JP5046181B2 - Session control system and session control method - Google Patents

Description

  The present invention relates to a session control technique in a thin client environment.

  There is a thin client as a secure system against information leakage of electronic data. A thin client centrally manages electronic data, system programs, applications, and the like on a server, and provides an individual work environment for each user. The user transmits operation information such as a mouse and a keyboard from the client terminal to the server, and the server transmits only the screen information after the operation to the client terminal. Since the client terminal does not have electronic data, electronic data does not leak from the client terminal.

  However, although the conventional thin client is effective for countermeasures against leakage of electronic data, it does not cope with fraudulent acts performed by the user on the server. For example, printing a file containing confidential information cannot be prevented simply by making the system a thin client.

With respect to this problem, in Patent Document 1, in the thin client, when the administrator intentionally monitors the user or when the user starts a specific application designated by the administrator, the server displays a user screen on the server. A system for listing is disclosed.
Japanese Patent Laid-Open No. 2003-6062

  By the way, in the system described in Patent Document 1, it is actually impossible for an administrator to monitor all users, and some illegal acts can be prevented by monitoring an operation that seems to be an illegal act. However, it is difficult to prevent other misconduct.

  Further, it has been pointed out that when an operation that seems to be an illegal act is uniformly prohibited, an operation that cannot be executed even for a legitimate usage purpose occurs and is inconvenient.

  The present invention has been made in view of such circumstances, and when a user performs processing that seems to be fraudulent in a thin client, the processing is temporarily stopped and the user's session is transferred to another user. By doing so, it aims to prevent further fraud. In addition, when a user who has received a session from another user gives an instruction to continue the process, a mechanism is provided so that the process can be continued.

  In order to solve the above problems, a session control system according to the present invention is a session control system in which a server and one or more client terminals can communicate via a network. In the present invention, “session” represents a unit of processing by a series of communication of operation information and screen information between a server and a client terminal. A session can be transferred from one client terminal to another client terminal. Here, each of the client terminals includes an operation unit that transmits an input operation from the user as operation information to the server, and a screen display unit that receives and displays the screen information from the server. In addition, the server manages a series of communication of operation information and screen information as a session, identifies a client terminal that is communicating based on the identification information of the session, and controls communication, and a first client terminal Operation processing means for processing data according to the operation information received from the screen, screen transmission means for transmitting the data state after processing by the operation processing means to the client terminal connected to the session as screen information, and prohibited user actions Prohibition information storage means for storing the prohibition information indicating the session transfer destination information in association with each other, and prohibition information in which the operation information received from the first client terminal is stored in the prohibition information storage means If it matches at least one of the above, and if it matches, the process related to the operation information is suspended Operation monitoring means for issuing a temporary stop instruction and a session transfer instruction for transferring a session related to the operation information, and receiving the temporary stop instruction from the operation monitoring means, and temporarily stopping the processing related to the received operation information Receiving the session transfer instruction from the suspension means and the operation monitoring means, identifying the transfer destination client terminal from the transfer destination information included in the session transfer instruction, and identifying the identification information of the session with the first client terminal And a session transfer means for transferring the session from the first client terminal to the destination client terminal after saving. According to this invention, in a thin client or the like, a session of a user who has performed a process that matches the prohibited action can be transferred, and the process of the session can be temporarily stopped. In other words, a session of a user who has performed a process that appears to be fraudulent is transferred to another user, and the user's process is temporarily suspended. Therefore, a user who has been transferred a session can continue further fraudulent activities. Eliminates security.

  At this time, the suspension means further waits for an instruction as to whether or not to continue the suspended processing from the second client terminal that is the current connection destination of the session, and instructs to continue from the second client terminal. If received, continue the suspended process and issue a session return instruction for returning the transferred session from the second client terminal to the first client terminal. The session transfer means further includes a pause means In response to the session return instruction from the second client terminal, the session is preferably returned from the second client terminal to the first client terminal. According to this invention, when a user performs a process that seems to be an illegal act, the process is temporarily stopped, and the user's session is transferred to another user, thereby preventing further illegal acts. In addition, when a user who has received a session from another user determines whether or not to continue the process, and the other user permits the process to continue, the process can be continued. Moreover, after another user permits the continuation of the process, the transferred session can be returned to the connection before the transfer.

  In addition, preferably, when the pause means receives an instruction from the second client terminal not to continue the paused process, the pause means cancels the paused process and stops, and transfers the transferred session. A session return instruction for returning from the second client terminal to the first client terminal is issued. According to this invention, when a user who has received a session instructs not to continue the suspended process, the process can be canceled and stopped. In other words, since a user session that has been processed that is considered to be fraudulent is transferred to another user, the user who has been transferred the session cannot continue further fraud, and security is improved. In addition, since a user who has received a session from another user can instruct whether or not to continue the temporarily suspended process, it is possible to continue with a legitimate operation without prohibiting the process as an illegal act. In addition, since a user who has received a session from another user can instruct whether or not to continue the temporarily suspended process, it is possible to continue with a legitimate operation without prohibiting the process as an illegal act.

  More preferably, the server includes log storage means for storing a user operation history as an operation log. If the operation information received from the first client terminal matches the prohibition information stored in the prohibition information storage unit, the operation monitoring unit further includes the corresponding prohibition information and the operation log of the user of the first client terminal. A transmission instruction is issued to send at least one of them to the client terminal of the session transfer destination, and the screen transmission means further receives the transmission instruction and matches the prohibited information or the user of the first client terminal. Screen information including at least one of the operation logs is transmitted to the transfer destination client terminal. According to this invention, a user who has received a session from another user can refer to at least one of the reason why the session has been transferred and the operation history of the user who has transferred the session. It is possible to more accurately determine whether or not to continue the process.

  In addition, when the session transfer means receives operation information including a session transfer instruction and transfer destination information from the second client terminal that is the current connection destination of the session, the session transfer means uses the transfer destination information included in the operation information. It is preferable to specify the transfer destination client terminal and store the identification information of the session with the second client terminal, and then retransfer the session from the second client terminal to the transfer destination client terminal. According to this invention, when a user who has received a session from another user cannot determine whether or not to continue the suspended process, the received session is further transferred to another user, for example, a supervisor. Since it can be requested, more accurate judgment can be made.

  Furthermore, the temporary stop means cancels the process if it does not receive an instruction from the client terminal as to whether or not to continue the process even after a certain period of time has elapsed after the process related to the received operation information is temporarily stopped. And a session return instruction for returning the transferred session from the second client terminal to which the session is currently connected to the first client terminal. According to this invention, since the suspended process is automatically stopped after a predetermined time has elapsed, the process is secure without being illegally continued. In addition, since the session is returned to the original client terminal after the processing is stopped, the user can continue the subsequent processing.

  The session control server according to the present invention is a session control server that can communicate with one or more client terminals via a network. Operation information indicating an input operation from a user at the client terminal and a screen displayed on the client terminal A series of communication with information is managed as a session, session control means for specifying and controlling communication with a client terminal that is communicating based on the identification information of the session, and data according to operation information received from the first client terminal Operation processing means to be processed, screen transmission means for transmitting the data state after processing by the operation processing means to the connection destination client terminal as screen information, prohibition information indicating a prohibited user's action and session transfer Prohibition information stored in association with transfer destination information indicating the destination It is determined whether or not the operation information received from the memory means and the first client terminal matches at least one of the prohibition information stored in the prohibition information storage means. Operation monitoring means for issuing a pause instruction for pausing such processing and a session transfer instruction for transferring a session related to the operation information, and an operation received in response to a pause instruction from the operation monitoring means A first client terminal that receives a session transfer instruction from the suspension means for temporarily suspending the processing related to the information and the operation monitoring means, identifies the transfer destination client terminal from the transfer destination information included in the session transfer instruction, and After the session identification information is saved, the session for transferring the session from the first client terminal to the destination client terminal And a transfer means.

The session control method according to the present invention is a session control system in which a server and one or more client terminals can communicate via a network.
A session control method in a session control system in which a server and one or more client terminals can communicate via a network, wherein the server displays operation information indicating an input operation from a user at the client terminal and the client terminal A series of communication with the screen information is managed as a session, the client terminal that is communicating based on the identification information of the session is specified and communication control is performed, and the server according to the operation information received from the first client terminal Prohibition information in which the step of processing the data and the server stores the association information indicating the user action to be prohibited and the transfer destination information indicating the transfer destination of the session in association with the operation information received from the first client terminal. Whether it matches at least one of the prohibition information stored in the storage means If they match, the processing related to the operation information is temporarily stopped, and the transfer specified by the transfer destination information stored in the prohibition information storage means in association with the prohibition information matching the operation information. Transferring a session related to the operation information to a previous client terminal.

  The program of the present invention causes a computer to execute each step of the session control method of the present invention. The program of the present invention can be installed or loaded on a computer through various recording media such as an optical disk such as a CD-ROM, a magnetic disk, or a semiconductor memory, or via a communication network.

  In this specification and the like, the means does not simply mean a physical means, but includes a case where the functions of the means are realized by software. Further, the function of one means may be realized by two or more physical means, or the functions of two or more means may be realized by one physical means.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the same code | symbol is attached | subjected to the same element and the overlapping description is abbreviate | omitted.

  FIG. 1 is a system configuration diagram showing a schematic configuration of a server client type system (session control system 100) that performs session control processing according to an embodiment of the present invention. As shown in FIG. 1, the session control system 100 includes a server 10 and one or more client terminals 20 (20A and 20B in FIG. 1), which are connected to each other via a network N. It is configured to be able to communicate.

  The server 10 is a server computer that holds individual data for each user and performs session control processing according to the present invention. The server 10 has a function of identifying and controlling a session for each user, a function of receiving operation information from the client terminal 20 and operating data, a function of transmitting a state after data operation to the client terminal 20 as screen information, a user A function to check whether or not the operation is a prohibited act, if it is a prohibited act, a function to pause the process and transfer the session to another user, or an instruction from the transfer destination user to continue the suspended process For example, a function to continue the process, a function to stop the process if there is an instruction from the transfer destination user not to continue the suspended process, and a function to return the transferred session to the transfer source user.

  The client terminal 20 is a client computer that is operated by a general user or a system administrator. The client terminal 20 receives an input operation from the user as operation information, and receives and displays screen information from the server 10. Function.

  The network N is a communication line for transmitting and receiving information between the server 10 and the client terminal 20. For example, any of a LAN, the Internet, a dedicated line, a packet communication network, a telephone line, a corporate network, other communication lines, combinations thereof, and the like may be used, regardless of whether they are wired or wireless.

  FIG. 2 is a block diagram illustrating an example of a hardware configuration of the server 10. The server 10 is applicable to a dedicated or general-purpose computer, and is a CPU 11 as a control means for controlling the operation and processing of each unit, a database (DB) 12 as a storage means for storing various information, and necessary for processing. A ROM 13 that stores various data, a RAM 14 that functions as a work area, an interface (I / F) 15 that mediates data exchange, and a bus 16 that connects them. The server 10 may be composed of a single computer or may be composed of a plurality of computers distributed on a network.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the client terminal 20. The client terminal 20 is applicable to a dedicated or general-purpose computer, and includes a CPU 21 as a control means for controlling the operation and processing of each unit, a ROM 23 for storing data necessary for processing, and a RAM 24 functioning as a work area. , An interface (I / F) 25 that mediates the exchange of data, and a bus 26 that connects them. In addition, an input mechanism 27 for inputting information to the client terminal 20 via the interface 25 and a display mechanism 28 for displaying and outputting information are provided.

  FIG. 4 is a block diagram showing the overall configuration of the session control system 100. This figure particularly shows the overall configuration of a system according to Examples 1 and 4 to be described later. As shown in FIG. 4, the server 10 includes a session control unit 31, an operation processing unit 32, an operation monitoring unit 33, a stop unit 35, a session transfer unit 36, a screen transmission unit 37, and a data storage unit 41. And log storage means 42 and prohibition information storage means 43. The client terminal 20 includes an operation unit 51 that transmits an input operation from the user to the server 10 as operation information, and a screen display unit 52 that receives and displays the screen information from the server 10.

  The session control means 31 has a function of specifying a user who is communicating from the identification information of the session and controlling communication by using a series of communication of operation information received from the client terminal 20 and screen information transmitted to the client terminal 20 as a session. Have. In addition, when a user who receives a session transfer from another user gives an instruction to disconnect the session, the user has a function of disconnecting the session.

  The operation processing unit 32 has a function of receiving operation information from the client terminal 20 and processing data according to the operation information. Further, when the prohibited action is detected and the session is transferred, the screen transmission unit 37 displays at least one of the prohibited information indicating the prohibited action and the operation log indicating the operation history of the user. Has a function of issuing a transmission instruction.

  The operation monitoring unit 33 has a function of monitoring the operation processing unit 32 to monitor the presence / absence of a prohibited act. Specifically, based on the operation information received from the client terminal 20, it is determined whether or not the user operation matches the prohibition information stored in the prohibition information storage unit 43. Have a function of issuing a pause instruction for pausing the process according to, and a session transfer instruction for transferring the session to another user. Further, it has a function of monitoring the operation information to determine whether or not the information matches the prohibition information, and to send the operation information to the operation processing means 32 so as to display an operation log if the information matches. The session transfer instruction includes transfer destination information indicating a session transfer destination as well as information indicating that a session is transferred.

  The stop means (temporary stop means) 35 receives a pause instruction from the operation monitoring means 33, pauses processing by an operation that matches the prohibition information, waits for an instruction as to whether or not to continue the processing, and continues. If an instruction is received, the process is continued. If an instruction is not received, the process is canceled and stopped, and a session transfer instruction (session return) for returning the transferred session to the connection before transfer. Instruction) to the session transfer means 36. In addition, there is a function of canceling and stopping the process if there is no instruction to continue the process even after a certain time has elapsed since the process was temporarily stopped.

  In response to the session transfer instruction from the operation monitoring unit 33, the session transfer unit 36 specifies the transfer destination based on the transfer destination information in the prohibition information storage unit 43, stores the identification information of the session before the transfer, and transfers the session. It has a function to perform processing. Further, it has a function of receiving a session transfer instruction (session return instruction) from the stopping means 35 and returning the session to the transfer source client terminal based on the stored session information. Further, it has a function of receiving a session transfer instruction and transfer destination information from a user who has received a session from another user, and retransfer the session. At this time, the session transfer means 36 receives the session transfer instruction from the user, specifies the transfer destination from the transfer destination information, stores the identification information of the session before the transfer, and then performs the transfer process (retransfer process). .

  The screen transmission unit 37 has a function of transmitting the data state processed by the operation processing unit 32 based on the received operation information to the client terminal 20 as screen information. Further, at least one of the prohibition information and the operation log matched by the operation monitoring unit 33 is transmitted to the screen information sent to the user who has received a session from another user.

  The data storage means 41 stores individual user data. The log storage means 42 stores user operation logs. Further, the prohibition information storage unit 43 stores prohibition information indicating a prohibited user's action and transfer destination information indicating a session transfer destination when the prohibited action is detected in association with each other.

  FIG. 5 is a block diagram showing the overall configuration of the session control system 100. This figure particularly shows the overall configuration of a system according to Examples 2 and 3 to be described later. As shown in FIG. 5, the server 10 includes a print data creation unit 38 and a print data change unit 39 in addition to the configuration shown in FIG. 4. The operation monitoring unit 33 includes a print monitoring unit 34. The prohibition information storage unit 43 includes a keyword storage unit 44 that stores a keyword that prohibits printing. The same elements as those in FIG. 4 are denoted by the same reference numerals, and redundant description is omitted.

  The print monitoring unit 34 has a function of determining whether or not information corresponding to a predetermined keyword exists in the print data when the operation monitoring unit 33 monitors the print data. Here, it is desirable that the predetermined keyword is a keyword that is often written in a confidential document or personal information, such as “confidential” or “name list”.

  The print data creation unit 38 has a function of creating printable print data. Further, it has a function of creating print data by adding authentication information for authenticating the owner of the print data. The print data changing unit 39 has a function of changing the authentication information of the print data created by the print data creating unit 38.

  Next, the configuration of data stored in the storage unit of the server 10 will be described.

  FIG. 6 is a diagram illustrating an example of a data configuration of the prohibition information storage unit 43. The prohibition information storage unit 43 includes prohibition information 431 indicating an operation to be prohibited, and transfer destination information 432 indicating a transfer destination to which a session is transferred when a user operation matches the prohibition information 431. In FIG. 6, as the prohibition information 431, an operation of “copying a confidential designated file” and an operation of “starting a prohibited application” are set. The transfer destination information 432 may be information that can identify a user in the system, such as a user ID or an IP address. In the example illustrated in FIG. 6, when a user attempts to copy a confidential designation file, the user's session is transferred to the user indicated by the transfer destination information “00880001”. Further, when the user tries to start the use-prohibited application, the user session is transferred to the user indicated by the transfer destination information “00880002”.

  FIG. 7 is a diagram illustrating an example of a data configuration of the keyword storage unit 44. The keyword storage unit 44 includes a keyword 441 that prohibits printing, and transfer destination information 442 that indicates a transfer destination to which a session is transferred when the keyword 441 is included in the print document. In FIG. 7, “confidential” and “confidential” are set as the keywords 441. The transfer destination information 442 may be information that can identify a user in the system, such as a user ID or an IP address.

  FIG. 8 is a diagram illustrating an example of a data configuration of session identification information managed in the server 10. The session identification information includes a session ID 61 for uniquely identifying the session, a server ID 62 for identifying the server that owns the session, and a client ID 63 for identifying the client that owns the session. The server 10 uses these values to identify the session.

  Next, specific processing flows of the server 10 and the client terminal 20 configured as described above will be described.

  FIG. 9 is a flowchart showing a flow of processing for transmitting operation information to the server 10 in the client terminal 20. The client terminal 20 waits for an input operation from the user (S101: FALSE), and when there is an input operation (S101: TRUE), the operation means 51 transmits operation information based on the user's input operation to the server 10 ( S102).

  FIG. 10 is a flowchart showing a flow of processing for receiving screen information from the server 10 and displaying a screen in the client terminal 20. The client terminal 20 waits for screen information to be sent from the server 10 (S105: FALSE). When the client terminal 20 receives the screen information (S105: TRUE), the screen is displayed on the screen display means 52 based on the screen information. (S106).

  FIG. 11 is a flowchart showing a flow of processing in the server 10 from the reception of the operation information until a temporary stop instruction / session transfer instruction / log display transmission instruction is issued. When the server 10 waits for operation information from the client terminal 20 (S111: FALSE) and receives the operation information (S111: TRUE), the session control unit 31 performs the operation operation based on the session identification information shown in FIG. It is identified which user's session the information is (S112). Then, the operation processing means 32 processes the data according to the received operation information (S113), and saves the operation log in the log storage means 42 (S114).

  Next, the operation monitoring means 33 compares whether or not the received operation information matches the prohibition information 431 registered in the prohibition information storage means 43 (S115). Is not registered as the prohibition information 431 (S115: TRUE), the screen transmission unit 37 transmits the image information after data processing based on the operation information to the client terminal 20 (S116).

  On the other hand, if they match in step S115, that is, if the user's operation is registered as the prohibition information 431 (S115: FALSE), the operation monitoring unit 33 determines that the user's operation matches the prohibition information 431. A temporary stop instruction (S117), a session transfer instruction (S118), and a log display instruction (S119) are issued.

  FIG. 12 is a flowchart showing the flow of processing in the stop means 35 from reception of a pause instruction to suspension of processing. The stop means 35 waits for a temporary stop instruction sent from the operation monitoring means 33 (S121: FALSE). When the stop means 35 receives the temporary stop instruction (S121: TRUE), the operation received based on the temporary stop instruction is received. The processing related to the information is temporarily stopped (S122).

  FIG. 13 is a flowchart showing a flow of processing from the instruction reception from the session transfer destination user to the session transfer instruction in the stopping means 35. The stop means 35 determines whether or not an instruction has been received from the user (administrator) of the session transfer destination (S131). If no instruction is received (S131: FALSE), until a predetermined time has elapsed, Wait for an instruction to be sent (S132: TRUE).

  When an instruction is received from the session transfer destination user (S131: TRUE), it is determined whether the received instruction is an instruction to continue the process or an instruction to stop the process (S133). When instructing (S133: TRUE), the process suspended in step S122 of FIG. 12 is continued (S134). On the other hand, when the instruction from the user of the session transfer destination is an instruction to stop the process (S133: FALSE), the process temporarily stopped in step S122 of FIG. 12 is stopped (S135). That is, the process that the user who has input the operation information is attempting to operate is canceled without being executed.

  Thereafter, a session return instruction for returning the transferred session to the connection before the transfer is sent to the session transfer means 36 (S136).

  In step S132, if an instruction from the session transfer destination user is not received even after a lapse of a certain time after the session transfer (S132: FALSE), the processing that was temporarily stopped in step S122 in FIG. S137), a session return instruction for returning the transferred session to the connection before the transfer is sent to the session transfer means 36 (S138). As described above, since a process after a certain time has elapsed after being temporarily stopped is automatically stopped, the process is secure without being illegally continued. Further, when the session returns, the user can continue another process.

  FIG. 14 is a flowchart showing a flow of processing in the session transfer unit 36 from the reception of the session transfer instruction from the operation monitoring unit 33 to the transfer of the session to the transfer destination. The session transfer unit 36 waits to receive a session transfer instruction from the operation monitoring unit 33 (S141: FALSE), and receives the session transfer instruction (S141: TRUE), based on the transfer destination information included in the session transfer instruction. The transfer destination (transfer destination user) of the session is determined (S142). After storing the information of the session before transfer (S143), the session is transferred to the transfer destination determined in step S142 (S144).

  FIG. 15 is a flowchart showing the flow of processing in the session transfer means 36 from the reception of the session return instruction from the stop means 35 until the session is returned to the original user. The session transfer unit 36 waits for reception of a session return instruction from the stop unit 35 (S151: FALSE). When the session return instruction is received (S151: TRUE), the session transfer unit 36 stores the pre-transfer stored in step S143 of FIG. The session information is read (S152), and the session is transferred back to the original user before transfer (S153).

  FIG. 16 is a flowchart showing a flow of session retransfer processing by the server 10 when a session retransfer is instructed from the client terminal 20. When the server 10 waits for operation information from the client terminal 20 (S161: FALSE) and receives the operation information (S161: TRUE), the session control means 31 identifies which user's session the received operation information is (S162). ). When the operation information includes a session retransfer instruction, the operation processing unit 32 issues a session transfer instruction to the session transfer unit 36 (S163). The subsequent processing of the session transfer means 36 is the same as that from step S142 to S144 in FIG. When a session retransfer is instructed, the operation information received from the user (administrator) includes the retransfer destination information designated by the user. The session transfer instruction sent to the session transfer means 36 in step S163 includes information on the retransfer destination designated by the user, and the session is retransferred based on the retransfer destination information.

  FIG. 18 is a flowchart showing the flow of processing from the reception of operation information of the server 10 to the issuing of a pause instruction / session transfer instruction when the user performs an operation for printing a file. Note that the process shown in FIG. 18 is executed instead of the process shown in FIG. 11 during the printing process. This process will be described later as a second embodiment.

  First, when the server 10 waits for operation information from the client terminal 20 (S181: FALSE) and receives the operation information (S181: TRUE), the session control means 31 performs the operation information based on the session identification information. The user's session is identified (S182). When the received operation information includes a file print instruction, the operation processing unit 32 moves the process to the print data creation unit 38 (S183), and the print data creation unit 38 converts the file into print data. (S184).

  Next, the operation monitoring unit 33 checks whether or not the file to be printed does not include the keyword 441 that prohibits printing registered in the keyword storage unit 44 (S185), and the user tries to print. If the file 441 that prohibits printing is not included in the file to be printed (S185: TRUE), the print data is transmitted to an image forming apparatus such as a printer, and printing is executed (S186).

  On the other hand, when the keyword 441 that prohibits printing is included in the file to be printed by the user in step S185 (S185: FALSE), the operation monitoring unit 33 displays a pause instruction for pausing the user's printing process. (S187), a session transfer instruction and (S188) are issued.

  FIG. 19 is a flowchart showing the flow of print data owner change processing. This process will be described later as a third embodiment.

  First, the server 10 waits for operation information from the client terminal 20 (S191: FALSE). When the operation information is received (S191: TRUE), the session control means 31 identifies which user's session the received operation information is. (S192). When the operation information includes an instruction to change the owner of the print data, the operation processing unit 32 moves the process to the print data changing unit 39 (S193), and the print data changing unit 39 prints the print data included in the operation information. In accordance with the data owner change instruction, the print data owner is changed to the designated user (S194).

  FIG. 20 is a flowchart showing the flow of session disconnection processing. This process will be described later as a fourth embodiment.

  First, the server 10 waits for operation information from the client terminal 20 (S201: FALSE). When the server 10 receives the operation information (S201: TRUE), the session control unit 31 identifies which user's session the received operation information is. (S202). When the operation information includes a disconnection instruction, the operation processing unit 32 issues a session disconnection instruction to the session control unit 31 (S203), and the session control unit 31 disconnects the session in response to the disconnection instruction. (S204).

  Next, the operation of the server client type system configured as described above will be described based on an embodiment.

  As Example 1, the session of user A is transferred to the administrator B (user B), and the administrator B retransfers the session to the administrator C (user C), and the administrator C gives an instruction to continue the process. The flow when the process of the user A is continued is shown. As a premise, it is assumed that prohibition information and transfer destination information (administrator B information) are set in the server 10 in advance.

  First, when the user A operates the client terminal 20A, operation information is transmitted to the server 10 (FIG. 9).

  When the session control unit 31 of the server 10 receives the operation information, the session control unit 31 identifies that the session is for the user A, and the operation processing unit 32 processes the data of the user A according to the operation information and stores the operation log in the log storage unit 42. Remember. Next, the operation monitoring unit 33 compares and determines whether the prohibition information 431 in the prohibition information storage unit 43 matches the operation information. In this embodiment, the operation monitoring unit 33 determines that the operation of the user A matches the prohibition information, and issues a pause instruction, a session transfer instruction, and a log display instruction (FIG. 11).

  Then, the stopping means 35 temporarily stops the process (FIG. 12). The session transfer means 36 transfers the user A's session to the administrator B (FIG. 14). When the session is transferred, the screen information of the user A is displayed on the client terminal 20B of the administrator B (FIG. 10).

  FIG. 17 is a diagram illustrating a screen image of the client terminal 20B of the administrator B when the user A session is transferred. As shown in FIG. 17, the screen display 171 for the work of the administrator B is originally displayed on the screen of the client terminal 20 </ b> B of the administrator B. Here, when the session of the user A is transferred, the screen display 172 of the user A and the operation log 173 of the user A are displayed on the screen of the client terminal 20B of the administrator B.

  After the session is transferred to the administrator B, the administrator B next transfers the session to the administrator C in the present embodiment. At this time, the administrator B transmits operation information regarding a retransfer instruction including transfer destination information in which the administrator C is specified as a transfer destination from the client terminal 20B to the server 10 (FIG. 9).

  The server 10 transfers the session from the administrator B to the administrator C in accordance with the retransfer instruction from the administrator B (FIG. 16). When the session is transferred, the screen information of the user A is displayed on the client terminal 20C of the administrator C (FIG. 10). The screen image displayed on the client terminal 20C of the administrator C is the same as that shown in FIG.

  When the administrator C operates the client terminal 20C to issue an instruction to continue processing (FIG. 9), and the server 10 receives operation information related to the continuation instruction, the stopping unit 35 continues the temporarily stopped processing. Then, the session transfer means 36 returns the session to the user A and returns to the original connection (FIG. 13).

  In this way, in this embodiment, since the user session that has been processed as fraudulent is transferred to other users, the user who has transferred the session cannot continue further fraud. , Increase security. In addition, since a user who has received a session from another user can instruct whether or not to continue the temporarily suspended process, it is possible to continue with a legitimate operation without prohibiting the process as an illegal act.

  In addition, the user operation log is displayed on the screen information of the user who has received a session from another user. At this time, instead of the operation log or in addition to the operation log, the reason for transferring the session may be displayed on the screen information of the session transfer destination user. As a result, a user who has received a session from another user can easily know the operation contents of the user who has transferred the session and the reason why the session has been transferred. It can be determined more accurately.

  In addition, a user who has received a session from another user can re-transfer the session, so that a user who has received a session from another user cannot determine whether to continue the suspended process. In this case, the received session can be further transferred to another user, for example, a boss to request a determination. This makes it possible to make a more accurate determination.

  In the second embodiment, since the file printed by the user A has information that matches the print prohibition keyword, the session is transferred to the administrator B (user B), and the administrator B issues an instruction to continue printing and prints. The flow when continuing is shown. As a premise, it is assumed that keywords and transfer destination information (information of administrator B) are set in the server 10 in advance.

  First, when the user A operates the client terminal 20A to perform the print operation of the file F, operation information related to the print instruction is transmitted to the server 10 (FIG. 9).

  When the session control means 31 of the server 10 receives the operation information related to file printing, the session control means 31 identifies that the session is for the user A, and the operation processing means 32 prints the file F on the print data creation means 38 according to the operation information. The operation log is stored in the log storage means 42. Then, the print data creation unit 38 starts creating print data. On the other hand, the print monitoring unit 34 compares and determines whether the keyword 441 in the keyword storage unit 44 is included in the file F. In this embodiment, the print monitoring unit 34 determines that the keyword is included in the file F, and issues a pause instruction, a session transfer instruction, and a log display instruction (FIG. 18).

  Then, the stopping unit 35 temporarily stops the printing process (FIG. 12). The session transfer means 36 transfers the user A's session to the administrator B (FIG. 14). When the session is transferred, the screen information of the user A is displayed on the client terminal 20B of the administrator B (FIGS. 10 and 17).

  Here, when the administrator B gives an instruction to continue the printing process (FIG. 9), the stopping unit 35 continues the temporarily stopped printing process, and the session transfer unit 36 returns the session to the user A. The original connection is restored (FIG. 13).

  In this way, in this embodiment, even if the file to be printed contains a print prohibition keyword, printing can be continued when the administrator determines that the printing is valid.

  In the third embodiment, since the file printed by the user A has information that matches the print prohibition keyword, the session is transferred to the administrator B (user B), and the administrator B sets the owner of the print data to the user D. The flow when changing and continuing printing is shown. As a premise, it is assumed that keywords and transfer destination information (information of administrator B) are set in the server 10 in advance.

  First, when the user A operates the client terminal 20A to perform the print operation of the file F, operation information related to the print instruction is transmitted to the server 10 (FIG. 9).

  When the session control means 31 of the server 10 receives the operation information related to file printing, the session control means 31 identifies that the session is for the user A, and the operation processing means 32 prints the file F on the print data creation means 38 according to the operation information. The operation log is stored in the log storage means 42. Then, the print data creation unit 38 starts creating print data. On the other hand, the print monitoring unit 34 compares and determines whether the keyword 441 in the keyword storage unit 44 is included in the file F. In this embodiment, the print monitoring unit 34 determines that the keyword is included in the file F, and issues a pause instruction, a session transfer instruction, and a log display transmission instruction (FIG. 18).

  Then, the stopping unit 35 temporarily stops the printing process (FIG. 12). The session transfer means 36 transfers the user A's session to the administrator B (FIG. 14). When the session is transferred, the screen information of the user A is displayed on the client terminal 20B of the administrator B (FIGS. 10 and 17). The process up to this point is the same as in the second embodiment.

  Here, in the present embodiment, the administrator B changes the owner of the print data to the user D and sends an operation instruction to continue printing to the server 10 (FIG. 9). When the server 10 receives the operation information related to the operation instruction, the print data changing unit 39 changes the owner of the print data to the user D (FIG. 19). Thereafter, the stop unit 35 continues the temporarily stopped printing process, and the session transfer unit 36 returns the session to the user A and returns to the original connection (FIG. 13).

  As described above, in this embodiment, even if a file to be printed contains a print prohibition keyword, a printed matter can be obtained. In particular, if the printer supports authenticated printing that authenticates whether the owner of the print data matches the printer, the user whose session has been transferred cannot continue printing. However, it is possible to obtain a printed matter by changing the owner to a reliable person who can permit printing and requesting the person to print.

  The fourth embodiment shows a flow when the session of the user A is transferred to the administrator B and the administrator B disconnects the session. As a premise, it is assumed that prohibition information and transfer destination information (administrator B information) are set in the server 10 in advance.

  First, when the user A operates the client terminal 20A, operation information is transmitted to the server 10 (FIG. 9).

  When the session control unit 31 of the server 10 receives the operation information, the session control unit 31 identifies that the session is for the user A, and the operation processing unit 32 processes the data of the user A according to the operation information and stores the operation log in the log storage unit 42. Remember. Next, the operation monitoring unit 33 compares and determines whether the prohibition information 431 in the prohibition information storage unit 43 matches the operation information. In this embodiment, the operation monitoring unit 33 determines that the operation of the user A matches the prohibition information, and issues a pause instruction, a session transfer instruction, and a log display instruction (FIG. 11).

  Then, the stopping means 35 temporarily stops the process (FIG. 12). The session transfer means 36 transfers the user A's session to the administrator B (FIG. 14). When the session is transferred, the screen information of the user A is displayed on the client terminal 20B of the administrator B (FIGS. 10 and 17). The process up to this point is the same as in the first embodiment.

  Here, in this embodiment, the administrator B sends an instruction to disconnect the process to the server 10 (FIG. 9). When the server 10 receives the operation information related to the disconnection instruction, the operation processing unit 32 disconnects the session (FIG. 20).

  In this way, in this embodiment, a user who has received a session from another user can disconnect the session if he / she determines that the suspended process is an illegal act. This ensures that the session does not return to the system security.

  The present invention is not limited to the above-described embodiment, and can be implemented in various other forms without departing from the gist of the present invention. For this reason, the said embodiment is only a mere illustration in all points, and is not interpreted limitedly. For example, the above-described processing steps can be executed in any order or in parallel as long as there is no contradiction in the processing contents.

1 is a system configuration diagram showing a schematic configuration of a session control system 100. FIG. 2 is a block diagram illustrating an example of a hardware configuration of a server 10. FIG. 2 is a block diagram illustrating an example of a hardware configuration of a client terminal 20. FIG. 1 is a block diagram showing an overall configuration of a session control system 100. FIG. 1 is a block diagram showing an overall configuration of a session control system 100. FIG. It is a figure which shows an example of a data structure of the prohibition information storage means. It is a figure which shows an example of a data structure of the keyword memory | storage means. It is a figure which shows an example of the data structure of the identification information of a session. 4 is a flowchart showing a flow of processing in the client terminal 20. 4 is a flowchart showing a flow of processing in the client terminal 20. 4 is a flowchart showing a flow of processing in the server 10. 4 is a flowchart showing a flow of processing in a stopping unit 35. 4 is a flowchart showing a flow of processing in a stopping unit 35. 4 is a flowchart showing a flow of processing in session transfer means 36. 4 is a flowchart showing a flow of processing in session transfer means 36. It is a flowchart which shows the flow of the retransfer process of a session. It is a figure which shows the screen image of the client terminal 20B. 4 is a flowchart showing a flow of processing in the server 10. 6 is a flowchart illustrating a flow of print data owner change processing. It is a flowchart which shows the flow of the cutting process of a session.

Explanation of symbols

10 server, 20 (20A, 20B, 20C) client terminal, 31 session control means, 32 operation processing means, 33 operation monitoring means, 34 print monitoring means, 35 stop means (temporary stop means), 36 session transfer means, 37 screens Transmission means, 38 Print data creation means, 39 Print data change means, 41 Data storage means, 42 Log storage means, 43 Prohibition information storage means, 44 Keyword storage means, 100 Session control system

Claims (9)

A session control system in which a server and one or more client terminals can communicate via a network,
The client terminals are respectively
Operation means for transmitting an input operation from a user to the server as operation information;
Screen display means for receiving and displaying screen information from the server;
With
The server
A session control means for managing a series of communication of operation information and screen information as a session, specifying a client terminal communicating based on the identification information of the session, and controlling communication;
Operation processing means for processing data according to the operation information received from the first client terminal;
Screen transmission means for transmitting the data state after processing by the operation processing means to the client terminal of the session as screen information;
Prohibition information storage means for storing the prohibition information indicating the action of the user to be prohibited and the transfer destination information indicating the transfer destination of the session in association with each other;
It is determined whether or not the operation information received from the first client terminal matches at least one of the prohibition information stored in the prohibition information storage means, and if it matches, the process related to the operation information Operation monitoring means for issuing a pause instruction for pausing and a session transfer instruction for transferring a session related to the operation information;
In response to the pause instruction from the operation monitoring unit, a pause unit that pauses processing related to the received operation information;
After receiving the session transfer instruction from the operation monitoring unit, specifying the transfer destination client terminal from the transfer destination information included in the session transfer instruction, and storing the identification information of the session with the first client terminal Session transfer means for transferring the session from the first client terminal to the destination client terminal;
A session control system comprising: The pause means further includes:
Waiting for an instruction on whether or not to continue the paused process from the second client terminal that is the current connection destination of the session, if an instruction to continue from the second client terminal is received, the paused Continue processing and issue a session return instruction to return the transferred session from the second client terminal to the first client terminal,
The session transfer means further includes:
In response to a session return instruction from the suspension means, a session is returned from the second client terminal to the first client terminal.
The session control system according to claim 1. The pause means further includes:
When an instruction not to continue the suspended process is received from the second client terminal, the suspended process is canceled and stopped, and the transferred session is transferred from the second client terminal to the first client. Give a session return instruction to return to the terminal,
The session control system according to claim 2. The server further includes:
Log storage means for storing a user's operation history as an operation log;
With
The operation monitoring means further includes:
When the operation information received from the first client terminal matches the prohibition information stored in the prohibition information storage unit, at least one of the matching prohibition information and the operation log of the user of the first client terminal Send either one of them to the session transfer destination client terminal,
The screen transmission means further includes:
In response to the transmission instruction, the screen information including at least one of the matching prohibition information or the operation log of the user of the first client terminal is transmitted to the transfer destination client terminal.
The session control system according to any one of claims 1 to 3. The session transfer means further includes:
When receiving the operation information including the session transfer instruction and the transfer destination information from the second client terminal that is the current connection destination of the session, the transfer destination information included in the operation information identifies the transfer destination client terminal, After storing the identification information of the session with the second client terminal, the session is re-transferred from the second client terminal to the destination client terminal.
The session control system according to claim 1, wherein: The pause means further includes:
Even if a certain period of time has elapsed since the process related to the received operation information has been suspended, if an instruction whether to continue the process is not received from the client terminal, the process is canceled and stopped, Issuing a session return instruction for returning the transferred session from the second client terminal to which the session is currently connected to the first client terminal;
The session control system according to any one of claims 1 to 5. A session control server capable of communicating with one or more client terminals via a network,
A series of communications between the operation information indicating the input operation from the user at the client terminal and the screen information displayed on the client terminal is managed as a session, and the communicating client terminal is identified based on the identification information of the session. Session control means for controlling communication;
Operation processing means for processing data according to the operation information received from the first client terminal;
Screen transmission means for transmitting the data state after processing by the operation processing means to the client terminal of the session as screen information;
Prohibition information storage means for storing the prohibition information indicating the action of the user to be prohibited and the transfer destination information indicating the transfer destination of the session in association with each other;
It is determined whether or not the operation information received from the first client terminal matches at least one of the prohibition information stored in the prohibition information storage means, and if it matches, the process related to the operation information Operation monitoring means for issuing a pause instruction for pausing and a session transfer instruction for transferring a session related to the operation information;
In response to the pause instruction from the operation monitoring unit, a pause unit that pauses processing related to the received operation information;
After receiving the session transfer instruction from the operation monitoring unit, specifying the transfer destination client terminal from the transfer destination information included in the session transfer instruction, and storing the identification information of the session with the first client terminal Session transfer means for transferring the session from the first client terminal to the destination client terminal;
A session control server comprising: A session control method in a session control system in which a server and one or more client terminals can communicate via a network,
A client terminal in which the server manages a series of communication between operation information indicating an input operation from a user in the client terminal and screen information displayed on the client terminal as a session, and communicates based on the identification information of the session Identifying and controlling communication;
The server processes the data according to the operation information received from the first client terminal;
The operation information received from the first client terminal by the server is stored in a prohibition information storage unit that stores prohibition information indicating a prohibited user's action and transfer destination information indicating a session transfer destination in association with each other. Whether or not it matches at least one of the prohibition information, and if it matches, the processing related to the operation information is suspended and the prohibition information storage is associated with the prohibition information matching the operation information. Transferring a session related to the operation information to the client terminal of the transfer destination specified by the transfer destination information stored in the means;
A session control method comprising:   A program for causing a computer to execute the session control method according to claim 8.

Images