JP2011118626A - Information processing system, file management server, control method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for allowing a shared file on an internal network to be acquired from an external network, while taking security into consideration. <P>SOLUTION: Names of folders and files that a user is authorized to access are specified, and the specified folder and file names are transmitted to a portable terminal. The folder and file names selected by the user are received; folders and files corresponding to the received folder and file names are acquired from a DB, and the acquired folder and file names are collectively uploaded to a web server. Information representing an address of the uploaded files, and a password are transmitted to the portable terminal. Upon receiving a request for access to the transmitted address, a password is requested, and when authentication by the password is successful, screen information to allow for instruction to download the uploaded files is transmitted. In response to a download instruction from the user, the uploaded files are transmitted. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technique for acquiring a file existing in an internal network from an external network.

  If you forget to copy materials (files) stored on the company's shared server to your laptop when you go out, or if you suddenly need them, even if you use a mobile communication card to connect to the network, Access from the network may be restricted from a security perspective. In this case, since it is possible to directly access the shared server in the company, it is not possible to obtain necessary files from outside the company.

  In addition, even if an attempt is made to access an in-house shared server using a mobile terminal such as a mobile phone, the access is restricted from the viewpoint of security as well, so that the file cannot be acquired.

  For this reason, there is a need for a mechanism that can acquire necessary files even in an environment in which an external shared network cannot be directly accessed.

  Patent Document 1 discloses a technique for providing a document management system capable of performing special document management without requiring a dedicated document management application for each client.

JP 2002-259590 A

  However, the invention described in Patent Document 1 is not a technology that makes it possible to acquire a shared file on an internal network from an external network in consideration of security.

  The present invention solves the above-described problems, and provides a technique that makes it possible to acquire a shared file on an internal network from an external network in consideration of security.

  The present invention relates to an information processing system in which a mobile terminal, a file management server, and a web server can communicate, wherein the file management server authenticates a user who operates the mobile terminal input from the mobile terminal. Using the first receiving means for receiving information and the authentication information received by the first receiving means, the folder name and file name to which the user has access authority are specified, and the specified folder name and file are specified. Receiving a folder name or a file name selected by a user operating the portable terminal from a first transmitting means for transmitting a name to the portable terminal and a folder name and a file name transmitted by the first transmitting means Using the second receiving means and the folder name or file name received by the second receiving means, Or a combining unit that acquires a folder or a file corresponding to a file name from a database and collects the acquired folder or file into a file of a predetermined unit, and an upload unit that uploads the file combined by the combining unit to a web server And second transmission means for transmitting information indicating the address of the file uploaded by the upload means and a password used for downloading the file to the mobile terminal, and the web server includes the first When receiving an access request for the address transmitted by the second transmitting means, a password requesting means for requesting a password, a third receiving means for receiving a password input in response to the password requesting means, and the second By three receiving means Screen information transmitted by the third transmission means, and third transmission means for transmitting screen information enabling an instruction to download the file uploaded by the upload means when the authentication by the transmitted password is successful And a fourth transmission means for transmitting the file in response to a download instruction made by the user via the screen displayed by the above.

  According to the present invention, it is possible to acquire a shared file on an internal network from an external network in consideration of security.

1 is an overall configuration diagram of a file management system according to the present invention. It is a hardware block diagram of a file management server. It is a functional block diagram of each terminal. It is a 1st flowchart which shows the flow of the process in this invention. It is a 2nd flowchart which shows the flow of the process in this invention. It is an example of the input screen of the password in a mobile telephone. It is an example of the screen which selects the folder name or file name in a mobile telephone. It is an example of the received mail. It is an example of the received screen. It is an authentication table. It is a shared file DB access right table. It is a deletion management table. It is an upload management table.

  Hereinafter, this embodiment will be described with reference to the drawings.

  FIG. 1 is an overall configuration diagram of a file management system (information processing system) according to the present invention.

  A file management server 101, a shared file DB (database) 102, a portable terminal 103, and a client terminal 104 are connected to each other via a network 105 so as to be able to communicate with each other.

The file management server 101 performs authentication in response to an access request from the mobile terminal 103, and transmits information about folders and files accessible to the authenticated user to the mobile terminal 103. Then, the folders or files selected from the mobile terminal 103 are collected into one file and uploaded to the web server, and URL information and password information are transmitted to the mobile terminal 103. In the present embodiment, the file management server 101 is assumed to have a web server function, but the web server may be another server. Then, when there is an access to the uploaded file from the mobile terminal 103 or the client terminal 104 via the network, the password is requested to be input, and when the password is valid, the file is downloaded. Finally, the uploaded file is deleted under certain conditions.

  Various files are stored in the shared file DB 102.

  The mobile terminal 103 is a mobile terminal such as a mobile phone or a PDA having a communication function and a browser function.

  The client terminal 104 is a normal personal computer.

  The network 105 is an external network or an internal network.

  It goes without saying that this configuration diagram is merely an example.

FIG. 2 is a diagram illustrating a hardware configuration of the file management server 101.

  The CPU 201 comprehensively controls each device and controller connected to the system bus 204.

  Further, the ROM 202 or the external memory 211 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS), which is a control program of the CPU 201, or a function executed by each server or each PC. Various programs to be described later are stored.

  The RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program necessary for execution of processing into the RAM 203 and executing the program.

  An input controller (input C) 205 controls input from a pointing device such as a keyboard 209 or a mouse (not shown).

  A video controller (VC) 206 controls display on a display device such as a CRT display (CRT) 210. The display device may be a liquid crystal display as well as a CRT. These are used by the administrator as needed. The present invention is not directly related.

  The memory controller (MC) 207 is connected via an adapter to a hard disk (HD), FD or PCMCIA card slot for storing boot programs, browser software, various applications, font data, user files, editing files, various data, etc. The access to the external memory 211 such as the CF memory to be controlled is controlled.

  A communication I / F controller (communication I / FC) 208 is connected to and communicates with an external device via a network, and executes communication control processing in the network. For example, Internet communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. Further, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

  A program 212 for realizing the present invention is recorded in the external memory 211 and is executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, the definition file 213 and various information tables 214 used by the program 212 according to the present invention are stored in the external memory 211, and detailed description thereof will be described later.

  FIG. 3 is a functional block diagram of each terminal.

  The file management server 101 includes a user identification / authentication function 301, a communication function 302, a mail transmission function 303, a shared file DB file display function 304, a web server function 305, and a file operation function 306.

  The user identification authentication function 301 is a function for performing user authentication based on authentication information input from a mobile terminal or a client terminal.

  The communication function 302 is a function that realizes communication with a mobile terminal or a client terminal.

  The mail transmission function 303 is a function that realizes mail transmission / reception.

  The file display function 304 in the shared file DB is a function that realizes control for displaying information on folders and files in the shared file DB accessible by the user of the authenticated mobile terminal on the mobile terminal.

  The web server function 305 is a function for temporarily uploading a folder or file selected by the user of the mobile terminal and publishing it to an external network.

  The file operation function 306 is a function for compressing and collecting folders or files selected by the user of the mobile terminal or uploading them to a web server.

  The client terminal 104 includes a communication function 307 and a display function 308.

  The communication function 307 is a function that realizes communication with the file management server.

  The display function 308 is a function for browsing the acquired file. For example, when the file to be acquired is a document file or a spreadsheet file, the file can be browsed by installing an application corresponding to each file.

  The portable terminal 103 includes a communication function 309, a display function 310, and a mail reception function 311.

  The communication function 309 is a function that realizes communication with the file management server.

  The display function 310 is a function for displaying information on folders and files acquired by the mobile terminal using the shared file DB file display function. In addition, a function for browsing the acquired file is also included.

  The mail receiving function 311 is a function for receiving mail transmitted from the file management server.

  FIG. 4 is a first flowchart showing a processing flow in the present invention.

  This flowchart is processed by the mobile terminal 103, the file management server 101, and the shared file DB. In this embodiment, a description is given using a mobile phone as an example of the mobile terminal 103.

  In 401, the mobile phone accesses the file management server. Specifically, the file management server is accessed via a dedicated application or browser installed on the mobile phone in response to a user operation on the mobile phone.

  In 402, the file management server transmits a password input screen in response to access from the mobile phone.

  In 403, the mobile phone displays a password input screen. FIG. 6 shows an example of a password input screen in the mobile phone.

  In 404, the mobile phone transmits the input password to the file management server. At the same time, a PIN code is transmitted. The PIN code is an abbreviation of “Personal Identification Number” and is a so-called password. In a mobile phone, two PIN codes can be set in a SIM (USIM) card, which are called a PIN1 code and a PIN2 code, respectively. The PIN1 code is a PIN code for outgoing / incoming calls and various communication functions, and the PIN2 code is a PIN code for protecting a specific function of the mobile phone. Therefore, in this embodiment, the PIN1 code is transmitted to the file management server.

  In 405, the file management server performs an authentication process using the input password and PIN code. At the time of authentication, the authentication table shown in FIG. 10 is used. Authentication is performed based on whether there is a record in which the input password and the PIN code match.

  In 406, the file management server determines whether the authentication result is success or failure. If successful, the process proceeds to 407. If unsuccessful, the process returns to 402 after notifying that authentication has failed.

  In 407, the file management server determines the employee number from the PIN code of the mobile phone and searches for a referable folder. By using the authentication table shown in FIG. 10, the employee number can be specified from the PIN code. In the present embodiment, the PIN code of the mobile phone is used to specify the employee number. However, the present invention is not limited to this method. For example, the MAC address of a notebook personal computer may be used, or an employee number may be explicitly input. Here, it is only necessary to specify the accessing user, and the method is not limited.

  When the employee number can be specified, folders and files that can be referred to in the shared file DB are searched based on the access authority given to the employee. Then, the screen information in a format in which the folder name and file name that have been searched for can be selected by the mobile phone is transmitted to the mobile phone. FIG. 11 manages the access right information of the shared file DB. “File directory” is information for identifying a folder. “File” is information for identifying a file. “Access control information” is for registering an employee number that can be accessed.

  In 408, the mobile phone displays only the folder name and file name that can be referred to based on the access authority in the shared server from the screen information received from the file management server. A user operating the mobile terminal can select an arbitrary folder name or file name.

  FIG. 7 shows an example of the screen. On the screen 701, “folder name A2” and “folder name A3” are displayed. When the user performs an operation of moving to the “folder name A2” level, a screen 702 is displayed. Here, it is understood that “file name 1”, “file name 2”, and “file name 3” exist in the hierarchy of “folder name A2”. After finally selecting a folder name or file name, a confirmation screen 703 is displayed. Here, “file name 1” and “file name 3” are selected. If you don't need it, you can delete it.

  In this example, since the shared file DB and the hierarchical structure of the folder are displayed in the same manner, the user can easily find and select a desired folder name and file name.

  In 409, the mobile phone transmits the finally selected folder name or file name to the file management server.

  In 410, the file management server determines whether there are a plurality of selected folder names or file names. If Yes, the process proceeds to 411. If No, the actual folder or file is extracted from the shared file DB, and the process proceeds to 412.

  In 411, the file management server extracts the actual folder or file from the shared file DB by using the selected plurality of folder names or file names, compresses them into a ZIP file, and combines (combines) them into one file. The compression format is not limited to ZIP, and any format may be used. Further, the folder or file may be grouped in an appropriate unit, not limited to one file.

  At 412, the file management server determines whether the same user has uploaded a folder or file to the web server within 30 minutes. If yes, go to 413, if no, go to 414. This time can be set to an arbitrary time.

  In 413, the file management server collectively converts the previously selected file and the currently selected file into one ZIP file. The reason why the files are combined into one file is to reduce the user's trouble of downloading. For example, if multiple files are uploaded to the web server separately within 30 minutes, the number of download operations will occur. If the files are uploaded within 30 minutes, the file management server will prepare them as one file By doing so, the user's work for downloading is reduced.

  In addition, when compressing into one file, if the same file is selected, the duplicate file may be deleted to be one.

  The compression format is not limited to ZIP, and any format may be used. Further, the folder or file may be grouped in an appropriate unit, not limited to one file. For example, the files may be grouped in the same folder unit, or may be grouped in file units including similar names.

  In 414, the file management server uploads the compressed and collected files to the web server. In the present embodiment, since the file management server has a web server function, it is uploaded to itself. Note that the deletion time is stored, and if the file is not downloaded within 30 minutes, it is deleted. This is because the uploading is only temporary. Moreover, if the data is stored without being deleted, there are problems of leakage due to unauthorized access and pressure on the recording capacity. Time can be set arbitrarily. The deletion time is managed by the deletion management table shown in FIG.

  In 415, the file management server generates a dedicated URL and password for the uploaded web server, and transmits an email to the mobile phone. Here, the mail address can be specified from the authentication table shown in FIG.

  Further, “employee”, “time”, “URL”, “password”, and “file” are managed in the upload management table shown in FIG.

  At 416, the mobile phone receives the mail. FIG. 8 shows an example of the received mail. URL information and password information are displayed.

  The first flowchart has been described above.

  Next, the flow of operations after the user acquires URL information and a password will be described with reference to FIG.

  FIG. 5 is a second flowchart showing the flow of processing in the present invention.

  In the present embodiment, description will be made as processing by a mobile phone as in the first flowchart, but the present invention is not limited to this, and a file may be downloaded by a mobile terminal or a client terminal having a browser function.

  In 501, the mobile phone having a browser function accesses the web server using the ULR information obtained in 416.

  In 502, the web server returns a password input screen in response to the access request.

  In 503, the mobile phone displays a password input screen. The user inputs the password obtained at 416 on this screen. Then, the mobile phone transmits the password to the web server.

  In 504, the web server authenticates the received password. For the authentication, an upload management table shown in FIG. 13 is used.

  At 505, the web server determines whether authentication has succeeded or failed. If successful, the process proceeds to 506. If unsuccessful, the process returns to 502 after notifying that authentication has failed.

  In 506, the web server transmits screen information for instructing to download the file.

  In 507, the mobile phone receives the screen information and displays it. An example screen is shown in FIG. The user can now select either the “Download File” button or the “Delete File” button. The mobile phone makes a request to the web server according to the selected button.

  When the download is requested, the web server transmits the requested file to the mobile phone. When requesting deletion, the web server deletes the requested file.

  At 508, the web server deletes the downloaded file. It is not necessary to delete it immediately so that it can be downloaded again. However, even in that case, it will be deleted after 30 minutes.

  The second flowchart has been described above.

  As described above, according to the present invention, it is possible to acquire a shared file on the internal network from the external network in consideration of security.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

101 File management server 102 Shared file DB
103 mobile terminal 104 client terminal 105 network

Claims (5)

An information processing system in which a mobile terminal, a file management server, and a web server can communicate,
The file management server
First receiving means for receiving authentication information relating to a user operating the portable terminal input from the portable terminal;
The authentication information received by the first receiving means is used to identify a folder name and file name to which the user has access authority, and to transmit the identified folder name and file name to the portable terminal A transmission means;
Second receiving means for receiving the folder name or file name selected by the user operating the portable terminal from the folder name and file name transmitted by the first transmitting means;
Using the folder name or file name received by the second receiving means, the folder or file corresponding to the folder name or file name is obtained from the database, and the obtained folder or file is a file in a predetermined unit. A combination means
Upload means for uploading the files combined by the combining means to a web server;
A second transmission means for transmitting information indicating the address of the file uploaded by the upload means and a password used for downloading the file to the mobile terminal;
The web server is
If the access request for the address transmitted by the second transmission means is accepted, a password request means for requesting a password;
Third receiving means for receiving a password input in response to the password request means;
A third transmission unit that transmits screen information enabling an instruction to download the file uploaded by the upload unit when the authentication by the password received by the third reception unit is successful;
And a fourth transmission means for transmitting the file in response to a download instruction made by a user via a screen displayed by the screen information transmitted by the third transmission means. Information processing system.   When the folder name or file name is selected by the user who uploaded the file to the web server, the combining unit acquires the folder or file corresponding to the folder name or file name from the database, and acquires the folder or file 2. The file management system according to claim 1, wherein the file and the uploaded file are collected into a predetermined unit of file. A file management server having a web server function,
First receiving means for receiving authentication information relating to a user operating the portable terminal input from the portable terminal;
The authentication information received by the first receiving means is used to identify a folder name and file name to which the user has access authority, and to transmit the identified folder name and file name to the portable terminal A transmission means;
Second receiving means for receiving the folder name or file name selected by the user operating the portable terminal from the folder name and file name transmitted by the first transmitting means;
Using the folder name or file name received by the second receiving means, the folder or file corresponding to the folder name or file name is obtained from the database, and the obtained folder or file is a file in a predetermined unit. A combination means
Upload means for uploading the files combined by the combining means to a web server;
Second transmission means for transmitting information indicating the address of the file uploaded by the upload means and a password used for downloading the file to the mobile terminal;
If the access request for the address transmitted by the second transmission means is accepted, a password request means for requesting a password;
Third receiving means for receiving a password input in response to the password request means;
A third transmission unit that transmits screen information enabling an instruction to download the file uploaded by the upload unit when the authentication by the password received by the third reception unit is successful;
And a fourth transmission means for transmitting the file in response to a download instruction made by a user via a screen displayed by the screen information transmitted by the third transmission means. File management server. A control method in a file management system in which a mobile terminal, a file management server, and a web server can communicate with each other,
The file management server
A first receiving step of receiving authentication information relating to a user operating the portable terminal input from the portable terminal;
Using the authentication information received in the first receiving step, a folder name and a file name to which the user has access authority are specified, and the specified folder name and file name are transmitted to the portable terminal Sending step;
A second receiving step of receiving the folder name or file name selected by the user operating the mobile terminal from the folder name and file name transmitted in the first transmitting step;
Using the folder name or file name received in the second receiving step, the folder or file corresponding to the folder name or file name is acquired from the database, and the acquired folder or file is a file in a predetermined unit. The combined steps summarized in
An uploading step of uploading the files combined in the combining step to a web server;
A second transmission step of transmitting information indicating the address of the file uploaded by the uploading step and a password used for downloading the file to the mobile terminal;
The web server is
If an access request for the address transmitted by the second transmission step is accepted, a password request step for requesting a password;
A third receiving step for receiving a password entered in response to the password requesting step;
A third transmission step of transmitting screen information enabling an instruction to download the file uploaded by the upload step when the authentication by the password received by the third reception step is successful;
A fourth transmission step of transmitting the file in response to a download instruction made by the user via the screen displayed by the screen information transmitted in the third transmission step. Control method. A program that can be executed in an information processing system in which a mobile terminal, a file management server, and a web server can communicate,
The file management server is
First receiving means for receiving authentication information relating to a user operating the portable terminal input from the portable terminal;
The authentication information received by the first receiving means is used to identify a folder name and file name to which the user has access authority, and to transmit the identified folder name and file name to the portable terminal Transmission means,
Second receiving means for receiving the folder name or file name selected by the user operating the portable terminal from the folder name and file name transmitted by the first transmitting means;
Using the folder name or file name received by the second receiving means, the folder or file corresponding to the folder name or file name is obtained from the database, and the obtained folder or file is a file in a predetermined unit. The means of combining,
Upload means for uploading the files combined by the combining means to a web server;
The information indicating the address of the file uploaded by the upload means and the password used to download the file function as a second transmission means for transmitting to the mobile terminal,
The web server
A password requesting means for requesting a password if an access request for the address sent by the second sending means is accepted;
Third receiving means for receiving a password input in response to the password request means;
A third transmission unit that transmits screen information enabling an instruction to download the file uploaded by the upload unit when the authentication by the password received by the third reception unit is successful;
A program that functions as a fourth transmission unit that transmits the file according to a download instruction made by a user via a screen displayed by screen information transmitted by the third transmission unit.

Images