JP5465646B2 - Access control system and access control method - Google Patents

Description

  The present invention relates to an access control system and an access control method.

  In recent years, there is a case in which a trust relationship called “circle of trust” is established between Web servers connected to an IP (Internet Protocol) network. When “Circle of Trust” is connected, for example, user authentication information is exchanged between Web servers, and SSO (Single Sign On) can be realized. Such “Circle of Trust” is conventionally connected in advance. For example, the “Circle of Trust” is connected by exchanging a certificate or the like in advance between the first business entity and the second business entity.

  Note that there is a concept of “OpenID” that does not require a trust relationship in advance. Even when the user accesses the website for the first time, the user can log in to the website simply by inputting “OpenID”. However, it is assumed that the website corresponds to “OpenID”.

JP 2004-355073 A

  However, such a trust relationship does not necessarily have to be established between Web servers, and does not necessarily have to be established in advance. That is, the trust relationship may be established between, for example, a Web server and an HGW (Home Gate Way). Also, for example, a temporary trust relationship may be tied to On Demand, such as only during use of a Web service. However, with the conventional technology for exchanging certificates and the like in advance, a temporary trust relationship cannot be established on demand.

  The present invention has been made in view of the above, and an object thereof is to provide an access control system and an access control method capable of establishing a temporary trust relationship on demand.

  In order to solve the above-described problems and achieve the object, the access control system includes a session cooperation server, a Web server, and a communication control device. The session cooperation server includes an obtaining unit and an issuing unit. When communication is established among a plurality of users, the acquisition means acquires communication information for identifying the communication. When the issuing unit acquires the communication information, the issuing unit issues linkage information for linking a Web session among a plurality of terminals used by a plurality of users indicated by the communication information, and the issued linkage information is used as the linkage information. Is transmitted to the Web server in a format in which the validity of the server can be verified. The Web server includes a verification unit, an access unit, and a cooperation unit. Upon receiving the cooperation information, the verification unit verifies the validity of the cooperation information. The access unit accesses a communication control apparatus that controls communication between the terminal and the Web server together with the cooperation information whose validity is verified. The cooperation unit cooperates the Web session between the plurality of terminals based on the cooperation information whose validity is verified, and reflects the access result in the Web session. The communication control device includes access control means. The access control means accepts the access on condition that the access from the Web server is performed together with the cooperation information.

  In order to solve the above-described problems and achieve the object, an access control method includes the following steps in a session cooperation server, a Web server, and a communication control device. The session cooperation server includes an acquisition process and an issue process. In the acquisition step, when communication is established among a plurality of users, communication information for identifying the communication is acquired. In the issuing step, when the communication information is acquired, the link information for linking the Web session between a plurality of terminals used by a plurality of users indicated by the communication information is issued, and the issued link information is converted into the link information. Is transmitted to the Web server in a format in which the validity of the server can be verified. The Web server includes a verification process, an access process, and a cooperation process. In the verification step, when the cooperation information is received, the validity of the cooperation information is verified. In the access step, the communication control device that controls communication between the terminal and the Web server is accessed together with the cooperation information whose validity is verified. In the cooperation step, a web session is linked between the plurality of terminals based on the linkage information whose validity is verified, and the access result is reflected in the web session. The communication control device includes an access control process. The access control step accepts the access on condition that the access from the Web server is performed together with the cooperation information.

  According to the present invention, it is possible to establish a temporary trust relationship on demand.

FIG. 1 is a diagram for explaining the outline of the access control system according to the first embodiment. FIG. 2 is a sequence diagram illustrating a processing procedure performed by the access control system according to the first embodiment. FIG. 3 is a block diagram illustrating the configuration of the HGW according to the first embodiment. FIG. 4 is a block diagram illustrating the configuration of the SIP phone according to the first embodiment. FIG. 5 is a block diagram illustrating the configuration of the information display terminal according to the first embodiment. FIG. 6 is a block diagram illustrating the configuration of the session cooperation server according to the first embodiment. FIG. 7 is a diagram for explaining the control session information management table. FIG. 8 is a diagram for explaining the between-arrival and arrival association ID management table. FIG. 9 is a block diagram illustrating the configuration of the Web server according to the first embodiment. FIG. 10 is a sequence diagram illustrating a processing procedure performed by the access control system according to the second embodiment. FIG. 11 is a block diagram illustrating the configuration of the session cooperation server according to the third embodiment. FIG. 12 is a sequence diagram illustrating a processing procedure performed by the access control system according to the third embodiment.

  Embodiments of an access control system and an access control method according to the present invention will be described below. In addition, this invention is not limited by the following examples.

[Outline of Access Control System According to Embodiment 1]
An overview of the access control system according to the first embodiment will be described. First, the access control system according to the first embodiment is premised on a system in which web sessions are coordinated between users who are in a call. That is, if the user is on a call, the user can link the browsing of the Web page with the call partner. For example, during a call, when one user transitions a web page that the user browses to a link destination, the web page that the other user browses automatically transitions to the linked web page.

  The access control system according to the first embodiment is based on the fact that the system is in a call on the premise of such a system, and is also referred to as an HGW (communication control device) of the network to which the user belongs. ) To establish a temporary trust relationship on demand. As a result of the temporary trust relationship being established between the Web server and the HGW, access from the Web server to the HGW is temporarily allowed. Then, for example, the Web server acquires information stored in the HGW, and provides a user with a Web page using the acquired information.

  Give an example of service image. For example, one user is a call center of company A, and the other user is a customer who purchased a PC (Personal Computer) of company A. For example, when a company A's PC complies with a standard such as DLNA (Digital Living Network Alliance), and the PC is connected to the customer's network, the customer's HGW receives information about the company A's PC (model number, Spec) etc. are stored automatically. Then, it is assumed that a problem occurs during the operation of the PC, so that the customer calls the call center. During the call, a temporary trust relationship is established on demand between the Web server operated by the call center and the customer HGW. Then, the Web server operated by the call center accesses the HGW and acquires information (model number, specification, etc.) related to the PC. Then, the Web server selects an instruction manual that matches the PC based on the acquired information, for example, so that browsing of the Web page of the selected instruction manual is linked between the call center and the customer. Control the web session. The service image is merely an example, and how the service is provided as a result of the access and how the Web session is linked can be arbitrarily changed.

  FIG. 1 is a diagram for explaining the outline of the access control system according to the first embodiment. As illustrated in FIG. 1, the access control system according to the first embodiment includes a session cooperation server and a Web server. Here, a trust relationship is established in advance between the session cooperation server and the Web server (indicated by a dotted frame in FIG. 1).

  As described above, the access control system according to the first embodiment establishes a temporary trust relationship between the Web server and the HGW on demand based on the fact that “the call is in progress”. The session cooperation server plays a role of managing the fact that “the call is in progress”.

  Specifically, as shown in FIG. 1, when a call is established between a plurality of users, the session cooperation server acquires call information (also referred to as communication information) for identifying the call. For example, the session cooperation server acquires call information collected by each HGW from each HGW. Further, for example, the session cooperation server may directly acquire the call information from a SIP (Session Initiation Protocol) server (not shown in FIG. 1) that controls the call.

  Next, when the session cooperation server acquires the call information, the session cooperation server cooperates with the Web session link between the plurality of information display terminals used by the plurality of users indicated by the call information (hereinafter referred to as the arrival / departure linking ID). ). That is, the Web session is linked in the Web server, but the Web server cannot identify which information display terminal is the information display terminal used by the users who are talking to each other. Therefore, the session cooperation server issues an arrival / departure association ID for associating users who are in a call, and the Web server uses a connection / departure association ID so that users who are talking to each other use each other. Identify the information display terminal. Note that how the arrival / departure linking ID is used will be described later.

  Now, the session cooperation server transmits the issued link between departure and arrival to the Web server in a format in which the validity can be verified. For example, the session cooperation server attaches the certificate with the signature of the session cooperation server itself to the link ID between arrivals and departures.

  On the other hand, when the Web server receives the arrival / departure association ID, the Web server verifies the validity of the departure / arrival association ID. For example, the Web server decrypts the signature using the public key of the session cooperation server included in the certificate (provided to be a genuine public key by the certificate authority), so that the link ID between arrivals and departures is obtained. Verify the validity of.

  Then, the Web server accesses the HGW together with the arrival / departure association ID whose validity is verified. Then, the HGW accepts the access on the condition that the access from the Web server is performed together with the link ID between arrival and departure.

  In this way, the Web server links the Web session among a plurality of information display terminals based on the arrival / departure association ID, and reflects the result of accessing the HGW in the Web session.

[Processing Procedure by Access Control System According to Embodiment 1]
Next, a processing procedure performed by the access control system according to the first embodiment will be described with reference to FIG. FIG. 2 is a sequence diagram illustrating a processing procedure performed by the access control system according to the first embodiment. 2 indicates the network to which the user belongs, and outside the dotted line frame indicates a wide area network such as the Internet. As shown in FIG. 2, the HGW 10 is installed in the network to which the user belongs, and the HGW 10 controls communication by the information display terminal 20 and the SIP phone 30 in the network. In the wide area network, a session cooperation server 100, a Web server 200, and a SIP server are installed.

  As shown in FIG. 2, in the access control system, first, a call is established between a plurality of users (step S101). That is, communication is established between the SIP phones 30. Note that the SIP server controls communication between the SIP phones 30.

  When a call is established among a plurality of users, the HGW 10 according to the first embodiment collects call session information for identifying the call (step S102). For example, the HGW 10 collects “Call-ID”, “From (SIP-URI (Uniform Resource Identifier))”, and “To (SIP-URI)” from information included in communication established by SIP. In addition to collecting call session information, the HGW 10 according to the first embodiment determines whether the established call is a caller side or a callee side, and generates an arrival / departure determination flag indicating arrival / departure. This arrival / departure determination flag is used to distinguish between arrival and departure when the Web server 200 accesses the HGW 10 or provides a service to the information display terminal 20, for example, and is not necessarily essential.

  Subsequently, the HGW 10 sends a redirect instruction that instructs the subordinate information display terminal 20 that polls the HGW 10 to change the connection destination to the URL (Uniform Resource Locator) of the session cooperation server 100, This is performed together with the departure / arrival determination flag (step S103).

  Then, the information display terminal 20 is redirected and the connection destination is changed from the HGW 10 to the session cooperation server 100 (step S103). At this time, the information display terminal 20 transmits the call session information and the arrival / departure determination flag to the session cooperation server 100.

  On the other hand, when the session cooperation server 100 receives the call session information and the arrival / departure determination flag, the arrival / departure string for linking the Web session between the plurality of information display terminals 20 that are the transmission sources of the call session information identifying the same call. An attachment ID is issued (step S104).

  Then, the session cooperation server 100 transmits the arrival / departure association ID to the Web server 200 in a format in which the validity can be verified (step S105). For example, the session cooperation server 100 attaches a signed certificate of the session cooperation server 100 itself to the link ID between arrivals and departures. In addition, the session cooperation server 100 according to the first embodiment also transmits a departure / arrival determination flag together with the arrival / departure association ID. In addition, transmission of the departure / arrival determination flag is not necessarily essential as described above.

  Further, the session cooperation server 100 transmits the arrival / departure association ID and the arrival / departure determination flag to the Web server 200 so as to be redirected by the information display terminal 20. By being redirected by the information display terminal 20 and transmitted to the Web server 200, the Web server 200 causes the IP address of the HGW 10 and the information display terminal 20 (the browser session information given to the Web browser of the information display terminal 20). ) And the arrival / departure linking ID and the arrival / departure determination flag.

  When the Web server 200 receives the arrival / departure association ID and the arrival / departure determination flag that are redirected and transmitted by the information display terminal 20, the Web server 200 verifies the validity of this inter-departure / arrival association ID (step S106). For example, the Web server 200 verifies the legitimacy of the link ID between arrival and departure by decrypting the signature using the public key of the session cooperation server 100 included in the attached certificate.

  Then, the Web server 200 accesses the HGW 10 together with the arrival / departure association ID whose validity is verified (step S107). For this access, the IP address of the HGW 10 acquired in step S105 is used. Further, the Web server 200 determines which HGW 10 should be accessed using the arrival / departure determination flag as necessary. In FIG. 2, a signed certificate is attached to the between-arrival and arrival association ID even when accessing in step S107. In this case, for example, also on the HGW 10 side, it is possible to verify the legitimacy of the link between departure and arrival. However, it is not necessary to attach a signed certificate when accessing in step S107.

  Then, the HGW 10 accepts the access on the condition that the access from the Web server 200 is performed together with the between-arrival / linking ID, for example, the Web server 200 acquires personal information stored in the HGW 10 (step S108). ).

  In this way, the Web server 200 cooperates the Web session among the plurality of information display terminals 20 based on the arrival / departure association ID, and reflects the result of accessing the HGW 10 in the Web session (step S109). For example, when receiving a Web page acquisition request from the information display terminal 20 (Step S110), the Web server 200 returns a Web page using personal information acquired from the HGW 10 (Step S111). In step S105, the web server 200 grasps the correspondence relationship between the browser session information given to the web browser of the information display terminal 20, the between-arrival / relevant ID and the arrival / departure determination flag. For this reason, the Web server 200 can thereafter control the Web content to be linked among the plurality of information display terminals 20 having the same arrival / departure association ID.

  Note that the processing procedure described above is merely an example. For example, the access in steps S107 and S108 may be performed after the cooperation of the Web content in step S109 is started.

[Configuration of Access Control System According to Embodiment 1]
Next, the configuration of the access control system according to the first embodiment will be described with reference to FIGS. Hereinafter, the HGW 10, the SIP phone 30, the information display terminal 20, the session cooperation server 100, and the Web server 200 will be described in this order.

[HGW10]
FIG. 3 is a block diagram illustrating the configuration of the HGW 10 according to the first embodiment. The HGW 10 is realized by providing each unit that executes the processing procedure described with reference to FIG. 2 in a general-purpose gateway device. The HGW 10 includes, for example, a SIP communication unit / HTTP (Hyper Text Transfer Protocol) communication unit 11, a storage unit 12, and a control unit 13.

  The SIP communication unit / HTTP communication unit 11 includes general interfaces and libraries for SIP and HTTP communication. The SIP communication unit / HTTP communication unit 11 communicates between the SIP phone 30 and the SIP server, communicates between the information display terminal 20 and the Web server 200, communicates between the HGW 10 and the SIP server, and links with the HGW 10 and the session. The communication between the server 100 and the communication between the HGW 10 and the Web server 200 are controlled.

  The storage unit 12 stores information used for various controls in the control unit 13 and includes a personal information storage unit 12a. The personal information storage unit 12a stores, for example, user personal information. For example, the storage unit 12 is realized by a RAM (Random Access Memory), a flash memory, a hard disk, an optical disk, or the like.

  The control unit 13 performs various controls in the HGW 10, and includes a call session information notification unit 13a and an access reception unit 13b.

  The call session information notification unit 13a collects call session information and notifies the session cooperation server 100 of the collected call session information. Specifically, the call session information notification unit 13a collects “Call-ID”, “From”, and “To (SIP-URI)” from information included in communication established by SIP. In addition to collecting call session information, the call session information notifying unit 13a according to the first embodiment determines whether the call is the call origination side or the call arrival side of the established call, and sets an arrival / departure determination flag indicating arrival / departure. Generate. Note that the call session information is not limited to the above-mentioned information. For example, “Call-ID” or “isub”, “From”, “To”, “tag”, an IP address, or a combination thereof is realized. Is done. The call session information is realized by combining other information (for example, “Date”) included in the SIP communication. Any method may be used as long as it uses information that can uniquely identify communication established by SIP.

  Then, the call session information notification unit 13a gives a redirect instruction for instructing the information display terminal 20 that polls the local HGW 10 to change the connection destination to the URL of the session cooperation server 100, the call session information, and the arrival / departure determination flag. Do with. In addition, the call session information notification unit 13a performs this redirect instruction by storing the URL information of the session cooperation server 100 in the storage unit 12 in advance, for example.

  Note that various methods are conceivable as a method by which the call session information notification unit 13a collects the call session information. For example, the call session information notification unit 13a may access the SIP server through HTTP communication and collect call session information in a pull type. In this case, however, it is desirable that the SIP server authenticates the HGW 10 that desires to acquire call session information by some authentication means such as IP address-based or line-based authentication.

  The access receiving unit 13b receives access from the Web server 200 on the condition that the access from the Web server 200 is performed together with the arrival / departure association ID. Specifically, when the access receiving unit 13b receives an access from the Web server 200, the access receiving unit 13b determines whether or not the access is performed together with the connection ID between arrivals and departures. When it is determined that it is performed together with the connection ID between arrivals and departures, the access reception unit 13b determines that a temporary trust relationship has been established between the Web server 200 and the HGW 10, and Allow access. For example, the access receiving unit 13b permits the acquisition of information stored in the storage unit 12a such as personal information.

  Note that when accessing from the Web server 200, the access receiving unit 13b may verify the legitimacy of the arrival / departure association ID when a signed certificate is attached to the arrival / departure association ID. For example, the access receiving unit 13b decrypts the signature by using the public key of the session cooperation server 100 included in the certificate (provided by the certificate authority that it is a genuine public key), and links between the arrival and departure times The hash value of ID is taken out. Further, the access receiving unit 13b calculates a hash value from the arrival / departure association ID itself. Then, the access receiving unit 13b verifies that the link ID between arrivals and departures is authentic information by collating the hash value extracted from the signature with the calculated hash value. That is, as a result of collating the hash value extracted from the signature with the calculated hash value, if the two match, (a) the link between departure and arrival is certainly information issued from the session cooperation server 100; (b) It is possible to verify the fact that the link between departure and arrival is not falsified, and that (c) the fact that the session linkage server 100 has transmitted the link between arrival and departure is not denied. It can be verified that the attached ID is authentic information.

[SIP phone 30]
FIG. 4 is a block diagram illustrating the configuration of the SIP phone 30 according to the first embodiment. The SIP phone 30 includes, for example, an input unit 32, an output unit 33, an input / output control I / F unit 34, and a SIP communication unit 31.

  Since both are the same as the general-purpose SIP phone 30, a brief description will be given. The input unit 32 inputs information used for the SIP phone 30, operation instructions for performing various processes, and the like using number keys, a microphone, and the like. To do. The output unit 33 outputs the results of various processes by the SIP phone 30 and operation instructions for performing various processes to a display or a speaker. The input / output control I / F unit 34 controls information transfer among the input unit 32, the output unit 33, and the SIP communication unit 31. The SIP communication unit 31 includes a general interface and library for SIP, and transmits / receives information to / from the other SIP phone 30.

[Information display terminal 20]
FIG. 5 is a block diagram illustrating the configuration of the information display terminal 20 according to the first embodiment. The information display terminal 20 is realized by providing each unit that executes the processing procedure described with reference to FIG. 2 in a general-purpose PC or an information home appliance. The information display terminal 20 includes, for example, an input unit 22, an output unit 23, an input / output control I / F unit 24, an HTTP communication unit 21, and a control unit 25.

  The input unit 22 inputs information used for the information display terminal 20, operation instructions for performing various processes, and the like using a keyboard, a mouse, a remote controller, and the like. The output unit 23 outputs the results of various processes by the information display terminal 20 and operation instructions for performing various processes to a display, a printer, or the like. The input / output control I / F unit 24 controls information transfer among the input unit 22, the output unit 23, the HTTP communication unit 21, and the control unit 25. The HTTP communication unit 21 includes a general interface and library for HTTP communication, and transmits and receives information to and from the Web server 200.

  The control unit 25 includes a web content browsing unit 25a. For example, the web content browsing unit 25a is realized by a so-called web browser, and polls the HGW 10. Further, when receiving a redirect instruction from the HGW 10, the Web content browsing unit 25 a transmits the call session information and the arrival / departure determination flag received from the HGW 10 to the session cooperation server 100. In addition, when redirected from the session cooperation server 100, the web content browsing unit 25 a transmits the departure / arrival association ID and the arrival / departure determination flag received from the session cooperation server 100 to the web server 200.

  At this time, browser session information for identifying the web browser is given to the web browser that realizes the web content browsing unit 25a, and the web server 200 identifies the information display terminal 20 using the browser session information. That is, the browser session information is generated for each web session established between the information display terminal 20 and the web server 200, and uniquely identifies the web session established between the information display terminal 20 and the web server 200. Information. The browser session information is issued by, for example, the Web server 200 and is realized by, for example, “session ID” (cookie ID or the like).

  Further, the web content browsing unit 25 a outputs the web page transmitted from the web server 200 to the output unit 23.

[Session Cooperation Server 100]
FIG. 6 is a block diagram illustrating the configuration of the session cooperation server 100 according to the first embodiment. The session cooperation server 100 is realized by providing each unit that executes the processing procedure described with reference to FIG. 2 in a general-purpose server. The session cooperation server 100 includes, for example, a communication unit 110, a storage unit 120, and a control unit 130.

  The communication unit 110 has a general interface and library for HTTP communication, and transmits / receives information to / from the HGW 10, the information display terminal 20, and the Web server 200. The storage unit 120 stores information used for various controls in the control unit 130. The storage unit 120 includes a control session information management table 121 and an arrival / departure association ID management table 122. For example, the storage unit 120 is realized by a RAM, a flash memory, a hard disk, an optical disk, or the like.

  The control session information management table 121 manages control session information. Specifically, the control session information management table 121 stores the control session information, and the control session information stored in the control session information management table 121 is processed by an outgoing / incoming link ID issuing unit 132 described later. Used for

  FIG. 7 is a diagram for explaining the control session information management table. For example, as shown in FIG. 7, the control session information management table 121 stores control session information, call session information, and arrival / departure determination flags in association with each other.

  The control session information is generated for each session established between the information display terminal 20 and the session cooperation server 100, and uniquely identifies the session established between the information display terminal 20 and the session cooperation server 100. Information. The control session information is issued by a call session information collection unit 131, which will be described later, and stored in the control session information management table 121. For example, the control session information is realized by a “session ID” (cookie ID or the like). In FIG. 7, for convenience of explanation, regular numerical values are exemplified as the control session information, but generally random numbers or the like are stored.

  The call session information is information for uniquely identifying communication established by SIP between the SIP phones 30. The call session information is collected by a call session information collection unit 131, which will be described later, and stored in the control session information management table 121. In FIG. 7, for convenience of explanation, a regular numerical value is exemplified as “Call-ID” of call session information, but generally a random number or the like is stored.

  The arrival / departure determination flag is a flag indicating whether the SIP phone 30 is a calling side or a called side for communication established by SIP between the SIP phones 30. The information is collected by a call session information collection unit 131 described later and stored in the control session information management table 121.

  The departure / arrival association ID management table 122 manages the arrival / departure association ID. Specifically, the arrival / departure association ID management table 122 stores an arrival / departure association ID.

  FIG. 8 is a diagram for explaining the between-arrival and arrival association ID management table. For example, as shown in FIG. 8, the between-arrival and associated ID management table 122 stores the control session information and the between-arrival and associated IDs in association with each other.

  The link ID between arrivals and departures is pseudonym information of call session information that uniquely identifies communication established by SIP, and is linkage information for linking Web sessions between users who are making a call. The departure / arrival association ID is issued by an after-arrival association ID issuing unit 132, which will be described later, and stored in the between-arrival association ID management table 122. As shown in FIG. 8, generally random numbers or the like are stored.

  Returning to FIG. 6, the control unit 130 includes a call session information collection unit 131 and an arrival / departure association ID issuing unit 132.

  The call session information collection unit 131 collects call session information and a departure / arrival determination flag. Specifically, the call session information collection unit 131 collects the call session information and the arrival / departure determination flag by being notified by the call session information notification unit 13a of the HGW 10. The call session information collection unit 131 issues control session information, and stores the collected call session information and the arrival / departure determination flag in the control session information management table 121 in association with the issued control session information. .

  The arrival / departure association ID issuing unit 132 issues an between-arrival / repartment association ID, and transmits the issued inter-departure association ID to the Web server 200 in a format in which the validity can be verified. Specifically, the arrival / departure association ID issuing unit 132 specifies call session information indicating the same communication from among a plurality of call session information stored in the control session information management table 121. Next, the departure / arrival linking ID issuing unit 132 specifies two pieces of control session information stored in association with the specified call session information. Then, the arrival / departure linking ID issuing unit 132 issues an arrival / departure linking ID, stores the issued between arrival / departure linking ID and the specified control session information in association with each other and stores them in the arriving / departure linking ID management table 122. To do.

  Subsequently, the between-arrival / inbound linking ID issuing unit 132 attaches the signed certificate of the session cooperation server 100 to the issued between-in / out linking ID. Here, the arrival / departure association ID issuing unit 132 attaches a certificate with a signature so that, for example, (a) the arrival / departure association ID is certainly information issued from the session cooperation server 100, (b) It is guaranteed that the connection ID between departures and arrivals has not been tampered with, and (c) the fact that the session linkage server 100 has transmitted the connection ID between arrivals and departures is not denied. If these can be verified in the Web server 200, the Web server 200 can confirm that the acquired link ID between arrivals and departures is reliable information (authentic information).

  Also, for example, the arrival / departure linking ID issuing unit 132 according to the first embodiment describes the signed certificate in a format defined in SAML (Security Assertion Markup Language). Here, the SAML format is a protocol formulated for the purpose of exchanging information for authentication with data described in XML (Extensible Markup Language), and is a format that can be verified by a signature. The connection / departure ID issuing unit 132 uses a certificate issued by a certificate authority that proves that the public key of the session cooperation server 100 is authentic, and a secret ID of the session cooperation server 100 (hash value). And a signature obtained by encrypting the signature in the SAML format.

[Web server 200]
FIG. 9 is a block diagram illustrating the configuration of the Web server 200 according to the first embodiment. The Web server 200 is realized by providing each unit that executes the processing procedure described with reference to FIG. 2 in a general-purpose server. For example, the Web server 200 includes a communication unit 210 and a control unit 230.

  The communication unit 210 includes a general interface and library for HTTP communication, and transmits and receives information to and from the session cooperation server 100 and the information display terminal 20.

  The control unit 230 includes an arrival / departure association ID verification unit 231, an HGW access unit 232, and a Web session cooperation unit 233.

  The arrival / departure association ID verification unit 231 verifies the arrival / departure association ID issued by the session cooperation server 100. Specifically, the arrival / departure association ID verification unit 231 receives the arrival / departure association ID and the arrival / departure determination flag from the information display terminal 20. Since the connection ID between departures and arrivals is newly paid out for each established call, the connection ID verification unit 231 between the arrivals and departures receives two pieces of information as a result of receiving the connection ID between arrivals and departures from each information display terminal 20. From the display terminal 20, the same arrival / departure association ID is received.

  In addition, the between-arrival / linking ID verification unit 231 verifies the validity of the between-arrival / linking ID by verifying the signed certificate attached to the between-arrival / linking ID. For example, the arrival / departure linking ID verification unit 231 decrypts the signature using the public key of the session cooperation server 100 included in the certificate (provided by the certificate authority as a genuine public key), The hash value of the link ID between departure and arrival is taken out. Further, the between-arrival / incoming association ID verification unit 231 calculates a hash value from the between-incoming / outbound association ID itself. Then, the between-arrival association ID verification unit 231 verifies that the between-arrival association ID is authentic information by comparing the hash value extracted from the signature with the calculated hash value. That is, as a result of collating the hash value extracted from the signature with the calculated hash value, if the two match, (a) the link between departure and arrival is certainly information issued from the session cooperation server 100; (b) It is possible to verify the fact that the link between departure and arrival is not falsified, and that (c) the fact that the session linkage server 100 has transmitted the link between arrival and departure is not denied. It can be verified that the attached ID is authentic information.

  The HGW access unit 232 accesses the HGW 10 together with the arrival / departure association ID whose validity has been verified. Specifically, the HGW access unit 232, when the arrival / departure association ID verification unit 231 verifies that the arrival / departure association ID is authentic information, together with the arrival / departure association ID, to access. The HGW access unit 232 accesses the HGW 10 using the IP address of the HGW 10 acquired when the arrival / departure association ID and the arrival / departure determination flag are received from each information display terminal 20. In addition, the HGW access unit 232 determines which HGW 10 should be accessed using the arrival / departure determination flag as necessary.

  The web session cooperation unit 233 cooperates the web session between the plurality of information display terminals 20 based on the link ID between arrivals and arrivals whose validity has been verified, and reflects the result of access by the HGW access unit 232 in the web session. . Specifically, the Web session linkage unit 233 indicates that linkage between the arrival and departure times indicates that the Web session is to be linked among a plurality of arrival and departure linkage IDs verified by the linkage between arrival and departure linkage ID verification unit 231. The service provision is controlled such that the ID (identical ID between arrivals and departures) is specified, and the Web content provided to each information display terminal 20 that is the transmission source of the specified ID between arrivals and departures is linked. Note that the Web session cooperation unit 233 knows the correspondence between the browser session information given to the information display terminal 20, the arrival / departure association ID, and the arrival / departure determination flag. Service provision can be controlled so that Web sessions provided to each of the information display terminals 20 that are transmission sources are linked.

[Effect of Example 1]
As described above, the access control system according to the first embodiment includes the session cooperation server 100, the Web server 200, and the HGW 10. The session cooperation server 100 includes a call session information collection unit 131 and an arrival / departure association ID issuing unit 132. When a call is established among a plurality of users, the call session information collection unit 131 acquires call session information for identifying the call. When the call session information is acquired, the link ID issuing unit 132 between arrivals and arrivals is used to link a Web session between a plurality of information display terminals 20 used by a plurality of users indicated by the call session information. Is issued, and the issued link between departure and arrival is transmitted to the Web server 200 in a format in which the validity of the link between departure and arrival can be verified. The Web server 200 includes an arrival / departure association ID verification unit 231, an HGW access unit 232, and a Web session cooperation unit 233. Upon receiving the arrival / departure association ID, the inter-departure / repartment ID verification unit 231 verifies the legitimacy of this inter-departure / arrival association ID. The HGW access unit 232 accesses the HGW 10 that controls communication between the information display terminal 20 and the Web server 200 together with the arrival / departure linking ID whose validity is verified. The web session cooperation unit 233 cooperates the web session among the plurality of information display terminals 20 based on the link ID between arrivals and departures whose validity has been verified, and reflects the access result in the web session. The HGW 10 includes an access reception unit 13b. The access receiving unit 13b receives access on the condition that the access from the Web server 200 is performed together with the arrival / departure linking ID.

  For this reason, according to the first embodiment, a temporary trust relationship is turned on between the Web server 200 and the HGW 10 of the network to which the user belongs based on the fact that “the call is in progress”. It becomes possible to connect to demand.

  Next, an access control system according to the second embodiment will be described. In addition to the same processing procedure as the access control system according to the first embodiment, the access control system according to the second embodiment confirms with the user whether or not access from the Web server 200 to the HGW 10 is permitted. That is, in the access control system, when the access from the Web server 200 is performed together with the arrival / departure association ID, the HGW 10 accepts this access unconditionally. For this reason, in the second embodiment, prior confirmation is made to the user.

  FIG. 10 is a sequence diagram illustrating a processing procedure performed by the access control system according to the second embodiment. As illustrated in FIG. 10, the between-arrival and association ID issuing unit 132 of the session cooperation server 100 confirms whether or not access from the Web server 200 to the HGW 10 is permitted when issuing the between-arrival and association ID. A confirmation screen is transmitted to the information display terminal 20 (step S204). For example, the arrival / departure linking ID issuing unit 132 transmits a confirmation screen such as “Are you sure you want to access the home gateway?”.

  For example, when the user confirms the confirmation screen output to the output unit 23 of the information display terminal 20 and accepts the confirmation screen, for example, presses a button, the information is transmitted to the session cooperation server 100 (step S205). . Then, the arrival / departure association ID issuing unit 132 issues an arrival / departure association ID on the assumption that confirmation by the user is obtained. On the other hand, if the confirmation by the user is not obtained, the between-arrival / inbound linking ID issuing unit 132 does not issue the between-in / out linking ID.

  Note that the processing procedure for confirming in advance with the user is not limited to the processing procedure illustrated in FIG. In the case of the processing procedure illustrated in FIG. 10, if the confirmation by the user is not obtained, the arrival / departure association ID issuing unit 132 does not issue the arrival / departure association ID, and the Web server 200 cooperates with the Web session. It will not be possible. Therefore, for example, if the confirmation by the user is not obtained, the arrival / departure association ID issuing unit 132 may issue an arrival / departure association ID attached as information. In this case, the HGW access unit 232 of the Web server 200 does not access the HGW 10. On the other hand, the web session cooperation unit 233 can perform web session cooperation.

  In the case of the processing procedure illustrated in FIG. 10, out of the users, the caller transmits a confirmation screen to the callee on the assumption that access to the HGW 10 is permitted. However, the present invention is not limited to this, and the confirmation screen may be transmitted to both the caller and the callee.

  On the confirmation screen, the user not only confirms whether or not access is permitted, but also information related to access, for example, the directory and folder permitted to access, or the type of command permitted to execute. May be input. In this case, the arrival / departure association ID issuing unit 132 attaches such information and issues an inter-departure / repartment association ID. On the other hand, before accessing the HGW 10, the HGW access unit 232 confirms these pieces of information attached to the link ID between departure and arrival, and accesses, for example, only the directories and folders permitted to be accessed. For example, access is controlled such that only commands that are allowed to be executed are executed.

  In the case of the processing procedure illustrated in FIG. 10, the processing procedure for confirming the user in advance is performed by the session cooperation server 100, but may be performed by the Web server 200. For example, before accessing the HGW 10, the HGW access unit 232 transmits a confirmation screen for confirming whether to allow access to the information display terminal 20, and only when confirmation by the user is obtained. May be accessed. On the confirmation screen, the user not only confirms whether or not access is permitted, but also information related to access, for example, the directory and folder permitted to access, or the type of command permitted to execute. May be input. Furthermore, since it is a confirmation screen transmitted by the Web server 200 itself, for example, what information is desired to be acquired is specifically described, and information necessary for acquiring the information (directory, folder, permission) Command type) may be entered.

  Next, an access control system according to the third embodiment will be described. The access control system according to the third embodiment has the same function as the access control system according to the first embodiment and the access control system according to the second embodiment, and also has a function of invalidating the link ID between arrival and departure.

  FIG. 11 is a block diagram illustrating a configuration of the session cooperation server 100 according to the third embodiment, and FIG. 12 is a sequence diagram illustrating a processing procedure performed by the access control system according to the third embodiment. As illustrated in FIG. 11, the session cooperation server 100 according to the third embodiment further includes a between-arrival / destination ID revocation unit 133 in the control unit 130. When the call established between a plurality of users is disconnected, the between-call linking ID revocation unit 133 acquires call session information for identifying the call. Further, when the call session information revocation unit 133 acquires call session information for identifying the disconnected call, it notifies the Web server 200 of the revocation of the connection / reception link ID issued in association with the call session information. To do.

  For example, as shown in FIG. 12, when a call established between a plurality of users is disconnected (step S301), the HGW 10 collects call session information for identifying the disconnected call (step S302). The collected call session information is transmitted to the session cooperation server 100 (step S303). Note that the HGW 10 can execute these processing procedures, for example, in the same manner as in steps S102 and S103 in FIG. Further, the HGW 10 may add some flag to the call session information in order to distinguish between the call session information for identifying the disconnected call and the call session information for identifying the established call.

  When the call session information is received, the between-arrival / linking ID revocation unit 133 searches the control session information management table 121 using the received call session information, and is stored in association with the received call session information. Identify control session information. In addition, the arrival / departure association ID revocation unit 133 searches the departure / arrival association ID management table 122 using the specified control session information, and stores the arrival / department association stored in association with the specified control session information. The attached ID is specified. Then, the between-arrival and association ID revocation unit 133 notifies the Web server 200 that the identified between-arrival and arrival association ID is the between-arrival and arrival association ID that should be revoked.

  Then, when the HGW access unit 232 of the Web server 200 is notified of the expiration of the predetermined link between arrival and departure by the link ID revocation unit 133 between arrival and departure, the access to the corresponding HGW 10 is terminated. Further, when notified of the expiration of the link between arrival and departure, the Web session cooperation unit 233 ends the cooperation of the Web session using the notified connection ID between the arrival and departure.

  As described above, according to the third embodiment, when the call is disconnected, the expiration of the link ID between the arrival and departure is notified to the Web server 200, and the access to the HGW 10 by the Web server 200 is also terminated. The trust relationship temporarily established based on the above fact can be reliably canceled except during a call.

  Although several embodiments have been described so far, the present invention is not limited to these embodiments. The present invention can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention.

  For example, in the first to third embodiments described above, the example in which the HGW is installed in the network of both users who are talking is not limited to this, but the HGW is the one of the users. It may be installed in a network.

  Further, for example, in the first to third embodiments, an example in which a call is performed between two parties has been described. However, the present invention is not limited to this, and there are more calls than two parties, for example, between three parties. The disclosed technique can be applied in the same manner even when it is performed between people. Further, in the first to third embodiments, an example of a call performed between SIP phones has been described. However, the present invention is not necessarily limited to this. In the case of “communication”, the disclosed technique can be applied in the same manner. In other words, when communication is established between a plurality of users, the session cooperation server acquires communication information for identifying the communication, and Web communication between a plurality of terminals used by the plurality of users indicated by the acquired communication information. Coordination information for coordinating sessions may be issued, and the issued cooperation information may be transmitted to the Web server in a format in which the validity can be verified.

DESCRIPTION OF SYMBOLS 100 Session cooperation server 110 Communication part 120 Storage part 121 Control session information management table 122 Incoming / outgoing association ID management table 130 Control part 131 Call session information collection part 132 Incoming / outgoing association ID issuing part 200 Web server 210 Communication part 230 Control 231 ID connection unit between arrival and departure 232 HGW access unit 233 Web session cooperation unit

Claims (4)

Session linkage server
When communication is established between a plurality of users, acquisition means for acquiring communication information for identifying the communication;
When the communication information is acquired, the link information for linking the Web session between a plurality of terminals used by a plurality of users indicated by the communication information is issued, and the validity of the link information is confirmed with the issued link information. Issuing means for transmitting to a Web server in a format that can be verified,
The web server
Upon receiving the cooperation information, verification means for verifying the validity of the cooperation information;
An access means for accessing a communication control device for controlling communication between the terminal and the Web server together with the cooperation information whose validity is verified , and acquiring personal information of the user ;
Coordinating means for coordinating a web session between the plurality of terminals based on the cooperation information verified for validity and providing a web page using the personal information to the plurality of terminals as a result of the access. Prepared,
The communication control device includes:
An access control system comprising: access control means for accepting access on the condition that access from the Web server is performed together with the cooperation information. The session cooperation server
The access according to claim 1, further comprising confirmation means for transmitting information for confirming whether or not access from the Web server to the communication control device is permitted to a terminal used by the user. Control system. The session cooperation server
When communication established between the plurality of users is disconnected, a disconnection acquisition unit that acquires communication information for identifying the communication;
A notification means for notifying the Web server of the expiration of the cooperation information issued in association with the communication information when the communication information for identifying the disconnected communication is acquired;
When the access means is notified of the expiration of the linkage information, the access means terminates access to the communication control device,
The access control system according to claim 1, wherein the cooperation unit terminates the cooperation of the Web session when notified of the expiration of the cooperation information. Session linkage server
When communication is established between a plurality of users, an acquisition step of acquiring communication information for identifying the communication;
When the communication information is acquired, the link information for linking the Web session between a plurality of terminals used by a plurality of users indicated by the communication information is issued, and the validity of the link information is confirmed with the issued link information. An issue step of transmitting to a web server in a format that can be verified,
The web server is
Upon receiving the cooperation information, a verification step for verifying the validity of the cooperation information;
An access step of accessing the communication control device that controls communication between the terminal and the Web server together with the cooperation information whose validity is verified , and acquiring personal information of the user ;
Linking a Web session between the plurality of terminals based on the link information verified for validity, and providing a Web page using the personal information to the plurality of terminals as a result of the access. Including
The communication control device includes:
And an access control step of accepting the access on the condition that the access from the Web server is performed together with the cooperation information.

Images