JP4567228B2 - Authentication apparatus and method, network system, recording medium, and computer program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an authentication technique used when an information providing service is performed using, for example, a portable wireless terminal or other user terminal.
[0002]
Information tools (hereinafter referred to as “user terminals”) such as PDAs (Personal Digital Assistants) or notebook personal computers that can be connected to the Internet as appropriate using wired / wireless communication means, cellular phones with Internet connection functions or mail functions. ) Is popular. Such a user terminal is used as an Internet mail service terminal, providing information providing services for individual users from the server side, or providing services such as business communication between companies or companies, such as the Internet The active use of computer networks has recently become commonplace.
[0003]
Such a service is realized on the server side by controlling communication with the user terminal via the Internet and accompanying access to a specific server.
This type of service using the user terminal is usually provided only to a specific person managed by the service provider, that is, a person registered in advance. From this point of view, when executing the service as described above, an authentication procedure is required to confirm whether or not the person who requests the service is a person who is under the control of the service provider. Become.
[0004]
Authentication is generally performed using some permission information such as a user name or other user ID or password. That is, the user ID and password sent by the user from the user terminal are checked against the user ID and password managed by the service provider. If they match, the user is a valid person. Judge that is not a legitimate person. Only a user who is determined to be a legitimate person can enjoy a predetermined service prepared on the server side.
However, such an authentication method is not without defects. That is, if the user ID and password are stolen by another person, the other person can use it to impersonate a legitimate user.
[0005]
[Problems to be solved by the invention]
An object of the present invention is to provide a new authentication technique that can surely prevent the above-mentioned “spoofing” problem that could not be prevented even by using a conventional authentication technique. Another object of the present invention is to provide an application technique of the authentication technique.
[0006]
[Means for Solving the Invention]
The occurrence of “spoofing” is caused by the fact that the authorization information that has been used for authentication can be used regardless of the user terminal as long as it can be obtained. On the other hand, if information that is unique to the user terminal is used for authentication and authentication is made only by a legitimate user using that terminal, most of the spoofing can be prevented. be able to. The present invention has been made based on such knowledge.
[0007]
In the present invention, first, when a user terminal used by a user to which predetermined user identification information is assigned accesses the predetermined information, authentication as to whether or not the user terminal is legitimate is performed. The end of the An authentication apparatus configured as follows based on the assigned terminal identification information is proposed. That is, the authentication device of the present invention The email address addressed to the user terminal is User identification information In association with The recorded user identification information recording means, the user identification information of the user who uses the user terminal from the user terminal and the received user identification information, and the user identification information recorded in the user identification information recording means Are the same User identification information determination means for determining whether or not, and the received user identification information Are the same Is determined, Content that the user cannot substantially know Terminal identification information generating means for generating terminal identification information and transmitting the terminal identification information to the user terminal; Generated The terminal identification information The terminal is registered and sent to the e-mail address specified by the user identification information to the effect that the terminal identification information has been registered, and the terminal receives the e-mail until there is approval from the user Control means for stopping the use of identification information When, Said When a user terminal accesses predetermined information, the user Accept terminal identification information sent in a form that the operator cannot know from the terminal, The received terminal identification information and the above Registered Contrast with device identification information Whether the use of the registered device identification information has been suspended Authentication means for determining Said Terminal identification information Use has not been stopped A permission means for permitting the access by the user terminal.
[0008]
This authentication apparatus can execute processing for issuing terminal identification information unique to a user terminal to each user terminal and processing for performing authentication using the terminal identification information. In other words, the information used for authentication in this authentication device is terminal identification information unique to each user terminal. Therefore, if something tries to impersonate another user, the user terminal of the user who is impersonating It is essential to obtain Therefore, this authentication device has higher authentication reliability than the conventional authentication device. In addition, when the terminal identification information is issued to each user terminal by this authentication apparatus, user identification information unique to each user is used. The terminal identification information is practically unknown to the user. Then, the generated terminal identification information is registered, and an e-mail indicating that the terminal identification information has been registered is transmitted to the e-mail address specified by the user identification information, and approval from the user who has received this e-mail Until there is, the use of the terminal identification information is stopped. Therefore, according to the authentication apparatus of the present invention, the possibility of impersonation can be greatly improved by combining terminal identification information, which in principle cannot be known by each user, with user identification information known by each user. Can be reduced. However, this authentication apparatus may be configured to use not only the terminal identification information but also the user identification information when executing the authentication process. Note that “access” in this specification is a concept including various instructions such as a FAX instruction and a print instruction in addition to requesting and obtaining information.
[0009]
This terminal identification information Is User terminal indicated by each terminal identification information by access Was allowed It may be recorded in combination with range information indicating the range of information. In this case, the permission means may permit the user terminal to access in the range indicated by the range information. As described above, the range information is stored in the user terminal. by access Was allowed It is information indicating the range of information. For example, the information includes an access destination address registered in advance for each user terminal. With this range information, it is possible to know what information the user terminal performs when accessing.
[0010]
The user identification information may be any information as long as it is unique for each user who can identify each user. For example, the user identification information can consist of a set of ID and password assigned for each user.
The range information described above can be, for example, a combination of the above address and the user identification information.
Further, one set of ID and password is associated with one user identification information, and the one set of ID and password may be assigned as a general ID and password when there are a plurality of access destinations. good. In this case, the authentication apparatus may further include a unit that collectively stops or cancels the use of the general ID and password.
[0011]
The authentication apparatus of the present invention also has means for holding a program for transmitting the terminal identification information included in the user terminal to be authenticated to the user terminal to be authenticated, and transmits the program to the user terminal that has requested authentication. It is also possible to further comprise means for In this way, terminal identification information can be transmitted to the authentication device even from a user terminal that does not give any special function.
The above-mentioned program may be for sending the terminal identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know. The program in this case may be extinguished after the user terminal that has requested authentication transmits the terminal identification information.
The user terminal may be provided with means for recording this program. In such a case, the terminal identification information is transmitted from the user terminal requesting authentication to the authentication device by a function formed by starting the program recorded in the above-described means for recording the program. May be.
As such a program, for example, a Java program can be used, and a JVM (Java vertical Machine) or KVM (compact JVM for a portable terminal such as a mobile phone) can be used as an execution environment thereof.
This program may be one that realizes transmission of the terminal identification information to the authentication device by the cooperation of the program and predetermined hardware provided in the user terminal, and the predetermined hardware provided in the program and the user terminal. The terminal identification information may be transmitted to the authentication device in cooperation with the user terminal and a predetermined program of the user terminal.
[0012]
A portable wireless terminal can be used as the user terminal. Examples of the portable wireless terminal include a mobile phone, a PHS (Personal Handyphone System), a PDA (Personal Digital Assistants) using a mobile phone or PHS, or a notebook computer.
[0013]
The information to be accessed by the user terminal exists, for example, in a predetermined network where security is required, and at least part of the information is maintained in a common content with a file existing outside the network. Can be recorded information of common files.
[0014]
Authentication device of the present invention Yu Sent from the user in the form of an email User approval Means to accept and accepted Approval Detect the email address from which the email was sent, Addressed to the user terminal The means for collating with the e-mail address and the process of canceling the stop of the use of the general ID and password collectively when the two e-mail addresses match as a result of the collation, or when both e-mail addresses do not match And means for executing one of the processes for collectively stopping the use of the general ID and password. Further, means for recording the telephone number of the mobile phone used by each user in association with the user identification information assigned to each user, and the above-mentioned information transmitted from the user in the form of telephone communication User approval Means to accept and accepted Approval And the means for collating the telephone number with the telephone number recorded in the means for recording the telephone number, and when the two telephone numbers match as a result of the collation, Means for executing one of a process for canceling suspension of the use of IDs and passwords at once, or a process for collectively stopping the use of IDs and passwords when both telephone numbers do not match. It may be.
[0015]
The present invention relates to a first server that records information that can be accessed by a user terminal, and an authentication device that authenticates whether or not the user terminal attempting to access the information recorded in the first server is valid. The first server searches for the corresponding information in response to the access from the user terminal determined to be valid, and sends the searched information to the user terminal that is the source of the access The present invention can also be applied to a network system configured as described above. In this case, the authentication device The email address for the user terminal is Predetermined user identification information assigned to the user In association with The recorded user identification information recording means, the user identification information of the user who uses the terminal from the user terminal and the received user identification information, and the user identification information recorded in the user identification information recording means Are the same User identification information determination means for determining whether or not ,in front User identification information Are the same Is determined Content that the user cannot substantially know Generate terminal identification information And Terminal identification information generating means for transmitting the terminal identification information to the user terminal; Generated The terminal identification information The terminal is registered and sent to the e-mail address specified by the user identification information to the effect that the terminal identification information has been registered, and the terminal receives the e-mail until there is approval from the user Control means for stopping the use of identification information When, Said When a user terminal accesses predetermined information , Accepting terminal identification information transmitted from the user terminal in a form unknown to the operator, The received terminal identification information and the above Registration Compared with the terminal identification information Whether the use of the registered device identification information has been suspended Authentication means for determining Said Terminal identification information Use has not been stopped A permission unit for permitting the access by the user terminal.
[0016]
The present invention can also be applied to a network system in which the first server can be connected afterwards. In this network system, means for enabling communication in a predetermined network with a first server that records information accessible by a user terminal and a user terminal trying to access the information through the network are valid. And an authentication device that performs authentication of whether or not. The first server is configured to search for corresponding information in response to an access from a user terminal determined to be valid, and to send the searched information to the user terminal that is the source of the access. . In addition, the authentication device The email address for the user terminal is User identification information assigned to the user In association with The recorded user identification information recording means, the user identification information of the user who uses the terminal from the user terminal and the received user identification information, and the user identification information recorded in the user identification information recording means Are the same User identification information determination means for determining whether or not ,in front User identification information Are the same Is determined, Content that the user cannot substantially know Generate terminal identification information And Terminal identification information generating means for transmitting the terminal identification information to the user terminal; Generated The terminal identification information The terminal is registered and sent to the e-mail address specified by the user identification information to the effect that the terminal identification information has been registered, and the terminal receives the e-mail until there is approval from the user Control means for stopping the use of identification information When, Said When a user terminal accesses predetermined information , Accepting terminal identification information transmitted from the user terminal in a form unknown to the operator, The received terminal identification information and the above Registration Compared with the terminal identification information Whether the use of the registered device identification information has been suspended An authentication means for determining whether or not Said Terminal identification information Use has not been stopped A permission means for permitting the access by the user terminal.
[0017]
The first server is a second server existing outside the network in the network (a server having a common file in which at least a part of the recorded information of the first server and its recorded information are maintained in common with each other); It may be connected by a dedicated line or a virtual dedicated line. In this case, the authentication device accesses the record information of the common file of the first server. When receiving the terminal identification information Configure as follows. In the case of a network system in which the first server and the second server are connected, each of these servers, when there is a change in the recording information of its own common file, sends the difference data before and after the change to the other server. In addition, when the difference data is received from the other server, a copy task for copying the difference data to its own common file can be automatically executed. A configuration in which the second server is provided corresponding to each of the plurality of first servers is also possible according to the present invention.
[0018]
The authentication apparatus provided in the network system of the present invention includes an extraction unit that extracts information transmitted from the first server to the user terminal, and data regarding transmission information indicating what information is transmitted for each user terminal. Transmission information recording means for recording the information may be further provided.
Alternatively, the information processing apparatus may further include transmission information presenting means for generating data for displaying the transmission information about the user terminal on the display of the user terminal based on the data recorded in the transmission information recording means. May be.
With such an authentication apparatus, it is possible to display transmission information about information once used by the user on the user terminal in a state like a headline, which is convenient for the user.
[0019]
The former network system and the latter network system to which the first server is connected are groupware for each user company (generally, the term groupware is a computer that supports work performed by a group having a common job or purpose) Although this refers to software, in this patent specification, it means a concept including hardware resources for realizing it.) It is possible to easily construct an environment for realizing.
The forms of business in companies are diversified, and it is rare for a business to converge by itself. Usually, a plurality of people use a groupware to work together. The groupware, for example, connects a plurality of user terminals (client terminals) operated by employees and a first server that accepts access from the user terminals under a certain condition to an intranet protected by a firewall. And a computer program for forming a user interface function and a security function.
[0020]
Usually, an Internet provider's WWW (World Wide Web) server is also connected to the intranet, and electronic mail can be exchanged from an external terminal via the Internet in the intranet.
If a server that manages the company's in-house information is provided on the company intranet and an environment that allows the above-mentioned various terminals to be connected to this server is established, employees of the company can access the company information from any location at any time. Therefore, it is extremely preferable as a utilization form for business of a company. However, in order to utilize the intranet, there are the following problems.
(1) In the internal information access mode premised on the use of the Internet mail service, a WWW server operated by a person who does not have a confidentiality obligation is interposed, so it is not known whether sufficient security can be ensured.
(2) In order to ensure security, for example, various terminals for realizing groupware are all connected by a dedicated line, or the intranet of the company head office and the intranet of each branch and the intranet of the head office and each branch Although it is conceivable to connect all of them with dedicated lines, in that case, it is inevitably necessary to lay a large number of dedicated lines, resulting in a dramatic increase in the cost of maintaining the operation, resulting in high costs.
(3) When trying to use an existing Internet mail service for business, for example, the number of characters in a single e-mail depends on the service conditions set by the mobile phone service provider, depending on the service conditions set by the provider. Because there are restrictions on the number of mails that can be stored in the mail server, the format of attached documents, etc., it becomes difficult to send large data, and in the case of mobile phones, the operation method of the mail function differs slightly depending on the model. The groupware has poor operability because it is difficult to provide uniform education and proficiency regarding the operation. (4) An enterprise staff who has received a notification from a mobile phone manually activates the application program of the notification contents, or a computer prepared in a specific service provider by wired communication stores an application program registered in advance as a digital wired terminal Although it has been conventionally performed to decode and automatically execute the control signal input from the above, it does not use the existing infrastructure by the above service provider etc. The application program prepared in the above is not activated and executed arbitrarily from a mobile phone terminal or the like at present, and there remains a problem in the extensibility of groupware.
Each network system described above solves such a problem.
[0021]
The present invention also relates to whether or not a user terminal trying to access the information is valid in a network system in which the first server in which information that can be accessed by the user terminal is recorded in a predetermined network exists. An authentication device for performing authentication is arranged, and the authentication device The email address for the user terminal is User identification information assigned to the user In association with Record it, Said The user identification information of the user who uses the user terminal is received from the user terminal, and the received user identification information is Registration User identification information Whether or not Judgment When it is determined that the user identification information is the same, the content of the content that the user cannot substantially know Generate terminal identification information and transmit the generated terminal identification information to the user terminal Registration Aside, Sending an e-mail indicating that the terminal identification information has been registered to the e-mail address specified by the user identification information, and using the terminal identification information until approval is received from the user who has received the e-mail And stop When a user terminal accesses predetermined information Accepts terminal identification information transmitted from the user terminal in a form unknown to the operator, Accepted terminal identification information and already Registration In contrast with the terminal identification information Whether the use of the registered device identification information has been suspended Determine whether Use of the terminal identification information has not been stopped An authentication method for a user terminal in a network system is provided that permits the access by the user terminal.
[0022]
The present invention also includes a first server that records information accessible to a user terminal in a predetermined network, and the first server searches for the corresponding information in response to a request from a valid user terminal. A computer program for causing a computer deployed in a network system that sends searched information to the user terminal to execute the following processing is provided. (1) beforehand The email address addressed to the user terminal is Predetermined user identification information assigned to the user In association with Process to record, (2) Said User identification information of a user who uses at least the user terminal is received from the user terminal, and the received user identification information is already recorded. Whether or not Judgment When it is determined that the user identification information is the same, the content of the content that the user cannot substantially know Processing for generating terminal identification information, (3) while transmitting the generated terminal identification information to the user terminal Registration Process to keep, (4) Sending an e-mail indicating that the terminal identification information has been registered to the e-mail address specified by the user identification information, and identifying the terminal until approval is received from the user who received the e-mail Processing to stop the use of information, ( 5 ) When a user terminal accesses certain information , Accepting terminal identification information transmitted from the user terminal in a form unknown to the operator, Accepted terminal identification information and already Registration In contrast with the terminal identification information Whether the use of the registered device identification information has been suspended Process to determine whether ( 6 ) Use of the terminal identification information has not been stopped Processing to permit the access by the user terminal.
[0023]
DETAILED DESCRIPTION OF THE INVENTION
Next, preferred embodiments of the present invention will be described with reference to the drawings.
<Overall configuration>
FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied. The network system according to the present embodiment is a network system that can be constructed afterwards, having a secure intranet LN installed in a management company in which a public communication network DN is laid.
The intranet LN has a plurality of segments Sa to Sn that can be connected to the dedicated line network PN.
The segments Sa to Sn are allocated to deploy the host servers 10a, 10b,... That are the first servers of the user companies to be managed.
An authentication server 1, a firewall (FW) 11 and a router 12 are provided in the vicinity of the entrance of the intranet LN, and only specific access from the legitimate user terminal T1 passes through any of the intranet LN. It is guided to the segments Sa to Sn. That is, security against access from outside the intranet LN is maintained.
[0024]
Access from the user terminal T1 to the firewall 11 includes a mobile phone network MN including a wireless network WN, a public communication network DN connected via a router 14 in the mobile phone network MN, and the public communication network DN. It is guided through the router 12 connected through the network.
The mobile phone network MN is managed by a business entity that provides a communication service business using a mobile phone.
Note that the mobile phone mentioned here includes not only a narrowly-defined mobile phone (mobile phone radio) but also a PHS.
[0025]
The user terminal T1 is a combination of a terminal such as a notebook personal computer or PDA and the above mobile phone. In the case of an intelligent mobile phone (a mobile phone having an information processing mechanism), the mobile phone alone can be a user terminal.
A browser program for forming a browser screen is installed in the user terminal T1. This browser program may be installed in the user terminal T1 from the beginning, and may be transmitted as the “Java applet (Java is a trademark of Sun Microsystems, USA)” from the host server 10 each time. good.
[0026]
The user terminal T1 incorporates a predetermined recording medium for recording terminal identification information described later. This recording medium is at least capable of writing information, and is composed of, for example, a RAM. When the user terminal T1 is a Java-compatible i-mode mobile phone terminal, the recording medium is composed of a scratch pad.
The user terminal T1 is also loaded with a program for reading and transmitting the above-described terminal identification information. For example, a program described in a language other than Java is installed. Further, the user terminal T1 is provided with an environment in which the terminal identification information can be read from the ROM in the case of a mobile phone by using KVM which is one of Java execution environments. ing.
The user terminal T1 is also provided with an input unit composed of a numeric keypad and the like, and can input an ID (authentication ID and user ID described later) and a password (authentication password and user password described later). ing.
[0027]
As is well known, the mobile phone network MN is provided with a DNS (Domain Name Server) 30 and the Internet IN is also provided with a global DNS 40. The DNS 30 and the DNS 40 have an address table that describes the correspondence between domain names and IP (Internet Protocol) addresses. By referring to the address tables, the address difference at the time of access can be resolved. It has become.
[0028]
The leased line network PN is a communication network composed of a set of leased lines or virtual leased lines (for example, a line (virtual private network) in which a public line is virtually dedicated between parties using encryption technology and capsule technology). It is.
As the private line network PN, a so-called next-generation communication network (for example, a private line network called “PRISM (registered trademark of Japan Telecom Co., Ltd.)”) is in the field of practical use. Since the access point is prepared, using this can reduce the operation cost.
In the present embodiment, local servers 20a and 20b, which are examples of the second server of a user company located in a remote place, are connected to the dedicated line network PN from the nearest access point, and are handled via this dedicated line network PN. The host servers 10a and 10b are connected in such a way that bidirectional communication is possible.
[0029]
<Intranet Configuration> FIG. 2 shows a detailed configuration example of the intranet LN.
FIG. 2 shows an example of an intranet LN composed of five segments Sa to Se. Each segment, for example, segment Sa has a plurality of connection ports. One of them is connected to the host server 10 a and the other one is connected to the router 13. By connecting a specific line of the private line network PN to the port of the router 13, the user company can use the segment Sa individually.
Note that a switching hub (intelligent communication path switching device) or router may be provided between the segment Sa and the private line network PN, and connected to the private line network PN via this. The same applies to the other segments Sb to Se.
[0030]
In the state where the host servers 10a to 10e are arranged at the connection ports of the segments Sa to Se, and the local servers are connected to the host servers 10a to 10e via the switching hub 14 and the dedicated line network PN, the intranet LN A secure housing is constructed.
That is, since all the host servers 10a to 10e and the corresponding local servers are connected by the private line network PN, there is no room for a third party to intervene, and the segments Sa to Se in which the respective host servers 10a to 10e are deployed are Since each is protected by the firewall 11, it becomes a housing that is difficult for an unauthorized access person to enter.
Therefore, by allocating the individual segments Sa to Se of such a housing for the user company, it becomes possible for the user company to construct a secure private network environment (or groupware environment) at a low cost. .
[0031]
<Router configuration>
The routers 12, 13, and 14 perform routing (path control) in the third layer (network layer) of the OSI (Open Systems Interconnection) basic reference model. Since they are connected at the network layer, data can be relayed even if the second layer (data link layer) and below of the OSI basic reference model are different. Since the routers 12, 13, and 14 also have a route setting function, it is possible to connect different networks such as the intranet LN and the public communication network DN, and the intranet LN and the private line network PN.
[0032]
FIG. 3 is a diagram illustrating a configuration example of a router. In order to perform bidirectional routing, the router symmetrically provides a reception receiver RR and a reception buffer RB, a transmission driver SD and a transmission buffer SB with respect to the transmission paths R1 and R2, and further includes a routing execution unit U1, NAT. (Network Address Translation) table NT, RIP (Routing Information Protocol) execution unit U2.
The reception receiver RR receives data from the transmission lines R1 and R2. The reception buffer RB stores received data. The transmission driver SD transmits (transfers) data to the transmission paths R1 and R2. The transmission buffer SB stores data to be transmitted (transferred). The routing execution unit U1 processes the received RIP, performs address conversion, and establishes a communication path. The RIP execution unit U2 sends a necessary RIP to the transmission lines R1 and R2. In the NAT table NT, an address used at the time of address conversion, that is, “Destination” indicating a destination address and “Source” indicating a destination address are recorded.
[0033]
FIG. 4 is a diagram showing an example of the contents of the NAT table provided in the router 12 outside the intranet LN. 4A shows an example of a NAT table for routing data from the public communication network DN to the firewall 11, and FIG. 4B shows an example of a NAT table for routing data from the firewall 11 to the public communication network DN. Show.
“2xx.111.22.33” is the IP address of the local server 20 of the user company registered in the domain, “1xx.111.22.33” is the IP address of the host server 10, and “2xx.444.55.6”. Is the IP address of the calling terminal on the Internet, and “1xx.444.55.6” is the IP address of the calling terminal that can be recognized by the intranet LN. By setting the NAT table as shown in FIG. 4, the intranet LN can be accessed with an IP address different from the Internet.
[0034]
In the router 13, the address of the transmitting terminal that has passed through the firewall 11 and the address of the host server to be managed are set in the NAT table. By setting the NAT table in this way, a communication path control unit that selectively establishes a communication path between an access terminal that has passed through the firewall 11 and a segment (a host server arranged therein) is realized. be able to.
When a router is used instead of the switching hub 14, the address is set in the NAT table in the same procedure.
[0035]
<Host server and local server>
Host servers (10a and 10b in FIG. 1; 10a to 10e in FIG. 2; hereinafter, denoted by reference numeral 10 with the suffix omitted if there is no need to identify individual) and local servers (20a and 20b and below in FIG. 1) In the case where it is not necessary to identify individual objects, the suffix is omitted and represented by reference numeral 20).
In principle, one local server 20 corresponds to one host server 10 and is connected via a dedicated line network PN. However, a plurality of local servers 20 may correspond to one host server 10, and each local server 20 is connected to a unique LAN (Local Area Network) to which one or a plurality of client terminals are connected. Also good. In short, it is sufficient that the host server 10 existing in the intranet LN and the local server 20 existing outside the intranet LN have a one-to-one correspondence.
[0036]
The host server 10 has a web mail server function capable of transferring data, a search function, a copy function, and a scheduler function, and further includes a database including a mail file, a schedule file, and the like, which are information to be accessed by the user It is.
The search function is a function for searching for a corresponding file in the database, and the copy function is a function for starting and executing a copy task for copying data corresponding to the database change with the local server 20. The schedule function is a function for managing a schedule file prepared for each registered user company.
The local server 20 is a computer having at least the above copying function and a database.
[0037]
Although not necessarily required, in this embodiment, at least a part of the files in the database of each of the host server 10 and the local server 20 is a common file that is maintained in the same content as that of the other server. Is done.
When the host server 10 and the local server 20 constitute groupware, they are common files that are common contents in the groupware.
For example, the contents of the mail file and schedule file in the local server 20 become the contents of the mail file and schedule file in the host server 10 as they are.
Therefore, accessing the common file of the host server 10 is substantially equivalent to accessing the common file managed by the local server 20.
[0038]
Various forms for maintaining the contents of the common file of the host server 10 and the local server 20 in common can be considered. In this embodiment, this is realized by executing a copy task with each server.
That is, when the local server 20 changes its own common file, the difference data before and after the change is sent to the host server 10, and when the difference data is received from the host server 10, the difference data is transferred to its own file. Copy to a common file. The copying task when the common file of the host server 10 is changed is similarly performed.
[0039]
<Configuration of authentication server>
Next, the authentication server 1 will be described. The authentication server 1 corresponds to the authentication device according to the present invention. When there is an access request from the user terminal T1 to the information recorded in the common file of the host server 10, the user terminal T1 is valid. When the user terminal T1 that has requested access is authenticated, the access by the user terminal T1 is permitted.
[0040]
The authentication server 1 is realized by a server main body and a computer program recorded on a computer-readable recording medium.
The computer program is normally recorded in a recording device provided in the server main body, and the CPU of the server main body is appropriately read from the recording device and executed. However, a computer program such as a CD-ROM or a DVD-ROM is acceptable. It may be recorded on a portable recording medium. Alternatively, it may be downloaded through a predetermined computer network.
[0041]
FIG. 7 is a functional block diagram formed by the CPU of the server main body reading and executing the above computer program. In the present embodiment, an input / output unit 31 and a processing unit 32 are formed.
The input / output unit 31 performs communication while controlling the data input / output with the user terminal T1 or with the host server 10. More specifically, for example, user identification information and terminal identification information (both will be described later) are received from the user terminal T1, or authentication results are returned to the user terminal T1 to control subsequent data entry and exit. Or the authentication result is notified to the host server 10. The input / output unit 31 also guides subsequent access of the user terminal T1 to the host server 10 when the authentication result is guided to the host server 10.
[0042]
The processing unit 32 performs authentication and processing related to authentication, and can exchange data with the input / output unit 31. As shown in FIG. 7, the processing unit 32 in this embodiment includes a control unit 32a, a terminal identification information issuing unit 32b, a program transmission unit 32c, an authentication unit 32d, an identification information recording unit 32e, a transmission information management unit 32f, and a transmission. The information recording unit 32g is provided with the function.
[0043]
The control unit 32a controls basic operations of the entire apparatus. The terminal identification information issuing unit 32b, the program transmission unit 32c, the authentication unit 32d, the information recording unit 32e, the transmission information management unit 32f, and the transmission information recording unit 32g all operate under the control of the control unit 32a.
The control unit 32a also has a part of the function of the permitting unit in the present invention. When the authentication unit 32d described later authenticates the user terminal T1 that requires authentication as a valid one, the server by the user terminal T1 Access to the recording information of 10 common files is permitted.
The control unit 32a also has a function of generating data for displaying transmission information about each user terminal T1 on the display of the user terminal based on data to be described later recorded in the transmission information recording unit 32e. Have. In this respect, the control unit 32a also has a function as sending information presenting means in the present invention.
[0044]
The terminal identification information issuing unit 32b has functions of a terminal identification information issuing unit and a terminal identification information generating unit in the present invention.
The terminal identification information issuing unit 32b receives user identification information assigned in advance to a user who uses the user terminal T1 from the user terminal T1 requesting access. The received user identification information is compared with the assigned user identification information recorded in the identification information recording unit 32g as will be described later. It has a function of determining whether it is the same as any of the user identification information recorded in the identification information recording unit 32g. When the received user identification information is the same as any of the user identification information recorded in the identification information recording unit 32g, the user terminal T1 is authorized by the access requester based on the user identification information. The terminal identification information recorded in the user terminal is generated and transmitted to the user terminal.
In addition to being sent to the user terminal, the terminal identification information is also sent to the identification information recording unit 32g, where it is recorded.
The user identification information is unique information that can identify each user from other users, and is not limited to this. In this embodiment, the user identification information includes a user ID and a password. The user identification information is assigned in advance to each user and recorded in the identification information recording unit 32g. For example, the user identification information may be appropriately assigned to each user by the network administrator, or may be appropriately selected by each user under the management of the network administrator for the purpose of preventing duplication. . On the other hand, the terminal identification information is unique information that can identify each user terminal T1 from other user terminals T1.
[0045]
The program transmission unit 32c transmits, for example, a program described in Java to the user terminal when an access request is received from the user terminal T1. Such transmission is performed via the input / output unit 31 described above. The program may be transmitted each time a request is received from the user terminal T1, and only when an access request is first received from the user terminal T1, or the user terminal T1 does not have the program. It may be performed only in cases.
This program is a program for transmitting the terminal identification information from the user terminal T1 to be authenticated.
[0046]
When an access request from the user terminal T1 arrives at the authentication server 1, the authentication unit 32d determines whether or not the user terminal T1 is appropriate.
Specifically, the authentication unit 32d receives the terminal identification information received from the user terminal T1 that is requested for authentication and the terminal identification information recorded in the information recording unit 32e, received via the input / output unit 31. Judgment is made by looking at the consistency of.
In this way, the authentication unit 32d determines the validity of the access requester based on the consistency of the terminal identification information, but determines the validity of the access requester based on the validity of the terminal identification information and the user identification information. You may come to do.
In the information recording unit 32e, terminal identification information necessary for authentication is recorded. In this embodiment, user identification information is also recorded in the information recording unit 32e. The recorded terminal identification information and user identification information are for all of the plurality of user terminals T1 to be authenticated.
[0047]
An example of the authentication information is shown in FIG. Here, as a simple example, a set of a user ID (UserID) and a password (PASSWORD), and an authentication URL (for example, a desired host server 10 of the desired host server 10) as an example of range information in which each user terminal T1 is allowed to communicate. URL) is recorded as an authentication table in a one-to-one correspondence relationship with an individual number as an example of terminal identification information.
However, two or more user IDs may be assigned to one individual number. In this case, a different authentication URL is assigned to each user ID. In the example of FIG. 8, two user IDs are assigned to the individual number 00102, and different authentication URLs are assigned to the respective user IDs.
The user ID and password in this example are composed of only numbers, only alphabets, or a combination thereof.
[0048]
In the example of the authentication table shown in FIG. 8, the individual number and the authentication URL basically correspond one-to-one. Therefore, a simple system that only needs to consider the correspondence between one user terminal T1 (individual number) and one or two host servers 10 (authentication URLs) can be a preferable authentication mode.
Even when an individual number, a user ID, and a password are used for authentication, a pair of a user ID, a password, and an individual number, and an authentication URL, which are used for authentication, basically correspond one-to-one. Therefore, the user may log in with the currently known user ID / password according to the authentication URL to be accessed. This simplifies the login process. In a simple system, the point that can be a preferable authentication mode is as described above.
When a user accesses a plurality of host servers 10 with one user terminal T1 to receive services, or there are a plurality of service programs in one host server 10 and authentication is required for each of them, Since it is necessary to create a login screen for each host server or each service program and to hold a user ID and password, system maintenance management becomes complicated. In some cases, the user may lose the user terminal T1 or be stolen so that the user ID and password cannot be used. In such a case, since it must be performed for all host servers or service programs recorded in the authentication table, it becomes complicated.
[0049]
Accordingly, in the case of a large-scale system in which a large number of services may be provided by one user terminal T1, for example, an authentication master table shown in FIG. 9A and an authentication table shown in FIG. 9B (FIG. 8). The authentication data is managed in a hierarchical manner using the same as the above.
The authentication master table is a higher-level table of the authentication table linked by the individual number, and one field is prepared for one individual number. In each field, an authentication ID, an authentication password (authentication PSW), and a stop flag recording area (stop) for the user terminal are formed.
[0050]
The authentication ID (same as the user ID) is ID information serving as a master ID assigned to only one user terminal T1, and a plurality of user IDs are recorded in the authentication table of FIG. 9B (FIG. 8). Even if it is, it is used to justify authentication by using it. The same applies to the authentication password. The stop flag recording area is an updatable area. When the flag “1” is set, the stop flag recording area is used to stop all use of the authentication table for the user terminal T1.
When the stop is released, the authentication table can be used by deleting the flag “1”.
[0051]
In this way, by using the two tables in a hierarchical manner, even if there are a plurality of host servers 10 and service programs that can be accessed, the user only needs to know the authentication ID and the authentication password. Time work is simplified. Further, it is not necessary to create a login screen for each host server or service program, and even if the user terminal T1 is eliminated, it is sufficient to set “1” in the stop flag recording area. Therefore, the maintenance work of the system is also simplified.
[0052]
The authentication unit 32d receives the terminal identification information received from the user terminal T1 (although not limited to this, in this embodiment, the individual number automatically sent by the program from the authentication server becomes the terminal identification information. .) And the individual number recorded in the information recording unit 32e, and the user ID or authentication ID received from the user terminal T1 is compared with the user ID or authentication ID recorded in the information recording unit 32e. Further, the password received from the user terminal T1 is compared with the password or authentication password recorded in the information recording unit 32e.
The set of the received terminal identification information, user ID (authentication ID), and password (authentication password) matches the terminal identification information, user ID (authentication ID), and password (authentication password) for a certain user terminal T1. If it is, the user terminal T1 that has requested access authenticates that it is valid.
Information indicating that it is legitimate is sent to the control unit 32a together with the authentication URL information associated with the authentication table.
Receiving this, the control unit 32a guides the access from the user terminal T1 to the corresponding authentication URL. This enables communication between the accessing user terminal T1 and the target host server 10.
[0053]
The transmission information management unit 32f manages data to be recorded in the transmission information recording unit 32g.
The transmission information management unit 32f extracts information transmitted from the host server 10 to the user terminal T1, generates transmission information indicating what information is transmitted, and associates this with each user terminal T1, The information is recorded in the transmission information recording unit 32g. In this respect, the transmission information recording unit 32g has a function as an extraction unit. The transmission information management unit 32f also has a function of reading data recorded in the transmission information recording unit 32g. This read data is sent to the control unit 32a and used to generate data for displaying the transmission information on the display of the user terminal T1 in a visible state. This data is sent to the user terminal T1 via the input / output unit 31.
[0054]
The operation mode of the network system configured as described above is, for example, as follows.
As described above, since the segments Sa to Se of the intranet LN are allocated for the host servers of the user companies to be managed, they can be used for the user companies on a segment basis.
The form of use provided to the user company may be only the segments Sa to Se (in this case, the user company brings in the host server 10 and the local server 20 corresponding to the host server 10), and has a predetermined function. The segments Sa to Se in which the mounted host server 10 is deployed may be used. The latter is suitable when the user company already has a local server 20 corresponding to the host server 10.
[0055]
When the user company to be managed, the segment, and the host server 10 to be deployed in the intranet LN are determined, the system administrator can specify various conditions (protocols and system-specific data) for allowing the firewall 11 to pass access from the calling terminal. Format, the address of the host server 10, etc.), and the address of the host server 10 is registered in the address table of the router 13 in the intranet LN as the destination and source in the intranet LN. Further, the address of the host server 10 is registered in the connection source of the switching hub 14. Further, in the information recording unit 32e in the authentication server 1, terminal identification information (in this example, individual number), user identification information (in this example, user ID (or authentication ID), password (for each user terminal T1) Or authentication password))) and each data about the authentication URL.
[0056]
A member of the user company (usually an employee) operates the user terminal T1 to access information to a desired host server 10 using an IP address (for example, xxx@xxx.co.jp). It will be.
This access is transferred from the wireless network WN to the DNS 30 connected to the mobile phone network MN. The DNS 30 acquires a global IP address (for example, 2xx.111.22.33) for the user company from the global DNS 40 based on the domain name included in the access, and transfers this to the router 12.
[0057]
The router 12 converts the global IP address given by the DNS to the IP address (1xx.111.22.33) of the host server 10 by referring to the NAT table shown in FIG. The global IP address (2xx.444.55.6) of the terminal T1 is converted into an IP address (1xx.444.55.6). Then, the access is transferred to the firewall 11 using the routing function. The firewall 11 determines whether or not this access conforms to a pre-registered condition. If the access conforms, the firewall 11 passes it and forwards it to the authentication server 1.
The authentication server 1 determines whether or not the user terminal T1 that has made the access request is appropriate, and if it is authenticated as appropriate, sends the access to the router 13. This authentication process will be described later.
[0058]
The router 13 decodes the contents of the access, determines the corresponding segment and the host server 10, and transfers the access to the host server 10.
The host server 10 retrieves data corresponding to the access request from the common file and returns it to the router 12 via the router 13, the authentication server 1, and the firewall 11.
The router 12 refers to the NAT table shown in FIG. 4B, converts the address of the host server 10 into the IP address of the user terminal T1, and uses the routing function to send the reply data to the public communication network DN and the wireless network. Transfer to user terminal T1 via WN.
[0059]
A copy task is executed between the host server 10 and the local server 20 via the private line network PN, and the identity of the contents of the common file of both is maintained. The information to be processed has the same content as the possession information of the local server 20. Therefore, by using this network system, it is possible to easily realize a low-cost company-dedicated system in which security is ensured.
In particular, since the possession information (mail file, schedule file, etc.) of the local server 20 can be obtained securely from the user terminal T1 whose position is not specified, it is as if the user terminal T1 and the local server 20 were connected by a dedicated line. Since there is no third-party intervention, it is extremely convenient for handling in-house information.
Also, according to this network system, for example, all the information handled by the local server at the corporate head office and the local servers at a plurality of branch offices are made into a common file, which is centrally managed by the host server in the intranet LN. By making this common file accessible from any location at any time from the user terminal T1, it becomes possible to access consistent in-house information with a uniform operation, and preferable operation of groupware in a company. Form is easily realized.
[0060]
<Application example 1: In-house mailing system>
Next, application examples of the network system will be described.
Here, an example in which a specific segment of the intranet LN is assigned to a certain user company and applied to an in-house mailing system that uses the user terminal T1 to access in-house information of the user company will be described.
The “mail” here is a concept including not only a normal electronic mail document but also various list data, edited data, and various documents registered in advance. In addition, it is a web mail that can be attached to a document with no limitation on the number of characters that can be used and the number of stored items.
By using web mail, mail can be delivered with a unified operation independent of the model of the user terminal T1.
[0061]
As the user terminal T1, for example, an “i-mode terminal” provided by NTT DoCoMo, Inc., a mobile phone that can itself be a user terminal having a web mail function is widely used. Can be used.
However, the mail server is not an i-mode server for “i-mode terminal”, but uses a web mail server function prepared by the host server 10. As a result, while using the operating environment of the browser function that the “i-mode terminal” has as a standard, restrictions on various uses by the i-mode server, such as restrictions on the types and sizes of data that can be transmitted and received, etc. It can be released. In addition, it is possible to realize a unified operating environment that absorbs differences in models.
[0062]
As the host server 10 and the local server 20, a computer equipped with “DOMINO server (DOMINO (or Domino) is a trademark of the company, the same applies hereinafter)” provided by Lotus Corporation of the United States can be used.
The “DOMINO server” is equipped with functions suitable for carrying out the present invention, such as a communication function, a mail function, a server function (particularly an HTTP server function), a schedule function, and a copy function, as well as existing ones. It is convenient to use this because programming to improve the function is allowed.
Web mail server function suitable for implementing the present invention, for example, editing a menu list dedicated to in-house mail, adding fee information for each document, and automatically transferring a large amount of data according to the memory capacity of the recipient Sending in pieces, displaying the attached document in a limited display area on a mobile phone, or restricting the display when there are many email addresses, This can be easily realized by additionally creating an application program in addition to the standard mail function of the “DOMINO server”.
As a schedule function, a function of constantly monitoring the current time and extracting only the schedule after the current time can be easily realized by additionally creating an application program.
[0063]
FIG. 5 shows a functional configuration diagram of the host server 10 using the “DOMINO server”.
The host server 10 includes a CPU 101, a RAM 102, a ROM 103, a mail file 104 constructed in a fixed storage device such as a hard disk that can be read by the CPU 101, a mail address book, which operates under the management of a predetermined OS (operating system). And an employee database 105 that records personal information of employees, a document database 106 that records HTTP documents, a schedule file 107 that records in-house schedule data, and a communication adapter 108 that controls communication between the router 13 and the like. is doing.
In addition to the DOMINO engine, the replication task, the HTTP task, and the schedule management task that are standard equipment of the DOMINO server, the RAM 102 stores a program for realizing a web mail server function for employees. The ROM 103 stores a control program including BIOS (Basic Input Output System).
The DOMINO engine absorbs differences between platforms and network OSs and provides a unified operating environment, and can realize powerful document management functions including document integration and search.
[0064]
The HTTP task is a task that specifies a data file corresponding to the HTTP transmission request and converts it into an HTML format when an HTTP transmission request is received from a mobile phone. Since the extended URL can be used, the data file corresponding to the HTTP transmission request can be dynamically converted into the HTML format. The local server 20 can also use the DOMINO server described above.
[0065]
The host server 10 and the local server 20 maintain the common file identity by the replication task shown in FIG. That is, based on the configuration of each directory, a replication task is started at regular time intervals and compared with whether the common file of the self is different from the common file of the other party. If there is a difference, the difference data is transferred in both directions and reflected in the contents of the common file.
Duplication is performed on a field basis as shown. It differs from normal "file copy" in that only the changed fields are copied.
[0066]
Next, a usage pattern of the in-house mail system will be described with reference to FIGS.
(Advance preparation)
By operating a client terminal (not shown) on the local server 20 side in advance, a set of user ID and password is set as permission information. In this example, an employee ID is used as the user ID. The set contents are reflected in the employee database 105 of the host server 10. What is set here is information necessary for authentication and billing when accessing the intranet LN from the mobile phone. Identification data for each group is assigned to the employee ID or password in this example in order to enable charging for each group (department). Since charging when using a mobile phone is made according to the total amount of data (total amount of packet size), it is possible to count this for each identification data. In the employee database 105, a mobile phone address is set in advance.
Also, terminal identification information, user ID, password, and authentication URL information are set in the authentication server 1 in advance.
[0067]
(Create an address book for mobile phones)
The address of about 10 persons is extracted from the in-house address book of the employee database 105 so that it can be sent to a mobile phone at any time. In principle, this is performed at the client terminal.
The procedure in this case is shown in FIGS.
Referring to FIG. 10, first, a user address list in the in-house address book is displayed on a display device of a mobile phone as a user terminal (S101).
It waits for the occurrence of a click event (the displayed event selected by the operator's click operation, the same applies hereinafter) (S102), and if a click event has occurred, its contents are determined (S103).
If the click event is “selection field”, a selection mark is displayed in front of a specific person from the user address list, and the process returns to S103 (S104). In the case of the “copy button”, the data of the person with the selection mark is copied to the personal address book, and the process returns to S101 (S105). In the case of “end button”, end processing is performed (S106). As a result, a personal address book composed of addresses for several people is generated.
[0068]
When extracting an address to be actually used from the personal address book, processing is performed according to the procedure of FIG.
First, the list of user addresses in the personal address book is displayed on the display of the client terminal (S201). Waiting for the occurrence of a click event (S202), if a click event has occurred, the content is determined (S203).
If the click event is “selection field”, a selection mark is displayed in front of a specific person in the user address list, and the process returns to S203 (S204). In the case of the “copy button”, the data with the selection mark is sequentially copied to the mail file, and the process returns to S201 (S205). In the case of “end button”, end processing is performed (S206).
The process of extracting an address from the in-house address book and creating an address book for a mobile phone can also be performed from the mobile phone. However, in this case, it is not directly copied to the personal address book but directly selected from the in-house address book.
[0069]
(Authentication and information access)
Next, an operation procedure when a member of a user company accesses the host server 10 from a mobile phone will be described.
FIG. 12 is an explanatory diagram of the overall procedure of the information access method. First, an access request is made with a mobile phone. Simultaneously with the access request, a URL for the connection request destination is sent from the mobile phone to the authentication server. Next, a login screen is displayed on the display unit of the mobile phone (S301). As shown in FIG. 27A, a user ID (employee ID, the same applies hereinafter) and a password input area 51 are displayed on the login screen. When the user ID and password are input, login authentication is performed (S302). If authentication fails, the process returns to S302. If the authentication is successful, that is, if the user is an authorized user, the main screen is displayed (S303: Yes, S304). The main screen is as shown in FIG. 27B, for example, and displays a reception / transmission / search / planned event selection area 52 and a SUBMIT selection area 53.
[0070]
The above-described login authentication will be described in detail with reference to FIGS.
FIG. 13 is a diagram showing a procedure of individual number numbering processing performed prior to login authentication. As described above, an individual number unique to each user terminal T1 is used for authentication in this embodiment, and this individual number is assigned to each user terminal T1 by the authentication server S1.
This individual number is given to each user terminal T1 as follows.
First, the user terminal T1 is connected to the authentication server S1 (S3101). Specifically, the user terminal T1 is connected to the authentication server 1 by inputting a URL that uses the authentication server 1 as a connection request destination. When such a connection is made, a screen similar to that shown in FIG. 27A is displayed on the screen of the user terminal T1. The user inputs a user ID and a password assigned in advance to the user in the input area 51 in accordance with the screen instruction. Data about the input user ID and password is sent from the user terminal T1 to the authentication server S1. This data is sent to the terminal identification information issuing unit 32b in the processing unit 32 via the input / output unit 31 (S3102).
[0071]
The terminal identification information issuing unit 32b (see FIG. 7) determines whether or not the user ID and password indicated by the received data match any one of the user ID and password pairs recorded in advance in the identification information recording unit 32e. Is determined (S3103). If the user ID and password indicated by the received data match one of the user ID and password pairs recorded in advance in the identification information recording unit 32e (S3103: Yes), the terminal identification information issuing unit 32b It is determined that the access is valid (S3104). When it is determined that the access is valid (S3104), the terminal identification information issuing unit 32b generates data on the individual number unique to each user terminal T1 (S3105), thereby issuing the individual number. This is performed (S3106). Specifically, the individual number issuance process is performed by sending data on the generated individual number to the identification information recording unit 32e and the user T1.
As shown in FIG. 8, the data about the individual number sent to the identification information recording unit 32e is recorded in a state associated with the authentication URL, User Id (user ID), and PASSWORD (password) of the user terminal T1. The On the other hand, the data sent to the user terminal T1 is recorded on a recording medium built therein. When the user terminal T1 is, for example, a Java compatible i-mode mobile phone terminal, the data indicating the individual number is recorded on the scratchpad as described above. The individual number is recorded in the mobile phone terminal in a form that cannot be recognized by the user, and the user does not recognize the individual number assigned to the user terminal T1 in principle.
[0072]
If the user ID and password indicated by the received data do not match any of the user ID and password pairs recorded in advance in the identification information recording unit 32e (S3103: No), it is determined that the access is invalid. The In this case, the process returns to the data input / transmission process (S3102) for the user ID and password, and the process is performed again. This process is repeated until the correct user ID and password are input. If the correct user ID and password are not input after all, the process ends here. In addition, when the number of times of input of the user ID and password is set, and it is not determined that the access is valid even if the user ID and the password are input for the limit number of times, further The acceptance of the user ID and password may be stopped, and the process may be forcibly terminated there.
[0073]
For the assignment of the individual number, it is sufficient to execute the above processing, but in this embodiment, the following processing is further executed.
In this case, the identification information recording unit 32g is associated with each of the user identification information in addition to the user identification information including the user ID and the password, and the user identified by each user identification information is stored in the identification information recording unit 32g. The e-mail address to be used is recorded. This e-mail address is not necessarily limited to this, but in this embodiment, the e-mail address can be used by the user terminal T1 to which the individual information is sent (the user terminal T1 that the user intends to use in this system). ing.
Here, when the above-described individual number is issued, the control unit 32a reads the email address associated with the user identification information used when issuing the individual number from the identification information recording unit 32g, An e-mail for notifying the user that the registration of the individual number has been completed is transmitted to the e-mail address (S3107).
This mail is sent to a predetermined e-mail address recorded in advance in the identification information recording unit 32g regardless of whether or not the person who operated the user terminal T is a legitimate person.
It is practically possible for a third party who knows the user identification information by some method to perform the above-described processing for registering the individual number. However, it is unlikely that the third party knows the above-mentioned e-mail address registered in advance by a legitimate user, and even if the e-mail address is known, e-mail by the e-mail address Usually, an additional user ID password or the like is required to transmit / receive. Therefore, it is assumed that a third party who knows the user identification information of a certain user impersonates the legitimate user by using another user terminal T1 other than the user terminal T1 used by the user, thereby obtaining an individual number. However, the third party cannot receive the above-mentioned mail notifying that the registration is completed. On the other hand, even if the user who registered the user identification information and the e-mail address in advance performs the above-described process for assigning the individual number, the user himself / herself or the third party impersonating the user may perform it. The above-mentioned mail informing the completion of registration of the individual number is received from the authentication server 1.
If a legitimate user has performed the above-described process for assigning an individual number, the user who has received the above-mentioned e-mail notifying completion of individual number registration can understand the meaning of the e-mail. The user who has accepted this information sends an e-mail to the authentication server 1 by e-mail information to approve the registration. On the other hand, if a third party pretending to be a legitimate user has performed the above-described processing, the user who has received the above-mentioned e-mail notifying completion of individual number registration cannot understand the meaning of the e-mail. The user who has received this information sends an e-mail or other information to the authentication server 1 indicating that the registration is not approved. In any case, the authentication server 1 accepts information about whether or not to approve registration from the user.
As a result, the authentication server 1 can check whether or not the above-described procedure for assigning the individual number has been performed by a legitimate user.
When the authentication server 1 receives the above information, the information is sent to the control unit 32a. The control unit 32a determines whether or not the content indicated by the information indicates that the user has approved the procedure for assigning the individual number (S3109). If the user approves the procedure for assigning the individual number (S3109: Yes), the procedure for assigning the individual number is completed assuming that the above procedure for assigning the individual number is performed by a legitimate user. . On the other hand, if the user has not approved the procedure for assigning the individual number (S3109: No), it is determined that the above procedure for assigning the individual number has not been performed by the legitimate user (S3110). . In this case, the control unit 32a sets a stop flag for stopping the process of assigning an individual number using the user ID and password used for issuing the individual number and the process for login authentication described later ( S3111), the individual number assignment process is terminated.
For example, the flag is sent to the authentication server 1 in response to an e-mail notifying that the registration of the individual number has been completed. It remains as it is until the cause of the flag is elucidated, such as sending information that the registration is not approved. This prevents a third party from obtaining the individual number illegally.
[0074]
Note that there are the following variations in the processing after step (S3107).
First, in the above-described example, the user who has accepted the e-mail by the process of step (S3107) is to send information on registration approval by e-mail (the authentication server 1 accepts this information). (S3108)), alternatively, the user can send such information by telephone.
In order to realize this, in addition to information about the e-mail address used by the user, information about the telephone number used by the user may be recorded in the identification information recording unit 32g. This telephone number can be used at the user terminal T1 (the user terminal T1 that the user intends to use in this system) to which the individual information is sent. In this variation, after the individual number is issued, the registration of the individual number is completed in the mail sent to the e-mail address associated with the user identification information used when the control unit 32a issues the individual number. Information for notifying the user of this fact, and information for requesting a call to a predetermined telephone number in order to indicate whether or not to approve the registration completion. The user who has received this makes a call to the designated telephone number and sends information about registration approval. The device that has received access from the user terminal T1 may, for example, say, “The individual number has been assigned to the user terminal T1 of the user who made the phone call. Do you want to approve this? If not, please press the key 1 ”information for outputting a voice message from the user terminal T1 may be sent to the user terminal T1. The user who has heard the above-mentioned voice message operates the 0 or 1 key to transmit information for indicating that the individual number registration process is approved or not approved. This information is received by the authentication server 1 directly or indirectly. The control unit 32a of the authentication server 1 that has received this determines whether or not the above-described procedure for assigning the individual number has been approved by the user (S3109). The subsequent procedures are the same as described above. The merit of doing this is, for example, that the authentication server 1 sends the correctness of the other party who has transmitted the information about the approval of the registration process of the individual number, the telephone number recorded in the identification information recording unit 32g, and the information. It can be checked by checking the caller ID of the other party. Of course, even when using e-mail, the validity of the other party who sent the information is checked by checking the e-mail address of the sender with the e-mail address recorded in the identification information recording unit 32b. It is possible. However, it is technically much more difficult to tamper with the caller ID of the telephone than to tamper with the sender mail address by e-mail. Therefore, by implementing such a variation, the possibility of spoofing can be further reduced.
Moreover, the following can be mentioned as another variation.
In the above-described example, the control unit 32a determines whether or not the user has been approved based on the information about the approval of the registration process received by e-mail or telephone, and the user has approved the procedure for assigning the individual number. If (S3109: Yes), it is determined that the above-described procedure for assigning an individual number was performed by a legitimate user, and the user did not approve the procedure for assigning an individual number (S3109: No). If so, the above-described procedure for assigning an individual number is determined not to have been performed by a legitimate user (S3110). If it is determined that the legitimate user has performed the procedure for assigning the individual number, the procedure for assigning the individual number is terminated as it is, and it is determined that the unauthorized user has performed the procedure for assigning the individual number. If so, a stop flag is set (S3111). In this variation, the handling of the stop flag is reversed from that described above.
In this variation, a stop flag is set in the initial state. If it is determined that a legitimate user has performed a procedure for assigning an individual number, the stop flag is cleared, and the individual number or the like can be used, and the procedure is terminated. On the other hand, if it is determined that the unauthorized user has performed the procedure for assigning the individual number, the procedure is terminated with the stop flag set as it is. In this way, in principle, by restricting the use of individual numbers, etc., and allowing the use of individual numbers, etc. only when regular procedures are followed, the occurrence of spoofing can be further reduced. Become.
[0075]
FIG. 14 shows a specific procedure for log-in authentication performed on the principle that the procedure for assigning an individual number as described above has been performed.
As described above, the login authentication is started when the mobile phone makes an access request. Simultaneously with the access request, a URL for the connection request destination is sent from the mobile phone to the authentication server, and a login screen is displayed on the display unit of the mobile phone (S301). The process up to this point is as described above.
When the login screen is displayed, the authentication server 1 transmits to the mobile phone a program for reading out the individual number of the mobile phone and transmitting it to the authentication server 1 (S3201). More specifically, information indicating that an access request has been made is sent to the control unit 31 a via the input / output unit 31. Receiving this, the control unit 31a sends an instruction to transmit the program to the program transmission unit 32c. Based on this command, the program transmission unit 32 c transmits the above-described program to the mobile phone via the input / output unit 31.
In this example, the above-described program is written in Java, for example, and is executed on the KVM of the mobile phone. In any case, the mobile phone operates in an execution environment prepared for the mobile phone. This program activates a program that reads the individual number of the mobile phone from a scratch pad or the like. The function realization body thus generated sends the individual information read from the ROM or the like to the authentication server 1. This process is automatic. In addition, this process may be performed in a form that the user cannot recognize. Further, this program disappears after the function of reading the individual number held by the user terminal T1 and transmitting the data about the individual number of the user terminal T1 to the authentication device 1 is exhibited. It doesn't matter.
On the other hand, this program remains even after performing the function of reading the individual number possessed by the user terminal T1 and transmitting the data regarding the individual number of the user terminal T1 to the authentication device 1. May be. In this case, the above-mentioned program is recorded on a predetermined recording medium possessed by the user terminal T1, reads the individual number possessed by the user terminal T1, and transmits data about the individual number of the user terminal T1 to the authentication device 1. It is possible to read from the recording medium every time the function of performing is required. When such a program is used, the above-described transmission of the program is performed when there is an access request from the user terminal T1 and only when the access request is made for the first time. However, the program may be transmitted again if it becomes particularly necessary for some reason, such as when the program disappears from the recording medium. When the user terminal T1 is, for example, a Java-compatible i-mode mobile phone, the recording medium on which the program is recorded can be configured by a nonvolatile memory built therein.
If the user terminal T1 does not follow the above-described procedure for assigning an individual number and does not have an individual number, even if the above-described program is accepted and executed, or from a recording medium Even if the program is read and executed, the individual number is not transmitted from the user terminal T1 to the authentication server 1. When the individual number is not transmitted, the authentication server 1 asks the user to transmit the user ID and password, and executes the above-described procedure for assigning the individual number. In this case, a sequence from the individual number assignment to the authentication is performed in series.
[0076]
Upon receiving the individual number (S3202), the authentication unit 32d of the authentication server 1 determines whether or not this individual number matches any of the individual numbers recorded in the information recording unit 30d (S3203). If the received individual number does not match any of the recorded individual numbers (S3203: No), data for displaying information indicating that on the display of the mobile phone is generated, and this is stored in the mobile phone. (S3204).
In this case, the mobile phone is not authenticated as being legitimate, and the access from the mobile phone is not permitted.
In this embodiment, the control unit 32a generates data for displaying an image on the display of the mobile phone.
If the accepted individual number matches any of the recorded individual numbers (S3203: Yes), the process proceeds to the next step.
[0077]
Next, the user ID and password input by the user are received from the mobile phone (S3205), and the user ID and password are associated with the above-described individual number among the user ID and password recorded in the information recording unit 30d. It is determined by the authentication unit 32d whether or not they match (S3206).
Note that the reception of the user ID and password from the mobile phone (S3205) is performed independently of the reception of the individual number, and therefore may be executed prior to step S3011.
If the received user ID and password do not match the user ID and password recorded in the information recording unit 30d and associated with the above-described individual number (S3206: No), information indicating that Is generated to be displayed on the mobile phone display, and is sent to the mobile phone in the same manner as described above (S3204).
When the received user ID and password match those associated with the above-described individual number among the user ID and password recorded in the information recording unit 30d (S3206: Yes), the next step is performed. move on.
[0078]
When the individual number, the user ID, and the password are associated with each other and matched with the individual number, the user ID, and the password recorded in the information recording unit 30d, the mobile phone that requested the access is authorized However, in this embodiment, the following processing is performed in order to further increase the authenticity of authentication.
That is, whether or not the URL of the connection request destination that has been accepted matches the one associated with the accepted individual number, user ID, and password among the authentication URLs recorded in the information recording unit 30d. A determination is made (S3207). This determination is also performed by the authentication unit 32d. When the received URL does not match the one associated with the received individual number and user ID among the authentication URLs recorded in the information recording unit 30d (S3207: No), the same as the above case Then, the process proceeds to S3014. If they match (S3207: No), the mobile phone is authenticated as a legitimate one and the port is opened (S3208).
In this example, authentication is performed using terminal identification information that is an individual number, user identification information that is a user ID and password, and authentication URL, or using terminal identification information and user identification information. Although described, authentication may be performed using only the terminal identification information or using the terminal identification information and the authentication URL.
[0079]
Returning to FIG. 12, after that, it waits for the occurrence of a click event (S302), and when a click event occurs, its contents are determined (S303).
If the click event is “reception”, the reception process is performed according to the procedure of FIGS. 15 to 20 (S304). If it is “transmission”, transmission processing is performed in the procedure of FIG. 21 (S305). If it is “search”, search processing is performed according to the procedure of FIGS. 22 to 24 (S306). If it is “scheduled”, schedule processing is performed in the procedure of FIGS. 25 and 26 (S307). When these processes are completed, the process returns to step S302.
Hereinafter, the contents of the reception process, the transmission process, the search process, and the schedule process will be described in detail.
[0080]
= Reception processing =
The reception process in S304 will be described.
In the reception process, as shown in FIG. 15, the data is sorted in descending order by the reception date of the reception box of the mobile phone, and the data numbers are numbered sequentially from “1” to “+1” (S401). The sorted data is selected 10 items in ascending order, and the first item is set to START (first data number, the same applies hereinafter) (S402). Thereafter, the selected data is displayed in the reception list display area (S403). In the reception list display area, as shown in FIGS. 26 (c) and 26 (d), a subject area 54 and a charge area 55 representing charge information required for receiving the case are displayed as a pair. By displaying the charge information required for reception in this manner, the operator of the mobile phone can be informed of the data size and the cost at that time. The mobile phone operator (that is, the employee) looks at the subject title and the fee amount to determine whether reading the matter is appropriate for the cost, or guesses the time required for reception from the fee amount. To determine whether it should be read now or better to read later. In addition, a large amount of data, such as 20,000 words, is sent automatically while being divided by the mail function, so you can view it halfway and stop viewing the divided mail after that. Forms are also possible. Selection buttons for “Previous” and “Next” are also displayed below the reception list display area.
Waiting for the occurrence of a click event (S404), if a click event has occurred, its content is determined (S405).
If the click event is “next”, “+9” is set to START (S406), and 10 events are selected from START. When START is less than 10, only existing data is displayed (S407).
If the click event is “Previous”, “−9” is set to START (S408), and 10 events are selected from START. If START is less than 10, START is set to “1” (S409).
If the click event is “document number”, a received text display process is performed (S410).
[0081]
Details of the received sentence processing in S410 are as shown in FIG.
When it is detected that the operator of the mobile phone clicks the desired document number on the display unit (S501), the document with the clicked document number is displayed on the display unit (S502). The display at this time is, for example, as shown in FIG.
When there is an attached document, a notification indicating the presence is displayed on the display unit. This is due to the web mail server function of the host server 10. If the attached document is a table object or bitmap data, it can be displayed as an HTML document in accordance with the size of the display area by clicking on the notation of the attached document.
Also, assuming that there are a large number of document destinations, the destination portion in the frame of the received sentence is not displayed in advance. Thereby, only the text can be displayed on the display unit of the mobile phone. However, since the address information is managed on the host server 10 side, if you want to check the address from the mobile phone, you can indicate it from the browser screen (prepare an icon or command character). Can be displayed.
In the case of received sentence processing, a selection area 56 of “delete”, “reply”, “forward”, and “FAX” is displayed at the top of the display unit.
Waiting for the occurrence of a click event (S503), if a click event has occurred, its contents are determined (S504). The click event includes a “delete” process (S505), a “reply” process (S506), a “transfer” process (S507), and a “FAX” process (S508).
[0082]
The “deletion” process in step S505, that is, the process procedure when “deletion” is selected in the display content of FIG. 27E is as shown in FIG. The current document is deleted (S601), and “Deleted” indicating deleted is displayed (S602).
[0083]
The procedure of the “reply” process in step S506, that is, the process when “reply” is selected in the display contents of FIG. 27E is as shown in FIG.
First, a new reply document is created (S701). Then, the sender of the received document is set as the destination (S702), the characters “Re:” are added to the head of the subject of the received document (S703), and the new document is displayed (S704).
Waiting for the occurrence of a click event (S705), if a click event has occurred, its content is determined (S706). When the click event is “subject”, subject editing processing is performed (S707), when “content” is selected, document content editing processing is performed (S708), and when “new destination” is selected, new destination editing is performed (S709). In the case of “CC new”, a new editing process of CC (carbon copy) destination is performed (S710). After the completion, the process returns to S705.
[0084]
If the click event determined in step S706 is “destination”, the destination editing process is performed (S711). At this time, a list of mobile personal destinations (personal address book) is displayed (S712). Then, the selected destination is set as “TO” (S713). Thereafter, the process returns to S705.
If the click event is “CC”, CC destination editing processing is performed (S714). At this time, a list of mobile personal destinations (personal address book) is displayed (S715). Then, the selected destination is set as “CC” (S716). Thereafter, the process returns to S705. If the click event is “SUBMIT”, the new document is transmitted (S717), “Formprocessed” is displayed, and the reply process is completed (S718).
[0085]
The procedure of the “transfer” process in step S507, that is, the process when “transfer” is selected in the display contents of FIG. 27E is as shown in FIG. The processing contents (S801 to S818) are almost the same as those in FIG. 17, except that the characters “FW:” are added to the head of the subject of the received document in S803.
The “FAX” process in step S508, that is, the process procedure when “FAX” is selected in the display content of FIG. 27E is as shown in FIG.
First, a new document for FAX is created (S901). Then, the content of the received document is set in the content column (S902), the character “FW:” is added to the head of the subject of the received document (S903), and the new document is displayed (S904). Waiting for the occurrence of a click event (S905), if a click event has occurred, its content is determined (S906). When the click event is “subject”, subject editing processing is performed (S907), and when it is “FAX number”, fax number editing processing is performed (S908), and after completion, the processing returns to S905. If the click event is “transmission”, the new document is transmitted (S909), “Formprocessed” is displayed, and the FAX data transmission process is completed (S910).
The data transmitted in this way is FAX-printed with the FAX number destination. The above-described FAX printing may be realized as one of the functions of the DOMINO engine, and is realized by separately installing an application program for FAX printing on the host server 10 and starting it as needed. Also good.
[0086]
= Transmission processing =
Next, the transmission process in step S305 in FIG. 12 will be described.
In the transmission process, as shown in FIG. 21, a new document for transmission is created (S1001), and the new document is displayed on the display unit (S1002). The subsequent processing (S1003 to S1016) is the same procedure as steps S707 to S718 of the reply processing shown in FIG. However, the display content of the display unit of the mobile phone changes as shown in FIG.
[0087]
= Search processing =
Next, the search process in step S306 in FIG. 12 will be described.
The search process is executed when the user selects “Search” as shown in FIG. In this process, as shown in FIG. 22, first, the data in the search view is sorted in ascending order alphabetically, and 10 items are selected (S1101). Thereafter, the search list is displayed in the list display area (S1102).
It waits for the occurrence of a click event (S1103), and when a click event occurs, its contents are determined (S1104).
If the click event is “next”, +10 data is set from the 10th page of the displayed page (S1105). Thereafter, the set amount of data is selected, but if the data is less than 10, only existing data is selected (S1106). Thereafter, the processing returns to S1102.
If the click event is “Previous”, data of −10 is set from the 10th page of the displayed page (S1107). Thereafter, the set amount of data is selected, but if there is no data, the current page data is selected again (S1108). Thereafter, the processing returns to S1102.
[0088]
When the click event is “search list display”, the display content of the display unit of the mobile phone is changed from the keyword list searched in the past from FIG. FIG. 28B shows this state. In the figure, “itoh”, “okada”, and “suzuki” are searched keywords.
The procedure of the search list display process is as shown in FIG. That is, it waits for the occurrence of a click event (S1201), and when it is detected that the first and last name of the alphabet (for example, “itoh”) is clicked, all documents including the clicked first and last name are displayed (S1202, S1203).
[0089]
When the click event is “new keyword”, search processing using a new keyword is performed. At this time, the display content of the display unit is changed to a new keyword input screen as shown in FIG.
In this case, as shown in FIG. 24, the process waits for the occurrence of a click event (S1301), and when a click event occurs, the contents are determined (S1302). If the click event is “new keyword”, new keyword editing is performed (S1301), and the process returns to S1301. If the click event is “SUBMIT”, the keyword is transmitted (S1304), “Formprocessed” is displayed, and the process is terminated (S1305). When a search result is transmitted from the host server 10, the process proceeds to search list display processing as appropriate. The screen of the display unit changes as shown in FIG. 28D. When an alphabet (for example, “pat”) is clicked, all documents including “pat” are displayed as shown in FIG. .
[0090]
= Schedule processing =
Next, the schedule process in step S307 in FIG. 12 will be described.
The schedule process is executed when the user selects “schedule” as shown in FIG. In this process, as shown in FIG. 25, first, the data in the scheduled view is sorted in descending order by date, and 10 items are selected (S1401). Thereafter, the schedule list is displayed in the list display area of the display unit (S1402). FIG. 29B shows an example of the list display area 60. When a certain date is clicked, a time zone set for the date and a brief description are displayed. An area for selecting “previous”, “next”, and “creation” events is formed in the upper part of the display unit.
Waiting for the occurrence of a click event (S1403), if a click event has occurred, its content is determined (S1404).
If the click event is “next”, +10 data is set from the 10th page of the displayed page (S1405). Thereafter, the set amount of data is selected, but when the data is less than 10, only existing data is selected (S1406). Thereafter, the processing returns to S1402.
If the click event is “Previous”, data of −10 is set from the 10th page of the displayed page (S1407). Thereafter, the set amount of data is selected, but if there is no data, the current page data is selected again (S1408). Thereafter, the processing returns to S1402.
Note that the data in the schedule view is only for data after “today's date”. That is, the schedule file 107 is extracted from the schedule file 107 onward and is made a list (View in the DOMINO server) so that it can be viewed on the mobile phone. In this way, it is possible to prevent a situation in which data related to past schedules is recorded on the mobile phone, and the memory of the mobile phone can be effectively used.
Data related to schedules before the date and before the current time may be automatically deleted from the schedule file 107 of the host server 10. In this case, unnecessary data is sequentially deleted from the schedule file 107 (same as that of the local server 20), so that the memory area of the host server 10 (same as the local server 20) can be used effectively and at the same time. There is an advantage that information leakage is surely prevented.
[0091]
When the click event is “new creation”, that is, when “creation” is selected in the display content of FIG. 29C, the process proceeds to a new creation process of a schedule list. FIG. 26 is a procedure diagram of the new creation process. In this process, first, a schedule creation menu is displayed (S1501). In the schedule creation menu, for example, as shown in FIG. 29 (d), a schedule registration, conference call, event, confirmation, and anniversary selection area 61 is formed. The user can arbitrarily select one of these.
Waiting for the occurrence of a click event (S1502), if a click event has occurred, its content is determined (S1503).
When a specific menu is selected from the selection area 61, data input and editing are performed (S1504), and the process returns to S1502. If the click event is “SUBMIT”, the input data is transmitted (S1505), “Formprocessed” is displayed, and the process is terminated (S1506). FIG. 29 (e) is a diagram showing an example of the contents of the data input area 62 when “2. Conference call” is selected. For each date, a simple description is associated with the time. The data input area 62 is scrolled.
The data input in this way is reflected in the schedule file 107 of the host server 10 and further reflected in the local server 20.
[0092]
In addition, as part of the schedule process or as a process separate from the schedule process, the so-called “To Do List” function, that is, the function to manage the work to be performed and the work performed, is executed by the operation from the mobile phone. It can also be configured to. In this case, it can be easily realized by additionally creating an application program in the standard scheduler function of “DOMINO Server R5”.
[0093]
In this way, in the in-house mail system, it is possible to access in-house information managed by the host server 10 from an arbitrary place at an arbitrary time from a mobile phone. As described above, there are various modes of access, as if the access was made from a fixed terminal inside the intranet LN or a client terminal of the local server 20. Since the in-house information of the host server 10 is the same as that of the local server 20 connected via the private line network PN, it is possible to indirectly communicate with the person connected to the network to which the local server 20 belongs. , Groupware can be operated efficiently.
[0094]
In this system, when reception processing, transmission processing, search processing, schedule processing, and the like are executed, information transmitted from the host server 10 to the mobile phone is monitored by the transmission information management unit 32f. Yes. This monitoring is performed, for example, by the transmission information management unit 32f extracting the URL of the page viewed by the user. The transmission information management unit 32f extracts such information, thereby transmitting information that is information about what information has been transmitted from the host server 10 to the mobile phone, that is, what page the user has viewed. Is recorded in the transmission information recording unit 32g. This transmission information is recorded for each mobile phone, and is recorded in the transmission information recording unit 32g while clarifying the corresponding mobile phone.
[0095]
This transmission information can be used as data for charging each mobile phone.
Further, in order to reduce the labor when the user accesses the host server 10, it can be used as follows. That is, the transmission information is used to display the menu screen on the display of the mobile phone. In this case, when there is a request for access and the mobile phone that has requested access is authenticated as a legitimate one, for example, the following processing may be executed. First, of the recorded transmission information, the transmission information for the mobile phone that has requested access is transmitted from the transmission information recording unit 32g and sent to the control unit 32a. Next, the control unit 32 a that has received this generates data for displaying a predetermined image on the display of the mobile phone, and sends the data to the mobile phone via the input / output unit 31. Based on this, a predetermined menu image is displayed on the display of the mobile phone. The displayed menu image has the same form as that of FIG. 29A, but the menu displayed there is different for each mobile phone.
[0096]
<Application Example 2: Application Remote Operation System>
The network system of the present invention can also be applied as a remote operation system of an application instead of or together with an in-house mail system.
The configuration in this case is basically the same as that in the case of the in-house mail system, but the local server 20 has a predetermined application program, for example, a search program for searching for information from an external database that is not a common file, a common file It is equipped with a printing program that automatically prints specific information in it, an automatic control program for in-house office equipment, etc., and a browser that displays an operation image for starting an application program on the web mail screen displayed on the display unit of a mobile phone It differs in that it is formed on the screen or allows dedicated command input.
[0097]
In operation, a person who has a mobile phone accesses the host server 10 by selecting, for example, an operation image on a browser screen. The host server 10 decodes the contents of the command corresponding to this access, notifies the contents of the command to the local server 20, and activates and executes the corresponding application program.
After the application program is executed, the host server 10 acquires information about the execution result from the local server 20 and notifies the mobile phone of the acquired information.
In this way, not only in-house information transfer but also in-house application programs can be remotely activated from the mobile phone from the outside, so that an in-house dedicated network system with high expandability can be easily constructed.
[0098]
In this embodiment, it is assumed that the network constituting the housing is an intranet LN. However, any network may be used as long as it can be protected by a firewall. The housing can be configured even in a normal local network. Further, as a preferred embodiment, it has been described that a mobile phone passes through the firewall 11, but access from a portable wired terminal via the Internet IN, that is, a laptop computer performed via a wired communication network Even access from a PDA or PDA can be configured to pass through the firewall 11 under certain conditions. However, in this case, it is necessary to note that the burden on the firewall 11 increases because access from an unspecified user connected to the Internet IN is permitted.
[0099]
【The invention's effect】
As apparent from the above description, according to the present invention, “spoofing” can be surely prevented, so that it is possible to easily construct an environment for realizing dedicated groupware that ensures security.
[Brief description of the drawings]
FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied.
FIG. 2 is a diagram showing a detailed configuration example of an intranet.
FIG. 3 is a diagram illustrating a configuration example of a router.
FIGS. 4A and 4B are diagrams illustrating contents of a NAT table provided in a router outside the intranet. FIG. 4A illustrates an example of routing data from a public communication network to a firewall, and FIG. The figure which showed the example in the case of routing the data which heads.
FIG. 5 is a functional configuration diagram of a host server using a DOMINO server.
FIG. 6 is an explanatory diagram showing a replication mechanism executed between the host server and the local server.
FIG. 7 is a functional block diagram showing a configuration of an authentication server.
FIG. 8 is an explanatory diagram for explaining data recorded in an information recording unit of the authentication server.
FIGS. 9A and 9B are diagrams showing an example of a hierarchy table used in a large-scale system in which a large number of services may be received by a single user terminal.
FIG. 10 is an explanatory diagram of a procedure for copying a personal address book for about 10 people from an in-house address book.
FIG. 11 is an explanatory diagram of a procedure for copying a personal address book to a mail file.
FIG. 12 is an explanatory diagram of a procedure when an employee accesses a host server.
FIG. 13 is a diagram for explaining the procedure of reception processing.
FIG. 14 is a procedure explanatory diagram for explaining a procedure of an individual number assigning process.
FIG. 15 is a procedure explanatory diagram for explaining the flow of processing executed by the authentication server during authentication.
FIG. 16 is an explanatory diagram of received sentence processing.
FIG. 17 is a diagram for explaining the procedure of deletion processing.
FIG. 18 is an explanatory diagram of a reply process procedure.
FIG. 19 is a diagram for explaining the procedure of transfer processing.
FIG. 20 is a diagram for explaining the procedure of FAX processing.
FIG. 21 is a diagram for explaining the procedure of transmission processing.
FIG. 22 is a diagram for explaining the procedure of search processing.
FIG. 23 is an explanatory diagram of a search list display process.
FIG. 24 is a diagram for explaining the procedure of new keyword processing.
FIG. 25 is a diagram for explaining the procedure of schedule processing.
FIG. 26 is an explanatory diagram of a procedure for newly creating a schedule list.
FIGS. 27A and 27B are diagrams showing examples of display screens on a display unit of a mobile phone, in which FIG. 27A is a login screen, FIG. Is a document display screen, and (f) is a screen during transmission processing.
28A is a main screen showing a state where a search is selected, FIG. 28B is a screen during search processing, FIG. 28C is a new keyword input screen, and FIG. 28D is a search result by a new keyword. (E) is a document display screen after search.
29A is a main screen showing a schedule being selected, FIG. 29B is a screen of a schedule list list display area, FIG. 29C is a schedule creation menu selection screen, and FIG. 29D is a schedule. It is a data input screen for creating a new list.
[Explanation of symbols]
LN Intranet
WN wireless network
MN mobile phone network
DN Public communication network
PN private network
IN Internet
T1 user terminal (mobile phone)
Sa to Se segment
10, 10a-10e Host server
1 Authentication server
31 I / O section
32 processor
32a control unit
32c program transmitter
32d authentication section
32e Information recording part
32f Sending information manager
32f Transmission information recording unit 101 CPU
102 RAM
103 ROM
104 Mail file
105 Employee database
106 Document database
107 Schedule file
108 Communication adapter
11 Firewall
12, 13, 14 routers
14 Switching hub
20, 20a, 20b Local server
30, 40 DNS

Claims (22)

When a user terminal used by a user to which predetermined user identification information is assigned accesses the predetermined information, the terminal identification assigned to the user terminal is authenticated as to whether or not the user terminal is valid. An apparatus that performs information,
User identification information recording means in which an email address addressed to the user terminal is recorded in association with the user identification information;
User identification information for receiving user identification information of a user who uses the user terminal from the user terminal and determining whether the received user identification information is the same as the user identification information recorded in the user identification information recording means A determination means;
When the user identification information with each other is determined to the same, the user generates the terminal identification information of the content can not be known substantially, a terminal information generation means for transmitting the terminal identification information to the said user terminal,
Registering the generated terminal identification information , sending an e-mail indicating that the terminal identification information has been registered to the e-mail address specified by the user identification information, and receiving the e-mail from the user Control means for stopping the use of the terminal identification information until approval of
When the user terminal accesses predetermined information, terminal identification information transmitted from the user terminal in a form that the operator cannot know is received, and the received terminal identification information and the registered terminal identification information , An authentication means for determining whether or not use of the registered terminal identification information is stopped ,
Using the previous SL end end identification information and a permitting means for permitting the access by the user terminal if not stopped,
Authentication device. The terminal identification information is registered in the area information and the set indicating a range of information to which access is permitted by the user terminal indicated by the respective terminal identification information,
The permission means is configured to permit the user terminal to access in the range indicated by the range information.
The authentication device according to claim 1. The range information includes an address of an access destination registered in advance for each user terminal.
The authentication device according to claim 2. The user identification information consists of a set of ID and password assigned to each user.
The authentication device according to claim 1. The range information is a combination of the address and the user identification information.
The authentication device according to claim 2. One set of ID and password is associated with one user identification information, and the one set of ID and password is assigned as a general ID and password when there are a plurality of access destinations.
The authentication device according to claim 1 or 2. Means for collectively stopping or canceling the use of the general ID and password;
The authentication device according to claim 6. Means for holding a program for causing the user terminal to be authenticated to transmit the terminal identification information it has;
Means for transmitting the program to a user terminal that has requested authentication;
The authentication device according to claim 1. The user terminal includes a unit for recording the program, and the terminal identification information is obtained by a function formed by starting the program recorded in the unit for recording a program.
Sent from the user terminal seeking authentication,
The authentication device according to claim 8. The user terminal is a portable wireless terminal;
The authentication device according to any one of claims 1 to 9. Means for accepting approval from the user transmitted in the form of an email from the user ;
Means for detecting an e-mail address of the accepted sender of the approval and checking the e-mail address with an e-mail address addressed to the user terminal ;
As a result of the collation, when the two e-mail addresses match, the process of collectively canceling the use of the general ID and password, or when the two e-mail addresses do not match, the general ID and password are used. Means for executing one of the processes for stopping all the processes at once;
Further comprising
The authentication device according to claim 7 . Means for recording the telephone number of the mobile phone used by each user in association with the user identification information assigned to each user;
Means for accepting approval from the user transmitted in the form of telephone communication from the user ;
Means for detecting a telephone number of the accepted sender of the approval and checking the telephone number with the telephone number recorded in the means for recording the telephone number;
As a result of the collation, when both telephone numbers match, the process of collectively canceling the use of the general ID and password, or when both telephone numbers do not match, the general ID and password are used collectively. And means for executing one of the processes to be stopped.
The authentication device according to claim 7 . The information to be accessed by the user terminal exists in a predetermined network where security is required, and at least a part of the file existing outside the network is maintained in common content. It is the record information of the common file.
It claims 1 to any of the claims wherein the 1 2, the authentication device. A first server that records information accessible by the user terminal, and an authentication device that authenticates whether the user terminal attempting to access the information recorded in the first server is valid The first server is configured to search for corresponding information in response to access from a legitimate user terminal, and send the searched information to the user terminal that is the source of the access,
The authentication device includes a user identification information recording unit in which an e-mail address addressed to the user terminal is recorded in association with predetermined user identification information assigned to a user;
User identification information for receiving user identification information of a user who uses the user terminal from the user terminal and determining whether the received user identification information is the same as the user identification information recorded in the user identification information recording means A determination means;
When the user identification information with each other is determined to the same, the user generates the terminal identification information of the content can not be known substantially, and the terminal identification information generation means for transmitting the terminal identification information to the said user terminal ,
Registering the generated terminal identification information , sending an e-mail indicating that the terminal identification information has been registered to an e-mail address specified by the user identification information, and receiving the e-mail from the user Control means for stopping the use of the terminal identification information until approval of
When the user terminal accesses predetermined information, terminal identification information transmitted from the user terminal in a form unknown to the operator is received, and the received terminal identification information and the registered terminal identification information And authentication means for determining whether or not the use of the registered terminal identification information is stopped,
Permission means for permitting the access by the user terminal when the use of the terminal identification information is not stopped ,
Network system. The first server is connected to a second server existing outside the network in a network by a dedicated line or a virtual dedicated line, and each of the first server and the second server has at least one of the recorded information. parts are intended to hold the common files maintained in a common content together, the authentication apparatus, when accessing the recorded information of the common file in the first server, accepting an the terminal identification information,
Claims 1 to 4, a network system according. Each of the first server and the second server sends the difference data before and after the change to the other server when a change occurs in the recording information of its own common file,
When the difference data is received from the other server, a copy task for copying the difference data to its own common file is automatically executed.
Claims 1 to 4, a network system according. The first server is plural, and the second server is provided corresponding to each of the plural first servers.
Network system according to claim 1 5, wherein. Extracting means for extracting information sent from the first server to the user terminal by the authentication device;
Sending information recording means for recording data about sending information as to what information was sent for each user terminal;
Claims 1 to 4, a network system according. Sending information presenting means for generating data for displaying the sending information about the user terminal on the display of the user terminal based on the data recorded in the sending information recording means; Have
Claims 1 to 4, a network system according. Means for enabling communication in a predetermined network with a first server that records information accessible by a user terminal;
An authentication device that authenticates whether or not a user terminal attempting to access the information through the network is legitimate, and the first server responds to access from the legitimate user terminal. And the searched information is sent to the user terminal that is the source of the access,
The authentication device
User identification information recording means in which an e-mail address addressed to the user terminal is recorded in association with predetermined user identification information assigned to the user;
User identification information determination that receives user identification information of a user who uses the terminal from the user terminal and determines whether the received user identification information is the same as the user identification information recorded in the user identification information recording unit Means,
When the user identification information with each other is determined to the same, the user generates the terminal identification information of the content can not be known substantially, and the terminal identification information generation means for transmitting the terminal identification information to the said user terminal ,
Registering the generated terminal identification information , sending an e-mail indicating that the terminal identification information has been registered to an e-mail address specified by the user identification information, and receiving the e-mail from the user Control means for stopping the use of the terminal identification information until approval of
When the user terminal accesses predetermined information, it accepts terminal identification information transmitted from the user terminal in a form that the operator cannot know, and receives the terminal identification information and the registered terminal identification information; And authentication means for determining whether or not the use of the registered terminal identification information is stopped ,
The use of the terminal identification information and a permitting means for permitting the access by the user terminal if not stopped,
Network system. An authentication device for authenticating whether or not a user terminal attempting to access the information is valid is distributed to a network system in which a first server that records information accessible to the user terminal in a predetermined network exists. And
In the authentication device,
Advance the advance e-mail address of the destined user terminal is recorded in association with the user identification information assigned to a user, it accepts the user identification information of the user who uses the user terminal from the user terminal, the user identification information accepted, When it is determined whether or not the user identification information already registered is the same and the user identification information is determined to be the same, the terminal identification information of the content that the user cannot substantially know is generated,
Send the generated terminal identification information to the user terminal and register it,
Sending an e-mail indicating that the terminal identification information has been registered to the e-mail address specified by the user identification information, and using the terminal identification information until approval is received from the user who has received the e-mail Stop
When the user terminal accesses predetermined information, terminal identification information transmitted from the user terminal in a form unknown to the operator is received, and the received terminal identification information is registered in advance in the own device. In contrast with the terminal identification information , determine whether the use of the registered terminal identification information is stopped ,
Permitting the access by the user terminal when the use of the terminal identification information is not stopped ,
A user terminal authentication method in a network system. There is a first server that records information accessible to a user terminal in a predetermined network, and the first server searches for the corresponding information in response to a request from a legitimate user terminal. A computer program for causing a computer deployed in a network system to be transmitted to the user terminal to execute the following processing.
(1) Processing in which an e-mail address addressed to the user terminal is recorded in association with predetermined user identification information assigned to the user in advance.
(2) the receiving user identification information of the user using at least the user terminal from the user terminal, the user identification information accepted and then it is determined whether either already identical to the user identification information recorded, the user identification When the information is determined to be the same, a process of generating terminal identification information having contents that the user cannot substantially know ,
(3) A process of transmitting and registering the generated terminal identification information to the user terminal,
(4) Sending an e-mail indicating that the terminal identification information has been registered to the e-mail address specified by the user identification information, and identifying the terminal until approval is received from the user who received the e-mail Processing to stop the use of information,
( 5 ) When a user terminal accesses predetermined information, it accepts terminal identification information transmitted from the user terminal in a form unknown to the operator, and accepts the terminal identification information received and the terminal identification already registered Processing for determining whether or not the use of the registered terminal identification information is stopped in comparison with the information ;
( 6 ) A process of permitting the access by the user terminal when the use of the terminal identification information is not stopped .

Images