JP5279439B2 - Service control apparatus, access control system and access control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To appropriately restrict access to a Web site from an access restriction object terminal, and also to permit the access under a prescribed condition. <P>SOLUTION: An access control system includes: an access permission list registering part 17 for performing registration in association with a school ID identifying a school and a class ID for identifying each class; an ID information storage part 71 for performing storage by associating terminal identification information identifying the access restriction object terminal with the school ID of the school and the class ID of the class with the enrollment of a student using the access restriction object terminal; and a service controller 7 for receiving an access request to the Web site from the access restriction object terminal, specifying the corresponding school ID and class ID, based on the terminal identification information of the access restriction object terminal with referring to the ID information storage part, and permitting the access to the Web site when an access request destination Web site is registered in a list which is registered in the access permission list registering part in association with the specified school ID or class ID. <P>COPYRIGHT: (C)2010,JPO&amp;INPIT

Description

  The present invention relates to a filtering server and a service control device for controlling access to a website from a mobile communication terminal such as a mobile phone, and an access control system and an access control method using them.

Conventionally, an access control system is known in which an organization (company or school) has its own filtering gate server and restricts website access destinations from members of the organization (employees and students) (Patent Document 1). reference). In this access control system, the filtering gate server stores a URL list for restricting access to the website according to the school policy, and an access request to the website from the mobile phone of the student of the school is received. If there is, access to the website of the mobile phone is controlled based on the stored URL list.
JP 2006-178894 A

  However, in a conventional access control system, access to a website is regulated by a URL list according to the same policy in an organization such as a school. For example, lessons and research subjects in a specific school year or a specific class If there is a Web site that you want to allow to refer to only temporarily or for a certain period of time in the implementation of the above, the conventional technology has to change the policy of the entire school. It is possible that trouble will occur if students should not show it. In addition, access to a website (for example, a bulletin board site hosted by a school) that does not cause a problem even if a student accesses during the school stay time is restricted.

  The present invention has been made in view of such a point, and a filtering server and a service control device that appropriately restrict access to a Web site of an access restriction target terminal and allow access under a predetermined condition, and these It is an object to provide an access control system and an access control method using the.

In the access control system of the present invention, a website that is permitted to be accessed from an access restriction target terminal used by school students is listed in school units and class units, and a school ID and each class for identifying a school are listed. An access permission list registration unit registered in association with a class ID for identifying the terminal, terminal identification information for identifying the access restriction target terminal, and a school in which a student using the access restriction target terminal is enrolled An ID information storage unit in which a school ID and a class ID of a class in which a student using the access restriction target terminal is associated and stored, and an access request to the website from the access restriction target terminal are received, The corresponding school ID and class I from the terminal identification information of the access restriction target terminal with reference to the ID information storage unit If the website for which access is requested is registered in the list registered in the access permission list registration unit in association with the identified school ID or class ID, access to the website is permitted. And an emergency release button for canceling all registered use restriction information collectively .

According to the access control method of the present invention, a website that is permitted to be accessed from an access restriction target terminal used by school students is listed in school units and class units, and a school ID and each class for identifying a school are listed. An access permission list registered in association with a class ID for identifying the terminal, terminal identification information for identifying the access restriction target terminal, and a school of a school in which a student using the access restriction target terminal is enrolled When an ID and an ID information in which a class ID of a class in which a student using the access restriction target terminal is associated and stored are prepared, and an access request to the website is received from the access restriction target terminal the school ID and class corresponding the terminal identification information of the access restriction target terminal by referring to the ID information storage unit If D is specified, and the website requested to be accessed is registered in the list registered in the access permission list registration unit in association with the identified school ID or class ID, access to the website is performed. When permission is granted and an emergency release request is received, all registered use restriction information is released collectively .

  According to these configurations, when an access request to a website is received from an access restriction target terminal, the corresponding school ID and class ID are identified from the terminal identification information of the access restriction target terminal with reference to the ID information storage unit If the website requested for access is registered in the list registered in the access permission list registration unit in association with the identified school ID or class ID, access to the website is permitted. Access restriction target terminals used by school students are restricted from freely accessing websites other than pre-registered websites. Therefore, for example, since a desired Web site cannot be browsed from the access-restricted terminal of the student during the class, the class is not hindered. In addition, since access to the website is restricted only to the access restriction target terminal, only access to the website of the student who is the access restriction target user is appropriate even in the same school (organization). Can be regulated. In addition, when there is a website that you want to allow temporarily when performing a class or research subject in a specific class, register that website as an access permission list in association with the class ID of the specific class. In this case, it is possible to allow browsing of the website only for students of a specific class, and to prevent browsing of the website of students of classes other than the specific class.

The service control device of the present invention includes terminal identification information for identifying an access restriction target terminal used by a student at a school, a school ID of a school where a student using the access restriction target terminal is enrolled, and the access restriction target includes an ID information storage unit and the class ID of the class students enrolled is stored in association with the use of the terminal, when receiving an access request from the access restriction target terminal to the Web site, the ID information storage The corresponding school ID and class ID are identified from the terminal identification information of the access restriction target terminal with reference to the section, and the filtering server is inquired with the website information requested to access the identified school ID and class ID. If access permission is returned from the filtering server, access to the website is performed. Allow, when receiving an emergency cancellation request, and cancels all the use restriction information registered in collectively.

  According to this configuration, when an access request to the website is received from the access restriction target terminal, the corresponding school ID and class ID are specified from the terminal identification information of the access restriction target terminal with reference to the ID information storage unit. If the website requested for access is registered in the list registered in the access permission list registration unit in association with the identified school ID or class ID, access to the website is permitted. The access restriction target terminals used by the students are restricted from freely accessing other websites than previously registered websites. Therefore, for example, since a desired Web site cannot be browsed from the access-restricted terminal of the student during the class, the class is not hindered. In addition, since access to the website is restricted only for access-restricted terminals, non-access-restricted terminals used by school teachers can access the website even in the same school (organization). There is no restriction, and only the access to the Web site of the student who is the access restriction target terminal user can be appropriately restricted.

  ADVANTAGE OF THE INVENTION According to this invention, the filtering server and service control apparatus which restrict | limit the access to the Web site of an access restriction | limiting object terminal appropriately, and permit access under predetermined conditions, and the access control system and access using these A control method can be provided.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. An access control system including a filtering server and a service control apparatus according to an embodiment of the present invention appropriately restricts access to a website of an access restriction target terminal even in the same organization, and has predetermined conditions. It is a system that allows access below.

(First embodiment)
The access control system can be applied to a business model that restricts the use of mobile communication terminals such as mobile phones of students in school hours at school. As shown in FIG. 1, the access control system 100 includes, for example, a management server 101 that manages use (access) restriction information of a use (access) restriction target terminal, and a student mobile communication terminal that is a use restriction target terminal. 102, an external communication terminal (such as a PC (Personal Computer) or a teacher's mobile phone) 103 for registering the use restriction information of the mobile communication terminal 102, and the use of the mobile communication terminal 102 based on the use restriction information And a service control device 104 and a filtering server 105 that restrict or permit the above. In this access control system 100, for example, the management server 101, the service control device 104, and the filtering server 105 are provided on a communication network, and the external communication terminal 103 is provided in a school. A school teacher accesses the management server 101 using the external communication terminal 103 and registers the usage restriction information of the mobile communication terminal 102 based on an ID (described later) assigned in advance. The management server 101 manages the usage restriction information registered through the external communication terminal 103 in this way. This use restriction information is used in a use restriction service for the mobile communication terminal 102. The service control device 104 and the filtering server 105 restrict or allow the use of the mobile communication terminal 102 on the communication network side based on the use restriction information registered in the management server 101.

  In order to receive the use restriction service using such use restriction information, registration processing of identification information (ID) necessary for providing the use restriction service is required prior to the above-described use restriction information. Here, an example of an ID registration process necessary for providing the use restriction service will be described. FIG. 2 is a sequence diagram of an ID registration process necessary for providing the use restriction service to the access control system 100 according to the present embodiment. In the following description, the mobile phone 102 is used as an example of the mobile communication terminal 102, and the PC 103 provided in the school is used as an example of the external communication terminal 103. Here, the exchange of information between the management server 101 and the PC 103 used by the teacher and between the management server 101 and the mobile phone 102 used by the student is performed via a mobile communication network or the Internet network. However, the present invention is not limited to this, and communication may be performed using a telephone or a letter.

  When registering an ID necessary for providing the use restriction service, first, an application for the use restriction service is performed by accessing the management server 101 (information registration Web page provided by the management server 101) via the PC 103. This application for use restriction service includes at least the name of the school of the use restriction service applicant (use restriction applicant), contact information, and class information subject to use restriction. As shown in FIG. 2, when an application for the use restriction service is made from the PC 103 (step S201), the management server 101 issues an ID (school ID, grade ID, class ID) assigned to the use restriction applicant ( In step S202), the school ID, grade ID, and class ID are notified to the use restriction applicant (step S203). In the management server 101, information on the use restriction applicant is registered in association with these school ID, grade ID, and class ID. In this case, a password required when the use restriction applicant uses the use restriction service is also issued and notified to the use restriction applicant together with the school ID, the grade ID, and the class ID.

  When the school ID, school year ID, and class ID are received from the management server 101, the student using the mobile phone 102 is contacted (step S204). For example, school IDs, grade IDs, and class IDs for such students are communicated by distribution materials for each student. When the student's mobile phone 102 that has received the school ID, grade ID, and class ID requests registration of the telephone number and e-mail address of the mobile phone 102 (step S205), the management server 101 receives the mobile phone. An ID (student ID) assigned to the telephone 102 is issued (step S206). For example, a registration request for a telephone number and an e-mail address from the mobile phone 102 is made by accessing the management server 101 (information registration Web page provided by the management server 101) and using a school ID, grade ID, and class ID. It is done according to the procedure. In this way, the student ID is issued in response to a registration request from the user of the mobile phone 102, so that the user of the mobile phone 102 does not disclose the personal information to the use restriction applicant. The student ID can be acquired. In the management server 101, the telephone number and mail address of the mobile phone 102 are registered in association with this student ID. In this way, an ID necessary for providing the use restriction service is registered in the management server 101. Thereafter, it becomes possible to perform registration processing of usage restriction information of the mobile phone 102 based on the above-described school ID, class ID, and student ID via the PC 103. In the management server 101, such usage restriction is performed. Accept information.

  Then, after registering the ID necessary for providing the use restriction service, the management server 101 issues a subscriber certificate as a document proving that the telephone number and the mail address are properly registered (step S207). ). This subscriber certificate is used when a student asks for permission to bring the mobile phone 102 into the school. The issued subscriber certificate is transmitted to the mobile phone 102 (step S208). The subscriber certificate may be mailed to the student in writing. The student who has received the subscriber certificate is permitted to bring the mobile phone 102 by presenting the subscriber certificate in response to a request from the school.

  Here, the ID issued by the management server 101 will be described. This ID is used to identify the mobile phone 102 serving as a usage restriction target terminal, and is composed of information other than personal information (for example, a telephone number or an email address) regarding the user of the mobile phone 102. Specifically, the ID includes an ID (target terminal identification information) configured by a student ID assigned to each mobile phone 102 serving as a use restriction target terminal, and a school ID / class ID assigned to the use restriction applicant. It is composed of ID (limiter side identification information). As will be described in detail later, the management server 101 accepts registration of use restriction information from a use restriction person (teacher) using an ID composed of information other than such personal information. Therefore, it is possible to manage the use restriction information without using the personal information of the user of the mobile phone 102 as the use restriction target terminal.

  The ID assigned to the use restriction applicant includes a group ID assigned to each group in order to identify a specific group, and is requested to be given to an arbitrary group managed by the use restriction applicant. It is something that can be done. For example, as a group ID assigned to a use restriction applicant, as shown in FIG. 3, a class ID associated with a plurality of student IDs, a school ID associated with a plurality of class IDs, and a school associated with a plurality of school IDs ID corresponds. As will be described in detail later, the use restriction person (teacher) designates the class ID in the use restriction information, so that the student with the student ID associated with the class ID is not designated without specifying the individual use restriction information. It is possible to restrict the use of the mobile phone 102 carried by the user collectively.

  Next, the communication control system 1 that applies the access control system 100 that manages the usage restriction information in this way and provides the usage restriction service to the mobile phone 102 will be described. FIG. 4 is a schematic configuration diagram of the communication control system 1 to which the access control system 100 according to the present embodiment is applied. The communication control system 1 provides communication / call service to the user of the mobile phone 2 corresponding to the mobile phone 102 in the above-described access control system 100. As shown in FIG. A radio base station apparatus (BTS) 3 to be connected, a radio network controller (RNC) 4 wirelessly connected to a plurality of radio base station apparatuses 3, and a radio network controller 4 The subscriber exchange 5 and a service control point (SCP) 7 connected to the subscriber exchange 5 via the relay exchange 6 are mainly configured.

  The communication control system 1 is a communication control system that regulates outgoing and incoming calls of the mobile phone 2 from the communication network side based on use restriction information that restricts the use of the mobile phone 2. In addition to restricting the use of the mobile phone 2 in the band, it is possible to exceptionally permit a student to communicate with the mobile phone 2 and make a call in an emergency. In the following, the school is equipped with a PC 15 corresponding to the PC 103 in the access control system 100 described above, and the teacher uses the PC 15 to classify the class time zone to the student's mobile phone 2 belonging to the class he is in charge of. A case where the use of the mobile phone 2 is restricted will be described as an example. In the present embodiment, for the sake of simplicity, a single service control station 7, a relay exchange 6, and two subscriber exchanges 5 are shown. However, the present invention is limited to this configuration. Rather, the number is arbitrary.

  As shown in FIG. 4, the radio network controller 4 monitors radio channels between the mobile phone 2 and the radio base station device 3 and performs radio control such as allocating radio channels between the mobile phone 2 and the like. We are carrying out. The radio network controller 4 is connected to a voice switch 51 and a packet switch 52, which will be described later, and distributes a call signal transmitted from the mobile phone 2 and a data signal such as an e-mail to distribute the voice switch 51 and the packet. Each is transmitted to the exchange 52.

  The subscriber switch 5 includes a voice switch 51 and a packet switch (LS / SGSN: Serving GPRS Support Node) 52. The subscriber exchange 5 is connected to a visitor location register (VLR) 53. The voice switch 51 relays the call signal received from the radio network controller 4 to the radio base station apparatus 3 to which the destination mobile phone 2 belongs, and from the service control station 7 via the relay voice switch 61 described later. The received call signal is relayed to the wireless network control device 4. The packet switch 52 relays a data signal such as an electronic mail or an HTTP request received from the wireless network control device 4 to the wireless base station device 3 to which the destination mobile phone 2 belongs, and a relay packet switch 62 to be described later. The data signal received from the service control station 7 via the relay is relayed to the radio network controller 4. The VLR 53 stores location registration information of the mobile phone 2 for managing the mobile phone 2 in the area where the subscriber exchange 5 has jurisdiction, and also stores use restriction information indicating use restriction of the mobile phone 2. Database. The subscriber exchange 5 configured as described above downloads usage restriction information from the HLR 71 (described later) together with the location registration information of the mobile phone 2 and stores it in the VLR 53 when, for example, a location registration request from the mobile phone 2 is made. Then, the location registration processing is performed based on the location registration information, and the outgoing / incoming call restriction processing of the mobile phone 2 is performed based on the usage restriction information. The VLR 53 can be provided outside or inside the subscriber switch 5 as long as the subscriber switch 5 can be accessed.

  The relay exchange 6 is connected to a subscriber exchange 5, a gateway exchange 9, a gateway (GW) 10, and a mail server 11, respectively. The gateway exchange 9 is connected to another gateway exchange 13 via a POI (Point Of Interface) 12, and the gateway 10 is connected to the management server 14, the PC 15, the content server 16 and the filtering server 17 via the Internet network. It is connected. The relay switch 6 includes a relay voice switch 61 and a relay packet switch (GS / GGSN: Gateway GPRS Support Node) 62. The relay voice switch 61 relays the call signal received from the voice switch 51 to the service control station 7 and relays the call signal received from the service control station 7 to the voice switch 51. The relay packet switch 62 relays the data signal received from the packet switch 52 to the service control station 7 and relays the data signal received from the service control station 7 to the packet switch 52.

  The mail server 11 provides a mail transmission / reception service to the mobile phone 2 and the PC 15. Although details will be described later, when the mail server 11 receives a mail addressed to the mobile phone 2 that is in the usage restricted state, the mail server 11 temporarily stores the mail, and after the usage restricted state is released, the mail server 11 An e-mail is sent to the mobile phone 2. With this configuration, mail transmission processing is performed after the usage restriction state is canceled, so unnecessary transmission processing (retransmission in the usage restriction state) that can occur when resending accumulated mail within a certain period of time is generated. There is no. The content server 16 provides various web content pages to the mobile phone 2 or the like, and the web content that provides the web content page is stored. For example, when the content server 16 receives an HTTP request from the service control station 7, the content server 16 allows the mobile phone 2 that is the use restriction target terminal to receive an authorized access site (for example, a school ID) to which the mobile phone 2 belongs ( Web page (described later) is provided.

  As described above, the management server 14 provides an information registration Web page for receiving the use restriction service of the mobile phone 2, and stores Web contents constituting the information registration Web page. The teacher who becomes the use restriction person or the student who carries the mobile phone 2 performs the ID registration process (see FIG. 2) described above via this information registration Web page. The management server 14 is connected to the PC 15 via the Internet, and serves as an interface for registering use (access) restriction information for the mobile phone 2 that is a use (access) restriction target terminal for the PC 15. It is functioning. For example, the Web server 14 includes an authentication screen (FIG. 5) for authenticating a use restriction person (teacher), a confirmation / setting screen (FIG. 6) for checking and setting use restriction information, and detailed use restrictions. A detailed setting screen (FIG. 7) for setting information is provided. The configuration of the authentication screen, confirmation / setting screen, and detailed setting screen will be described below.

  When the registration process of the usage restriction information is instructed from the information registration Web page provided by the management server 14, an authentication screen shown in FIG. 5 is displayed on the PC 15. As shown in FIG. 5, the authentication screen is provided with a school ID input field 501, a class ID input field 502, and a password input field 503 issued by the ID registration process performed in advance. An OK button 504 for confirming the contents and a cancel button 505 for interrupting the processing are provided. When the teacher inputs the school ID, class ID, and password on the authentication screen and selects the OK button 504, an authentication request is made to the Web server 14. The Web server 14 authenticates the teacher by collating the school ID, class ID, and password registered in advance with the input information. If it is determined by the authentication process that the user is an appropriate use restriction person, the confirmation / setting screen shown in FIG. On the other hand, when it is determined that the person is not an appropriate use restriction person, the fact is displayed on the PC 15 and the use restriction information registration process is interrupted.

  On the confirmation / setting screen, as shown in FIG. 6, a list screen of usage (access) restriction information corresponding to the school ID and class ID input on the authentication screen is displayed. On the confirmation / setting screen, as shown in FIG. 6, the usage restriction information is displayed in a display mode such as monthly. For example, in “June 4, 2008” shown in FIG. 6, the use of outgoing / incoming calls in the time zone “9:00 to 17:00” in the mobile phone 2 corresponding to the class ID is restricted, and an exception is made. In particular, the use restriction on the mobile phone 2 carried by “A-kun” is lifted. That is, “Mr. A” is permitted to make and receive calls by the mobile phone 2 even in the time zone “9:00 to 17:00”. In the confirmation / setting screen, a repeat setting button 601 for repeatedly setting the currently registered use restriction information and an emergency release button 602 for releasing all currently registered use restriction information are provided. Yes. The repeat button 601 takes into account, for example, that the class hours on weekdays are substantially the same, and the use restriction information can be easily registered by using this. The emergency release button 602 considers, for example, that the usage restriction information is released collectively when an emergency such as a disaster occurs. By using this, the emergency release button 602 can be quickly used in the cellular phone 2 when an emergency occurs. It is possible to allow outgoing and incoming calls. When newly registering usage restriction information, for example, a date to be registered is selected by a pointer or the like. Thereby, the detailed setting screen shown in FIG. 7 is displayed on the PC 15.

  In the detailed setting screen, as shown in FIG. 7, a collective setting column 701 for use (access) restriction information and an individual setting column 702 are provided. The collective setting field 701 is provided with an input field 701a and an end time 701b for the start time of the use (access) time limit, input fields 701c and 701d for access-permitted sites, and a setting button 701e. The teacher inputs “9:00” in the input field 701a, inputs “12:00” in the input field 701b, and selects the setting button 701e, thereby “June 16, 2008” in FIG. As shown, usage restriction information for restricting outgoing / incoming calls (access) in the time zone “9:00 to 17:00” in the mobile phone 2 corresponding to the class ID is registered.

  The access permission site entry fields 701c and 701d include a group ID (school ID, grade ID, and class ID) that identifies a specific group of Web sites that are exceptionally accessible even within the restricted access place and restricted time. ) Can be registered every time. The teacher inputs “www.aa.ed.jp” in the input field 701c, “www.cc.co.jp” in the input field 701d, and selects the setting button 701e. And registered as an access permission site (white list) associated with the class ID. Here, for example, as an access permission site corresponding to the school ID, a school-sponsored bulletin board site used by all the students in the school is used, and as an access permission site corresponding to the class ID, the contact network for each class is used. Websites for creating classes and assignments for a certain period of time. If these access permission sites are registered by changing the use restriction level for each school ID, grade ID, and class ID, the use of the mobile phone 2 can be more flexibly restricted. For example, an access-permitted site corresponding to a school ID is registered as an access destination with the highest use restriction level, while an access-permitted site corresponding to a class ID is registered as an access destination that can be used for a certain period for class and assignment creation. These permission access sites can be effectively used for classes without hindering classes.

  In the individual setting field 702, an individual student information display field 702a in which usage restriction information individually set for a specific student is displayed, and a student selection button 702b for selecting a student to set usage restriction information, Is provided. When the student selection button 702b is selected, a list of student IDs corresponding to the class ID issued by the ID registration process performed in advance is displayed. When a specific student ID is selected from the list of student IDs, an individual student information display field 702a corresponding to the student ID is provided, and a usage time limit can be input. In FIG. 7, the student ID “Mr. B” is selected from the list of student IDs, the corresponding individual student information display field 702a is provided, and the usage restriction on the mobile phone 2 carried by “Mr. B” is released. It shows the case where is set.

  As described above, in the Web server 14 functioning as the management server according to the present embodiment, a use restriction person (teacher) is used by using IDs (school ID, class ID, and student ID) configured by information other than personal information. Therefore, it is possible to manage the usage restriction information without using the personal information of the user of the mobile phone 102 as the usage restriction target terminal. In particular, the ID used for designating the usage restriction information includes a student ID assigned to each mobile phone 2 and a school ID / grade ID / class ID assigned to the use restriction person side. By combining the school ID, grade ID, class ID, and student ID, it is possible to flexibly specify the mobile phone 2 that is the use restriction target terminal. The registered usage restriction information (ID information such as school ID, grade ID, class ID, and student ID, usage restriction location and time limit information) is transferred from the management server 14 to the service control station 7 to provide service. It is registered in the HLR 71 (described later) by the control station 7. When delivering to the service control station 7, the management server 14 also delivers the telephone number and mail address of the mobile phone 2 corresponding to the registered use restriction information. Further, the access permission site information corresponding to the school ID, the grade ID, and the class ID is transferred from the management server 14 to the filtering server 17 and held in the filtering server 17 as an access permission list (described later).

  The PC 15 is installed in a school or the like, and is used, for example, for registering usage restriction information for the mobile phone 2 of a student in the class in charge by a teacher in charge of the class. The usage restriction information is registered from the confirmation / setting screen provided by the management server 14 as described above. For example, as shown in FIG. 8, the usage restriction information 800 registered from the PC 15 includes “ID information (school ID, class ID, student ID)” for identifying the mobile phone 2 subject to usage (access) restriction, “Incoming / outgoing (access) prohibited time information” indicating the use (access) time limit of the telephone 2 (for example, class time zone), “Restricted place information” indicating the use restricted place (for example, school) of the mobile phone 2, “ It is mainly composed of “permitted number information”, “permitted content information” and “access permitted site information”. “Allowable number information” indicates information that allows an outgoing / incoming call exceptionally even during the above-mentioned time limit for use. For example, a student's parent's telephone number (home fixed telephone number and The parent's mobile phone number) and e-mail address, as well as the forwarding phone number and e-mail address (the parent's work phone number and e-mail address) are registered. The “permitted content information” indicates the permitted content (transmission, incoming call, transfer) for the telephone number that is the permitted number. The “access-permitted site information” indicates a Web site (an access destination that is not subject to restriction) that permits access exceptionally even during the access restriction time period, and as described above, the school ID and grade ID. Each class ID can be registered.

  For example, in the usage restriction information 801 shown in FIG. 8, the mobile phone 2 identified by the school ID “001” and the class ID “302”, that is, the student belonging to the class identified by the class ID “302”. Two call-prohibited times “Monday to Friday excluding holidays: 08: 15-12: 0, 13: 00-16: 00” and two permitted access sites “www.aa. ed.jp ”and“ www.cc.co.jp ”are associated with each other. In the usage restriction information 802, the above-described two outgoing / incoming calls (access) are made to the mobile phone 2 owned by the student identified by the school ID “001”, the class ID “302”, and the student ID “A”. Prohibition time, two permission target numbers and permission contents “123@aaa.ne.jp (outgoing / incoming); 090-1234-5678 (incoming)” and two permitted access sites “(www.aa.ed. jp); (www.cc.co.jp) ”. Such use restriction information is registered in the information provided from the management server 14 before the use restriction service of the mobile phone 2 is provided or every time the use restriction information is updated (for example, change of the outgoing / incoming (access) prohibition time). It is registered (updated) via the page for use.

  The service control station 7 provides a communication / call service, a use (access) restriction service for restricting use of the communication / call, and various services contracted by each mobile phone 2 to all mobile phones 2. Is provided. The service control station 7 is connected to a home location register (HLR) 71. The HLR 71 includes user information (telephone number and e-mail address, authentication information, terminal identification information, etc.), contract service information, location registration information (location registration area) of all mobile phones 2 in the area where the service control station 7 has jurisdiction. In addition to storing information necessary for setting the communication path of the location registration area and the mobile phone 2, use (access) restriction information indicating the use (access) restriction service contents of the mobile phone 2 is stored. It is a database. Although details will be described later, the HLR 71 functions as an ID information storage unit that stores ID information such as a school ID and a class ID constituting the access restriction information. The HLR 71 is registered by the management server 14. The HLR 71 can be provided outside or inside the service control station 7 as long as the service control station 7 can access the HLR 71.

  FIG. 9 is a diagram illustrating an example of usage (access) restriction information stored in the HLR 71. This use restriction information is generated based on the use (access) restriction information registered in the management server 14 via the PC 15, and is changed to information for operating an actual use (access) restriction service. ing. More specifically, the usage restriction information 900 shown in FIG. 9 includes location information (for example, a school) for the subscriber number of the mobile phone 2 as outgoing / incoming (access) prohibited time information and restricted place information. Cell information), permission object number and permission content information, and ID (school ID / class ID / student ID) information are registered. The service control station 7 associates the telephone number and mail address of the mobile phone 2 received together with the usage restriction information from the management server 14 with the subscriber number of the mobile phone 2 stored in the HLR 71, and Usage restriction information in which outgoing / incoming (access) prohibition time, restricted place, ID information, and the like are associated with each other is generated. For example, when the usage restriction information 802 (FIG. 8) of the student with the student ID “A” is registered in the management server 14, the subscriber number “999@jjj.ne.jp” of the mobile phone 2 with the student ID “A” is registered. The usage restriction information 901 is generated by adding the above-mentioned usage restriction information 802 such as an ID such as a student ID and a school ID and an access prohibition time to (090-9999-9999) ”.

  The service control station 7 configured as described above identifies the mobile phone 2 that is the HTTP request source when there is an HTTP request (access request) from the mobile phone 2 in the service area, and the access stored in the HLR 71. Based on the restriction information, it is determined whether or not the mobile phone 2 is in an access restricted state (access restricted place and access prohibited time). If the access is restricted, the school ID, grade ID and class ID of the mobile phone 2 are sent to the filtering server 17 together with the HTTP request destination (access destination) information, and whether or not the website can be accessed according to the matching result of the filtering server 17 Judging. In addition, when there is a location registration request for the mobile phone 2 from the subscriber exchange 5 in the service area, the service control station 7 stores the location registration information of the mobile phone 2 stored in the HLR 71 together with the location information of the mobile phone 2. The usage restriction information is transmitted to the subscriber exchange 5. Further, when the usage restriction information stored in the HLR 71 is updated, the service control station 7 transmits the updated usage restriction information to the subscriber switch 5. In addition, the service control station 7 receives a call request from the mobile phone 2 in the area where the service control station 7 receives, or receives a call request to the mobile phone 2 in the area (area check request from the exchange that is the connection source). If there is, the communication restriction processing of the mobile phone 2 is performed based on the use restriction information stored in the HLR 71. In other words, the service control station 7 functions as a service control device that regulates access and outgoing / incoming calls to the Web site of the mobile phone 2 in the service area on the communication network.

  The filtering server 17 holds an access permission list in which the access permission site information sent from the management server 14 is listed in units of school ID, grade ID, and class ID (access permission list registration unit). FIG. 10 is a diagram illustrating an example of an access permission list held by the filtering server 17. The access permission list 1000 shown in FIG. 10 includes school ID-corresponding permission access destination information 1001, grade ID-corresponding permission access destination information 1002, and class ID-corresponding permission access destination information 1003. The permitted access site is linked to the ID and class ID. For example, when the use restriction information 802 (FIG. 8) of the student with the student ID “A” is registered in the management server 14, the permitted access site “www” corresponding to the school ID “001” of the student with the student ID “A” is registered. .Aa.ed.jp "is registered as the school ID corresponding permission access destination information 1001a. Similarly, the permitted access site “www.cc.co.jp” corresponding to the class ID “302” to which the student with the student ID “A” belongs is registered as the class ID corresponding permitted access destination information 1003a. Then, the HTTP request destination (access request destination website) information together with the school ID, grade ID and class ID of the access restriction target terminal is received from the service control station 7 which has received the access request to the website by the access restriction target terminal. When it is received, each received ID and HTTP request destination is compared with the access permission list 1000 and the comparison result is sent to the service control station 7. Specifically, the filtering server 117 first checks whether or not the received school ID and the access request destination are registered in the school ID correspondence permission access destination information 1001, and then the grade ID correspondence permission. It is checked whether or not the received grade ID and access request destination are registered in the access destination information 1002, and finally, the received class ID and access request destination are registered in the class ID corresponding permission access destination information 1003. Check whether or not

  Next, with reference to FIG. 11 to FIG. 14, an access control process to the Web site in the communication control system 1 will be described. FIG. 11 and FIG. 12 are sequence diagrams showing access control processing to a Web site. FIG. 11 shows a case where access is denied, and FIG. 12 shows a case where access is permitted. FIG. 13 is a flowchart showing access control processing to the Web site of the service control station 7, and FIG. 14 is a flowchart showing matching processing of the access-permitted sites of the filtering server 17. Here, a case where the mobile phone 2 having the student ID “A” shown in FIG. 8 requests access to the Web site (“www.cc.co.jp”) will be described as an example. In FIG. 11 and FIG. 12, the radio base station device 3, the radio network control device 4, and the relay switch 6 are omitted for the sake of simplicity.

  As shown in FIGS. 11 and 13, when there is an HTTP request (access request) from the mobile phone 2 (steps S1101 and S1301), the service control station 7 accesses the HLR 71 (step S1102). The service control station 7 reads the identification information (subscriber number) of the access request source mobile phone 2 from the HTTP request information, the access restriction information associated with the subscriber number of the mobile phone 2, and the access restriction information. ID information (school ID, grade ID and class ID) is read out (steps S1103 and S1302), and it is determined whether or not the access request source mobile phone 2 is in an access-restricted state (step S1104). Here, the service control station 7 determines access prohibition time information (“Monday to Friday excluding holidays”: 08:15 from the access restriction information 901 corresponding to the subscriber number (“090-9999-9999”) of the mobile phone 2. −12: 00, 13: 00-16: 00 ”) and restricted place information (“ cell A ”), school ID (“ 001 ”) and class ID (“ 302 ”) are read out, and the mobile phone 2 restricts access. It is determined whether or not it is in a state.

  Specifically, as shown in FIG. 13, the service control station 7 determines whether or not the mobile phone 2 exists in the access restricted location based on the read restricted access location information and the current location information of the mobile phone 2. Is determined (step S1303). If the mobile phone 2 exists in the access restricted place (step S1303: Yes), it is determined whether it is an access prohibited time based on the read access prohibited time information (step S1304). When it is within the access prohibition time (step S1304: Yes), the service control station 7 filters the HTTP request (access request) destination information together with the school ID, grade ID, and class ID of the mobile phone 2 read out at step 1302. (Step S1305).

  11 and 14, when access request destination information is received together with the school ID, grade ID, and class ID of the mobile phone 2 (steps S1105 and S1401), access corresponding to each ID in the access permission list 1000 is received. A verification process with the permitted site is performed (step S1106).

  Specifically, as illustrated in FIG. 14, the filtering server 17 includes the school ID (“001”) of the access request source mobile phone 2 and the school ID (“ 001 ”) and whether or not the access request destination website (“ www.cc.co.jp ”) is registered as the permitted access site of the permitted access destination information 1001 (step S1402). . When the access request destination Web site is not registered as a school ID-compatible permitted access site (step S1402: No), the grade ID of the mobile phone 2 is compared with the grade ID registered in the grade ID-compatible permitted access destination information 1002 Then, it is verified whether or not the access request destination website is registered as the permitted access site of the permitted access destination information 1002 (step S1403). Here, since the filtering server 17 has not received the grade ID of the mobile phone 2 from the service control station 7 (that is, the grade ID is not registered), it becomes a collation NG with the grade ID-corresponding permitted access destination information 1002. The process proceeds to step S1404. Next, when the access request destination Web site is not registered as a grade ID-permitted permitted access site (step S1403: No), the class ID of the mobile phone 2 and the class ID registered in the class ID corresponding permitted access destination information 1003 And whether or not the access request destination Web site is registered as the permitted access site of the permitted access destination information 1003 (step S1404). Here, since the access request destination website (“www.cc.co.jp”) is registered in the permitted access destination information 1003a corresponding to the class ID (“302”), the process proceeds to step S1406. . When the access request destination Web site is not registered as a class ID-corresponding permitted access site (step S1404: No), the filtering server 17 sends a verification NG answer to the service control station 7 (step S1405).

  On the other hand, when the access request destination Web site is registered as a school ID-compatible permitted access site (step S1402: Yes), the access request destination Web site is registered as a school year ID-permitted permitted access site (step S1403). : Yes), or when the access request destination Web site is registered as a class ID-compatible permitted access site (step S1404: Yes), the filtering server 17 sends a verification OK response to the service control station 7 (step S1406). . In step S1303 and step S1304, if the mobile phone 2 is not at the access restriction place and the access restriction time, access to the website is permitted (step S1309).

  As shown in FIG. 11 and FIG. 13, when the collation result is received from the filtering server 17 (steps S1107 and S1306), the service control station 7 determines whether or not access to the access request destination web site of the mobile phone 2 is based on the collation result. Is determined (steps S1108 and S1307). In the case of the verification NG result, that is, when the access request destination Web site is not registered as an access permission site corresponding to the school ID, grade ID and class ID (step S1307: No), the service control station 7 The access request is rejected (step S1308), and an access impossible response is sent (step S1109). On the other hand, in the case of the collation OK result, that is, when the access request destination Web site is registered in any of the access permission sites corresponding to the school ID, grade ID, and class ID (step S1307: Yes), the service control station 7 Permits an access request to the Web site of mobile phone 2 (“www.cc.co.jp”) (step S1309). Then, as shown in FIG. 12, the service control station 7 sends an HTTP request (access request) to the content server 16 of the mobile phone 2 (step S1201), and the mobile phone 2 receives the access request destination Web site (“www. cc.co.jp ") becomes possible (step S1202).

  As described above, in the access control to the Web site according to the present embodiment, the service control station 7 is based on the access restriction information stored in the HLR 71 at the time of the access request from the mobile phone 2 that is the access restriction target terminal. The access request source mobile phone 2 determines whether or not access to the Web site is possible (within the restricted access place and within the prohibited time). Group ID information such as ID and class ID and access request destination information are sent. The filtering server 17 collates with the access-permitted sites in the access-permitted list in the descending order of the group specified by each received ID (that is, in the order of school ID, grade ID, class ID), and compares the collation result with the service control station 7. Send to. The service control station 7 determines whether or not access to the website is possible based on the collation result, and allows access to the website if the access request destination is registered in the access-permitted site. With this configuration, based on the access restriction information stored in the HLR 71 and the access permission list of the filtering server 17, in principle, the mobile phone 2 can be accessed at any place (in school) and time (during class hours). Access to the mobile phone 2 website under exceptional conditions (for example, the access destination is limited to a bulletin board site or a class communication network site hosted by a school). it can. In particular, since the filtering server 17 collates (filters) the access-permitted sites in the descending order of the group specified by the group ID information, when the access request destination corresponds to the large ID of the group, the collating process is efficiently performed. Therefore, it is possible to quickly perform the access permission determination process as a whole.

  Next, with reference to FIG. 15, processing for downloading usage restriction information of the subscriber exchange 5 in the communication control system 1 will be described. FIG. 15 is a sequence diagram showing the usage restriction information download process of the subscriber exchange 5. This usage restriction information download process is performed when a request for location registration of the mobile phone 2 is made to the subscriber exchange 5 or when the service control station 7 receives a change of restricted terminal information (at the time of SO: Service Order). This is processed prior to the transmission control processing of the mobile phone 2. In FIG. 15, the radio base station apparatus 3, the radio network control apparatus 4, and the relay switch 6 are omitted for the sake of simplicity.

  As shown in FIG. 15, when the subscriber exchange 5 receives a location registration request from the mobile phone 2 via the radio base station device 3 and the radio network control device 4 (step S1501), the subscriber exchange 5 communicates with the service control station 7. Authentication processing of the mobile phone 2 that is the location registration request source is performed (step S1502). When the authentication process is completed, the subscriber exchange 5 sends a location registration request to the service control station 7 (step S1503). The service control station 7 extracts the usage restriction information associated with the telephone number of the mobile phone 2 registered in the HLR 71 based on the telephone number of the mobile phone 2 that is the location registration request source (step S1504). The usage restriction information is sent to the subscriber exchange 5 together with the registration information (step S1505). The subscriber exchange 5 stores the use restriction information in the VLR 53 together with the received location registration information (step S1506), and transmits a location registration response to the mobile phone 2 (step S1507).

  When the usage restriction information is changed from the PC 15 (step S1508), the service control station 7 generates (updates) usage restriction information in the HLR 71 based on the changed usage restriction information (step S1509). The subsequent usage restriction information is transmitted to the subscriber exchange 5 (step S1510). The subscriber exchange 5 stores the updated usage restriction information received from the service control station 7 in the VLR 53 (step S1511), and determines whether or not the mobile phone 2 can make a call using the updated usage restriction information. That is, the subscriber switch 5 stores, in the VLR 53, the use restriction information only for the mobile phone 2 in the area where the subscriber exchange 5 has jurisdiction at the time of the location registration request and the like. The outgoing call restriction processing of the mobile phone 2 in the area is performed. That is, the subscriber exchange 5 functions as a regulating device that regulates outgoing calls of the mobile phone 2 on the communication network.

  Next, mail transmission control processing in the communication control system 1 will be described with reference to FIGS. 16 to 18. 16 and 17 are sequence diagrams showing mail transmission control processing. FIG. 16 shows a case where mail transmission is rejected, and FIG. 17 shows a case where mail transmission is permitted. FIG. 18 is a flowchart showing mail transmission control processing of the service control station 7. Here, it is assumed that the mobile phone 2 that is the caller is the mobile phone 2a and the mobile phone 2 that is the callee is the mobile phone 2b. In FIGS. 16 and 17, the relay switch 6 is omitted for the sake of simplicity.

  As shown in FIGS. 16 and 18, when there is a packet transmission request from the mobile phone 2a, the packet switch 52 performs packet transmission processing between the mobile phone 2a and the service control station 7 (step S1601). When there is a mail transmission request from the mobile phone 2a (steps S1602, S1801), the service control station 7 accesses the HLR 71 (step S1603), and based on the subscriber number corresponding to the mail address of the caller mobile phone 2a. Then, the usage restriction information of the mobile phone 2 is read (steps S1604 and S1802), and it is determined whether or not mail can be sent (S1605).

  Specifically, as shown in FIG. 18, the service control station 7 determines whether or not the mobile phone 2a exists in the use restricted location based on the read restricted location information and the current location information of the mobile phone 2a. Judgment is made (step S1803). When the mobile phone 2a exists in the use restricted place (step S1803: Yes), it is determined based on the read outgoing / incoming call prohibition time information whether or not it is within the outgoing call prohibition time (step S1804). If it is the outgoing call prohibition time (step S1804: Yes), it is determined whether or not the destination mail address is a permitted number (step S1805). If the destination e-mail address is the permission target address (step S1805: YES), it is determined whether or not e-mail transmission is included in the permitted content (step S1806). If the outgoing mail is not included in the permitted content (step S1806: No), the service control station 7 rejects the mail transmission of the mobile phone 2a (step S1807). Then, the service control station 7 sends a call failure / impossibility message to the mobile phone 2a (step S1606), and performs packet disconnection processing with the mobile phone 2a (step S1607). If the destination e-mail address is not a permitted address (step S1805: NO), the process proceeds to step S1807, and e-mail transmission is rejected.

  On the other hand, when the mobile phone 2a does not exist within the restricted use place (step S1803: No), when it is outside the call prohibition time (step S1804: No), or when email transmission is included in the permitted content (step) As shown in FIG. 17, the service control station 7 permits mail transmission of the mobile phone 2a (step S1808), and transmits mail to the destination mobile phone 2b (step S1701).

  Next, mail reception control processing in the communication control system 1 will be described with reference to FIGS. 19 and 20 are sequence diagrams showing mail reception control processing. FIG. 19 shows a case where reception of mail is rejected, and FIG. 20 shows a case where reception of mail is permitted. FIG. 21 is a flowchart showing the mail reception control process of the service control station 7. Here, it is assumed that the transmission source mobile phone 2 is a mobile phone 2b and the transmission destination mobile phone 2 is a mobile phone 2a. In FIG. 19 and FIG. 20, the relay switch 6 is omitted for the sake of simplicity.

  As shown in FIGS. 19 and 20, when a mail transmission request is received from the mobile phone 2b (steps S1901 and S2101), the service control station 7 accesses the HLR 71 (step S1902) and sends the mail of the destination mobile phone 2a. Based on the subscriber number corresponding to the address, the usage restriction information of the mobile phone 2 is read (steps S1903, S2102), and it is determined whether mail can be received (S1904).

  Specifically, as shown in FIG. 21, the service control station 7 determines whether or not the mobile phone 2a exists in the use restricted location based on the read restricted location information and the current location information of the mobile phone 2a. Judgment is made (step S2103). When the mobile phone 2a exists in the use restricted place (step S2103: Yes), it is determined whether it is within the incoming call prohibition time based on the read outgoing / incoming call prohibition time information (step S2104). If it is the incoming call prohibition time (step S2104: YES), it is determined whether or not the mail address of the transmission source mobile phone 2b is a permission target number (step S2105). If the mail address of the mobile phone 2b is a permission target address (step S2105: Yes), it is determined whether the incoming mail is included in the permitted content (step S2106). If the incoming mail is not included in the permitted content (step S2106: No), the service control station 7 temporarily stores the mail addressed to the mobile phone 2a in the mail server 11 (S1905, S2107). Next, the service control station 7 determines whether or not the use restriction state of the mobile phone 2a has been released (steps S1906 and S2108). After the use restriction state is released, that is, when the mobile phone 2a has moved to a place other than the use restriction place, or when the incoming call prohibition time has passed (step S2108: Yes), the service control station 7 permits mail transmission ( In step S2109), the once stored mail is transmitted to the mobile phone 2a (step S1907). If the mail address of the transmission source is not the permission target address (step S2105: No), the process proceeds to step S2107 and the mail is temporarily stored.

  On the other hand, when the mobile phone 2a does not exist within the restricted use place (step S2103: No), when it is outside the incoming call prohibition time (step S2104: No), or when incoming mail is included in the permitted content (step) S2106: Yes), the service control station 7 permits mail transmission of the mobile phone 2a (step S2109). Then, as shown in FIG. 20, the service control station 7 transmits a mail to the mobile phone 2a (step S2001).

  Next, a call transmission control process from the mobile phone 2 in the communication control system 1 will be described. FIG. 22 is a sequence diagram showing a process for controlling outgoing calls from the mobile phone 2a. FIG. 22 (a) shows a case where outgoing calls from the mobile phone 2a are rejected, and FIG. The case where the outgoing call is permitted is shown. FIG. 23 is a flowchart showing a call transmission control process of the subscriber exchange 5 that accommodates the mobile phone 2a that is the transmission source. In FIG. 22, the radio base station apparatus 3, the radio network control apparatus 4, and the relay switch 6 are omitted for the sake of simplicity.

  As shown in FIG. 22 and FIG. 23, when a call request is received from the mobile phone 2a via the radio base station apparatus 3 and the radio network control apparatus 4 (step S2201, step S2301), the voice exchange 51 receives the call source mobile phone. The usage restriction information stored in advance in the VLR 53 is read by the subscriber number of the telephone 2a, and the call origination control processing of the mobile phone 2a is performed based on the read usage restriction information (steps S2202 and S2302).

  Specifically, as shown in FIG. 23, the voice exchange 51 determines whether or not the mobile phone 2a exists in the use restricted location based on the read restricted location information and the current location information of the mobile phone 2a. (Step S2303). When the mobile phone 2a exists in the use restricted place (step S2303: Yes), it is determined based on the read outgoing / incoming prohibition time information whether it is within the outgoing call prohibition time (step S2304). If it is the outgoing call prohibition time (step S2304: YES), it is determined whether or not the destination telephone number is a permitted number (step S2305). If the destination telephone number is the number to be permitted (step S2305: Yes), it is determined whether or not transmission is included in the permitted content (step S2306). If the outgoing call is not included in the permitted content (step S2306: NO), the voice exchange 51 rejects the outgoing call from the mobile phone 2a (steps S2203 and S2307). If the destination telephone number is not a permission target number (step S2305: NO), the process proceeds to step S2307 and the outgoing call is rejected.

  On the other hand, when the mobile phone 2a does not exist within the use restricted place (step S2303: No), when it is outside the call prohibition time (step S2304: No), or when the outgoing call is included in the permitted content (step) S2306: Yes), the voice exchange 51 permits the mobile phone 2a to make a call (step S2308). Then, as shown in FIG. 22 (b), the voice switch 51 performs a location check process with the service control station 7 (step S2204), and sends a connection request to the connection destination switch 51 (step S2204). S2205). Then, the mobile phone 2 can make a call.

  Next, an incoming call control process for the mobile phone 2 in the communication control system 1 will be described. FIG. 24 is a sequence diagram showing a call incoming control process for the mobile phone 2a. FIG. 24 (a) shows a case where an incoming call to the mobile phone 2a is rejected, and FIG. 24 (b) shows a mobile phone 2a. This shows a case where an incoming call to is permitted. FIG. 25 is a flowchart showing the incoming call control process of the service control station 7 that accommodates the mobile phone 2a that is the incoming call destination. In FIG. 24, the radio base station device 3, the radio network control device 4, and the relay switch 6 are omitted for the sake of simplicity.

  As shown in FIG. 24 and FIG. 25, upon receiving the location confirmation request from the connection source voice switch 51 (steps S2401, S2501), the service control station 7 receives the subscriber number (“ 090-1111-1111 "), the usage restriction information stored in advance in the HLR 71 is read, and the incoming call control processing of the mobile phone 2a is performed based on the read usage restriction information (steps S2402, S2502).

  Specifically, as shown in FIG. 25, the service control station 7 determines whether or not the mobile phone 2a exists in the use restricted location based on the read restricted location information and the current location information of the mobile phone 2a. Judgment is made (step S2503). If the mobile phone 2a exists in the use restricted place (step S2503: Yes), it is determined based on the read outgoing / incoming call prohibition time information whether it is within the incoming call prohibition time (step S2504). If it is the incoming call prohibition time (step S2504: YES), it is determined whether or not the telephone number of the caller mobile phone 2 is a permitted number (step S2505). When the telephone number of the caller's mobile phone is not the number to be permitted (step S2505: No), the service control station 7 rejects the incoming call to the mobile phone 2a (step S2506) and sends a connection NG response to the voice switch of the connection source. 51 (step S2403).

  On the other hand, when the telephone number of the caller is a permission target number (step S2505: Yes), the service control station 7 determines whether there is an incoming call or forwarding destination setting in the permission content information (step S2507). If there is a transfer destination setting, the transfer is permitted to the set transfer destination telephone number (step S2508). Further, when the mobile phone 2a does not exist at the restricted use place (step S2503: No), when it is outside the call reception prohibition time (step S2504: No), or at step S2507, there is no forwarding destination setting and only the destination is set. If so, the service control station 7 permits the incoming call to the mobile phone 2a (step S2509). Then, as shown in FIG. 24B, when the incoming call is transferred to the transfer destination and when the incoming call is permitted, the service control station 7 sends a location response to the voice exchange 51 of the connection source (step S2404). ), A connection request is sent to the voice switch 51 located in the area (step S2405). Then, the voice exchange 51 sends an incoming call notification to the mobile phone 2a that is the incoming call destination, thereby enabling a call (step S2406). In step S2507, when both the incoming call destination and the forwarding destination are set in the permitted content information, one contact may be given priority.

  As described above, in the mail transmission control according to the present embodiment, the service control station 7 uses the transmission source mobile phone 2 based on the usage restriction information stored in the HLR 71 during the packet transmission processing by the packet switch 52. If the mobile phone 2 is in a usage-restricted state, mail transmission is rejected, and if it is not in a usage-restricted state, mail transmission is permitted. On the other hand, in the mail incoming control, when the service control station 7 receives a mail transmission request from the mobile phone 2 outside the service area, the service control station 7 controls the incoming mobile phone 2 based on the usage restriction information stored in the HLR 71. Whether the incoming mail is acceptable or not is determined, and if the destination mobile phone 2 is in the usage restriction state, the incoming mail is temporarily rejected and the mail is accumulated, and the accumulated incoming mail is allowed after the usage restriction state is released.

  Further, in the call origination control according to the present embodiment, the voice exchange 51 receives the call from the mobile phone 2 that is the caller within the service area based on the use restriction information stored in the VLR 53 when the location registration request or SO is input. If the mobile phone 2 is in the usage-restricted state, the call transmission is rejected. If the mobile phone 2 is not in the usage-restricted state, the call transmission is permitted. On the other hand, in the incoming call control, the service control station 7 determines whether the destination mobile phone is based on the use restriction information stored in the HLR 71 when a location check request is received from the exchange 51 that manages the mobile phone 2 that is the caller. A determination is made as to whether or not the telephone 2 can receive a call, and if the mobile phone 2 is in a restricted use state, a call connection rejection is returned as a presence response, and if not, the call connection is permitted.

  With these configurations, based on the usage restriction information stored in the HLR 71 or VLR 53, the usage of the mobile phone 2 is restricted in principle at any place (in school) and time (during class hours), and exceptional. In addition, the use of the mobile phone 2 can be permitted under predetermined conditions (registration of a guardian's telephone number as an emergency contact address or the like). Therefore, even when the mobile phone 2 is brought into the school, it is possible to directly contact the student's mobile phone 2 for emergency communication such as safety confirmation at the time of a disaster without disturbing the class during the class hours. .

  In particular, in the communication control system 1 of the present embodiment, outgoing / incoming calls in the mobile phone 2 are restricted based on the usage restriction information stored in the HLR 71 or VLR 53 as described above. In the Web server 14), the personal information of the user of the mobile phone 2 is managed without being used, and is stored in the HLR 71 or the VLR 53. That is, in the communication control system 1 according to the present embodiment, the outgoing / incoming call of the mobile phone 2 that is the use restriction target terminal is restricted on the communication network without disclosing the personal information of the user of the mobile phone 2 to the use restrictor. It becomes possible to do.

  Further, in the above embodiment, the case where the voice switch 51 determines whether or not a call can be made has been described. However, the present invention is not limited to this configuration. In this case, the service control station 7 determines whether or not the mobile phone 2 can make a call based on the use restriction information when there is a call request from the mobile phone 2 in the area in which the service control station 7 has jurisdiction. Is a call prohibition time or when the destination terminal is not a terminal that is not subject to use restriction, the call from the mobile phone 2 is rejected, and when the destination terminal is a terminal that is not subject to use restriction, the mobile phone 2 is allowed to originate.

(Second Embodiment)
In the first embodiment, the filtering server 17 holds the access-permitted site information corresponding to the school ID, the grade ID, and the class ID. In the second embodiment, this access-permitted site information is stored in the HLR 71. The service control station 7 determines whether or not the access requesting site is an access-permitted site as well as whether or not it is an access-restricted location and an access-prohibited time of the access-restricted terminal. . In addition, the same code | symbol is attached | subjected about the same structure as the said 1st Embodiment, and the description is abbreviate | omitted.

  FIG. 26 is a diagram illustrating an example of access restriction information stored in the HLR 71 in the communication control system 1 according to the second embodiment. The access restriction information 2600 shown in FIG. 26 is replaced with the ID information (school ID, grade ID and class ID) of the access restriction information shown in FIG. 9, and permitted access destination (permitted access site) information 2601 corresponding to each ID. Is added. That is, the access restriction information includes, for each subscriber number of the mobile phone 2, outgoing / incoming (access) prohibition time information, location information (cell information) as restricted place information, permitted number and permitted content information, and permitted access destination Information is linked. That is, when use restriction information (ID information such as school ID, class ID and student ID, use restriction place and time limit information) is registered in the management server 14, the mobile phone 2 corresponding to the registered use restriction information. The access permission site information corresponding to the school ID, grade ID, and class ID is sent to the service control station 7 and registered in the HLR 71 together with the telephone number and e-mail address. For example, as shown in FIG. 8, when the use restriction information 802 of the student with the student ID “A” is registered in the management server 14, the subscriber number “999 @ jjj. ne.jp (090-9999-9999) ", corresponding to the permitted access site" www.aa.ed.jp "and class ID" 302 "corresponding to the school ID" 001 "to which the student ID" A "belongs. The permitted access site “www.cc.co.jp” is registered, and the usage restriction information 2602 of the student “A” is generated.

  Next, with reference to FIG. 27 to FIG. 29, the access control processing to the Web site in the communication control system 1 will be described. 27 and 28 are sequence diagrams showing access control processing to the Web site. FIG. 27 shows a case where access is denied, and FIG. 28 shows a case where access is permitted. FIG. 29 is a flowchart showing access control processing to the Web site of the service control station 7. Here, a case where the mobile phone 2 having the student ID “A” shown in FIG. 8 requests access to the Web site (“www.cc.co.jp”) will be described as an example. In FIGS. 27 and 28, the radio base station device 3, the radio network control device 4, and the relay switch 6 are omitted for the sake of simplicity.

  As shown in FIGS. 27 and 29, when an HTTP request (access request) is received from the mobile phone 2 (step S2701, step S2901), the service control station 7 accesses the HLR 71 (step S2702). The service control station 7 reads the identification information (subscriber number) of the access request source mobile phone 2 from the HTTP request information, and reads the access restriction information associated with the subscriber number of the mobile phone 2 (step S2703, In step S2902, it is determined whether or not the mobile phone 2 as the access request source can access the website (step S2704). Here, the service control station 7 determines the access prohibition time information (“Monday to Friday excluding holidays”: 08:15 from the access restriction information 2602 corresponding to the subscriber number (“090-9999-9999”) of the mobile phone 2. -12: 00, 13: 00-16: 00 ") and restricted place information (" Cell A "), and the permitted access site (" www ") corresponding to the school ID (" 001 ") and class ID (" 302 ") .Aa.ed.jp "and" www.cc.co.jp ") are read out, and it is determined whether or not the mobile phone 2 is in an access restricted state.

  Specifically, as shown in FIG. 29, the service control station 7 determines whether or not the mobile phone 2 exists in the access restricted location based on the read restricted access location information and the current location information of the mobile phone 2. Is determined (step S2903). When the mobile phone 2 exists in the access restricted place (step S2903: Yes), it is determined based on the read access prohibited time information whether it is within the access prohibited time (step S2904). If it is within the access prohibition time (step S2904: Yes), it is determined whether or not the access destination is permitted, that is, whether or not the HTTP request destination website is registered as a permitted access site (step S2905). When the access request destination Web site is not registered as the permitted access site (step S2905: YES), the service control station 7 rejects the access (step S2906) and sends an access impossible response to the mobile phone 2 (step S2906). S2705).

  On the other hand, when the mobile phone 2 does not exist within the access restricted place (step S2903: No), when it is outside the access prohibition time (step S2904: No), or when the access request destination is the permitted access site (step S2905). : Yes), the service control station 7 permits access to the access request destination Web site (step S2907). Here, since the HTTP request destination Web site (“www.cc.co.jp”) is registered in the usage restriction target information 2602, the service control station 7 permits the access request of the mobile phone 2. Then, as shown in FIG. 28, the service control station 7 sends an HTTP request to the content server 16 of the mobile phone 2 (step S2801), and the mobile phone 2 receives the access request destination Web site (“www.cc.co. jp ") becomes accessible (step S2802).

  As described above, in the access control to the Web site according to the present embodiment, the service control station 7 is based on the access restriction information stored in the HLR 71 at the time of the HTTP request from the access restriction target terminal (mobile phone 2). The mobile phone 2 of the HTTP request source determines whether or not the mobile phone 2 can access the Web site. If the mobile phone 2 is in an access-restricted state, the access to the Web site is denied. Allow access to the site. With this configuration, based on the access restriction information stored in the HLR 71, in principle, access to the website of the mobile phone 2 at an arbitrary place (in school) and time (during school hours) is restricted, and an exception is made. Therefore, it is possible to permit access to the website of the mobile phone 2 under predetermined conditions (for example, the access destination is limited to a bulletin board site or a class network site hosted by a school).

  In addition, this invention is not limited to the said embodiment, It can change and implement variously. For example, the processing unit and the processing procedure can be changed as appropriate without departing from the scope of the present invention. Other modifications can be made without departing from the scope of the present invention.

  In the above embodiment, the case where the communication control system is applied to a school has been described as an example. However, the present invention is not limited to a school, and a company other than a school, a society (region, administrative district), a community, etc. It can be applied to an organization composed of a plurality of groups to which the member belongs.

  The present invention is applicable to a communication control system that appropriately restricts access to a website of an access restriction target terminal and permits access under a predetermined condition.

It is a figure which shows schematic structure of the access control system which concerns on embodiment of this invention. It is a sequence diagram of the registration process of ID required for provision of a use restriction service in the access control system which concerns on this Embodiment. It is a figure for demonstrating the structure of ID managed by the access control system which concerns on this Embodiment. It is a schematic block diagram of the communication control system to which the access control system which concerns on this Embodiment is applied. It is a figure which shows an example of the authentication screen provided from the management server which concerns on this Embodiment. It is a figure which shows an example of the confirmation and setting screen provided from the management server which concerns on this Embodiment. It is a figure which shows an example of the detailed setting screen provided from the management server which concerns on this Embodiment. It is a figure which shows an example of the use restriction information designated from PC of the communication control system which concerns on this Embodiment. It is a figure which shows an example of the use restriction information memorize | stored in HLR of the communication control system which concerns on this Embodiment. It is a figure which shows an example of the access permission list registered into the filtering server in the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the access control process to the Web site in the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the access control process to the Web site in the communication control system which concerns on this Embodiment. It is a flowchart which shows the access control process to the web site of the service control station of the communication control system which concerns on this Embodiment. It is a flowchart which shows the collation process with the access permission list | wrist of the filtering server of the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the download process of the utilization restriction information of the subscriber exchange of the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the mail transmission control process in the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the mail transmission control process in the communication control system which concerns on this Embodiment. It is a flowchart which shows the mail transmission control processing of the service control station of the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the mail incoming call control process in the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the mail incoming call control process in the communication control system which concerns on this Embodiment. It is a flowchart which shows the mail incoming call control process of the service control station of the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the telephone call transmission control process of the mobile telephone of the subscriber exchange of the communication control system which concerns on this Embodiment. It is a flowchart which shows the telephone call transmission control processing of the mobile telephone of the subscriber exchange of the communication control system which concerns on this Embodiment. It is a sequence diagram which shows the telephone call incoming call control process of the mobile telephone of the service control station of the communication control system which concerns on this Embodiment. It is a flowchart which shows the call incoming call control processing of the mobile telephone of the service control station of the communication control system which concerns on this Embodiment. It is a figure which shows an example of the use restriction information memorize | stored in HLR of the communication control system which concerns on 2nd Embodiment. It is a sequence diagram which shows the access control process to the Web site in the communication control system which concerns on 2nd Embodiment. It is a sequence diagram which shows the access control process to the Web site in the communication control system which concerns on 2nd Embodiment. It is a flowchart which shows the access control process to the Web site of the service control station of the communication control system which concerns on 2nd Embodiment.

Explanation of symbols

1 Communication control system (access control system)
2 Mobile phone (mobile communication terminal)
3 Wireless base station device 4 Wireless network control device 5 Subscriber switch 51 Voice switch 52 Packet switch 53 VLR
6 Relay switch 61 Relay voice switch 62 Relay packet switch 7 Service control station (service control device)
71 HLR
9,13 Gateway exchange 10 Gateway 11 Mail server 12 POI
14 management server 15 PC (communication terminal device)
16 Content Server 17 Filtering Server 100 Management System 101 Management Server 102 Mobile Communication Terminal 103 External Communication Terminal

Claims (5)

Web sites that are permitted to be accessed from access-restricted terminals used by school students are listed in school units and class units, a school ID for identifying a school, a class ID for identifying each class, and An access permission list registration unit registered in association with
Terminal identification information for identifying the access restriction target terminal, a school ID of a school in which a student using the access restriction target terminal is enrolled, and a class ID of a class in which a student using the access restriction target terminal is enrolled Is stored in association with the ID information storage unit,
An access request to the website is received from the access restriction target terminal, the corresponding school ID and class ID are identified from the terminal identification information of the access restriction target terminal with reference to the ID information storage unit, and the identified school ID or A service control device that permits access to the website if the requested website is registered in the list registered in the access permission list registration unit in association with the class ID;
An access control system comprising: an emergency release button that collectively releases all registered use restriction information . The ID information storage unit stores restriction location information indicating an access restriction location of the access restriction target terminal and access prohibition time information prohibiting access of the access restriction target terminal,
When the service control apparatus receives an access request to the Web site from the access restriction target terminal, and the use restriction target terminal satisfies the restriction conditions of the restriction place and the access prohibition time, the access permission list registration unit 2. The access control system according to claim 1, wherein a list registered in the Web site is collated with a Web site requested to be accessed. Terminal identification information for identifying a terminal subject to access restriction used by a student at a school, a school ID of a school where a student using the terminal subject to access restriction is enrolled, and a student using the terminal subject to access restriction are enrolled An ID information storage unit in which class IDs of classes are stored in association with each other;
Wherein when receiving an access request from the access restriction target terminal to the Web site, it identifies a school ID and class ID from the corresponding terminal identification information referring to the access restriction target terminal the ID information storage unit, the specific Inquiries to the filtering server by adding the requested website ID to the school ID and class ID, and if access permission is returned from the filtering server, the access to the website is permitted and the emergency release A service control apparatus characterized in that, when a request is received, all registered use restriction information is released collectively . The ID information storage unit stores restriction location information indicating an access restriction location of the access restriction target terminal and access prohibition time information prohibiting access of the access restriction target terminal,
When an access request to the website is received from the access restriction target terminal, an inquiry is made to the filtering server when the use restriction target terminal satisfies the restriction conditions of the restriction place and the access prohibition time. The service control apparatus according to claim 3 . Web sites that are permitted to be accessed from access-restricted terminals used by school students are listed in school units and class units, a school ID for identifying a school, a class ID for identifying each class, and An access permission list registered in association with
Terminal identification information for identifying the access restriction target terminal, a school ID of a school in which a student using the access restriction target terminal is enrolled, and a class ID of a class in which a student using the access restriction target terminal is enrolled And ID information stored in association with each other,
Wherein when receiving an access request from the access restriction target terminal to the Web site, it identifies a school ID and class ID from the corresponding terminal identification information referring to the access restriction target terminal the ID information storage unit, the specific If the website requested to be accessed is registered in the list registered in the access permission list registration unit in association with the school ID or class ID, the access to the website is permitted and an emergency release request is made. An access control method characterized by canceling all registered use restriction information in a lump in a case of accepting .

Images