JP2001344208A - Group ware and recording medium with the group ware recorded thereon - Google Patents

Abstract

PROBLEM TO BE SOLVED: To secure the secrecy of shared data resources in a group ware including CGI software which can be operated without depending on a loaded OS. SOLUTION: The group ware for sharing shared data (resources) stored in a server computer 1 connected to a computer network consisting of plural computer terminals (client computers) 3a, 3b, 4 connected so as to carry out data communication by these terminals 3a, 3b, 4 is provided with a user certification mechanism (module) for controlling whether accesses from the client computers 3a, 3b, 4 to a CGI mechanism (module) capable of performing processing concerned with the transmission/reception of instruction data and processed result data between the server computer 1 and respective client computers 3a, 3b, 4 and constituting the group ware are available or not and a display picture generation mechanism (module) for describing and generating a display picture based on the processed result obtained from the CGI mechanism (module) by a markup language.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to groupware used in a computer network comprising a plurality of computer terminals (client computers), server computers, and the like connected to enable data communication, and a recording medium for recording the groupware. About.

[0002]

2. Description of the Related Art Computer software that enables a plurality of users to share data resources is called groupware, and the functions of these groupware include Lotus which is a representative groupware. As described in Microsoft's Notes and Microsoft's Exchange, it includes a mail management function, a schedule management function, a conference room reservation function, and a bulletin board function.

However, the conventional groupware such as "Notes" and "Exchange" is used on a specific operating system (hereinafter abbreviated as OS) of a closed local area network which can secure confidentiality, and its function is provided. Usually depends on the OS of the server installed.

[0004] For this reason, the O of the server to be mounted is
CGI (Commo) that can operate without depending on S
2. Description of the Related Art A large number of n Gateway Interface (software) software has been developed to support a multi-platform environment on an open network such as the Internet.

[0005]

However, a CGI that can operate without depending on the OS of the server
(Common Gateway Interface)
The software has no user authentication function, and has a problem that confidentiality of shared data resources cannot be secured.

[0006] Therefore, the present invention has been made in view of the above-mentioned problems, and in order to cope with a multi-platform environment on an open network, a CGI that can operate without depending on the OS of a mounted server.
(Common Gateway Interface)
It is an object of the present invention to provide a groupware which includes software and can secure confidentiality of a shared data resource.

[0007]

In order to solve the above-mentioned problems, a groupware of the present invention and a recording medium recording the groupware are provided with a plurality of computer terminals (client computers) connected so as to be capable of data communication.
Data (resources) stored in a server computer connected to a computer network consisting of
Is shared by the plurality of computer terminals, the CGI mechanism (module which performs processing related to transmission and reception of instruction data and processing result data between the server computer and each client computer, and configures the groupware. A) a user authentication mechanism (module) for controlling whether or not the client computer accesses the client computer, and a display screen for describing and generating a display screen based on a processing result from the CGI mechanism (module) in a markup language. And a generation mechanism (module). According to this feature, the CGI mechanism (module)
Has a display screen generation mechanism (module), and the display screen based on the processing result of the CGI mechanism (module) is described and generated in a markup language, so it depends on the OS of the installed server or the OS of the client computer. It is possible to make the groupware operable without being performed, and by having the user authentication mechanism (module), it is possible to avoid access to shared data resources (resources) other than authorized access users. Thus, the confidentiality of the shared data resource (resource) can be ensured.

In the groupware of the present invention and the recording medium on which the groupware is recorded, the authentication screen transmitted to the client computer in the user authentication mechanism (module) is described in hypertext markup language (HTML) or a subset thereof. It is preferred that In this way, by writing in the hypertext markup language (HTML) or a subset thereof, these authentication screens can be created or changed easily without requiring a special development environment.

In the groupware of the present invention and a recording medium on which the groupware is recorded, the user authentication mechanism (module) receives a user identification code (ID) and a password for identifying a user, and An authentication step of comparing the user identification code (ID) and the password with the registration information and performing authentication, and, when the authentication is authorized, authentication as reconnection authentication data for reconnecting to the client computer of the access user. It is characterized by including an authentication ticket data issuing step of issuing ticket data and a registration step of registering the authentication ticket data. In this way, the user identification code (ID) and the password are not repeatedly transmitted and received during the reconnection, and the theft of the user identification code (ID) and the password can be avoided as much as possible.

[0010] The groupware of the present invention and the recording medium on which the groupware is recorded can be used to transfer the authentication ticket data registered in the registration step from an access user corresponding to the authentication ticket data for a predetermined time. Preferably, the method further includes an erasing step for erasing when the authentication ticket does not exist, and the authentication ticket data is formed into a different data string for each issue. By doing so, unnecessary authentication ticket data does not remain, and it is possible not only to prevent the unnecessary authentication ticket data from being illegally used and unauthorized access, but also to prevent the authentication ticket data from being illegally accessed. Is a different data sequence for each issue,
It is possible to detect or eliminate continuation of unauthorized access due to stolen authentication ticket data.

The CGI in the present invention is Commo.
n Gateway Interface,
This is software that allows the server computer to execute calculations and programs and display the results on screen display browsing software.

Normally, the CGI itself is not complete software but an interface for realizing a specific function. The CGI performs transmission and reception of parameters for executing a program and displays the result on a screen.

The markup language according to the present invention is a page description language for setting the character setting and layout of a document, and includes SGML, HTML, XML, a subset CompactHTML for displaying a mobile phone screen, and the like. The browsing software interprets a text in which a character string defining a format attribute called a “tag” is embedded and displays it on a screen.

By adopting this markup language for screen display, if there is only screen display browsing software, the user does not need to prepare special client software, and Netscape Corporation, which is generally used in general, is not necessary. For example, a screen display browsing software such as Netscape Communicator of Microsoft Corporation or Internet Explorer of Microsoft Corporation can be used.

Note that a module means a group of software that can be handled independently, and refers to a basic unit of assembly or a component unit.
The Perl script is preferably used for the description of I.
The Perl language is a computer programming language developed by Larry Wall et al. And is widely used for CGI programming and markup language file output. Modules written in Perl language are UNIX (registered trademark), Windows NT
(Registered trademark), VMS, OS / 2 (registered trademark), etc., can be used with almost no change in source code on almost all server OSs. Therefore, modules written in Perl language can be used regardless of the OS. Can be created.

[0016]

Embodiments of the present invention will be described below in detail with reference to the drawings. (Embodiment) FIG. 1 is a block diagram showing a configuration of a groupware system of the present embodiment having a server computer on which the groupware of the present invention is mounted. FIG. 2 shows the groupware used in the present embodiment. FIG. 3 is a flowchart of a software module for performing user authentication to be configured, and FIG. 3 is a diagram illustrating a configuration of groupware in the present embodiment.

First, as shown in FIG. 1, the configuration of the groupware system of this embodiment includes client computers 3a, 3b,... Connected to a local area network (LAN) and an Internet network 5 as an open network. It comprises a mobile phone 4 as a connected computer terminal, and a server computer 1 connected to the Internet network 5 via a communication device 2 and connected to the LAN. .. And the mobile phone 4 as appropriate.

The server computer 1 is equipped with the groupware of this embodiment, and the client computers 3a, 3b,... And the mobile phone 4 are compatible with the respective OSs and platforms.
HTML or C transmitted from the server computer 1
-Browser software capable of displaying screen data described in an HTML markup language is installed.

Next, the configuration of the groupware installed in the server computer 1 used in the present embodiment will be described. As shown in FIG. 3, the groupware is composed of a normal CGI module and a CGI module in the CGI module. It mainly comprises a display screen generation module for describing and generating a processing result and a content screen, for example, a schedule management table screen, etc. in a markup language, and a user authentication module for authenticating an access user.

As these CGI modules, a conventional CGI program which does not have a user authentication function or the like can be preferably used. In the present embodiment, a user authentication module is added to the normal CGI program. A user authentication module can be constructed as a library so that a CGI module with user authentication can be easily constructed simply by adding one line of code for calling this library to the top of the CGI program. It has become. User authentication in this user authentication module is performed using a user ID and password, which are user identification information (ID).
Frequent traffic between D and the password on the network is not preferable in terms of security because the possibility of plagiarism increases. Therefore, the check of the user ID and the password is performed only once at the time of user login, and thereafter, an authentication ticket (data) is issued, and the user is authenticated with the authentication ticket. The flowchart of FIG. 2 shows a flow for that. In this embodiment, a mode check parameter is set as a parameter of the user authentication module in order to specify the user authentication and the CGI used by the user. When the user authentication module is called, a mode check based on the parameters is performed (S101), and a screen requesting a user having no parameters to input a user ID and a password is displayed in a hypertext markup language (hereinafter abbreviated as HTML). Is displayed (S102). The user having the parameters of the user ID and the password is checked for the user ID and the password with reference to the access permission table (S104), and the user who is not permitted to access is displayed with a login rejection screen in HTML (S10).
5). If the user is permitted to access, parameters for proceeding to the next step are set and an authentication ticket is issued (S110).

The authentication ticket is issued by generating a random number for a ticket corresponding to the user ID.
Creates an authentication table consisting of a pair of an ID and a random code.
This authentication ticket (random number code) is passed to the client using the cookie function. Thereafter, user authentication is performed by using this authentication table, but after a predetermined time has elapsed, this authentication table is deleted.

If the mode parameter is other than login, the presence or absence of an authentication ticket is checked (S106). When the user who has issued the authentication ticket accesses, the authentication table is referred to (S108), and if there is no corresponding ticket in the authentication table, a login failure screen is displayed in HTML (S109).

When it is confirmed that the authentication ticket belongs to a user who permits access, a menu page screen corresponding to the next step is displayed in HTML or a corresponding CGI is displayed, depending on the contents of the mode parameter.
Execute the function module.

Thereafter, every time the CGI module specified by the user is executed, the authentication ticket is transmitted to the server by the cookie function of the browsing software, and the user ID and the authentication ticket are checked in the authentication table, but the user permitted to access is checked. Is not aware of this check.

[0025]

The present invention has the following effects.

(A) According to the invention of claim 1, the CG
The I mechanism (module) has a display screen generation mechanism (module), and the display screen based on the processing result of the CGI mechanism (module) is described and generated in a markup language. Groupware that can operate without being dependent on the OS or the like, and having the user authentication mechanism (module) allows access to data resources (resources) shared by users other than authorized access users. Access can be avoided, and confidentiality of the shared data resource (resource) can be ensured.

(B) According to the second aspect of the present invention, the creation and modification of these authentication screens can be performed by using the hypertext markup language (HTML) or a subset thereof without requiring a special development environment. It can be easily implemented.

(C) According to the third aspect of the present invention, the user identification code (ID) and the password are not repeatedly transmitted and received during the reconnection.
D) and the password can be prevented from being stolen.

(D) According to the fourth aspect of the invention, unnecessary authentication ticket data does not remain, and the unnecessary authentication ticket data is used illegally to make an unauthorized access. Not only can this be avoided, but by making the authentication ticket data a different data sequence for each issue, the continuation of unauthorized access due to stolen authentication ticket data can be detected or eliminated.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a groupware system of the present embodiment having a server computer on which the groupware of the present invention is mounted.

FIG. 2 shows a flowchart of a software module for performing user authentication constituting groupware used in the embodiment of the present invention.

FIG. 3 is a diagram showing a configuration of groupware according to the embodiment of the present invention.

[Explanation of symbols]

 1 Server Computer 2 Communication Device 3a Client Computer (Access User) 3b Client Computer (Access User) 4 Mobile Phone (Access User) 5 Internet Network

Claims (4)

[Claims] 1. Shared data (resource) stored in a server computer connected to a computer network composed of a plurality of computer terminals (client computers) connected so as to be able to perform data communication is shared by the plurality of computer terminals. Groupware that performs processing related to transmission and reception of instruction data and processing result data between the server computer and each client computer, and configures the groupware.
When accessing the GI mechanism (module) from the client computer, a user authentication mechanism (module) for controlling whether or not the access is possible and a display screen based on a processing result from the CGI mechanism (module) are described in a markup language. A groupware comprising: a display screen generating mechanism (module) for generating; and a recording medium recording the groupware. 2. The groupware according to claim 1, wherein the authentication screen transmitted to the client computer in the user authentication mechanism (module) is described in a hypertext markup language (HTML) or a subset thereof. A recording medium on which wear is recorded. 3. The user authentication mechanism (module),
An authentication step of accepting a user identification code (ID) and password for identifying a user, comparing the user identification code (ID) and password with registration information, and performing authentication; , Includes an authentication ticket data issuing step of issuing authentication ticket data that is reconnection authentication data for reconnection to the client computer of the access user, and a registration step of registering the authentication ticket data. The groupware according to claim 1 or 2, and a recording medium on which the groupware is recorded. 4. An erasing step for erasing the authentication ticket data registered in the registration step when there is no access from an access user corresponding to the authentication ticket data for a predetermined time, 2. The ticket data in a different data sequence for each issue.
4. The groupware according to any one of claims 1 to 3, and a recording medium on which the groupware is recorded.