JP2022148379A - Server device, communication system, and program - Google Patents

Abstract

To allow a user who does not know authentication information for performing access restrictions on administrator information to access the administrator information without letting the user know the authentication information.SOLUTION: An electronic apparatus 30 stores administrator information. The electronic apparatus 30 makes a reply with image information on a screen including the administrator information with the reception of authentication information as a trigger. A terminal device 20A is used by a first user who knows the authentication information. The terminal device 20A is used by a second user different from the first user. A server device 10 communicates with the terminal device 20A to receive, from the terminal device 20A, permission for the second user to access the administrator information and acquire the authentication information. The server device 10 transmits the acquired authentication information to the electronic apparatus 30 to acquire the image information from the electronic apparatus 30 and transmits the acquired image information to a terminal device 20B.SELECTED DRAWING: Figure 1

Description

The present disclosure relates to server devices, communication systems, and programs.

Japanese Patent Application Laid-Open No. 2002-200003 discloses a technique for viewing various information stored in a printer using a web browser of a terminal device connected to a local network to which the printer is connected.

WO2014/106883

Information stored in the printer is broadly classified into information that is accessible by everyone and information that is subject to access restrictions based on authentication information such as a password. Specific examples of information that can be accessed by anyone include basic information such as information indicating the remaining amount of media such as printing paper, information indicating the remaining amount of color materials such as ink or toner, and information indicating the firmware version. is mentioned. Specific examples of information to which access restrictions are imposed by authentication information such as a password include administrator information such as information indicating printer network settings and information indicating security settings. As for the basic information, the user of the terminal device can access it by the technique disclosed in Japanese Patent Laid-Open No. 2002-200313 if he/she knows the identification information that uniquely identifies the printer in the local network. On the other hand, in order to access the administrator information using the technique disclosed in Japanese Patent Application Laid-Open No. 2002-200013, it is necessary to obtain the authentication information from the administrator of the printer. However, providing authentication information to users who were not scheduled to access administrator information poses security problems, such as increasing the risk of leakage of authentication information.

One aspect of the server device of the present disclosure executes the following first acquisition process, second acquisition process, and display control process. In the first acquisition process, by communicating with a first terminal device used by a first user who is permitted to access first information whose access is restricted by authentication using authentication information and who knows the authentication information, the This is a process of accepting permission for the second user to access the first information and acquiring the authentication information. The second acquisition process stores the first information and transmits the first image information corresponding to the address of the image data representing the first image including the first information, triggered by the reception of the authentication information. It is a process of acquiring the first image information from the electronic device by transmitting the authentication information acquired from the first terminal device to the electronic device to be transmitted to the source. Display control processing is processing for displaying the first image on the second terminal device by transmitting the first image information acquired from the electronic device to the second terminal device used by the second user. .

One aspect of the communication system of the present disclosure includes the following electronic equipment, first terminal device, second terminal device, and server device. The electronic device stores first information whose access is restricted by authentication using authentication information, and first image information corresponding to an address of image data representing a first image including the first information whose access is restricted. is sent to the sender of the authentication information with the reception of the authentication information as a trigger. A first terminal device is associated with a first user who is permitted to access said first information and knows said authentication information. The second terminal device is associated with the second user. The server device communicates with the electronic device, the first terminal device, and the second terminal device. The server device then executes the above-described first acquisition process, second acquisition process, and display control process.

One aspect of the program of the present disclosure causes a computer to execute the above-described first acquisition process, second acquisition process, and display control process.

1 is a diagram illustrating an example of a communication system 1 according to an embodiment of the present disclosure; FIG. 2 is a diagram showing a configuration example of a server device 10; FIG. It is a figure which shows an example of a usage start screen. FIG. 4 is a diagram showing an example of an e-mail sent to an administrator; FIG. It is a figure which shows an example of a management screen. 2 is a diagram for explaining processing executed by a processing device 110 of a server device 10 according to a program 132; FIG.

Embodiments of the present disclosure will be described below with reference to the drawings. Various technically preferable limitations are attached to the embodiments described below. However, embodiments of the present disclosure are not limited to the forms described below.

1. First Embodiment FIG. 1 is a diagram showing an example of a communication system 1 according to an embodiment of the present disclosure. The communication system 1 has a server device 10, a terminal device 20A, a terminal device 20B, and an electronic device 30. FIG. As shown in FIG. 1, the terminal device 20A and the electronic device 30 are connected to a local network 40. FIG. The local network 40 is an intranet installed in a company store, factory, or the like.

The electronic device 30 is, for example, a printer. The electronic device 30 forms an image represented by the image data provided from the local network 40 on a medium such as printing paper. Basic information and administrator information are stored in advance in the electronic device 30 . Basic information is information accessible to everyone. Specific examples of the basic information include information indicating the remaining amount of media such as printing paper, information indicating the remaining amount of coloring material such as ink or toner, and information indicating the firmware version. The administrator information is information to which access restrictions are imposed by administrator's identification information and authentication information such as a password. Specific examples of administrator information include information indicating network settings of the electronic device 30 and information indicating security settings.

The terminal device 20A is, for example, a personal computer. The terminal device 20</b>A is used by a user A who is an administrator who manages the electronic device 30 . A web browser and a mail client are pre-installed in the terminal device 20A. User A can access the basic information and administrator information of the electronic device 30 by causing the terminal device 20A to run the web browser and inputting the identification information of the electronic device 30 as information indicating the communication partner into the web browser. can. In this embodiment, access to administrator information refers to viewing administrator information. Similarly, access to basic information means viewing basic information. A specific example of the identification information of the electronic device 30 is an IP (Internet Protocol) address assigned to the electronic device 30 on the local network 40, that is, a local address. Further, user A can receive e-mails sent to his own e-mail address and view the text of the e-mails by causing the terminal device 20A to run the mail client.

When the electronic device 30 detects access to the basic information by an HTTPS (Hypertext Transfer Protocol Secure) request or an MQTT (Message Queuing Telemetry Transport) request, the electronic device 30 generates HTML (HyperText Markup Language) data of a screen including the basic information, Return HTML data to the source of access. Further, when the electronic device 30 detects an access to administrator information by an HTTPS request or an MQTT request, the electronic device 30 determines whether or not the request is accompanied by authentication information. If the request is accompanied by authentication information, that is, if the authentication information is received, the electronic device 30 transmits the HTML data of the screen including administrator information to the access source. If the request is not accompanied by authentication information, the electronic device 30 may reject the access, or request the source of the access to transmit the authentication information.

The local network 40 is connected to the Internet 50 via a relay device such as gateway. In FIG. 1, illustration of a relay device connecting the local network 40 and the Internet 50 is omitted. As shown in FIG. 1, the Internet 50 is connected with a server device 10 and a terminal device 20B. The terminal device 20B is, for example, a personal computer. The terminal device 20B is used by the user B who is not scheduled to access the administrator information of the electronic device 30 . A web browser is pre-installed in the terminal device 20B. Although the terminal device 20B is connected to the Internet 50 in this embodiment, it may be connected to the local network 40 as well.

Conventionally, in order for user B to access the administrator information of the electronic device 30, the terminal device 20B must be connected to the local network 40, the user B must know the identification information of the electronic device 30, and I had to get the authentication information from User A. The server device 10 provides a communication service that enables the user B to access administrator information of the electronic device 30 even if the terminal device 20B is connected to the Internet 50 and the user B does not know the authentication information. It is a device. FIG. 2 is a diagram showing a configuration example of the server device 10. As shown in FIG. As shown in FIG. 2, the server device 10 includes a processing device 110, a communication device 120, and a storage device .

The communication device 120 is connected to the Internet 50 via a communication line such as a LAN (Local Area Network) cable. The communication device 120 is a device that performs data communication with other devices via the Internet 50 . A specific example of the communication device 120 is a NIC (Network Interface Card). In this embodiment, the communication device 120 performs data communication with the terminal device 20B via the Internet 50 . Also, the communication device 120 performs data communication with the terminal device 20A and the electronic device 30 via the Internet 50 and the local network 40 . Communication device 120 receives data transmitted from another device via Internet 50 . The communication device 120 transmits the received data to the processing device 110 . Also, the communication device 120 transmits data given from the processing device 110 to the Internet 50 .

The storage device 130 is a recording medium readable by the processing device 110 . Storage device 130 includes, for example, non-volatile memory and volatile memory. The nonvolatile memory is, for example, ROM (Read Only Memory), EPROM (Erasable Programmable Read Only Memory) or EEPROM (Electrically Erasable Programmable Read Only Memory). Volatile memory is, for example, RAM (Radom Access Memory).

The non-volatile memory of the storage device 130 stores a program 132 that causes the processing device 110 to execute processes emphasizing features of the present disclosure. Programs 132 may also be referred to as "application programs," "application software," or "apps." The program 132 is used by the processor 110 as a work area when executing the program 132 in the volatile memory of the storage device 130 . The volatile memory of the storage device 130 also stores authentication information acquired from the terminal device 20A by the processing device 110 operating according to the program 132 .

The processing device 110 includes a processor such as a CPU (Central Processing Unit), that is, a computer. The processing device 110 may be composed of a single computer, or may be composed of a plurality of computers. When the power of the server device 10 is turned on, the processing device 110 reads the program 132 from the nonvolatile memory to the volatile memory and starts executing the read program 132 . The processing device 110 operating according to the program 132 functions as the first acquisition unit 110a, the second acquisition unit 110b, and the display control unit 110c shown in FIG. That is, the first acquisition unit 110a, the second acquisition unit 110b, and the display control unit 110c in FIG. 2 are software modules realized by operating the processing device 110 according to the program 132. FIG. In FIG. 2, dotted lines indicate that each of the first acquisition unit 110a, the second acquisition unit 110b, and the display control unit 110c is a software module. Functions of the first acquisition unit 110a, the second acquisition unit 110b, and the display control unit 110c are as follows.

The first acquisition unit 110 a waits for reception of a request requesting the start of use of the communication service provided by the server device 10 . Upon receiving the request, the first acquisition unit 110a returns HTML data of a use start screen for accepting an operation for starting use of the communication service to the source of the request. For example, when the user B uses the Web browser of the terminal device 20B to transmit a request for using the communication service to the terminal device 20B, the first acquisition unit 110a transmits the HTML data of the usage start screen to the terminal device 20B. Reply. The terminal device 20B displays the usage start screen by interpreting the HTML data using a web browser.

FIG. 3 is a diagram showing an example of a usage start screen. As shown in FIG. 3, the usage start screen is provided with an input field I01, an input field I02, an input field I03, and a virtual operator B01. In the input field I01, the identification information of the user who applies for permission to access the administrator information is entered. Specific examples of user identification information include a character string representing the name of the user, a character string representing the employee number of the user, and the like. In the input field I02, the identification information of the electronic device storing the administrator information to be accessed is input. An e-mail address of the administrator of the electronic device is entered in the input field I03. The virtual operator B01 is a virtual operator for notifying the administrator of his intention to apply for permission to access the administrator information. For example, the user B enters the identification information of the user B, the identification information of the electronic device 30, and the e-mail address of the user A in the input fields I01, I02, and I03 of the use start screen displayed on the terminal device 20B. Then, by operating the virtual operator B01, it is possible to apply to the user A for permission to access the administrator information of the electronic device 30. FIG.

The first obtaining unit 110a generates a one-time password when an application is received by operating the usage start screen. A one-time password may be generated using existing technology. Although the details will be described later, this one-time password has a valid period. In addition, the first acquisition unit 110a accepts permission or rejection of the application. More specifically, in order to accept permission or rejection of an application, the first acquisition unit 110a sends an e-mail containing the address of the management screen and the content of the application to the e-mail address specified by the applicant. Send. Note that the management screen is a screen for allowing the administrator to perform an operation of permitting or rejecting the application. When permitting the application, the administrator can enter authentication information for accessing the administrator information on the management screen. Also, the address of the management screen refers to the URL (Uniform Resource Locator) of the management screen. FIG. 4 is a diagram showing an example of an e-mail sent from the server device 10 to the administrator. For example, when the user B makes an application requesting permission to access the administrator information of the electronic device 30, the first acquisition unit 110a sends an e-mail containing the content of the application and the URL of the management screen. to User A's e-mail address. User A can receive and view the e-mail using the terminal device 20A. Further, the user A can display the management screen on the terminal device 20A by accessing the above URL using a web browser.

FIG. 5 is a diagram showing an example of a management screen. The management screen is provided with a virtual operator B02, a virtual operator B03, and an input field I04. A virtual operator B02 is a virtual operator for rejecting an application. For example, when rejecting the application from user B, user A presses virtual operator B02. A virtual operator B03 is a virtual operator for permitting an application. For example, to permit the application from user B, user A presses virtual operator B03. The input field I04 is an input field for inputting authentication information. For example, when permitting an application from user B, user A presses virtual operator B03 after inputting the authentication information of electronic device 30 into input field I04. The first acquisition unit 110a acquires input content for the management screen by communicating with the terminal device 20A displaying the management screen. For example, when the user B makes an input permitting the application, the authorization of the application is accepted and the authentication information input to the terminal device 20A is acquired.

If the application is permitted before the validity period of the one-time password elapses, the first acquisition unit 110a associates the acquired authentication information with the one-time password described above, stores the one-time password in the storage device 130, and stores the one-time password in the storage device 130. Send the time password to the applicant. For example, when user A permits user B to access the administrator information of electronic device 30, authentication information for accessing the administrator information is associated with the one-time password and stored in storage device 130. , the one-time password is transmitted to the terminal device 20B. Although the details will be described later, the user B can view the administrator information of the electronic device 30 by sending an HTTPS request accompanied by the one-time password to the server device 10 using the web browser of the terminal device 20B. can be done. It should be noted that if the application is not permitted even after the valid period of the one-time password has passed, or if the application is rejected, the first acquisition unit 110a cancels the acquisition of the authentication information. Further, the first acquisition unit 110a may check whether or not it is possible to log in to the electronic device 30 based on the acquired authentication information, and write the authentication information to the storage device 130 if the login is successful.

Triggered by the reception of the HTTPS request accompanied by the one-time password, the second acquisition unit 110b generates an MQTT request for requesting transmission of administrator information to the electronic device 30 based on the received HTTPS request, The authentication information acquired by the first acquisition unit 110 a is attached and transmitted to the electronic device 30 . Thereby, the second acquisition unit 110b acquires from the electronic device 30 the HTML data representing the management screen including the administrator information.

The display control unit 110c returns the HTML data acquired by the second acquisition unit 110b to the sender of the HTTPS request accompanied by the one-time password. The user B can view the administrator information by displaying the screen indicated by the HTML data on the terminal device 20B using the web browser of the terminal device 20B.

Also, the processing device 110 operating according to the program 132 executes a first acquisition process SA110, a second acquisition process SA120, and a display control process SA130, as shown in FIG. The processing contents of each of the first acquisition process SA110, the second acquisition process SA120, and the display control process SA130 when the user B applies to the user A for permission to access the administrator information of the electronic device 30 are as follows. Street.

In the first acquisition process SA110, the processing device 110 functions as a first acquisition unit 110a. In the first acquisition process SA110, the processing device 110 waits for a request to start using the communication service provided by the server device 10. FIG. When the processing device 110 receives the request REQ1 requesting the start of use of the communication service from the terminal device 20B, the processing device 110 transmits the use start screen HTML data HTM1 to the terminal device 20B. On the terminal device 20B, a use start screen is displayed according to the HTML data HTM1. The user B applies for permission to access the administrator information of the electronic device 30 by performing an input operation on the use start screen. Data INP1 representing the content of this application is transmitted from the terminal device 20B to the server device 10. FIG.

When processing device 110 receives data INP1, processing device 110 generates the above-mentioned one-time password, and sends e-mail MEL1 for conveying to user A the content of user B's application. As described above, the body of the e-mail MEL1 describes the URL of the management screen. User A receives the e-mail MEL1 through the terminal device 20A and reads the text of the e-mail MEL1. Further, user A accesses the URL described in the text of the e-mail MEL1 using a Web browser, thereby causing the terminal device 20A to transmit a request REQ2 requesting transmission of HTML data indicated by the URL. In response to receiving this request REQ2, the processing device 110 transmits HTML data HTM2 of the management screen to the terminal device 20A. The terminal device 20A receives the HTML data HTM2 transmitted from the server device 10, and displays the management screen according to this HTML data HTM2.

In this operation example, user A performs an operation on the management screen to permit user B's application before the valid period of the one-time password elapses. The processing device 110 acquires the data INP2 representing the content of the input to the management screen by communicating with the terminal device 20A displaying the management screen. This data INP2 contains authentication information for accessing the administrator information of the electronic device 30 . In the first acquisition process SA110, the processing device 110 causes the storage device 130 to store the one-time password described above in association with the acquired authentication information, and transmits the one-time password OTP to the terminal device 20B.

In the second acquisition process SA120, the processing device 110 functions as a second acquisition unit 110b. In the second acquisition process SA120, when the HTTPS request REQ3 with the one-time password is received from the terminal device 20B, the processing device 110 retrieves the authentication information stored in the storage device 130 in association with the one-time password. Generate MQTT request REQ4 with Then, the processing device 110 acquires the screen HTML data HTM3 including the administrator information from the electronic device 30 by transmitting the MQTT request REQ4 to the electronic device 30 .

In the display control process SA130, the processing device 110 functions as the display control unit 110c. In the display control process SA130, the processing device 110 returns the HTML data HTM3 acquired in the second acquisition process SA120 to the sender of the HTTPS request REQ3. User B can view the administrator information by causing the terminal device 20B to display the screen indicated by the HTML data HTM3 transmitted from the server device 10. FIG.

As described above, in the present embodiment, the HTTPS request REQ3 accompanied by the one-time password is converted by the server device 10 into the MQTT request REQ4 and transmitted to the electronic device 30, so that the terminal device 20B is connected to the local network 40. It doesn't have to be. Further, in the present embodiment, user B can access the administrator information of the electronic device 30 without providing the user B with the authentication information for accessing the administrator information. Since there is no need to provide user B with authentication information, the risk of authentication information leakage is reduced compared to the case where user B is provided with authentication information. As described above, according to the present embodiment, it is possible to reduce security problems and allow users other than the administrator to access the administrator information whose access is restricted by the authentication information.

2. Modifications The above embodiment can be modified as follows.
(1) The access to the administrator information in the above-described embodiment is for viewing the administrator information, but may be for updating the administrator information. Further, although the electronic device 30 in the above embodiment is a printer, it may be a projector. Also, the information to which access restrictions are imposed by the authentication information is not limited to the administrator information in the printer or projector. For example, the present disclosure may be applied to access to information to which access restrictions are imposed by authentication information among information stored in a database server device that stores various types of information in a company or the like. In short, the electronic device according to the present disclosure stores information for which access is restricted by authentication using authentication information, and HTML data representing an image including information for which access restriction is imposed upon receipt of the authentication information. to the sender of the authentication information.

(2) In the first acquisition process SA110 in the above-described embodiment, the processing device 110 receives the application from the terminal device 20B and waits for a predetermined period of time, that is, until the validity period of the one-time password elapses, before inputting the authentication information. If not, we stopped acquiring authentication information. However, it is not essential to set an expiration date for the one-time password. Further, in the first acquisition process SA110, when the processing device 110 receives the withdrawal of the request from the terminal device 20B after receiving the request for permission to access the administrator information and before receiving the permission, the first acquisition processing SA110 Execution of the acquisition process SA110 may be terminated, that is, acquisition of authentication information may be stopped. According to this aspect, user B can cancel the application for permission to access the administrator information. Further, after receiving the permission to access the administrator information, when the cancellation of the permission is received from the terminal device 20A, the processing device 110 performs the display control processing SA130 on the HTML data acquired from the electronic device 30. You can stop sending to

(3) In the above embodiment, user B applied for permission to access the administrator information of the electronic device 30 by accessing the use start screen of the server device 10 . However, the request for permission to access the administrator information of the electronic device 30 may be made by calling the user A or speaking to the user A. When an application requesting permission to access the administrator information of the electronic device 30 is made by telephone or the like to the user A, the user A accesses the management screen using the web browser of the terminal device 20A, It suffices to enter approval or rejection of the application and enter the authentication information. Also in this aspect, since it is not necessary to inform the user B of the authentication information for accessing the administrator information of the electronic device 30, it is possible to reduce security problems such as leakage of the authentication information.

(4) When user A permits user B to access administrator information, user A may designate a period for which access is permitted. When the period during which the access is permitted is received from the terminal device 20A together with the permission of access to the administrator information, in the display control processing SA130, the processing device 110 performs the first Transmission of image information may be stopped. According to this aspect, user A can designate a period for which access is permitted to user B and permit access to administrator information.

(5) The electronic device 30 may store multiple types of administrator information. When multiple types of administrator information are stored in the electronic device 30, when user A permits user B to access the administrator information, the administrator information to which access is permitted among the multiple administrator information may be specified according to user B's attributes. Specific examples of user B's attributes include, if user B is an employee of a company, the department to which user B belongs and his position. For example, it is assumed that the electronic device 30 is a database server device in a company, and personnel information, accounting information, and sales information in the company are stored in the electronic device 30 as administrator information. In this case, if User B is an employee of the human resources department, User A is allowed access only to personnel information. Note that the range of personnel information that User B can access may differ according to User B's position. Also, if User B is an employee of the accounting department, User A is permitted to access only accounting information. Also, if user B is an employee of the sales department, user A is permitted to access only sales information. In addition, if user B is an executive in charge of the personnel department and the accounting department, user A may allow user B to access personnel information and accounting information. When administrator information for which access is permitted is specified, in display control processing SA130, processing device 110 transmits HTML data representing an image including the specified administrator information to terminal device 20B.

(6) The server device 10 in the above embodiment may be manufactured or sold separately. This is because the communication system of the present disclosure can be constructed by adding the server device 10 of the conventional remote control system. Further, in the above embodiment, the program 132 has already been stored in the storage device 130 . However, program 132 may be manufactured or distributed separately. As a specific distribution method of the program 132, the program 132 is distributed by writing it in a computer-readable recording medium such as a flash ROM (Read Only Memory), or distributed by downloading via an electric communication line such as the Internet. Aspects are conceivable. By operating a general computer according to the program 132 distributed according to these aspects, the computer can be made to function as the server device of the present disclosure. Further, although the first acquisition unit 110a, the second acquisition unit 110b, and the display control unit 110c in the above embodiment are software modules, they may be hardware modules such as ASIC (Application Specific Integrated Circuit).

3. Aspects Grasp from At Least One of Embodiments and Modifications The present disclosure is not limited to the above-described embodiments and modifications, and can be implemented in various manners without departing from the gist thereof. For example, the present disclosure can also be implemented by the following aspects. The technical features in the above embodiments corresponding to the technical features in each aspect described below are used to solve some or all of the problems of the present disclosure, or to achieve some or all of the effects of the present disclosure. To achieve this, it is possible to make suitable substitutions and combinations. Also, if the technical features are not described as essential in this specification, they can be deleted as appropriate.

One aspect of the server device of the present disclosure executes a first acquisition process SA110, a second acquisition process SA120, and a display control process SA130. The first acquisition process SA110 communicates with the first terminal device used by the first user who is permitted to access the first information whose access is restricted by authentication using the authentication information, and who knows the authentication information. It is a process of accepting permission for the second user to access the first information and acquiring the authentication information. The administrator information of the electronic device 30 is an example of first information whose access is restricted by authentication using authentication information. User A is an example of a first user who is authorized to access first information and knows authentication information for accessing administrator information. The terminal device 20A is an example of a first terminal device used by a first user. The second acquisition process is a process of acquiring from electronic device 30 the HTML data representing the first image including the administrator information by transmitting the authentication information acquired in first acquisition processing SA110 to electronic device 30 . HTML data representing a first image including administrator information is an example of first image information in this disclosure. The electronic device 30 is an example of an electronic device that stores first information and transmits first image information representing a first image including the first information to the sender of the authentication information upon receipt of the authentication information. The display control process SA130 is a process of transmitting the first image information acquired from the electronic device 30 to the terminal device 20B used by the user B, thereby causing the terminal device 20B to display the first image. User B is an example of a second user in the present disclosure. The terminal device 20B is an example of a second terminal device in the present disclosure. According to the server device of this aspect, user B can access administrator information to which access restrictions are imposed by the authentication information without informing user B of the authentication information.

In a more preferred embodiment of the server device, the first acquisition process SA110, that is, acquiring the authentication information from the first terminal device, may include the following first process and second process. In the first process, when an application for permission to access the first information is received from the second terminal device, the URL of the HTML data of the management screen prompting the input of the authentication information is sent to the terminal device 20A. is. The image of the management screen is an example of the second image in the present disclosure. The HTML data representing the image of the management screen is an example of the second image information in the present disclosure, and the URL of the HTML data is an example of the address in the present disclosure. The second process is a process of acquiring authentication information input to the first terminal device by communicating with the first terminal device displaying the second image based on the second image information. According to this aspect, it is possible to prompt the first user to input the authentication information, triggered by the reception of the application requesting permission to access the first information.

In another preferred embodiment of the server device, the first acquisition process SA110 may include the following third process. The third process is a process of canceling acquisition of authentication information if authentication information is not entered within a predetermined period of time after receiving an application.

In yet another preferred aspect of the server device, the first acquisition process SA110 may include the following fourth process. The fourth process is a process of canceling the acquisition of the authentication information when the withdrawal of the application is accepted from the second terminal device after the application is accepted and before the permission is accepted. According to this aspect, the second user can cancel the request for permission to access the first information.

In the server apparatus of still another preferred embodiment, the display control process SA130, that is, transmitting the first image information acquired from the electronic device to the second terminal apparatus may include the following fifth process. In the fifth process, when a period for permitting access by the second user is received from the first terminal device together with permission for access to the first information, after the received period elapses, the second terminal device This is processing for stopping transmission of information of one image. According to this aspect, the first user can designate a period for which access is permitted to the second user and permit the access.

In still another preferred aspect, the electronic device may store a plurality of types of first information. The display control process SA130 in this aspect may include the following sixth process. In the sixth process, when the first terminal device designates the first information for permitting access by the second user among the plurality of types of first information, the designated information is permitted to access the first information. This is a process of transmitting the first image information representing the first image including the first information to the second terminal device. According to this aspect, the first user can specify the type of the first information that the second user is permitted to access and permit the access.

In yet another preferred aspect, the display control processing SA130 may include the following seventh processing. A seventh process stops transmission of the obtained first image information to the second terminal device when it is received from the first terminal device that the permission is canceled after receiving permission to access the first information. processing. According to this aspect, after the first user authorizes the second user to access the first information, the authorization can be revoked.

Also, one aspect of the communication system of the present disclosure includes the server device 10 , the terminal device 20A, the terminal device 20B, and the electronic device 30 . The server device 10 executes the above-described first acquisition process SA110, second acquisition process SA120, and display control process SA130. According to the server device of this aspect, user B can access administrator information to which access restrictions are imposed by the authentication information without informing user B of the authentication information.

Also, one aspect of the communication system of the present disclosure causes a computer to execute the above-described first acquisition process SA110, second acquisition process SA120, and display control process SA130. By operating a computer according to the program of this aspect, the computer functions as the server device of the present disclosure. Therefore, according to this aspect as well, user B can access the administrator information to which the access restriction based on the authentication information is imposed without notifying user B of the authentication information.

Reference Signs List 1 communication system 10 server device 20A, 20B terminal device 30 electronic device 40 local network 50 Internet 110 processing device 110a first acquisition unit 110b second acquisition unit 110c...Display control unit, 120...Communication device, 130...Storage device.

Claims (9)

By communicating with a first terminal device used by a first user who is permitted to access first information whose access is restricted by authentication using authentication information and who knows the authentication information, a second accepting authorization for user access and obtaining said authentication information;
From the first terminal device to an electronic device that stores the first information and transmits first image information representing a first image including the first information to a transmission source of the authentication information upon receipt of the authentication information acquiring the first image information from the electronic device by transmitting the acquired authentication information;
causing the second terminal device to display the first image by transmitting the first image information acquired from the electronic device to the second terminal device used by the second user;
A server device that runs Obtaining the authentication information includes:
Second image information representing a second image for permitting the application and inputting the authentication information, triggered by receiving an application requesting permission to access the first information from the second terminal device sending an address to the first terminal device; and
accepting the permission and acquiring the authentication information input to the first terminal device by communicating with the first terminal device displaying the second image;
The server device according to claim 1, comprising: Obtaining the authentication information includes:
3. The server device according to claim 2, further comprising canceling acquisition of the authentication information if the authentication information is not input within a predetermined period of time after receiving the application. Obtaining the authentication information includes:
4. The method according to claim 2 or 3, further comprising canceling acquisition of the authentication information if withdrawal of the application is accepted from the second terminal device after acceptance of the application and before acceptance of the permission. server equipment. wherein the first user specifies a period of time for which access is permitted when permitting access to the first information by the second user;
transmitting the first image information acquired from the electronic device to the second terminal device,
When a period for permitting access by the second user is accepted from the first terminal device together with the permission, after the accepted period elapses, the transmission of the first image information to the second terminal device is stopped. 5. The server device according to any one of claims 1 to 4, comprising: The electronic device stores a plurality of types of the first information,
wherein the first user designates the first information for which access is permitted among a plurality of types of the first information when permitting the second user to access the first information;
transmitting the first image information acquired from the electronic device to the second terminal device,
6. The method according to any one of claims 1 to 5, wherein said first image information representing said first image including said first information specified by said first user is transmitted to said second terminal device. Server equipment as described. the first user can revoke the permission;
transmitting the first image information acquired from the electronic device to the second terminal device,
Stopping transmission of the obtained first image information to the second terminal device after receiving the cancellation of the permission from the first terminal device;
A server device according to any one of claims 1 to 6. First information whose access is restricted by authentication using authentication information is stored, and first image information representing a first image including the first information is sent to a transmission source of the authentication information upon receipt of the authentication information. a transmitting electronic device;
a first terminal device used by a first user who is permitted to access the first information and who knows the authentication information;
a second terminal device used by a second user;
A server device that communicates with the electronic device, the first terminal device, and the second terminal device,
The server device
receiving permission for the second user to access the first information and acquiring the authentication information by communicating with the first terminal device;
acquiring the first image information from the electronic device by transmitting the acquired authentication information to the electronic device;
causing the second terminal device to display the first image by transmitting the first image information received from the electronic device to the second terminal device;
Communications system. to the computer,
By communicating with a first terminal device used by a first user who is permitted to access first information whose access is restricted by authentication using authentication information and who knows the authentication information, a second accepting authorization for user access and obtaining said authentication information;
The acquired authentication information to an electronic device that stores the first information and transmits first image information representing a first image that includes the first information to a transmission source of the authentication information upon receipt of the authentication information. obtaining the first image information from the electronic device by transmitting
displaying the first image on the second terminal device by transmitting the first image information received from the electronic device to the second terminal device used by the second user;
program to run.

Images