JP2012137871A - Information processor, information processing method, information processing system, computer program and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable access control in consideration of security for electronic files (offline files) downloaded from a server.SOLUTION: An information processor acquires an electronic file including a server identifier and security level information of the electronic file from a server. In response to a browsing request for the acquired electronic file, the information processor receives designation of an authentication server and input of a user ID and a password to transmit the input user ID and password to the designated authentication server, and acquires a server identifier and security level information of a user which are transmitted from the authentication server, then performs browsing control of the electronic file by using the server identifier and the security level information of the electronic file which are included in the electronic file acquired by first acquisition, and the server identifier and the security level information of the user which are acquired by second acquisition.

Description

  The present invention relates to a technique for authentication when an offline file created and downloaded by an electronic form server is opened by a client.

  The electronic form system converts the form into data and performs processing, and its introduction has many advantages such as operational efficiency and cost reduction.

  For example, one of the merits is that the search can be easily performed compared to a paper form. When information is left on paper, it is not practical to search 100,000 pages of data, but by using it as electronic form data, it is easy to pick up only necessary information from a large amount of data It became possible to do.

  Currently, there are the following two usage forms of an electronic form system composed of an electronic form server and a client terminal.

  One is a usage mode in which a client terminal accesses and browses and searches electronic form data managed by an electronic form server. This is the normal usage form.

  The other is a usage mode in which electronic form data is downloaded to a client terminal and viewed as an offline file in order to view electronic form data managed by the electronic form server offline. For security reasons, it is possible to embed a password in the offline file, but there is a security problem that anyone can refer to the offline file if the password is leaked.

  In recent years, security has been emphasized in order to avoid leakage of confidential information. For example, Patent Document 1 discloses a file management system that monitors the operation of a file taken outside the company.

JP 2010-92288 A

  However, although the technique described in Patent Document 1 can monitor a file taken outside, it does not prevent the file from being opened.

  The present invention solves the above-described problems, and an object of the present invention is to provide a technique that enables access control in consideration of security for an electronic file (offline file) downloaded from a server.

  The present invention is an information processing apparatus that performs browsing control on an electronic file downloaded from a server, and obtains the electronic file including a server identifier and security level information of the electronic file from the server. And a browsing request receiving unit that receives a browsing request for the electronic file acquired by the first acquiring unit, and the designation of the authentication server, and the user ID and password according to the browsing request for the electronic file by the browsing request receiving unit Authentication information receiving means for receiving an input, authentication information transmitting means for transmitting the user ID and password that have received the input to an authentication server that has received designation by the authentication information receiving means, and the authentication information transmitting means Depending on the transmission of the user ID and password, the authentication service Second acquisition means for acquiring the server identifier and the user security level information transmitted from the server, the server identifier included in the electronic file acquired by the first acquisition means, and the security level information of the electronic file, It has browsing control means for performing browsing control of the electronic file using the server identifier acquired by the second acquisition means and the user security level information.

  According to the present invention, it is possible to control access in consideration of security for an electronic file (offline file) downloaded from a server.

Configuration diagram showing the entire electronic form system Diagram showing an example of hardware configuration The figure which shows the outline of the procedure of the implementation means in embodiment of this invention. Flow chart showing the flow of processing until the online file is saved Example of a screen for accessing multiple electronic form servers Example of user master and server setting file managed by electronic form server Flow chart showing the flow of the offline file opening process Flowchart showing the flow of processing to go offline Example of a screen displaying multiple form data in multiple browsers

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a configuration diagram showing the entire electronic form system (information processing system).

  An electronic form server 101 and a client terminal 102 are communicably connected via a network 104. Further, the client portable terminal 103 is communicably connected via the wireless network 105. The electronic form server 101, the client terminal 102, and the client portable terminal 103 can communicate with each other (hereinafter, the client terminal 102 and the client portable terminal 103 are collectively referred to as a client terminal).

  In FIG. 1, an electronic form server 101 receives print data from a host computer (not shown), generates electronic form data (form data), and registers / manages it. The electronic form data is composed of form data in which the form format is defined and actual data that is actual data. The electronic form data is also referred to as electronic data or an electronic file.

  The electronic form server 101 provides services such as browsing and searching of form data to the client terminal 102 and the client portable terminal 103 via the network 104 and the wireless network 105. The number of electronic form servers is not limited to one and may be plural. For example, it is possible to provide a flexible service by changing the form data managed for each electronic form server.

  It is also possible to provide an authentication server function for authenticating a user who operates the client terminal. Although the authentication server may be separately included in the configuration on the network, in the embodiment of the present invention, the electronic form server will be described below as including the function as the authentication server.

  The client terminal 102 and the client portable terminal 103 are client terminals used by a person who views form data and obtains calculation results, and can send and receive data to and from the electronic form server 101 via a network.

  The configuration of various terminals connected to the network in FIG. 1 is an example, and there are various configuration examples depending on the application and purpose. In the present embodiment, this system is referred to as an information processing system.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the electronic form server. This figure can also be applied to client terminals and client portable terminals. These are also called information processing apparatuses.

  In FIG. 1, the CPU 201 comprehensively controls each device connected to the system bus 204. The ROM 203 or the external memory 211 stores an operating system (OS) that is a control program for the CPU 201 and programs for realizing various functions described below.

  The RAM 202 functions as a main memory, work area, temporary save area, and the like for the CPU 201.

  The input controller 205 controls input from the input unit 209. The input unit 209 may be a pointing device such as a keyboard or a mouse, or may be a touch panel, a button, a switch, or the like.

  The display controller 206 controls display on the display unit 210. Examples of the display unit 210 include a CRT and a liquid crystal.

  An external memory controller (MC) 207 controls access to an external memory 211 that stores a boot program, various applications, font data, user files, edit files, printer drivers, and the like. In addition, the external memory 211 stores various tables, parameters, and the like. Examples of the external memory 211 include a hard disk (HD), a flexible disk (FD), a compact flash (registered trademark) connected to a PCMCIA card slot via an adapter, and smart media.

  The communication I / F controller 208 executes communication control processing with an external device via the network 105.

  A program 212 for realizing the present embodiment is recorded in the external memory 211 and is executed by the CPU 201 by being loaded into the RAM 202 as necessary. Further, a form file (form data) 213 used by the program 212 according to the present embodiment is stored in the external memory 211, and detailed description thereof will be described later.

  The hardware configuration of the client terminal is the same as that of the electronic form system 102. However, the program of each device is different from the program 212 of the electronic form server. The form file 213 is different in that the client terminal is not originally held by the client terminal. It is assumed that a program for realizing the embodiment of the present invention is installed in the client terminal.

  The form file 213 represents form display data generated from form data that defines the form format and actual data that is actual data. The form file 213 is composed of a single file or a plurality of files. Contains multiple pages. Inside the electronic form server, the same type of plural form files 213 are managed as a group, and each form file 213 is called a generation within the group.

  Next, the procedure of the implementation | achievement means in embodiment of this invention is demonstrated using FIGS.

  FIG. 3 is a diagram showing an outline of the procedure of the realizing means in the embodiment of the present invention. Here, the electronic form server 101, the client terminal 102, and the client portable terminal 103 are connected via a network.

  First, the next procedure starts by first logging in to the electronic form server from the client terminal and selecting the form data to be downloaded.

  (1) When there is a request to download form data from a client terminal, the electronic form server is an offline file (also referred to as offline data) that can be used to view the form data offline. Create a file or electronic data) and send it to the client terminal. Here, when creating the offline file, the electronic form server embeds the server identification information and the security level of the electronic form in the form data header. The server identifier is identification information for identifying the electronic form server that manages the form data, and the form security level is information that specifies the security level of the form data. In the electronic form system according to the present embodiment, the user security level is set for the logged-in user, and only users at a higher level than the security level set for the form data can view the form data. Can be possible. Therefore, a user whose login user is at a lower level than the security level set for the form data cannot view the form data. Here, it is assumed that the form security level set in the master information managed by the electronic form server is embedded as header information as it is.

  The processing flow (1) will be described with reference to the flowchart of FIG.

  In 401, the client terminal requests a login screen to the electronic form server.

  In 402, the electronic form server accepts a request for a login screen.

  In 403, the electronic form server transmits a login screen to the client terminal.

  In 404, the client terminal receives the login screen and displays the login screen.

  In the present embodiment, there are a plurality of electronic form servers. For this reason, it is necessary to specify and access an electronic form server to be logged in. For example, the URL of the access destination electronic form server is recorded in the bookmark of the browser, and the access destination electronic form server can be designated by selecting from the bookmark.

  Although the login screen is the same, the connection destination electronic form server can be identified by the address field of the browser or the description outside the field (501 and 502 in FIG. 5).

  In 405, the client terminal determines whether the login button has been pressed after inputting the user ID and password. If yes, go to 406, if no, go back to 405.

  In 406, the client terminal transmits the input user ID and password as authentication information to the electronic form server.

  In 407, the electronic form server receives the authentication information.

  In 408, the electronic form server performs an authentication process. Here, the authentication process is performed by using the user master 61 shown in FIG. That is, it is confirmed whether the received combination of user ID and password is registered in the user ID 601 and password 603 of the user master 61.

  In 409, the electronic form server transmits a form selection screen. Here, according to the security level of the authenticated user (605 in FIG. 6), the form data managed by the electronic form server is compared with the form security level, and only the form data accessible by the user can be selected. Send the form selection screen.

  In 410, the client terminal receives the form selection screen.

  In 411, the client terminal determines whether an instruction to download the form data is given. If yes, go to 412; if no, go back to 411.

  In 412, the client terminal requests download of the form data.

  In 413, the electronic form server accepts a form data download request.

  In 414, the electronic form server transmits the form data. Here, the server identification information and the security level of the form data are embedded as the header information of the form data to be transmitted. The server identifier is identification information managed in the electronic form server, and is managed in the server setting file 62 in FIG. Further, as the form security level, the form security level set in the form data is used.

  In 415, the client terminal receives the form data.

  At 416, the client terminal stores locally as an offline file.

  The flow up to saving offline files has been described above.

  Next, the outline of the procedure of the realization means in the embodiment of the present invention will be continued.

  (2) Copy the downloaded offline file to, for example, a client portable terminal used at a place where the user is out or at a customer. When an offline file is downloaded to the client mobile terminal from the beginning, it is assumed that the client mobile terminal is taken out or to a customer.

  (3) When the user attempts to open an offline file copied to the client portable terminal from the client portable terminal, the client terminal prompts for input of an authentication destination server, user ID, and password. Here, in this embodiment, it is assumed that the authentication destination server and the electronic form server are the same server, and there are a plurality of electronic form servers. Let them choose. Then, the user ID and password are input. When the login button is pressed by the user, the selected authentication server (electronic form server) is accessed and the user ID and password are transmitted.

  (4) The accessed authentication server (electronic form server) receives the user ID and password.

  (5) The authentication server (electronic form server) performs authentication processing using the acquired user ID and password information, and extracts the server identifier and the user security level when the authentication is successful. The server identifier is server identification information managed by itself (62 in FIG. 6), and the user security level is a security level set for the accessing user (605 in FIG. 6). .

  (6) The authentication server returns the acquired server identifier and user security level to the client portable terminal.

  (7) The client terminal receives the server identifier and the user security level.

  (8) The client terminal compares the acquired server identifier and user security level, the server identifier of the fly file and the form security level, and if the server identifier matches and the user security level is higher than the form security level, the client terminal open.

  The flow of the processes (2) to (8) will be described with reference to the flowcharts of FIGS.

  FIG. 7 is a flowchart showing a flow of processing for opening an offline file.

  In 701, the client terminal opens an offline file. This is a process according to the browsing request by the user. For example, the user makes a browsing request by double-clicking an offline file downloaded locally, and the client terminal performs processing for opening the offline file.

  In 702, the client terminal determines whether it is online. If Yes, the process proceeds to 704. If No, the process proceeds to 703. This determines whether the user operating the client terminal is currently logged in to the authentication server (electronic form server). That is, it is determined whether a session is established (logged in) between Klein, the terminal, and the authentication server. This is included in the header information of the offline file to be opened since the server identifier of the login destination and the logged-in user security level information are retained when the login is successful in 808 of FIG. 8 described later. This determination can be made based on whether or not the server identifier that matches the server identifier is held.

  Also, online status management can be performed for each browser. In this embodiment, since it is assumed that there are a plurality of electronic form servers (authentication servers), the online state of a plurality of authentication servers is managed in units of browsers. Accordingly, when an attempt is made to open an offline file having the server identifier of the electronic form server A with the browser A while the electronic form server A is in an online state, the online form is already online. It is determined that it is in a state, and the process proceeds to 704. On the other hand, when the electronic form server A is in an online state but the electronic form server B is not in an online state, and the browser A tries to open an offline file having the server identifier of the electronic form server B, Since it is not in the online state, it is determined in 702 that it is not in the online state, and the process proceeds to 703. In this case, the browser B is newly activated and the processing of 703 is performed.

  FIG. 9 shows an example in which a plurality of form data is displayed by a plurality of browsers. Reference numerals 901 and 902 indicate connection to different electronic form servers.

  By managing the online status with multiple electronic form servers separately in this way, even if the form data managed by multiple electronic form servers is downloaded locally as offline files, You can browse the data.

  In 703, an “online state” process is performed. Details of this processing will be described with reference to FIG.

  FIG. 8 is a flowchart showing a flow of processing for setting the offline state.

  In 801, the client terminal accepts designation of an authentication server and input of a user ID and a password. As described above, here, the authentication server is selected by the user from a pull-down list or the like, and the user ID and password are input.

  In 802, the client terminal accesses the authentication server and transmits a user ID and a password.

  In 803, the authentication server acquires a user ID and a password.

  In 804, the authentication server determines whether the authentication process is successful. If Yes, the process proceeds to 806. If No, the client terminal is notified of an error, and the process proceeds to 805. The authentication here uses the user master 61.

  In 805, the client terminal notifies the user that the authentication error has occurred, returns to 801, and waits for re-input.

  In 806, the authentication server acquires and transmits a server identifier and user security level information. As described above, the server identifier is server identification information managed by itself (62 in FIG. 6), and the user security level is a security level set for the accessing user (FIG. 6). 6 of 605).

  In 807, the client terminal receives the server identifier and user security level information.

  In 808, the client terminal places the client terminal in an online state. The online state indicates that the user is logged in to the authentication server, and holds the server identifier and user security level information during the login state. Note that the online state is canceled when there is an explicit logout instruction or when a time-out occurs after a certain time has elapsed since the offline file was opened.

  Next, in 704, the client terminal determines whether the server identifiers are the same. If yes, go to 706, if no, go to 705. Here, the determination is made based on whether or not the server identifier included in the header information of the offline file to be opened matches the currently logged-in server identifier. By determining that the server identifiers match, it is possible to prevent browsing of the form data by a user who does not have access authority to the electronic form server. For example, even if the offline file downloaded by the user A is copied to the client terminal of the user B, if the user B does not have access authority to the electronic form server from which the offline file is downloaded, the user B I can't view the file. Therefore, for example, even if an offline file leaks, a third party cannot view the offline file.

  In 705, the client terminal displays a server identification error on the display device.

  In 706, the client terminal determines whether the user security level is higher than the form security level. If yes, then go to 708; if no, go to 707. Here, it is determined whether the form security level included in the header information of the offline file to be opened is lower than the user security level of the currently logged-in user. By comparing the security levels, even if the user has access authority to the electronic form server, it is possible to prevent the user from having access authority to view the form data. For example, even if the offline file downloaded by the user A is copied to the client terminal of the user B and the user B has the authority to access the electronic form server from which the offline file is downloaded, the user security level of the user B is When the form data is lower than the form security level of the form data, the user B cannot browse the offline file. Therefore, for example, even if an offline file is mistakenly passed to a subordinate, an unauthorized subordinate cannot view the offline file.

  In 707, the client terminal displays on the display device that the security error has occurred.

  At 708, the client terminal opens an offline file.

  The procedure of the realizing means in the embodiment of the present invention has been described above.

  As described above, according to the present invention, it is possible to perform access control in consideration of security for an electronic file (offline file) downloaded from an electronic form server.

  Originally, an offline file allows browsing of form data even in an environment where connection to a network is not possible. On the other hand, in the embodiment of the present invention, it is necessary to access an authentication server (electronic form server) via a network in order to browse offline files. Therefore, in an environment where no network connection is possible, it becomes impossible to browse offline files.

  However, since network connection is only for user authentication, it does not involve a large amount of file exchange and network bandwidth does not need to be wide. It becomes. For this reason, if a large amount of form data is to be viewed on the go or at a customer, it can be quickly viewed without downloading the form data on the go if it is downloaded as an offline file in advance.

  Although the present invention is inferior in convenience compared with the conventional offline file, on the other hand, in the present situation where security is important, the risk of information leakage can be reduced compared with the conventional offline file. In this respect, it has a greater effect.

  The preferred embodiments of the present invention have been described in detail above, but the present invention is not limited to such specific embodiments, and various modifications can be made within the scope of the gist of the present invention described in the claims.・ Change is possible.

  The object of the present invention is achieved by the following. That is, a storage medium (or recording medium) in which a program code of software that realizes the functions of the above-described embodiments is recorded is supplied to the system or apparatus. Then, the central processing means (CPU or MPU) of the system or apparatus reads and executes the program code stored in the storage medium. In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiment, and the storage medium recording the program code constitutes the present invention.

  In addition, by executing the program code read by the central processing means of the system or apparatus, an operating system (OS) or the like operating on the system or apparatus performs actual processing based on the instruction of the program code. Do some or all. The case where the function of the above-described embodiment is realized by the processing is also included.

  Further, it is assumed that the program code read from the storage medium is written in a memory provided in a function expansion card inserted into the system or apparatus or a function expansion unit connected thereto. After that, based on the instruction of the program code, the CPU of the function expansion card or function expansion unit performs part or all of the actual processing, and the function of the above-described embodiment is realized by the processing. It is.

  When the present invention is applied to the storage medium, the storage medium (computer-readable storage medium) stores program codes corresponding to the flowcharts described above.

101 electronic form server 102 client terminal 103 client portable terminal 104 network 105 wireless network

Claims (7)

An information processing apparatus that performs browsing control on an electronic file downloaded from a server,
First acquisition means for acquiring the electronic file including a server identifier and security level information of the electronic file from the server;
A browsing request receiving unit that receives a browsing request for the electronic file acquired by the first acquiring unit;
In response to a browsing request for the electronic file by the browsing request receiving unit, an authentication information receiving unit that accepts designation of an authentication server and input of a user ID and a password;
Authentication information transmitting means for transmitting the user ID and password received for the input to the authentication server that has received designation by the authentication information receiving means;
Second acquisition means for acquiring a server identifier and user security level information transmitted from the authentication server in response to transmission of a user ID and password by the authentication information transmission means;
Using the server identifier and electronic file security level information included in the electronic file acquired by the first acquisition means, and the server identifier and user security level information acquired by the second acquisition means, An information processing apparatus comprising browsing control means for performing browsing control of an electronic file. A management unit that manages that the acquisition source authentication server is online when the server identifier and the user security level are acquired by the second acquisition unit;
In response to a browsing request for the electronic file by the browsing receiving unit, it is determined whether a server identifier included in the electronic file matches a server identifier of an authentication server managed as being offline by the management unit Determination means,
The browsing control means is managed by the management means when the judgment means determines that they match, the server identifier contained in the electronic file acquired by the first acquisition means, the security level information of the electronic file, and the management means The information processing apparatus according to claim 1, wherein browsing control of the electronic file is performed using a server identifier and a user security level.   The information processing apparatus according to claim 2, wherein the management unit can manage a server identifier and a user security level for a plurality of authentication servers. An information processing method in an information processing apparatus that performs browsing control on an electronic file downloaded from a server,
A first acquisition step of acquiring the electronic file including a server identifier and electronic file security level information from the server;
A browsing request receiving step for receiving a browsing request for the electronic file acquired by the first acquiring step;
In response to a browsing request for the electronic file by the browsing request receiving step, an authentication information receiving step for receiving an designation of an authentication server and an input of a user ID and a password;
An authentication information transmission step of transmitting the user ID and password accepted for the input to the authentication server accepted for designation in the authentication information acceptance step;
A second acquisition step of acquiring a server identifier and user security level information transmitted from the authentication server in response to transmission of the user ID and password in the authentication information transmission step;
Using the server identifier and the security level information of the electronic file included in the electronic file acquired by the first acquisition step, the server identifier and the user security level information acquired by the second acquisition step, An information processing method comprising: a browsing control step for performing browsing control of an electronic file. An information processing system capable of communicating between a server that manages an electronic file and an information processing device that performs browsing control on the electronic file downloaded from the server,
The server
In response to a request from the information processing apparatus, first transmission means for transmitting the electronic file including a server identifier and security level information of the electronic file;
Using authentication information transmitted from the information processing apparatus, and performing authentication processing, and when the authentication processing is successful, has a second transmission means for transmitting the server identifier and the user security level information,
The information processing apparatus includes:
First acquisition means for acquiring the electronic file including a server identifier and security level information of the electronic file from the server;
A browsing request receiving unit that receives a browsing request for the electronic file acquired by the first acquiring unit;
In response to a browsing request for the electronic file by the browsing request receiving unit, an authentication information receiving unit that accepts designation of an authentication server and input of a user ID and a password;
Authentication information transmitting means for transmitting the user ID and password received for the input to the authentication server that has received designation by the authentication information receiving means;
Second acquisition means for acquiring a server identifier and user security level information transmitted from the authentication server in response to transmission of a user ID and password by the authentication information transmission means;
Using the server identifier and electronic file security level information included in the electronic file acquired by the first acquisition means, and the server identifier and user security level information acquired by the second acquisition means, An information processing system comprising browsing control means for performing browsing control of an electronic file. A computer program executable in an information processing apparatus that performs browsing control on an electronic file downloaded from a server,
First acquisition means for acquiring the electronic file including a server identifier and security level information of the electronic file from the server;
A browsing request receiving unit that receives a browsing request for the electronic file acquired by the first acquiring unit;
Authentication information receiving means for receiving designation of an authentication server and input of a user ID and a password in response to a browsing request for the electronic file by the browsing request receiving means,
Authentication information transmitting means for transmitting the user ID and password received for the input to the authentication server that has received the designation by the authentication information receiving means;
Second acquisition means for acquiring a server identifier and user security level information transmitted from the authentication server in response to transmission of a user ID and password by the authentication information transmission means;
Using the server identifier and electronic file security level information included in the electronic file acquired by the first acquisition means, and the server identifier and user security level information acquired by the second acquisition means, A computer program for causing the information processing apparatus to function as browsing control means for performing browsing control of an electronic file.   A recording medium storing the program according to claim 6 in a computer-readable manner.

Images