JP4712196B2 - Authentication apparatus and method, network system, recording medium, and computer program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an authentication technique used when a service such as information provision is performed using, for example, a portable wireless terminal or other user terminal.
[0002]
2. Description of the Related Art PDAs (Personal Digital Assistants) and user terminals such as notebook personal computers that can be connected to the Internet as appropriate using wired / wireless communication means, and mobile phones having an Internet connection function and a mail function have become widespread. It has become common to provide services for individual users from the server side, such as using these user terminals and mobile phones as terminals for Internet mail services, and actively utilizing them for corporate operations. .
[0003]
Such a service is realized on the server side by controlling communication with the user terminal and accompanying access to a specific server.
This type of service using a user terminal or the like is usually provided only to a specific person (a person who has been registered in advance) managed by the service provider. From this point of view, when executing the service as described above, an authentication procedure is required to confirm whether or not the person who requests the service is a person who is under the control of the service provider. Become.
[0004]
Authentication is generally performed using some permission information such as a user name or other user ID or password. In other words, the user ID and password sent by the user from the user terminal are collated with the user ID and password managed by the service provider, and if they match, the user is a legitimate person. It is determined that the user is not a legitimate person, and only a user who is judged to be a legitimate person can enjoy the predetermined service.
[0005]
However, such an authentication method is not without defects. That is, if the user ID and password are stolen by another person, the other person can use it to impersonate a legitimate user.
[0006]
[Problems to be solved by the invention]
An object of the present invention is to provide a new authentication technique that can prevent the above-mentioned “spoofing” problem that could not be prevented even by using a conventional authentication technique.
Another object of the present invention is to provide an application technique of the authentication technique.
[0007]
[Means for Solving the Invention]
The occurrence of “spoofing” is caused by the fact that the authorization information that has been used for authentication can be used regardless of the user terminal as long as it can be obtained. On the other hand, if information that is unique to the user terminal and cannot be tampered is used for authentication, and that the access is made by a legitimate user only when the terminal is used, Most spoofing can be prevented. The present invention has been made based on such knowledge.
[0008]
  The present invention is an apparatus for authenticating whether or not a user terminal trying to access predetermined information is legitimate, and is assigned to each range information indicating a range of information accessible by the user terminal. Information recording means in which authentication information including recorded permission information and identification information that is unique to each user terminal and cannot be falsified by each of the plurality of user terminals to be authenticated is recorded;Means for holding a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know; and the program for the user terminal that has requested authentication. Means for transmitting;If the authentication information of the user terminal is received from the user terminal that has requested authentication and the received authentication information matches any of the authentication information recorded in the information recording means, the user terminal is valid. Authentication means for determining that there is, and permission means for permitting the access by the user terminal when the user terminal that requested the authentication is valid,The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,An authentication device is provided. In this authentication device, authentication is performed using authentication information including authorization information and identification information that depends on the user terminal itself. Therefore, unless both the authorization information theft and the user terminal are stolen, “spoofing” It becomes impossible to do so, and the reliability of authentication can be improved. The range information is, for example, information including an access destination address registered in advance for each user terminal. With this range information, it is possible to know what information the user terminal performs when accessing. As the identification information, for example, an individual number (such as a manufacturing number) recorded at the time of manufacturing can be used in a ROM (Read Only Memory) of each user terminal. Note that “access” in this specification is a concept including various instructions such as a FAX instruction and a print instruction in addition to requesting and obtaining information.
[0009]
As permission information, for example, a set of ID and password can be used. In this case, one set or a plurality of sets of IDs and passwords are associated with one piece of the identification information. One set of ID and password may be associated with one piece of the identification information, and the one set of ID and password may be assigned as a general ID and password when there are a plurality of access destinations. In the latter case, it is preferable to further include means for collectively stopping or canceling the use of the general ID and password.
[0010]
Means for holding a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know; and the program for the user terminal that has requested authentication. The authentication device may be configured to further include a transmission means. In this case, it is preferable that the program disappears after the user terminal that has requested the authentication transmits the identification information. In this way, identification information can be transmitted to the authentication device even from a user terminal that does not give any special function.
[0011]
As such a program, for example, a Java program can be used, and a JVM (Java vertical Machine) or KVM (compact JVM for a portable terminal such as a mobile phone) can be used as an execution environment thereof.
This program may be a program that realizes transmission of identification information to an authentication device by cooperation of the program and predetermined hardware provided in the user terminal. The program and predetermined hardware provided in the user terminal It may be one that realizes transmission of identification information to an authentication device in cooperation with a predetermined program possessed by the user terminal T1.
[0012]
A portable wireless terminal can be used as the user terminal in the present invention. Examples of the mobile wireless terminal include a mobile phone, a PHS (Personal Handyphone System), a PDA (Personal Digital Assistants) using a mobile phone or PHS, or a notebook computer.
[0013]
  The above knowledge can also be applied to network systems. That is, the present invention performs authentication of a first server that records information accessible to a user terminal and whether or not the user terminal attempting to access the information recorded in the first server is valid. The first server searches for the corresponding information in response to an access from a user terminal determined to be valid, and sends the searched information to the user terminal that is the source of the access. The authentication device is configured such that the authorization information assigned for each range information indicating a range of information accessible by the user terminal, and each of the plurality of user terminals to be authenticated cannot be tampered with. Information recording means in which authentication information including identification information unique to each user terminal is recorded;Means for holding a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know; and the program for the user terminal that has requested authentication. Means for transmitting;If the authentication information of the user terminal is received from the user terminal that has requested authentication and the received authentication information matches any of the authentication information recorded in the information recording means, the user terminal is valid. Authentication means for determining that there is, and permission means for permitting the access by the user terminal when the user terminal that requested the authentication is valid,The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And password are associatedIs.
[0014]
A first server in the network outside the network (a server having a common file in which at least a part of the recorded information of the first server is maintained in common with each other); It may be connected by a dedicated line or a virtual dedicated line. In this case, the authentication device is configured to authenticate whether or not the user terminal attempting to access the record information of the first file through the first server is valid.
In the case of a network system in which the first server and the second server are connected, each of these servers, when there is a change in the recording information of its own common file, sends the difference data before and after the change to the other server. When the difference data is received from the other server, a copy task for copying the difference data to its own common file is automatically executed. A configuration in which the second server is provided corresponding to each of the plurality of first servers is also possible according to the present invention.
[0015]
The authentication apparatus provided in the network system of the present invention includes an extraction unit that extracts information transmitted from the first server to the user terminal, and data regarding transmission information indicating what information is transmitted for each user terminal. And sending information recording means for recording the information. Alternatively, the information processing apparatus may further include transmission information presenting means for generating data for displaying the transmission information about the user terminal on the display of the user terminal based on the data recorded in the transmission information recording means. Anyway.
Such an authentication device is convenient for the user because the transmission information about the information once used by the user can be displayed on the user terminal in the state of the headline.
[0016]
  The present invention can also be applied to a network in which the first server can be connected afterwards. In this network system, a first server that records information accessible by a user terminal is connected to a predetermined network.InCommunication possibleConnect toAnd an authentication device for authenticating whether or not a user terminal attempting to access the information through the network is legitimate, and the first server allows access from a legitimate user terminal. The corresponding information is retrieved in response, and the retrieved information is transmitted to the user terminal that is the source of the access via the network. In addition, the authentication apparatus includes permission information assigned for each range information indicating a range of information accessible by the user terminal, and each of the plurality of user terminals to be authenticated cannot be falsified and is unique to each user terminal. Information recording means in which authentication information including identification information is recorded;Means for holding a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know; and the program for the user terminal that has requested authentication. Means for transmitting;The authentication information of the user terminal is received from the user terminal that requested the authentication, and the authentication information that is performed via the network when the received authentication information matches any of the authentication information recorded in the information recording unit Authentication means for determining that the user terminal is valid, and permission means for permitting the access by the user terminal when the user terminal that requested the authentication is valid,The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And password are associatedIs.
[0017]
The former network system and the latter network system to which the first server is connected are groupware for each user company (generally, the term groupware is computer software that supports work performed by a group having a common task or purpose) However, in this patent specification, it means a concept including hardware resources for realizing it.) An environment for realizing can be easily constructed.
The forms of business in companies are diversified, and it is rare for a business to converge by itself. Usually, a plurality of people use a groupware to work together. The groupware, for example, connects a plurality of user terminals (client terminals) operated by employees and a first server that accepts access from the user terminals under a certain condition to an intranet protected by a firewall. And a computer program for forming a user interface function and a security function.
Usually, an Internet provider's WWW (World Wide Web) server is also connected to the intranet, and electronic mail can be delivered from an external terminal via the Internet within the intranet.
If a server that manages the company's in-house information is provided on the company intranet and an environment that allows the above-mentioned various terminals to be connected to this server is established, employees of the company can access the company information from any location at any time. Therefore, it is extremely preferable as a utilization form for business of a company. However, in order to utilize the intranet, there are the following problems.
(1) In the internal information access form premised on the use of the Internet mail service, a WWW server operated by a person who does not have confidentiality obligations intervenes, so it is not known whether sufficient security can be ensured.
(2) In order to ensure security, for example, various terminals for realizing groupware are all connected by a dedicated line, or the intranet of the company head office and the intranet of each branch and the intranet of the head office and each branch Although it is conceivable to connect all of them with dedicated lines, in that case, it is inevitably necessary to lay a large number of dedicated lines, resulting in a dramatic increase in the cost of maintaining the operation, resulting in high costs.
(3) When trying to use an existing Internet mail service for business, for example, the number of characters in a single e-mail depends on the service conditions set by the mobile phone service provider, depending on the service conditions set by the provider. Because there are restrictions on the number of mails that can be stored in the mail server, the format of attached documents, etc., it becomes difficult to send large data, and in the case of mobile phones, the operation method of the mail function differs slightly depending on the model. The groupware has poor operability because it is difficult to provide uniform education and proficiency regarding the operation.
(4) An enterprise staff who has received a notification from a mobile phone manually activates the application program of the notification contents, or a computer prepared in a specific service provider by wired communication stores an application program registered in advance as a digital wired terminal Although it has been conventionally performed to decode and automatically execute the control signal input from the above, it does not use the existing infrastructure by the above service provider etc. The application program prepared in the above is not activated and executed arbitrarily from a mobile phone terminal or the like at present, and there remains a problem in the extensibility of groupware.
Each network system described above solves such a problem.
[0018]
  The present invention also relates to whether or not a user terminal trying to access the information is valid in a network system in which the first server in which information that can be accessed by the user terminal is recorded in a predetermined network exists. An authentication device that performs authentication is arranged, and permission information assigned for each range information indicating a range of information that can be accessed by the user terminal, and each of the plurality of user terminals to be authenticated cannot be tampered with. And authentication information including identification information unique to each user terminal,A program for transmitting the identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know is held, and the program is transmitted to the user terminal that has requested authentication. ,If at least authentication information of the user terminal is received from the user terminal that has requested authentication, and the received authentication information matches any of the recorded authentication information, it is determined that the user terminal is valid. , Characterized in that the access by the user terminal is permitted when the user terminal that requested the authentication is valid,The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,Provided is a user terminal authentication method in a network system.
[0019]
  The present invention also includes a first server that records information accessible to a user terminal in a predetermined network, and the first server searches for the corresponding information in response to a request from a valid user terminal. A computer program for causing a computer deployed in a network system that sends searched information to the user terminal to execute the following processing is provided.
(1)Including the address of the access destination registered in advance for each user terminal,Assigned to each range information indicating the range of information accessible by the user terminal,It consists of a set of ID and password, and one set or multiple sets of ID and password are associated with one piece of the identification information.A process of recording authentication information including permission information and identification information unique to each user terminal that cannot be falsified by each of the plurality of user terminals to be authenticated;
(2)A program for transmitting the identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know is held, and the program is transmitted to the user terminal that has requested authentication. processing,
(3)The authentication information of the user terminal is received from the user terminal that has requested authentication, and when the received authentication information matches any of the recorded authentication information, the user terminal is determined to be valid. processing,
(4)A process of permitting the access by the user terminal when the user terminal that requested the authentication is valid.
[0020]
DETAILED DESCRIPTION OF THE INVENTION
Next, preferred embodiments of the present invention will be described with reference to the drawings.
<Overall configuration>
FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied. The network system according to the present embodiment is a network system that can be constructed afterwards, having a secure intranet LN installed in a management company in which a public communication network DN is laid.
The intranet LN has a plurality of segments Sa to Sn that can be connected to the dedicated line network PN. Segments Sa to Sn are allocated for deploying host servers 10a, 10b,... That are first servers of user companies to be managed.
An authentication server 1, a firewall (FW) 11 and a router 12 are provided in the vicinity of the entrance of the intranet LN, and only specific access from the legitimate user terminal T1 passes through any of the intranet LN. It is guided to the segments Sa to Sn. That is, security against access from outside the intranet LN is maintained.
[0021]
Access from the user terminal T1 to the firewall 11 includes a mobile phone network MN including a wireless network WN, a public communication network DN connected via a router 14 in the mobile phone network MN, and the public communication network DN. It is guided through the router 12 connected through the network.
The mobile phone network MN is managed by a business entity that provides a communication service business using a mobile phone.
Note that the mobile phone referred to here includes not only a narrowly-defined mobile phone (mobile phone radio) but also a PHS.
[0022]
The user terminal T1 is a combination of a user terminal such as a notebook computer or PDA and the above mobile phone. In the case of an intelligent mobile phone (a mobile phone having an information processing mechanism), the mobile phone alone can be a user terminal.
A browser program for forming a browser screen is installed in the user terminal T1. This browser program may be installed in the user terminal T1 from the beginning, and may be transmitted as the “Java applet (Java is a trademark of Sun Microsystems, USA)” from the host server 10 each time. good.
[0023]
The user terminal T1 has identification information that cannot be falsified and is unique to each user terminal. A mobile phone is usually equipped with a ROM or SIM card (or other ID card) that records unique data about the serial number and other individual numbers, and this unique data is written once when the mobile phone is manufactured. It is impossible to rewrite it. In the present embodiment, the individual number based on this unique data is used as the identification information.
The user terminal T1 is also loaded with a program for reading and sending out the identification information described above. For example, a program described in a language other than Java is installed. Further, the user terminal T1 is provided with an environment in which the above identification information can be read from the ROM in the case of a mobile phone by using KVM which is one of Java execution environments. Yes.
The user terminal T1 is also provided with an input unit composed of a numeric keypad and the like, and can input an ID (authentication ID and user ID described later) and a password (authentication password and user password described later). ing.
[0024]
As is well known, the mobile phone network MN is provided with a DNS (Domain Name Server) 30 and the Internet IN is also provided with a global DNS 40. The DNS 30 and the DNS 40 have an address table that describes the correspondence between domain names and IP (Internet Protocol) addresses. By referring to the address tables, the address difference at the time of access can be resolved. It has become.
[0025]
The leased line network PN is a communication network composed of a set of leased lines or virtual leased lines (for example, a line (virtual private network) in which a public line is virtually dedicated between parties using encryption technology and capsule technology). It is.
As the private line network PN, a so-called next-generation communication network (for example, a private line network called “PRISM (registered trademark of Japan Telecom Co., Ltd.)”) is in the field of practical use. Since the access point is prepared, using this can reduce the operation cost.
In the present embodiment, local servers 20a and 20b, which are examples of the second server of a user company located in a remote place, are connected to the dedicated line network PN from the nearest access point, and are handled via this dedicated line network PN. The host servers 10a and 10b are connected in such a way that bidirectional communication is possible.
[0026]
<Intranet configuration>
A detailed configuration example of the intranet LN is shown in FIG.
FIG. 2 shows an example of an intranet LN composed of five segments Sa to Se. Each segment, for example, segment Sa has a plurality of connection ports. One of them is connected to the host server 10a, and the other is connected to the router 13. By connecting a specific line of the private line network PN to the port of the router 13, the user company can use the segment Sa individually.
Note that a switching hub (intelligent communication path switching device) or router may be provided between the segment Sa and the private line network PN, and connected to the private line network PN via this. The same applies to the other segments Sb to Se.
[0027]
In the state where the host servers 10a to 10e are arranged at the connection ports of the segments Sa to Se, and the local servers are connected to the host servers 10a to 10e via the switching hub 14 and the dedicated line network PN, the intranet LN A secure housing is constructed.
That is, since all the host servers 10a to 10e and the corresponding local servers are connected by the private line network PN, there is no room for a third party to intervene, and the segments Sa to Se in which the respective host servers 10a to 10e are deployed are Since each is protected by the firewall 11, it becomes a housing where it is difficult for an unauthorized access person to enter.
Therefore, by allocating the individual segments Sa to Se of such a housing for the user company, it becomes possible for the user company to construct a secure private network environment (or groupware environment) at a low cost. .
[0028]
<Router configuration>
The routers 12, 13, and 14 perform routing (path control) in the third layer (network layer) of the OSI (Open Systems Interconnection) basic reference model. Since they are connected at the network layer, data can be relayed even if the second layer (data link layer) and below of the OSI basic reference model are different. Since it also has a route setting function, it is possible to connect different networks such as the intranet LN and the public communication network DN, and the intranet LN and the private line network PN.
[0029]
FIG. 3 is a diagram illustrating a configuration example of a router. In order to perform bidirectional routing, the router is provided with a reception receiver RR and a reception buffer RB, a transmission driver SD and a transmission buffer SB for the transmission paths R1 and R2, and a routing execution unit U1, NAT. (Network Address Translation) table NT, RIP (Routing Information Protocol) execution unit U2.
The reception receiver RR receives data from the transmission lines R1 and R2. The reception buffer RB stores received data. The transmission driver SD transmits (transfers) data to the transmission paths R1 and R2. The transmission buffer SB stores data to be transmitted (transferred). The routing execution unit U1 processes the received RIP, performs address conversion, and establishes a communication path. The RIP execution unit U2 sends a necessary RIP to the transmission lines R1 and R2. In the NAT table NT, an address used at the time of address conversion, that is, “Destination” indicating a destination address and “Source” indicating a destination address are recorded.
[0030]
FIG. 4 is a diagram showing an example of the contents of the NAT table provided in the router 12 outside the intranet LN. 4A shows an example of a NAT table for routing data from the public communication network DN to the firewall 11, and FIG. 4B shows an example of a NAT table for routing data from the firewall 11 to the public communication network DN. Show.
“2xx.111.22.33” is the IP address of the local server 20 of the user company registered in the domain, “1xx.111.22.33” is the IP address of the host server 10, and “2xx.444.55.6”. Is the IP address of the calling terminal on the Internet, and “1xx.444.55.6” is the IP address of the calling terminal that can be recognized by the intranet LN. By setting the NAT table as shown in FIG. 4, the intranet LN can be accessed with an IP address different from the Internet.
[0031]
In the router 13, the address of the transmitting terminal that accessed through the firewall 11 and the address of the host server to be managed are set in the NAT table. By setting the NAT table in this way, a communication path control unit that selectively establishes a communication path between an access terminal that has passed through the firewall 11 and a segment (a host server arranged therein) is realized. be able to.
When a router is used instead of the switching hub 14, the address is set in the NAT table in the same procedure.
[0032]
<Host server and local server>
Host servers (10a and 10b in FIG. 1; 10a to 10e in FIG. 2; hereinafter, denoted by reference numeral 10 with the suffix omitted if there is no need to identify individual) and local servers (20a and 20b and below in FIG. 1) In the case where it is not necessary to identify individual objects, the suffix is omitted and represented by reference numeral 20).
In principle, one local server 20 corresponds to one host server 10 and is connected via a dedicated line network PN. However, a plurality of local servers 20 may correspond to one host server 10, and each local server 20 is connected to a unique LAN (Local Area Network) to which one or a plurality of client terminals are connected. Also good. In short, it is sufficient that the host server 10 existing in the intranet LN and the local server 20 existing outside the intranet LN have a one-to-one correspondence.
[0033]
The host server 10 has a web mail server function capable of transferring data, a search function, a copy function, and a scheduler function, and further includes a database including a mail file, a schedule file, and the like, which are information to be accessed by the user It is.
The search function is a function for searching for a corresponding file in the database, and the copy function is a function for starting and executing a copy task for copying data corresponding to the database change with the local server 20. The schedule function is a function for managing a schedule file prepared for each registered user company.
The local server 20 is a computer having at least the above copying function and a database.
[0034]
Although not necessarily required, in this embodiment, at least a part of the files in the database of each of the host server 10 and the local server 20 is a common file that is maintained in the same content as that of the other server. Is done.
When the host server 10 and the local server 20 constitute groupware, they are common files that are common contents in the groupware.
For example, the contents of the mail file and schedule file in the local server 20 become the contents of the mail file and schedule file in the host server 10 as they are.
Therefore, accessing the common file of the host server 10 is substantially equivalent to accessing the common file managed by the local server 20.
[0035]
Various forms for maintaining the contents of the common file of the host server 10 and the local server 20 in common can be considered. In this embodiment, this is realized by executing a copy task with each server.
That is, when the local server 20 changes its own common file, the difference data before and after the change is sent to the host server 10, and when the difference data is received from the host server 10, the difference data is shared with itself. Copy to file. The copying task when the common file of the host server 10 is changed is similarly performed.
[0036]
<Configuration of authentication server>
Next, the authentication server 1 will be described. The authentication server 1 corresponds to the authentication device according to the present invention. When there is an access request from the user terminal T1 to the information recorded in the common file of the host server 10, the user terminal T1 is valid. It authenticates whether or not there is, and permits the access by the user terminal T1 when it is valid.
[0037]
The authentication server 1 is realized by a server main body and a computer program recorded on a computer-readable recording medium.
The computer program is normally recorded in a recording device provided in the server main body, and the CPU of the server main body is appropriately read from the recording device and executed. However, a computer program such as a CD-ROM or a DVD-ROM is acceptable. It may be recorded on a portable recording medium. Alternatively, it may be downloaded through a computer network.
FIG. 7 is a functional block diagram formed by the CPU of the server main body reading and executing the above computer program. In the present embodiment, the input / output unit 31 and the processing unit 32 are formed.
The input / output unit 31 performs communication while controlling the data input / output with the user terminal T1 or with the host server 10. More specifically, for example, authentication information is received from a user who operates the user terminal T1, the authentication result is returned to the user terminal T1, and subsequent data entry / exit is controlled, or the authentication result is hosted. Notify the server 10. In the latter case, the subsequent access of the user terminal T1 is also guided to the host server 10.
[0038]
The processing unit 32 performs authentication and processing related to authentication, and can exchange data with the input / output unit 31. In this embodiment, as shown in FIG. 7, the processing unit is provided with functions of a control unit 32a, a program transmission unit 32b, an authentication unit 32c, an identification information recording unit 32d, a transmission information management unit 32e, and a transmission information recording unit 32f. 32.
[0039]
The control unit 32a controls basic operations of the entire apparatus. The program transmission unit 32b, the authentication unit 32c, the information recording unit 32d, the transmission information management unit 32e, and the transmission information recording unit 32f all operate under the control of the control unit 32a.
The control unit 32a also has a part of the function of the permission means in the present invention. When the authentication unit 32c described later authenticates the user terminal T1 that requires authentication as a valid one, the user terminal T1 The access to the recording information of the common file of the server 10 is permitted.
The control unit 32a also has a function of generating data for displaying transmission information for each user terminal T1 on the display of the user terminal based on data to be described later recorded in the transmission information recording unit 32d. Have. In this respect, the control unit 32a also has a function as sending information presenting means.
[0040]
The program transmission unit 32b transmits, for example, a program described in Java to the user terminal when an access request is issued from the user terminal T1. Such transmission is performed via the input / output unit 31 described above.
This program is a program for transmitting the identification information from the user terminal T1 to be authenticated.
[0041]
When the access request from the user terminal T1 arrives at the authentication server 1, the authentication unit 32c determines whether or not the user terminal T1 is appropriate.
Specifically, the authentication unit 32c receives the authentication information input from the user terminal T1 seeking authentication and the authentication information recorded in the information recording unit 32d, received via the input / output unit 31. Judgment is made by looking at the consistency of. For this purpose, the information recording unit 32d records authentication information for all of the plurality of user terminals T1 to be authenticated.
[0042]
An example of the authentication information is shown in FIG. Here, as a simple example, a combination of a user ID (UserID) and a password (PASSWORD), and an authentication URL (for example, a desired host server 10) that is an example of range information that each user terminal T1 is allowed to communicate with. URL) is recorded as an authentication table with an individual number which is an example of identification information of the user terminal T1 and a one-to-one correspondence in principle.
However, when two or more user IDs are assigned to one individual number, different authentication URLs are assigned to each of the user IDs. In the example of FIG. 8, two user IDs are assigned to the individual number 00102, and different authentication URLs are assigned to the respective user IDs.
The user ID and password consist of only numbers, only alphabets, or a combination thereof, and are assigned in advance by the system administrator or determined in advance by each user.
[0043]
In the example of the authentication table shown in FIG. 8, since the authentication URL and the combination of the user ID and the password correspond one-to-one in principle, the user knows now according to the authentication URL to be accessed. Log in with the existing user ID / password. Therefore, since the process at the time of login is simplified, a simple system that only needs to consider the correspondence with one or two host servers 10 (authentication URLs) in one user terminal T1 (individual number). Then, it can be a preferable authentication form.
[0044]
However, when a user accesses a plurality of host servers 10 with one user terminal T1 to receive services, or there are a plurality of service programs in one host server 10 and authentication is required for each of them. Since it is necessary to create a login screen for each host server or each service program and to hold a user ID and password, system maintenance management becomes complicated. In addition, when the user loses the user terminal T1 or is stolen so that the user ID and password cannot be used, all of the host servers recorded in the authentication table, Or since it must be performed about the service program, it becomes complicated.
[0045]
Accordingly, in the case of a large-scale system in which a large number of services may be provided by one user terminal T1, for example, an authentication master table shown in FIG. 9A and an authentication table shown in FIG. 9B (FIG. 8). The authentication data is managed in a hierarchical manner using the same as the above.
The authentication master table is a higher-level table of the authentication table linked by the individual number, and one field is prepared for one individual number. In each field, an authentication ID, an authentication password (authentication PSW), and a stop flag recording area (stop) for the user terminal are formed.
[0046]
The authentication ID is ID information serving as a master ID assigned to only one user terminal T1, and even when a plurality of user IDs are recorded in the authentication table of FIGS. 9B and 8B. It is used to justify authentication by using it. The same applies to the authentication password. The stop flag recording area is an updatable area. When the flag “1” is set, the stop flag recording area is used to stop all use of the authentication table for the user terminal T1.
When the stop is released, the authentication table can be used by deleting the flag “1”.
[0047]
In this way, by using the two tables in a hierarchical manner, even if there are a plurality of host servers 10 and service programs that can be accessed, the user only needs to know the authentication ID and the authentication password. Time work is simplified. Further, it is not necessary to create a login screen for each host server or service program, and even if the user terminal T1 is eliminated, it is sufficient to set “1” in the stop flag recording area. Therefore, the maintenance work of the system is also simplified.
[0048]
The authentication unit 32c compares the identification information received from the user terminal T1 (for example, an individual number automatically transmitted) with the identification information (individual number) recorded in the information recording unit 32d, and from the user terminal T1. The received user ID or authentication ID is compared with the user ID or authentication ID recorded in the information recording unit 32d, and the password received from the user terminal T1 and the password or authentication password recorded in the information recording unit 32d Compare
When the combination of the received identification information, user ID (authentication ID), and password (authentication password) matches the identification information, user ID (authentication ID), and password (authentication password) for a certain user terminal T1. The user terminal T1 that has requested access authenticates that it is valid.
Information representing the validity is sent to the control unit 32a together with the authentication URL information associated with the authentication table.
Receiving this, the control unit 32a guides the access from the user terminal T1 to the corresponding authentication URL. This enables communication between the accessing user terminal T1 and the target host server 10.
[0049]
The transmission information management unit 32e manages data to be recorded in the transmission information recording unit 32f.
The transmission information management unit 32e extracts information transmitted from the host server 10 to the user terminal T1, generates transmission information indicating what information is transmitted, and associates this with each user terminal T1, The information is recorded in the transmission information recording unit 32f. In this respect, the transmission information recording unit 32f has a function as an extraction unit. The transmission information management unit 32e also has a function of reading data recorded in the transmission information recording unit 32f. This read data is sent to the control unit 32a and used to generate data for displaying the transmission information on the display of the user terminal T1 in a visible state. This data is sent to the user terminal T1 via the input / output unit 31.
[0050]
<Operation mode: Information access method>
The operation mode of the network system configured as described above is, for example, as follows.
As described above, since the segments Sa to Se of the intranet LN are allocated for the host servers of the user companies to be managed, they can be used for the user companies on a segment basis.
The form of use provided to the user company may be only the segments Sa to Se (in this case, the user company brings in the host server 10 and the local server 20 corresponding to the host server 10), and has a predetermined function. The segments Sa to Se in which the mounted host server 10 is deployed may be used. The latter is suitable when the user company already has a local server 20 corresponding to the host server 10.
[0051]
When the user company to be managed, the segment, and the host server 10 to be deployed in the intranet LN are determined, the system administrator can specify various conditions (protocols and system-specific data) for allowing the firewall 11 to pass access from the calling terminal. Format, the address of the host server 10, etc.), and the address of the host server 10 is registered in the address table of the router 13 in the intranet LN as the destination and source in the intranet LN. Further, the address of the host server 10 is registered in the connection source of the switching hub 14. Furthermore, each data about the identification information, user ID (or authentication ID), password (or authentication password), and authentication URL for each user terminal T1 is recorded in the information recording unit 32d in the authentication server 1.
[0052]
A member of the user company (usually an employee) operates the user terminal T1 to access information to a desired host server 10 using an IP address (for example, xxx@xxx.co.jp). It will be.
This access is transferred from the wireless network WN to the DNS 30 connected to the mobile phone network MN. The DNS 30 acquires a global IP address (for example, 2xx.111.22.33) for the user company from the global DNS 40 based on the domain name included in the access, and transfers this to the router 12.
[0053]
The router 12 converts the global IP address given by the DNS to the IP address (1xx.111.22.33) of the host server 10 by referring to the NAT table shown in FIG. The global IP address (2xx.444.55.6) of the terminal T1 is converted into an IP address (1xx.444.55.6). Then, the access is transferred to the firewall 11 using the routing function. The firewall 11 determines whether or not this access conforms to a pre-registered condition. If the access conforms, the firewall 11 passes it and forwards it to the authentication server 1.
The authentication server 1 determines whether or not the user terminal T1 that has made the access request is appropriate, and if it is authenticated as appropriate, sends the access to the router 13.
[0054]
The router 13 decodes the contents of the access, determines the corresponding segment and the host server 10, and transfers the access to the host server 10.
The host server 10 retrieves data corresponding to the access request from the common file and returns it to the router 12 via the router 13, the authentication server 1, and the firewall 11.
The router 12 refers to the NAT table shown in FIG. 4B, converts the address of the host server 10 into the IP address of the user terminal T1, and uses the routing function to send the reply data to the public communication network DN and the wireless network. Transfer to user terminal T1 via WN.
[0055]
A copy task is executed between the host server 10 and the local server 20 via the private line network PN, and the identity of the contents of the common file of both is maintained. The information to be processed has the same content as the possession information of the local server 20. Therefore, by using this network system, it is possible to easily realize a low-cost company-dedicated system in which security is ensured.
In particular, since the possession information (mail file, schedule file, etc.) of the local server 20 can be obtained securely from the user terminal T1 whose position is not specified, it is as if the user terminal T1 and the local server 20 were connected by a dedicated line. Since there is no third-party intervention, it is extremely convenient for handling in-house information.
Also, according to this network system, for example, all the information handled by the local server at the corporate head office and the local servers at a plurality of branch offices are made into a common file, which is centrally managed by the host server in the intranet LN. By making this common file accessible from any location at any time from the user terminal T1, it becomes possible to access consistent in-house information with a uniform operation, and preferable operation of groupware in a company. Form is easily realized.
[0056]
<Application example 1: In-house mailing system>
Next, application examples of the network system will be described.
Here, an example in which a specific segment of the intranet LN is assigned to a certain user company and applied to an in-house mailing system that uses the user terminal T1 to access in-house information of the user company will be described.
The “mail” here is a concept including not only a normal electronic mail document but also various list data, edited data, and various documents registered in advance. In addition, it is a web mail that can be attached to a document with no limitation on the number of characters that can be used and the number of stored items.
By using web mail, mail can be delivered with a unified operation independent of the model of the user terminal T1.
[0057]
As the user terminal T1, for example, an “i-mode terminal” provided by NTT DOCOMO, Inc. (NTT DOCOMO), a mobile phone that can be a user terminal having a web mail function has spread. This can be used.
However, the mail server is not an i-mode server for “i-mode terminal”, but uses a web mail server function prepared by the host server 10. As a result, while using the operating environment of the browser function that the “i-mode terminal” has as a standard, restrictions on various uses by the i-mode server, such as restrictions on the types and sizes of data that can be transmitted and received, etc. It can be released. In addition, it is possible to realize a unified operating environment that absorbs differences in models.
[0058]
As the host server 10 and the local server 20, a computer equipped with “DOMINO server (DOMINO (or Domino) is a trademark of the company, the same applies hereinafter)” provided by Lotus Corporation of the United States can be used.
The “DOMINO server” is equipped with functions suitable for carrying out the present invention, such as a communication function, a mail function, a server function (particularly an HTTP server function), a schedule function, and a copy function, as well as existing ones. It is convenient to use this because programming to improve the function is allowed.
Web mail server function suitable for implementing the present invention, for example, editing a menu list dedicated to in-house mail, adding fee information for each document, and automatically transferring a large amount of data according to the memory capacity of the recipient Sending in pieces, displaying the attached document in a limited display area on a mobile phone, or restricting the display when there are many email addresses, This can be easily realized by additionally creating an application program in addition to the standard mail function of the “DOMINO server”.
As a schedule function, a function of constantly monitoring the current time and extracting only the schedule after the current time can be easily realized by additionally creating an application program.
[0059]
FIG. 5 shows a functional configuration diagram of the host server 10 using the “DOMINO server”.
The host server 10 includes a CPU 101, a RAM 102, a ROM 103, a mail file 104 constructed in a fixed storage device such as a hard disk that can be read by the CPU 101, a mail address book, which operates under the management of a predetermined OS (operating system). And an employee database 105 that records personal information of employees, a document database 106 that records HTTP documents, a schedule file 107 that records in-house schedule data, and a communication adapter 108 that controls communication between the router 13 and the like. is doing.
In addition to the DOMINO engine, the replication task, the HTTP task, and the schedule management task that are standard equipment of the DOMINO server, the RAM 102 stores a program for realizing a web mail server function for employees. The ROM 103 stores a control program including BIOS (Basic Input Output System).
The DOMINO engine absorbs differences between platforms and network OSs and provides a unified operating environment, and can realize powerful document management functions including document integration and search.
[0060]
The HTTP task is a task that specifies a data file corresponding to the HTTP transmission request and converts it into an HTML format when an HTTP transmission request is received from a mobile phone. Since the extended URL can be used, the data file corresponding to the HTTP transmission request can be dynamically converted into the HTML format. The local server 20 can also use the DOMINO server described above.
[0061]
The host server 10 and the local server 20 maintain the common file identity by the replication task shown in FIG. That is, based on the configuration of each directory, a replication task is started at regular time intervals and compared with whether the common file of the self is different from the common file of the other party. If there is a difference, the difference data is transferred in both directions and reflected in the contents of the common file.
Duplication is performed on a field basis as shown. It differs from normal "file copy" in that only the changed fields are copied.
[0062]
Next, a usage pattern of the in-house mail system will be described with reference to FIGS.
(Advance preparation)
By operating a client terminal (not shown) on the local server 20 side in advance, a set of user ID and password is set as permission information. In this example, an employee ID is used as the user ID. The set contents are reflected in the employee database 105 of the host server 10.
What is set here is information necessary for authentication and billing when accessing the intranet LN from the mobile phone. Identification data for each group is assigned to the employee ID or password in this example in order to enable charging for each group (department). Since charging when using a mobile phone is made according to the total amount of data (total amount of packet size), it is possible to count this for each identification data. In the employee database 105, a mobile phone address is set in advance.
Further, identification information, user ID, password, and authentication URL information are set in the authentication server 1 in advance.
[0063]
(Create an address book for mobile phones)
The address of about 10 persons is extracted from the in-house address book of the employee database 105 so that it can be sent to a mobile phone at any time. In principle, this is performed at the client terminal.
The procedure in this case is shown in FIGS.
Referring to FIG. 10, first, a list of user addresses in the company address book is displayed on the display device of the client terminal (S101).
It waits for the occurrence of a click event (the displayed event selected by the operator's click operation, the same applies hereinafter) (S102), and if a click event has occurred, its contents are determined (S103).
If the click event is “selection field”, a selection mark is displayed in front of a specific person from the user address list, and the process returns to S103 (S104). In the case of the “copy button”, the data of the person with the selection mark is copied to the personal address book, and the process returns to S101 (S105). In the case of “end button”, end processing is performed (S106). As a result, a personal address book composed of addresses for several people is generated.
[0064]
When extracting an address to be actually used from the personal address book, processing is performed according to the procedure of FIG.
First, the list of user addresses in the personal address book is displayed on the display of the client terminal (S201). Waiting for the occurrence of a click event (S202), if a click event has occurred, the content is determined (S203).
If the click event is “selection field”, a selection mark is displayed in front of a specific person in the user address list, and the process returns to S203 (S204). In the case of the “copy button”, the data with the selection mark is sequentially copied to the mail file, and the process returns to S201 (S205). In the case of “end button”, end processing is performed (S206).
The process of extracting an address from the in-house address book and creating an address book for a mobile phone can also be performed from the mobile phone. However, in this case, it is not directly copied to the personal address book but directly selected from the in-house address book.
[0065]
(Authentication and information access)
Next, an operation procedure when a member of a user company accesses the host server 10 from a mobile phone will be described.
FIG. 12 is an explanatory diagram of the overall procedure of the information access method.
First, the mobile phone makes an access request. Simultaneously with the access request, a URL for the connection request destination is sent from the mobile phone to the authentication server. Next, a login screen is displayed on the display unit of the mobile phone (S301). On the login screen, as shown in FIG. 26A, an input area 51 for a user ID (here, an employee ID) and a password is displayed. When the user ID and password are input, login authentication is performed (S302). If authentication fails, the process returns to S302. If the authentication is successful, that is, if the user is an authorized user, the main screen is displayed (S303: Yes, S304). The main screen is as shown in FIG. 26B, for example, and displays a reception / transmission / search / planned event selection area 52 and a SUBMIT selection area 53.
[0066]
The above-described login authentication will be described in detail with reference to FIG.
FIG. 13 shows a procedure of processing performed by the authentication server 1 during login authentication.
When the login screen is displayed (S301), the authentication server 1 transmits the above-described program for reading the identification information of the mobile phone and transmitting it to the authentication server 1 to the mobile phone ( S3011).
More specifically, information indicating that an access request has been made is sent to the control unit 31a via the input / output unit 31. Receiving this, the control unit 31a sends an instruction to transmit the program to the program transmission unit 32b. Based on this command, the program transmission unit 32b transmits the above-described program to the mobile phone via the input / output unit 31.
In this example, the above-described program is written in Java, for example, and is executed on the KVM of the mobile phone. In any case, the mobile phone operates in an execution environment prepared for the mobile phone. This program activates a program that reads identification information held by the mobile phone from a ROM or the like. The function realization body thus generated sends the identification information read from the ROM or the like to the authentication server 1. This process is automatic.
When the identification information is received in this way (S3012), the authentication server 1 determines whether the identification information matches any of the identification information recorded in the information recording unit 30d (the authentication unit 32c). S3013). If the received identification information does not match any of the recorded identification information (S3013: No), data for displaying information indicating that on the display of the mobile phone is generated, and this is stored in the mobile phone. (S3014).
In this case, the mobile phone is not authenticated as being legitimate, and the access from the mobile phone is not permitted.
In this embodiment, the control unit 32 generates data for displaying an image on the display of the mobile phone.
If the received identification information matches any of the recorded identification information (S3013: Yes), the process proceeds to the next step.
[0067]
Next, the user ID and password input by the user are received from the mobile phone (S3015), and the user ID and password are associated with the above-described identification information among the user ID and password recorded in the information recording unit 30d. It is determined by the authentication unit 32c whether or not they match (S3016).
Note that the reception of the user ID and password from the mobile phone (S3015) is performed independently of the reception of the identification information, and therefore may be executed before step S3011. When the received user ID and password do not match the above-described identification information among the user ID and password recorded in the information recording unit 30d (S3016: No), information indicating that Is generated to be displayed on the mobile phone display, and is sent to the mobile phone in the same manner as described above (S3014).
If the received user ID and password match those associated with the above-described identification information among the user ID and password recorded in the information recording unit 30d (S3016: Yes), the next step is performed. move on.
[0068]
When the identification information, the user ID, and the password are associated with each other and matched with the identification information, the user ID, and the password that are recorded in the information recording unit 30d, the mobile phone that requested the access is authorized. However, in this embodiment, the following processing is performed in order to further increase the authenticity of authentication.
That is, it is determined whether the URL of the connection request destination that has been received first matches the authentication URL recorded in the information recording unit 30d and that associated with the received identification information and user ID. This is performed (S3017). This determination is also performed by the authentication unit 32d. If the received URL does not match the authentication URL recorded in the information recording unit 30d and associated with the received identification information and user ID (S3017: No), the same as the above case Then, the process proceeds to S3014. If they match (S3017: No), the mobile phone is authenticated as a legitimate one and the port is opened (S3018).
[0069]
Next, it waits for the occurrence of a click event (S302), and when a click event occurs, its contents are determined (S303).
If the click event is “reception”, the reception process is performed according to the procedure of FIGS. 14 to 19 (S304). If it is “transmission”, transmission processing is performed in the procedure of FIG. 20 (S305). If it is “search”, the search process is performed according to the procedure of FIGS. 21 to 23 (S306). If it is “scheduled”, schedule processing is performed in the procedure of FIGS. 24 and 25 (S307). When these processes are completed, the process returns to step S302.
Hereinafter, the contents of the reception process, the transmission process, the search process, and the schedule process will be described in detail.
[0070]
= Reception processing =
The reception process in S304 will be described.
In the reception process, as shown in FIG. 14, the reception date of the mobile phone inbox is sorted in descending order, and the data numbers are numbered sequentially from “1” to “+1” (S401). The sorted data is selected 10 items in ascending order, and the first item is set to START (first data number, the same applies hereinafter) (S402). Thereafter, the selected data is displayed in the reception list display area (S403). In the reception list display area, as shown in FIGS. 26 (c) and 26 (d), a subject area 54 and a charge area 55 representing charge information required for receiving the case are displayed as a pair. By displaying the charge information required for reception in this manner, the operator of the mobile phone can be informed of the data size and the cost at that time. The mobile phone operator (that is, the employee) looks at the subject title and the fee amount to determine whether reading the matter is appropriate for the cost, or guesses the time required for reception from the fee amount. To determine whether it should be read now or better to read later. In addition, a large amount of data, such as 20,000 words, is sent automatically while being divided by the mail function, so you can view it halfway and stop viewing the divided mail after that. Forms are also possible.
Selection buttons for “Previous” and “Next” are also displayed below the reception list display area.
Waiting for the occurrence of a click event (S404), if a click event has occurred, its content is determined (S405).
If the click event is “next”, “+9” is set to START (S406), and 10 events are selected from START. When START is less than 10, only existing data is displayed (S407).
If the click event is “Previous”, “−9” is set to START (S408), and 10 events are selected from START. If START is less than 10, START is set to “1” (S409).
If the click event is “document number”, a received text display process is performed (S410).
[0071]
Details of the received sentence processing in S410 are as shown in FIG.
When it is detected that the operator of the mobile phone clicks the desired document number on the display unit (S501), the document with the clicked document number is displayed on the display unit (S502). The display at this time is, for example, as shown in FIG.
When there is an attached document, a notification indicating the presence is displayed on the display unit. This is due to the web mail server function of the host server 10. If the attached document is a table object or bitmap data, it can be displayed as an HTML document in accordance with the size of the display area by clicking on the notation of the attached document.
Also, assuming that there are a large number of document destinations, the destination portion in the frame of the received sentence is not displayed in advance. Thereby, only the text can be displayed on the display unit of the mobile phone. However, since the address information is managed on the host server 10 side, if you want to check the address from the mobile phone, you can indicate it from the browser screen (prepare an icon or command character). Can be displayed.
In the case of received sentence processing, a selection area 56 of “delete”, “reply”, “forward”, and “FAX” is displayed at the top of the display unit.
Waiting for the occurrence of a click event (S503), if a click event has occurred, its contents are determined (S504). The click event includes a “delete” process (S505), a “reply” process (S506), a “transfer” process (S507), and a “FAX” process (S508).
[0072]
The “deletion” process in step S505, that is, the process procedure when “deletion” is selected in the display contents of FIG. 26E is as shown in FIG. The current document is deleted (S601), and “Deleted” indicating deleted is displayed (S602).
[0073]
The procedure of the “reply” process in step S506, that is, the process when “reply” is selected in the display content of FIG. 26E is as shown in FIG.
First, a new reply document is created (S701). Then, the sender of the received document is set as the destination (S702), the characters “Re:” are added to the head of the subject of the received document (S703), and the new document is displayed (S704).
Waiting for the occurrence of a click event (S705), if a click event has occurred, its content is determined (S706). When the click event is “subject”, subject editing processing is performed (S707), when “content” is selected, document content editing processing is performed (S708), and when “new destination” is selected, new destination editing is performed (S709). In the case of “CC new”, a new editing process of CC (carbon copy) destination is performed (S710). After the completion, the process returns to S705.
[0074]
If the click event determined in step S706 is “destination”, the destination editing process is performed (S711). At this time, a list of mobile personal destinations (personal address book) is displayed (S712). Then, the selected destination is set as “TO” (S713). Thereafter, the process returns to S705.
If the click event is “CC”, CC destination editing processing is performed (S714). At this time, a list of mobile personal destinations (personal address book) is displayed (S715). Then, the selected destination is set as “CC” (S716). Thereafter, the process returns to S705. If the click event is “SUBMIT”, the new document is transmitted (S717), “Formprocessed” is displayed, and the reply process is completed (S718).
[0075]
The procedure of the “transfer” process in step S507, that is, the process when “transfer” is selected in the display content of FIG. 26E is as shown in FIG. The processing contents (S801 to S818) are almost the same as those in FIG. 17, except that the characters “FW:” are added to the head of the subject of the received document in S803.
[0076]
The “FAX” process in step S508, that is, the process when “FAX” is selected in the display content of FIG. 26E, is as shown in FIG. First, a new document for FAX is created (S901). Then, the content of the received document is set in the content column (S902), the character “FW:” is added to the head of the subject of the received document (S903), and the new document is displayed (S904).
Waiting for the occurrence of a click event (S905), if a click event has occurred, its content is determined (S906).
When the click event is “subject”, subject editing processing is performed (S907), and when it is “FAX number”, fax number editing processing is performed (S908), and after completion, the processing returns to S905.
If the click event is “transmission”, the new document is transmitted (S909), “Formprocessed” is displayed, and the FAX data transmission process is completed (S910).
The data transmitted in this way is FAX-printed with the FAX number destination. The above-described FAX printing may be realized as one of the functions of the DOMINO engine, and is realized by separately installing an application program for FAX printing on the host server 10 and starting it as needed. Also good.
[0077]
= Transmission processing =
Next, the transmission process in step S305 will be described.
In the transmission process, as shown in FIG. 20, a new document for transmission is created (S1001), and the new document is displayed on the display unit (S1002). The subsequent processing (S1003 to S1016) is the same procedure as steps S707 to S718 of the reply processing shown in FIG. However, the display content of the display unit of the mobile phone changes as shown in FIG.
[0078]
= Search processing =
Next, the search process in step S306 will be described. The search process is executed when the user selects “search” as shown in FIG. In this process, as shown in FIG. 21, first, the data in the search view is sorted in ascending order alphabetically, and 10 items are selected (S1101). Thereafter, the search list is displayed in the list display area (S1102).
It waits for the occurrence of a click event (S1103), and when a click event occurs, its contents are determined (S1104).
If the click event is “next”, +10 data is set from the 10th page of the displayed page (S1105). Thereafter, the set amount of data is selected, but if the data is less than 10, only existing data is selected (S1106). Thereafter, the processing returns to S1102.
If the click event is “Previous”, data of −10 is set from the 10th page of the displayed page (S1107). Thereafter, the set amount of data is selected, but if there is no data, the current page data is selected again (S1108). Thereafter, the processing returns to S1102.
[0079]
When the click event is “search list display”, the display content of the display unit of the mobile phone is changed from the keyword list searched in the past from FIG. FIG. 27B shows this state. In FIG. 27, “itoh”, “okada”, and “suzuki” are searched keywords.
The procedure of this search list display process is as shown in FIG. That is, it waits for the occurrence of a click event (S1201), and when it is detected that an alphabet name (for example, “itoh”) is clicked, all documents including the clicked name are displayed (S1202, S1203).
[0080]
When the click event is “new keyword”, search processing using a new keyword is performed. At this time, the display content of the display unit is changed to a new keyword input screen as shown in FIG.
In this case, as shown in FIG. 23, the process waits for the occurrence of a click event (S1301), and when a click event occurs, the contents are determined (S1302). If the click event is “new keyword”, new keyword editing is performed (S1301), and the process returns to S1301. If the click event is “SUBMIT”, the keyword is transmitted (S1304), “Formprocessed” is displayed, and the process is terminated (S1305). When a search result is transmitted from the host server 10, the process proceeds to search list display processing as appropriate. The screen of the display unit changes as shown in FIG. 27 (d). When an alphabet (for example, “pat”) is clicked, all documents including “pat” are displayed as shown in FIG. 27 (e). .
[0081]
= Schedule processing =
Next, the schedule process in step S307 will be described. The schedule process is executed when the user selects “schedule” as shown in FIG. In this processing, as shown in FIG. 24, first, the data in the scheduled view is sorted in descending order by date, and 10 items are selected (S1401). Thereafter, the schedule list is displayed in the list display area of the display unit (S1402). FIG. 28B shows an example of the list display area 60. When a certain date is clicked, a time zone set for the date and a brief description are displayed. An area for selecting “previous”, “next”, and “creation” events is formed in the upper part of the display unit.
Waiting for the occurrence of a click event (S1403), if a click event has occurred, its content is determined (S1404).
If the click event is “next”, +10 data is set from the 10th page of the displayed page (S1405). Thereafter, the set amount of data is selected, but when the data is less than 10, only existing data is selected (S1406). Thereafter, the processing returns to S1402.
If the click event is “Previous”, data of −10 is set from the 10th page of the displayed page (S1407). Thereafter, the set amount of data is selected, but if there is no data, the current page data is selected again (S1408). Thereafter, the processing returns to S1402.
Note that the data in the schedule view is only for data after “today's date”. In other words, the schedule file 107 is extracted from the schedule file 107 on and after that date, and is made a list (View in the DOMINO server) so that it can be viewed on the mobile phone. In this way, it is possible to prevent a situation in which data related to past schedules is recorded on the mobile phone, and it is possible to effectively use the memory of the mobile phone.
Data regarding schedules before the current date and before the current time may be automatically deleted from the schedule file 107 of the host server 10. In this case, unnecessary data is sequentially deleted from the schedule file 107 (same as that of the local server 20), so that the memory area of the host server 10 (same as the local server 20) can be used effectively and at the same time. There is an advantage that information leakage is surely prevented.
[0082]
When the click event is “new creation”, that is, when “creation” is selected in the display contents of FIG. 28C, the process proceeds to a new creation process of a schedule list. FIG. 25 is a procedure diagram of the new creation process. In this process, first, a schedule creation menu is displayed (S1501). In the schedule creation menu, for example, as shown in FIG. 28D, a schedule registration, conference call, event, confirmation, and anniversary selection area 61 is formed. The user can arbitrarily select one of these.
Waiting for the occurrence of a click event (S1502), if a click event has occurred, its content is determined (S1503).
When a specific menu is selected from the selection area 61, data input and editing are performed (S1504), and the process returns to S1502. If the click event is “SUBMIT”, the input data is transmitted (S1505), “Formprocessed” is displayed, and the process is terminated (S1506). FIG. 28 (e) is a diagram showing an example of the contents of the data input area 62 when “2. Conference call” is selected. For each date, a simple description is associated with the time. The data input area 62 is scrolled.
The data input in this way is reflected in the schedule file 107 of the host server 10 and further reflected in the local server 20.
[0083]
In addition, as part of the schedule process or as a process separate from the schedule process, the so-called “To Do List” function, that is, the function to manage the work to be performed and the work performed, is executed by the operation from the mobile phone. It can also be configured to. In this case, it can be easily realized by additionally creating an application program in the standard scheduler function of “DOMINO Server R5”.
[0084]
In this way, in the in-house mail system, it is possible to access in-house information managed by the host server 10 from an arbitrary place at an arbitrary time from a mobile phone. As described above, there are various modes of access, as if the access was made from a fixed terminal inside the intranet LN or a client terminal of the local server 20. Since the in-house information of the host server 10 is the same as that of the local server 20 connected via the private line network PN, it is possible to indirectly communicate with the person connected to the network to which the local server 20 belongs. , Groupware can be operated efficiently.
[0085]
In this system, when reception processing, transmission processing, search processing, schedule processing, etc. are executed, the information transmitted from the host server 10 to the mobile phone is monitored by the transmission information management unit 32e. Yes. This monitoring is performed, for example, by the transmission information management unit 32e extracting the URL of the page viewed by the user. The transmission information management unit 32e extracts such information, thereby transmitting information that is information about what information is transmitted from the host server 10 to the mobile phone, that is, what page the user has viewed. Is recorded in the transmission information recording unit 32f. This transmission information is recorded for each mobile phone, and is recorded in the transmission information recording unit 32f while clarifying the corresponding mobile phone.
[0086]
This transmission information can be used as data for charging each mobile phone.
Moreover, in order to reduce the labor when a user accesses the host server 10, it can utilize also as follows.
That is, the transmission information is used to display the menu screen on the display of the mobile phone. In this case, when there is a request for access and the mobile phone that has requested access is authenticated as a legitimate one, for example, the following processing may be executed. First, of the recorded transmission information, the transmission information for the mobile phone that has made an access request is read from the transmission information recording unit 32f by the transmission information management unit 32e and sent to the control unit 32a. Next, the control unit 32 a that has received this generates data for displaying a predetermined image on the display of the mobile phone, and sends the data to the mobile phone via the input / output unit 31. Based on this, a predetermined menu image is displayed on the display of the mobile phone. The displayed menu image has the same form as that of FIG. 28A, but the menu displayed there is different for each mobile phone.
[0087]
<Application Example 2: Application Remote Operation System>
The network system of the present invention can also be applied as a remote operation system of an application instead of or together with an in-house mail system.
[0088]
The configuration in this case is basically the same as that in the case of the in-house mail system, but the local server 20 has a predetermined application program, for example, a search program for searching for information from an external database that is not a common file, a common file It is equipped with a printing program that automatically prints specific information in it, an automatic control program for in-house office equipment, etc., and a browser that displays an operation image for starting an application program on the web mail screen displayed on the display unit of a mobile phone It differs in that it is formed on the screen or allows dedicated command input.
[0089]
In operation, a person who has a mobile phone accesses the host server 10 by selecting, for example, an operation image on a browser screen. The host server 10 decodes the contents of the command corresponding to this access, notifies the contents of the command to the local server 20, and activates and executes the corresponding application program.
After the application program is executed, the host server 10 acquires information about the execution result from the local server 20 and notifies the mobile phone of the acquired information.
In this way, not only in-house information transfer but also in-house application programs can be remotely activated from the mobile phone from the outside, so that an in-house dedicated network system with high expandability can be easily constructed.
[0090]
In this embodiment, it is assumed that the network constituting the housing is an intranet LN. However, any network may be used as long as it can be protected by a firewall. The housing can be configured even in a normal local network.
Further, as a preferred embodiment, it has been described that a mobile phone passes through the firewall 11, but access from a portable wired terminal via the Internet IN, that is, a laptop computer performed via a wired communication network Even access from a PDA or PDA can be configured to pass through the firewall 11 under certain conditions. However, in this case, it is necessary to note that the burden on the firewall 11 increases because access from an unspecified user connected to the Internet IN is permitted.
[0091]
【The invention's effect】
As apparent from the above description, according to the present invention, “spoofing” can be surely prevented, so that it is possible to easily construct an environment for realizing dedicated groupware that ensures security.
[Brief description of the drawings]
FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied.
FIG. 2 is a diagram showing a detailed configuration example of an intranet.
FIG. 3 is a diagram illustrating a configuration example of a router.
4A and 4B are explanatory diagrams of contents of a NAT table provided in a router outside the intranet, in which FIG. 4A is an example in the case of routing data from the public communication network to the firewall, and FIG. 4B is a diagram from the firewall to the public communication network. The figure which showed the example in the case of routing the data which heads.
FIG. 5 is a functional configuration diagram of a host server using a DOMINO server.
FIG. 6 is an explanatory diagram showing a replication mechanism executed between the host server and the local server.
FIG. 7 is a functional block diagram showing a configuration of an authentication server.
FIG. 8 is an explanatory diagram for explaining data recorded in an information recording unit of the authentication server.
FIG. 9 is an explanatory diagram of a procedure for copying a personal address book for about 10 people from an in-house address book.
FIG. 10 is an explanatory diagram of a procedure for copying a personal address book to a mail file.
FIG. 11 is an explanatory diagram of procedures when an employee accesses a host server.
FIG. 12 is a diagram illustrating an overall procedure of an information access method.
FIG. 13 is a procedure explanatory diagram for explaining the flow of processing executed by the authentication server during authentication.
FIG. 14 is a diagram for explaining the procedure of reception processing.
FIG. 15 is an explanatory diagram of received sentence processing.
FIG. 16 is a diagram for explaining the procedure of deletion processing.
FIG. 17 is an explanatory diagram of a reply process procedure;
FIG. 18 is an explanatory diagram of a transfer processing procedure.
FIG. 19 is an explanatory diagram of a FAX processing procedure.
FIG. 20 is a diagram for explaining the procedure of transmission processing.
FIG. 21 is a diagram for explaining the procedure of search processing.
FIG. 22 is an explanatory diagram of a search list display process.
FIG. 23 is a diagram for explaining the procedure of new keyword processing.
FIG. 24 is a diagram for explaining the procedure of schedule processing.
FIG. 25 is an explanatory diagram of a procedure for newly creating a schedule list.
FIG. 26 is a diagram showing an example of a display screen on the display unit of the mobile phone, where (a) is a login screen, (b) is a main screen, (c) and (d) are screens during reception processing, and (e) Is a document display screen, and (f) is a screen during transmission processing.
27A is a main screen showing a state where a search is selected, FIG. 27B is a screen during search processing, FIG. 27C is a new keyword input screen, and FIG. 27D is a search result by a new keyword. (E) is a document display screen after search.
28A is a main screen showing a schedule being selected, FIG. 28B is a screen of a schedule list list display area, FIG. 28C is a schedule creation menu selection screen, and FIG. 28D is a schedule. It is a data input screen for creating a new list.
[Explanation of symbols]
LN Intranet
WN wireless network
MN mobile phone network
DN Public communication network
PN private network
IN Internet
T1 user terminal (mobile phone)
Sa to Se segment
10, 10a-10e Host server
1 Authentication server
31 I / O section
32 processor
32a control unit
32b Program transmitter
32c authentication unit
32d information recording unit
32e Send Information Management Department
32e Transmission information recording part
101 CPU
102 RAM
103 ROM
104 Mail file
105 Employee database
106 Document database
107 Schedule file
108 Communication adapter
11 Firewall
12, 13, 14 routers
14 Switching hub
20, 20a, 20b Local server
30, 40 DNS

Claims (17)

An apparatus for authenticating whether or not a user terminal attempting to access predetermined information is valid,
Authentication including permission information assigned for each range information indicating the range of information accessible to the user terminal, and identification information unique to each user terminal that cannot be tampered with by each of the plurality of user terminals to be authenticated Information recording means on which information is recorded;
Means for holding a program for transmitting the identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know;
Means for transmitting the program to a user terminal that has requested authentication;
If the authentication information of the user terminal is received from the user terminal that requested the authentication, and the received authentication information matches any of the authentication information recorded in the information recording means, the user terminal is valid. An authentication means for determining that there is,
And a permission means for permitting the access by the user terminal when the user terminal for which the authentication is requested is legitimate,
The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,
Authentication device. One set of ID and password is associated with one piece of the identification information, and the one set of ID and password is assigned as a general ID and password when there are a plurality of access destinations.
Claim 1 Symbol placement of the authentication device. Means for collectively stopping or canceling the use of the general ID and password;
The authentication device according to claim 2 . The program disappears after the user terminal that has requested the authentication transmits the identification information.
The authentication device according to claim 1 . The user terminal is a portable wireless terminal;
The authentication device according to any one of claims 1 to 4 . The identification information is an individual number given at the time of manufacturing the user terminal.
The authentication device according to any one of claims 1 to 4 . The information to be accessed by the user terminal exists in a predetermined network where security is required, and at least a part of the file existing outside the network is maintained in common content. It is the record information of the common file.
The authentication device according to any one of claims 1 to 6 . A first server that records information accessible by the user terminal, and an authentication device that authenticates whether the user terminal attempting to access the information recorded in the first server is valid ,
The first server is configured to search for corresponding information in response to an access from a user terminal determined to be valid, and send the searched information to a user terminal that is a source of the access,
The authentication device includes permission information assigned for each range information indicating a range of information accessible to the user terminal, and identification that is not tamperable and unique to each user terminal of each of the plurality of user terminals to be authenticated. An information recording means in which authentication information including information is recorded, and a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know. Holding means; means for transmitting the program to a user terminal that has requested authentication; and information for authenticating the user terminal from the user terminal that has requested authentication, and the received authentication information is stored in the information recording means. An authentication unit that determines that the user terminal is valid when it matches any of the recorded authentication information, and the user terminal that requested the authentication And a permission unit which permits the access by the user terminal if legitimate,
The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,
Network system. The first server is connected to a second server existing outside the network in a network by a dedicated line or a virtual dedicated line, and each of the first server and the second server has at least one of the recorded information. And the authentication device determines whether or not the user terminal that attempts to access the record information of the common file of the first server is legitimate. Authenticate
The network system according to claim 8 . Each of the first server and the second server sends the difference data before and after the change to the other server and receives the difference data from the other server when the recorded information of the common file changes. Is configured to automatically execute a copy task that copies the difference data to its own common file.
The network system according to claim 9 . A plurality of the first servers, and the second server is provided corresponding to each of the plurality of first servers;
The network system according to claim 9 . Extracting means for extracting information sent from the first server to the user terminal, and sending information recording means for recording data on sending information indicating what information was sent for each user terminal; , Further comprising
The network system according to claim 8 . Sending information presenting means for generating data for displaying the sending information about the user terminal on the display of the user terminal based on the data recorded in the sending information recording means; In addition,
The network system according to claim 8 . Means for connecting the first server, which records information accessible by the user terminal, to a predetermined network in a communicable manner, and authenticating whether the user terminal trying to access the information through the network is legitimate An authentication device to perform,
The first server is configured to search for corresponding information in response to an access from a legitimate user terminal, and send the searched information to the user terminal that is the source of the access via the network. And
The authentication device includes permission information assigned for each range information indicating a range of information accessible to the user terminal, and identification that is not tamperable and unique to each user terminal of each of the plurality of user terminals to be authenticated. Information recording means in which authentication information including information is recorded;
Means for holding a program for transmitting the identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know;
Means for transmitting the program to a user terminal that has requested authentication;
The authentication information of the user terminal is received from the user terminal that requested the authentication, and the authentication information that is performed via the network when the received authentication information matches any of the authentication information recorded in the information recording unit Authentication means for determining that the user terminal is valid;
And a permission means for permitting the access by the user terminal when the user terminal that has requested the authentication is valid,
The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,
Network system. Means for connecting the first server and a second server existing outside the network by a dedicated line or a virtual dedicated line, and recording information of at least a part of a file held by the first server and the second server; And a means for creating a common file maintained in common contents, wherein the authentication device authenticates whether or not a user terminal attempting to access the record information of the common file is valid Configured as
The network system according to claim 14 . An authentication apparatus for authenticating whether or not a user terminal attempting to access the information is valid in a network system in which a first server in which information accessible to the user terminal is recorded in a predetermined network exists Arrange
In the authentication device, permission information assigned for each range information indicating a range of information accessible to the user terminal, and identification that is not tampering and unique to each user terminal of each of the plurality of user terminals to be authenticated Record authentication information including information,
A program for transmitting the identification information to the user terminal to be authenticated in a form that the operator of the user terminal cannot know is held, and the program is transmitted to the user terminal that has requested authentication. ,
At least authentication information of the user terminal is received from the user terminal that has requested authentication, and when the received authentication information matches any of the recorded authentication information, the user terminal is determined to be valid. ,
Allowing the access by the user terminal when the user terminal seeking the authentication is valid ,
The range information includes an address of an access destination registered in advance for each user terminal, the permission information is a set of ID and password, and one set or a plurality of sets of IDs for one piece of the identification information And a password,
A user terminal authentication method in a network system. There is a first server that records information accessible to a user terminal in a predetermined network, and the first server searches for the corresponding information in response to a request from a legitimate user terminal. A computer program for causing a computer deployed in a network system to be transmitted to the user terminal to execute the following processing.
(1) It includes an access destination address registered in advance for each user terminal, is assigned for each range information indicating the range of information accessible by the user terminal, and consists of a set of ID and password, and one of the above identifications Authentication information including permission information in which one or more IDs and passwords are associated with information, and identification information unique to each user terminal that cannot be tampered with by each of the plurality of user terminals to be authenticated A process for recording information, and (2) a user who holds a program for transmitting the identification information to a user terminal to be authenticated in a form that the operator of the user terminal cannot know and requests authentication. Processing for transmitting the program to the terminal, (3) Accepting authentication information of the user terminal from the user terminal that requested authentication, and accepting authentication A process for determining that the user terminal is valid when the information matches any of the recorded authentication information; (4) if the user terminal that requested the authentication is valid Processing for permitting the access by the user terminal.

Images