table according to the received server identification information and returned, and the flag of the terminal table is turned on and received in the terminal table. Register server identification information,
When the client terminal uses the received server connection information to connect to the server, determines that the connection with the server has been canceled, transmits a flag-off instruction to the connection server, and detects a power-off operation Send a power off notification to
The connection server turns off the flag of the terminal table when receiving a flag off instruction, refers to the terminal table when receiving a power-off notification, and connects with the server identification information registered in the terminal table when the flag is on The server connection information is read with reference to the table, and the logoff request of the client terminal is transmitted to the corresponding server.

The first connection server of the present invention is connected to a client terminal installed in a common facility and a plurality of servers connected to the client terminal and providing a service through a network,
A connection table for associating server identification information for identifying the server and server connection information necessary for connecting to the server;
When server identification information is received from the client terminal, the corresponding server connection information is read from the connection table according to the received server identification information and returned, and the server connection information transmitted to the client terminal is used to connect to the server. It is characterized by.

  The second connection server of the present invention has a user table for associating user identification information for identifying a user with the server identification information in the first connection server of the present invention, and server identification information from the client terminal. In addition to receiving user identification information, the user table is referred to by the received server identification information and user identification information, and the received server identification information and user identification information are registered in the user table. For example, it is determined that authentication is successful, and the corresponding server connection information is read from the connection table and returned.

According to a third connection server of the present invention, in the first connection server of the present invention, server identification information and user identification information for identifying a user are stored in a portable storage medium installed in the shared facility and possessed by the user. When an entry procedure request including server identification information and user identification information is received from an entry / exit reader to be read, an entry obtained by adding the facility code of the transmission source to the received server identification information and user identification information is registered in the entry / exit table,
When receiving the user identification information in addition to the server identification information from the client terminal, refer to whether the entry including the received server identification information, the user identification information and the facility code of the transmission source is registered in the entrance / exit table, If registered, the server connection information is read from the connection table according to the received server identification information and returned.

According to a fourth connection server of the present invention, in the first connection server of the present invention, the server identification information is extracted from the medium data read from the portable storage medium storing the server identification information in a different storage format for each server. An extraction routine for each storage format;
When the medium data is received from the client terminal, the extraction routine is executed in order, server identification information is extracted by executing the extraction routine corresponding to the storage format, and the server corresponding to the connection table is extracted by the extracted server identification information. The connection information is read and returned.

The fifth connection server of the present invention is connected to a client terminal installed in a common facility and a plurality of servers connected to the client terminal and providing a service through a network,
A connection table that associates server identification information for identifying the server and server connection information necessary for connecting to the server, a network address of each client terminal, server identification information, and the client terminal connected to the server A terminal table holding an entry including a flag indicating that
When server identification information is received from the client terminal, the corresponding server connection information is read out from the connection table according to the received server identification information and returned, and the terminal table flag is turned on and the received server identification information is registered in the terminal table. And
When receiving a flag off instruction transmitted when it is determined that the connection with the server has been canceled from the client terminal, the flag of the terminal table is turned off,
When receiving a power-off notification transmitted when a power-off operation is detected from the client terminal, the terminal table is referred to, and when the flag is on, the connection table is referred to by server identification information registered in the terminal table. The server connection information is read out and a logoff request of the client terminal is transmitted to the corresponding server.

  When the first program of the present invention receives server identification information for identifying a server that provides services by connecting to the client terminal from a client terminal installed in a shared facility and user identification information for identifying a user, A procedure for referring to whether or not the received server identification information and user identification information are registered in the user table for associating the server identification information with the user identification information, and the received server identification information and user identification information are the user If it is registered in the table, it is judged that the authentication is successful, and the computer executes a procedure for reading the server connection information from the connection table that associates the server identification information with the server connection information necessary for connecting to the server and returning it to the computer. Let

The second program of the present invention uses server identification information for identifying a server that provides services by connecting to a client terminal installed in a shared facility and user identification information for identifying a user. A procedure for registering in the entry / exit table an entry obtained by adding the facility code of the transmission source to the received server identification information and user identification information when received from the entry / exit reader read from the portable storage medium possessed by the user;
Upon receiving server identification information and user identification information from the client terminal, a procedure for referring to whether an entry including the received server identification information, user identification information, and a facility code of a transmission source is registered in the entry / exit table; If registered, based on the received server identification information, the server executes the procedure of reading the server connection information from the connection table that associates the server identification information with the server connection information necessary for connecting to the server and returning it to the computer. Let

The third program of the present invention extracts server identification information from data in a portable storage medium that stores server identification information in a different storage format for each server that provides services by connecting to a client terminal installed in a shared facility. An extraction routine for each storage format,
When media data stored in a portable storage medium is received from the client terminal, a procedure for sequentially executing the extraction routine, a procedure for extracting server identification information by executing an extraction routine corresponding to the storage format, and extraction The computer executes a procedure of referring to a connection table associating server identification information with server connection information necessary for connecting to the server based on the server identification information, and reading out and returning the corresponding server connection information.

When the fourth program of the present invention receives server identification information for identifying a server that provides services by connecting to the client terminal from a client terminal installed in a shared facility, the server identification information is obtained from the received server identification information. The server connection information associated with the server and the server connection information necessary for connecting to the server is referred to, the corresponding server connection information is read and returned, and the network address of each client terminal, server identification information, and the client terminal are A procedure for registering the received server identification information with the flag turned on for a terminal table holding an entry including a flag indicating that the server is connected;
A procedure for turning off the flag of the terminal table upon receiving a flag off instruction transmitted when it is determined that the connection with the server has been canceled from the client terminal;
When receiving a power-off notification transmitted when a power-off operation is detected from the client terminal, the terminal table is referred to, and when the flag is on, the connection table is referred to by server identification information registered in the terminal table. To read server connection information,
And causing the computer to execute a procedure for transmitting a logoff request of the client terminal to the corresponding server.

  As described above, according to the present invention, by providing a connection server that provides connection destination information when connecting to a desired server from a terminal shared by users of a plurality of independent organizations / organizations, There is an effect that a high client-server connection system can be easily constructed.

Next, the best mode for carrying out the present invention will be described in detail with reference to the drawings.
FIG. 1 is a block diagram showing the configuration of the first embodiment of the present invention. Referring to FIG. 1, the configuration of the first embodiment of the present invention includes a thin client terminal 10 and an entrance / exit reader 15 installed in a common facility, a thin client server 20 and an authentication server 40 installed in each company facility. The server includes a connection server 30 that supports connection from the thin client terminal 10 to the thin client server 20 of the corresponding company facility, and a LAN (local area network) 19 and a WAN 29 (wide area network) that are networks for connecting these servers.

  Although FIG. 1 shows a thin client system as an example of a server client system, the application of the present invention is not limited to a thin client system. The thin client terminal 10 is a normal client terminal, and the thin client server 20 is a normal client terminal. The present invention can be realized even if it is replaced with a server.

  In FIG. 1, two clients, the thin client terminal 10-1 and the thin client terminal 10-2, are shown as the thin client terminal 10 when it is not necessary to distinguish between them. Similarly, a plurality of thin client servers 20, connection servers 30, authentication servers 40, and the like are included, but are described similarly. For example, the thin client server 20 is described when the thin client server 20A and the thin client server 20B are not distinguished.

  Here, the shared facility is a facility in which users belonging to different organizations are mixed and use the thin client terminal 10, for example, a conference room attending at the same time, a shared office, a meeting place, or the like. In the following, we will explain the company as an example of an organization. In this common facility, one or more thin client terminals 10 are installed, and an entrance / exit leader 15 may be further installed. In FIG. 1, in the shared facility Z, a thin client terminal 10-1 and a thin client terminal 10-2 are installed, and an entrance / exit leader 15 is also installed. However, the present invention can also be applied to a configuration in which the entrance / exit leader 15 is not installed.

  The thin client server 20 and the authentication server 40 are installed in the facilities of each company, and the authentication server 40 is used when performing pre-authentication before connection (the following connection procedure 2). In FIG. 1, a thin client server 20A and an authentication server 40A are installed in the company A facility, and a thin client server 20B and an authentication server 40B are installed in the company B facility.

  The LAN 19 is a network that is installed in each shared facility and connects the thin client terminal 10, the entrance / exit reader 15, and the connection server 30 in the shared facility. The connection server 30 is installed in the shared facility or in the vicinity thereof and is connected to the LAN 19, but can be configured to connect via the WAN 29. The WAN 29 is a wide-area network that connects devices in each shared facility and devices in each company facility at a remote location, and can also be realized on the Internet.

  The thin client terminal 10 is a terminal in which processing functions mounted on itself are reduced by connecting the thin client server 20 via a network and causing the thin client server 20 to execute various applications. Although not shown, the thin client terminal 10 includes a storage unit that stores a program and data for thin client processing, a central processing unit (CPU) that executes the program for thin client processing, and a communication unit that connects to the LAN 19.

  The thin client terminal 10 is realized by a terminal processing unit 11 that is realized by a program for thin client processing and controls the thin client terminal 10, and an input device such as a keyboard and a mouse for a user to operate the thin client terminal 10. The input unit 12 includes a display unit 13 for displaying a processing result and an input screen, and a reader 14. The input unit 12, the display unit 13, and the reader 14 are controlled by the terminal processing unit 11. . Details of the operation of the terminal processing unit 11 will be described in the operation description described below. The reader 14 will be described in the operation description of the connection procedure 4 described later.

  The entry / exit reader 15 is a device having a function of reading information for identifying a user entering and leaving and transmitting the information to the connection server 30, for example, user information possessed by the user (company code of server identification information described later) User information is read from a portable storage medium such as an IC card storing a personal code of the user identification information), a storage medium connectable to a specific bus, or an RFID (radio frequency identification) tag. It is a device that transmits. Although not shown, the entrance / exit reader 15 has a storage means, stores the network address of the connection server 30 of the transmission destination in the storage means, and may further store the facility code in which it is installed.

  The thin client server 20 is a system composed of an information processing device or a plurality of information processing devices installed in a facility (company facility in FIG. 1) of each organization or organization, and is connected to the thin client terminal 10 to be a thin client. It has a function of executing an application in accordance with a request from the terminal 10. Although not shown, the thin client server 20 includes a server processing program for thin client processing and storage means for storing data, a CPU for executing the server processing program, and communication means for connecting to the WAN 29.

  The thin client server 20 includes a server processing unit 21 that executes a server processing program for thin client processing, and an AP unit 22 that stores one or more applications (AP) that provide services. Details of the operation of the server processing unit 21 will be described in the operation description described below.

  Although not shown, the connection server 30 is an information processing apparatus having a storage means for storing programs and data, a CPU for executing the programs, and a communication means for connecting to the LAN 19, and is installed in the vicinity of the common facility. It is also possible to install a communication means for connecting to the remote location of the common facility.

  The connection server 30 includes a connection processing unit 31, a connection table 32, a terminal table 33, an entry / exit table 34, and an extraction routine unit 35. The connection processing unit 31 and the extraction routine unit 35 are realized by a program, stored in the storage unit of the connection server 30, and executed by the CPU of the connection server 30. The connection table 32, the entry / exit table 34, and the terminal table 33 are stored in the storage unit of the connection server 30.

  FIG. 2 is a diagram showing an example of the connection table 32. The connection table 32 has an entry for each thin client server 20 that is a connection destination of the thin client terminal 10. The entry is used to connect the company code as server identification information for identifying the thin client server 20 and the thin client server 20. Server connection information includes a thin client server address which is the address of the WAN 29.

  Further, in the configuration in which the authentication server 40 is connected, the entry includes an authentication server address that is an address of the WAN 29 as connection information necessary for connecting to the authentication server 40 of each company facility. In FIG. 2, the entry of the company A facility's thin client server 20A registers “company A code” as the company code, “IP address A1” as the thin client server address, and “IP address A2” as the authentication server address. ing.

  In the configuration of the present invention, it is assumed that there is one thin client server 20 installed in each company. However, if there are two or more thin client servers 20 in one company, a company code corresponding to the thin client server 20 is provided. Should be set. For example, when one department of one company uses the company A facility and the other department uses the company B facility, the company code may be defined separately for each department. In the example of FIG. 2, the WAN 29 is a network that defines an IP address as an address. However, the address is not limited to an IP address. For example, when the WAN 29 is a telephone line, a telephone number may be used as the thin client server address.

  The IP address has 12 digits in decimal notation (10 digits even if it is a phone number), and it is not easy for users to memorize or enter it, but the company code is 4 digits (even 10,000 numbers can be used for numbers) If it can be distinguished and more characters can be identified by adding characters), the user can easily memorize and input operation. Further, since the user does not need to input or carry the address of the thin client server 20, the risk of leakage of the address of the thin client server 20 is reduced.

  FIG. 3 is a diagram showing an example of the terminal table 33. FIG. 3 shows a configuration in which the connection servers 30 are collectively combined and connected to the WAN 29, and a second embodiment of the present invention described later corresponds to this. In the configuration in which the connection server 30 is connected to the LAN 19 as shown in FIG. 1, each terminal table 33 holds only the entry of the facility code of the shared facility connected to the LAN 19 to which each connection server 30 is connected. For example, in the terminal table 33 of the first embodiment, the “facility code Z” entry and the “facility code Y” entry are divided and stored in the terminal table 33 of each connection server 30.

  The terminal table 33 is a table for managing the relationship between the thin client terminal 10 and the common facility and the connection state of the thin client terminal 10, and each entry includes a thin client terminal address and a facility code. The connection flag is a flag indicating whether or not the thin client terminal 10 is connected to the thin client server 20. The entrance / exit leader 15 can also be registered and managed in the same manner as the thin client terminal 10. For example, in the entry of the thin client terminal 10-1, the thin client terminal address is registered as “thin client terminal 10-1 address” and the facility code is registered as “facility Z”, and the connection flag is updated by the connection processing unit 31 according to the state. Is done.

  FIG. 4 shows an example of the entry / exit table 34. FIG. 4 shows a configuration when the connection servers 30 are collectively connected to the WAN 29, and a second embodiment of the present invention to be described later also corresponds to this. In the configuration in which the connection server 30 is connected to the LAN 19 as shown in FIG. 1, each entry / exit table 34 holds only the entry of the facility code of the shared facility connected to the LAN 19 to which each connection server 30 is connected. For example, in the entrance / exit table 34 of the first embodiment, the “facility code Z” entry and the “facility code Y” entry are divided and stored in the entrance / exit table 34 of each connection server 30.

  The entrance / exit table 34 is a table for registering users who are entering the common facility. The entrance / exit table 34 is registered when the user enters, and is deleted when the user leaves. The entry of the entrance / exit table 34 includes a facility code for identifying a shared facility, a company code, and a personal code as user identification information for identifying a user within the company. For example, the facility Z is registered with the facility code “facility Z”, the company code “A company code”, the personal code “101010” and “101011”, and the company code “B company code”. It shows that three members of one person whose personal code is “202020” are entering.

  The extraction routine unit 35 is a program prepared for the thin client terminal 10 to extract a company code from an identification storage medium unique to each company. The extraction routine unit 35 corresponds to the type of storage medium, the storage format, and the encryption method employed. Remembered. The connection processing unit 31 has a function of controlling the operation of the connection server 30, and controls registration and change of the connection table 32, the entry / exit table 34, and the terminal table 33. Detailed operation contents are described in the operation description.

  The authentication server 40 is a system composed of an information processing apparatus or a plurality of information processing apparatuses installed in each company facility, and performs authentication prior to connection between the thin client terminal 10 and the thin client server 20. Although not shown, the authentication server 40 includes a storage unit that stores a program and data, a CPU that executes the program, and a communication unit that connects to the WAN 29.

  The authentication server 40 includes an authentication processing unit 41 and a user table 42 that are realized by a program that executes authentication processing. The operation content of the authentication processing unit 41 describes the operation description. FIG. 5 is a diagram showing an example of the user table 42. The entry of the user table 42 includes a company code and a personal code, and further includes an authentication password, biometric information, and an authentication certificate (not shown) as necessary. The biometric information is, for example, feature data of each individual's fingerprint registered for authentication, and other physical feature data such as palm print or iris. Information uniquely defined for each company may be registered as the password and the biometric information. FIG. 5 shows the registration contents of the authentication server 40A of company A, and both password and fingerprint information are registered.

  Next, the operation of the first exemplary embodiment of the present invention will be described with reference to the drawings. FIG. 6 is a flowchart showing a basic connection procedure 1 for connecting the thin client terminal 10 to the thin client server 20 with reference to the connection table 32. FIG. 7 is a flowchart showing a connection procedure with authentication for connecting the thin client terminal 10 to the thin client server 20 with reference to the user table 42 in addition to the connection table 32. FIG. 8 is a flowchart showing a connection procedure with authentication and admission confirmation for connecting the thin client terminal 10 to the thin client server 20 with reference to the entry / exit table 34 and the terminal table 33 in addition to the connection table 32 and the user table 42. It is.

(1) Description of Operation of Connection Procedure 1 First, the operation of the basic connection procedure 1 will be described with reference to FIG. In this procedure, the authentication server 40 and the entrance / exit table 34 are not used. When a user who enters the shared facility turns on the thin client terminal 10, the thin client terminal 10 starts up and the terminal processing unit 11 is activated. The terminal processing unit 11 displays a startup screen (not shown) stored in advance in the storage unit of the thin client terminal 10 on the display unit 13. The terminal processing unit 11 displays a message “Please enter company code” on the startup screen and a prompt in the BOX to prompt the user to enter the company code. The user operates the input unit 12 to input the company code that is secretly managed from the startup screen.

  When the company code is input to the startup screen, the terminal processing unit 11 attaches the input company code to the connection request and transmits it to the connection server 30 (S61). The address of the connection server 30 is stored in advance in the storage unit of the thin client terminal 10, and the terminal processing unit 11 controls the communication unit to instruct the transmission of the company code to this address, whereby the company code is transmitted via the LAN 19. To the connection server 30.

  When receiving the company code, the connection processing unit 31 of the connection server 30 refers to the connection table 32 using the received company code as a key, and acquires and returns a thin client server address that is connection destination information of the corresponding thin client server 20. Further, the address of the transmission source thin client terminal 10 is extracted from the received data, the terminal table 33 is referenced, the connection flag of the corresponding entry is set to “ON”, and the company code to be connected is registered (S62). However, if the registration of the received company code is not confirmed as a result of the reference, the connection processing unit 31 returns a notification of connection failure.

  In the LAN 19 and the WAN 29, when transmitting data, the destination address and the source address are transmitted together with the transmission data. For example, if communication using the TCP / IP protocol is used, the IP datagram that is transmission data of the Internet layer includes the IP address of the transmission source, so that the transmission source address can be extracted on the reception side.

  For example, when a user belonging to Company A inputs “Company A code” as a company code on the thin client terminal 10, the connection processing unit 31 acquires “IP address A1” as a thin client server address from the connection table 32 and obtains a thin client. Return to terminal 10. Further, the connection processing unit 31 extracts the address of the thin client terminal 10-1 from the received data, and sets the connection flag and company code of the entry corresponding to the address of the thin client terminal 10-1 to “ON” and “A company code”, respectively. Update to

  When the terminal processing unit 11 receives the thin client server address, the terminal processing unit 11 issues a connection request to the thin client server 20 using the received thin client server address as a connection destination (S63). When the terminal processing unit 11 receives the notification of the connection failure, the terminal processing unit 11 displays that fact on the startup screen and notifies the user. After that, the terminal processing unit 11 may return to a state where the user can input the company code again, or may perform a process such as a warning by assuming an illegal act if repeated acquisition fails.

  When the server processing unit 21 of the thin client server 20 receives the connection request, the server processing unit 21 executes the connection process and returns a login screen when the connection is successful (S64). The terminal processing unit 11 receives the login screen and displays it on the display unit 13 (S65). This login screen is the same login screen as when the user connects to the thin client server 20 in the company, and the user operates the thin client terminal 10 in the same manner as in the case of in the company and processes the thin client server 20 thereafter. Can be executed to execute a desired application, or to acquire or update desired data.

  An example will be described in which a user inputs a company code as “Company A code” from the thin client terminal 10-1. First, the thin client terminal 10-1 transmits "A company code" to the connection server 30 (S61), and when the connection server 30 returns "IP address A1" which is the address of the thin client server 20A (S62), A connection request is made with the IP address A1 "(S63). When the thin client server 20A receives the connection request, performs connection processing, and returns a login screen for the A company thin client server 20 to the thin client terminal 10-1 (S64), the thin client terminal 10-1 receives the A company thin client server 20 Displays the login screen for. If the user inputs “Company B code”, the thin client terminal 10-1 makes a connection request to the thin client server 20B and displays a login screen for the B company thin client server 20 (S65).

  In this way, a user can connect to a desired thin client server 20 and use the thin client server function by simply inputting a company code that can be expressed with a relatively short number of digits for the thin client server address information. it can. Further, since the connection table 32 is held by the connection server 30 and not held by the thin client terminal 10, high security is ensured in the storage of the connection table 32. In addition, when updating the connection table 32, it is not necessary to update the thin client terminal 10, and only the connection table 32 of the connection server 30 needs to be updated. Therefore, it is easy to add, delete, or change a new company. Flexible system operation becomes possible.

(2) Description of Operation of Connection Procedure 2 Next, the operation of the connection procedure with authentication 2 will be described with reference to FIG. Note that a description of portions that operate in the same manner as in FIG. 6 will be omitted. In particular, steps S63 to S65 are denoted by the same reference numerals because of the same operation contents. In the case of this procedure, it is assumed that the authentication server address is registered in the connection table 32 and the authentication server 40 is connected to the WAN 29.

  When the user turns on the thin client terminal 10, a startup screen is displayed. The display screen in this case is made to input a company code and a personal code. When the user inputs the company code and the personal code, the terminal processing unit 11 transmits the input company code and personal code to the connection server 30 (S66).

  The connection processing unit 31 of the connection server 30 refers to the connection table 32 with the received company code, and temporarily reads and holds the thin client server address and the authentication server address. The code is transmitted (S67).

  Upon receiving the company code and personal code, the authentication processing unit 41 of the authentication server 40 performs authentication by referring to the user table 42 using the received company code and personal code as a key, and returns an authentication result (S68). The simplest method for authentication here is to determine that the authentication is successful if the received company code and personal code are registered in the user table 42.

  Furthermore, as a method for improving security, there are a method in which a user inputs a password in addition to a company code and a personal code, and a method in which biometric information (fingerprint or palm print) is read. The method for inputting the password needs to incorporate a password input function into the startup screen, and the method for reading the biometric information needs to add a device for reading the biometric information to the thin client terminal 10.

  The thin client terminal 10 transmits a password and biometric information in addition to the company code and personal code, and the connection server 30 transmits the password and biometric information to the authentication server 40 in addition to the company code and personal code. The authentication processing unit 41 reads the corresponding password or biometric information with reference to the user table 42 using the received company code and personal code as keys. The authentication processing unit 41 determines that the authentication is successful if the received password matches the password read from the user table 42, and determines that the authentication is successful if the received biometric information matches the biometric information read from the user table 42. To do. The coincidence of biometric information is determined by extracting feature data from the image information and comparing the feature data to determine the coincidence. However, details are not to be solved by the present invention, and will be omitted.

  The connection processing unit 31 receives the authentication result. If the authentication is successful, the connection processing unit 31 returns the thin client server address read from the connection table 32 to the requesting thin client terminal 10 and sets the connection flag of the corresponding entry in the terminal table 33 to “ “ON” is registered, and the company code of the connection destination is registered (S69). If authentication fails, a notification of authentication failure is returned.

  Upon receiving the thin client server address, the terminal processing unit 11 issues a connection request to the thin client server 20 at that address (S63). Thereafter, the same operation as in steps S64 and S65 of FIG. 6 is performed, and the login screen of the connection destination thin client server 20 is displayed on the thin client terminal 10. When the terminal processing unit 11 receives the notification of the authentication failure, the terminal processing unit 11 displays an activation screen so that the company code and the personal code can be input again.

  The above operation will be specifically described by taking as an example a case where a user of company A connects to the thin client server 20A using the thin client terminal 10-1. The user inputs a company code, a personal code, and a password from the startup screen, and further reads his / her fingerprint with a fingerprint reader incorporated in the thin client terminal 10. The fingerprint reading device reads the fingerprint to create fingerprint information, and the terminal processing unit 11 acquires the fingerprint information and transmits it to the connection server 30 together with the entered company code, personal code, and password (S66).

  The connection processing unit 31 acquires the authentication server address “IP address A2” from the connection table 32, and transfers the company code, personal code, password, and fingerprint information to the authentication server 40 with this as the destination (S67). The authentication processing unit 41 performs authentication with reference to the user table 42. In this case, the authentication processing unit 41 reads the password and fingerprint information by referring to the user table 42 with the company code and the personal code, collates the received password and fingerprint information, and determines that the authentication is successful if both match. On the other hand, if they do not match, it is determined that the authentication has failed, and the authentication result is returned (S68).

  If the authentication is successful, the connection processing unit 31 returns “IP address A1”, which is the thin client server address read from the connection table 32, to the requesting thin client terminal 10 (S69). The terminal processing unit 11 makes a connection request to the thin client server 20A (S63), and when the server processing unit 21 performs connection processing and returns a login screen of company A (S64), it receives and displays it (S65).

  The user can log in to the thin client server 20 by inputting, for example, the user ID and password on the login screen, and can execute various applications. In other words, in the connection procedure with authentication, the authentication server 40 authenticates the connection, but the login authentication can be executed using another ID or password, so that security is increased for the connection from the shared facility. Can do. In the case of Company A, authentication is performed using both the password and the biometric information. However, it is possible for Company B to use only the password and Company C to use only the biometric information. Of course, authentication without using a password or biometric information is also possible. In that case, a simple unauthorized access can be detected by authentication if a rule is provided for the allocation of the personal code so that the unauthorized personal code is not registered in the user table 42.

  In the above description, the authentication server 40 receives the company code and the personal code and collates them with reference to the user table 42. However, in the configuration of FIG. 1, each user table 42 registers only its own employees. You can just collate your personal code. In that case, it is not necessary to register the company code in the user table 42. However, in the configuration in which the functions of the authentication server 40 are installed in common instead of individually for each company as in the second embodiment to be described later, collation including the company code is required, and the user table 53 of the same configuration is also used by the company. Code registration is required.

(3) Description of Operation of Connection Procedure 3 Next, the operation of connection procedure 3 with authentication and entry confirmation will be described with reference to FIG. Note that a description of portions that operate in the same manner as in FIG. 6 will be omitted. In particular, steps S63 to S65 are denoted by the same reference numerals because of the same operation contents. In the case of this procedure, it is assumed that the entrance / exit leader 15 is installed in the common facility, and the entry / exit table 34 and the terminal table 33 are prepared in the connection server 30.

  When the user enters the common facility, he / she causes the entrance / exit reader 15 to read the portable storage medium storing the user information including the company code and personal code of the user, and performs the entrance procedure or the exit procedure. The entrance / exit reader 15 transmits the read user information to the connection server 30 as a notification destination set in advance as an entrance procedure request or an exit procedure request. The operation of the entrance procedure and the exit procedure can be realized by providing the entrance / exit reader 15 with a switch for selecting entry and exit. Alternatively, it can be realized by dividing the entrance / exit leader 15 into an entrance leader and an exit leader.

  When receiving the entry procedure request or the exit procedure request, the connection processing unit 31 extracts the address information of the sender entrance / exit reader 15 from the communication information and reads the facility code with reference to the terminal table 33. Subsequently, the connection processing unit 31 creates an entry from the read facility code and the received user information if it is an admission procedure request and registers it in the entrance / exit table 34. If it is an exit procedure request, the connection processing unit 31 receives the read facility code. The user information entry is deleted from the entry / exit table 34 (S71).

  By operating the entrance / exit reader 15 and the connection server 30 in this way, it is managed that the user information in the room is always registered in the entrance / exit table 34. Therefore, the connection processing unit 31 can confirm whether the user is actually in the shared facility by referring to the entrance / exit table 34.

  After the user performs the entrance procedure, when the thin client terminal 10 is started up and the company code and personal code are input on the startup screen, the terminal processing unit 11 transmits the input company code and personal code to the connection server 30 ( S72).

  When the connection processing unit 31 receives the company code and the personal code, the connection processing unit 31 extracts the transmission source address, refers to the terminal table 33, and reads the facility code where the transmission source thin client terminal 10 is installed (S73). Subsequently, the connection processing unit 31 refers to the entrance / exit table 34 using the read facility code as a key, and checks whether there is a match between the received company code and the personal code in the corresponding facility code entry (S74).

  If there is a matching entry, the connection processing unit 31 reads the authentication server address by referring to the connection table 32 with the received company code, and transmits the received company code and personal code to the read authentication server address (S75). If there is no matching entry, a user who should not have entered the shared facility has operated the thin client terminal 10 of the shared facility, and the connection processing unit 31 rejects authentication and sends a notification of authentication rejection to the thin client terminal. Return to 10.

  When the company code and personal code are received, the authentication processing unit 41 refers to the user table 42 to check whether the received company code and personal code entry is registered. If registered, the authentication processing unit 41 returns authentication success and is not registered. If so, an authentication failure is returned (S76). As described in the description of the operation of the connection procedure with authentication, authentication can be performed with higher security by authenticating using a password or biometric information in addition to the company code and personal code.

  The connection processing unit 31 receives the authentication result, and if the authentication is successful, reads the address of the thin client server 20 from the connection table 32 with the company code and returns it to the thin client terminal 10. Further, the connection flag of the corresponding entry in the terminal table 33 Is set to “ON” and the company code of the connection destination is registered (S77). When the connection processing unit 31 receives the authentication failure, the connection processing unit 31 returns a notification of the authentication failure to the thin client terminal 10.

  Upon receiving the thin client server address, the terminal processing unit 11 issues a connection request to the thin client server 20 at that address (S63). Thereafter, the same operation as in steps S64 and S65 of FIG. 6 is performed, and the login screen of the connection destination thin client server 20 is displayed on the thin client terminal 10. When the terminal processing unit 11 receives the notification of the authentication failure, the terminal processing unit 11 displays an activation screen so that the company code and the personal code can be input again. In addition, when the terminal processing unit 11 receives a notification of authentication rejection, the terminal processing unit 11 displays a message to that effect on the display unit 13 to notify the user that the presence confirmation has not been performed normally. In this case, since there is a possibility of unauthorized access, the power of the thin client terminal 10 may be turned off after the message is displayed.

  In Steps S73 and S71, the common facility where the thin client terminal 10 and the entrance / exit leader 15 are installed is specified by referring to the terminal table 33 by the network address of the thin client terminal 10 and the entrance / exit leader 15. The present invention can also be realized by a configuration in which the facility code is stored in the storage means in each thin client terminal 10 or the entrance / exit reader 15. In this case, the thin client terminal 10 transmits the facility code to the connection server 30 in addition to the company code and the personal code, and each entrance / exit leader 15 adds the facility code to the user information and requests an entrance procedure or exit procedure. Since the connection server 30 can acquire the facility code without referring to the terminal table 33 by transmitting the request, the present invention can eliminate the terminal table 33 in the connection procedure 4.

(4) Explanation of operation of connection procedure 4 In the above connection procedures 1 to 3, the company code is input by the user operating the input unit 12 and the reader 14 is not used. The operation of the connection procedure 4 in which user information is input using a portable storage medium that stores user information in an individual storage format of each company (thin client server 20) will be described. The connection procedure 4 is different from the connection procedures 1 to 3 in that the reader 14 and the extraction routine unit 35 are required and a procedure in which the connection server 30 extracts user information is added. The operation of the part will be described. However, if a storage medium that can be directly connected to an input / output bus provided in the thin client terminal 10 is used as a portable storage medium, the reader 14 becomes unnecessary.

  The reader 14 has a function of reading data from a portable storage medium (for example, an IC card or an RFID tag) like the entry / exit reader 15 and is controlled by the terminal processing unit 11. In addition, although the portable storage medium of each company memorize | stores user information in the format of an individual specification, it shall be the portable storage medium of the same kind, and the medium data memorize | stored in the reader 14 shall be read. . Hereinafter, the portable storage medium is assumed to be an IC card, and the case of connection procedure 1 will be described as an example.

  FIG. 9 is a flowchart showing the operation when the connection procedure 4 is applied, taking the case of the connection procedure 1 as an example. First, when the user inputs a company code or personal code in the connection procedures 1 to 3, when the reader 14 reads the IC card, the terminal processing unit 11 transmits the medium data read from the IC card to the connection server 30. (S81). At this time, the terminal processing unit 11 performs transmission with information indicating that the data to be transmitted is not company code but medium data.

  The connection processing unit 31 determines whether the received data is a company code or medium data (S82). If it is determined that the received data is a company code, the process from step S62 to step S65 is executed as in the connection procedure 1 as described above. When the received data is media data, the connection processing unit 31 selects and executes one extraction routine in the extraction routine unit 35, and the extraction routine assumes that the media data is the storage format of its own IC card and sets the company code. It is extracted (S83), and it is confirmed whether the extracted company code is correct (S84).

  For example, the extraction routine for Company A reads the company code from the media data position where the company code should be written, assuming that the media data is written in its own storage format. If the media data is read from the company's IC card, the company code “company A code” should be read out. If the read data matches the company code, the extraction routine for company A is Judged as successful extraction. At this time, the extraction routine for company A can also extract the personal code from the storage position of the personal code on the medium data.

  If the media data is not from Company A, the read data is unspecified data, so it does not match the Company A code, and the extraction routine for Company A can be confirmed as not being the user of the company, and the extraction is not judged successful. . Here, the company code is used as coincidence detection data for the sake of simple explanation, but it goes without saying that more reliable confirmation can be made by preparing dedicated data for coincidence detection or using cryptographic techniques.

  If the extraction is successful, the connection processing unit 31 reads the thin client server address by referring to the connection table 32 with the extracted company code and returns it (S62). Thereafter, steps S63 to S65 are executed.

  If the extraction is not successful in step S84, if there is an unexecuted extraction routine (S85), the connection processing unit 31 returns to step S83 to select and execute the unexecuted extraction routine. If the extraction has failed and there is no unexecuted extraction routine (S85), the extraction routine corresponding to the read IC card is not present in the extraction routine unit 35, and the IC card is a non-target IC card. The connection processing unit 31 returns an extraction failure (S86).

By applying the connection procedure 4 in this way, it is possible to avoid annoying input operation of the company code and personal code by the user. By storing the password and key data for authentication in the IC card, the password input operation can be performed. It can be avoided and more secure authentication is possible. Although explanation is omitted, it can be easily understood that the connection procedure 4 can be applied to the connection procedure 2 or 3.
(5) Logoff Supplementary Procedure The above description has been given for the connection procedure. Here, the logoff executed mainly by the connection server 30 in order to avoid a decrease in efficiency when the user does not perform the logoff operation correctly. A supplementary procedure will be described. Usually, when the login screen is displayed, the user can execute a predetermined procedure to log in to the thin client server 20 and receive the service of the thin client server 20. When the user ends the use of the thin client terminal 10, the thin client terminal 10 is powered off after performing logoff processing on the thin client server 20.

  However, if the user turns off the power of the thin client terminal 10 without performing a normal logoff process for some reason, the thin client server 20 remains in the logon state. In this state, the next person cannot use the thin client terminal 10 normally or the performance of the thin client server 20 deteriorates, so that the efficiency of the thin client system decreases.

  FIG. 10 is a flowchart showing the operation of the logoff supplementary procedure. In steps S62, S69, and S77 of the connection procedures 1 to 3 described above, the connection processing unit 31 returns the terminal table when returning the connection destination thin client server address (server connection information) to the thin client terminal 10. The connection flag 33 is set to “ON”. Therefore, in the state where FIG. 10 is executed, the connection flag of the corresponding thin client terminal 10 is once in the “on” state.

  The connection flag is turned “off” by a flag off instruction from the thin client terminal 10 or the thin client server 20. For example, the thin client terminal 10 has the reader 15, the user attaches a portable storage medium to the reader 15, the reader 15 reads the company code from the portable storage medium, and the terminal processing unit 11 connects the company code to the connection server. 30, the terminal processing unit 11 can send a logoff instruction to the connection server 30 by detecting through the reader 15 that the portable storage medium has been removed. .

  In this mode, the user connects to the thin client server 20 with the portable storage medium attached to the reader 15 to receive the service, and performs logoff processing when the use is terminated, and then the portable storage medium. The medium is removed from the reader 15, and then the power is turned off. Therefore, it can be determined that the portable storage medium is logged off when the portable storage medium is removed from the reader 15. In addition to this, when the thin client server 20 receives a logoff request from the thin client terminal 10, the network address, company code, and personal code of the thin client terminal 10 that requested the logoff are attached to all the connection servers 30. This function can also be executed by sending a flag off instruction, but it is necessary to incorporate this function into the thin client server 20.

  When the user performs a power-off operation of the thin client terminal 10, the terminal processing unit 11 transmits a power-off notification to the connection server 30 when executing the power-off sequence (S91). When the connection processing unit 31 receives the shutdown notification, the connection processing unit 31 checks the connection flag (S92). If it is in the off state, nothing is done. If it is in the on state, it is determined that the logoff operation is forgotten. The thin client server address is read from the connection table 32 with the read company code, and a log off request for the thin client terminal 10 is transmitted to the thin client server 20 (S93). The server processing unit 21 receives the logoff request and performs logoff processing (S94).

  The connection processing unit 31 extracts the address of the transmission source thin client terminal 10 from the communication data of the power-off notification at the time of the logoff request, and transmits it with the logoff request. The server processing unit 21 specifies a target to be logged off from the address of the thin client terminal 10 attached to the logoff request and performs logoff processing. By the logoff process, the thin client server 20 stops any application that the user has left running. As a result, the resources of the thin client server 20 used by the application can be released, so that the thin client server 20 can effectively use the resources and can avoid deterioration in performance.

  Next, a second embodiment of the present invention will be described. FIG. 11 is a diagram showing the configuration of the second exemplary embodiment of the present invention. Comparing FIG. 11 with FIG. 1 showing the configuration of the first embodiment of the present invention, the configuration of FIG. 11 is that the authentication server 40 is excluded from the company facilities, and the function of the authentication server 40 is the authentication processing unit 52 and The difference is that the user table 53 is incorporated in the connection server 50 and that the connection server 50 is connected to the WAN 29 instead of the LAN 19.

  In the configuration of FIG. 1, the authentication server 40 is installed for each company's equipment. However, in the configuration of FIG. 11, functions corresponding to the authentication server 40 are integrated and implemented in the connection server 50. Therefore, the “authentication server address” included in the entry of the connection table 32 required in the first embodiment is not necessary.

  In addition, as shown in FIG. 12, the user table 53 registers information about users of all companies that use each shared facility. The configuration of entries in the user table 53 is the same as the configuration of entries in the user table 42 and will not be described. However, whether or not to use passwords and biometric information for each company can be selected. There is a difference in the information registered in.

  Referring to FIG. 12, Company A uses a password and biometric information at the time of authentication, Company B uses only feature data at the time of authentication, and Company C uses only a password at the time of authentication. Accordingly, the authentication processing unit 52 adds processing for switching information (password, biometric information) used at the time of authentication for each company to the authentication processing unit 41.

  The configuration in which the connection server 30 is directly connected to the WAN 29 is not particularly different from the configuration in FIG. 1 in operation. In FIG. 1, it is necessary to install the connection server 30 for each LAN 19, but in FIG. The system is built economically.

  Compared with the connection processing unit 31, the connection processing unit 51 only changes the data exchange procedure with the authentication server 40 to a data exchange procedure in the connection server 50, and the function is the same, so the description thereof is omitted. For example, in the operation of step S 67, the connection processing unit 51 passes the company code and personal code to the authentication processing unit 52 instead of transmitting the company code and personal code to the authentication server 40 via the LAN 19 and WAN 29.

  Although the difference has been described above, the operational difference can be easily understood from the above description, and thus a detailed description of the operation is omitted. In addition, it is possible to easily connect the connection server 30 to the WAN 29 without connecting the connection server 30 for each LAN 19 in the configuration of FIG. 1, and the operation can be easily understood. However, the terminal table 33 and the entrance / exit table 34 include entries for all shared facilities as in the second embodiment.

  As described above, according to the present invention, the connection between the thin client terminal 10 and the thin client server 20 is executed using the connection server 30 or the connection server 50 installed between the thin client terminal 10 and the user. Since the connection destination information is not directly input, only the server identification information (company code) for identifying the connection destination server is input, and the connection server 30 converts the server connection information to provide the server connection information. The risk of leakage can be reduced and the security of the thin client system can be improved. Of course, this can also be applied to a client server system.

  Further, by incorporating the authentication server 40 or a function corresponding thereto (connection procedure 2), unauthorized connection to the thin client system by an outsider can be avoided. In addition, by managing the users who are present in the common facility in the entrance / exit table 34 (connection procedure 3), even if an outsider enters the common facility illegally and tries to connect the thin client terminal 10, the connection is rejected. it can. In addition, by executing each company's extraction routine (connection procedure 4), it is possible to reduce the labor of the user's connection operation. In addition, by monitoring the shutdown of the thin client terminal 10 and supplementarily performing the logoff on behalf of the connection server 30 or 50, it is possible to avoid problems caused by the user forgetting to log off.

It is the figure which showed the structure of the 1st Embodiment of this invention. It is the figure which showed an example of the connection table 32 of this invention. It is the figure which showed an example of the terminal table | surface 33 of this invention. It is the figure which showed an example of the entrance / exit table | surface 34 of this invention. It is a figure showing an example of user table 42 of a 1st embodiment of the present invention. It is the flowchart which showed the operation | movement of the connection procedure 1 used as the basis of this invention. It is the flowchart which showed the operation | movement of the connection procedure 2 with authentication of this invention. It is the flowchart which showed the operation | movement of the connection procedure 3 with admission confirmation of this invention. It is the flowchart which showed the operation | movement of the connection procedure 4 using the portable storage medium of this invention. It is the flowchart which showed the operation | movement of the logoff supplementary procedure of this invention. It is the figure which showed the structure of the 2nd Embodiment of this invention. It is a figure showing an example of user table 53 of a 2nd embodiment of the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Thin client terminal 11 Terminal processing part 12 Input part 13 Display part 20 Thin client server 21 Server processing part 22 AP part 30 Connection server 31 Connection processing part 32 Connection table 33 Terminal table 34 Entrance / exit table 35 Extraction routine part 40 Authentication server 41 Authentication processing unit 42 User table 50 Connection server 51 Connection processing unit 52 Authentication processing unit 53 User table

Claims (14)

In a client server connection system that connects a client terminal installed in a shared facility and a plurality of servers that connect to the client terminal and provide services, over a network,
Connecting a connection server having a connection table associating server identification information for identifying the server with server connection information necessary for connecting to the server to the network;
Connecting an entry / exit reader that reads server identification information and user identification information for identifying a user from a portable storage medium installed in the shared facility and possessed by the user to the network,
The entrance / exit reader reads the server identification information and the user identification information from the portable storage medium when an entrance procedure operation is performed, sends the entry procedure request to the connection server,
When the connection server receives the admission procedure request, it registers an entry in which the facility code is added to the received server identification information and user identification information in the entrance / exit table, and the user identification is added to the server identification information from the client terminal. When the information is received, it is referred to whether the entry including the received server identification information, user identification information, and the facility code of the transmission source is registered in the entrance / exit table. If registered, the connection is made by the received server identification information. A client-server connection system, wherein corresponding server connection information is read from the table and returned. The connection server has a terminal table that holds an entry including a network code of the client terminal or the entrance / exit leader and a facility code for identifying the shared facility,
Upon receiving an admission procedure request, the facility code of the entry / exit server is read from the terminal table, an entry including the read facility code, the received server identification information and user identification information is created and registered in the entry / exit table,
When user identification information is received from the client terminal in addition to server identification information, the facility code of the client terminal of the transmission source is read from the terminal table, and includes the read facility code, the received server identification information, and user identification information 2. The client server connection system according to claim 1, wherein corresponding server connection information is read from the connection table and returned based on the received server identification information only when an entry is registered in the entry / exit table. The client terminal has a reader that reads media data from a portable storage medium that stores server identification information in a different storage format for each server, and transmits the media data to the connection server when the reader reads the media data from the portable storage medium. ,
The connection server has an extraction routine for extracting server identification information from the medium data for each storage format. When the medium data is received, the connection server sequentially executes the extraction routine, and the server identification information is obtained by executing the extraction routine corresponding to the storage format. extracting out the client server connection system according to claim 1, wherein Rukoto. The terminal table includes a flag;
The connection server turns on the flag of the terminal table when returning the corresponding server connection information and registers the received server identification information in the terminal table;
When the client terminal uses the received server connection information to connect to the server, determines that the connection with the server has been canceled, transmits a flag-off instruction to the connection server, and detects a power-off operation Send a power off notification to
The connection server turns off the flag of the terminal table when receiving a flag off instruction, refers to the terminal table when receiving a power-off notification, and connects with the server identification information registered in the terminal table when the flag is on 3. The client server connection system according to claim 2 , wherein server connection information is read with reference to a table, and a logoff request of the client terminal is transmitted to the corresponding server. The client terminal has a reader that reads server identification information from a portable storage medium. When the reader reads server identification information from the portable storage medium, the client terminal transmits the server identification information to the connection server, and the portable storage medium is removed from the reader. 5. The client server connection system according to claim 4 , wherein a flag-off instruction is transmitted to the connection server upon receiving the notification. In a client server connection method in a client server system in which a client terminal installed in a shared facility and a plurality of servers connected to the client terminal and providing services are connected via a network,
Connecting a connection server having a connection table associating server identification information for identifying the server with server connection information necessary for connecting to the server to the network;
Connecting an entry / exit reader that reads server identification information and user identification information for identifying a user from a portable storage medium installed in the shared facility and possessed by the user to the network,
When an entrance procedure operation is performed, the entrance / exit reader reads server identification information and user identification information from the portable storage medium, sends the entry procedure request to the connection server, and the connection server When the request is received, an entry in which the facility code is added to the received server identification information and user identification information is registered in the entrance / exit table, and when the user identification information is received from the client terminal in addition to the server identification information, the received Refer to whether an entry including server identification information, user identification information, and a facility code of a transmission source is registered in the entry / exit table, and if registered, the server connection information corresponding to the connection table based on the received server identification information A client-server connection method characterized by reading out and returning data. Said client terminal sends to strike the connection server read out the medium data from a portable storage medium for storing server identification information in different storage formats for each of the server, the connection server receives the media data, storage format client-server of claim 6, wherein Rukoto issuing extract the server identification information extraction routines for extracting server identification information from the media data provided by the executed order, execution of extraction routine corresponding to the storage format for each Connection method. When the connection server returns the corresponding server connection information, the connection server holds an entry including the network address of each client terminal, server identification information, and a flag indicating that the client terminal is connected to the server. To turn on the terminal table flag to register the received server identification information in the terminal table,
When the client terminal uses the received server connection information to connect to the server, determines that the connection with the server has been canceled, transmits a flag-off instruction to the connection server, and detects a power-off operation Send a power off notification to
The connection server turns off the flag of the terminal table when receiving a flag off instruction, refers to the terminal table when receiving a power-off notification, and connects with the server identification information registered in the terminal table when the flag is on 7. The client server connection method according to claim 6 , wherein server connection information is read with reference to a table, and a logoff request of the client terminal is transmitted to the corresponding server. A client terminal installed in a common facility, and a plurality of servers connected to the client terminal to provide services, and connected via a network;
A connection table for associating server identification information for identifying the server and server connection information necessary for connecting to the server;
An entry procedure request including server identification information and user identification information is received from an entry / exit reader that reads server identification information and user identification information for identifying a user from a portable storage medium installed in the common facility and possessed by the user. Then, an entry in which the facility code of the transmission source is added to the received server identification information and user identification information is registered in the entrance / exit table,
When receiving the user identification information in addition to the server identification information from the client terminal, refer to whether the entry including the received server identification information, the user identification information and the facility code of the transmission source is registered in the entrance / exit table, connection server that is characterized in that return reads server connection information corresponding from the connection table by server identification information received if it is registered. Each storage format has an extraction routine for extracting server identification information from media data read from a portable storage medium that stores server identification information in a different storage format for each server, and receives the media data from the client terminal then, the connection server of claim 9, wherein said extraction routine executed in this order, and wherein Rukoto issuing extract the server identification information by executing the extraction routine corresponding to the storage format. Has a terminal table in which the before and SL network address and the server identification information of each client terminal client terminal holds an entry containing a flag indicating that it is connected to the server,
When returning the corresponding server connection information, when the flag of the terminal table is turned on and the server identification information received in the terminal table is registered, and when it is determined that the connection with the server has been canceled from the client terminal When a flag-off instruction to be transmitted is received, the flag of the terminal table is turned off, and when a power-off notification transmitted when detecting a power-off operation from the client terminal is received, the terminal table is referred to and the flag is on 10. The connection server according to claim 9 , wherein server connection information is read by referring to the connection table with server identification information registered in the terminal table, and a logoff request of the client terminal is transmitted to the corresponding server. . Server identification information that identifies a server that provides services by connecting to a client terminal installed in a shared facility and user identification information that identifies a user are stored in a portable storage medium that is installed in the shared facility and possessed by the user. When receiving from the read entry / exit reader, a procedure for registering in the entry / exit table an entry obtained by adding the facility code of the transmission source to the received server identification information and user identification information;
Upon receiving server identification information and user identification information from the client terminal, a procedure for referring to whether an entry including the received server identification information, user identification information, and a facility code of a transmission source is registered in the entry / exit table;
If registered, based on the received server identification information, the server executes the procedure of reading the server connection information from the connection table that associates the server identification information with the server connection information necessary for connecting to the server and returning it to the computer. Program to make. When media data stored in a portable storage medium that stores server identification information in a different storage format for each server that provides services by connecting to a client terminal installed in a shared facility is provided for each storage format. A procedure for sequentially executing an extraction routine for extracting server identification information from the media data ;
The program according to claim 12 for executing a procedure for extracting the server identification information by executing the extraction routine corresponding to the storage format in a computer. When returning the corresponding server connection information, for a terminal table holding an entry including a network address of each client terminal, server identification information, and a flag indicating that the client terminal is connected to the server Registering the received server identification information with the flag turned on,
A procedure for turning off the flag of the terminal table upon receiving a flag off instruction transmitted when it is determined that the connection with the server has been canceled from the client terminal;
When receiving a power-off notification transmitted when a power-off operation is detected from the client terminal, the terminal table is referred to, and when the flag is on, the connection table is referred to by server identification information registered in the terminal table. To read server connection information,
The program according to claim 12, which causes a computer to execute a procedure for transmitting a logoff request of the client terminal to the corresponding server.

Images