JP6222858B2 - Information processing system, information processing method, and program - Google Patents

Description

  The present invention relates to an information processing system, an information processing method, and a program.

  Development of technology for acquiring information desired by a user from another apparatus with high accuracy or registering it in another apparatus in response to a user's request is underway. For example, Patent Document 1 discloses a schedule management system for registering a schedule including one or more events with respect to a calendar application that is an application capable of managing a schedule in a calendar format. In another application which is another application, a URL scheme including the calendar application to be registered in the schedule, a command to be executed for the calendar application, and a parameter for specifying the content of the schedule is generated. A URL scheme generation unit; a URL scheme notification unit for notifying the calendar application of the URL scheme generated by the URL scheme generation unit; and the calendar application based on the URL scheme notified by the URL scheme notification unit. The Moving to the schedule management system is characterized in that a URL scheme execution unit for executing processing designated is described by the command.

JP2015-118465A

  By the way, in organizations such as companies, there is a demand for making it possible to share information among a plurality of users and making it possible to access arbitrary information wherever it is. However, if information can be shared or information can be accessed from an arbitrary terminal, information security decreases. In particular, there is information that is not desired to be disclosed to some organizations depending on the organization, and it is an information security problem to easily access a device that manages such information. Therefore, it is desired to be able to access arbitrary information while maintaining information security.

  An object of some aspects of the present invention is to provide an information processing system, an information processing method, and a program capable of accessing arbitrary information while maintaining information security.

  Another object of another aspect of the present invention is to provide an information processing system, an information processing method, and a program that can achieve the effects described in the embodiments described later.

In order to solve the above-described problem, an aspect of the present invention includes a first server device connected to a first network, a second server device connected to a second network different from the first network, and the first server . An information processing system comprising a network constructed between a network and the second network, wherein the first server device and the second server device establish the communication connection and communicate with each other across the firewall. The first server device acquires a message including the request from a terminal device connected to the first network, and transmits the acquired message to the second server device through the communication connection. The second server device analyzes the message transmitted from the first server device. A request analysis unit that extracts keyword information representing the content of the request, and external storage information stored in an external device connected to the second network based on the keyword information extracted by the request analysis unit. And a request processing unit that executes processing according to the content of the request.

One embodiment of the present invention includes a first server device connected to a first network, a second server device connected to a second network different from the first network, the first network, and the second network. An information processing method in an information processing system , wherein the first server device and the second server device establish a communication connection and communicate with each other across the firewall. A first step in which a first server device acquires a message including a request from a terminal device connected to the first network, and transmits the acquired message to the second server device through the communication connection ; The second server device analyzes the message transmitted from the first server device, and A second step of extracting keyword information representing content, and external storage information stored in an external device connected to the second network based on the keyword information extracted by the second server device in the second step And a third step of executing processing according to the content of the request.

One embodiment of the present invention includes a first server device connected to a first network, a second server device connected to a second network different from the first network, the first network, and the second network. A computer built in the information processing system , wherein the first server device and the second server device establish the communication connection and communicate with each other across the firewall .
A message including a request, which is acquired by the first server device from the terminal device connected to the first network, is received from the first server device through the communication connection , and the received message is analyzed. A first step of extracting keyword information representing the content of the request included in the message, and an external storage stored in an external device connected to the second network based on the keyword information extracted in the first step And a second step of executing processing according to the content of the request with reference to information.

  According to the embodiment of the present invention, it is possible to make any information accessible while maintaining information security.

It is a mimetic diagram showing an outline of an information processing system concerning a 1st embodiment of the present invention. It is a block diagram which shows the structure of the information processing system which concerns on the embodiment. It is a block diagram which shows the structure of the external server apparatus which concerns on the same embodiment. It is a figure which shows an example of the user authentication information which concerns on the embodiment. It is a block diagram which shows the structure of the system cooperation server apparatus which concerns on the same embodiment. It is a figure which shows an example of the account information which concerns on the embodiment. It is a figure which shows an example of the system designation | designated keyword information which concerns on the embodiment. It is a sequence chart which shows an example of the flow of the communication connection establishment process by the information processing system which concerns on the embodiment. It is a sequence chart which shows an example of the flow of the message processing by the information processing system concerning the embodiment. It is FIG. 1 for demonstrating the request message and reply message which concern on the embodiment. It is FIG. 2 for demonstrating the request message and reply message which concern on the embodiment. It is FIG. 3 for demonstrating the request message and reply message which concern on the embodiment. It is FIG. 4 for demonstrating the request message and reply message which concern on the same embodiment. It is FIG. 5 for demonstrating the request message and reply message which concern on the embodiment.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
[First embodiment]
(Outline of the first embodiment)
A first embodiment of the present invention will be described.
First, an outline of the present embodiment will be described.
FIG. 1 is a schematic diagram showing an outline of an information processing system 1 according to the present embodiment.
The information processing system 1 according to the present embodiment is a system including an in-house system built on an in-house network and an outside system built on an outside network. An in-house system is an information processing system built in a corporate facility for the purpose of supporting corporate activities. In order to improve corporate information security, a firewall is constructed between the external network and the internal network. Therefore, a device without a special access right cannot access the external network side from the external network side. However, a communication connection using a web socket (WebSocket) can be established between the external server device 30 connected to the external network and the system cooperation server device 50 connected to the internal network.

The terminal device 10 and the external server device 30 are connected to the external network. A system cooperation server device 50 and a scheduler server device 71 are connected to the in-house network.
The terminal device 10 is an electronic device used by a company employee. Hereinafter, an employee who is a user of the terminal device 10 is simply referred to as a user.
The external server device 30 is a server device that mediates communication between the terminal device 10 and the system cooperation server device 50.
The system cooperation server device 50 refers to information stored in a device connected to the in-house network, for example, using an artificial intelligence AI, and performs processing in response to a request from an employee.

  In the information processing system 1, each user can exchange messages with other users or the artificial intelligence AI of the system cooperation server device 50 using the terminal device 10. The message is a message in an application layer such as HTTPS (Hypertext Transfer Protocol Secure) or XMPP (Extensible Messaging and Presentation Protocol). The message is mainly composed of text, but may include pictographs, figures, photographs, and the like. The message may be a natural sentence. The message transmitted from the terminal device 10 is transferred from the external server device 30 to the system cooperation server device 50. Therefore, the artificial intelligence AI can monitor an arbitrary message transmitted from the terminal device 10. The artificial intelligence AI refers to a message transmitted from the terminal device 10 to itself, and detects (requests) a request from the user to itself. For example, the user can request work support such as schedule adjustment to the artificial intelligence AI.

  As described above, the information processing system 1 is an information processing system in which the external server device 30 connected to the external network and the system cooperation server device 50 connected to the internal network communicate with each other. The external server device 30 acquires a message including the request from the terminal device 10 and transmits the acquired message to the system cooperation server device 50. The system cooperation server device 50 analyzes the message acquired from the external server device 30 and executes processing according to the request in the message.

  Thereby, in the information processing system 1, the external server device 30 relays transmission / reception of messages between the terminal device 10 and the system cooperation server device 50. The processing for the device connected to the in-house network is executed by the system cooperation server device 50 analyzing the message. That is, in the information processing system 1, since the system cooperation server device 50 acts as a proxy for requests from outside the company, it is possible to reduce the risk that a malicious user directly accesses in-house information. On the other hand, since the process can be performed by the system cooperation server device 50 even outside the company, for example, the user can obtain desired information or update the information. Therefore, the information processing system 1 can access arbitrary information while maintaining information security.

Further, since the system cooperation server device 50 transmits and receives messages via the external server device 30, it is not necessary to establish a communication connection with each of the terminal devices 10 individually. That is, in the information processing system 1, in order to send and receive messages between the system cooperation server device 50 and the terminal device 10, it is not necessary to open a port in the firewall between the internal network and the external network for each terminal device 10. . Therefore, the information processing system 1 can maintain information security.
The above is the description of the outline of the information processing system 1.

(Configuration of information processing system 1)
Next, the configuration of the information processing system 1 will be described.
FIG. 2 is a block diagram illustrating a configuration of the information processing system 1.
The information processing system 1 includes a plurality of terminal devices 10-1, 10-2, 10-3, an external server device 30, a system linkage server device 50, a scheduler server device 71, a CMS server device 72, and an approval. A system server device 73. In the following description, the terminal devices 10-1, 10-2, 10-3,. The terminal device 10 and the external server device 30 are connected to the external network NW1. The system cooperation server device 50, the scheduler server device 71, the CMS server device 72, and the approval system server device 73 are connected to the in-house network NW2. Hereinafter, the scheduler server device 71, the CMS (Content Management System) server device 72, and the approval system server device 73 may be collectively referred to as an in-house information management device 70.

The external network NW1 includes, for example, a mobile phone network, a PHS (Personal Handy-phone System) network, a VPN (Virtual Private Network) network, a dedicated communication network, a WAN (Wide Area Network), and a LAN (Local Area Network). This is an information communication network including a public switched telephone network (Public Switched Telephone Network).
The in-house network NW2 is an information communication network including, for example, a VPN network, a dedicated communication line network, a WAN, and a LAN.

  The terminal device 10 is an electronic device such as a personal computer, a mobile phone, a tablet, a smartphone, a PHS terminal device, or a PDA (Personal Digital Assistant). The terminal device 10 is installed with an application for sending and receiving messages with other users. This application may be any application as long as it can send and receive messages, for example, a messenger application, a mailer application, and the like. A messenger application is an application that transmits and receives messages within a group composed of a plurality of predetermined users. For example, if a group is composed of four members, a message posted by one member is immediately distributed to the other three members. The distributed messages are classified into groups, for example, and are sequentially displayed in a thread format. In the present embodiment, the group includes the user of the terminal device 10 and the artificial intelligence AI.

  The external server device 30 is a server device that establishes a communication connection with each of the terminal device 10 and the system cooperation server device 50 and relays communication between the terminal device 10 and the system cooperation server device 50. The external server device 30 transfers the message transmitted from the terminal device 10 to the system cooperation server device 50. Further, the external server device 30 transfers the message transmitted from the system cooperation server device 50 to the terminal device 10.

  The system cooperation server device 50 establishes a communication connection with the external server device 30 and transmits / receives a message to / from the terminal device 10 via the external server device 30. Further, the system cooperation server device 50 monitors messages transmitted / received within the group or messages addressed to the own device.

  The system cooperation server device 50 includes a business support function such as a schedule adjustment support function by the above-described artificial intelligence AI. However, the business support function may be realized by non-artificial intelligence. Artificial intelligence AI is software or a system that mimics the intellectual work performed by the human brain using a computer. Hereinafter, as an example, a case where the artificial intelligence AI is software that performs learning and inference will be described. Any known technique may be adopted as the technique of learning and inference using the artificial intelligence AI. In the following, details of processing related to learning and inference by the artificial intelligence AI are omitted.

The scheduler server device 71 is a server device that manages schedules of users and facilities. The scheduler server device 71 includes a schedule information storage unit 711.
The schedule information storage unit 711 stores schedule information representing a user schedule or a facility schedule. The schedule information may represent a facility schedule. A user's schedule is comprised by information, such as a plan date and time, a plan time, a plan place, and other persons (participants) related to a plan, for each plan. The facility schedule includes, for example, information such as the use date and time, use time, user, and use purpose of the facility. For example, the scheduler server device 71 transmits schedule information or writes schedule information in response to a request from the system cooperation server device 50.

  The CMS server device 72 is a server device that manages various contents (files) created in-house. The CMS server device 72 only needs to manage various contents (files) created in-house, and includes, for example, an attendance management system. The CMS server device 72 includes a CMS related information storage unit 732. The CMS related information storage unit 732 stores CMS related information representing various contents. The CMS server device 72 transmits CMS related information in response to a request from the system cooperation server device 50, for example.

An approval system server device 73 is a server device that manages in-house approval processing. The approval system server device 73 includes an approval status information storage unit 731. The approval status information storage unit 731 stores approval status information representing various approval statuses. For example, the approval system server device 73 transmits approval status information in response to a request from the system cooperation server device 50.
The above is the description of the configuration of the information processing system 1.

(Configuration of the external server device 30)
Next, the configuration of the external server device 30 will be described.
FIG. 3 is a block diagram illustrating a configuration of the external server device 30.
The external server device 30 includes an external server first communication unit 31, an external server second communication unit 32, a storage unit 33, and a control unit 34.
The external server first communication unit 31 includes a communication IC (Integrated Circuit) and communicates with the terminal device 10.
The external server second communication unit 32 includes a communication IC and communicates with the system cooperation server device 50.

The storage unit 33 includes, for example, an HDD (Hard Disc Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a ROM (Read Only Memory), and a RAM (Random Access Memory, etc.). Various programs to be executed by the CPU included in the external server device 30 and results of processing executed by the CPU are stored.
The storage unit 33 includes an authentication information storage unit 331. The authentication information storage unit 331 stores user authentication information.

  The user authentication information is authentication information such as a password determined for each user of the terminal device 10. As illustrated in FIG. 4, for example, the authentication information storage unit 331 manages user authentication information in association with a user ID (IDentifier). Here, in the present embodiment, a user ID and user authentication information are assigned to the artificial intelligence AI of the system cooperation server device 50 as well as the user of the terminal device 10. That is, the external server device 30 handles the system cooperation server device 50 and the terminal device 10 equally.

  The control unit 34 controls each component of the external server device 30. The control unit 34 is realized, for example, when a CPU included in the external server device 30 executes a program stored in the storage unit 33. However, the control unit 34 may be realized as hardware such as an LSI (Large Scale Integration) or an ASIC (Application Specific Integrated Circuit).

The control unit 34 includes an authentication unit 341 and a message transfer unit 342.
The authentication unit 341 executes processing for authenticating the terminal device 10 and the system cooperation server device 50. Specifically, the authentication unit 341 requests the terminal device 10 or the system cooperation server device 50 that requests establishment of a communication connection to transmit user authentication information. When the authentication unit 341 receives user authentication information from the terminal device 10 or the system cooperation server device 50, the authentication unit 341 reads out user authentication information related to the request source device from the authentication information storage unit 331. The authentication unit 341 verifies the user authentication information received from the terminal device 10 and the user authentication information read from the authentication information storage unit 331 to authenticate the terminal device 10 or the system cooperation server device 50. The authentication unit 341 establishes a communication connection with the authenticated terminal device 10 or the system cooperation server device 50 and permits transmission / reception of messages.

The message transfer unit 342 transfers the message received from the terminal device 10 to the system cooperation server device 50. The message transfer unit 342 transfers the message received from the system cooperation server device 50 to the terminal device 10.
The above is the description of the configuration of the external server device 30.

(Configuration of system cooperation server device 50)
Next, the configuration of the system cooperation server device 50 will be described.
FIG. 5 is a block diagram illustrating a configuration of the system cooperation server device 50.
The system cooperation server device 50 includes an in-house server first communication unit 51, an in-house server second communication unit 52, a storage unit 53, and a control unit 54.
The in-house server first communication unit 51 includes a communication IC and communicates with the external server device 30.
The in-house server second communication unit 52 includes a communication IC and communicates with the in-house information management device 70.
The storage unit 53 includes, for example, an HDD, a flash memory, an EEPROM, a ROM, a RAM, and the like, and includes various programs to be executed by the CPU included in the system cooperation server device 50 such as firmware and application programs, and results of processing executed by the CPU. Memorize etc.

The storage unit 53 includes an account information storage unit 531 and a system designation keyword information storage unit 532.
The account information storage unit 531 stores account information. The account information is information related to the user of the terminal device 10.
The system designated keyword information storage unit 532 stores system designated keyword information. The system designated keyword information is information used for extracting a request included in a message.

Here, an example of account information and system keyword information will be described.
FIG. 6 is a diagram illustrating an example of account information.
In the example illustrated in FIG. 6, the account information includes information such as a name (last name), a name (name), a system user ID, a messenger user ID, and an ID type for each user.
The system user ID is user identification information used when accessing information managed by the in-house information management apparatus 70. The system user ID may be provided for each in-house information management device 70. The messenger user ID is user identification information used in message transmission / reception. In other words, the system user ID is so-called internal identification information used in the internal network NW2, and the messenger user ID is so-called external identification information used in the external network NW1. The ID type is information indicating an access authority to information.

As described above, account information manages external user identification information and internal user identification information for each user. Therefore, the system cooperation server device 50 can mutually convert external user identification information and internal user identification information. Therefore, the terminal device 10 can access the in-house information from outside the company only by using the external user identification information. That is, the system cooperation server device 50 can improve the information security because it does not provide in-house user identification information outside the company.
This completes the explanation of the account information.

FIG. 7 is a diagram illustrating an example of system designation keyword information.
In the example illustrated in FIG. 7, information such as a keyword, a cooperation destination system, and a system operation is stored for each keyword in the system designation keyword information.
The keyword is information indicating a keyword assumed to be included in the message. The cooperation destination system is information indicating the in-house information management device 70 corresponding to the keyword. That is, the cooperation destination system is information indicating the in-house information management device 70 that is the access destination. The system operation is information indicating the content of processing performed by the system cooperation server device 50 according to a keyword.
This completes the description of the system designated keyword information.

  As described above, the system-designated keyword information manages the in-house information management device 70 as the access destination and the contents of processing for each keyword. Therefore, the system cooperation server device 50 determines which in-house information management device 70 should be accessed and what processing should be performed by extracting the keyword managed by the system-specified keyword information from the message. Can do.

Returning to FIG. 5, the description of the configuration of the system cooperation server device 50 will be continued.
The control unit 54 controls each configuration of the system cooperation server device 50. The control unit 54 functions, for example, when the CPU of the system cooperation server device 50 executes a program stored in the storage unit 53. However, the control unit 54 may be realized as hardware such as an LSI or an ASIC.

The control unit 54 includes an external server authentication unit 541, a request analysis unit 542, a request processing unit 543, and a message generation unit 544. The request analysis unit 542, the request processing unit 543, and the message generation unit 544 are realized, for example, as an artificial intelligence AI.
The external server authentication unit 541 executes processing for causing the external server device 30 to authenticate itself. The external server authentication unit 541 transmits the user authentication information of its own device to the external server device 30. If the authentication is successful, the external server authentication unit 541 establishes a communication connection with the external server device 30.

The request analysis unit 542 acquires a message transmitted from the terminal device 10 via the external server device 30. The request analysis unit 542 analyzes the request content from the acquired message and specifies the processing content for the request. The request analysis unit 542 outputs information indicating the specified processing content to the request processing unit 543.
Specifically, first, the request analysis unit 542 performs a morphological analysis on the message, and extracts a keyword described in the system designation keyword information from the message. The request processing unit 543 extracts system designated keyword information from the system designated keyword information storage unit 532 based on the extracted keyword. Thereby, the request processing unit 543 can determine the in-house information management apparatus 70 to be accessed and the processing content to be performed. Further, the system user ID and access authority necessary for accessing the in-house information management device 70 are specified by referring to the messenger user ID of the terminal device 10 that is the transmission source and the account information related to the employee's name extracted from the message. can do. Note that the request processing unit 543 may correct fluctuations, ambiguity, and ambiguity in the extraction of keywords. For example, the request analysis unit 542 may collate the user's nickname or abbreviation extracted as a keyword with the account information and uniquely identify the user. In this way, the request analysis unit 542 corrects the fluctuation, ambiguity, and ambiguity of the expression, so that, for example, even if the keyword is not described in the formal name in the message, the request analysis unit 542 , It can analyze the request contents correctly.

  Further, the request analysis unit 542 requests the message generation unit 544 to generate a message for requesting addition of information when keywords cannot be sufficiently extracted from the message. For example, the request analysis unit 542 generates a message for inquiring about missing information when any of the participant, the scheduled date and time, and the planned location cannot be extracted in the schedule adjustment. In addition, when a plurality of candidates are assumed as keywords due to fluctuations or ambiguity in the expression, the request analysis unit 542 requests generation of a message for inquiring which of the candidates is a candidate. In addition, for example, when only the user's last name is included in the message, there are a plurality of users with the same last name, so it may not be possible to determine which user should be processed. In this case, the request analysis unit 542 generates a message inquiring which user it is. As described above, the system cooperation server device 50 makes an inquiry by a message to the request source when there is an unclear part in the request content. Therefore, the system cooperation server device 50 can accurately grasp the request contents.

  The request processing unit 543 executes processing according to the request based on the information representing the processing content acquired from the request analysis unit 542. For example, the request processing unit 543 accesses the in-house information management apparatus 70 based on the processing content acquired from the request analysis unit 542, and refers to or updates necessary information. For example, when performing the schedule adjustment, the request processing unit 543 acquires schedule information related to the requesting user from the scheduler server device 71 and specifies the free time. For example, when the request processing unit 543 is requested to provide information managed by the CMS server device 72, the request processing unit 543 acquires the requested information from the CMS server device 72. Further, for example, when receiving an inquiry about the approval status, the request processing unit 543 acquires the approval status information from the approval system server device 73. The request processing unit 543 requests the message generation unit 544 to generate a message indicating the processing result.

The message generation unit 544 generates a message in response to a request from the request analysis unit 542 and the request processing unit 543. The message generation unit 544 may generate a message that hides information that is inappropriate to be taken out of the company for information security. In addition, the message generation unit 544 may generate a message indicating that reference is prohibited when reference to information that is prohibited in advance is requested, such as when there is no access right. The message generation unit 544 transmits the generated message to the requesting terminal device 10.
The above is the description of the configuration of the system cooperation server device 50.

(Operation of the information processing system 1)
Next, the operation of the information processing system 1 will be described.
First, communication connection establishment processing for enabling transmission / reception of messages between the terminal device 10 and the system cooperation server device 50 will be described.
FIG. 8 is a sequence chart showing an example of the flow of communication connection establishment processing by the information processing system 1.

In the example illustrated in FIG. 8, the information processing system 1 starts processing from step S <b> 10.
(Step S <b> 10) The system cooperation server device 50 makes an authentication request to the external server device 30. Specifically, the system cooperation server device 50 transmits user authentication information of the own device to the external server device 30. This process is executed, for example, when the artificial intelligence AI is activated in the system cooperation server device 50. Thereafter, the information processing system 1 advances the processing to step S12.

(Step S <b> 12) The external server device 30 authenticates the system cooperation server device 50 based on the user information acquired from the system cooperation server device 50. Thereafter, the information processing system 1 advances the processing to step S14.
(Step S14) If the authentication is successful, the external server device 30 and the system cooperation server device 50 establish a communication connection. This communication connection is, for example, a web socket. Thereby, the external server device 30 and the system cooperation server device 50 can perform all necessary communications on this communication connection. Thereafter, the information processing system 1 advances the processing to step S16.

(Step S <b> 16) The terminal device 10 makes an authentication request to the external server device 30. Specifically, the terminal device 10 transmits user authentication information of the own device to the external server device 30. This process is executed when, for example, the messenger application is activated in the terminal device 10. Thereafter, the information processing system 1 advances the processing to step S18.
(Step S <b> 18) The external server device 30 authenticates the terminal device 10 based on the user information acquired from the system cooperation server device 50. Thereafter, the information processing system 1 advances the processing to step S20.

(Step S20) If the authentication is successful, the external server device 30 and the terminal device 10 establish a communication connection. This communication connection is, for example, a web socket. Thereby, the external server device 30 and the terminal device 10 can perform all necessary communications on this communication connection. At this time, if the communication connection between the external server device 30 and the system cooperation server device 50 is also established, the terminal device 10 and the system cooperation server device 50 can transmit and receive messages to and from each other. Then, the information processing system 1 ends the process shown in FIG.
In the example shown in FIG. 8, the order of the processes in steps S10 to S14 and the processes in steps S16 to S20 may be reversed.
The above is the description of the flow of the communication connection establishment process.

Next, a description will be given of a request for business support by a message and a flow of message processing for performing processing according to the request.
FIG. 9 is a sequence chart showing an example of the flow of message processing by the information processing system 1.
In the example illustrated in FIG. 9, the information processing system 1 starts processing from step S <b> 30.
(Step S30) The terminal device 10 transmits a message including a request (hereinafter referred to as a request message) to the system cooperation server device 50. Thereafter, the information processing system 1 advances the processing to step S32.

(Step S32) The system cooperation server device 50 analyzes the request content from the request message. Specifically, keywords are extracted from the request message. Then, the request content is specified by referring to the system designated keyword information. Thereafter, the information processing system 1 advances the processing to step S34.

(Step S34) The system cooperation server device 50 executes processing according to the specified request content. For example, the system cooperation server device 50 executes an information acquisition request or an information update request to the in-house information management device 70. Thereafter, the information processing system 1 advances the processing to step S36.
(Step S36) The in-house information management device 70 executes processing in response to a request from the system cooperation server device 50. For example, the in-house information management device 70 transmits information managed by the own device to the system cooperation server device 50 or updates information managed by the own device. Thereafter, the information processing system 1 advances the processing to step S38.

(Step S38) The system cooperation server device 50 generates a message indicating the processing result (hereinafter referred to as an answer message). Thereafter, the information processing system 1 advances the processing to step S40.

(Step S <b> 40) The system cooperation server device 50 transmits an answer message to the terminal device 10. Thereafter, the information processing system 1 advances the processing to step S42.
(Step S42) The terminal device 10 displays the response message received from the system cooperation server device 50 and presents the response to the request to the user. Then, the information processing system 1 ends the process shown in FIG.
This completes the description of the message processing flow.

(Specific examples of request message and response message)
Next, specific examples of the request message and the reply message will be described with reference to FIGS.
In the example shown in FIG. 10, a request message for inquiring the schedule of another employee (manager) is sent from the user (general employee) of the terminal device 10. On the other hand, the system cooperation server device 50 acquires schedule information related to the inquiry target user from the scheduler server device 71. However, some access restrictions are set in the acquired schedule information ("manager only" in FIG. 10). Therefore, the system cooperation server device 50 generates an answer message including only information for which access restriction is not set among the acquired schedule information. As described above, the system cooperation server device 50 filters information that is inappropriately disclosed based on the access authority of the requesting user. And the system cooperation server apparatus 50 does not need to reply about the information whose disclosure is inappropriate. In addition, the system cooperation server device 50 may answer the information that is inappropriately disclosed by hiding only the inappropriately disclosed portion. For example, in the example shown in FIG. 10, an answer message is generated by replacing “personal consultation” that is open to the administrator only with “scheduled”. Accordingly, the user can recognize that at least information exists even for information that is inappropriately disclosed.

  In the example illustrated in FIG. 11, a request message for requesting schedule adjustment for a meeting is transmitted from the terminal device 10. In response to this, the system cooperation server device 50 executes a morphological analysis of the request message and extracts a keyword. Further, the system cooperation server device 50 identifies the type of the extracted keyword. The system cooperation server device 50 generates an answer message by applying the extracted keyword to an answer message template prepared in advance. Thus, the system cooperation server device 50 may generate an answer message using a template.

  In the example illustrated in FIG. 12, the system cooperation server device 50 acquires schedule information of a certain user from the scheduler server device 71. Here, the schedule information includes proper nouns such as “Axxx Company”, “Bxxx Company”, “Cxxx Company”, etc., and these proper nouns are answered in a form that anyone can specify for information security. It is not preferable. Therefore, the system cooperation server device 50 makes the proper noun an ambiguous expression or uses an expression so that only a specific user can recognize it. For example, “Axxx company” is simply expressed as “customer” and blurred, or “Cxxx company” is designated as “C company” so that only a specific user can recognize it. As described above, the system cooperation server device 50 may generate an answer message in which some information is concealed. Note that the information may be concealed by any method such as replacement with another character or symbol, partial deletion, display mode change, encryption, or the like. When changing the display mode, for example, the character string to be concealed may be indicated by a background color. In this case, the user can check the hidden information by performing an operation of inverting the color of the character.

  In the example illustrated in FIG. 13, request messages are continuously transmitted from the terminal device 10. In the process P11, a request “Tim (name of artificial intelligence AI), tell me tomorrow's schedule” is made. On the other hand, the system cooperation server device 50 performs morphological analysis of the request message, and extracts the keywords “Tim”, “Tomorrow”, “Schedule”, and “Tell me”. Then, from the keyword “plan”, the in-house information management device 70 as the access destination is the scheduler server device 71, and the processing content is acquisition of schedule information of “tomorrow”. Next, the system cooperation server device 50 acquires schedule information that satisfies the conditions specified by the user from the scheduler server device 71 (process P12). Next, the system cooperation server device 50 transmits the contents of the acquired schedule information as an answer message (process P13). On the other hand, the terminal device 10 transmits “1” as a request message in order to ask for details of one of the two schedules (process P14). In response to this inquiry, the system cooperation server device 50 considers the contents of the process of transmitting the contents of the two schedules performed earlier, and the request message “1” indicates one of the two previous schedules. Determine that you are requesting. Then, the system cooperation server device 50 transmits the details of the schedule “1” as an answer message (process P15). As described above, the system cooperation server device 50 may generate an answer message for a plurality of consecutive request messages like a continuous conversation.

  In the example illustrated in FIG. 14, an answer message for requesting addition of information is transmitted in response to the request message from the terminal device 10. In the process P21, a request message “Tim (artificial intelligence AI name), meeting setting” is transmitted, and only the details of the requested process are notified. In response to this, the system cooperation server device 50 performs morphological analysis of the request message and extracts keywords “tim” and “meeting setting”. Then, from the keyword “meeting setting”, the in-house information management device 70 as the access destination is set as the scheduler server device 71, and the processing content is set as “meeting setting”. Here, the parameters “participant and date” are required for “meeting setting”. Therefore, the system cooperation server device 50 transmits a reply message for inquiring about the participant and a reply message for inquiring the date and time (processing P22 and P24).

Next, upon receiving designation of the participant and the date and time from the user (processes P23 and P25), the system cooperation server device 50 acquires schedule information that satisfies the conditions designated by the user from the scheduler server device 71. (Process P26). Here, the system cooperation server device 50 also acquires the schedule information of the candidate locations for the locations that are other parameters necessary for the setting of the meeting. Next, the system cooperation server device 50 refers to the acquired schedule information and matches the free time. Next, as a result of matching, the system cooperation server device 50 transmits a list of meeting dates and places as a reply message to the terminal device 10 (process P27). When the user selects one of the candidates (process P28), the system cooperation server device 50 updates the schedule information of the scheduler server device 71 for the selected candidate. And the system cooperation server apparatus 50 transmits the update result of schedule information to the terminal device 10 as an answer message. As described above, the system cooperation server device 50 may request the terminal device 10 for information that is insufficient to execute the requested processing by a message.
The above is a description of specific examples of the request message and the reply message.

(Summary of the first embodiment)
As described above, the information processing system 1 according to the present embodiment includes the external server device 30 (an example of the first server device) connected to the external network NW1 (an example of the first network) and the external network NW1. This is an information processing system in which a system cooperation server device 50 (an example of a second server device) connected to a different in-house network NW2 (an example of a second network) communicates with each other.
The external server device 30 includes a message transfer unit 342 that acquires a message including a request from the terminal device 10 connected to the external network NW1, and transmits the acquired message to the system cooperation server device 50.
The system cooperation server device 50 analyzes the message transmitted from the external server device 30, extracts the keyword information representing the content of the request, and based on the keyword information extracted by the request analysis unit 542, Referring to the external storage information (for example, schedule information, CMS related information, decision status information) stored in the external device (for example, in-house information management device 70) connected to the network NW2, execute processing according to the content of the request A request processing unit 543.

  Thereby, in the information processing system 1, the external server device 30 relays transmission / reception of messages between the terminal device 10 and the system cooperation server device 50. Also, access to an external device connected to the in-house network NW2 is not performed directly from the terminal device 10, but is performed by the system cooperation server device 50. Therefore, the information processing system 1 can access arbitrary information while maintaining information security.

  The external server device 30 also includes an authentication information storage unit 331 that stores authentication information predetermined for each message transmission source, authentication information received from the terminal device 10, and authentication information stored in the authentication information storage unit 331. Authentication for authenticating the terminal device 10 based on the information and authenticating the system cooperation server device 50 based on the authentication information received from the system cooperation server device 50 and the authentication information stored in the authentication information storage unit 331 The message transfer unit 342 further transmits a message acquired from the terminal device 10 authenticated by the authentication unit 341 to the system cooperation server device 50 authenticated by the authentication unit 341.

  Thereby, communication between the terminal device 10 and the system cooperation server device 50 can be performed only when authentication by the system cooperation server device 50 is performed. Therefore, the information processing system 1 can improve information security. Further, since authentication is performed in the same manner for the terminal device 10 and the system cooperation server device 50, the external server device 30 needs to have individual authentication functions for the terminal device 10 and the system cooperation server device 50. Absent. Accordingly, in the information processing system 1, it is easy to mount the external server device 30, but the information processing system 1 can easily start transmission / reception of messages without degrading information security.

In addition, the request processing unit 543 generates a message indicating an answer that conceals some information with respect to the request.
As a result, the information processing system 1 can make it difficult for non-specific users to understand the contents of information that is inappropriately taken out to the external network NW1 or information that does not have access authority. Therefore, the information processing system 1 can transmit necessary information to the user while improving information security.

In addition, when the request processing unit 543 needs to refer to external storage information that is prohibited from being referred to in advance in order to execute processing according to the content of the request, reference to the information is prohibited. Generate a message to that effect.
Thereby, even when the information processing system 1 cannot fulfill the user's request, the user is notified of the reason, so that the user can take necessary measures.

[Modification]
The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiment, and includes a design and the like within a scope not departing from the gist of the present invention. For example, the configurations described in the above-described embodiments can be arbitrarily separated and arbitrarily combined. In addition, for example, each configuration described in the above-described embodiment can be omitted when it is not necessary to exhibit a specific function.

  In addition, a program for realizing the functions of the terminal device 10, the external server device 30, the system linkage server device 50, and the in-house information management device 70 described above is recorded on a computer-readable recording medium and recorded on the recording medium. The programs as the terminal device 10, the external server device 30, the system linkage server device 50, and the in-house information management device 70 may be performed by causing the computer system to read and execute the program. Here, “loading and executing a program recorded on a recording medium into a computer system” includes installing the program in the computer system. The “computer system” here includes an OS and hardware such as peripheral devices. Further, the “computer system” may include a plurality of computer devices connected via a network including a communication line such as the Internet, WAN, LAN, and dedicated line. The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. As described above, the recording medium storing the program may be a non-transitory recording medium such as a CD-ROM. The recording medium also includes a recording medium provided inside or outside that is accessible from the distribution server in order to distribute the program. The code of the program stored in the recording medium of the distribution server may be different from the code of the program that can be executed by the terminal device. That is, the format stored in the distribution server is not limited as long as it can be downloaded from the distribution server and installed in a form that can be executed by the terminal device. Note that the program may be divided into a plurality of parts, downloaded at different timings, and combined in the terminal device, or the distribution server that distributes each of the divided programs may be different. Furthermore, the “computer-readable recording medium” holds a program for a certain period of time, such as a volatile memory (RAM) inside a computer system that becomes a server or a client when the program is transmitted via a network. Including things. The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  Further, some or all of the functions of the terminal device 10, the external server device 30, the system cooperation server device 50, and the in-house information management device 70 described above may be realized as an integrated circuit such as an LSI. Each function described above may be individually made into a processor, or a part or all of them may be integrated into a processor. Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. Further, in the case where an integrated circuit technology that replaces LSI appears due to progress in semiconductor technology, an integrated circuit based on the technology may be used.

DESCRIPTION OF SYMBOLS 1 ... Information processing system, 10 ... Terminal device, 30 ... Outside server device, 50 ... System cooperation server device, 70 ... In-house information management device, 71 ... Scheduler server device, 72 ... CMS server device, 73 ... Decision system server device, 31 ... External server first communication unit, 32 ... External server second communication unit, 33 ... Storage unit, 331 ... Authentication information storage unit, 34 ... Control unit, 341 ... Authentication unit, 342 ... Message transfer unit, 51 ... Internal server 1st communication part 52 ... Internal server 2nd communication part, 53 ... Storage part, 531 ... Account information storage part, 532 ... System designation keyword information storage part, 54 ... Control part, 541 ... External server authentication part, 542 ... Request Analysis unit, 543 ... request processing unit, 544 ... message generation unit, NW1 ... external network, NW2 ... external network

Claims (5)

A first server device connected to the first network; a second server device connected to a second network different from the first network; and a firewall constructed between the first network and the second network. An information processing system in which the first server device and the second server device establish a communication connection and communicate with each other across the firewall,
The first server device
A message including a request is acquired from a messenger application of a terminal device connected to the first network, and the acquired message that is an application layer message is transmitted through the communication connection established by a web socket protocol. A message transfer unit to be transmitted to the second server device;
With
The second server device is
A request analysis unit that analyzes a message that is a message transmitted from the first server device and includes a keyword indicating an anthropomorphic account of software that imitates human work, and extracts keyword information that represents the content of the request;
Based on the keyword information extracted by the request analysis unit, refer to external storage information stored in an external device connected to the second network, execute processing according to the content of the request, and based on the processing result A request processing unit for generating a reply message having a reply content having the personification account as a message transmission source on the messenger application.
An information processing system comprising: The first network is an external network,
The second network is an internal network;
The first server device
An authentication information storage unit for storing external user authentication information predetermined for each message transmission source;
Based on the external user authentication information received from the terminal device and the external user authentication information stored in the authentication information storage unit, the terminal device is authenticated and received from the second server device An authentication unit that authenticates the second server device based on the external user authentication information and the external user authentication information stored in the authentication information storage unit,
The message transfer unit is the message acquired from the terminal device authenticated by the authentication unit, the message transmitted within a group including an anthropomorphic account and a multi-person account, through the communication connection, the authentication Transmitted to the second server device authenticated by the department,
The second server device is
An account information storage unit for storing the external user authentication information and the internal user identification information in association with each other;
The request processing unit
Referencing the account information storage unit, converting the external user authentication information into the internal user identification information, and based on the converted internal user identification information and the keyword information extracted by the request analysis unit A message indicating a response content based on a processing result by referring to external storage information stored in an external device connected to the second network and executing processing according to the content of the request, the messenger application The information processing system according to claim 1, wherein an answer message is generated that is transmitted to the group using the software account as a message transmission source. The second server device is
A message generator for generating a message indicating the processing result,
The request processing unit
Based on the keyword information extracted by the request analysis unit, referring to the external storage information stored in the external device connected to the second network, and based on the access restriction set in the referenced external storage information When the disclosure of a part of the external storage information is determined to be inappropriate, the message indicates a reply content in which a part of the external storage information is replaced with information that can at least recognize that the information exists. And causing the message generator to generate the answer message including a question or an option and sending it to the terminal device,
The request analysis unit analyzes a message transmitted after the answer message based on information representing contents or options of the question, and extracts a keyword representing an answer to the question or the option. Item 3. The information processing system according to Item 2. A first server device connected to the first network; a second server device connected to a second network different from the first network; and a firewall constructed between the first network and the second network. An information processing method in an information processing system in which the first server device and the second server device establish a communication connection and communicate with each other across the firewall,
The first server device acquires a message including a request from a messenger application of a terminal device connected to the first network, and the acquired message of the application layer is established by a web socket protocol. A first step of transmitting to the second server device through the communication connection;
The second server device analyzes a message that is transmitted from the first server device and includes a keyword indicating an anthropomorphic account of software that imitates human work, and obtains keyword information representing the content of the request. A second step of extracting;
Based on the keyword information extracted in the second step, the second server device refers to external storage information stored in an external device connected to the second network, and performs processing according to the content of the request. A third step of generating a reply message that is executed and is a message indicating a reply content based on a processing result, the reply application having the personification account as a message transmission source on the messenger application;
An information processing method including: A first server device connected to the first network; a second server device connected to a second network different from the first network; and a firewall constructed between the first network and the second network. The computer of the second server device in the information processing system in which the first server device and the second server device establish a communication connection and communicate with each other across the firewall.
Request is included, the message of the first said first server from the messenger application of terminal devices connected to the network a message acquired application layer, through the communication connection established by the web socket protocol The message received from the first server device, the received message is a message including a keyword indicating an anthropomorphic account of software imitating human work, and keyword information representing the content of the request included in the message is analyzed. A first step of extracting;
Based on the keyword information extracted in the first step, refer to external storage information stored in an external device connected to the second network, execute processing according to the content of the request, and based on the processing result A second step of generating a reply message, which is a message indicating a reply content, on the messenger application, the reply person having the personification account as a sender of the message;
A program for running