JP2011133948A - Router, web browser authentication method for the router, and web browser authentication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a router, a Web browser authentication method of the router, and a Web browser authentication program for simplifying an authenticating operation in accessing a Web site which requires authentication. <P>SOLUTION: A router 10 stores authentication information when a communication terminal accesses a Web site in an authentication information storage means 13. When a request is made from the communication terminal to access the Web site, a second access request transmission means 15 makes a request to access the Web site by using the authentication information acquired by retrieval of the authentication information storage means 13 by an authentication information retrieval means 14. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a router for authenticating a web browser, a web browser authentication method for the router, and a web browser authentication program.

  As application software for browsing various contents on the Internet, web browsers are used in various communication terminals such as personal computers and mobile phones. When a user accesses various websites using a web browser, a specific website such as a membership website requires authentication to prove the eligibility of the accessing person. Of course, many websites do not require such authentication.

  FIG. 19 shows the processing of each unit when a web browser accesses a website that requires authentication as the first related technique of the present invention (see, for example, Patent Document 1). It is assumed that the web site 103 is accessed via the router 102 using the web browser 101 installed in a user terminal (not shown).

  The web browser 101 cannot detect in advance whether the website 103 that the user is going to access requires authentication. Accordingly, when accessing the website 103, the web browser 101 transmits a GET method as an HTTP (Hypertext Transfer Protocol) request without authentication to the router 102 (step S201). Here, a GET method as an HTTP request is expressed as an HTTP GET request in this specification.

  The router 102 transfers the HTTP GET request sent from the web browser 101 to the website 103 as it is (step S202). Assume that the website 103 requires authentication upon logon. In this case, when receiving an HTTP GET request, the website 103 returns an error message “HTTP 401 Unauthorized” (hereinafter referred to as an HTTP 401 response) to the router 102 as an error message (step S203). The router 102 transfers this HTTP 401 response to the web browser 101 (step S204).

  Since the web browser 101 returns an error message, the web browser 101 determines that the website 103 to be accessed requires authentication. Therefore, the web browser 101 displays a screen such as a dialog box for prompting the user to input, and requests input of a user name and a password (step S205).

  In response to this, it is assumed that the user inputs a user name and a password (step S206). Then, the web browser 101 transmits an authenticated HTTP GET request to the router 102 (step S207). The router 102 transfers the HTTP GET request with authentication to the corresponding website 103 (step S208).

  When the website 103 receives the authenticated HTTP GET request, the website 103 determines whether the user name and the password are correct. If the combination is correct, the authentication is successful, and a message indicating success (“HTTP 200 response” hereinafter) is returned to the router 102 (step S209). The router 102 transfers this HTTP 200 response to the web browser 101 (step S210). The web browser 101 receives the HTTP 200 response. In this way, the accessed web site 103 is displayed on the web browser 101.

  FIG. 20 shows a state in which access is made to a website that does not require authentication in the first related technology. The same steps as those in FIG. 19 are denoted by the same step numbers as those in FIG. 19, and the description thereof is omitted.

  In the case of the website 104 that does not require authentication, when an HTTP GET request is received from the router 102 (step S202), an HTTP 200 response is returned to the router 102 (step S221). The router 102 transfers this HTTP 200 response to the web browser 101 (step S222). Therefore, unlike the case of FIG. 19, the web browser 101 can display the website 104 without transmitting an authenticated HTTP GET request and performing an authentication procedure.

  In this way, when the first related technology is used, when accessing the website 103 that requires authentication as shown in FIG. 19, the process of inputting the user name and password as compared with the process of FIG. Is necessary, and the processing becomes complicated by this amount.

  In order to solve this problem, a web browser having a function of storing a user name and a password has been proposed as a second related technique of the present invention.

Japanese Unexamined Patent Publication No. 2009-212585 (paragraph 0206, FIG. 1)

  However, according to the second related technique, even when the web browser stores the user name and password, an HTTP 401 response indicating that the authentication from the website is an error is sent via the router. For this reason, the web browser of the communication terminal that has received the HTTP 401 response generates and displays a screen requesting input of the user name and password. Therefore, the user starts the input process of the user name and password on this screen, and as a result, useless processing is performed.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a router, a router web browser authentication method, and a web browser authentication program capable of simplifying the authentication operation when accessing a website requiring authentication.

  Another object of the present invention is to provide a router capable of omitting the input of a user name and a password when a user accesses a corresponding website from another communication terminal, a web browser authentication method of the router, and web browser authentication. To provide a program.

  In the present invention, (b) access request receiving means for receiving an access request for a website connected to the wide area network side from a communication terminal connected to the local area network side, and (b) the access request receiving means A first access request transmitting means for transmitting an access request not accompanied by the authentication information of the communication terminal to the request destination website when receiving the access request from the communication terminal; Authentication information storage means that stores the corresponding communication terminal for each required website and its authentication information, and (d) authentication is required from the above website for the access request transmitted by the above access request transmission means. Authentication information search means for searching the authentication information storage means when information indicating that it is present is sent (E) The router includes second access request transmitting means for transmitting an access request to the website described above on behalf of the communication terminal using the authentication information acquired as a search result by the authentication information searching means. .

  In the present invention, (b) an access request receiving step for receiving an access request for a website arranged on the wide area network side from a communication terminal arranged on the local area network side; A first access request transmission step of transmitting an access request without authentication information of the communication terminal to the request destination website when the access request is received from the communication terminal described above in (c) A communication terminal corresponding to each website requiring authentication when the information indicating that the authentication is required is sent from the website in response to the access request transmitted in the access request transmitting step and the authentication. An authentication information search step for searching the authentication information storage means storing the information; The router's web browser authentication method includes a second access request transmission step of transmitting an access request to the website described above on behalf of the communication terminal using the authentication information acquired as a search result in the authentication information retrieval step. To do.

  Further, according to the present invention, an access request reception process for receiving an access request for a website arranged on the wide area network side from a communication terminal arranged on the local area network side as a web browser authentication program in the router computer. (B) when the access request is received from the communication terminal in the access request reception process, an access request without the communication terminal authentication information is transmitted to the request destination website. And (c) a web that requires authentication when information indicating that authentication is required from the website described above for the access request transmitted in the access request transmission process. Authentication information storage that stores the corresponding communication terminal and authentication information for each site And (d) a second access for transmitting an access request to the website described above on behalf of the communication terminal using the authentication information acquired as a search result in the authentication information search process. Request transmission processing is executed.

  As described above, according to the present invention, the router provides the communication information corresponding to each website requiring authentication and the authentication information storage means storing the authentication information. Therefore, the router can transmit the access request to the website on behalf of the communication terminal using the authentication information registered in the authentication information storage means, not only reducing the burden required for user authentication but also the user input error. Can prevent delays in procedures.

It is a claim corresponding | compatible figure of the router of this invention. It is a claim corresponding | compatible figure of the web browser authentication method of the router of this invention. It is a claim corresponding | compatible figure of the web browser authentication program of this invention. It is a system configuration figure showing the outline of the web browser authentication system by an embodiment of the invention. It is explanatory drawing showing the mode of a process of each part in case a web browser accesses the website which requires authentication with the web browser authentication system of this Embodiment. It is a top view showing an example of the authentication information input screen in this Embodiment. It is explanatory drawing showing the mode of a process of each part in case a web browser accesses the website which requires authentication in this Embodiment. Processing of each unit when authentication is not successful despite sending an authenticated HTTP GET request based on the user name and password stored by the router to the website requiring authentication in the present embodiment It is explanatory drawing showing a mode. An explanation showing the state of processing of each part in the web browser authentication system in the case where the user name and password are not stored on the router side in this embodiment and the authentication processing is not successful with these pieces of information obtained from the user FIG. It is explanatory drawing showing the mode of a process of each part in a web browser authentication system when authentication fails even if a user name and a password are memorize | stored in the router side in this Embodiment. It is a flowchart showing the outline | summary of a process in case the router in this Embodiment receives the HTTP GET request from a communication terminal via a LAN side network. 12 is a flowchart specifically showing authentication processing by a router shown in step S507 of FIG. It is explanatory drawing which showed an example of the registration content of the memory | storage part of the router in this Embodiment. It is explanatory drawing which showed the other example of the registration content in the memory | storage part of the router of this Embodiment. It is explanatory drawing showing the content after the correction | amendment of the memory | storage part in the router of this Embodiment. It is explanatory drawing which showed the content of the authentication information search necessity table in the 1st modification of this invention. It is a flowchart showing the authentication process of the router at the time of receiving the HTTP GET request in a 1st modification. It is explanatory drawing showing the content of the memory | storage part of the router of a 2nd modification. It is explanatory drawing showing the mode of a process of each part in case a web browser accesses the website which requires authentication as the 1st related technique of this invention. It is explanatory drawing showing a mode that the access with respect to the website which does not require authentication by 1st related technology is performed.

  FIG. 1 shows a claim correspondence diagram of the router of the present invention. The router 10 of the present invention includes an access request receiving unit 11, a first access request transmitting unit 12, an authentication information storing unit 13, an authentication information searching unit 14, and a second access request transmitting unit 15. . Here, the access request receiving means 11 receives an access request for a website connected to the wide area network side from a communication terminal connected to the local area network side. The first access request transmitting unit 12 receives an access request without the communication terminal authentication information from the request destination website when the access request receiving unit 11 receives the access request from the communication terminal. Send. The authentication information storage unit 13 stores a communication terminal corresponding to each website requiring authentication and its authentication information. The authentication information search means 14 searches the authentication information storage means 13 when information indicating that authentication is required from the website described above in response to the access request transmitted by the access request transmission means 11. The second access request transmission unit 15 transmits an access request to the website described above instead of the communication terminal using the authentication information acquired as a search result by the authentication information search unit 14.

  FIG. 2 is a diagram corresponding to a claim of the web browser authentication method of the router of the present invention. The router web browser authentication method 20 of the present invention includes an access request reception step 21, a first access request transmission step 22, an authentication information search step 23, and a second access request transmission step 24. Here, in the access request receiving step 21, an access request for a website arranged on the wide area network side is received from a communication terminal arranged on the local area network side. In the first access request transmission step 22, when the access request is received from the communication terminal described in the access request reception step 21, the access request without the communication terminal authentication information described above is made to the request destination website. Send. In the authentication information search step 23, the communication terminal corresponding to each website requiring authentication and the authentication information storage means storing the authentication information are searched. This is performed when information indicating that authentication is necessary is sent from the website described above for the access request transmitted in the first access request transmission step 22. In the second access request transmission step 24, the access request is transmitted to the website described above instead of the communication terminal using the authentication information acquired as the search result in the authentication information search step 23.

  FIG. 3 shows a correspondence diagram of claims of the web browser authentication program of the present invention. The web browser authentication program 30 of the present invention causes the router computer to execute an access request reception process 31, a first access request transmission process 32, an authentication information search process 33, and a second access request transmission process 34. I have to. Here, in the access request reception process 31, an access request for a website arranged on the wide area network side is received from a communication terminal arranged on the local area network side. In the first access request transmission process 32, when the access request is received from the communication terminal described above in the access request reception process 31, the access request without the communication terminal authentication information described above is made to the request destination website. Send. In the authentication information search process 33, the communication terminal corresponding to each website requiring authentication and an authentication information storage means storing the authentication information are searched. This is performed when information indicating that authentication is necessary is sent from the website described above in response to the access request transmitted in the first access request transmission process 32. In the second access request transmission process 34, an access request is transmitted to the website described above instead of the communication terminal using the authentication information acquired as the search result in the authentication information search process 33.

  <Embodiment of the Invention>

  Next, an embodiment of the present invention will be described.

  FIG. 4 shows an outline of the web browser authentication system according to the embodiment of the present invention. In the web browser authentication system 300 of this embodiment, a router 302 is connected to the Internet 301. This router 302 is connected to a communication terminal 304 via a LAN (Local Area Network) side network 303. Various servers are connected to the Internet 301.

  In the present embodiment, the first web server 306 and the second web server 307 are exemplarily shown. The first web server 306 includes a CPU (Central Processing Unit) 311 and a control unit 313 including a memory 312 that stores a control program executed by the CPU 311. The second web server 307 also has a control unit 316 including a CPU 314 and a memory 315 storing a control program executed by the CPU 314. The first web server 306 has a first website 317 that requires authentication. The second web server 307 has a second website 318 that does not require authentication.

  The router 302 is a broadband router, and similarly includes a CPU 321 and a control unit 323 including a memory 322 storing a control program executed by the CPU 321. The control unit 323 controls the following functional units.

  The LAN interface unit 324 has one or more 8-pin modular jacks (RJ-45) and is connected to a cable constituting the LAN side network 303 to perform transmission / reception processing of packet signals. Similarly, a WAN (Wide Area Network) interface unit 325 is connected to the Internet 301 via one or more 8-pin modular jacks (RJ-45) to perform transmission / reception processing of packet signals. The connection method of the LAN interface unit 324 and the WAN interface unit 325 is not limited to the method described above.

  The router unit 326 transfers the packet to the LAN interface unit 324 and the WAN interface unit 325 according to the packet transfer conditions. When the communication terminal 304 uses the web browser 334 to access the website 317 to be authenticated, the router device function unit 327 searches for a user name and password, and generates an input screen for these user name and password. To do. The storage unit 328 stores a combination of a user name and password for authentication and a URL (Uniform Resource Locator) of a website that performs authentication.

  The communication terminal 304 includes a CPU 331 and a control unit 333 including a memory 332 that stores a control program executed by the CPU 331. The communication terminal 304 includes a web browser 334 as application software executed by the CPU 331 and a terminal function unit 335 including other function units for realizing the communication terminal. The terminal function unit 335 includes, for example, a display for display, an operation unit for inputting various data, and a communication control unit (both not shown) for performing communication via the LAN side network 303.

  The first website 317 performs basic authentication. Here, the basic authentication is one of authentication methods defined by HTTP. In basic authentication, a multi-statement in which a colon “:” is placed between a user name and a password used for authentication is transmitted to the server side by an encoding method called basic 64. Basic authentication is widely used as the most common method for authentication.

  FIG. 5 shows the processing of each unit when the web browser accesses a website that requires authentication in the web browser authentication system of the present embodiment. This will be described with reference to FIG. In the process of FIG. 5, the user registers the combination of the user name and password in the first website 317, but the access destination URL, user name, and password are still stored in the storage unit 328 of the router 302. Shall not.

  Assume that the user of the communication terminal 304 uses the web browser 334 to browse the first website 317 that requires authentication, and transmits an HTTP GET request to the router 302 (step S401). Here, it is assumed that the URL of the first website 317 is “http://www.bb.co.jp/bbb/”, the user name required for authentication is “user-b”, and the password is “pass- b ".

  When receiving the HTTP GET request, the router 302 starts a standby state of an HTTP response (hereinafter simply referred to as a response) (step S402). Then, the received HTTP GET request is transferred to the first website 317 as the destination (step S403).

  In the same manner as described with reference to FIG. 19, when receiving the HTTP GET request, the first website 317 returns a message “HTTP 401 Unauthorized” (HTTP 401 response) as an error message to the router 302 (step S404).

  When receiving the HTTP 401 response from the first website 317, the router 302 searches for authentication information corresponding to the HTTP 401 response (step S405). At this stage, the authentication information related to the first website 317 is not registered in the router 302. Therefore, the router 302 generates an authentication information input screen for allowing the user to input authentication information (step S406). Then, the router 302 transmits the generated authentication information input screen information to the web browser 334 as a response to the communication terminal 304 (step S407).

  When the information on the authentication information input screen is sent, the communication terminal 304 displays this on the display of the terminal function unit 335.

  FIG. 6 shows an example of the authentication information input screen. On the authentication information input screen 341, user name and password input fields 342 and 343 for “http://www.cc.co.jp/ccc/” as a URL that the user is trying to access are arranged. . The user can omit the input of the user name and password from the next time by putting a check symbol in the check box 344 marked as “store the user name and password in the router”.

  Since the access destination URL, user name, and password are not stored in the storage unit 328 of the router 302, the user inputs these, and if necessary, puts a check symbol in the check box 344 and presses the send button 345. Send. In the present specification, for the sake of simplicity of explanation, it is assumed that a check symbol is put in this check box. If a cancel button 346 is pressed, transmission can be canceled.

  Returning to FIG. When the user inputs the access destination URL, user name, and password and presses the send button 345 (FIG. 6), the user name and password are transmitted to the router 302 together with the check symbol entry status in the check box 344 (FIG. 6). (Step S408). The router 302 receives this and generates an HTTP GET request with authentication (step S409). The router 302 transmits the generated authenticated HTTP GET request to the website 317 (step S410).

  The first website 317 that requires authentication receives an authenticated HTTP GET request and determines whether the username and password are the correct combination. If the combination is correct, the authentication is successful, and an HTTP 200 response indicating success is returned to the router 302 (step S411). The router 302 transfers this HTTP 200 response to the web browser 334 (step S412). The web browser 334 receives the HTTP 200 response. In this way, the accessed first web site 317 is displayed on the web browser 334.

  On the other hand, since the authentication is successful, the router 302 stores the combination of the access destination URL, user name, and password in the storage unit 328 (step S413). Then, the response waiting state is terminated (step S414). The above shows the state of the authentication process of the web browser authentication system 300 when the router 302 does not store the URL of the access destination, the user name, and the password.

  FIG. 7 shows the processing of each unit when a web browser accesses a website that requires authentication. This will be described with reference to FIG. The processing of FIG. 7 represents a state after the URL, user name, and password of the access destination are stored in the storage unit 328 of the router 302. In FIG. 7, portions where the same processing as that in FIG. 5 is performed are denoted by the same step numbers, and description thereof is omitted as appropriate.

  Assume that the user of the communication terminal 304 instructs to browse the first website 317 using the web browser 334 after storing the URL, user name, and password of the access destination in the storage unit 328 of the router 302. Accordingly, the web browser 334 transmits an HTTP GET request to the router 302 (step S401).

  When receiving the HTTP GET request, the router 302 starts a response standby state (step S402). Then, the received HTTP GET request is transferred to the first website 317 as the destination (step S403).

  When the first website 317 receives the HTTP GET request, the first website 317 returns a message “HTTP 401 Unauthorized” (HTTP 401 response) as an error message to the router 302 (step S404).

  When receiving the HTTP 401 response from the first website 317, the router 302 searches for authentication information corresponding to the HTTP 401 response (step S405). At this time, the authentication information related to the first website 317 is registered in the router 302. Therefore, the router 302 generates an HTTP GET request with authentication (step S409). The router 302 transmits the generated authenticated HTTP GET request to the website 317 (step S410).

  The first website 317 that requires authentication receives an authenticated HTTP GET request and determines whether the username and password are the correct combination. If the combination is correct, the authentication is successful, and an HTTP 200 response indicating success is returned to the router 302 (step S411). The router 302 transfers this HTTP 200 response to the web browser 334 (step S412). The web browser 334 receives the HTTP 200 response. In this way, the accessed first web site 317 is displayed on the web browser 334.

  On the other hand, the router 302 already stores the combination of the URL of the access destination, the user name, and the password in the storage unit 328. Accordingly, these storage processes are unnecessary, and the response waiting state is immediately terminated (step S414). The above shows the state of the authentication processing of the web browser authentication system 300 after storing the combination of the URL of the access destination, the user name and the password in the router 302.

  FIG. 8 shows the processing of each unit when authentication is not successful even though an authenticated HTTP GET request based on the user name and password stored by the router is sent to a website requiring authentication. It represents. This will be described with reference to FIG. The processing in FIG. 8 occurs when the user name or password cannot be used. In FIG. 8, the same steps as those in FIG. 5 are denoted by the same step numbers, and description thereof will be omitted as appropriate.

  Assume that the user of the communication terminal 304 instructs to browse the first website 317 using the web browser 334 after storing the URL, user name, and password of the access destination in the storage unit 328 of the router 302. Accordingly, the web browser 334 transmits an HTTP GET request to the router 302 (step S401).

  Thereafter, the processing until the router 302 transmits an HTTP GET request with authentication to the website 317 using the storage unit 328 (step S410) is the same as FIG. Here, normally, as shown in step S 411 of FIG. 7, the authentication is successful, and an HTTP 200 response indicating success is returned to the router 302. However, in the example shown in FIG. 8, since the combination of the user name and the password is not correct, an HTTP 401 response as an error message is returned to the router 302 (step S404).

  Therefore, in this example shown in FIG. 8, the router 302 creates an authentication information input screen in order to know the correct user name and password (step S406). Then, the router 302 transmits the generated authentication information input screen information to the web browser 334 as a response to the communication terminal 304 (step S407).

  In this way, the authentication information input screen is displayed on the display of the communication terminal 304. The user inputs the URL of the access destination, the user name and the password there and presses the send button 345, and these are sent to the router 302 (step S408). The router 302 receives this and generates an authenticated HTTP GET request again (step S409). The router 302 transmits the generated authenticated HTTP GET request to the website 317 (step S410).

  When receiving the authenticated HTTP GET request, the first website 317 determines again whether the user name and the password are the correct combination. If the combination is correct, the authentication is successful, and an HTTP 200 response indicating success is returned to the router 302 (step S411). The router 302 transfers this HTTP 200 response to the web browser 334 (step S412). As a result, the first website 317 is displayed on the web browser 334, although it takes time for the user.

  In the router 302, the combination of the URL of the access destination, the user name, and the password is stored again in the storage unit 328 based on the success of the authentication (step S413A). Then, the response waiting state is terminated (step S414). In this way, the URL, user name, and password of the access destination stored in the storage unit 328 are corrected to the correct combination. Therefore, even when the first website 317 fails to authenticate for some reason, this failure can be solved.

  FIG. 9 shows a state of processing of each part in the web browser authentication system when the user name and password are not stored on the router side and the authentication processing is not successful with these pieces of information obtained from the user. is there. This will be described with reference to FIG. The portions in FIG. 9 where the same processing as in FIG. 5 is performed are given the same step numbers, and description thereof will be omitted as appropriate.

  In the case of this example, as in the process of FIG. 5, the user registers the combination of the user name and password on the first website 317, but the URL of the access destination is still stored in the storage unit 328 of the router 302. User name and password are not stored. Therefore, the processing from step S401 to step S410 proceeds in the same manner as in FIG. In step S410, an HTTP GET request with authentication is transmitted to the website 317 based on the user name and password sent from the web browser 334 in step S408. In the example shown in FIG. 5, an HTTP 200 response indicating successful authentication is returned to the router 302 (step S411).

  The example of FIG. 9 is a case where the user inputs an incorrect user name or password from the web browser 334, for example, and an HTTP 401 response as an error message is returned to the router 302 (step S404). Therefore, the router 302 repeats the processing from step S406 to step S410 in FIG. 9 until an HTTP 200 response indicating successful authentication is returned from the first website 317 (step S451).

  When an HTTP 200 response indicating successful authentication is returned from the first website 317 (step S411), the router 302 performs the same processing as the processing after step S412 in FIG. 5 and ends the response waiting state. (Step S414).

  As described above, in the process of FIG. 9, the user repeatedly inputs the user name and password until the first website 317 returns an HTTP 200 response indicating a successful authentication (step S451). Therefore, when a user name or password corresponding to a different URL is entered by mistake, or when an uppercase letter or lowercase letter is entered by mistake, the user can recognize the mistake and finally succeed in authentication.

  FIG. 10 shows the processing of each part in the web browser authentication system when authentication fails even though the user name and password are stored on the router side. This will be described with reference to FIG. In the processing of FIG. 10, the same step numbers are assigned to the portions where the same processing as in FIG. 5 is performed, and description thereof will be omitted as appropriate.

  In the case of this example, as in the process of FIG. 5, the user registers the combination of the user name and password in the first website 317, and the information is also stored in the storage unit 328 of the router 302. ing. For this reason, when the processing from step S401 to step S405 proceeds in the same manner as in FIG. 5, the router 302 acquires authentication information. The router 302 generates an HTTP GET request with authentication using this authentication information (step S461). The router 302 transmits the generated authenticated HTTP GET request to the website 317 (step S410).

  The first website 317 that requires authentication receives an authenticated HTTP GET request and determines whether the username and password are the correct combination. As a result, an HTTP 401 response as an error message is returned to the router 302 (step S404). This means that the authentication information searched in step S405 is not correct.

  Therefore, the router 302 creates an authentication information input screen for allowing the user to input authentication information (step S462). Then, the router 302 transmits the generated authentication information input screen information to the web browser 334 (step S407).

  The user inputs the URL of the access destination, the user name and the password there and presses the send button 345 (FIG. 6), and these are transmitted to the router 302 (step S408). The router 302 receives this and generates an authenticated HTTP GET request again (step S409). The router 302 transmits the generated authenticated HTTP GET request to the website 317 (step S410).

  Assume that a user name or password different from the user name and password set by the user for authentication of the first website 317 is stored in the storage unit 328 of the router 302. Then, it is assumed that the user inputs the same wrong user name or password as that stored in the storage unit 328 on the authentication information input screen sent from the router 302. In such a case, even if an authenticated HTTP GET request is transmitted to the website 317 in step S410, the website 317 returns an HTTP 401 response as an error message to the router 302 (step S404).

  Therefore, the router 302 repeats the processing from step S462 to step S410 in FIG. 10 until an HTTP 200 response indicating successful authentication is returned from the first website 317 (step S463).

  When an HTTP 200 response indicating successful authentication is returned from the first website 317 (step S411), the router 302 transfers the HTTP 200 response to the web browser 334 (step S412). Thereafter, the combination of the URL, the user name, and the password of the access destination stored in the storage unit 328 is overwritten on the storage unit 328 to correct the contents (step S464). Then, the response waiting state is terminated (step S414).

  The router 302 stores in the memory 332 a control program that enables the processes of FIGS. 5 and 7 to 10 described above. The contents of this control program will be described next.

  FIG. 11 shows an outline of processing when the router receives an HTTP GET request from the communication terminal via the LAN side network. This will be described with reference to FIG.

  The router 302 monitors reception of packets from the LAN side network 303 using the LAN interface unit 324 (step S501). When the packet is received (Y), the LAN interface unit 324 determines whether this is an HTTP GET request (step S502). If the packet is other than an HTTP GET request (N), processing according to the type of the packet is executed.

  On the other hand, when it is determined that the packet received in step S502 is an HTTP GET request (Y), the router 302 starts a response waiting state (step S503). Then, the received HTTP GET request is transferred to, for example, the first website 317 as a destination (step S504). Thereafter, it waits for a response from the corresponding website (step S505).

  If a response is received in this standby state (Y), it is checked whether this is an HTTP 401 response as an error message (step S506). If the response is an HTTP 401 response (Y), authentication processing described in detail later is executed (step S507). When this is completed, the response standby state is terminated (step S508), and the process returns to step S501 again (return). If a response other than the HTTP 401 response is received in step S506 (N), the response is transferred to the corresponding communication terminal (step S509), and the process proceeds to step S508.

  FIG. 12 specifically shows the authentication processing by the router shown in step S507 of FIG. This will be described with reference to FIG.

  In this authentication process, as shown in FIG. 11, since the response from the first website 317 is an HTTP 401 response, the router 302 registers the access destination URL, user name, and password as authentication information in the storage unit 328. It is searched whether it has been done (step S521). As described above, the URL of the first website 317 is “http://www.bb.co.jp/bbb/”, the user name required for authentication is “user-b”, and the password is “pass”. -B ". It is assumed that the user name and password are already registered in the first website 317 as an access destination in association with the user of the communication terminal 304.

  It is assumed that the authentication information is not registered as a result of the router 302 searching the storage unit 328 (step S522: N, Auth = 0). Here, “Auth” is a value for managing the history of the authentication process.

  FIG. 13 shows an example of registered contents in the storage unit of the router. In the storage unit 328, the URL “http://www.bb.co.jp/bbb/” of the first website 317 and the user name and password are not registered.

  Returning to FIG. 12, the description will be continued. Since the authentication information related to the first website 317 is not registered in the storage unit 328 (step S522: N), the router 302 generates an authentication information input screen (step S523). The router 302 transmits this authentication information input screen to the communication terminal 304 (step S524). And it waits for a user name and a password to be sent from the communication terminal 304 (step S525).

  When a new user name and password are received from the communication terminal 304 (step S525: Y), the router 302 generates an HTTP GET request with authentication (step S526). Then, this authenticated HTTP GET request is transmitted to the first web site 317 to be accessed (step S527).

  On the other hand, if the authentication information related to the first website 317 is registered in the storage unit 328 in step S522 (Y), it is not necessary to inquire the communication terminal 304 about the authentication information. Therefore, in this case, the router 302 immediately generates an authenticated HTTP GET request (step S526), and transmits the authenticated HTTP GET request to the first web site 317 to be accessed (step S527). In this way, the router 302 transmits the user name and password of the communication terminal 304 as an authenticated HTTP GET request to the first website 317 to be accessed, and receives a response from the first website 317. Wait (step S528).

  If a response is received from the first website 317 (step S528: Y), it is determined whether the response code is 200 or 401 (steps S529 and S530). Here, the response code of 200 means that an HTTP 200 response indicating a successful authentication is sent from the first website 317. The response code 401 means that an HTTP 401 response representing an error message has been sent from the first website 317.

  FIG. 14 shows another example of registered contents in the storage unit of the router. In this example, the user name registered in the storage unit 328 is “user-b”, and the password is “pass-1”. The password is different from “pass-b” registered in the first website 317.

  In the example of FIG. 14, the router 302 determines that the authentication information is registered in the storage unit 328 in step S522 of FIG. 12 (Y, Auth = 1). However, the password is different from that registered in the first website 317. For this reason, when an HTTP GET request with authentication is transmitted to the first web site 317 to be accessed (step S527), an HTTP 401 response is returned (step S529: N, step S530: Y).

  In this example, the router 302 checks whether “Auth” as a value for managing the history of authentication processing is “0” (step S531). Since it is not “0” (N), the value for managing the history of the authentication process is changed from “1” to “2”. Then, returning to step S523, the router 302 generates an authentication information input screen, transmits it to the communication terminal 304, makes an HTTP GET request with authentication, and waits for reception of a response. The response code is “200”. It repeats until it becomes (step S523 to step S530).

  When the user notices an input error and sends the password set to “pass-b” to the router 302 (step S525: Y), an authenticated HTTP GET request based on this is sent to the first website 317. (Step S527). In this case, an HTTP 200 response indicating success is sent from the first website 317 to the router 302 (step S529: Y). In this case, the router 302 transfers this HTTP 200 response to the communication terminal 304 (step S532).

  The router 302 checks whether the value for managing the history of the authentication process at this time is “1” (step S533). The case where this value is “1” is a case where the authentication information is registered in the storage unit 328 (step S522: Y), and the authentication is successful with an HTTP GET request with authentication based on this (step S522). S529: Y). In this case (step S533: Y), the authentication information registered in the storage unit 328 is correct. Therefore, a series of authentication processing is terminated without correcting the registered content in the storage unit 328 (end).

  On the other hand, when the value for managing the history of the authentication process is other than “1” (step S533: N), the router 302 checks whether this value is “0” (step S534). When the value for managing the history of the authentication process is “0”, the authentication information is not registered in the storage unit 328 (step S522: N), and the authentication is successful with the user name and password inquired to the user. Is the case. In this case, since the user name and password entered by the user are incorrect and an HTTP 401 response is returned from the first website 317 (step S530: Y), the authentication information is retransmitted by the user (step S531). : Y). If it is determined in step S534 that the value for managing the history of the authentication process is “0” (Y), the router 302 stores the first web site 317 to be accessed and the user name and password for this in the storage unit 328. Registration is performed (step S535). Then, the router 302 ends a series of authentication processes (end).

  When it is determined in step S534 that the value for managing the history of the authentication process is other than “0”, the authentication information is registered in the storage unit 328 (step S522: Y). This is a case where the authentication based on the above is not successful (step S530: Y). In this case, an HTTP 200 response indicating success is obtained from the first website 317 by re-sending the authentication information by the user (step S529: Y). Therefore, the registration content of the storage unit 328 is corrected with the authentication information newly obtained in step S525 (step S536). Then, the router 302 ends a series of authentication processes (end).

  FIG. 15 shows the contents after correction of the storage unit of the router. Compared to FIG. 14, the password for the URL “http://www.bb.co.jp/bbb/” of the first website 317 in the storage unit 328 in FIG. 15 is changed from “pass-1” to “pass-b”. It can be seen that this has been corrected.

  Finally, a case where a response other than the HTTP 200 response and the HTTP 401 response is sent from the first website 317 will be described. In this case (step S529: N, step S530: N), this response is transferred to the corresponding communication terminal 304 (step S537). In this case as well, the router 302 ends a series of authentication processes (end).

  As described above in detail, according to the present embodiment, the communication terminal 304 connected to the LAN side of the router 302 accesses the first website 317 that is the website that performs authentication using the web browser 334. There are the following effects.

  First, when a user enters a user name and password on the authentication information input screen generated by the router 302 and accesses the first website 317 for authentication, the router 302 accesses the URL, user name and password of the access destination. Remember. Thereafter, when accessing the URL of the access destination stored in the router 302, it becomes unnecessary to input the user name and password from the communication terminal 304.

  Second, if authentication information is stored in the storage unit 328 of the router 302, the user name and password stored in the router 302 are used even when a terminal different from the one used when the authentication information is input is used. To access a website for authentication. In this way, the router 302 performs authentication, so that the user does not need to input the user name and password every time, and convenience is improved.

  <First Modification of Invention>

  In the embodiment described above, the router 302 shown in FIG. 4 receives an HTTP GET request from the communication terminal 304 and forwards it to the WAN side, and then receives an HTTP 401 response and searches the storage unit 328 for authentication information. It was. The present invention is not limited to this. For example, it is possible to set whether or not to search for authentication information using the MAC address (Media Access Control address) or IP address (Internet Protocol Address) of the communication terminal 304. Thereby, authentication operation can be simplified only for a specific communication terminal.

  FIG. 16 shows the contents of the authentication information search necessity table in the first modification of the present invention. This authentication information search necessity table 601 is stored in a predetermined area other than the area for storing authentication information in the storage unit 328 of the router 302 shown in FIG. 4, for example.

  In the authentication information search necessity table 601 of this modification, a setting is made to search for authentication information for a communication terminal whose IP address is 192.1688.11.2. For other communication terminals whose IP address is 192.1688.11.3, a setting is made not to search for authentication information.

  FIG. 17 shows the authentication process of the router when an HTTP GET request is received in the first modification. This process corresponds to the process of FIG. 12 that embodies step S507 in the process of FIG. 11 in the previous embodiment. This will be described with reference to FIGS. 4, 11, 12, 16 and 19. Note that the “router” in this modification is represented as a router 302A and is distinguished from the router 302 described in the embodiment.

  As shown in FIG. 11, it is assumed that the router 302 receives an HTTP GET request from the communication terminal 304, transfers it to the first website 317, and receives an HTTP 401 response as an error message (step S506 in FIG. 11: Y). In this case, the modified router 302A refers to the authentication information search necessity table 601 shown in FIG. 16 (step S701 in FIG. 17). When the necessity of the search entered corresponding to the IP address of the communication terminal 304 that sent the HTTP GET request requires the search (step S702: Y), the authentication information is searched in the storage unit 328. This is performed (step S703). This is a case where the IP address of the communication terminal 304 is “192.1688.11.2”. In this case, the router 302A thereafter executes the corresponding process from step S522 to step S537 in FIG. 12 (step S704). That is, the process in step S704 in this case is the same as the process shown in the embodiment.

  On the other hand, it is assumed that the necessity of the search entered corresponding to the IP address of the communication terminal 304 does not require the search (step S702: N). This is a case where the IP address of the communication terminal 304 is “192.1688.11.3”. In this case, the HTTP 401 response from the first website 317 received by the router 302A is transferred to the corresponding web browser 334 (step S705).

  The web browser 334 performs processing from step S205 onward in FIG. That is, since the error message is returned, the web browser 334 determines that the first website 317 to be accessed requires authentication. Therefore, the web browser 334 displays a screen such as a dialog box for prompting the user to input, and prompts for the user name and password (see step S205).

  Assume that the user of the communication terminal 304 inputs a user name and password (see step S206). Then, the web browser 334 transmits an authenticated HTTP GET request to the router 302A (see step S207).

  As shown in FIG. 17, after performing the process of step S705, the router 302A waits for reception of an authenticated HTTP GET request (step S706). When the router 302A receives the HTTP GET request with authentication (Y), it transfers this to the first website 317 (step S707). Then, it waits for a response from the first website 317 (step S708). When a response is received from the first website 317 (Y), if this is an HTTP 200 response indicating a successful authentication (step S709: Y), the HTTP 200 response is transferred to the web browser 334 (step S710). A series of processing ends (end).

  On the other hand, when the response from the first website 317 is an HTTP 401 response indicating a failure of authentication (step S709: N, step S711: Y), the process returns to step S705 and the HTTP 401 response is transferred to the web browser 334. (Step S705). In this case, the user of the communication terminal 304 inputs the user name and password again, and the subsequent processing is performed. When a response other than the HTTP 200 response and the HTTP 401 response is received from the first website 317 (step S711: N), the response is transferred to the web browser 334 (step S712), and the series of processing ends (step S712). End).

  <Second Modification of Invention>

  Next, a second modification of the present invention will be described. The router of the second modification (hereinafter referred to as router 302B) can set a user name and a password for each communication terminal to access when accessing the same website.

  FIG. 18 shows the contents of the storage unit of the router according to the second modification. In the storage unit 328B of this modified example, the items (No.) “1” and “2” are different for the same access destination URL “HTTP: //www.aa.co.jp/aaa/”. The IP address (Internet Protocol Address) of the communication terminal is specified. User names and passwords for these IP addresses are also different. Thereby, it is possible to use different user names and passwords when accessing the same website with two communication terminals connected to the same router 302B. Specifically, when the IP address is 192.168.11.151, the user name is “user-1”, the password is “pass-1”, and the IP address is 192.168.11.115. In this case, the user name is “user-2” and the password is “pass-2”.

  In item “3”, a set of user names and passwords is set for all IP addresses other than the IP addresses listed in the storage unit 328B. As a result, all communication terminals to which an IP address other than 192.168.11.151 or 192.168.11.152 is assigned are registered on the web of “HTTP: //www.aa.co.jp/aaa/”. You can access the site with a single username and password. Specifically, access is performed using a user name “user-3” and a password “pass-3”.

  According to this second modification, when there are a plurality of terminals on the LAN side of the router, it is possible to restrict whether or not the authentication operation is performed for each terminal, or for each terminal when accessing the same website. There is an effect that a different user name and password can be used.

  In this second modification, the user name and password are managed in association with the IP address of the communication terminal, but these may be associated with the MAC address (Media Access Control address) of each communication terminal. Further, the embodiment and each modification have been described on the assumption that the website uses basic authentication. In addition to this, for example, even when a website uses digest authentication, the present invention can simplify the authentication operation.

DESCRIPTION OF SYMBOLS 10,302 Router 11 Access request receiving means 12 First access request transmitting means 13 Authentication information storing means 14 Authentication information searching means 15 Second access request transmitting means 20 Router web browser authentication method 21 Access request receiving step 22 First Access request transmission step 23 Authentication information retrieval step 24 Second access request transmission step 30 Web browser authentication program 31 Access request reception processing 32 First access request transmission processing 33 Authentication information retrieval processing 34 Second access request transmission processing 300 Web browser authentication system 301 Internet 304 Communication terminal 306 First web server 311, 321, 331 CPU
312, 322, 332 Memory 317 First website 324 LAN interface unit 325 WAN interface unit 326 Router unit 328, 328B Storage unit 601 Authentication information search necessity table

Claims (9)

An access request receiving means for receiving an access request for a website connected to the wide area network side from a communication terminal connected to the local area network side;
A first access request transmitting means for transmitting an access request without authentication information of the communication terminal to the request destination website when the access request receiving means receives the access request from the communication terminal;
A communication terminal corresponding to each website requiring authentication, and an authentication information storage means storing the authentication information;
An authentication information search unit that searches the authentication information storage unit when information indicating that authentication is necessary is sent from the website in response to the access request transmitted by the access request transmission unit;
A router comprising: second access request transmission means for transmitting an access request to the website on behalf of the communication terminal using authentication information acquired by the authentication information search means as a search result. Authentication information transmission requesting means for requesting transmission of authentication information to the communication terminal that made the access request when there is no authentication information corresponding to the authentication information storage means;
2. The router according to claim 1, further comprising authentication information receiving means for receiving when authentication information is sent from the communication terminal in response to a request made by the authentication information transmission request means.   3. The router according to claim 2, further comprising third access request transmitting means for transmitting an access request to the website on behalf of the communication terminal using the authentication information received by the authentication information receiving means.   An authentication information storage means updating means for updating the contents of the authentication information storage means when information indicating successful authentication is sent from the website in response to the request from the third access request transmission means; The router according to claim 3.   The router according to claim 1, wherein the authentication information search unit searches the communication terminal by an IP address or a MAC address.   2. The router according to claim 1, wherein a different user name and password are registered in the authentication information storage means for each communication terminal.   2. The router according to claim 1, wherein the authentication information storage means registers the same user name and password for a plurality of specific communication terminals. An access request receiving step for receiving an access request for a website arranged on the wide area network side from a communication terminal arranged on the local area network side;
A first access request transmitting step of transmitting an access request without authentication information of the communication terminal to the request destination website when the access request is received from the communication terminal in the access request receiving step;
When the information indicating that authentication is required is sent from the website in response to the access request transmitted in the access request transmission step, the communication terminal corresponding to each website requiring authentication and its authentication information An authentication information search step for searching the stored authentication information storage means;
And a second access request transmission step of transmitting an access request to the website on behalf of the communication terminal using the authentication information acquired as a search result in the authentication information search step. Browser authentication method. On the router computer,
An access request reception process for receiving an access request for a website arranged on the wide area network side from a communication terminal arranged on the local area network side;
A first access request transmission process for transmitting an access request without authentication information of the communication terminal to the request destination website when the access request is received from the communication terminal in the access request reception process;
Communication information corresponding to each website requiring authentication when authentication information is sent from the website for the access request transmitted in the access request transmission process, and the authentication information. An authentication information search process for searching the stored authentication information storage means;
A web browser authentication program for executing a second access request transmission process for transmitting an access request to the website on behalf of the communication terminal using the authentication information acquired as a search result in the authentication information search process .

Images