JP5124119B2 - Communication terminal device, communication method between communication terminal device and server, and communication system - Google Patents

Description

  The present invention relates to a communication terminal device installed in an operable state by an unspecified user, and a communication method and communication system for performing communication via a public communication network between the communication terminal device and a server. It is.

  2. Description of the Related Art Conventionally, as this type of communication terminal device, for example, a data transfer device installed in a mobile phone retailer or an electrical appliance mass retailer is known. This data transfer device is operated by a store operator or an unspecified user of a mobile phone, and writes data such as an email address stored in an address book read from the mobile phone to another mobile phone. Data can be transferred between two mobile phones.

When a plurality of data transfer devices are installed in the above-mentioned store or mass sales store, each data transfer device is connected to the server via a communication network, and each server is managed by the server, or a service provided by the server Can be used from each data transfer device.
However, if the data transfer device as the communication terminal device is composed of a general-purpose personal computer (computer device) and is installed in a state where it can be operated by an unspecified user, the user's erroneous operation or intentional fraud There is a risk that the security may be lowered due to unauthorized use of the server by an operation or access to a general network site to take in spyware or worms. Further, when a public communication network such as the Internet is used between the data transfer apparatus and the server, there is a risk that the security may be lowered due to wiretapping of communication or tampering of communication contents.

  The present invention has been made in view of the above problems, and its purpose is that even when a communication terminal device configured using a general-purpose computer device is installed in a state operable by an unspecified user, To provide a communication terminal device, a communication system, and a communication method capable of enhancing security when a server is used from a communication terminal device via a public communication network while ensuring user convenience.

A communication terminal device according to the present invention is a communication terminal device configured using a general-purpose computer device and capable of communicating with a server via a public communication network , exposing the display unit of the computer device, and the computer device A specific account used to log on to the computer device when connecting to the server and using the server, the connection destination to the outside via the communication network is Limited to the server and automatically logged on with the specific account during startup processing when the computer device is turned on , and is not necessary for the use of the server on the general-purpose desktop screen and menu screen of the computer device at the time of the automatic logon The icon is not displayed and is incorporated in the computer device. It is above for general-purpose application program is configured to restrict unwanted features the use of the server is automatically connected to the server via the communication network, client authentication and encryption with digital certificates by PKI authentication and RADIUS authentication A domain user for establishing a virtual private network that uses communication at least in a public communication network portion with the server and using the service of the server on the virtual private network with the server When the network domain in which the account is set is constructed, the user is automatically logged on with the account of the domain user, and an initial screen for using the server is displayed.
In this communication terminal device, when the computer device starts to be started, it is automatically logged on with a specific account set in advance during the start-up process, and is automatically connected to the server via the communication network. And connection to the server are not required, and the user is not conscious of entering the password. In addition, since the connection destination to the outside via the communication network is limited to the server in the specific account that is automatically logged on, the user can connect the communication network to an external connection destination other than the server after the automatic logon. Connection can be restricted, and access to general network sites can be suppressed to prevent spyware and worms from being taken in. Furthermore, after connecting to the server, a virtual private network that uses client authentication and encrypted communication using a digital certificate is established between the server and the server via the virtual private network. Can communicate with. Further, when the startup process of the computer device of the communication terminal device is completed, an initial screen when using a service involving communication with the server is displayed, so that the user's individual operation for displaying the initial screen can be performed. It becomes unnecessary. Further, it is possible to further improve security by preventing user's erroneous operation and conscious illegal operation on an icon unnecessary for use of the server, and suppressing unauthorized use of the user. Further, security can be further improved by avoiding the use of functions unnecessary for server use among the functions of the general-purpose application program by the user's erroneous operation or conscious operation. Further, the user's operation for logging on to the network domain constructed on the private network becomes unnecessary, and the user is not made aware of the logon process to the network domain.

In the communication terminal device, when communication is disconnected at the time of connection to the server, the communication terminal device may be reconnected to the server to reconstruct the virtual private network. In this case, the user does not need to reconnect to the server and reconstruct the virtual private network when the communication with the server is disconnected, and the reconnection and reconfiguration processing is performed by the user. There is no awareness .

The communication terminal device may be a data transfer device used for data transfer between a plurality of mobile communication terminals. In this case, even when such a data transfer device is configured using a general-purpose computer device and installed in a state where it can be operated by an unspecified user, the data transfer device can be connected to the public while ensuring the convenience of the user. The security when using the server via the communication network can be enhanced.
In particular, in this communication terminal device, a mail address for reading out data of a terminal identification number of a mobile communication terminal connected to the communication terminal device and data of a mail address of a transmission destination stored in the mobile communication terminal Data reading means, terminal identification number data transmitting means for transmitting the data of the terminal identification number read from the mobile communication terminal to the message distribution support server via the mobile communication network, and receiving from the message distribution support server E-mail data that generates e-mail data with the e-mail address as the sender, a plurality of e-mail addresses read from the mobile communication terminal as the destination, and the message to be delivered specified by the user as the e-mail text Generating means and sending the e-mail data to the message delivery support server; And e-mail data transmission means for, after generating the data of the electronic mail, the data deleting means for deleting the data read from the mobile communication terminal may be provided.
In this case, the data of the terminal identification number of the mobile communication terminal connected to the data transfer device and the data of the destination mail address stored in the mobile communication terminal are read. When the data transfer device transmits the data of the terminal identification number read from the mobile communication terminal to the message delivery support server, the message delivery support server uses the mobile communication based on the terminal identification number received from the data transfer device. The mail address for the subscriber of the mobile communication network assigned to the user of the terminal is acquired as the latest mail address of the user, and the mail address is transmitted to the data transfer device. The data transfer device generates e-mail data with the message to be distributed designated by the user as the mail body, and transmits the e-mail data to the message distribution support server. The e-mail sender is set with the latest mail address of the user received from the message delivery support server, and the e-mail destination is set with a plurality of e-mail addresses read from the mobile communication terminal. The The message delivery support server transmits the electronic mail received from the data transfer device to a transmission mail server for a subscriber of a mobile communication network that is open to the Internet. In this way, the e-mail is transmitted through a transmission mail server in which the same domain name as the user's latest mail address is registered. Therefore, spam mail (spam mail) transmitted through a transmission mail server with a different domain name ) E-mail is never rejected.
In addition, when the e-mail containing the message to be delivered is not delivered for some reason, a notification of non-delivery is sent to the latest e-mail address of the user of the mobile communication terminal, so that the e-mail delivery status is used. Can easily grasp. In addition, after the data transfer device creates e-mail data, the data transfer unit deletes data such as a mail address read from the mobile communication terminal before the processing in the data transfer device is completed. Therefore, unlike the case where personal information such as an e-mail address is stored in a server on a communication network and can be accessed from a terminal device such as a personal computer, it is excellent in terms of protecting personal information.

A communication system according to the present invention is a communication system including a plurality of communication terminal devices configured using general-purpose computer devices, and a server capable of communicating with the plurality of communication terminal devices via a public communication network. Each communication terminal device includes a casing member that exposes a display unit of the computer device and covers an operation unit of the computer device, and connects the server to the computer device when the server is used. the specific account used to log, the connection destination to the outside via the communications network is limited to the server, the startup processing power on the computer device, are automatically logged by the particular account, the The server is displayed on the general-purpose desktop screen and menu screen of the computer device during automatic logon. Without displaying unnecessary icons for use, and configured to restrict unwanted features the use of the server for general purpose application program built in the computer system, the server via the communication network A virtual private network that uses client authentication by digital certificate and encrypted communication by PKI authentication and RADIUS authentication is constructed at least in the public communication network part with the server, When a network domain in which a domain user account for using the server service is set up on a virtual private network is automatically logged on with the domain user account, Connect and support Initial screen is displayed when receiving the screws.
In the communication system, the communication terminal device may be configured to be reconnected to the server and reconstruct the virtual private network when communication is disconnected at the time of connection to the server. Good .
Before Symbol communication system, the communication terminal apparatus may be a data transfer device used to transfer data between a plurality of mobile communication terminals.
In the communication system, the communication terminal device reads data of a terminal identification number of a mobile communication terminal connected to the communication terminal device and data of a destination mail address stored in the mobile communication terminal. Mail address data reading means, terminal identification number data transmitting means for transmitting data of the terminal identification number read from the mobile communication terminal to a message distribution support server via a mobile communication network, and the message distribution support server An e-mail that generates e-mail data with the e-mail address received from the sender as the sender, the plurality of e-mail addresses read out from the mobile communication terminal as the recipient, and the message to be delivered specified by the user as the mail body E-mail data generation means; and And e-mail data transmission means for transmitting to the server, after generating the data of the electronic mail, the data deleting means for deleting the data read from the mobile communication terminal may be provided.
In the communication system, update information of a basic OS program incorporated in a computer device of the communication terminal device is acquired, and when the basic OS program is updated, the update program of the basic OS program is transmitted to the plurality of communication terminals. You may provide the program update server which distributes collectively so that it may apply to an apparatus. In this case, the basic OS in each communication terminal device is distributed by distributing the update program of the basic OS program from the program update server to each communication terminal device without performing the update operation individually in each communication terminal device. Program can be updated remotely in batch.
The communication system may include a program management server that collectively distributes a new program or a correction program used when the server is used from the communication terminal device to the plurality of communication terminal devices. In this case, without performing an operation of individually downloading a new program or a correction program in each communication terminal device, each program can be distributed from the program management server to each communication terminal device in a batch manner. It becomes easy to download and install a new program or the like in the communication terminal device.
The communication system may include a terminal management server that collects information regarding hardware and software of the communication terminal device from the plurality of communication terminal devices. In this case, each communication terminal apparatus can be centrally managed based on the hardware and software information collected from each communication terminal apparatus by the terminal management server.
In addition, each said server may be comprised by an individual computer apparatus, respectively, and may be comprised using the computer apparatus comprised so that it might have at least 2 or more functions of the function of each said server.

Communication method according to the present invention, to expose the display portion of the configured using a general-purpose computer the computer device from the communication terminal apparatus having a casing member for covering the operating part of the computer system, a public communications network A communication method for connecting to a server via the server and using the server as an account used for logging on to the computer device when connecting to the server and using the server via the communication network A step of setting a specific account whose connection destination to the outside is limited to the server, a step of automatically logging on with the specific account during a startup process when the computer device is turned on, and a time of the automatic logon The support is displayed on the general-purpose desktop screen and menu screen of the computer device. Without displaying unnecessary icons on the use of bar, and a step of setting to limit unnecessary functions to use the server for general purpose application program built in the computer apparatus, said computer apparatus wherein A step of automatically connecting to the server via a communication network; and a virtual private network using client authentication and encrypted communication using a digital certificate by PKI authentication and RADIUS authentication , at least public communication with the server When a network domain in which an account of a domain user for using the service of the server is set on a virtual private network between the server and the server is established, The domain user Comprising the steps to be automatically logged in. The account, and a step of initial screen is displayed when the connected to the server on the screen of the computer device uses the server.
The communication method may further include a step of reconnecting the communication terminal device to the server and reconstructing the virtual private network when communication is disconnected at the time of connection to the server. .
Prior Symbol communication method, the communication terminal apparatus may be a data transfer device used to transfer data between a plurality of mobile communication terminals.
In the communication method, the data transfer device may be used to simultaneously transmit the same message to a plurality of e-mail addresses stored as candidates for the e-mail transmission destination of the mobile communication terminal. In this communication method (message delivery method), the data transfer device uses the data of the terminal identification number of the mobile communication terminal connected to the data transfer device and the mail address of the transmission destination stored in the mobile communication terminal. The data transfer device, the data transfer device transmits the data of the terminal identification number read from the mobile communication terminal to a message delivery support server provided on the mobile communication network, A message delivery support server, based on the terminal identification number received from the data transfer device, obtains a mail address for a subscriber of the mobile communication network assigned to a user of the mobile communication terminal; Transmitting the mail address to the data transfer device; and Email data with the email address received from the message delivery support server as the sender, multiple email addresses read from the mobile communication terminal as the destination, and the message to be delivered specified by the user as the email text And transmitting the e-mail data to the message delivery support server, and the message delivery support server sends the e-mail received from the data transfer device to the mobile communication network published to the Internet. A step of transmitting via a transmission mail server for subscribers, and a step of deleting data read from the mobile communication terminal after the data transfer device has created the data of the e-mail. Good.
In the communication method, the program update server acquires update information of a basic OS program incorporated in the computer device of the communication terminal device, and the program update server updates the basic OS program. And a step of distributing the basic OS program update program so as to be applied to the plurality of communication terminal devices.
In the communication method, the program management server may further include a step of collectively distributing a new program or a correction program used when the server is used from the communication terminal device to the plurality of communication terminal devices.
In the communication method, the program management server may further include a step of collecting information on hardware and software of the communication terminal device from the plurality of communication terminal devices.

  According to the present invention, when the computer terminal of the communication terminal device is turned on to start the startup, during the startup process, the computer is automatically logged on with a specific account set in advance and is automatically connected to the server via the communication network. This eliminates the need for password input for logon and connection operation to the server, thus improving security and improving user convenience because the user is not conscious of password input. In addition, since the connection destination to the outside via the communication network is limited to the server in the specific account that is automatically logged on, the user can connect the communication network to an external connection destination other than the server after the automatic logon. Connection can be restricted, and access to a general network site can be suppressed to prevent spyware, worms, and the like from being taken in, so that security can be further enhanced. Furthermore, after connecting to the server, a virtual private network that uses client authentication and encrypted communication using a digital certificate is established between the server and the server via the virtual private network. Can communicate with. The communication via the virtual private network can reduce the risk of eavesdropping on the communication with the server and tampering with the communication contents, thereby further enhancing the security. Further, when the startup process of the computer device of the communication terminal device is completed, an initial screen when using a service involving communication with the server is displayed, so that the user's individual operation for displaying the initial screen can be performed. It becomes unnecessary and can further improve the convenience for the user. As described above, even when the communication terminal device is installed in a state where it can be operated by an unspecified user, while ensuring the convenience for the user, the communication terminal device can communicate with the server via the public communication network. There is an effect that it is possible to increase security when using a service involving communication.

Embodiments in which the present invention is applied to a data transfer device as a communication terminal device used for data transfer between a plurality of mobile phones (mobile communication terminals), a communication method using the data transfer device, and a communication system Will be described.
FIG. 1 is an explanatory diagram showing an example of the overall configuration of a communication system according to the present embodiment. This communication system is a message management system that manages each data transfer device 10 from a server or a message distribution that distributes a message to another mobile phone based on information read from a mobile phone connected to each data transfer device 10 It also functions as a system. In FIG. 1, the communication system according to the present embodiment is installed in a data transfer device 10 installed in a shop or agency (hereinafter referred to as “shop etc.”) 600 that sells mobile phones, and in a mass retailer 610 of electrical appliances. The data transfer device 10 and various servers 420, 430, 460 to 480, and 700 to 780 provided in a communication network (hereinafter referred to as “service network”) 400 within a communication carrier. .

  The data transfer device 10 of the shop 600 or the like is connected to the operator network 400 via, for example, the dedicated line 500 and the routers 410 and 520 constituting the shop network, and can communicate with various servers in the operator network 400. . On the other hand, the data transfer device 10 of the mass sales store 610 is connected to the operator network 400 via the Internet 510, the router 520, and the gateway device 420 using a general public line, and can communicate with various servers in the operator network 400. . The gateway device 420 has a function as an audit gateway for auditing internal users such as access restriction and operation content recording, and a function as a VPN gateway described later. The data transfer device 10 of the mass sales store 610 may be connected to the business operator network 400 via the remote access server 430 and the public switched telephone network 530.

  The Internet 510 is provided with an OS update information providing server 540, a virus removal software update server 550, and the like. The OS update information providing server 540 provides an OS update program that is basic software installed in each data transfer apparatus 10. The virus removal software update server 550 provides update data of a virus removal software main body file and a detection pattern file installed in each data transfer apparatus 10 for performing virus detection and removal.

  The provider network 400 includes an IP-VPN (Virtual Private Network) 440 connected to the router 410 on the data transfer device 10 side, the access gateway device 420 and the remote access server 430, and a wide-area Ethernet (Wide-Ethernet) network 450. It has. The IP-VPN 440 is provided with a RADIUS (Remote Authentication Dial In User Service) authentication server 460 and a PKI (Public Key Infrastructure) authentication server 470. The RADIUS authentication server 460 is a server that authenticates a user who intends to use the IP-VPN 440 from the data transfer device based on the user ID (account) and password input by the data transfer device 10 connected remotely. . The PKI authentication server 470 is a server that performs authentication based on a client certificate distributed in advance to the data transfer apparatus 10. The IP-VPN 440 and the wide area Ethernet network 450 are connected via an IDS (intrusion detection system) 480. The IDS 480 monitors the communication line between the IP-VPN 440 and the wide area Ethernet network 450 and notifies the administrator of unauthorized intrusion.

  A domain server 700, a virus removal software management server 710, a WSUS (Windows Server Update Service) server 720, an asset management server 730, and a program distribution server 740 are connected to the wide area Ethernet network 450. Further, a maintenance server 750 may be provided as necessary.

  The domain server 700 manages a Windows (registered trademark) domain constructed so as to include each data transfer apparatus 10 connected via a communication network. Each data transfer apparatus 10 is assigned a user account used for logging on to the domain. Various functions on the Windows OS in each data transfer apparatus 10 can be collectively set by the standard Windows group policy for the group to which the user account belongs. With this batch setting, it is possible to disable unnecessary functions other than those used in the data transfer apparatus 10 and functions that are undesirable in terms of security among various functions on the Windows OS.

  The virus removal software management server 710 transmits an update file (for example, an update file or a pattern update file of the program main body) of virus removal software installed in each data transfer apparatus 10 on the Internet 510 by a preset scheduling. From the anti-virus software update server 550 of the system. Note that the update file at this time can also be acquired by a network connection (not shown) (for example, connection via the Internet). The virus removal software installed on each data transfer device 10 can detect and delete computer viruses, spyware, unauthorized intrusions, network viruses, etc., as well as multiple types of communication with the outside via the network. It has a firewall function that can be individually permitted or prohibited. As this type of virus removal software, for example, “Virus Buster Corporate Edition Advance” manufactured by Trend Micro Corporation can be used. The virus removal software management server 710 distributes the update file acquired from the virus removal software update server 550 to each data transfer device 10 according to a preset scheduling. When each data transfer device 10 receives the update file distributed from the virus removal software management server 710, the data transfer device 10 applies the update file to the installed virus removal software.

  The WSUS server 720 updates an OS update information providing server 540 on the Internet 510 with a security-related update program of an OS (for example, a Windows OS) installed in each data transfer apparatus 10 by preset scheduling. Get from. In particular, an update program corresponding to an attack from the outside (for example, in the case of a Windows OS, an update program provided as “important update”) is acquired. Note that the update program at this time can also be acquired by a network connection (not shown) (for example, connection via the Internet). The update program acquired from the OS update information providing server 540 is subjected to a test by the operation manager to confirm that the installed application is not affected in the test environment. If there is no problem as a result of this test, each data transfer apparatus 10 is instructed to apply the “update program”. The WSUS server 720 distributes the “update program” instructed to be applied to each data transfer apparatus 10 by preset scheduling. When each data transfer apparatus 10 receives the update program distributed from the WSUS server 720, the data transfer apparatus 10 installs the update program.

  The asset management server 730 and the program distribution server 740 perform maintenance management of drivers and application programs installed in each data transfer apparatus 10. As software for the asset management server 730, for example, commercially available software called “QND Plus Ver9.1” manufactured by Quality Corporation can be used.

The asset management server 730 executes tasks such as “inventory collective collection” and “program collective delivery” by preset scheduling. The “inventory batch collection” is a task of collecting hardware and software information of each data transfer apparatus 10 in cooperation with dedicated agent software installed in advance in each data transfer apparatus 10. For example, when an inventory collection task activation command is transmitted from the asset management server 730 to the data transfer apparatus 10, the agent software installed in the data transfer apparatus 10 collects the inventory and transmits it to the asset management server 730. The inventory collected by this task enables unified management of registry setting information and security information of each data transfer apparatus 10. In addition, the above “program batch distribution” works with dedicated agent software pre-installed in each data transfer device 10 to create a driver program corresponding to a newly released mobile phone or a newly started service specification. The task is to download the application program added / changed together from the program distribution server 740 and automatically install it in each data transfer apparatus 10. For example, when a command for starting a program batch distribution task is transmitted from the asset management server 730 to the data transfer apparatus 10, the agent software installed in the data transfer apparatus 10 accesses the program distribution server 740 and designates the specified driver. And download application programs. The agent software newly installs the downloaded program in the data transfer apparatus 10 or updates the downloaded program with the downloaded program.
The program distribution server 740 transmits a designated driver or application program to each data transfer apparatus 10 in response to an acquisition request from the agent software of each data transfer apparatus 10.

  Each data transfer device 10 can create a usage status such as mobile phone data transfer and e-mail transmission as an operation log. Each data transfer device 10 transfers the operation log file to the maintenance server 750 by FTP communication. The file can be kept secure by encryption using 3DES or the like.

  In addition to the above servers 700 to 750, the operator network 400 is provided with a message delivery support server 760, an outgoing mail server 770 for the Internet, and a subscriber information management server 780.

  The message delivery support server 760 can communicate with the data transfer apparatus 10 used in the shop 600 or the mass sales store 610 via a communication line such as the dedicated line 500 or the Internet 510, the router 520, or the like. The message delivery support server 760 has a function as a WEB server and a function as a transmission mail server. As an application layer communication protocol between the message delivery support server 760 and the data transfer apparatus 10, HTTP (Hyper Text Transfer Protocol) is used when functioning as a WEB server, and SMTP ( Simple Mail Transfer Protocol) is used. When functioning as a WEB server, HTTPS (Hyper Text Transfer Protocol over SSL) may be used in place of the above HTTP in order to enhance security.

  The message delivery support server 760 functions as a mail address acquisition unit, a mail address transmission unit, and an electronic mail transmission unit by reading and executing a predetermined program in the computer device. The mail address acquisition means acquires the mail address for the subscriber of the mobile phone communication network assigned to the user of the mobile phone based on the telephone number (terminal identification number) received from the data transfer device 10. The e-mail address transmitting unit transmits the acquired e-mail address to the data transfer apparatus 10. The e-mail transmission means transmits the e-mail received from the data transfer device 10 via the transmission e-mail server 770 for subscribers disclosed on the Internet.

  The transmission mail server 770 transfers an electronic mail to be transmitted received from the message distribution support server 760 or the like to a mail server in the external Internet 510, and is also called an MTA (Message Transfer Agent) server or an SMTP server. SMTP is used as a protocol when e-mail is transmitted and received by the transmission mail server 770. The outgoing mail server 770 has a fixed global IP address that can be uniquely identified on the Internet. In association with this global IP address, an SMTP server address having the same domain name as a mail address for a subscriber of a cellular phone communication network is registered. As a result, an e-mail transmitted via the outgoing mail server 770 is not processed as a so-called impersonation mail. Therefore, an e-mail including a change notification message in this embodiment is an e-mail from a true sender. To each destination email address.

  The subscriber information management server 780 is a CUR (Common User Repository) server that manages information on subscribers (users) of a mobile phone communication network. For each subscriber, a subscriber ID, a mobile phone number ( (Terminal identification number), e-mail address and the like are stored. When the subscriber information management server 780 receives an acquisition request for requesting an email address from the message delivery support server 760 based on, for example, the phone number of a mobile phone, the email address corresponding to the phone number, that is, the phone number The e-mail address for the subscriber of the mobile phone communication network used by the user of the mobile phone is returned to the message delivery support server 760. As a protocol between the subscriber information management server 780 and the message delivery support server 760, for example, LDAP (Lightweight Directory Access Protocol) is used.

  Each of the plurality of servers 700 to 780 may be configured by one computer device, or may be configured to operate in cooperation with a plurality of computer devices connected to a network. Further, two or more of the plurality of servers 700 to 780 may be configured by one computer device.

  FIG. 2 is a perspective view of the data transfer apparatus 10. The data transfer apparatus 10 of this embodiment includes a notebook computer device (hereinafter referred to as “notebook personal computer”) 20 that is an electronic computer, and an adapter 30 that is attached to an operation unit of the notebook personal computer 20. . The adapter 30 includes a casing member 310 and a connection cable branch portion provided inside the casing member 310. The notebook personal computer 20 is used as control means for performing various controls during data transfer processing by installing and executing a predetermined OS program or application program.

  When the notebook personal computer 20 of the data transfer apparatus 10 performs the notification notification of the telephone number / mail address change, the mail address data reading means, the terminal identification number data sending means, the email data generating means, and the email data sending means And function as data deletion means. The mail address data reading means includes the telephone number (terminal identification number) data of the mobile phones 40A and 40B shown in FIG. 4 connected to the data transfer device 10, and the mail address data stored in the old mobile phone 40A. Is read. The terminal identification number data transmission means transmits the telephone number data read from the new mobile phone 40B to the message distribution support server 760 via the mobile phone communication network. The e-mail data generation means uses a mail address received from the message distribution support server 760 as a transmission source (From address), a plurality of mail addresses read from the old mobile phone 40A as a transmission destination, and a distribution target designated by the user. E-mail data is generated with the message (change notification message) as the mail body. The e-mail data transmission means transmits the e-mail data to the message delivery support server 760. The data deleting means deletes data read from the old mobile phone 40A after generating e-mail data.

  The casing member 310 is provided so as to expose the display unit 210 of the notebook computer 20 and cover the operation unit 220 (see FIG. 3). A keyboard unit 221 including various keys, a pointing device 222, and the like are provided on the upper surface of the operation unit 220 of the notebook computer 20. Further, in the example of the notebook computer 20, the power switch unit 223 is provided on the upper surface of the operation unit that is close to the hinge unit that joins the operation unit 220 and the display unit 210. The casing member 310 is configured by combining an upper case 320 and a lower case 330. The connection cable branching section is provided inside the lower case 330 and branches the connection cable connected to the external connection interface of the operation section 220 of the notebook computer 20 into a plurality. The notebook personal computer 20 and the connection cable branching portion are connected via a connection interface by a cable, an attachment connector, or the like, and are arranged at a position that cannot be seen from the front so that the user does not touch the tampering. The plurality of connection cables 50 can be taken out through the cable passage hole 331 formed in the front side plate 330 </ b> A of the lower case 330. A dedicated connector 51 is attached to the tip of each connection cable 50 so as to correspond to various mobile phones 40 having different external connection interfaces. For example, a connector for a serial terminal of a PDC (Personal Digital Cellular) mobile phone, a connector for a USB (Universal Serial Bus) terminal of a PDC mobile phone, a connector for a terminal of a third generation mobile phone, and the like are attached. In addition, a connector corresponding to a mobile phone having a terminal unique to the manufacturer is also attached. These connectors are connected to the connection cable branching portion by a general-purpose connector and a plurality of cable passage holes 331 are provided so that the connectors can be increased or decreased at any time after the apparatus is installed.

  On the surface of each connector 51, a terminal identification symbol indicating the type of mobile phone that can be connected to the connector, and a vertical identification symbol for identifying the upper and lower sides (front and back) of the connector (for example, “ A ”and“ B ”) are attached to the back.

  The front side plate 330A of the lower case 330 is provided with a plurality of memory card slots 332 so that various memory cards 60 can be mounted. The memory card 60 can store data read from the mobile phone 40 or can store data to be copied to the mobile phone 40.

  The notebook computer 20 of the data transfer apparatus 10 has a terminal for LAN connection, and is connected to a router for Internet connection in the store 600 via a LAN cable.

  FIG. 4 is a perspective view showing a state in which the data transfer apparatus 10 having the above configuration is used. For example, when data such as a memory dial is transferred from the old mobile phone 40A to the new mobile phone 40B, the old and new mobile phones 40A and 40B are respectively mounted on the two mounting portions 322 of the data transfer apparatus 10. First, as shown in FIG. 4, a predetermined connection cable 50A is connected to the old mobile phone 40A that is the data transfer source. In this state, after starting predetermined data transfer software and executing initial setting, model selection, cable selection, authentication processing, etc., data such as a memory dial to be transferred from the old mobile phone 40A is stored in the notebook personal computer 20 Read and save to memory once. Next, as shown in FIG. 5, the connection cable 50A is disconnected from the old mobile phone 40A, and the predetermined connection cable 50B is connected to the new mobile phone 40B as the data transfer destination. In this state, the transfer target data stored in the memory in the notebook computer 20 is written into the new mobile phone 40B.

When the data transfer device 10 having the above-described configuration is installed in a mass sales store that is an environment that can be operated by an unspecified user, the server is illegally used due to a user's mistaken operation or intentional illegal operation, or a general network site There is a risk that security may be reduced by being accessed and spyware, worms, etc. being captured. Further, when a public communication network such as the Internet is used between the data transfer apparatus and the server, there is a risk that the security may be lowered due to wiretapping of communication or tampering of communication contents.
In particular, with respect to a large number of data transfer apparatuses 10 installed in places where the unspecified users such as mass retailers can operate, patches and version upgrades of application programs used in the data transfer apparatus 10 are provided. In the case of safe batch distribution from a distribution server or the like, it is necessary to ensure the security of communication between the data transfer apparatus 10 and the program distribution server or the like. When virus update software update files are distributed from a virus removal software management server 710 to a large number of data transfer apparatuses 10, or a security-related update program related to an OS is distributed safely and collectively from a WSUS server 720 to a large number of data transfer apparatuses 10. In this case, similarly, it is necessary to ensure the security of communication between the data transfer apparatus 10 and each of the servers 710 and 720.
Therefore, in this embodiment, in order to increase the security of communication between the data transfer apparatus 10 installed in each mass sales store 610 in an environment that can be operated by an unspecified user and the server group on the business operator network 400 side, Processing when the notebook personal computer 20 of the data transfer apparatus 10 is powered on is executed as follows.

  FIG. 6 is an explanatory diagram showing an example of communication processing between the notebook computer 20 and the server on the operator network 400 when the notebook computer 20 of the data transfer apparatus 10 installed in the mass sales store 610 is powered on. . FIG. 7 is a flowchart illustrating an example of a procedure from when the notebook personal computer 20 is turned on until VPN communication with a server on the operator network 400 is enabled. 6 and 7 show a case where the notebook personal computer 20 of the data transfer apparatus 10 is connected to the operator network 400 via the Internet 510.

When the power of the notebook computer 20 of the data transfer device 10 installed in the mass sales store 610 is turned on (S1 in FIG. 7), a Windows OS (for example, Windows 2000 (registered trademark) or the like installed in the notebook computer 20) Windows XP (registered trademark)) is started (S2 in FIG. 7), and Windows logon to the notebook personal computer 20 which is a local personal computer is automatically executed by cash logon with a specific account set in advance (S3 in FIG. 7). The account used for the cache logon belongs to a Windows user group set in advance for users who can communicate with the server groups 700 to 780 on the provider network 400. In this user group, various settings based on the Windows group policy are made in advance so that the notebook personal computer 20 is not used except for a specific job involving communication with the server groups 700 to 780. The setting by the Windows group policy is, for example, the settings of the desktop screen, the start menu, and the browser software (Internet Explorer) shown in the following (1) to (3).
(1) Unnecessary icons are not displayed on the desktop screen in order to prevent the notebook computer 20 from being used for other purposes.
(2) In order to prevent unintended use of the notebook computer 20, no unnecessary applications are displayed in the start menu program. Only VPN is displayed in the start menu program. The icon menu that activates the Windows function such as control panel and execution by specifying a file name is not displayed.
(3) Deactivate the following submenus A to E in the browser software (Internet Explorer) in order to prevent unauthorized intrusion into the Windows file system and falsification of applications.
A. "Cut", "Copy" and "Paste" in the "Edit" menu
B. "Source" in the "View" menu
C. "Standard Button", "Address Bar" and "Link" in "View"-"Toolbar" menu
D. "Favorites" in the "View"-"Explorer Bar" menu
E. Explorer displayed by right-clicking on the windows taskbar

  Next, in the notebook personal computer 20 of the data transfer apparatus 10, initial settings such as a desktop screen and a start menu are automatically executed based on the Windows group policy (S4 in FIG. 7). In the notebook computer 20, the above-described virus removal software is also automatically started. Due to the firewall function of this virus removal software, only connection to the carrier network 400 by the following VPN is permitted as connection to the external network, and unauthorized connection to the outside for unintended use is prevented.

  Next, in the notebook personal computer 20 of the data transfer apparatus 10, a VPN activation process for constructing a VPN, which is a virtual private network, with the provider network 400 is automatically executed (S5 in FIG. 7). With VPN, it is possible to construct a closed environment comparable to a dedicated line even through the Internet. This VPN uses a security technology called IPsec (IP Security) that operates in a network layer and encrypts and authenticates IP packets and can be used for general purposes in a TCP / IP environment.

  When the VPN is constructed, PKI authentication and RADIUS authentication are automatically executed (S6 and S7 in FIG. 7). The client certificate used in the PKI authentication is issued in advance for the notebook personal computer 20 of each data transfer apparatus and is stored in the corresponding notebook personal computer 20. In the PKI authentication, it is authenticated that the notebook computer 20 is a legitimate client based on the client certificate stored in the notebook computer 20. If the authentication fails, the VPN is not constructed, and communication with the server group in the operator network 400 is not possible. In the RADIUS authentication, based on a user ID (account) and a password automatically input by the notebook computer 20, it is authenticated that the notebook computer 20 is a legitimate client. Also in this case, if the authentication fails, the VPN is not constructed, and communication with the server group in the operator network 400 is not possible.

  When the PKI authentication and the RADIUS authentication are successful and the construction of the VPN is completed, IPsec communication is started between the notebook personal computer 20 of the data transfer device and the server group on the operator network 400 via the VPN (FIG. 7 S8). Then, domain authentication is automatically executed by automatically inputting the account and password of a predetermined domain user registered in advance on the domain logon screen, and the service is received using communication with the server group. An initial screen of a predetermined application is displayed (S9 in FIG. 7). In the example described later, an initial screen of a message delivery service that involves communication with the message delivery support server 760 is displayed. Thereafter, the user can use various services provided by the application (S10 in FIG. 7). When the use of the service is finished, the communication by IPsec is finished and the VPN connection is disconnected (S11 in FIG. 7).

  If the VPN connection is cut for some reason while using the service, the VPN activation, PKI authentication, and RADIUS authentication are automatically executed and the VPN is reconstructed without any user operation.

  As described above, since the processes from turning on the power of the notebook computer 20 of the data transfer apparatus 10 to turning on the domain authentication and displaying the initial screen are automatically executed without making the user aware of it, the startup of the notebook computer 20 is performed. Not only can the operation be simplified, but also the user's erroneous operation and intentional unauthorized use can be suppressed.

  FIG. 8 shows communication with the message delivery support server 760 after the notebook personal computer 20 of the data transfer apparatus 10 and the message delivery support server 760 on the operator network 400 become communicable in the communication system configured as described above. It is a sequence diagram which shows an example of the flow of a process when using a service. This process is a process of simultaneously sending e-mails including desired messages to a plurality of memory dial mail addresses transferred from the old mobile phone 40A to the new mobile phone 40B. First, the old mobile phone 40A is connected to the cable 50A as described above. In this state, data such as a memory dial to be transferred from the old mobile phone 40A is once read and stored in the memory in the notebook computer 20 (S1). Next, the user selects “number / address change notification” for notifying the telephone number and mail address of the user's new mobile phone 40B by e-mail on the menu displayed on the notebook computer 20 (S2). . The “number / address change notification” may be selected before data is read from the old mobile phone 40A.

  Next, the connection cable 50A is disconnected from the old mobile phone 40A, and the connection cable 50B is connected to the new mobile phone 40B. In this state, the transfer target data stored in the memory in the notebook computer 20 is written to the new mobile phone 40B (S3). The telephone number of the mobile phone 40B stored in the new mobile phone 40B is once read and stored in the memory in the notebook computer 20 (S4).

  Next, when the notebook personal computer 20 of the data transfer apparatus 10 starts to write data to the new mobile phone 40B, it delivers a mail address inquiry for inquiring about the mail address corresponding to the phone number together with the phone number of the new mobile phone 40B. It transmits to the support server 760. In order to ensure the security, encrypted communication by HTTPS may be used for transmission of this mail address inquiry.

  Based on the mail address inquiry received from the data transfer device 10, the message delivery support server 760 inquires the subscriber information management server 780 to obtain the mail address corresponding to the telephone number. An LDAP communication protocol is used for the inquiry of the mail address. The message distribution support server 760 transfers the mail address acquired from the subscriber information management server 780 to the notebook computer 20 of the data transfer apparatus 10 by HTTP.

  The mail address corresponding to the telephone number of the new mobile phone 40B can be inquired at a timing other than during the data writing process to the new mobile phone 40B. This mail address inquiry can be made at any timing after the telephone number of the new mobile phone 40B is acquired and before the e-mail of the change notification message is created.

  Next, the notebook personal computer 20 of the data transfer apparatus 10 displays the mail address received from the message distribution support server 760 on the screen together with the telephone number. With this display, the user can confirm the contents of the telephone number and the mail address included in the change notification message distributed by electronic mail.

  Next, the user operates the notebook personal computer 20 of the data transfer device 10 to display a list of e-mail transmission templates, selects a desired transmission template from the list (S5), the user's name, The contents of the notification message are set so that the telephone number and the latest mail address of the user are written at a predetermined position in the mail text (S6). Further, the user selects a destination mail address to be a target of simultaneous transmission of messages from a plurality of mail addresses read from the old mobile phone 40A and displayed on the screen, and creates a transmission list (S7). The selection of the mail address of the transmission destination may be performed by designating the mail address to be removed from the transmission destination.

  Next, the notebook computer 20 of the data transfer apparatus 10 generates e-mail data with a plurality of e-mail addresses selected by the user as destinations. In the present embodiment, one e-mail data can be generated with a mail address up to a predetermined number (for example, 100) as a transmission destination. The content of the set notification message is embedded in the email body of this email, and the latest email address of the user acquired from the subscriber information management server 780 is set as the sender email address (From address). . As the latest mail address, only the domain name part is changed, and the same part as the mail address before the change that has been used before the “@” mark is often set. In such a case, the recipient who received the change notification mail is suspicious of the change notification mail as compared to the case where the mail address of the system common to each user is set as the sender's mail address (From address). There is little risk of being mistaken for an email and deleting it.

Next, when the notebook personal computer 20 of the data transfer apparatus 10 accepts an operation for confirming transmission of the number / address change notification (S8), the generated electronic mail is transmitted to the message distribution support server 760. The message delivery support server 760 disassembles one e-mail set with a plurality of destinations received from the data transfer apparatus 10 into one e-mail with one destination (mail address) in accordance with the rules in the outgoing mail server 770. Processing is performed to generate individual e-mail data for each e-mail address of each destination (S9). The plurality of e-mails generated in this way are stacked in a mail transmission waiting queue in the message distribution support server 760. After that, the message distribution support server 760 executes mail through so that the plurality of generated individual e-mails are sequentially transmitted to the transmission mail server 770 by SMTP using a preset scheduler.
When the outgoing mail server 770 permits processing of one electronic mail with a plurality of destinations (mail addresses), the message delivery support server 760 does not perform the above-mentioned electronic mail disassembling process, but the data transfer device 10. One e-mail set with a plurality of destinations (mail addresses) received from may be sent to the sending mail server 770 as it is.

  The outgoing mail server 770 executes mail through so that each individual electronic mail received from the message delivery support server 760 is sent to an external mail server by SMTP. Here, the transmission suppression time setting function (schedule function) of the outgoing mail server 770 suppresses the transmission of the electronic mail to the external mail server, for example, when the outgoing mail server stays in the mail or at midnight. You may do it.

  The notebook personal computer 20 of the data transfer apparatus 10 transmits an email request to the message delivery support server 760, and then deletes all personal information such as mobile phone number and mail address data stored in the notebook personal computer 20 (S10). Then, a series of data transfer processing is terminated. Thereby, it is possible to prevent personal information from leaking through the notebook computer 20.

  In the service example of FIG. 8 described above, data acquisition from the old mobile phone is performed as pre-processing, and phone number acquisition from the new mobile phone is described as post-processing. However, the processing procedure is not limited thereto. For example, after acquiring a telephone number from a new mobile phone, data such as a mail address from an old mobile phone may be acquired before the data transfer device 10 makes an inquiry about the mail address to the message delivery support server 760. Good.

  Further, in the service example of FIG. 8 described above, the change notification message creation process is performed by the data transfer apparatus 10, but the change notification message creation process may be performed by the message distribution support server 760. . In this case, the information of the old and new mobile phones acquired from the data transfer device 10 is transferred to the message delivery support server 760, and the information is deleted in the final process. The data transfer apparatus 10 may be configured to be operated as a remote console terminal of the message delivery support server 760.

  In the service example of FIG. 8, when an e-mail including a message is transmitted to a plurality of e-mail addresses read from the old mobile phone 40B, the e-mail including the message to be delivered is not delivered for some reason. Sometimes, the notice of non-delivery arrives at the user's latest mail address (new mobile phone). Therefore, the user can easily grasp the delivery status of the e-mail. In addition, since the e-mail data is created and the data such as the e-mail address read from the old mobile phone 40B is deleted before the processing in the data transfer device 10 is completed, the e-mail address etc. Unlike the case where personal information is stored in a server on a communication network and can be accessed from a terminal device such as a personal computer, personal information protection is superior.

  In the service example of FIG. 8, the latest mail address used by the user and the telephone number of the new mobile phone 40B are simultaneously changed to a plurality of mail addresses read from the user's old mobile phone 40A. Can be delivered and notified.

  In the service example of FIG. 8, the change notification message includes the telephone number data and the memory dial mail address data read to the data transfer device 10 when data is transferred from the old mobile phone 40A to the new mobile phone 40B. Since it can be diverted to transmission of the distribution e-mail, the efficiency of the e-mail transmission process can be improved.

  Further, in the service example of FIG. 8, the e-mail can be transmitted only to a mail address desired by the user among a plurality of mail addresses read from the old mobile phone 40A. The useless e-mail transmission can be prevented from being performed on the e-mail address that the user does not desire to deliver the message.

  Further, in the service example of FIG. 8 described above, the case where the message to be distributed is a message for notifying the change of the telephone number / mail address when the model of the mobile phone is changed has been described. It is not limited to this. Further, the present invention can be applied not only to the case of changing the model of a mobile phone but also to, for example, temporarily canceling a mobile phone that has been used until then and newly contracting a new mobile phone.

  As described above, according to the present embodiment, when the notebook personal computer 20 of the data transfer apparatus 10 is turned on and starts to be started, the start-up process automatically logs on with a specific account set in advance, Since the server 700 to 780 is automatically connected to the server, the password input for logon and the connection operation to the server become unnecessary, and the security is improved and the user is not made aware of the password input. The convenience for the user will also increase. In addition, since the connection destination to the outside via the communication network is limited to the servers 700 to 780 on the carrier network 400 in the specific account that has been automatically logged on, the user can connect to the server after the automatic logon. It is possible to restrict connection to other external connection destinations via a communication network, and it is possible to prevent access to general network sites and prevent spyware, worms, etc. from being taken in, thereby further enhancing security. it can. Further, after being connected to the servers 700 to 780, a VPN that uses client authentication and encrypted communication based on a client certificate (digital certificate) is established between the servers 700 to 780 and the server 700 on the VPN. ~ 780 can be communicated, so that the risk of eavesdropping on communication with the server and tampering of communication contents can be reduced, so that security can be further enhanced. Further, when the startup process of the notebook personal computer 20 of the data transfer device 10 is completed, an initial screen for using a service involving communication with the server is displayed, so that the user's individual operation for displaying the initial screen is performed. Is unnecessary, and the convenience for the user can be further enhanced. As described above, even when the data transfer device 10 is installed in a state where it can be operated by an unspecified user, the server can be accessed from the data transfer device 10 via the public communication network while ensuring the convenience of the user. Security when using a service involving communication with 700 to 780 can be comprehensively enhanced.

  In particular, in the present embodiment, when using a service involving communication between the data transfer apparatus 10 and the message delivery support server 760, personal information such as a telephone number and a mail address of a mobile phone is transmitted and received. High security can be secured as a protective measure.

  Further, according to the present embodiment, when communication is disconnected at the time of VPN connection to the server, the VPN for connection to the server is reconstructed, so that the VPN is reconstructed when communication with the server is disconnected. Therefore, the operation by the user is not required, and the user is not made aware of such reconnection and reconfiguration processing.

  Further, according to the present embodiment, since the domain user account is automatically logged on during the startup process of the notebook personal computer 20 of the data transfer apparatus 10, the user's operation for logging on to the network domain constructed on the VPN is prevented. It becomes unnecessary and does not make the user aware of the logon process to the network domain.

  Further, according to the present embodiment, at the time of starting the notebook personal computer 20 of the data transfer device 10, it is set so that icons unnecessary for the use of the server are not displayed on the general-purpose desktop screen and menu screen of the notebook personal computer 20. Therefore, it is possible to further improve security by preventing user's erroneous operation and conscious unauthorized operation on an icon unnecessary for using the server, and suppressing unauthorized use of the user.

  Further, according to the present embodiment, during the startup process of the notebook computer 20 of the data transfer apparatus 10, the general-purpose application program incorporated in the notebook computer 20 is set so as to limit functions unnecessary for use of the server. Therefore, security can be further improved by avoiding the use of functions unnecessary for server use among the functions of the general-purpose application program by the user's erroneous operation or conscious operation.

  Also, according to the present embodiment, the basic OS program update program is sent from the WSUS server 720 to each notebook computer 20 without individually performing the basic OS program update operation on the notebook computer 20 of each data transfer apparatus 10. By batch distribution, the basic OS program in the notebook personal computer 20 of each communication terminal apparatus can be remotely updated in a batch.

  In addition, according to the present embodiment, a new program or a correction program used when using a service involving communication with the servers 700 to 780 on the operator network 400 from the data transfer device 10 is stored in the plurality of data transfer devices 10. You may provide the program management server delivered to the notebook personal computer 20 collectively. In this case, a new program is transmitted from the program distribution server 740 to the notebook computer 20 of each data transfer device 10 without performing an operation of individually downloading a new program or a correction program on the notebook computer 20 of each data transfer device 10. Alternatively, it is easy to download and install a new program or the like in each notebook computer 20 by distributing the correction program in a batch.

  In addition, according to the present embodiment, the asset management server 730 can centrally manage each notebook computer 20 based on information about hardware and software collected from the notebook computer 20 of each data transfer apparatus 10.

  Although the preferred embodiments of the present invention have been described above, various modifications can be made to the disclosed embodiments within the scope of the technical matters described in the claims without departing from the scope or spirit of the present invention. Can be added.

  For example, in the above-described embodiment, the communication terminal device is installed in a mass sales store so that it can be used for data transfer between mobile phones, and can communicate with a server on a telecommunications carrier network to receive various services. However, the present invention is also applicable to other communication terminal devices. For example, the present invention can also be applied to other communication terminal apparatuses that are installed in an environment that can be operated by an unspecified user and receive services by communicating with a server on a communication network in a state where security is ensured.

BRIEF DESCRIPTION OF THE DRAWINGS Explanatory drawing which shows an example of the whole structure of the communication system which concerns on embodiment of this invention. The perspective view of a data transfer device. The perspective view of the notebook computer used for a data transfer apparatus. The perspective view of the data transfer apparatus which connected the mobile telephone of a data transfer origin. The perspective view of the data transfer apparatus which connected the mobile telephone of a data transfer destination. Explanatory drawing which shows an example of the communication processing between the notebook personal computer and the server on a provider network when the notebook personal computer of a data transfer apparatus is turned on. The flowchart which shows an example of the procedure from the power-on of a notebook personal computer until the VPN communication with the server on a provider network is attained. The sequence diagram which shows an example of the flow of a process when using the service accompanied by communication with a data transfer apparatus and a message delivery support server.

Explanation of symbols

10 Data transfer device (communication terminal device)
20 Notebook PC (computer device)
30 Adapter 40 Cellular phone 400 Carrier network 420 Access gateway device 430 Remote access server 440 IP-VPN
450 Wide-area Ethernet network 460 RADIUS authentication server 470 PKI authentication server 510 Internet 610 Mass retailer 700 Domain server 710 Antivirus software management server 720 WSUS server 730 Asset management server 740 Program distribution server 750 Maintenance server 760 Message distribution support server 770 Transmission mail server 780 Subscriber information management server

Claims (11)

A communication terminal device configured using a general-purpose computer device and capable of communicating with a server via a public communication network,
A casing member that exposes a display unit of the computer device and covers an operation unit of the computer device;
For a specific account used to log on to the computer device when connecting to the server and using the server, the connection destination to the outside via the communication network is limited to the server,
The computer device is automatically logged on with the specific account during the startup process of the computer device, and the computer device does not display an unnecessary icon for use of the server on the general-purpose desktop screen and menu screen of the computer device. A general-purpose application program incorporated in the apparatus is set so as to restrict functions unnecessary for use of the server, and is automatically connected to the server via the communication network, and is based on a digital certificate by PKI authentication and RADIUS authentication. A virtual private network that uses client authentication and encrypted communication is constructed at least in the public communication network part with the server, and the server service is used on the virtual private network with the server Do When a network domain in which a domain user account is set up is established, automatic logon is performed with the domain user account, and an initial screen when using the server is displayed. Terminal device. The communication terminal device according to claim 1,
When communication is disconnected at the time of connection to the server, the communication terminal apparatus is reconnected to the server and the virtual private network is reconstructed . In the communication terminal apparatus 請 Motomeko 1 or 2,
A communication terminal apparatus which is a data transfer apparatus used for data transfer between a plurality of mobile communication terminals. In the communication terminal device according to claim 3 ,
Mail address data reading means for reading the data of the terminal identification number of the mobile communication terminal connected to the communication terminal device and the data of the destination mail address stored in the mobile communication terminal;
Terminal identification number data transmitting means for transmitting data of the terminal identification number read from the mobile communication terminal to a message delivery support server via a mobile communication network;
The email address received from the message delivery support server is the sender, the email addresses read from the mobile communication terminal are the recipients, and the message to be delivered specified by the user is the email body. E-mail data generation means for generating data;
E-mail data transmitting means for transmitting the e-mail data to the message delivery support server;
A data deleting means for deleting data read from the mobile communication terminal after generating the e-mail data;
A communication terminal device comprising: A communication system comprising a plurality of communication terminal devices configured using general-purpose computer devices, and a server capable of communicating with the plurality of communication terminal devices via a public communication network,
Each communication terminal device
A casing member that exposes a display unit of the computer device and covers an operation unit of the computer device;
For a specific account used to log on to the computer device when connecting to the server and using the server, the connection destination to the outside via the communication network is limited to the server,
During the startup process when the computer device is turned on, it is automatically logged on with the specific account, and at the time of the automatic logon, an icon unnecessary for use of the server is not displayed on the general-purpose desktop screen and menu screen of the computer device, In addition, a general-purpose application program incorporated in the computer device is set so as to restrict functions unnecessary for use of the server, and is automatically connected to the server via the communication network, and by PKI authentication and RADIUS authentication. A virtual private network that uses client authentication by digital certificates and encrypted communication is constructed at least in a public communication network portion with the server, and the server on the virtual private network with the server Sir of If a network domain with a domain user account to use the service is set up , the initial screen for automatically logging on with the domain user account and receiving services by connecting to the server is displayed. A communication system. The communication system of claim 5 ,
The communication terminal apparatus, communication system, which is a data transfer device used to transfer data between a plurality of mobile communication terminals. The communication system of claim 6 .
The communication terminal device
Mail address data reading means for reading the data of the terminal identification number of the mobile communication terminal connected to the communication terminal device and the data of the destination mail address stored in the mobile communication terminal;
Terminal identification number data transmitting means for transmitting data of the terminal identification number read from the mobile communication terminal to a message delivery support server via a mobile communication network;
The email address received from the message delivery support server is the sender, the email addresses read from the mobile communication terminal are the recipients, and the message to be delivered specified by the user is the email body. E-mail data generation means for generating data;
E-mail data transmitting means for transmitting the e-mail data to the message delivery support server;
A data deleting means for deleting data read from the mobile communication terminal after generating the e-mail data;
A communication system comprising: The communication system according to claim 5 , 6 or 7 ,
Update information of a basic OS program incorporated in a computer device of the communication terminal device is acquired, and when the basic OS program is updated, the update program of the basic OS program is applied to the plurality of communication terminal devices. And a program update server for batch distribution. The communication system according to claim 5 , 6 or 7 ,
A communication system comprising: a program management server that collectively distributes a new program or a correction program used when using the server from the communication terminal device to the plurality of communication terminal devices. The communication system according to claim 5 , 6 or 7 ,
A communication system comprising a terminal management server that collects information on hardware and software of the communication terminal device from the plurality of communication terminal devices . A general-purpose communication terminal apparatus provided with a casing member for covering the operating part of the computer device to expose the display portion of the computing device is configured using a computer device, the connected to a server via a public communication network A communication method using a server,
As an account used to log on to the computer device when connecting to the server and using the server, a specific account whose connection destination to the outside through the communication network is restricted to the server is the communication Steps set in advance in the terminal device;
The communication terminal device is automatically logged on with the specific account during a startup process when the computer device is turned on ;
No icons unnecessary for use of the server are displayed on the general-purpose desktop screen and menu screen of the computer device at the time of the automatic logon, and a general-purpose application program incorporated in the computer device is not required for use of the server Step to limit the functions
A step in which the communication terminal device is automatically connected to the server via the communication network; and a virtual private network that uses client authentication and encrypted communication using a digital certificate by PKI authentication and RADIUS authentication. Constructed at least in the public communication network part between
When a network domain in which a domain user account for using the server service is set up on a virtual private network with the server is automatically logged on with the domain user account And steps
The communication terminal device that has completed the start-up displays an initial screen when using the server by connecting to the server;
A communication method comprising:

Images