JP2002041425A - Information reference system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information reference system, having high security performance and capable of coping with password leakage problem, without very much complicating the hardware configuration. SOLUTION: The system for referring to information stored in a server via a communication line is provided with an e-mail address storage means for storing a reference requester and an electronic mail address by correlating them with each other; a receiving means for receiving specification data for specifying information required by the reference requester and discrimination data for discriminating the reference requester; an extraction means for extracting the required information from the information stored in the server, on the basis of the specification data; an address retrieving means for retrieving the e-mail address of a sending destination; and an information transmission means for transmitting the required information extracted by the extraction means, to the address retrieved by the retrieving means through E mail.

Description

DETAILED DESCRIPTION OF THE INVENTION

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for referring to information stored in a server via a communication line, and more particularly to an information referencing system which is effective in preventing information leakage.

2. Description of the Related Art With the advancement of networking of information, it has been widely practiced to obtain various types of information using the Internet, intranets and the like. For example,
A system has been realized in which the schedules of company officers and employees stored in a server in the company can be obtained using an intranet, which is very useful for time adjustment of meetings and meetings. However, there is a demand from outside the company for a system capable of confirming the schedule of officers and the like using the Internet.

In a system in which the schedule of officers or the like can be confirmed from outside the company using the Internet, leakage of information by outsiders becomes a problem. For this reason, in the conventional system, the security ability is improved by a method such as devising a password. However, in order to improve security capabilities, there are problems that the hardware configuration becomes complicated and authentication operations such as password entry become troublesome.In addition, if the password is leaked due to the carelessness of the user, the information will be lost. There was a problem of leaking. An object of the present invention is to provide an information reference system which solves such a problem, has a high security capability, does not have a complicated hardware configuration, and can cope with a password leakage problem.

SUMMARY OF THE INVENTION According to the present invention, there is provided a system for referencing information stored in a server via a communication line, wherein a reference requester and an e-mail address are stored in association with each other. E-mail address storage means, specific data for specifying desired information from the reference requester, reception means for receiving identification data for identifying the reference requester, and information stored in the server based on the specific data. Extraction means for extracting desired information, address search means for searching a mail address storage means by the identification data, and searching for a destination mail address, and addresses extracted by the extraction means for the addresses searched by the address search means And information transmitting means for transmitting desired information by e-mail. In a system for referring to information stored in a server via a communication line, the system includes an Internet server connected to a terminal of an information providing requester via the Internet, and an information server for receiving an e-mail from the Internet server. The Internet server transmits, by e-mail, the requester identification data and the type data indicating the type of request information transmitted from the terminal of the information providing requester to the information server, and the information server transmits the type data from the Internet server. The provided information is extracted from the type data included in the received e-mail to create e-mail information, and the e-mail information is added to the mail address corresponding to the requester data included in the e-mail transmitted from the Internet server. Is transmitted by e-mail. Further, the Internet server transmits an input program for providing information to a terminal of an information providing requester. The information providing server limits information to be provided based on the authority of the information providing requester.

Next, an embodiment of the present invention will be described. FIG. 1 is a system configuration diagram showing an outline of an officer schedule information reference system which is an example of an information reference system according to an embodiment of the present invention. In order to make the description easy to understand, only the characteristic portions are described, and detailed systems of the Internet, e-mail, mobile phones, and wired phones (general subscriber phones and dedicated lines) which are known technologies, for example, mobile phone radio communication stations And Internet providers are omitted. A person who wishes to obtain officer schedule information (hereinafter referred to as a “client” and a target officer whose information is desired to be obtained is referred to as a requester) can use the mobile phone 1 at a predetermined location on the Internet (for example, Place to obtain:
Access (called the initial access point). At this time, the mobile phone 1 transmits requester identification code for identifying the requester and requester data indicating which officer and when. The initial access point is stored in a memory in the mobile phone 1. When the Internet server 2 receives the requester identification code and the requester data, the data is transmitted by e-mail to the information server 3 in which the officer schedule data is stored. The destination address of the e-mail is stored in the Internet server 2. The information server 3 determines whether or not the requester is a valid requester from the requester identification data sent by e-mail from the Internet server 2 and determines the data access authority. The process ends without providing information. In the case of a legitimate requester, available data (officer schedule information) matching the requester data is extracted from the database in accordance with the data access authority, and an e-mail is created (converted to e-mail). . Then, the information server 3 sends the created e-mail to the e-mail address of the requester (specific position of the mail server 4), and the requester uses the mobile phone 1 to send an e-mail addressed to himself (to his own e-mail address). By watching the sent e-mail), the schedule of the officers can be known. In such an officer schedule information reference system according to the embodiment of the present invention, when there is a request to provide the officer schedule information, the information is transmitted to the requester by e-mail, so the transmittable e-mail By defining the address in advance, the information provider can be easily limited, and it is possible to prevent information provision to an unauthorized accessor. In addition, since it is not necessary to install a special hardware configuration, for example, installing an advanced firewall or setting a complicated password, it is possible to suppress an increase in cost and a complicated operation for authentication. In this embodiment, information acquisition using a mobile phone has been described as an example. However, a system connected to the Internet using a personal computer and a general subscriber telephone line or the like can be similarly realized. next,
The details of each configuration of the mobile phone 1 and the like, that is, data of each configuration, details of processing to be performed, and the like are described. FIG. 2 is a detailed diagram showing details of the mobile phone 1. Memory 1 of mobile phone 1
1 (comprising a rewritable RAM or the like) stores information request basic data for obtaining officer information.
This information request basic data includes a URL (http: //... Cgi) indicating an initial access point and an identification code (ID: URL in this example) added as an argument indicating a requester (owner of a mobile phone in this example). ) Is stored. And
When the mobile phone 1 accesses the initial access point, an input program for selecting required information is transmitted from the Internet server 2, and the input program is executed on the mobile phone 1. The contents of the input program are shown on the display screen in FIG. 2. First, when a requester selection screen is displayed and a requester selection operation is performed (a requester list is displayed, a cursor operation or the like is performed). A requester is selected therefrom), and a date selection screen (display of a list of requesters and dates) of the requested data (officer plan) is displayed. Then, when the date is selected (the relevant date is selected by a cursor operation or the like), a confirmation screen (display of the selected officer and the date) is displayed. Select),
The requester ID, the requester ID, and the date data are transmitted to the Internet server 2. FIG. 3 is a detailed diagram showing details of the Internet server 2. Internet server 2
The hard disk 21 has an input program to be provided to the mobile phone 1, requester data including the requester's name and ID, and a transmission destination address (information server) for transmitting data from the mobile phone 1 by e-mail. 3, a predetermined address: INF @ AA) is stored, provides an input program and requester data to the mobile phone 1 in response to access of the mobile phone 1, and a requester sent from the mobile phone 1. The ID, the requester ID, and the date data are transmitted by e-mail to the transmission destination address (INF @ AA) of the information server 3. FIG. 4 is a detailed diagram showing details of the information server 3.
The hard disk 31 of the information server 3 stores authority data indicating data relating to data access of a client, administrator data indicating data relating to a system administrator, and schedule data indicating a schedule of an officer. As the authority data, the name, ID, and e-mail address of the requester registered as a valid requester (here, both the address for the mobile phone and the address for the personal computer installed in an office or the like are stored and stored). And an e-mail is transmitted to both), and a requester having the same authority as the requester (here, a secretary in charge of the officer) is stored in association with the requester. . Note that detailed authority information can be provided here, but in this example, authority information is not particularly used. Also, the authority information includes
In addition to executives, data is also stored for, for example, specific employees who are authorized to access information. And
The judgment of authority in this example is "person (officer and secretary in charge)" and "other", all information is provided for "person", and only public information is provided for "other" . In other words, if the data of the requester ID transmitted from the mobile phone 1 via the Internet server 2 is included in the authority data, the requester is determined to be a valid requester and the provision of the information is permitted, If the data of the requester ID is not included in the authority data, the requester is determined to be an improper requester and the provision of information is prohibited. Requester I
If the data of D is included in the authority data, and the requester ID and the requester ID match, it is determined that the requester is the principal and all the information of the requester is permitted, and conversely, the requester ID and the requester ID
If does not match, the provision of only the public information of the requester is permitted. As the administrator data, data indicating the administrator of the system is stored, and the name, ID, and e-mail address of the administrator (here, both the address for a mobile phone and the address for a personal computer installed in an office or the like). , And an e-mail is sent to both). If the data of the requester ID transmitted from the mobile phone 1 via the Internet server 2 is included in the administrator data, the requester is determined to be a valid administrator and all the information in the information server is determined. Permission to provide and update data. The schedule data is information indicating the schedule of the officer, and the schedule information of the corresponding requester on that date is collectively arranged and stored in a folder named with the requester ID and the date. Each schedule information is classified into public data and private data. For example, start time, end time, outline of contents, etc. are stored as public data. Is stored. If the requester has the authority of "the person" (or the administrator), both information of the public / private data is extracted as the data for mail creation (conversion), and the requester has the authority of the "other". In this case, information of only the public data is extracted as data to be created (converted) for e-mail. Then, the e-mail created from the extracted data is transmitted to the e-mail address of the valid client (predetermined location of the mail server 4) stored in the authority data. Then, by the access from the mobile phone 1, the electronic mail addressed to the requester stored in the mail server 4 is transmitted to the mobile phone 1, and the requester can confirm (see) the requester's schedule. Next, processing performed by the information server 3 will be described. FIG. 5 is a flowchart showing a process performed in the information server 3. This process is executed when an information request e-mail is transmitted from the Internet server 2. In step S1, the requester ID included in the e-mail is sequentially collated with the authority data, and if the requester ID matches the authority data, the process proceeds to step S2.
Then, when all the data of the authority data have been collated (there is no match ID), the process is terminated (information is not provided). In step S2, information corresponding to the requester / date included in the e-mail is sequentially searched from the scheduled data. If the search is completed for all data, the process proceeds to step S7, and if the corresponding information is searched, the process proceeds to step S3. In step S3,
It is determined whether the authority is "person". If "author", the process proceeds to step S4, and if "author", to step S5. The authority is determined based on the matching condition between the requester and the requester (match or manager: "person", mismatch:
"others"). In step S4, all information of the searched information is extracted, and the process proceeds to step S6. In step S5, public information is extracted from the searched information, and the process proceeds to step S6. In step S6, an e-mail sentence is created (converted) from the extracted information (information extracted in each processing loop is added), and the process returns to step S2. Then, in step S7, the e-mail text created in step S6 is transmitted to the e-mail address of the requester, and the process ends. As described above, according to the information reference system according to the present embodiment, since the provided information itself cannot be directly accessed from the outside, the security is enhanced. Also, since the provided information is sent only to a specific e-mail address, even if the information for access is leaked, the information does not leak to outsiders, and it is possible to maintain even stronger security . Further, since it is not necessary to set up a special firewall or set a complicated password or the like, a low-cost and easy-to-operate information reference system can be realized. In addition, since the information to be provided is limited according to the authority of the client, information can be provided in a wide range of applications where appropriate information can be provided in various cases.

As described in detail above, according to the present invention, strong security can be maintained, and low cost without installation of a special firewall or setting of complicated passwords is required. Thus, an information reference system with good operability can be realized.

[Brief description of the drawings]

FIG. 1 is a configuration diagram showing an outline of an information reference system according to an embodiment of the present invention.

FIG. 2 is a configuration diagram showing a structure of the mobile phone 1;

FIG. 3 is a configuration diagram showing a structure of an Internet server 2.

FIG. 4 is a configuration diagram showing a structure of an information server 3.

FIG. 5 is a flowchart illustrating a process performed by the information server 3;

[Explanation of symbols]

 1. Mobile phone 2. Internet server 3. Information server 4. Mail server

Claims (4)

[Claims] 1. A system for referring to information stored in a server via a communication line, comprising: a mail address storage unit in which a reference requester and an e-mail address are stored in association with each other; Receiving means for receiving specific data to be specified and identification data for identifying the reference requester; extracting means for extracting the desired information from information stored in a server based on the specific data; and a mail address based on the identification data Address search means for searching a storage means for a destination mail address; and information transmission means for transmitting desired information extracted by the extraction means to the address searched by the address search means by e-mail. An information reference system characterized by the following. 2. A system for referring to information stored in a server via a communication line, comprising: an Internet server connected to a terminal of an information providing requester via the Internet; and an information server receiving an e-mail from the Internet server. The Internet server transmits requester identification data and type data indicating a request information type transmitted from an information providing requester terminal to the information server by e-mail, and the information server transmits the Internet The provided information is extracted from the type data included in the e-mail sent from the server to create e-mail information, and the e-mail is sent to the e-mail address corresponding to the requester data included in the e-mail sent from the Internet server. Information characterized by sending encrypted mail information by e-mail. Reference system. 3. The information reference system according to claim 2, wherein the Internet server transmits an input program for providing information to a terminal of an information providing requester. 4. The information reference system according to claim 2, wherein the information providing server limits information to be provided based on an authority of an information providing requester.