JP5440547B2 - Information processing system, information processing apparatus, control method therefor, and program - Google Patents

Description

The present invention relates to an information processing system, an information processing apparatus, a control method therefor, and a program, and particularly relates to a technique that can prevent an information leak related to authentication and can perform an authentication request with a simple operation.

  Conventionally, for example, when a user wants to use a WEB service, the user manually inputs a user ID and a password, and user authentication processing is performed according to the manually input user ID and password. There is a mechanism that can be used.

  In such a mechanism, the user must manually input a user ID and password every time the WEB service is used.

  For example, a portable terminal such as a smartphone has poor operability because the screen is small and the input device is small compared to an information processing apparatus such as a personal computer. Therefore, when using a WEB service using a mobile terminal, the user must input a user ID that is generally not changed to the mobile terminal each time and is forced to perform a very complicated operation. .

  Therefore, in order to simplify the input of the ID and password, in Patent Document 1, when the ID and password are not registered on the authentication destination server in the mobile terminal, the mobile terminal indicates the ID, When a screen for entering a password is displayed, and the server successfully authenticates with the ID and password entered by the user via the screen, the user enters an arbitrary key code into the mobile terminal and is entered. When the key code, ID, and password are registered in the mobile terminal and the user logs in again, only by entering the key code, the mobile terminal checks whether the input key code is correct. A mechanism for transmitting an ID and password to a server for authentication is proposed.

JP 2001-344209 A

  However, in the mechanism of Patent Document 1, since an ID, a password, and a key code are registered in the mobile terminal, for example, when the mobile terminal is lost, a third party who obtains the mobile phone uses the mobile terminal. By analyzing, the ID, password, and key code may be leaked.

  Further, in the mechanism of the above-mentioned Patent Document 1, when the ID and password are not registered on the mobile terminal, a screen for inputting the ID and password is displayed. Therefore, the mobile terminal is registered with the ID and password. It is necessary to determine whether or not the ID and password are registered in the portable terminal. For this reason, the mobile terminal or server must manage the registration status of IDs and passwords in the mobile terminal, and the processing becomes complicated.

  Furthermore, for example, when the ID is changed or the mobile terminal is changed, the registration contents of the ID and password to the mobile terminal managed by the mobile terminal or server must be changed. Becomes complicated. In this case, if the registration status is not changed appropriately, a new screen for easy authentication cannot be displayed. Therefore, the user must register the new screen as a screen memo. I can not log in easily.

  That is, for example, in a mechanism in which a screen that allows simple authentication without inputting a user ID is displayed on the display unit of the mobile terminal only at the first use of the WEB service (once), When the ID is changed or the mobile terminal is changed, the screen cannot be displayed on the display unit of the mobile terminal. Therefore, when the ID is changed or when the mobile terminal is changed, the registration status of the ID and password managed by the mobile terminal or the server so that the screen can be acquired and displayed again. Must be changed (initialized), which makes management difficult.

  As described above, every time a user uses a web service, a user ID, which is less likely to be changed, is assigned to a portable terminal that is not superior to an information processing device such as a personal computer. Since it is necessary to input and the user is forced to perform complicated operations, there is a demand for a mechanism that can easily log in and improve security.

An object of the present invention is to provide a mechanism capable of preventing information leakage related to authentication and making an authentication request with a simple operation .

The present invention is an information processing apparatus capable of communicating with a mobile terminal , and an ID input by a user operation via the input screen from the mobile terminal that displays an input screen of ID and password on a display unit , And receiving means for receiving authentication information including a password, authentication means for performing authentication processing in accordance with the authentication information received by the receiving means, and not including the password included in the authentication information received by the receiving means. The included ID is a simple login screen that is included as information that is not displayed on the display unit of the portable terminal, and receives an input of a password by a user operation, and receives the ID included in the simple login screen and the input For displaying a simple login screen on which the portable terminal transmits authentication information including a password on the portable terminal. A generating means for generating display information, the authentication means according to the condition that it has been authenticated by the authentication processing, and a transmission means for transmitting the indication information generated by said generating means to said portable terminal, said receiving means Further includes an authentication including a password accepted by a user operation via a simple login screen displayed on the display unit according to the display information transmitted by the transmission means, and an ID included in the simple login screen. Information is received from the portable terminal .

The present invention also provides:
A method for controlling an information processing apparatus capable of communicating with a mobile terminal, wherein a receiving unit is input by an operation of a user through the input screen from the mobile terminal that displays an ID and password input screen on a display unit. A receiving step for receiving authentication information including an ID and a password, an authentication step in which the authentication means performs an authentication process in accordance with the authentication information received in the receiving step, and a generating means in the authentication information received in the receiving step. The ID included in the authentication information does not include the included password, and is a simple login screen that is included as information that is not displayed on the display unit of the mobile terminal. A simple log-in message in which the portable terminal transmits authentication information including an ID included in the screen and a password that has received the input. Wherein the generating step of generating display information for displaying the down screen on the mobile terminal, transmitting means, on condition that it has been authenticated by the authentication processing by the authentication step, the display information generated by the generating step A transmission step for transmitting to a portable terminal, and the reception step further receives an input by a user operation via a simple login screen displayed on the display unit in accordance with the display information transmitted by the transmission step. Authentication information including a password and an ID included in the simple login screen is received from the portable terminal .

The present invention is also a program that can be read and executed by an information processing apparatus that can communicate with a mobile terminal, wherein the information processing apparatus displays the ID and password input screen on the display unit from the mobile terminal. Receiving means for receiving authentication information including ID and password input by user operation via the input screen, authentication means for performing authentication processing according to the authentication information received by the receiving means, and received by the receiving means It is a simple login screen that does not include the password included in the authentication information and includes the ID included in the authentication information as information that is not displayed on the display unit of the mobile terminal, and accepts the input of the password by the user's operation, Authentication information including the ID included in the simple login screen and the password that accepted the input is stored in the portable terminal. Said There generating means for generating display information for displaying the simple log-in screen to be transmitted to the mobile terminal, on condition that it has been authenticated by the authentication processing by said authentication means, the display information generated by the generating means A password that functions as a transmission unit that transmits to a mobile terminal, and that the reception unit further receives an input by a user operation via a simple login screen displayed on the display unit according to display information transmitted by the transmission unit And authentication information including the ID included in the simple login screen is received from the portable terminal .

The present invention is also an information processing system including a mobile terminal and an information processing device, wherein the mobile terminal includes an input screen display means for displaying an input screen for an ID and a password on a display unit, and the input screen display means. via an input screen displayed by, ID input by operation of the user, and an authentication transmitting means for transmitting the authentication information including a password to the information processing apparatus, before Symbol information processing apparatus, by the authentication transmitting means A simple login screen that does not include the password included in the transmitted authentication information and includes the ID included in the authentication information as information that is not displayed on the display unit, and receives a password input by a user operation And a simple login screen receiving means for receiving display information for displaying on the display unit , and receiving the simple login screen In accordance with the display information received by means, display means for displaying the simplified login screen on the display unit, a storage means for storing the simple login screen displayed on the display unit screen memo and to, in accordance with a user operation, Screen memo display means for reading and displaying the simple login screen stored as a screen memo in the storage means, and password accepting means for accepting a password input via the simple login screen displayed by the screen memo display means; Authentication request means for making an authentication request by transmitting authentication information including the ID included in the simple login screen displayed by the screen memo display means and the password received by the password accepting means to the information processing apparatus; the information processing apparatus, ID sent by the authentication transmitting device, and a password Receiving means for receiving testimony information from the portable terminal, an authentication unit for performing authentication processing according to the authentication information received by the receiving unit does not include a password included in the authentication information received by the reception unit, to the authentication information It is a simple login screen including information that is not displayed on the display unit with respect to the included ID, and receives an input of a password by a user operation, and includes an ID included in the simple login screen and a password that has received the input Generating means for generating display information for displaying a simple login screen on which the portable terminal transmits authentication information including the authentication information on the portable terminal, and on the condition that the authentication means is authenticated by the authentication process, the generating means the generated display information and a transmission means for transmitting to said portable terminal, said receiving means further comprises The serial authentication information transmitted by the authentication request unit, characterized in that receiving from the mobile terminal.
The present invention is also a method for controlling an information processing system including a mobile terminal and an information processing apparatus, wherein the input screen display means of the mobile terminal displays an input screen of ID and password on a display unit. And authentication transmitting means of the portable terminal transmits authentication information including an ID and a password input by a user operation via the input screen displayed in the input screen display step to the information processing apparatus. The authentication transmission step and the simple login screen reception means of the mobile terminal do not include the password included in the authentication information transmitted by the authentication transmission step from the information processing apparatus, and the ID included in the authentication information A simple login screen that contains information that is not displayed on the display unit, and that accepts password input by user operations A simple login screen receiving step for receiving display information for displaying the information on the display unit, and the display unit of the portable terminal displays the simple login screen in accordance with the display information received in the simple login screen receiving step. A display step of displaying on the mobile terminal, a storage unit of the portable terminal storing the simple login screen displayed on the display unit as a screen memo, and a screen memo display unit of the portable terminal according to a user operation A screen memo display step for reading and displaying the simple login screen stored as a screen memo in the storage step, and a password accepting means of the portable terminal via the simple login screen displayed by the screen memo display step. A password accepting step for accepting an input of a password, and an authentication requesting means of the portable terminal, the screen memo table An authentication request step for sending an authentication request to the information processing device by sending authentication information including the ID included in the simple login screen displayed in the step and the password received in the password receiving step; The receiving unit of the information processing device receives the authentication information including the ID and password transmitted by the authentication transmitting step from the portable terminal, and the authentication unit of the information processing device is the receiving step. An authentication process for performing an authentication process according to the received authentication information, and the generation unit of the information processing apparatus does not include the password included in the authentication information received in the reception process, and the display unit displays the ID included in the authentication information This is a simple login screen that contains information that is not displayed on the screen. A generating step for generating display information for displaying on the portable terminal a simple login screen on which the portable terminal transmits authentication information including an ID included in the simple login screen and a password that has accepted the input; and the information A transmission step of transmitting display information generated by the generation step to the portable terminal on condition that the transmission unit of the processing device is authenticated by the authentication processing by the authentication step, and the reception step includes Furthermore, the authentication information transmitted by the authentication requesting step is received from the portable terminal.
In addition, the present invention is a program that can be read and executed by an information processing system including a mobile terminal and an information processing apparatus, and the mobile terminal includes an input screen display unit that displays an input screen of an ID and a password on a display unit. From the information processing apparatus, an authentication transmitting means for transmitting authentication information including an ID input by a user operation and a password to the information processing apparatus via the input screen displayed by the input screen display means, It is a simple login screen that does not include the password included in the authentication information transmitted by the authentication transmitting means, and includes the ID included in the authentication information as information that is not displayed on the display unit. Simple login screen receiver for receiving display information for displaying on the display unit a simple login screen for accepting And display means for displaying the simple login screen on the display unit according to display information received by the simple login screen receiving means; and storage means for storing the simple login screen displayed by the display means as a screen memo. The screen memo display means for reading and displaying the simple login screen stored as a screen memo in the storage means according to the user's operation, and the password input via the simple login screen displayed by the screen memo display means Authentication information including an ID included in the simple login screen displayed by the screen memo display unit and the password received by the password reception unit is transmitted to the information processing apparatus and an authentication request is made. Functioning as an authentication requesting unit for performing the information processing apparatus with the authentication transmitting unit Included in the receiving means for receiving authentication information including the ID and password transmitted from the portable terminal, the authenticating means for performing authentication processing in accordance with the authentication information received by the receiving means, and the authentication information received by the receiving means The ID included in the authentication information is a simple login screen that is included as information that is not displayed on the display unit, and that is included in the authentication information. And generating means for generating display information for displaying on the portable terminal a simple login screen on which the portable terminal transmits authentication information including the password that has received the input, and authentication by the authentication means. On the condition that the display information generated by the generating means is transmitted to the portable terminal The receiving means further receives the authentication information transmitted by the authentication requesting means from the portable terminal.

ADVANTAGE OF THE INVENTION According to this invention, the structure which can prevent the leakage of the information which concerns on authentication and can perform an authentication request | requirement by simple operation can be provided .

1 is a block diagram schematically showing a system configuration according to an embodiment of the present invention. FIG. 2 is a block diagram schematically showing hardware configurations of an administrator terminal 101, a server 102, and portable terminals 103 and 104 in FIG. It is a block diagram which shows roughly the structure of the function with which the server 102 in FIG. 1 is provided. It is an example of the figure which shows the screen transition of the portable terminal 103. FIG. It is a figure which shows the screen transition from the simple login screen 407 displayed by step S901 to the portal screen displayed by step S715. 5 is a diagram illustrating an example of an authentication table 600. FIG. It is a flowchart which shows the 1st control processing procedure which CPU201 of the portable terminal 103 and server 102 in FIG. 1 performs. 6 is a flowchart illustrating a second control processing procedure executed by a CPU 201 of the mobile terminal 103 and the server 102 in FIG. 1. 6 is a flowchart showing a third control processing procedure executed by CPU 201 of portable terminal 103 and server 102 in FIG. 1. It is a figure which shows an example of the login screen (a) and portal screen (b) which are displayed on the display part of PC105,106.

Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.
FIG. 1 is a block diagram schematically showing an information processing system configuration according to an embodiment of the present invention.

As shown in FIG. 1, the administrator terminal 101, the server 102, the portable terminal 103, the portable terminal 104, the PC 105, and the PC 106 are connected to be able to communicate with each other via a network 100 such as an Internet line. ing. Here, the mobile terminals 103 and 104 are mobile terminals such as mobile phones. The PCs 105 and 106 are information processing apparatuses such as personal computers, for example. The PC is an application example of the client terminal of the present invention.

  The server 102 functions as a database server, and manages user schedule information, reservation time information (schedule information) of equipment and equipment, and the like. The server 102 is an application example of the information processing apparatus of the present invention.

  The server 102 also functions as a WEB server, and has a function of transmitting display information described in a markup language such as HTML to the mobile terminals 103 and 104 and the PCs 105 and 106.

  Specifically, it has a function of generating display information from data such as schedule information managed in the database and transmitting it to the portable terminals 103 and 104 and the PCs 105 and 106.

  The server 102 also has an authentication function for performing authentication processing of users of the portable terminals 103 and 104 and the PCs 105 and 106.

  Web browser software (hereinafter also referred to as a WEB browser) is installed in the mobile terminals 103 and 104 and the PCs 105 and 106.

  The mobile terminals 103 and 104 are installed with a mobile terminal WEB browser, and the PCs 105 and 106 are installed with a PC WEB browser.

  The mobile terminals 103 and 104 and the PCs 105 and 106 have a function of interpreting display information acquired from the server 102 for displaying a WEB page and displaying it on a display unit. Here, the display information is a data file described in a markup language for displaying a WEB page, and is a file that can be interpreted by a WEB browser such as an HTML file or an XML file.

  When the administrator terminal 101 receives an instruction related to management of the server 102 from the server administrator, the administrator terminal 101 transmits the instruction to the server 102. The server 102 that has received the instruction performs management related to various services to be executed in accordance with the instruction.

  As described above, this system configuration uses various application software services running on the server 102 using a portable Web browser installed on a portable terminal and a PC Web browser installed on a PC. This is the mechanism used by the user.

  Hereinafter, the hardware configuration of the administrator terminal 101, the server 102, the portable terminals 103 and 104, and the PCs 105 and 106 illustrated in FIG. 1 will be described with reference to FIG.

  FIG. 2 is a block diagram schematically showing the hardware configuration of the administrator terminal 101, server 102, portable terminals 103 and 104, and PCs 105 and 106 in FIG.

In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 has a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as OS), which is a control program of the CPU 201, and functions executed by each server or each PC (information processing apparatus). Various programs and the like to be described later necessary for the realization are stored.

A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

An input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display (display unit) such as a CRT display (CRT) 210. In FIG. 2, although described as CRT 210, the display device is not limited to the CRT, but may be another display device such as a liquid crystal display. These are used by the administrator as needed.

A memory controller 207 is provided in an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a compact flash (registered trademark) memory connected via an adapter.

A communication I / F controller 208 connects and communicates with an external device via the network 100, and executes communication control processing in the network. For example, communication using TCP / IP is possible.

Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. In addition, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Further, files and various tables used when executing the program are also stored in the external memory 211.

  The portable terminal 103, 104 will be supplemented with a description of some of the differences from the description in FIG.

  In order to describe an application example of a mobile terminal as a mobile phone in this embodiment, the display (display unit) 210 in the mobile terminal is smaller in size than the display units of the PCs 105 and 106 and the server 102. Organic EL etc. are used.

  In the above description, a keyboard (KB) 209, a mouse (not illustrated), and the like are described as examples of 209. However, in the case of a mobile terminal, 209 corresponds to a button that receives an instruction from the user.

  FIG. 3 is a block diagram schematically showing a functional configuration of the server 102 in FIG.

  As shown in FIG. 3, the server 102 includes a WEB service 301, an authentication DB (database) 302, and various DBs (database) 303.

  Here, the WEB service 301 indicates, for example, a WEB service provided to a mobile terminal or a PC. For example, the schedule information stored in various DBs 303 can be displayed as data in a format that can be displayed on the WEB browser of the mobile terminal or the PC. A service (scheduler) that is generated and transmitted to be displayed on a portable terminal or PC, an authentication service for authenticating a user who operates the portable terminal or PC, and the like are provided.

  In the authentication DB 302, for example, an authentication table 600 shown in FIG. 6 is stored.

  FIG. 6 is a diagram illustrating an example of the authentication table 600. As shown in FIG. 6, the authentication table 600 is associated with a user ID and a password. Here, the user ID can be freely changed and registered by the user. That is, the server changes the user ID when receiving a user ID change instruction from the portable terminal or the PC.

  The various DBs 303 store schedule information (not shown).

  The portable terminals 103 and 104 use a portable WEB browser to access the WEB service 301 of the server 102 and transmit authentication information including a user ID and a password. The WEB service 301 performs a user authentication process by determining whether or not the authentication information received from the mobile terminals 103 and 104 is registered in the authentication DB 302.

  Further, the PCs 105 and 106 use a PC WEB browser to access the WEB service 301 of the server 102 and transmit authentication information including a user ID and a password. The WEB service 301 performs user authentication processing by determining whether or not the authentication information received from the PCs 105 and 106 is registered in the authentication DB 302.

  Next, the present embodiment will be described with reference to the flowchart shown in FIG.

  FIG. 7 is a flowchart showing a first control processing procedure executed by the CPU 201 of the mobile terminal 103, the server 102, and the PC 105 in FIG.

  The processing from step S701, step S702, step S706, step S707, step S717 to step S720 is executed and implemented by the CPU 201 of the mobile terminal 103.

Further, the processing from step S703, step S704, step S705, step S705-1, and step S708 to step S716 is executed and implemented by the CPU 201 of the server 102.
Further, the processing from step S721 to step S729 is executed and executed by the CPU 201 of the PC 105.

  First, a case where the mobile terminal 103 accesses the server 102 will be described.

  Since the mobile terminal 103 accesses the WEB service 301 of the server 102 via a mobile WEB browser, the mobile terminal 103 receives an input from the user of a URL that provides the WEB service (S701).

  Then, when the mobile terminal 103 receives the URL input from the user, the mobile terminal 103 transmits a display information transmission request for displaying the login screen of the WEB service 301 to the received URL together with the User Agent information of the mobile terminal 103. (S702).

Here, the User Agent information is generally known User Agent information that identifies whether the terminal is a mobile terminal or a PC. The User Agent information may be information for identifying whether the WEB browser is a mobile terminal browser or a PC browser.
In other words, in step S702, the mobile terminal 103 also transmits User Agent information indicating that the transmission request source terminal is a mobile terminal.

  When the server 102 receives the User Agent information together with the display information transmission request from the mobile terminal 103 (S703), the server 102 determines whether or not the received User Agent information is information indicating that the mobile terminal is a mobile terminal, and transmits the information. It is determined whether the requesting terminal is a portable terminal or a PC (step S704).

  And when it determines with the terminal of a transmission request origin being a portable terminal (step S704: YES), the display information (HTML etc.) for displaying a portable login screen (screen displayed with a portable browser) ) Is transmitted to the portable terminal 103 (S705).

  When receiving the display information from the server 102 (S706), the portable terminal 103 displays the login screen 400 ((a) of FIG. 4) according to the display information. FIG. 4 is an example of a diagram showing screen transition of the mobile terminal 103.

  Then, the mobile terminal 103 receives an input of a user ID and a password by a user operation via the login screen 400. When the user presses the login button, the portable terminal 103 transmits the input user ID and password to the server 102 (S707) (authentication transmission unit). In step S707, User Agent information indicating that the transmission requesting terminal is a portable terminal is also transmitted.

  When the server 102 receives the user ID, password, and User Agent information from the mobile terminal 103 (S708), whether or not the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302. Is determined (S709). If it is determined that the server 102 is not registered (S710: NO), the server 102 determines whether or not the User Agent information received in S708 is information indicating that the mobile terminal is a mobile terminal, and the transmission request source It is determined whether the terminal is a portable terminal or a PC (step S714). And when it determines with User Agent information being the information which shows that it is a portable terminal (S714: YES), the failure screen for portable terminals which shows that the said user was not authenticated (authentication failed) is displayed. Display information for display is transmitted to the portable terminal 103 (S715), and the process returns to S703.

  If the server 102 determines in S710 that the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302, the server 102 determines that the authentication is successful (S710). : YES), it is determined whether or not the User Agent information received in S708 is information indicating that it is a mobile terminal, and whether or not the transmission request source terminal (the terminal from which authentication information is transmitted) is a mobile terminal, It is determined whether it is a PC (step S711) (portable determination means). If it is determined that the User Agent information is information indicating that the mobile terminal is a mobile terminal (S711: YES), display information for displaying the portal screen for the mobile terminal indicated by 401 in FIG. It transmits to the terminal 103 (S712). Here, in step S712, display information for displaying a portal screen for a portable terminal including a button 403 (object) for receiving a display information acquisition request instruction for displaying a simple login screen is displayed on the portable terminal. Transmit (screen transmission means). When the process of step S712 is executed, the process proceeds to step S803 in FIG.

  When the mobile terminal 103 receives display information from the server 102 (S717), if the display information is display information for displaying a failure screen (S718: YES), the mobile terminal 103 carries the failure screen according to the display information. The information is displayed on the display unit of the terminal 103 (S719).

On the other hand, if the display information received from the server 102 is display information for displaying the portal screen (S718: NO), the server 102 displays the portal screen (401 in FIG. 4) according to the display information. (S720). When the portal screen (401 in FIG. 4) is displayed in S720, the process proceeds to S801 in FIG.
Next, a case where the PC 105 accesses the server 102 will be described.

  In order to access the WEB service 301 of the server 102 via the WEB browser for the PC, the PC 105 receives an input from the user of the URL that provides the WEB service (S721).

  Upon receiving the URL input from the user, the PC 105 transmits a display information transmission request for displaying the login screen of the WEB service 301 to the received URL together with the User Agent information of the PC 105 (S722). .

Here, the User Agent information is generally known User Agent information that identifies whether the terminal is a mobile terminal or a PC. The User Agent information may be information for identifying whether the WEB browser is a mobile terminal browser or a PC browser.
That is, in step S722, the PC 105 also transmits User Agent information indicating that the transmission request source terminal is a PC.

  When the server 102 receives the user agent information together with the display information transmission request from the PC 105 (S703), the server 102 is information indicating that the received user agent information is a portable terminal or information indicating that it is a PC. It is determined whether there is a terminal, and it is determined whether the transmission requesting terminal is a portable terminal or a PC (step S704).

  If it is determined that the transmission requesting terminal is a PC (step S704: NO), display information (HTML or the like) for displaying a PC login screen (screen displayed on a PC WEB browser). ) Is transmitted to the PC 105 (S705-1).

When the PC 105 receives the display information from the server 102 (S723), the PC 105 displays a login screen ((a) in FIG. 10) according to the display information.
FIG. 10A is an example of a login screen displayed on the display unit of the PC 105.

  1000 is an input field for inputting a login ID (also referred to as a user ID), and 1001 is an input field for inputting a password. Reference numeral 1002 denotes a login button.

  And PC105 receives the input of user ID and a password by a user's operation via a login screen ((a) of Drawing 10). When the user presses the login button 1002, the PC 105 transmits the input user ID and password to the server 102 (S724). In step S724, User Agent information indicating that the transmission requesting terminal is a PC is also transmitted.

  Upon receiving the user ID, password, and User Agent information from the PC 105 (S708), the server 102 determines whether the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302. (S709). If it is determined that the server 102 is not registered (S710: NO), the Server Agent information received in S708 is information indicating that it is a portable terminal or information indicating that it is a PC. It is determined whether or not there is (step S714). If it is determined that the User Agent information is information indicating that it is a PC (S714: NO), a failure screen for PC indicating that the user has not been authenticated (authentication failed) is displayed. Display information for transmitting to the PC 105 (S716), and the process returns to S703.

If the server 102 determines in S710 that the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302, the server 102 determines that the authentication is successful (S710). : YES), it is determined whether or not the User Agent information received in S708 is information indicating that it is a mobile terminal, and it is determined whether the terminal requesting transmission is a mobile terminal or a PC (step) S711). If it is determined that the User Agent information is information indicating that it is a PC (S711: NO), display information for displaying the PC portal screen shown in FIG. (S713). Here, in step S713, display information for displaying a portal screen for a PC that does not include a button (object) for receiving an instruction for a display information acquisition request for displaying a simple login screen is transmitted to the PC 105. .
FIG. 10B is a diagram illustrating an example of a portal screen displayed on the display unit of the PC.

  Reference numeral 1003 denotes a button (object) that receives an instruction for a schedule display request, reference numeral 1004 denotes a button (object) that receives an instruction for a display request for equipment / equipment reservation, and reference numeral 1005. A button (object) that receives a message display request instruction.

  When the PC 105 receives display information from the server 102 (S725), if the display information is display information for displaying a failure screen (S726: YES), the PC 105 displays the failure screen according to the display information. (S728).

  On the other hand, when the display information received from the server 102 is display information for displaying the portal screen (S726: NO), the portal screen ((b) in FIG. 10) is displayed on the display unit of the PC 105 according to the display information. It is displayed (S727).

  When the user presses a button displayed on the portal screen (FIG. 10B), the PC 105 executes processing corresponding to the pressed button (S829).

  For example, when the schedule button 1003 is pressed, a process for acquiring the schedule information of the user is transmitted to the server 102 to receive and display the schedule information from the server 102.

  Next, the continuation of the flowchart shown in FIG. 7 will be described with reference to FIG.

  FIG. 8 is a flowchart showing a second control processing procedure executed by CPU 201 of portable terminal 103 and server 102 in FIG.

  The processing from step S801, step S802, step S806 to step S810 is executed and implemented by the CPU 201 of the mobile terminal 103.

  Further, the processing from step S803 to step S805 is executed and implemented by the CPU 201 of the server 102.

  When the portable terminal 103 displays the portal screen 401 illustrated in FIG. 4 on the display unit in step S720, the portable terminal 103 accepts a press of a button displayed on the portal screen 401 by the user. That is, the user can arbitrarily press a button displayed on the portal screen 401.

  Then, the mobile terminal 103 determines whether or not the “simple login screen creation” button 403 has been pressed by the user (S801), and if it is determined that the button 403 has been pressed (YES), the simple login screen is displayed. A display information transmission request for display is transmitted to the server 102 (S802) (screen request transmission means).

  When the server 102 receives the display information reception request (transmission request) from the portable terminal 103 (S803) (screen request receiving means), the server 102 displays a simple login screen 407 in FIG. Display information (HTML or the like) for display on the display unit is generated (S804) and transmitted to the mobile terminal 103 (S805).

  In step S804, display information of the simple login screen 407 is generated that includes the user ID received in step S708 and prevents the user ID from being displayed on the display unit on the WEB browser. Here, HTML that prevents the user ID from being displayed on the simple login screen with the tag “hidden” is generated.

  When the portable terminal 103 receives the display information of the simple login screen 407 transmitted by the server 102 (step S806) (simple login screen receiving means), the portable terminal 103 displays the simple login screen 407 (FIG. 4) on the display unit according to the display information. (S807).

  Reference numeral 407 denotes an example of a simple login screen.

  Reference numeral 408 denotes a password input field, and reference numeral 409 denotes a login button. The display information (HTML or the like) for displaying the simple login screen includes, for example, <input type = hidden name = loginId value = ogata39>. That is, although this login information includes a login ID (in this example, ogata 39 is a login ID), it is set so that the login ID is not displayed. This simple login screen is a screen on which the login ID included in the display information and the password entered in 408 can be transmitted to the server 102 when the user presses the login button 409. It is.

  Next, the mobile terminal 103 stores the display information of the simple login screen 407 displayed here as a screen memo in the memory of the mobile terminal 103, and determines whether or not an operation instruction (screen memo registration instruction) by the user has been received. If it is determined and a screen memo registration instruction is accepted (S808: YES), the display information of the simple login screen 407 is registered (stored) in the memory of the portable terminal 103 as a screen memo (S809). And if the portable terminal 103 receives the instruction | indication which returns to a previous screen by operation of a user, a process will return to step S720 and the portal screen 401 will be displayed on a display part.

  In step S808, when the portable terminal 103 receives an instruction to return to the previous screen by the user's operation (S808: NO), the process returns to step S720, and the portal screen 401 is displayed on the display unit.

  If it is determined in step S801 that the user has pressed a button other than the “simple login screen creation” button 403 (for example, button 402) (S801: NO), Corresponding processing is executed (S810).

  For example, when the schedule button 402 is pressed by the user, the mobile terminal 103 transmits a schedule information acquisition request to the server 102, and the server 102 responds to reception of the schedule information acquisition request in FIG. Display information for displaying the schedule screen 404 is transmitted to the mobile terminal 103. When the mobile terminal 103 receives display information for displaying the schedule screen 404 from the server 102, the mobile terminal 103 displays the schedule screen 404 on the display unit of the mobile terminal 103 according to the display information. Then, when the group week button 405 is pressed by the user, the mobile terminal 103 transmits an acquisition request for one week of schedule information of the user group authenticated in step S709 to the server 102. When the server 102 receives the acquisition request from the mobile terminal 103, the server 102 acquires the weekly schedule information of the user group from the various DBs 303 and transmits the acquired schedule information to the mobile terminal 103. Then, the mobile terminal 103 displays a schedule screen (group week) indicated by 406 according to the schedule information received from the server 102.

  When the portable terminal 103 receives an instruction to return to the previous screen by the user's operation (S808: NO), the process returns to step S720, and the portal screen 401 is displayed on the display unit.

  Next, a third control processing procedure executed by the CPU 201 between the mobile terminal 103 and the server 102 will be described with reference to FIG.

FIG. 9 is a flowchart showing a third control processing procedure executed by CPU 201 of portable terminal 103 and server 102 in FIG.
Step numbers of the respective steps shown in FIG. 9 are given the same step numbers for the same processes as those already described in FIG.

  When the user gives an instruction to display the simple login screen 407 registered (stored) in the memory of the mobile terminal 103 as a screen memo in step S809, the mobile terminal 103 stores the simple information stored in the memory of the mobile terminal 103. Display information for displaying the login screen 407 is read from the memory, and the simple login screen 407 is displayed on the display unit according to the read display information (S901).

  FIG. 5 shows the screen transition from the simple login screen 407 displayed in step S901 to the portal screen displayed in step S720.

  FIG. 5 is a diagram illustrating screen transition from the simple login screen 407 displayed in step S901 to the portal screen displayed in step S720.

The portable terminal 103 displays a simple login screen 407 on the display unit, accepts an input to the password input field 408 of a password by a user operation (S902), and when the login button 409 is pressed, The login ID not displayed on the display unit included in the display information for displaying the simple login screen is transmitted to the server 102 (S903) (authentication transmission means).
In step S903, User Agent information indicating that the transmission requesting terminal is a mobile terminal is also transmitted.

When the server 102 receives the user ID, password, and User Agent information from the mobile terminal 103 (S708), whether or not the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302. Is determined (S709). If it is determined that the server 102 is not registered (S710: NO), the server 102 determines whether or not the User Agent information received in S708 is information indicating that the mobile terminal is a mobile terminal, and the transmission request source It is determined whether the terminal is a portable terminal or a PC (step S714). And when it determines with User Agent information being the information which shows that it is a portable terminal (S714: YES), the failure screen for portable terminals which shows that the said user was not authenticated (authentication failed) is displayed. Display information for display is transmitted to the portable terminal 103 (S715), and the process returns to S708.
If it is determined in step S714 that the User Agent information is information indicating that it is a PC (NO), the process proceeds to step S708.

If the server 102 determines in S710 that the received user ID and password are registered in the authentication table 600 (FIG. 6) in the authentication DB 302, the server 102 determines that the authentication is successful (S710). : YES), it is determined whether or not the User Agent information received in S708 is information indicating that it is a mobile terminal, and it is determined whether the terminal requesting transmission is a mobile terminal or a PC (step) S711). If it is determined that the User Agent information is information indicating that the mobile terminal is a mobile terminal (S711: YES), display information for displaying the portal screen for the mobile terminal indicated by 401 in FIG. It transmits to the terminal 103 (S712). Here, in step S712, display information for displaying a portal screen for a portable terminal including a button 403 (object) for receiving a display information acquisition request instruction for displaying a simple login screen is displayed on the portable terminal. Transmit (screen transmission means). When the process of step S712 is executed, the process proceeds to step S803 in FIG.
If it is determined in step S711 that the User Agent information is information indicating that it is a PC (NO), the process proceeds to step S708.

  The processing from S717 to step S720 shown in FIG. 9 is the same as the processing from step S717 to step S720 shown in FIG.

  As described above, according to the present embodiment, an authentication screen that can prevent authentication information leakage and perform an authentication request by a simple operation is displayed in response to a request from the user after the user is authenticated. Thus, security and user convenience can be improved.

Although one embodiment of the present invention has been described above in detail, the present invention can take an embodiment as a system, apparatus, method, program (computer program) or storage medium that can be executed by the apparatus, for example. Specifically, the present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.

Another object of the present invention is to supply a storage medium storing software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention.

As a storage medium for supplying the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (basic system or operating system) running on the computer based on the instruction of the program code. Needless to say, a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

Further, after the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function is determined based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion board or function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

100 network 101 administrator terminal 102 server 103 portable terminal 104 portable terminal 105 PC 106 PC

Claims (10)

An information processing apparatus capable of communicating with a mobile terminal,
Receiving means for receiving authentication information including an ID and a password input by a user operation via the input screen from the portable terminal that displays an input screen of the ID and password on a display unit ;
Authentication means for performing authentication processing according to the authentication information received by the receiving means;
It is a simple login screen that does not include the password included in the authentication information received by the receiving means, and includes the ID included in the authentication information as information that is not displayed on the display unit of the mobile terminal, Is generated, and display information for displaying on the portable terminal a simple login screen in which the portable terminal transmits authentication information including the ID included in the simple login screen and the password that has accepted the input is generated. Generating means for
On condition that it has been authenticated by the authentication processing by said authentication means, and transmitting means for transmitting the indication information generated by said generating means to said portable terminal,
Equipped with a,
The receiving means further includes a password accepted by a user operation via a simple login screen displayed on the display unit in accordance with the display information transmitted by the transmitting means, and an ID included in the simple login screen. An information processing apparatus that receives authentication information including: from the portable terminal . Screen request receiving means for receiving a display information acquisition request for displaying the simple login screen from the mobile terminal;
The transmission means is authenticated by the authentication process by the authentication means, and the generation means is provided on the condition that the screen request receiving means has received a display information acquisition request for displaying the simple login screen. The information processing apparatus according to claim 1, wherein the generated display information is transmitted to the mobile terminal. Screen transmitting means for transmitting, to the portable terminal, display information for displaying a screen for receiving a display information acquisition request instruction for displaying the simple login screen when authenticated by an authentication process by the authenticating means. the information processing apparatus according to claim 1 or 2, further comprising a. The information processing apparatus can further communicate with a client terminal,
The receiving means further receives authentication information including an ID and a password from the portable terminal or the client terminal, and identification information for identifying whether the terminal that is the transmission source of the authentication information is a portable terminal. And
A portable determination means for determining whether the identification information received by the receiving means indicates that the terminal of the authentication information transmission source is a portable terminal;
When the screen transmission means is authenticated by the authentication process by the authentication means, and the portable determination means determines that the terminal that transmitted the authentication information is a portable terminal, the simplified login The information processing apparatus according to claim 3 , wherein display information for displaying a screen for receiving an instruction for a display information acquisition request for displaying the screen is transmitted to the mobile terminal. When the screen transmission means is authenticated by the authentication process by the authentication means, and the portable determination means determines that the terminal that transmitted the authentication information is not a portable terminal, the simple login 5. The information processing apparatus according to claim 4 , wherein display information for displaying a screen that cannot accept an instruction of a display information acquisition request for displaying the screen is transmitted to the client terminal. A method for controlling an information processing apparatus capable of communicating with a mobile terminal,
A receiving step for receiving authentication information including an ID and a password input by a user operation via the input screen from the portable terminal that displays an input screen of an ID and a password on a display unit ;
An authentication step in which an authentication means performs an authentication process according to the authentication information received in the reception step ;
The generating means does not include a password included in the authentication information received in the receiving step, and includes a simple login screen that includes information included in the authentication information as information that is not displayed on the display unit of the mobile terminal, For displaying a simple login screen on which the portable terminal transmits the authentication information including the ID included in the simple login screen and the password accepted for the input by receiving the password input by the operation of A generation process for generating display information;
Transmitting means, the authentication process under the condition that it has been authenticated by the authentication processing, a transmission step of transmitting display information generated by the generation step to the portable terminal,
Equipped with a,
The receiving step further includes a password accepted by a user operation via a simple login screen displayed on the display unit according to the display information transmitted in the transmission step, and an ID included in the simple login screen. A control method comprising: receiving authentication information including: from the mobile terminal . A program that can be read and executed by an information processing apparatus that can communicate with a mobile terminal,
The information processing apparatus;
Receiving means for receiving authentication information including an ID and a password input by a user operation via the input screen from the portable terminal that displays an input screen of the ID and password on a display unit ;
Authentication means for performing authentication processing according to the authentication information received by the receiving means;
It is a simple login screen that does not include the password included in the authentication information received by the receiving means, and includes the ID included in the authentication information as information that is not displayed on the display unit of the mobile terminal, Is generated, and display information for displaying on the portable terminal a simple login screen in which the portable terminal transmits authentication information including the ID included in the simple login screen and the password that has accepted the input is generated. Generating means for
Wherein the under the condition that it has been authenticated by the authentication processing authentication means, the display information generated by the generation unit to function as a transmitting means for transmitting to said portable terminal,
The receiving means further includes a password accepted by a user operation via a simple login screen displayed on the display unit in accordance with the display information transmitted by the transmitting means, and an ID included in the simple login screen. A program for receiving authentication information including: from the portable terminal . An information processing system including a mobile terminal and an information processing device,
The portable terminal is
Input screen display means for displaying an input screen of ID and password on the display unit;
An authentication transmission means for transmitting authentication information including an ID input by a user operation and a password to the information processing apparatus via the input screen displayed by the input screen display means ;
Before Symbol information processing apparatus, wherein not include the password included in the authentication information transmitted by the authentication transmitting device, the ID included in the authentication information is a simple login screen including the information that is not displayed on the display unit, A simple login screen receiving means for receiving display information for displaying on the display unit a simple login screen that accepts input of a password by a user operation ;
Display means for displaying the simple login screen on the display unit according to the display information received by the simple login screen receiving means;
Storage means for storing the simple login screen displayed on the display unit screen memo and to,
Screen memo display means for reading and displaying the simple login screen stored as a screen memo in the storage means according to a user operation;
Password accepting means for accepting input of a password via the simple login screen displayed by the screen memo display means;
Authentication request means for sending an authentication request to the information processing apparatus by sending authentication information including the ID included in the simple login screen displayed by the screen memo display means and the password received by the password receiving means;
The information processing apparatus includes:
Receiving means for receiving authentication information including the ID and password transmitted by the authentication transmitting means from the portable terminal ;
Authentication means for performing authentication processing according to the authentication information received by the receiving means;
It is a simple login screen that does not include the password included in the authentication information received by the receiving means, and includes the ID included in the authentication information as information that is not displayed on the display unit, and accepts password input by a user operation Generating means for generating display information for displaying on the portable terminal a simple login screen in which the portable terminal transmits authentication information including the ID included in the simple login screen and the password accepted for the input ; ,
On condition that it has been authenticated by the authentication processing by said authentication means, and transmitting means for transmitting the indication information generated by said generating means to said portable terminal,
Equipped with a,
The information processing system characterized in that the receiving means further receives the authentication information transmitted by the authentication requesting means from the portable terminal . A method for controlling an information processing system including a portable terminal and an information processing device,
An input screen display step in which the input screen display means of the portable terminal displays an input screen of ID and password on the display unit;
An authentication transmission step in which the authentication transmission means of the portable terminal transmits authentication information including an ID and a password input by a user operation via the input screen displayed in the input screen display step to the information processing apparatus. When,
The simple login screen receiving means of the portable terminal does not include the password included in the authentication information transmitted by the authentication transmission step from the information processing apparatus, and the ID included in the authentication information is not displayed on the display unit. A simple log-in screen receiving step for receiving display information for displaying on the display unit a simple log-in screen that accepts input of a password by a user operation,
A display step of displaying the simple login screen on the display unit according to the display information received by the display means of the portable terminal in the simple login screen receiving step;
A storage step in which the storage means of the portable terminal stores the simple login screen displayed on the display means as a screen memo;
A screen memo display unit of the portable terminal reads and displays the simple login screen stored as a screen memo in the storage step according to a user operation,
A password accepting step in which the password accepting means of the mobile terminal accepts an input of a password via the simple login screen displayed by the screen memo displaying step;
The authentication request means of the mobile terminal transmits authentication information including the ID included in the simple login screen displayed in the screen memo display step and the password received in the password reception step to the information processing apparatus for authentication. An authentication request process for making a request;
The information processing apparatus includes:
A receiving step in which the receiving means of the information processing device receives the authentication information including the ID and password transmitted in the authentication transmitting step from the portable terminal;
An authentication step in which an authentication unit of the information processing apparatus performs an authentication process according to the authentication information received in the reception step;
The information processing apparatus generating means does not include a password included in the authentication information received in the receiving step, and includes a simple login screen that includes information included in the authentication information as information that is not displayed on the display unit, In order to display a simple login screen on which the portable terminal transmits authentication information including an ID included in the simple login screen and a password that has received the input, upon receiving a password input by a user operation. A generation process for generating display information of
A transmission step of transmitting the display information generated by the generation step to the portable terminal on condition that the transmission unit of the information processing apparatus has been authenticated by the authentication process by the authentication step;
With
The receiving method further includes receiving the authentication information transmitted in the authentication requesting step from the portable terminal. A program that can be read and executed by an information processing system including a portable terminal and an information processing device,
The portable terminal;
Input screen display means for displaying an input screen of ID and password on the display unit;
An authentication transmission means for transmitting authentication information including an ID input by a user operation and a password to the information processing apparatus via the input screen displayed by the input screen display means;
A simple login screen that does not include the password included in the authentication information transmitted by the authentication transmission unit from the information processing apparatus and includes the ID included in the authentication information as information that is not displayed on the display unit. Simple login screen receiving means for receiving display information for displaying on the display unit a simple login screen that accepts input of a password by the operation of
Display means for displaying the simple login screen on the display unit according to the display information received by the simple login screen receiving means;
Storage means for storing the simple login screen displayed by the display means as a screen memo;
Screen memo display means for reading and displaying the simple login screen stored as a screen memo in the storage means according to a user operation;
Password accepting means for accepting input of a password via the simple login screen displayed by the screen memo display means;
Causing authentication information including an ID included in the simple login screen displayed by the screen memo display means and the password received by the password accepting means to function as an authentication requesting means for sending an authentication request to the information processing apparatus. ,
The information processing apparatus;
Receiving means for receiving authentication information including the ID and password transmitted by the authentication transmitting means from the portable terminal;
Authentication means for performing authentication processing according to the authentication information received by the receiving means;
It is a simple login screen that does not include the password included in the authentication information received by the receiving means, and includes the ID included in the authentication information as information that is not displayed on the display unit, and accepts password input by a user operation Generating means for generating display information for displaying on the portable terminal a simple login screen in which the portable terminal transmits authentication information including the ID included in the simple login screen and the password accepted for the input; ,
Under the condition that it has been authenticated by the authentication process by the authentication means, the display information generated by the generation means functions as a transmission means for transmitting to the portable terminal,
The receiving means further receives the authentication information transmitted by the authentication requesting means from the portable terminal.

Images