JP2002358274A - Intranet system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To get access, from the outside, to an intranet system isolated with a fire wall. SOLUTION: Electronic mail is transmitted from the outside to a job processing engine 114 provided in a mail server 110 provided inside the fire wall. In the body text of the electronic mail, the identification information on a sender and job instruction information have been described. Regarding the received e-mail, the authentication is performed with a sender authentication part 115, the job instruction is acknowledged with a job acknowledgment part 116, and the job is executed with a job execution part 117. The execution result of the job is transmitted by return e-mail or a fox to the sender.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an intranet system, and more particularly to an intranet system capable of executing a predetermined job from an external network using electronic mail.

[0002]

2. Description of the Related Art An intranet system constructed by connecting a plurality of computers via a LAN or the like has become a core system that is no longer indispensable as a corporate infrastructure. Normally, such an intranet system in a company connects a group of servers, such as a web server, a database server, a file server, and a mail server, to a group of client personal computers operated by individual staff members in the company via a network dedicated to the company. It consists of. In general, information stored in the company is based on personal information such as personal schedules, pay statements, and address books, as well as notification information such as bulletin board information and news that can be viewed in each department or company-wide, and individual business operations. It covers a wide variety of documents, including quotes, billing, presentation materials, design drawings, manuals, and other document information.These various types of information are stored in database servers, file servers, and personal client PCs. It will be stored in various places. The intranet administrator in the company promotes corporate activities and cuts costs by introducing a system that allows immediate sharing of a wide variety of information stored in these various places. I have.

[0003] As described above, the intranet system constructed for a company is a system devised so that staff in the company can use the system as efficiently as possible. Strict security measures are taken from the viewpoint of preventing unauthorized access to external networks. Normal,
A firewall is installed between an external network such as the Internet and an intranet in the company, and measures are taken to protect information in the company from unauthorized access from the outside.

[0004]

As described above, since an intranet system built in a company is separated from an external network by a firewall, access from the outside is extremely severely restricted. Will be. Of course, it is indispensable to provide such a firewall as a security measure to protect company information from an unspecified number of outsiders. However, the installation of a firewall causes a problem that legitimate access via an external network is also difficult. In other words, as long as the staff in the company uses a terminal device (client personal computer) connected to the company intranet, they can freely access company information within the scope of the given authority. Data can be read, written, altered, deleted, and various other processes can be executed. However, it is impossible to access the intranet of a company via an external network such as the Internet by a normal method. In actual business sites, there are many staffs whose main activities are outside the company, such as sales representatives. However, such staff will not be able to access information stored on the company intranet as long as they are working outside the company.

Conventionally, in order to provide information to such staff working outside the company, a dedicated Web server or file server is installed outside the firewall.
The necessary information had to be prepared in these servers. However, such an approach is merely an expedient solution, does not enable access to an intranet built behind a firewall, and is not a fundamental solution. Originally, if it is not necessary to consider security issues, it is possible to access the company intranet from anywhere in the world via the Internet, and to provide Web servers, database servers, file servers, mail servers, Ideally, information stored in a client computer or the like can be freely used via the Internet.
In addition, to the staff of another company with which we have a partnership,
If you have an environment that can share this information,
It is also possible to realize more efficient business forms.

Accordingly, an object of the present invention is to provide an intranet system that allows access from an external network while using existing system facilities as much as possible and maintaining the conventional security.

[0007]

SUMMARY OF THE INVENTION The basic technical idea of the present invention is to provide an electronic mail system having a firewall for isolating an external network such as the Internet from an intranet in a company. Is based on the fact that transmission and reception are performed through a firewall due to its nature. In other words, files in the form of e-mail can basically pass through the firewall, so an e-mail describing some job to be executed on the company intranet is sent from the outside, and sent to the company intranet. , If you have a job processing engine that interprets and executes this job, even if it is not an external direct access,
Indirect access is possible. In the case of a job that collects information such as data and files, a form in which the collected information is returned to an external network using an electronic mail can be used. The basic aspects of the present invention based on such a technical idea are as follows.

(1) In a first aspect of the present invention, a plurality of computers are connected by an internal network and a firewall is constructed between the computers and an external network in order to use the computers belonging to a specific group. In an intranet system with security measures, a mail server that has at least an e-mail receiving function is installed inside the firewall, a sender authentication unit that authenticates the sender of the mail received by the mail server, and a mail server that A job recognizing unit for recognizing the contained job, and a job recognizing unit for a computer connected to the internal network within a range of authority given to the sender authenticated by the sender authenticating unit. A job execution unit that executes the recognized job. A processing engine is provided inside a firewall, and a predetermined job is executed by an e-mail transmitted via an external network.

(2) The second aspect of the present invention is the above-mentioned first aspect.
In the intranet system according to the aspect, a mail server having an e-mail receiving function and an e-mail transmitting function is provided inside the firewall, and a job execution result of the job executing unit is transmitted to the sender as an e-mail by the e-mail transmitting function It is configured to be performed.

(3) The third aspect of the present invention is the above-mentioned first aspect.
In the intranet system according to the aspect, a transmission computer having a facsimile transmission function is connected to the internal network, and a job execution result by the job execution unit is transmitted to the sender as facsimile image information via the transmission computer. It is what was constituted.

(4) The fourth aspect of the present invention is the above-mentioned first aspect.
In the intranet system according to the third aspect,
A job recognizing unit has a function of recognizing a command included in the mail and a parameter used for executing the command, and the job executing unit executes a job according to the recognized command and the parameter. Is performed.

(5) The fifth aspect of the present invention is the above-mentioned second aspect.
In the intranet system according to the fourth aspect,
The job recognizing unit has a function of recognizing a “job for collecting specific information stored in the intranet” included in the mail, and the job executing unit performs, based on the recognized job, The specific information is transmitted to the sender as a job execution result.

(6) The sixth aspect of the present invention is the above-mentioned fifth aspect.
In the intranet system according to the aspect, when the job recognizing unit recognizes the “job for collecting specific information whose location in the intranet is specified”, the job executing unit may A process for collecting specific information based on the information and transmitting the collected information to the sender is performed.

(7) The seventh aspect of the present invention is the above-described fifth aspect.
In the intranet system according to the aspect, when the job recognizing unit recognizes the "job for creating a menu of accessible information", the job executing unit creates the corresponding menu and sends it to the sender. The transmission process is performed, and when the job recognition unit recognizes a "job to collect specific information posted on the corresponding menu", the job execution unit collects this specific information. Then, a process of transmitting this to the sender is performed.

(8) The eighth aspect of the present invention is the above-mentioned fifth aspect.
In the intranet system according to the aspect, when the job recognizing unit recognizes the “job for collecting information related to the predetermined keyword”, the job executing unit causes the job executing unit to list information related to the keyword. And send it to the sender.If the job recognition unit recognizes a "job to collect specific information on the hit list", execute the job. The processing of collecting the specific information and transmitting the specific information to the sender is performed by a unit.

(9) The ninth aspect of the present invention is the above-mentioned fifth aspect.
In the intranet system according to the eighth aspect,
If the job recognizing unit recognizes "format specification for specific information to be collected", the job executing unit converts the specific information to be returned to the specific format specified by the format specification. Thus, a process of transmitting this to the sender is performed.

(10) According to a tenth aspect of the present invention, in the intranet system according to the second aspect described above, a job execution result of the job execution unit is encrypted and then transmitted to the sender as an e-mail. It was made.

(11) According to an eleventh aspect of the present invention, in the intranet system according to the second aspect, a job execution result of the job execution unit is transmitted to the sender in a form embedded in an electronic mail file. It is something to do.

(12) According to a twelfth aspect of the present invention, in the intranet system according to the second aspect, the job execution result of the job execution unit is transmitted to the sender in the form of an attached file of an e-mail. It was made.

(13) According to a thirteenth aspect of the present invention, in the intranet system according to the first to twelfth aspects, a job processing engine is provided in a mail server, and a plurality of computers connected to an internal network are provided. To
The job is to be executed by the job execution unit.

(14) According to a fourteenth aspect of the present invention, in the intranet system according to the first to twelfth aspects, a job processing engine is provided in a client computer connected to an internal network. Are to be executed by the job execution unit.

(15) According to a fifteenth aspect of the present invention, a program that functions as a job processing engine used in the intranet systems according to the first to fourteenth aspects is prepared and distributed via a network. Alternatively, it is recorded on a computer-readable recording medium and distributed.

[0023]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described below based on an embodiment shown in the drawings.

§1. General Intranet System As described above, an object of the present invention is to provide an intranet system that allows access from an external network while using the existing system facilities as much as possible and maintaining the conventional security. To provide. Therefore, here, a configuration example of a general intranet system already used as an existing system will be described.

FIG. 1 is a block diagram showing a basic configuration of a conventionally used general intranet system 100 and a state where the system is connected to the Internet 300 via a firewall 200. In the figure, a portion surrounded by a dashed line is an intranet system 100. An intranet system is a system in which a plurality of computers are connected via an internal network in order to be used by persons belonging to a specific group (for example, the same company). It is configured by interconnecting a server and a number of clients (a personal computer is generally used recently). The intranet system 100 and the Internet 300 are similar in that many computers are connected via a network. However, while the Internet 300 is a system based on access from an unspecified number of people around the world, the intranet system 100 is a closed network system limited to access from people belonging to a specific group. They differ in that they are.

As described above, the information stored in the company ranges from information for each individual employee to document information that can be browsed in each department or company-wide. It should be said.
Therefore, it is necessary to take sufficient security measures against unauthorized access from the outside. Therefore, a firewall 200 is installed between the intranet system 100 and the Internet 300 as a system for ensuring security, and information exchanged between the intranet system 100 and the Internet 300 is strictly controlled by the firewall 200. Will be monitored.

In the illustrated intranet system 100, as a company-wide server, a mail server 110 for performing transmission / reception processing of electronic mail, information prepared in the form of a Web page (normally described in an HTML format) Web server 120 for providing
A DB that manages an employee database that records employee affiliation, salary details, addresses, etc., and a business database that records document information such as estimate, billing, presentation materials, design drawings, manuals, etc. related to individual tasks.
A server 130 is provided. Further, as shown by a two-dot chain line in the figure, the system is divided into sections such as sections A, B, C,...
A Web server 140 and a file server 150 for this section A are provided. In addition, client computers 160 operated by individual employees are also installed in each department. Of course, in practice, a large number of client personal computers 160 are provided, and a plurality of servers are provided as necessary.

Such an intranet system 100
In the information required in the company, the Web server 12
0, DB server 130, Web server 140, file server 150, or personal client personal computer 1
These computers are stored in various places, such as inside a computer 60. These computers are connected to each other by an internal network NW, and by using a search system prepared by an intranet administrator in the company. , Staff within the company will have access to the information they need. Of course, usually, the access right is set for each piece of information, and the information is provided only to the staff having the proper access right. Eventually, the staff in this company set up the intranet system 100
As long as the client PC 160 is used for access, an environment in which necessary information can be freely accessed within the range of the given access right is prepared.

On the other hand, with regard to access via the Internet 300, such free access must be restricted. For the Internet 300, a personal computer 310, a mobile phone 320,
It is possible to access using other terminal devices. However, access to the intranet system 100 via the Internet 300 is significantly restricted under the monitoring of the firewall 200 due to security needs. In other words, even if the client PC 160 allows free access, if the same staff uses the personal computer 310 or the mobile phone 320 from outside the company (for example, on a business trip or at home), the firewall 200 is not used. Access will be denied by the function.

As described above, the intranet system 10
0 is insulated from an external network such as the Internet 300 by the firewall 200, so that security measures for protecting in-house information from an unspecified number of outsiders are taken.
However, the installation of the firewall 200 causes a problem that legitimate access via an external network is also difficult. For this reason, conventionally, a dedicated Web server or a file server is installed outside the firewall 200 so that a sales person or the like can access from outside the company via the Internet 300 using the personal computer 310 or the mobile phone 320. However, it was necessary to adopt a method of preparing necessary information in these servers. The first point of the present invention is to utilize the existing intranet system 100 as shown in FIG. 1 as much as possible and to allow staff such as sales staff to access the intranet system 100 inside the firewall 200 from outside even outside the company. The point is to provide a way to make it possible.

§2. Intranet system according to the present invention
The basic configuration of the beam here, now, and generally try to focus on the basic functions of a firewall 200, which is used, basically,
It can be seen that the process of rejecting all accesses from the outside, but accepting the information returned as a response to the access request from the inside, is performed. For example, when browsing an arbitrary Web page published on the Internet 300 using the Web browser function of the client personal computer 160, the client personal computer 160 browses a site that provides the Web page. A request will be made. Such a browsing request is transferred to the Internet 300 through the firewall 200. Then, as a response to the browsing request, the data of the designated Web page is
00, the firewall 20
A value of 0 confirms that this data is a response to the browsing request issued by the client personal computer 160, and then permits the data to be accepted inside the intranet system 100. Thus, the requested Web page is presented on the client personal computer 160. The above is a description of browsing a web page published on the Internet 300 by using HTTP (Hyper Text Tra
The processing operation is performed using the nsfer protocol (Nsfer Protocol), and the same applies to the case where an arbitrary file published on the Internet 300 is downloaded using the FTP (File Transfer Protocol).

In any case, the basic policy of the firewall 200 is that access from the inside of the intranet system 100 to the Internet 300 is permitted, but conversely, access from the Internet 300 to the inside of the intranet system 100 is rejected. Become. However, electronic mail is an access for the purpose of transmitting a file from the Internet 300 to the inside of the intranet system 100 due to the nature of the electronic mail. However, usually, setting for rejecting the electronic mail is not performed. This is because if the e-mail is rejected, the computer inside the intranet system 100 cannot receive the e-mail. Of course, it is possible to set the firewall 200 to refuse the reception of an e-mail from a specific party. However, basically, the firewall 200 accepts an e-mail addressed to a computer inside the intranet system 100, and A process for delivering the mail to the mail server 110 is performed. Of course, the intranet system 100
When sending an e-mail from an internal computer to any computer on the Internet 300,
The transmitted mail is transmitted from the mail server 110 to the Internet 300 through the firewall 200.

As described above, transmission and reception of electronic mail through the firewall 200 is normally permitted. The basic idea of the present invention focuses on the characteristics of such an e-mail, and the intranet system 100
By transmitting an e-mail describing a job to be executed within the system from the outside, a function substantially equivalent to accessing the inside of the intranet system 100 from the outside is realized. That is, if a "job processing engine" for interpreting and executing a job sent as an e-mail is prepared in the intranet system 100, indirect access is possible even if it is not an external direct access. become. Further, in the case of a job for collecting information such as data and files, if the collected information is sent back to an external network using the same e-mail, the intranet system 100 It becomes possible to obtain any information in the e-mail.

FIG. 2 shows the "job processing engine" described above.
Is a block diagram showing an embodiment in which is provided in the mail server 110. The mail server 110 is a server installed inside the firewall 200 and having an e-mail transmission / reception function, and has a mail reception unit 111 and a mail transmission unit 112 (if only a job is received, the mail The server 110 only needs to have at least the reception function of the e-mail transmission / reception functions.) The e-mail that has passed through the firewall 200 is received by the e-mail receiving unit 111, and is further transmitted to the e-mail distribution unit 1
It is sorted at 13. That is, based on the destination address of the received e-mail, mail distribution section 113 transmits the e-mail to a predetermined computer (for example, client personal computer 1) via internal network NW.
60). Conversely, an e-mail sent from a predetermined computer is sent to the internal network N
W to the mail transmission unit 112 via the W
Will be sent to

A feature of this embodiment is that the existing mail server 110 having the above-described components of the mail receiving unit 111, the mail transmitting unit 112, and the mail sorting unit 113 has a configuration as shown in FIG. That is, the job processing engine 114 is added. This job processing engine 1
14 is a sender authentication unit 115 for authenticating the sender of the mail received by the mail receiving unit 111;
Within the intranet system 100 within a range of authority given to the sender authenticated by the sender authenticating unit 115, and a job recognizing unit 116 for recognizing a job contained in the received mail. A job execution unit 117 that executes a job recognized by the job recognition unit 116 for a computer connected to the network NW). If such a job processing engine 114 is prepared, a predetermined job is executed by e-mail transmitted via the Internet 300.

In this embodiment, the result of job execution by the job execution unit 117 is transmitted to the mail transmission unit 112.
, Or as facsimile image information via the facsimile transmission computer 170 to the sender.
When the given job is a job for collecting information such as specific data and files stored in the intranet system 100, the collected information is transmitted by e-mail or by facsimile. The job is returned to the requester of the job.

§3. Specific Job Contents Subsequently, a procedure for performing some kind of external access using the intranet system according to the present invention will be described based on some actual examples. Specifically, the sales staff of the company, which has been given predetermined authority to use the intranet system 100, uses the personal computer 310 to travel to the Internet 3
Consider the case of accessing via 00. As described above, the external personal computer 310 sends the Internet 30
0, direct access to the inside of the intranet system 100 cannot be made (rejected by the firewall 200). So, PC 3
The access using the “10” actually sends an e-mail attached with a predetermined job to the mail server 110.
Indirect access method will be adopted.

Here, the sales staff uses the personal computer 310 to operate the intranet system 1 shown in FIG.
“FIL” stored in the web server 120 in
The procedure will be described by taking as an example a case of performing an access to obtain the data of the file "E001" as text data. First, this sales staff
Using the personal computer 310, an e-mail as shown in FIG. 3 is created. Since this e-mail is a mail received from the intranet system 100 side, it will be referred to as “received mail” here.

The electronic mail shown in FIG. 3 is composed of seven lines of character strings. The first line "To: post-job@xxx.co.jp
The character string "" indicates the mail address of the destination of the electronic mail, and is actually the address assigned to the job processing engine 114 in the mail server 110. When the e-mail distribution unit 113 shown in FIG. 2 receives an e-mail whose address on the first line is a character string “To: post-job@xxx.co.jp”, the e-mail distribution unit 113 Processing for distribution to the processing engine 114 will be performed.

The character string "Subject:" on the second line is a descriptor indicating the title of a normal electronic mail. In the illustrated example, the title itself is not described and is blank. Subsequent lines 3 to 7 are portions that substantially constitute the body of the e-mail, and are character strings indicating the contents of the job. The descriptions on lines 3 to 7 are all <
It is composed of a tag portion surrounded by> and a subsequent character string.

The description “<ID> 123456” on the third line is a tag “<ID>” indicating the identification code of the sender of this electronic mail.
And the identification code “123456”, the description “<Password> abcdef” on the fourth line is composed of a tag “<Password>” indicating the sender's password of this e-mail and a password “abcdef” It is a character string. The information on the third and fourth lines is the authentication information of the sender of this e-mail. The sender authentication unit 115 shown in FIG.
Will perform sender authentication based on this authentication information.

The description “<Command> GETFILE” on the fifth line is a character string consisting of a tag “<Command>” indicating a command and a command name “GETFILE”, and is described in any place in the intranet system 100. It is a job execution command that collects specific stored files and returns them. In the sixth line, “<Parameter
The description “Web120 / FILE001” is a character string consisting of a tag “<Parameter>” indicating a parameter and a parameter value “Web120 / FILE001”, and is auxiliary information accompanying the command “GETFILE”, that is, a collection target. The data indicates the location of a specific file. Eventually, the information on the fifth and sixth lines is job instruction information indicating the content of the job to be executed by the e-mail. Specifically, in the case of this example, execution of the job "collect and return the file having the file name FILE001 in the Web server 120" is instructed. The job execution unit 117 shown in FIG. 2 executes the specified job based on the job instruction information.

The description “<Retern> TEXT” on the last line 7 is composed of a tag “<Retern>” indicating the format specification when returning a specific file to be collected and a format name “TEXT”. This is a character string, and is information for instructing a receiving format (a so-called document format) when the sender who sent the mail receives the specific file. In the case of this example, an instruction to return the file in the form of “text data” is described. Job execution unit 11
7 is “File name FILE0 in Web server 120”
After executing the job of “Collecting a file that is 01.”, convert this file to the specified “text data” format (of course, if it was originally in the text data format, No), a process of sending this back using e-mail is performed.

FIG. 4 is a diagram showing an example of a transmitted mail returned to the sender as a result of executing the job specified by the received mail shown in FIG. The first line, "To: use
The character string "r@yyy.co.jp" is the mail address of the sender of the received mail shown in FIG.
This is 10 mail addresses (not shown in FIG. 3, but the received mail includes the mail address of the sender, and the sender can be recognized from this mail address). The character string “Subject:” in the second line is a descriptor indicating the title in the e-mail, and in the illustrated example, the title itself is not described and is blank. Subsequently, “text data of Web120 / FILE001” is described as the body of the e-mail. That is, the job executing unit 117 executes a process of collecting the file having the file name FILE001 in the Web server 120, converting the file into the “text data” format as necessary, and embedding the file in the transmitted mail. The outgoing mail created by the job execution unit 117 in this way is sent to the mail sending unit 112, and the firewall 200,
It will be delivered to the personal computer 310 via the Internet 300.

After all, from the point of view of the sales staff, an e-mail (received mail as viewed from the intranet system 100 side) as shown in FIG. Then, an e-mail (sent e-mail as viewed from the intranet system 100) as shown in FIG. 4 is returned. If the sales staff browses the returned e-mail, the desired file can be obtained in the form of text data. As described above, the sales staff writes a desired file name as a parameter in the “<Parameter>” portion of the sixth line in FIG. 3 so that the sales staff can access the Internet 300 anywhere in the world. It becomes possible to receive a desired file using electronic mail.

Although the example shown in FIG. 4 is an example in which a desired file is transmitted to the sender in a form embedded in the file of the e-mail, the desired file is transmitted to the sender in the form of an attached file of the e-mail. It doesn't matter. In the former case,
One e-mail file will be returned to the sender, but in the latter case, one or more files will be replied together with one e-mail file. . In general, if the file is in the form of “text data”, it is easy to embed it in an e-mail as shown in the example in FIG. Absent. As a file format (file format) that can be specified by the tag “<Retern>”, there are various formats such as an HTML format, a PDF format, an electronic book format, and a binary file format, in addition to a text format. When a format that is difficult to embed in an e-mail is specified as described above, it is preferable to transmit the e-mail in the form of an attached file of the e-mail. Of course, the sender itself may indicate whether the format is the embedded format or the attached file format (for example, in the <Retern> tag, along with the format name,
Information indicating whether the file is in the embedded format or the attached file format should be described.)

In the embodiment shown in FIG. 2, since the facsimile transmission computer 170 is provided,
Instead of replying by e-mail, it is also possible to reply by facsimile. For example, if the destination telephone number is specified in the <Retern> tag together with the format specification of “FAX”, the job execution unit 117 expands the contents of the collected file into raster-format image information. The image information is transferred to the facsimile transmission computer 170, and the facsimile image may be transmitted to a designated telephone number via a telephone line. The sender can receive the contents of the desired file by facsimile.

In the above, an example has been described in which a job for returning a desired file in the intranet system 100 to the sender is executed. However, the job that can be executed by the present invention is limited to only a job for returning such a file. Not something. FIG. 5 lists some examples of jobs that can be performed by the present invention. Each job is composed of commands and parameters. The command is
The parameter is composed of an instruction indicating the main purpose of the job to be executed, and the parameter is composed of data indicating auxiliary information accompanying the instruction. It is preferable to express the job separately by the command and the parameter in order to facilitate the recognition of the job by the job recognition unit 116 and the execution of the job by the job execution unit 117. Job execution unit 117
Executes the job according to the command and the parameter recognized by the job recognition unit 116.

As described above, the job J1 shown in FIG. 5 is a job for returning a desired file to the sender. In the illustrated example, the job is a job indicated by the command “GETFILE” and the parameter “Web120 / FILE001”, and “File name FILE00 in the Web server 120”.
Collect one file and send it back. " The job J2 is a job for restarting a specific personal computer which is a member of the components of the intranet system 100. In the illustrated example, the job is indicated by a command “REBOOT” indicating a restart instruction and a parameter “PC160” indicating a personal computer to be restarted. Upon receiving this job, the job execution unit 117 executes a process of restarting the client personal computer 160. The job J3 is a job for deleting an arbitrary file stored in the intranet system 100. In the illustrated example, the job is indicated by a command “DELFILE” indicating a file deletion instruction and a parameter “DB130 / FILE003” indicating a file to be deleted. Job execution unit 11
7, upon receiving this job, executes a process of deleting the file FILE003 in the DB server 130. The job J4 is a job for checking a load state of an arbitrary computer in the intranet system 100. In the illustrated example, the job is indicated by a command “INFOLOAD” indicating a load check instruction and a parameter “FS150” indicating a computer to be checked.
Upon receiving this job, the job execution unit 117 recognizes the current load of the file server 150 and performs a process of reporting this to the sender (a process of transmitting information indicating the load using an e-mail or facsimile). Execute.

Although several examples of jobs that can be executed by the job execution unit 117 have been described above, the present invention is not limited to these jobs, and of course, other various jobs can be executed. It is possible to do. In practice, a job definition table as shown in FIG. 5 is registered in the job recognizing unit 116, and a program which is an execution routine of each registered job is prepared in the job executing unit 117. do it. If the given job is a job registered in the job definition table, the job is recognized by the job recognition unit 116 and executed by the program in the job execution unit 117. When an unregistered job is given, the job execution unit 117 notifies the user of an error (a process of notifying that the given job cannot be executed using electronic mail or facsimile). Is preferably performed.

Of the jobs J1 to J4 shown in FIG. 5, it is indispensable for the jobs J1 and J4 to return the execution result of the job by the job execution unit 117 to the sender. That is, in the case of the job J1, it is necessary to return the contents of the specified file to the sender.
In the case of 4, it is necessary to return data indicating the load of the designated computer to the sender. On the other hand, for the job J2 and the job J3, it is not always necessary to return the execution result of the job to the sender. However, practically, it is preferable that the execution result of the job is returned to the sender so that the sender can confirm that the job has been executed. In either case,
The job execution result can be sent to the sender in a form embedded in the file of the electronic mail, or can be sent to the sender in the form of an attached file of the electronic mail.
Of course, it may be transmitted to the sender as facsimile image information.

As described above, an e-mail addressed to a computer in the intranet system 100 passes through the firewall 200 and is sent to the mail server 1 in principle.
You will arrive at 10. Therefore, in implementing the present invention, the role of the sender authentication unit 115 becomes extremely important. Unauthorized access from the outside is rejected by the authentication process by the sender authentication unit 115.
That is, the sender authentication unit 115 has a user list indicating an identification code and a password of a staff member who has authority to use the job processing engine 114. The sender authentication unit 115 includes an identification code and a tag following the tag <ID> in the received mail as shown in FIG.
By comparing the password following <Password> with this user list, it is authenticated whether or not the given job is an instruction from an authorized user.
The execution of the job by the job execution unit 117 is performed only when the authentication by the sender authentication unit 115 ends normally.

In practice, the above-mentioned user list should include information indicating the authority given to each user, and clarify the access right for each staff member. preferable. For example, for a certain staff, reading of a file (job J1 in FIG. 5) is permitted, but erasing of the file (job J3 in FIG. 5) is not permitted. Only access to the server and its own client personal computer is permitted, or various access rights can be set. The job execution unit 117 confirms that the given job is within the range of the access right while referring to the access right set on the user list, and then executes the processing for executing the job. Good. If a non-authorized job is given, a process of notifying the error and notifying the error (using an e-mail or facsimile to notify that the given job is not authorized) Process) may be performed.

In general, e-mails have insufficient security measures, and the contents may be stolen or falsified while passing through various routes on the Internet 300. Therefore, PC 3
E-mail for transmitting a job from the server 10 to the intranet system 100 or the intranet system 1
E-mail (or its attached file) for transmitting the job execution result from the 00 side to the personal computer 310 side
It is preferable that the contents be encrypted. in this way,
When the electronic mail is encrypted and exchanged, a decryption processing unit is provided in the input stage of the sender authentication unit 115 in the job processing engine 114, and an encryption processing unit is provided in the output stage of the job execution unit 117. It is good.

§4. Various Modifications While the invention has been described with reference to a basic embodiment, some modifications will now be described.

The job J1 shown in FIG. 5 is a "job for collecting specific information stored in the intranet", and the job executing section 117 uses the collected specific information as a job execution result. Is transmitted to the user. Thus, the intranet system 1
A job of collecting specific information existing inside the intranet system 100 by accessing from outside of the system 00 is a typical job suitable for use in the system according to the present invention. Here, in the job J1 shown in FIG. 5, the information to be collected is specified by specifying its location. More specifically, the file FIL in the Web server 120 is specified by a descriptor “Web120 / FILE001” which is a parameter of the job J1.
It is specified that "E001" is a file to be collected. As described above, when the location of the information to be collected is known, if the location is specified as a parameter, the job execution unit 117 can request the specific information requested based on the location specified as the parameter. Can be collected.

However, in practice, not only the case where the location of necessary information is clear, such as “File 001 in Web server 120”.
Therefore, it is preferable to take measures to collect desired information even if the location is unclear.
Specifically, it is preferable to define a job for executing a work that is a preparation stage of information collection.

For example, if the sender of the e-mail is authenticated and a “menu creation job for creating a menu of information accessible to the sender” is prepared, the sender can firstly perform a preparation step. What is necessary is just to perform an operation of sending an e-mail instructing execution of this “menu creation job”. The job execution unit 117 refers to the access right preset for the sender, creates a menu of information accessible by the sender, and returns the menu to the sender by e-mail. Execute. The sender can use this menu on PC 310
After confirming the above, a task of sending an e-mail instructing execution of a "job for collecting specific information posted on the menu" is performed again. For example, by listing accessible information on the menu and attaching a serial number to it, the sender can use this serial number to identify the information to be collected. An information collection command using the serial number to be performed as a parameter may be sent by e-mail. Job execution unit 11
7 executes processing for collecting specific information corresponding to the serial number and transmitting it to the sender.

Alternatively, a “search job for collecting information related to a predetermined keyword” may be prepared as a job at the preparation stage of information collection. in this case,
The sender first sends an e-mail instructing execution of a “search job” including a predetermined keyword as a parameter. Upon receiving the instruction of the “search job”, the job execution unit 117
A list of information related to the specified keyword is created from the information stored in 0, and the list is transmitted to the sender using an e-mail (of course, the range of the access right of the sender) It is also possible to create a list that is narrowed down to information that can be accessed within.) The sender confirms the list with the personal computer 310, and then performs an operation of sending an e-mail instructing execution of a “job for collecting specific information on the list” again. For example, on the list
By listing information related to the keyword and attaching a serial number to it, the sender can use this serial number to specify the information to be collected. The information collection command to be sent may be sent by e-mail. Job execution unit 11
7 executes processing for collecting specific information corresponding to the serial number and transmitting it to the sender.

Next, another embodiment of the present invention will be described with reference to FIG. FIG. 6 is a block diagram in which only components related to handling of electronic mail in the client personal computer 160 shown in FIG. 1 are extracted and shown. In the embodiment shown in FIG. 2 described above, the job processing engine 114 is provided in the mail server 110. In the embodiment shown in FIG. 6, a job processing engine is provided in the client personal computer 160.

For example, when an e-mail describing a mail address addressed to the client personal computer 160 arrives at the mail server 110 via the Internet 300, the e-mail is sent to the mail receiving unit 1 shown in FIG.
11 and is distributed to the client PC 160 by the mail distribution unit 113. The e-mail arriving at the client personal computer 160 is received by the e-mail receiving unit 161 shown in FIG. For regular email,
The data is stored in a predetermined area of the data recording unit 180 from the mail distribution unit 163. Client PC 16
By operating the mail browsing unit 181 as necessary, the operator operating 0 can browse the contents of the e-mail stored in the data recording unit 180. When it is necessary to send an e-mail, a new e-mail can be created by operating the e-mail creation unit 182 and stored in the data recording unit 180. The mail can be transmitted by operating the mail transmitting unit 162. The e-mail transmitted from the mail transmission unit 162 is transmitted from the mail transmission unit 112 of the mail server 110 to the Internet 30.
0 will be transmitted.

Each component in the client personal computer 160 described above is actually a client personal computer 16
0 is a component realized by e-mail application software installed in the application software. Therefore, by adding an additional function to the application software (for example, by adding a program in the form of a plug-in), it is possible to add a component corresponding to the job processing engine 164 shown in FIG. Will be possible. This job processing engine 1
Reference numeral 64 denotes substantially the same components as those of the job processing engine 114 shown in FIG. 2, and includes a sender authentication unit 165, a job recognition unit 166, and a job execution unit 167. That is, the sender authentication unit 165 is the sender authentication unit 11
5, the job recognition unit 166 performs a function of recognizing the job included in the e-mail, similarly to the job recognition unit 116, and the job execution unit 167 performs the same function as the job execution unit 117. A function to execute a job and, if necessary, return the result using electronic mail (or facsimile).

If there is a job to be executed by the job execution unit 167 provided in the client personal computer 160, the sender sends an e-mail from the personal computer 310 to the mail address of the job processing engine 164 in the client personal computer 160. Just send it. An e-mail addressed to such an e-mail address is sent to the mail server 11
The mail distributing unit 113 in 0 is recognized as an e-mail addressed to the client personal computer 160, delivered to the client personal computer 160 via the internal network NW, and received by the mail receiving unit 161. Then, the mail is distributed to the job processing engine 164 in the mail distribution unit 163. This job processing engine 1
The processing in 64 is almost the same as the processing in the job processing engine 114 described above. That is, the sender authentication unit 16
5, the sender is authenticated, the job is recognized by the job recognition unit 166, and the job is executed by the job execution unit 167. When a reply mail indicating the execution result is created in the job execution unit 167, the reply mail is sent to the mail server 11 via the mail transmission unit 162.
0, and transmitted from the mail transmission unit 112 to the Internet 300.

As shown in FIG. 2, the job processing engine 1
14 in the mail server 110 and FIG.
As shown in FIG. 7, a major difference from the embodiment in which the job processing engine 164 is provided in the client personal computer 160 is that, in the former case, a plurality of computers connected to the internal network NW in the intranet system 100 The job is executed by the execution unit 117, whereas in the latter case, the client personal computer 1
Only the point 60 is a job execution target of the job execution unit 167. That is, since the mail server 110 is a server device and has a function of accessing other servers and a large number of clients connected by the internal network NW, the job execution unit 117 The target job can be executed. In contrast, client PC 1
Since the client 60 is not a server but a client, the job executed by the job processing engine 164 provided therein is limited to the client personal computer 160. For example, a job for accessing a file in an external storage device directly connected to the client personal computer 160 is:
It can be executed by the job processing engine 164, but can be accessed by another client personal computer,
A job for accessing the server cannot be executed by the job processing engine 164.

If an access mode using the job processing engine 164 in the client personal computer 160 is adopted as in the embodiment shown in FIG. 6, the access target from the outside is limited to the client personal computer. It can be said that it is more secure. However, since it becomes impossible to access an arbitrary server from the outside, convenience in use is limited to some extent. From a practical standpoint, it is preferable to consider which embodiment to adopt while considering the balance between security and convenience in use. Both the embodiment of FIG. 2 and the embodiment of FIG. 6 can be realized by simply adding a program that functions as a job processing engine to an existing system, and the introduction cost is relatively low. The program functioning as the job processing engine is a CD-RO
It is also possible to record and distribute on a computer-readable recording medium such as M, and to distribute via a network. Therefore, the spread of the system according to the present invention is relatively easy.

[0066]

As described above, according to the intranet system of the present invention, it is possible to use the existing system facilities as much as possible and to access from the external network while maintaining the conventional security. .

[Brief description of the drawings]

FIG. 1 shows a basic configuration of a conventionally used general intranet system 100 and a firewall 20.
FIG. 2 is a block diagram showing a state in which this is connected to the Internet 300 via the Internet 0.

FIG. 2 is a block diagram showing an embodiment in which a job execution unit 117 as a component according to the present invention is provided in the mail server 110 shown in FIG.

FIG. 3 is a diagram showing an example of electronic mail received by the intranet system according to the present invention via the Internet.

FIG. 4 is a diagram showing an example of a transmitted mail returned by the intranet system according to the present invention in response to the received mail shown in FIG.

FIG. 5 is a diagram showing an example of a job executable by the intranet system according to the present invention.

FIG. 6 shows an example of a client personal computer 160 shown in FIG.
FIG. 11 is a block diagram illustrating an embodiment in which a job execution unit 167 as a component according to the present invention is provided.

[Explanation of symbols]

 Reference Signs List 100 Intranet system 110 Mail server 111 Mail receiving unit 112 Mail sending unit 113 Mail sorting unit 114 Job processing engine 115 Sender authentication unit 116 Job recognition unit 117 Job execution unit 120 Web server 130 DB server 140 Web server 150 File server 160 Client personal computer 161 Mail reception unit 162 Mail transmission unit 163 Mail distribution unit 164 Job processing engine 165 Sender authentication unit 166 Job recognition unit 167 Job execution unit 170 ... Facsimile transmission computer 180 ... Data recording unit 181 ... Mail reading unit 182 ... Mail creation unit 200 ... Firewall 300 ... Internet 310 ... PC 320 ... Mobile phone J1-J4 ... Job N ... internal network

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B089 GA11 GA21 GB02 JA31 JA32 KA17 KB06 KB13 5K030 GA08 GA15 HA06 HA08 HC01 HC14 HD03 HD06 JL07 KA06 LD14 LD19 LD20

Claims (15)

[Claims] 1. An intranet system in which a plurality of computers are connected by an internal network and a firewall is constructed between the computers and an external network to provide security to a person belonging to a specific group. A mail server having at least an e-mail receiving function is provided inside the firewall, a sender authentication unit for authenticating a sender of the mail received by the mail server, and a job included in the mail received by the mail server are recognized. A job recognizing unit, and a job recognized by the job recognizing unit for a computer connected to the internal network within a range of authority given to the sender authenticated by the sender authenticating unit. Having a job execution unit for executing Provided management engine inside the firewall, intranet system by e-mail that has been transmitted via the external network, characterized by being configured so that a predetermined job is executed. 2. The intranet system according to claim 1, wherein a mail server having an e-mail receiving function and an e-mail receiving function is provided inside the firewall, and a job execution result by a job execution unit is transmitted to the mail server. An intranet system configured to be transmitted to a sender as an e-mail by a transmission function. 3. The intranet system according to claim 1, wherein a transmission computer having a facsimile transmission function is connected to an internal network, and a job execution result of the job execution unit is transmitted to the facsimile image via the transmission computer. An intranet system configured to be transmitted to a sender as information. 4. The intranet system according to claim 1, wherein the job recognition unit has a function of recognizing a command included in the mail and a parameter used for executing the command. An intranet system, wherein the job execution unit executes a job according to the recognized command and parameter. 5. The intranet system according to claim 2, wherein the job recognizing unit executes a “job for collecting specific information stored in the intranet” included in the mail. An intranet system having a function of recognizing, wherein a job execution unit performs a process of transmitting the specific information to a sender as a job execution result based on the recognized job. 6. The job execution unit according to claim 5, wherein the job recognition unit recognizes a “job for collecting specific information whose location in the intranet is specified”. A process of collecting the specific information based on the designated location and transmitting the specific information to a sender. 7. The intranet system according to claim 5, wherein when a “job for creating a menu of accessible information” is recognized by a job recognizing unit, the job executing unit changes the menu. When the job recognition unit recognizes the "job for collecting the specific information posted on the menu" by the job recognition unit, the job execution unit A process of collecting the specific information and transmitting the specific information to a sender. 8. In the intranet system according to claim 5, when the job recognizing unit recognizes “a job for collecting information related to a predetermined keyword”,
The job execution unit creates a list of information related to the keyword and sends the list to the sender. The job recognizing unit collects the specific information listed in the list. In the intranet system, when the “job for” is recognized, the job executing unit performs a process of collecting the specific information and transmitting the specific information to the sender. 9. The intranet system according to claim 5, wherein when the job recognizing unit recognizes the “format designation regarding specific information to be collected”, the job executing unit executes An intranet system, which performs a process of converting the specific information into a specific format specified by the format specification and transmitting the converted information to a sender. 10. The intranet system according to claim 2, wherein a result of executing the job by the job executing unit is encrypted and then transmitted to the sender as an e-mail. 11. The intranet system according to claim 2, wherein a result of executing the job by the job executing unit is transmitted to the sender in a form embedded in an e-mail file. . 12. The intranet system according to claim 2, wherein a result of executing the job by the job executing unit is transmitted to the sender in the form of an attached file of an electronic mail. 13. The intranet system according to claim 1, wherein a job processing engine is provided in the mail server, and a plurality of computers connected to the internal network are executed by the job execution unit. An intranet system characterized by: 14. The intranet system according to claim 1, wherein the job processing engine is provided in a client computer connected to an internal network, and the client computer is configured to execute the job by a job execution unit. An intranet system characterized by: 15. A program functioning as a job processing engine used in the intranet system according to claim 1, or a computer-readable recording medium recording the program.