JP2016162278A - Access relay device, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information and communication technology capable of reducing risk that data to be input from a terminal and transmitted to a server is stolen.SOLUTION: When a user U inputs input data such as password, etc. required by a Web server 4 by operating an input terminal 2, an input request including the input data which are input is transmitted to an input relay program IR in an access relay device 1 and is delivered to a virtual browser VB. Then, a request message with the input data set as an input item in an input form is transmitted from the virtual browser VB to the Web server 4 through the Internet N. The Web server 4 executes prescribed processing such as log-in authentication, etc. using the input data and returns a response message. By returning the response message, a Web content showing a result of executed processing is transmitted to an access terminal 3 via the virtual browser VB in the access relay device 1 and is displayed on a screen of a Web browser.SELECTED DRAWING: Figure 1C

Description

  The present invention relates to an information communication technique for relaying access to a server.

  Various online services such as Internet banking and electronic commerce are provided through public communication networks such as the Internet. In order to use the online service, a user may input authentication information such as a password, payment information such as a credit card number, information such as personal information that the user does not want to use from a terminal.

  In recent years, a user terminal such as a PC (personal computer) is infected with malware such as a key logger that monitors and records input data from an input device such as a keyboard, and authentication information input to the terminal is stolen. There is. Then, the stolen authentication information may be misused and the online service may be illegally used due to impersonation or the like.

Instead of an input device connected to a PC via USB (Universal Serial Bus) or Bluetooth (registered trademark), a PC and a wireless LAN (Local
An input method has been proposed in which a portable information terminal that can communicate via an area network is used as an input device of a PC (see Non-Patent Document 1). In this method, a program that is executed on a PC and relays input receives data input via a software keyboard or the like of the portable information terminal from the portable information terminal and processes it as data input to the PC.

  In addition, in order to securely input authentication information and perform remote access to the information processing server, an authentication device capable of inputting authentication information is used to transmit the authentication information to the information processing server to be remotely accessed. A system has been proposed (see Patent Document 1). In this authentication information transmission system, an access terminal that accesses an information processing server first acquires access authentication information from an authentication device, transmits it to a remote access management device, and requests access authentication. Next, the remote access management device relays data communicated between the access terminal that has performed access authentication and the information processing server, and processes authentication information input from the user and acquired from the authentication device. Send to server.

JP 2009-122921 A

“Air HID: WiFi Mouse & KeyBoard”, [online], Google Inc., [Search January 28, 2015], Internet <URL: https://play.google.com/store/apps/details?id = jp.androidTools.Air_HID_Demo_1m & hl = en>

  In the input method using the above-described portable information terminal as an input device, theft of data by a keylogger or the like that monitors the device driver of the input device can be suppressed. However, there is a possibility that input data may be stolen by monitoring key events that occur in an OS (Operating System) or an attack that uses a vulnerability of a program that is executed on a PC and relays input.

  Further, in the above-described authentication information transmission system, since the access terminal acquires information for access authentication from the authentication device by communication, there is an opportunity for malware or the like infected with the access terminal to access the authentication device. Therefore, there is a possibility that the authentication device becomes an attack target of a malicious person and authentication information is stolen.

  In view of such a situation, an object of the present invention is to provide an information communication technology that can further reduce the risk of theft of data input from a terminal and transmitted to a server.

  The present invention employs the following means in order to solve the above-described problems. That is, the present invention is the following access relay device. An access relay device that relays access to a server, and when a request for access to the server is received from the first terminal, the password information that starts relaying access to the server and is associated with the first terminal Is included in the association request in the case where the access relay starting means for notifying the determined password information to the notification destination determined according to the first terminal and the association request including the password information are received from the second terminal. An association means for associating the first terminal with the second terminal when it is determined that the identification information and the identification information associated with the determined first terminal match, and a second associated with the first terminal An access relay device comprising: input data transmitting means for transmitting input data to a server when an input request including input data is received from the terminal.

  In such an access relay device, the first terminal and the second terminal do not need to communicate directly, but both terminals are associated, and the input data from the second terminal is received by the first terminal Sent to the server without going through Therefore, even if the first terminal is infected with malware, etc., the key related to the input data not being intercepted by the first terminal or the occurrence of communication that does not occur on the first terminal due to malware etc. Acquisition of events is suppressed. Moreover, it is suppressed that the 2nd terminal related to input data by malware etc. is specified. Therefore, it is possible to further reduce the risk that data input from the terminal and transmitted to the server is stolen.

  The access relay apparatus according to the present invention may have the following characteristics. The first terminal and the second terminal are connected to a local network installed in the facility, the local network and the access relay device are connected by a communication network higher than the data link layer, and the access relay device is By transmitting the data link layer frame via the communication network using communication higher than the data link layer, the data link layer transmission path connected to the local network is connected to the equipment installed in the local network. A transmission path establishment unit established via the network, and the association unit associates the first terminal connected to the local network to which the established transmission path is connected with the second terminal.

  In the present invention, the data link layer is a layer 2 layer in an OSI (Open Systems Interconnection) basic reference model. In such an access relay device, the first terminal of the local network, which is the connection destination of the transmission path established through the communication network, and the second terminal are associated with each other, relaying access from the first terminal, The input data of the second terminal is transmitted to the server via the communication network. The input data can be transmitted to the server using a previously provided access relay device without installing a new access relay device in the local network. Therefore, an input environment for input data to the server with reduced risk of data theft can be provided simply and quickly to a terminal of a desired local network.

The access relay apparatus according to the present invention may have the following characteristics. Based on the data acquired by accessing the server, image data representing a browsing screen including display of content provided by the server is generated, and image transmission means for transmitting the generated image data to the first terminal is further provided.

  In such an access relay device, the content acquired from the server can be browsed by the transmitted image data in the first terminal. At this time, since the content is transmitted as image data, it is difficult to analyze the content by malware or the like that infects the first terminal as compared to the case where the content is transmitted as text data. For this reason, it is possible to suppress detection of information that should be kept secret, such as accessing a login screen, based on analysis of content by malware or the like. Therefore, the content provided by the server can be viewed on the terminal while further suppressing security risks.

  The access relay apparatus according to the present invention may have the following characteristics. The image data generated by the image transmission means is image data of a browsing screen further including display of an input field of input data waiting for input by the server, and the image transmission means receives the input data from the second terminal. The browsing screen is updated so that the input data includes the display entered in the input field, and the updated browsing screen image data is transmitted to the first terminal.

  According to such an access relay device, since the browsing screen including the display of the input field in which the input data is entered is transmitted to the first terminal, the user checks the state of the input field on the first terminal. However, input data can be input from the second terminal with suitable operability.

  The access relay apparatus according to the present invention may have the following characteristics. The input data of the input request received by the input data transmitting means is data indicating characters designated by operating the arranged character keys.

  Here, the character key includes both a case where the character key is a logical one such as a character palette arranged on the screen as a software keyboard, and a case where the character key is a physical button or the like arranged on the terminal or the like. According to such an access relay device, the character data designated by the operation of the character key is input to the server with the operability similar to the case of inputting the character from the first terminal using the second terminal. it can.

  The present invention also relates to an information processing method executed by a computer or other device including an access relay device, a machine or the like (hereinafter also referred to as “computer etc.”), or a program for causing a computer or the like to execute the information processing method. It is possible to grasp as well. The present invention can also be understood as a program recorded on a computer-readable recording medium. Here, a computer-readable recording medium is a recording medium that stores information such as data and programs by electrical, magnetic, optical, mechanical, or chemical action and can be read from a computer or the like. Say.

  According to the present invention, it is possible to further reduce the risk that data input from a terminal and transmitted to a server will be stolen.

FIG. 1A is an explanatory diagram 1 (start of access relay) for explaining an overview of access to a Web server in the embodiment. FIG. 1B is an explanatory diagram 2 (pairing) for explaining an overview of access to the Web server in the embodiment. FIG. 1C is an explanatory diagram 3 (data input) for explaining an overview of access to the Web server in the embodiment. FIG. 2 is a diagram illustrating a communication system in the embodiment. FIG. 3 is a diagram illustrating a hardware configuration of each device in the embodiment. FIG. 4 is a diagram illustrating a logical network configuration between the access relay apparatus and the terminal in the embodiment. FIG. 5 is a diagram illustrating a main functional configuration of the access relay apparatus according to the embodiment. FIG. 6 is a diagram illustrating a terminal management table. FIG. 7 is a diagram illustrating a pair management table. FIG. 8 is a diagram illustrating a domain management table. FIG. 9 is a diagram illustrating an access management table. FIG. 10 is a diagram illustrating an access history table. FIG. 11 is a sequence diagram illustrating the flow of the process for starting access to the server. FIG. 12 is a sequence diagram illustrating the flow of the pairing process. FIG. 13 is a sequence diagram illustrating the flow of access processing to the server with data input. FIG. 14 is a screen diagram illustrating a browsing screen in which data is input in the input field.

  Hereinafter, embodiments of the present invention (hereinafter also referred to as “present embodiments”) will be described with reference to the drawings. The embodiment described below shows an example for carrying out the present invention, and the present invention is not limited to a specific configuration described below. The description includes (1) overview, (2) system configuration, (3) hardware configuration, (4) VPN network, (5) functional configuration, (6) process flow, (7) operational effects, (8) It describes in order of a modification.

<Overview>
In the communication system of the present embodiment, input data of an input form required by the Web server can be input from the input terminal for Web access from the access terminal to the Web server on the Internet. Here, the access terminal is an example of “first terminal”, the input terminal is an example of “second terminal”, the Internet is an example of “communication network”, and the Web server is an example of “server”. It is. In the present embodiment, such an input function is provided as a so-called cloud-type service via the Internet to an access terminal or an input terminal connected to a local network of a facility such as a residence. Note that the communication system of this embodiment operates for Web access, but may operate for access of various types of communication other than Web.

1A to 1C are explanatory diagrams illustrating an overview of access to a Web server in the present embodiment. 1A to 1C show an outline of access from the access terminal 3 connected to the local network of the residence H to the Web server 4 on the Internet. 1A to 1C show the Internet N, a Web server 4 connected to the Internet N, and a residence H where a user U who uses an input function is present. In the residence H, a router 6 connected to the Internet N is installed, and a local network is constructed. Further, the residence H provides a connection function of an access terminal 3 that is a starting point of access to the Web server 4, an input terminal 2 that is used to input input data, and a VPN (Virtual Private Network) of the data link layer. A service adapter 5 is shown. Details of VPN connection will be described later. In the residence H, the access relay device 1 is also shown. Although the access relay apparatus 1 physically exists outside the residence H, it is logically connected to the local network at the data link layer through a VPN connection, as if it were a communication node connected directly to the local network. Behave. Details of hardware and processing of each element shown in FIG. 1 will be described later.

  FIG. 1A represents the start of access relay from the access terminal 3 to the Web server 4. First, when the user U performs an operation for performing web access to the web server 4 on the web browser of the access terminal 3, a request message for requesting web access to the web server 4 is sent from the access terminal 3 to the router 6. (DF1). Next, the request message reaches the virtual browser VB, which is a program that operates in the access relay device 1 and manages browsing of the Web page to be accessed (DF2). Next, the request message reaches the Web server 4 from the virtual browser VB via the Internet N (DF3). In response to the request message, the Web server 4 returns a response message to the virtual browser VB. The response message returned here includes, for example, content representing a login page having an input form for requesting input of a password or the like. The Web content included in the response message is displayed on the Web browser of the access terminal 3 via the virtual browser VB. The virtual browser VB is associated with the access terminal 3, determines a password pairing number (an example of “password information”) used for pairing between the access terminal 3 and the input terminal 2, and displays the screen of the access terminal 3. To display to the user U.

  FIG. 1B illustrates the state of pairing that associates the access terminal 3 and the input terminal 2. First, when the user U inputs the notified pairing number to the input terminal 2, a pairing request including the pairing number (an example of “association request”) is activated by the access relay apparatus 1 via the router 6. To the input relay program IR (DF4). Here, the input relay program IR is a program that relays input data. In the access relay apparatus 1, after the validity of the pairing number is confirmed, a process of pairing the input terminal 2 and the access terminal 3 is executed. When the pairing is successful, a software keyboard is displayed on the input terminal 2, and the input terminal 2 can accept input of characters.

  FIG. 1C illustrates an access state accompanied by data input from the input terminal 2. First, when the user U operates the input terminal 2 and inputs input data such as a password requested by the Web server 4, an input request including the input data that has been input is transmitted to the input relay program IR in the access relay device 1, It is passed to the virtual browser VB (DF5). Next, a request message in which input data is set as an input item of the input form is transmitted from the virtual browser VB to the Web server 4 via the Internet N (DF6). In the Web server 4, predetermined processing such as login authentication using input data is executed, and a response message is returned. In response to the response message, the Web content indicating the result of the executed processing is transmitted to the access terminal 3 via the virtual browser VB of the access relay device 1 and displayed on the Web browser screen (DF7). .

  In such a communication system, input data is transmitted to the Web server 4 without going through the access terminal 3, so that the risk of the data input to the terminal being stolen is reduced. Below, the detail of such a communication system is demonstrated.

<System configuration>
FIG. 2 is a diagram illustrating a communication system according to this embodiment. FIG. 2 shows the access relay device 1, the Web server 4, the L2 relay device R, the Internet N, and a plurality of facilities F. A local network L is installed in each facility F. An input terminal 2, an access terminal 3, a VPN service adapter 5, and a router 6 are connected to the local network L.

  The access relay device 1 is a computer that relays Web access between the access terminal 3 and the Web server 4 to be accessed. The access relay device 1 is installed in a data center or the like. In the access relay device 1, a virtual browser VB and an input relay program IR are installed. The virtual browser VB is a Web client that performs Web access in accordance with a request from the access terminal 3 and is a program that manages browsing of Web pages to be accessed by the access terminal 3. The input relay program IR is a program that relays input data from the input terminal 2 and transmits it to the Web server 4 in cooperation with the virtual browser VB.

  The input terminal 2 is an information device having a wired or wireless LAN communication function. The input terminal 2 is a touch panel smart device such as a tablet terminal or a smartphone. The input terminal 2 may be a personal computer, a game machine, a smart glass, or the like. The input terminal 2 is installed with a keyboard application that displays a software keyboard, inputs characters, and transmits the input characters to the access relay device 1.

  The access terminal 3 is an information device having a wired or wireless LAN communication function, and includes a web browser and is capable of web access. The access terminal 3 is a personal computer, for example. The access terminal 3 may be a tablet terminal, a smartphone, a home appliance such as a television receiver equipped with a Web browser function, a game machine, a smart glass, or the like.

  The Web server 4 is a computer that provides various services such as Internet banking and electronic commerce to users of Web clients such as the access terminal 3. In providing the service, the Web server 4 requests the Web client to input necessary data using an input form or the like. The Web server 4 is, for example, an Internet banking Web server that provides a transaction using an account to a user who is authenticated by an input password or the like. In response to a request from the Web client, the Web server 4 sends back a content represented by an HTML (Hyper Text Markup Language) document or the like, and interacts with the user of the Web client. In FIG. 2, only one Web server 4 is shown, but a large number of Web servers 4 that provide various services are connected to the Internet N.

  The L2 relay device R is a computer that has a function of relaying a MAC frame between the access relay device 1 and the VPN service adapter 5 and provides a VPN connection service in the data link layer. This VPN is also called L2VPN (Layer 2 VPN). The L2 relay device R is installed in a data center or the like. Details of the relay in the L2 relay device R will be described later.

  The VPN service adapter 5 is a communication device installed in the local network L. The VPN service adapter 5 has a function of establishing a frame transmission path for transmitting a MAC frame with the L2 relay apparatus R, that is, a data link layer tunnel. The frame transmission path is an example of a “transmission path” and will be described in detail later. Further, the VPN service adapter 5 has a function of relaying a MAC frame between the established frame transmission path and the local network L. Such a communication function of the VPN service adapter 5 enables the access relay device 1 to make a VPN connection to the local network L via the L2 relay device R. A unique service adapter ID is assigned to the VPN service adapter 5. Instead of the VPN service adapter 5, a general purpose computer connected to the local network L may provide such a communication function.

  The router 6 is connected to the local network L and has a gateway function for connecting the local network L and the Internet N. The router 6 is a broadband router, for example. The router 6 of the present embodiment also has a function as a wireless LAN access point. A terminal having a wireless LAN communication function can be connected to the local network L via the router 6.

  The Internet N is a global public packet communication network, and connects the access relay device 1, the Web server 4, the L2 relay device R, and each local network L. Instead of the Internet N, a WAN (Wide Area Network) or other packet communication network may be employed.

  The facility F is a facility in which a local network L is installed and provides a network environment to the access terminal 3 and the like. The facility F of the present embodiment is, for example, various facilities such as a house having a home network, a residence such as a condominium, an office where a LAN is set, and a store.

  The local network L is an Ethernet (registered trademark) network installed in the facility F. The local network L may be a wireless communication network.

<Hardware configuration>
FIG. 3 is a diagram illustrating a hardware configuration of each device according to the present embodiment. FIG. 3 shows a hardware configuration of the access relay apparatus 1, the input terminal 2, and the L2 relay apparatus R.

The access relay device 1 is connected to a CPU (Central Processing Unit) 11, a RAM (Random Access Memory) 12, a ROM (Read Only Memory) 13, an auxiliary storage device 14 such as a HDD (Hard Disk Drive), and the L2 relay device R. NIC (Network Interface)
Controller 15A and a computer having NIC 15B connected to the Internet N via a gateway or the like. The CPU 11 is a central processing unit, and controls the RAM 12, the auxiliary storage device 14, and the like by processing instructions and data expanded in the RAM 12 and the like. The RAM 12 is a main storage device and is controlled by the CPU 11 to write and read various commands and data. The auxiliary storage device 14 is a non-volatile storage device and stores various programs, data required to be permanently stored, and the like. In FIG. 3, the access relay device 1 is exemplified by one computer, but the access relay device 1 may be a plurality of computers connected via a network, for example.

  The input terminal 2 includes a CPU 21, a RAM 22, a ROM 23, a nonvolatile storage device 24 such as an SSD (Solid State Drive), a NIC 25 connected to the local network L wirelessly or by wire, an operation unit 26 such as a touch panel, and a display. The computer includes a display unit 27. A unique MAC (Media Access Control) address is assigned to the NIC 25, and a MAC frame to which the MAC address is added is transmitted from the NIC 25.

  The access terminal 3 is a computer including a CPU 31, a RAM 32, a ROM 33, a nonvolatile storage device 34, a NIC 35 connected to the local network L, an operation unit 36 such as a keyboard and a mouse, and a display unit 37 such as a display. . A unique MAC address is assigned to the NIC 35, and a MAC frame to which the MAC address is added is transmitted from the NIC 35.

  The L2 relay device R is a computer including a CPU R1, a RAM R2, a ROM R3, an auxiliary storage device R4, a NIC R5A, a NIC R5B, and the like. The NICR 5A is connected to the access relay device 1, and the NICR 5B is connected to the Internet N via a gateway or the like.

<VPN network>
FIG. 4 is a diagram illustrating a logical network configuration between the access relay device 1 and the terminal in the present embodiment. In the present embodiment, SDN (Software Defined)
A logical network is constructed using Networking technology. FIG. 4 shows a network configuration related to the local network L1 installed in the facility F1 and the local network L2 installed in the facility F2. Each of the local networks L1 and L2 is an independent network. The local networks L1 and L2 are identified by the service adapter IDs of the VPN service adapters 5A and 5B installed in the local networks L1 and L2, respectively. An input terminal 2, an access terminal 3, and an access relay device 1 are connected to each of the local networks L1 and L2. In FIG. 4, connections are shown by connections, but these connections are logical and do not necessarily indicate connections by physical communication lines or the like.

  The access relay apparatus 1 is logically connected to the local networks L1 and L2 via the frame transmission paths T1 and T2, and is connected to the local networks L1 and L2. A connection between the access relay apparatus 1 and the local networks L1 and L2 will be described.

  A virtual network adapter is constructed in the access relay device 1. In FIG. 4, the virtual network adapters are shown as virtual network adapters V1 and V2. The virtual network adapter is a network driver that simulates an Ethernet (registered trademark) NIC on the OS of the access relay apparatus 1. The virtual network adapter communicates with the L2 relay apparatus R via the NIC 15A as a physical interface, and establishes a frame transmission path for transmitting a MAC frame with the L2 relay apparatus R by tunneling of a predetermined protocol. In FIG. 4, frame transmission paths established with the L2 relay apparatus R are indicated as frame transmission paths T1A and T2A. These frame transmission paths are tunnels that encapsulate MAC frames by IP (Internet Protocol), which is a network layer protocol higher than the data link layer. The frame transmission paths T1A and T2A are realized by, for example, GRE (Generic Routing Encapsulation) [RFC1701].

  The virtual network adapters V1 and V2 of the access relay device 1 are generated by a program installed in the access relay device 1 and installed in the OS. When the access relay apparatus 1 provides an access relay function to a terminal of a new facility F, a new virtual network adapter for connecting to the local network L of the facility F is generated. Therefore, the access relay device 1 can be connected to the local network L of the new facility F without requiring a new physical NIC.

  Similarly, a virtual network adapter that simulates the NIC is also constructed in the L2 relay apparatus R. Each of the virtual network adapters VR1A and VR2A communicates with the access relay device 1 via the NIC R5A as a physical interface, and communicates the frame transmission paths T1A and T2A with the virtual network adapters V1 and V2 of the access relay device 1 respectively. Establish with.

Each of the virtual network adapters VR1B and VR3B communicates with the VPN service adapters 5A and 5B of the facilities F1 and F2 through the NIC R5B and through the Internet N to establish the frame transmission paths T1B and T2B, respectively. . Similarly to the frame transmission paths T1A and T2A, the frame transmission paths T1B and T2B are tunnels that encapsulate MAC frames by IP, and are transmission paths that encrypt communication data. The frame transmission paths T1B and T2B are, for example, L2TP (Layer 2 Tunneling).
Protocol) / IPsec [RFC3193] and tunneling by IPsec and EtherIP [RFC3378].

  The L2 relay apparatus R connects the frame transmission paths T1A and T2A established with the access relay apparatus 1 and the frame transmission paths T1B and T2B established between the VPN service adapters 5A and 5B. A virtual bridge that relays MAC frames is constructed. In FIG. 4, the L2 relay apparatus R relays the MAC frame between the frame transmission paths T1A and T1B and between the frame transmission paths T2A and T2B. The L2 relay apparatus R performs such relay according to the setting. Such MAC frame relay is realized by, for example, path control by the OpenFlow technology using the virtual network adapters VR1A, VR2A, VR1B, and VR2B as ports.

  Each of the VPN service adapters 5A and 5B establishes frame transmission paths T1B and T2B with the L2 relay apparatus R, and relays MAC frames between the frame transmission paths T1B and T2B and the local networks L1 and L2, respectively. To do.

  With such a mechanism, the MAC frame is transmitted between the access relay apparatus 1 and the local network L (L1, L2) via the L2 relay apparatus R, the Internet N, and the VPN service adapter 5 (5A, 5B). Frame transmission paths T1 and T2 to be constructed are logically constructed. Then, an L2VPN that allows the access relay apparatus 1 to behave like a communication node directly connected to the local networks L1 and L2 is constructed by the frame transmission paths T1 and T2. Note that each L2VPN constructed is independent of each other and can communicate without mixing data.

  In such a network configuration of this embodiment, a logical frame transmission path that does not depend on a physically laid line between the access relay apparatus 1 and the local network L is established via the Internet N. The Therefore, it is possible to easily and quickly construct an L2VPN environment that connects the local network L installed in the facility F at various locations and the access relay device 1. Further, by using the L2VPN environment constructed in this way, the access relay device 1 has a Web access relay function for the input terminal 2 and the access terminal 3 connected to the local network L of each facility F. Can be provided simply and quickly.

  In this embodiment, the L2VPN is constructed via the L2 relay device R, but the L2VPN may be constructed without going through the L2 relay device R. Further, the access relay device 1 may communicate with the input terminal 2 and the access terminal 3 by encrypted communication or the like without using VPN.

<Functional configuration>
FIG. 5 is a diagram illustrating a main functional configuration of the access relay apparatus 1 according to this embodiment. The access relay apparatus 1 is configured such that programs such as the input relay program IR and the virtual browser VB stored in the auxiliary storage device 14 are read into the RAM 12 and executed by the CPU 11, whereby the management database D 11, the access relay start unit It functions as a computer including F11, an association unit F12, an image transmission unit F13, an input data transmission unit F14, and a transmission path establishment unit F15. The access relay start unit F11, the association unit F12, the image transmission unit F13, the input data transmission unit F14, and the transmission path establishment unit F15 are respectively referred to as “access relay start unit”, “association unit”, “image transmission unit”, “ It is an example of “input data transmission means” and “transmission path establishment means”.

  In the present embodiment, each function provided in the access relay device 1 is executed by the CPU 11 which is a general-purpose processor. However, some or all of these functions are performed by one or more dedicated processors and hardware arithmetic circuits. Or the like. Here, the hardware arithmetic circuit refers to, for example, an adder circuit, a multiplier circuit, a flip-flop, etc. combined with logic gates. Some or all of these functions may be executed by a separate computer.

  The management database D11 is a database that stores various types of information regarding access relay. The management database D11 is constructed by managing a data stored in the auxiliary storage device 14 by a database management system (DBMS) program executed by the CPU 11. The management database D11 is, for example, a relational database. The management database D11 includes a terminal management table, a pair management table, a domain management table, and an access management table. The management database D11 may be constructed in a database server different from the access relay device 1, and the access relay device 1 may access the database server via a network.

  FIG. 6 is a diagram illustrating a terminal management table. One record stored in the terminal management table indicates information of one terminal used for access, and represents the access terminal 3 or the input terminal 2. As shown in the example of FIG. 6, the record of the terminal management table includes fields for a service adapter ID (SS-ID), a device identifier (NIC), and a device name (LABEL). The service adapter ID represents the local network L to which the terminal is connected, and takes the value of the service adapter ID that identifies the VPN service adapter 5 installed in the local network L. The device identifier represents identification information for identifying a terminal, and takes a value of a MAC address unique to the NIC of the terminal. The name of the device is the name of the terminal set for management, and takes the value of the name indicating the type of terminal. In this embodiment, a MAC address is used as the device identifier, and the access terminal 3 and the input terminal 2 are identified by the MAC address. As another example, instead of a MAC address, identification information uniquely assigned to a terminal or logically assigned identification information such as an IP address may be used.

FIG. 7 is a diagram illustrating a pair management table. One record stored in the pair management table indicates one pairing information indicating one pair of the access terminal 3 and the input terminal 2 associated by the pairing process. A record stored in the pair management table is added when a new pair is established. As shown in FIG. 7, the record in the pair management table includes a service adapter ID (SS-ID), an access terminal device identifier (PAIR1), an input terminal device identifier (PAIR2), a pairing number (PAIRNO), a status ( STATUS) and creation date and time (CREATE) fields. The service adapter ID represents the local network L to which a terminal to be paired is connected. The device identifier of the access terminal is a device identifier for identifying the access terminal 3 to be paired, and takes a MAC address value unique to the access terminal 3. The device identifier of the input terminal is a device identifier for identifying the input terminal 2 to be paired, and takes a MAC address value unique to the input terminal 2. The device identifier of the access terminal 3 and the device identifier of the input terminal 2 take the value of the device identifier in any record stored in the terminal management table. The pairing number represents a number for identifying pairing information, and takes a unique value that does not overlap in the pair management table. The status indicates whether or not the association is maintained for the established pair, and takes a value of “Connect” (with association) or “Disconnect” (without association). The creation date represents the date when the pair was established. The records in the pair management table are managed so that the status value becomes “Disconnect” when the pair of the associated access terminal 3 and input terminal 2 is released.

  FIG. 8 is a diagram illustrating a domain management table. The record stored in the domain management table indicates domain information regarding the domain of the Web server 4 permitted as an access destination. In this embodiment, the records of the domain management table are registered in advance by the administrator of the access relay device 1 and the like, and the Web servers 4 that can be accessed among the Web servers 4 on the Internet N are limited. It has become a thing. As shown in FIG. 8, the pair management table has fields of domain ID (DOMAIN ID), domain name (DOMAIN), policy (POLICY), and site name (NAME). The domain ID is identification information for identifying domain information and takes a unique value that does not overlap in the domain management table. The domain name represents a domain name permitted as an access destination. The policy represents a permission determination policy for access to the domain. The policy permits, for example, “strict” indicating that access to a domain that completely matches the value of the domain name field, or access to a domain (subdomain, etc.) that backwardly matches the value of the domain name field. It takes a value such as “relax”. The site name represents the name of a Web site that is allowed to be accessed.

  FIG. 9 is a diagram illustrating an access management table. The record stored in the access management table indicates access management information for managing the state of access from a specific access terminal 3. As shown in FIG. 9, the record stored in the access management table includes a service adapter ID (SS-ID), a device identifier (NIC), a connection status (STATUS), a domain ID (DOMAINID), and a connection start date / time (DATE). ) Field. The service adapter ID represents the local network L to which the access terminal 3 that is the access request source is connected. The device identifier represents identification information for identifying the access terminal 3 that is an access request source, and takes a MAC address value unique to the access terminal 3. The device identifier takes the value of the device identifier in any record stored in the terminal management table. The connection status indicates whether or not there is a logical connection relationship between the access terminal 3 that is the access request source and the Web server 4 that is the access destination, which is realized by the access relay of the access relay device 1, and “Connect” (with connection) Alternatively, the value is “Disconnect” (no connection). The domain ID represents an access destination domain and takes the value of the domain ID in any of the records stored in the domain management table. The connection start date and time represents the date and time when access relay was started.

  FIG. 10 is a diagram illustrating an access history table. One record stored in the access history table indicates one piece of access history information representing a history of Web access performed via the access relay device 1. As shown in FIG. 10, the records stored in the access history table include a service adapter ID (SS-ID), an access date / time (DATE), a domain ID (DOMAINID), an access destination (URL), and a device identifier ( PAIR1) and a device identifier (PAIR2) field of the input terminal. The service adapter ID represents the local network L to which the access terminal 3 that is the access request source is connected. The access date and time represents the date and time when Web access was performed. The domain ID represents the access destination domain, and takes the value of the domain ID of any record stored in the domain management table. The access destination takes the value of the URL requested in Web access. The device identifier of the access terminal is a device identifier for identifying the access terminal 3 that is the access source, and takes the value of the MAC address unique to the access terminal 3. The device identifier of the input terminal is a device identifier for identifying the input terminal 2 that is an input source of input data in Web access, and takes a MAC address value unique to the input terminal 2.

An overview of functions of the access relay start unit F11, the association unit F12, the image transmission unit F13, the input data transmission unit F14, and the transmission path establishment unit F15 will be described in order. Details of processing for realizing each function will be described in the processing flow described later.

  The access relay start unit F <b> 11 starts access to the Web server 4 when an access request to the Web server 4 is received from the access terminal 3. Further, when the relay start is started, the access relay start unit F11 determines a pairing number associated with the access terminal 3, and transmits the image data representing the determined pairing number to the access terminal 3 for display. The pairing number is not limited to the image data format and may be transmitted in the text data format. Further, the pairing number is not limited to the access terminal 3, and may be transmitted to a terminal registered in advance by the user of the access terminal 3 or the input terminal 2 as a predetermined notification destination corresponding to the access terminal 3. The pairing number is not limited to the access terminal 3 and may be transmitted in the form of an e-mail to a mail address registered in advance by the user of the access terminal 3.

  When the associating unit F12 receives a pairing request including the pairing number from the input terminal 2, the associating unit F12 executes a pairing process for associating the access terminal 3 and the input terminal 2 based on the pairing number.

  Based on the response message acquired by accessing the Web server 4, the image transmission unit F <b> 13 generates image data of a browsing screen representing the content provided by the Web server 4 and transmits it to the access terminal 3 that requested the access request. To do. The browsing screen includes display of the input field of the input form included in the response message in addition to the display of the content.

  The input data transmission unit F14 transmits input data to the Web server 4 when receiving an input request including input data for the input form from the input terminal 2 paired with the access terminal 3.

  The transmission path establishment unit F15 establishes a frame transmission path for transmitting the MAC frame transmitted on the local network L to the access relay apparatus 1 via the Internet N by IP communication. Specifically, the transmission path establishment unit F15 logically connects the virtual network adapter of the access relay device 1 and the local network L via the L2 relay device R, the Internet N, and the VPN service adapter 5. Establish a road. The frame transmission path established here is T1, T2, etc. in FIG. When the virtual network adapter has not been generated, the transmission path establishment unit F15 establishes a frame transmission path after newly generating a virtual network adapter. An L2VPN is constructed by the transmission path establishment unit F15, and the access relay apparatus 1 can behave like a communication node directly connected to the local network L.

<Process flow>
Details of the main processing flow of the communication system of this embodiment will be described. Note that the contents and order of the processes to be described are examples, and it is preferable to appropriately adopt the contents and order of the processes that are suitable for the embodiment.

(Construction of L2VPN)
As a premise that access relay by the access relay device 1 is performed, the frame transmission path as described above is established between the VPN service adapter 5 installed in the local network L and the access relay device 1, and the L2VPN is constructed. Is done. The frame transmission paths established here are, for example, the frame transmission paths T1 and T2 described in FIG. The transmission path establishment unit F15 of the access relay apparatus 1 becomes a target when the administrator of the access relay apparatus 1 makes a setting to start providing access relay to a specific local network L. A frame transmission path is established with the VPN service adapter 5 of the local network L. The setting that becomes an opportunity is made, for example, in response to an application for a relay service from the user to the local network L.

(Access start)
FIG. 11 is a sequence diagram illustrating the flow of access relay start processing to the Web server 4. This processing flow is, for example, that an operation for a web browser activated on the access terminal 3 to access the web server 4 on the Internet N via the access relay device 1 is received from the user via the operation unit 26. It starts when this happens. The operation is, for example, an operation of pressing a link arranged on a menu page for using the access relay device 1. The link is, for example, a link to a URL (Uniform Resource Locator) including a domain name that identifies the access relay device 1, and a query character string indicating an access request to a specific Web server 4 is included in the link destination URL Is added.

  In step S <b> 101, the access terminal 3 makes an access request to the Web server 4. Specifically, the access terminal 3 transmits an HTTP (Hypertext Transfer Protocol) request message addressed to the access relay device 1 as a message representing an access request via the local network L. In the request message, a URL to which a query character string indicating an access request to the Web server 4 is added is specified. The destination IP address of the IP packet carrying the request message is set to the private IP address of the virtual network adapter (V1, V2, etc. in FIG. 4) of the access relay apparatus 1. In addition, a MAC address unique to the NIC 35 is set as the source MAC address of the MAC frame transmitted from the NIC 35 of the access terminal 3 and carrying the IP packet.

  The MAC frame carrying the request message transmitted from the access terminal 3 reaches the access relay device 1 through the frame transmission path described in FIG. The MAC frame physically reaches the access relay apparatus 1 via the VPN service adapter 5, the router 6, and the Internet N.

  The access relay start unit F11 of the access relay apparatus 1 receives an access request from the access terminal 3 in the MAC frame format. The access relay start unit F11 of the access relay apparatus 1 refers to the source MAC address of the MAC frame, identifies the source access terminal 3, and processes of the virtual browser VB corresponding to the source access terminal 3 Start up. Here, the virtual browser VB is activated by specifying the service adapter ID associated with the virtual network adapter used for receiving the MAC frame and the transmission source MAC address as the device identifier. The activated virtual browser VB is connected to the local network identified by the designated service adapter ID, and manages Web access using one access terminal 3 identified by the designated MAC address as an access source. The activated virtual browser VB receives the received access request.

  In steps S <b> 102 to S <b> 104, the access relay start unit F <b> 11 of the access relay device 1 starts access relay to the Web server 4. Steps S102 to S104 are an example of an “access relay start step”.

In step S102, the start of access relay is recorded in the management database D11. First, the virtual browser VB refers to the domain management table and confirms that the access destination Web server 4 of the received access request matches any of the domain information stored in the domain management table of the management database D11. . If the access destination of the access request does not match any of the domain information stored in the domain management table, access relay is not started.

  Next, the virtual browser VB registers a record indicating access management information for managing the state of access from the access terminal 3 that is the access source in the access management table of the management database D11. In the registered access management information record, the domain ID is the domain ID indicating the access destination Web server 4 set by the access request, the connection status is “Connect” indicating that the connection is present, and the connection start date and time is This is the date and time when the registration process was performed.

  In step S103, the virtual browser VB transmits an HTTP request message to the Web server 4 in accordance with the access request. Here, for example, a request message for requesting the login page of the Web server 4 is transmitted. The virtual browser VB transmits a request message to the Web server 4 via the Internet N using the NIC 15B. The virtual browser VB waits for reception of a response message after the transmission. Note that if the access request requires an HTTPS (HTTP Secure) protocol, the virtual browser VB may establish an SSL (Secure Sockets Layer) session and send a request message using the established session. Good.

  In step S104, the Web server 4 receives and processes the request message. Specifically, the Web server 4 generates a response message corresponding to the request message and transmits it to the access relay device 1 via the Internet N. The virtual browser VB of the access relay device 1 that has been waiting to receive a response message receives the response message.

  In step S <b> 105, the image transmission unit F <b> 13 of the access relay device 1 generates image data of a browsing screen for browsing Web content provided by the Web server 4 and transmits the image data to the access terminal 3. Specifically, first, the virtual browser VB performs parsing and the like based on the HTML document included in the response message received from the Web server 4, renders the content, and converts the bitmap image data on the browsing screen. Generate. The browsing screen represented by the generated image data includes display of content provided by the Web server 4. In addition, when an input form is included in an HTML document, the browsing screen also displays form parts such as an input field for input data in the input form and a send button for transmitting input data input to the input field. included. The input column represents items of input data that the Web server 4 waits for input. For example, the browsing screen includes a display of user ID and password input fields, and represents a login page for use by the Web server 4 to transmit data for authenticating the user. The browsing screen may be generated as raster format image data.

  Next, the virtual browser VB transmits the generated image data of the browsing screen to the access terminal 3. More specifically, the virtual browser VB transmits a browsing script for displaying a browsing screen and image data of the browsing screen as a response message to the request message transmitted as a message indicating an access request in step S101. In the Web browser of the access terminal 3, the received browsing script is executed, and a browsing screen is displayed on the display unit 37. Note that the browsing script is implemented by, for example, JavaScript (registered trademark). In addition, the browsing script, for example, establishes a connection of WebSocket [RFC 6455] with the access relay apparatus 1 and operates so as to receive various data transmitted from the access relay apparatus 1 such as browsing screen update data. . The browsing script may receive various data transmitted from the access relay device 1 using long polling or the like instead of WebSocket.

  In steps S <b> 106 to S <b> 108, the access relay start unit F <b> 11 of the access relay apparatus 1 determines a pairing number used for pairing between the access terminal 3 and the input terminal 2 and notifies the user of the access terminal 3. In the present embodiment, the pairing number is displayed on the browsing screen.

  First, in step S106, the virtual browser VB activates the process of the input relay program IR. The input relay program IR activated here plays a role of relaying input data with the virtual browser VB as the input source as an input destination. In the input relay program IR, the input source of input data is undecided immediately after starting. The started input relay program IR determines the pairing number and holds it. The pairing number determined here is a unique number that does not overlap with the pairing number held by another process of the input relay program IR that is activated in the access relay apparatus 1. For example, a random number or the like is used. The value is difficult to guess.

  Next, in step S107, the input relay program IR started in step S106 notifies the determined pairing number to the starting virtual browser VB.

  Next, in step S108, the virtual browser VB generates image data representing the notified pairing number and transmits it to the access terminal 3. In the access terminal 3, the browsing script receives the image data representing the pairing number, and displays a message and a pairing number for prompting an operation for starting the pairing for associating the access terminal 3 and the input terminal 2 with the display unit. The image is displayed on the browsing screen displayed at 37. By this display, the user of the access terminal 3 knows the pairing number and starts an operation for pairing using the input terminal 2 that desires to pair with the access terminal 3.

  In the present embodiment, the pairing number is notified to the display unit 37 of the access terminal 3 (the display unit 37 of the access terminal 3 is an example of “predetermined notification destination”). The access relay apparatus 1 may notify the pairing number by transmitting an e-mail including the pairing number in the text to the mail address of the user of the access terminal 3 registered in advance. Further, the access relay apparatus 1 may notify the pairing number by using a push notification technique that delivers data to a terminal application program such as GCM (Google (registered trademark) Cloud Messaging). In this case, the pairing number may be notified to a pre-registered terminal for the user of the access terminal 3, and the keyboard application may be activated to receive the pairing number at the notified terminal.

(Pairing)
FIG. 12 is a sequence diagram illustrating the flow of the pairing process. The flow of this process starts after the step S108 in FIG. 11 is received, when the keyboard application started by the input terminal 2 due to a user operation or the like has received a user operation for inputting a pairing number. .

  In step S201, the input terminal 2 transmits a pairing request specifying the input pairing number to the access relay apparatus 1. The pairing request is carried in a MAC frame with the MAC address of the input terminal 2 as the source MAC address, and reaches the access relay device 1 through the frame transmission path (T1 etc.) described in FIG.

In step S202, when the associating unit F12 of the access relay apparatus 1 receives the pairing request, it executes pairing processing. First, the associating unit F12 extracts the process of the input relay program IR that holds the pairing number that matches the pairing number included in the pairing request from the processes executed in the access relay apparatus 1. The extracted input relay program IR executes pairing processing. At this time, the source MAC address of the MAC frame carrying the pairing request is treated as a device identifier for identifying the input terminal 2 that is the source of the pairing request, and a service associated with the frame transmission path that has received the pairing request The adapter ID is handled as a value for identifying the local network L of the request source. In addition, when the process of the input relay program IR holding the pairing number that matches the pairing number of the pairing request is not executed in the access relay device 1, the pairing process is not executed and the pairing is not established. Become.

  The input relay program IR only performs the pairing process when it is determined that the input terminal 2 that has requested the pairing request and the access terminal 3 that is to be paired are connected to the same local network L. Execute. This determination is made based on the service adapter ID that identifies the local network L that is the source of the pairing request. This determination may be made based on the difference between the virtual network adapter that has received the pairing request and the virtual network adapter that has received the access request in step S101 of FIG. In such a pairing process, only the input terminal 2 and the access terminal 3 connected to the same local network L are paired, so that a terminal outside a regular user's house is a regular user. It is possible to suppress pairing against the intention. Further, the input relay program IR performs pairing between the access terminal 3 and the input terminal 2 that the received pairing request has paired in the past under a specific condition (for example, when a specific setting is made by the user). The pairing process may be executed only when it is determined that the request is made. Specifically, in the input relay program IR, whether or not a pairing information record indicating a pair of the access terminal 3 and the input terminal 2 that is the target of the pairing request is stored in the pair management table of the input management database D11. The determination is made based on the above. By doing in this way, pairing processing is executed only for the pair of the access terminal 3 and the input terminal 2 that have a history of pairing, so pairing using a terminal that is not known to a legitimate user is processed. Can be suppressed.

  In the pairing process, the input relay program IR indicates that the pairing request source input terminal 2 has been paired with the access destination access terminal 3 of the virtual browser VB that is the input destination. Are registered in the pair management table of the management database D11. In the record to be registered, the service adapter ID is a service adapter ID that identifies the local network L to which the access terminal 3 that is the access source is connected, and the access terminal identifier is the access source device identifier in the input virtual browser VB. The device identifier of the input terminal is the device identifier of the input terminal 2 that requested the pairing request, and the pairing number is the pairing number held by the input relay program IR. Here, when a record that is a registration target and has a status of “Disconnect” is already stored in the pair management table, the status of the record is updated from “Disconnect” to “Connect”. On the other hand, when the record to be registered is not stored in the pair management table, a new record to be registered whose status is “Connect” is added. By registering the record, the input terminal 2 that is the input source of the input relay program IR is confirmed. Step S201 is an example of an “association step”.

In step S203, the access relay apparatus 1 notifies the input terminal 2 of information indicating the success of pairing. When the input terminal 2 receives the notification, the keyboard application is displayed on the screen of the software keyboard on the display unit 27, and transitions to a state in which a key input operation can be accepted. A plurality of GUI (Graphical User Interface) parts representing character keys for designating characters are arranged on the software keyboard. The array is, for example, an array of QWERTY or flick input. Each character key is obtained by marking the name of a character in a graphic indicating the shape of the key. On the software keyboard, character keys for designating control characters such as “tab” are also arranged.

(Data input)
FIG. 13 is a sequence diagram illustrating the flow of access processing to the server with data input. This processing flow starts when the keyboard application of the input terminal 2 receives a key input operation such as tapping a character key after displaying the software keyboard screen in step S203 of FIG. 12 from the user. .

  In step S <b> 301, the keyboard application of the input terminal 2 transmits the input character data designated by the tapped character key to the access relay device 1. Here, the input character data is, for example, data that is required to be kept secret from a third party such as a password, a credit card number, personal information, and bank transfer information. In this embodiment, when a control character such as a “tab” character, which means a change in the input field on the browsing screen, is input, data is stored in units of character strings obtained by concatenating the accumulated input characters in the specified order. Sent. Here, for example, character string data in which “tab” is connected to each character constituting the user ID in the login page is transmitted. Note that data may be transmitted in character units.

  The input character data is carried in a MAC frame with the MAC address of the input terminal 2 as the source MAC address, and reaches the access relay device 1 through the frame transmission path (T1 etc.) described in FIG. When the input data transmission unit F14 of the access relay apparatus 1 receives the input character data, the input data transmission unit F14 identifies the transmission source input terminal 2 by the transmission source MAC address of the MAC frame carrying the data, and the transmission source input terminal 2 The process of the input relay program IR that relays the input data is extracted. The access relay apparatus 1 delivers the input character data to the extracted process of the input relay program IR.

  In step S302, the input relay program IR inputs the received input character data to the input destination virtual browser VB. On the other hand, the virtual browser VB sets the character string of the input character in the form part in the input field of the browsing screen in accordance with the input character data. When the browsing screen has a plurality of input fields, a character string is set for one input field selected as an input target among the plurality of input fields. When the control character such as “tab” is included in the input character data, the selection change of the input field to be input is processed according to the control character. In step S302 in the sequence of FIG. 13, it is assumed that the input character data does not include a control character indicating completion of input, and input is not completed.

  In step S <b> 303, the image transmission unit F <b> 13 of the access relay device 1 updates the browsing screen and transmits the updated browsing screen image data to the access terminal 3. Specifically, first, the virtual browser VB renders the GUI part in the input field in which the character string of the input character is set in step S302, and generates the updated browsing screen image data. At this time, a substitute character for hiding the content of the input character such as “*” is written in the password input field of the browsing screen. Next, the virtual browser VB transmits the updated browsing screen image data to the access terminal 3. On the other hand, in the access terminal 3, the browsing script receives the updated image data of the browsing screen and displays it on the display unit 37. The user can continue the key input operation while referring to the updated browsing screen.

FIG. 14 is a screen diagram illustrating a browsing screen in which data is input in the input field. FIG. 14 shows a state in which a character string of an input character is input to each of a user ID input field and a password input field on a browsing screen for browsing a login page that requires input of a user ID and password pair. Show. (A) shows a state in which only a character string of a user ID is inputted, and (B) shows a state in which a character string of a user ID and a password is inputted. For example, when the input terminal 2 performs a key input operation of a character indicating the value of the user ID and “Tab”, the access terminal 3 displays an updated browsing screen as shown in FIG. Further, when the input terminal 2 performs a key input operation of a character indicating a password value and a “Tab”, the access terminal 3 displays an updated browsing screen as shown in FIG.

  Here, it is assumed that the keyboard application of the input terminal 2 receives a key input operation of a character key indicating completion of input, such as a control character “Enter”, from the user. In steps S <b> 304 to S <b> 306, the input data transmission unit F <b> 14 of the access relay device 1 transmits the input data in the input field input from the input terminal 2 to the Web server 4.

  In step S <b> 304, the keyboard application of the input terminal 2 transmits input character data indicating input completion to the access relay device 1. When receiving the input character data, the input data transmission unit F14 of the access relay apparatus 1 delivers the input character data indicating completion of input to the process of the input relay program IR that relays the input data, as in step S301.

  In step S305, the process of the input relay program IR inputs input character data indicating input completion to the input destination virtual browser VB.

  In step S306, the virtual browser VB generates a request message in which the character string set in the input field of the browsing screen is set as the value of the input item of the input form, and transmits the request message to the Web server 4. The request message is, for example, a POST method request message in which the URL of the input form transmission destination is set. In the body of the request message, a character string of input characters is set as input data delimited for each input item. The input items correspond to the response message input form received in step S104 of FIG.

  In step S307, the Web server 4 receives and processes the request message, and returns a response message to the request message. Specifically, the Web server 4 executes predetermined processing using the input data, generates a response message indicating an execution result, and transmits the response message to the access relay device 1 via the Internet N. For example, when the Web server 4 receives a request message that includes a user ID and a password as input data and specifies a URL for processing login, an authentication process such as password verification using a set of the user ID and password And a response message indicating success or failure of authentication is transmitted to the access relay device 1. The Web server 4 permits provision of a predetermined service when the authentication process is successful. On the other hand, in the access relay device 1, the virtual browser VB that has been waiting to receive a response message receives the response message from the Web server 4.

When the virtual browser VB receives a response message from the Web server 4, the virtual browser VB records access history information representing a Web access history based on the request message transmitted in step S306 and the response message received in step S307. Specifically, the virtual browser VB adds a record representing the access history information to the access history table of the management database DB11. The record added here is a service adapter ID that identifies the local network L to which the access terminal 3 of the access source is connected, the access date and time is the current date and time, and the domain ID is the transmission destination of the request message. This is a value indicating the Web server 4. The record added here is the URL set in the request message transmitted in step S306, the device identifier of the access terminal is the device identifier of the access terminal 3 of the access source, and the device of the input terminal The identifier is the device identifier of the input terminal 2 that is the input source. For example, by providing the access history information recorded by the access relay apparatus 1 to the user, the user can confirm whether or not an unrecognized Web access is being performed via the access relay apparatus 1.

  In step S <b> 308, the image transmission unit F <b> 13 of the access relay apparatus 1 updates the browsing screen so as to display new Web content, and transmits the updated browsing screen image data to the access terminal 3. Specifically, the virtual browser VB renders new content based on the HTML document included in the response message received from the Web server 4 in step S307, and generates image data for the browsing screen. At this time, the data set in the input field of the browsing screen before update is cleared. Next, the virtual browser VB transmits the generated image data of the browsing screen to the access terminal 3. On the other hand, in the access terminal 3, the operating browsing script receives the updated browsing screen image data and displays it on the display unit 37.

<Effect>
In the present embodiment described above, in the access relay apparatus 1, both terminals are paired without requiring the input terminal 2 and the access terminal 3 to communicate directly. Further, the input data from the software keyboard of the input terminal 2 is transmitted to the Web server 4 without passing through the access terminal 3. Therefore, even if the access terminal 3 is infected with malware or the like, a key for the malware or the like to intercept communication of input data that does not pass through the access terminal 3 or to input input data that does not occur in the access terminal 3 Acquiring an event and specifying the input terminal 2 to which input data is input are suppressed. Therefore, it is possible to reduce a risk that input data such as authentication information input from the terminal and transmitted to the Web server 4 is stolen.

  In the present embodiment, a function of relaying input data for Web access is provided to the input terminal 2 and the access terminal 3 connected to the local network L of the facility F in the cloud type via the Internet N. Therefore, it is possible to easily and quickly construct an input environment for input data for Web access with reduced risk of data theft without installing an apparatus for relaying access to each facility F.

  In this embodiment, since the browsing screen is transmitted as image data to the access terminal, malware operating on the access terminal 3 should analyze the content of the accessed Web page and keep it secret such as a password. It can suppress detecting that it is in the situation where information is transmitted and received. Therefore, it is possible to reduce the risk of security attacks based on Web content.

<Modification>
In the present embodiment, the input data is input based on the character key input operation using the software keyboard in the input terminal 2, but various input such as gesture operation using the pointing device, voice input from the microphone, and the like. Input data may be input based on the operation.

DESCRIPTION OF SYMBOLS 1 Access relay apparatus 2 Input terminal 3 Access terminal 4 Web server 5, 5A, 5B VPN service adapter 6 Router D11 Management database F Facility H Residence L, L1, L2 Local network N Internet (communication network)
R L2 relay device U user VB virtual browser IR input relay program

Claims (7)

An access relay device that relays access to a server,
When an access request to the server is received from the first terminal, it starts relaying access to the server, determines password information associated with the first terminal, and responds to the first terminal Access relay starting means for notifying the determined personal identification information to a notification destination determined by
When the association request including the password information is received from the second terminal, when it is determined that the password information included in the association request and the password information associated with the determined first terminal match. Association means for associating one terminal with the second terminal;
An access relay apparatus comprising: input data transmitting means for transmitting the input data to the server when an input request including input data is received from a second terminal associated with the first terminal. The first terminal and the second terminal are connected to a local network installed in a facility,
The local network and the access relay device are connected by a communication network higher than the data link layer,
The access relay device transmits a data link layer frame via the communication network using communication higher than the data link layer, thereby establishing a data link layer transmission path connected to the local network. , Further comprising a transmission path establishment means for establishing via a device installed in the local network,
The associating means associates the first terminal connected to the local network to which the established transmission path is connected with the second terminal.
The access relay apparatus according to claim 1. Image transmission means for generating image data representing a browsing screen including display of content provided by the server based on data acquired by accessing the server, and transmitting the generated image data to the first terminal Further comprising
The access relay apparatus according to claim 1 or 2. The image data generated by the image transmission means is image data of a browsing screen further including display of an input field of input data waiting for input by the server,
When the input data is received from the second terminal, the image transmission means updates the browsing screen so that the input data includes a display entered in the input field, and the updated browsing screen image Sending data to the first terminal;
The access relay apparatus according to claim 3. The input data of the input request received by the input data transmitting means is data indicating characters designated by the operation of the arranged character keys.
The access relay apparatus according to any one of claims 1 to 4. An access relay device that relays access to the server
When an access request to the server is received from the first terminal, it starts relaying access to the server, determines password information associated with the first terminal, and responds to the first terminal An access relay start step of notifying the determined personal identification information to a notification destination determined by:
When the association request including the password information is received from the second terminal, when it is determined that the password information included in the association request and the password information associated with the determined first terminal match. Associating one terminal with the second terminal;
An information processing method for executing an input data transmission step of transmitting the input data to the server when an input request including input data is received from a second terminal associated with the first terminal. To the access relay device that relays access to the server,
When an access request to the server is received from the first terminal, it starts relaying access to the server, determines password information associated with the first terminal, and responds to the first terminal An access relay start step of notifying the determined personal identification information to a notification destination determined by:
When the association request including the password information is received from the second terminal, when it is determined that the password information included in the association request and the password information associated with the determined first terminal match. Associating one terminal with the second terminal;
A program for executing an input data transmission step of transmitting the input data to the server when an input request including input data is received from a second terminal associated with the first terminal.

Images