JP6275301B1 - Login system, login method and login program for portal site failure - Google Patents

Abstract

Provided is a login system capable of directly connecting to a target site even when a portal site failure occurs. The authentication server includes login authentication means for performing login authentication of a customer, and portal failure acquisition means for acquiring failure information of a portal site. Web server, after login authentication of authentication server, authorization means to authorize access to customer's Internet banking server Information generating means. The internet banking server transmits the top page of the portal site to the customer terminal when the received cooperation information includes failure information of the portal site. [Selection] Figure 4

Description

  The present invention relates to a login system at the time of failure, and more particularly to a system capable of directly logging in to Internet banking when a failure occurs in a portal site.

  2. Description of the Related Art Conventionally, various methods for dealing with a system failure when logging into a WEB system from a user terminal are known.

  For example, Patent Document 1 discloses a user authentication method that prevents an unauthorized operation of a WEB system by a third party even if an unforeseen system failure occurs while a user terminal logs in to the WEB system.

  Further, in Patent Document 2, in order to solve the problem that, when a failure occurs between logout by the first user and login by the second user, discovery of the failure by the user may be delayed. After the first user logs out and the second user logs in, the output flag is referred to, the monitoring result information not output to the first user is extracted and output to the operation device A monitoring device is disclosed.

  Also, especially when a system failure occurs in a portal site, in order to avoid inaccessibility of all systems via the portal site, conventionally, a URL that can be directly logged into these systems is sent to the user by e-mail. It was.

JP2013-114526A JP 2008-158561 A

  However, the conventional techniques such as Patent Documents 1 and 2 detect the occurrence of a failure as soon as possible, how to reduce the effect of the failure, how quickly to recover from the failure, and how to prevent unauthorized access at the time of failure. There are many systems that focus on the prevention, and there are few systems for preventing the user's convenience from being impaired even when a failure occurs. In particular, when using an overseas Web system, a user with little knowledge has to wait for a failure recovery of the entire system even though there is no failure in the function that the user wants to use. In particular, when a failure occurs in the portal site that is the entrance of various systems, the user has to wait for the portal site to recover even if there is no failure in the back-end system. Further, when sending a URL, it is necessary to extract and send the mail addresses of all users, which is troublesome. In addition, it was necessary to deal with undelivered destinations.

  Therefore, in view of the above problems, an object of the present invention is to provide a login system that can directly connect to a target site even when a portal site failure occurs.

  The login system (hereinafter referred to as “direct login system”) at the time of failure of the portal site of the present invention provides the following solution.

(1) A login system comprising a Web server connected to a customer terminal via the Internet and an authentication server connected to the Web server, wherein the authentication server performs customer login authentication from the customer terminal. Login authentication means for performing and portal failure acquisition means for acquiring failure information of a portal site serving as an entrance to the customer's Internet banking server, and the Web server is configured to provide the customer terminal after login authentication of the authentication server. An authorization means for authorizing access to the Internet banking server from the server, and after completion of authorization by the authorization means, generates linkage information including fault information of the portal site acquired by the portal fault acquisition means, and A linkage information generating means for transmitting, Internet banking server, when including the failure information of the portal site in the received link information, and transmits the home screen Internet banking to the customer terminal, and wherein the.

(2) In the configuration of (1), the login authentication means performs login authentication with single sign-on for the Internet banking server.

(3) In the configuration of the above (2), the Web server determines whether the Internet banking server and other systems subject to single sign-on according to the connection destination priority of the user stored in the connection priority DB for each user. It is characterized by being connected to a server.

(4) A login method in a system comprising a Web server connected to a customer terminal via the Internet and an authentication server connected to the Web server, wherein the authentication server logs in a customer from the customer terminal Performing authentication, and obtaining failure information of a portal site serving as an entrance to the customer's Internet banking server,
Acquired in the stage in which the Web server authorizes access to the Internet banking server of the customer terminal after login authentication of the authentication server, and the fault information of the portal site after the authorization is completed in the authorization stage Generating link information including failure information of the portal site and transmitting the link information to the Internet banking server, and the Internet banking server includes the failure information of the portal site in the received link information The method further includes a step of transmitting an internet banking home screen to the customer terminal.

(5) A log-in program for causing a computer to execute each step described in (4) above.

(6) An access control system comprising a first server connected to a user terminal via the Internet, and a second server connected to the first server, wherein the second server is Means for authenticating the user via the first server; and means for controlling access to the fourth server via the third server connected to the second server by the user. And means for acquiring failure information of the third server, wherein the first server authorizes access of the user terminal to the fourth server after the user authentication. And means for transmitting the failure information of the third server to the fourth server after the authorization by the means for authorizing is completed, the fourth server according to the received failure information, Access to the fourth server Transmitting means for scan to a terminal of said user, characterized in that.

  ADVANTAGE OF THE INVENTION According to this invention, the login system which can be connected directly to the target site and service system at the time of failure of a portal site can be provided.

It is a figure which shows schematic structure (the 1) of the direct login system which concerns on embodiment of this invention. It is a figure which shows schematic structure (the 2) of the direct login system which concerns on embodiment of this invention. It is a figure which shows schematic structure (the 3) of the direct login system which concerns on embodiment of this invention. It is a figure which shows schematic structure (the 4) of the direct login system which concerns on embodiment of this invention. It is a figure which shows the outline of connection priority DB classified by user. It is a figure which shows the list of the timing of the process which concerns on embodiment of this invention. It is a figure which shows the example of the top page of the portal site which concerns on embodiment of this invention, and the home screen of Internet banking (IB). It is a figure which shows the example of the maintenance information screen at the time of the portal site failure concerning embodiment of this invention.

  DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments for carrying out the present invention (hereinafter referred to as embodiments) will be described in detail with reference to the accompanying drawings. In the subsequent drawings, the same numbers or symbols are assigned to the same elements throughout the description of the embodiments. In the functional configuration diagram, an arrow between functional blocks represents a data flow direction or a process flow direction.

(Basic configuration)
1 to 4 are diagrams showing a schematic configuration of a direct login system (hereinafter simply referred to as “the present system”) according to an embodiment of the present invention. The system typically includes a customer terminal 10 (browser), a customer terminal 10, a Web server 20 (first server) and an AP server 30 (Application Server) connected via the Internet. . However, it is not limited to such a configuration. The Web server 20 and the AP server 30 may be connected via a dedicated network. The Web server 20 and the AP server 30 may be physical servers or logical servers, but are assumed to be physical servers here. That is, the Web server 20 and the AP server 30 include a logical server described later, but the physical server and the logical server are not distinguished unless otherwise specified.

  In the following, log in to Internet banking for overseas corporations (hereinafter also simply referred to as IB) via the overseas corporation portal site (also simply referred to as portal), and the top page (home screen) of the overseas corporation IB (Internet Banking) It shows the flow of processing until it is displayed.

  Here, the portal is a Web site that becomes an entrance (entrance) when accessing the Internet. In this system, in normal times, in order to access the IB, a portal is always used as an entrance. The top page or home screen is a screen that is first displayed on the customer terminal 10 after logging in to the site. In the following description, a portal for overseas corporations and an IB for overseas corporations in the global banking system will be described as examples. However, this system is not limited to only overseas corporations. Although the top page and the home screen have the same meaning, in this specification, the first screen displayed after logging in to the portal is called the top page, and the first screen displayed after logging in to the IB is the home screen. To distinguish.

  First, FIG. 1 will be described. FIG. 1 is a diagram illustrating a flow of normal login processing from a customer terminal 10 to a foreign corporation portal server from a login screen of an overseas corporation portal. Hereinafter, the term “portal” refers to an overseas corporate portal site (or an overseas corporate portal server) unless otherwise specified.

  First, the customer terminal 10 uses a browser installed on the terminal to access a login screen to the overseas corporate portal site via the Web server 20, and to the authentication server 31 in the AP server 30. Request login authentication. Typically, login authentication is requested with a user ID and password. Note that the login screen to the portal is generated not by the portal site but by the authentication server 31. The authentication server 31 may be referred to as a second server, and the overseas corporate portal server 33 may be referred to as a third server.

  The Web server 20 is provided with an access control means 21 (also called ACS: Access Control System), and controls communication and access between the customer terminal 10 and the AP server 30. The access control means 21 further includes an authorization means 22 and a linkage information generation means 23. Details of the authorization unit 22 and the linkage information generation unit 23 will be described later.

  The AP server 30 includes an authentication server 31 (second server), an overseas corporate portal server 33 (third server), and an ID management server 35 as logical servers. Hereinafter, the term “IB” refers to an overseas corporate IB server (or an overseas corporate IB site) unless otherwise specified.

  The authentication server 31 includes a login authentication unit 32. The login authentication unit 32 accesses the ID management server 35 to authenticate the user ID and password of the customer. The ID management server 35 is a server provided with a registration ID data DB 36 that stores authentication information such as a registered user ID and password as a database (DB).

  Further, the Web server 20 has an authorization unit 22 for authorizing whether the customer (user) has the authority to access the IB and whether it is a target of single sign-on (SSO) in this system. Is provided. Since the portal site and the Internet banking server are targeted for SSO, it is possible to log in to the Internet banking server even if a failure occurs in the portal site as described later.

  In addition, the Web server 20 is provided with linkage information generation means 23, which generates linkage information (specifically, authentication time, corporation ID, corporation name, branch ID, user name, etc.) and transmits it to the overseas corporation portal server 33. Send. The linkage information differs depending on the linkage destination.

  The overseas corporation portal server 33 receives the cooperation information from the cooperation information generation means 23, and if there is no problem with the cooperation information, the top page generation means 34 generates the portal top page and transmits it to the customer terminal 10. The above is the flow of normal login processing.

  FIG. 2 shows the flow of processing for accessing the IB from the top page of the portal after logging in to the overseas corporation portal shown in FIG. Here, since the login to the portal is completed, the case where the IB is activated from the top page of the portal site is shown. In this case, the customer terminal 10 transmits a user ID to the authorization means 22, and the login authentication means 32 checks whether the customer user ID has access authority to the overseas corporate IB server 41, and the authorized customer. If so, the cooperation information generation means 23 generates the cooperation information and transmits it to the overseas corporation IB server 41. In the overseas corporation IB server 41, if the received cooperation information includes information indicating that it has been normally authorized, the home screen generation unit 37 generates an IB pom screen and transmits it to the customer terminal 10.

  FIG. 3 shows a case where the customer terminal 10 accesses the other external system 38 that is the target of SSO in addition to the overseas corporation IB from the portal top page in the same processing flow. The only difference from FIG. 2 is that the link information generation means 23 sends the link information to another system 38 (SSO destination) instead of the overseas corporate IB server 41. In other words, with the same user ID and password, it is possible to log in to the IB system in the bank or to another system that is an external system. As an advantage of SSO, a user can perform multiple authentications with a single login information, and can centrally manage accounts, and can be authenticated with a single user authentication system. Maintenance costs can be reduced, and adding a new system on the portal is easier than building an original system.

  FIG. 4 shows a procedure for logging in directly to the IB without going through the portal when a portal failure occurs. As shown in the figure, in order to perform this procedure, portal failure acquisition means 40 is provided in the authentication server 31. The portal failure acquisition means 40 is a means for acquiring the failure status of the portal, and the administrator may acquire the failure status of the portal by referring to a failure flag in which the failure status is registered. You may make it acquire directly from the monitoring means 42 (automatically). The system monitoring means 42 is means for automatically detecting a failure, and may be registered in the above-described failure flag when a failure is detected, or may be notified to the portal failure acquisition means 40 described above. Good.

  The administrator who receives the notification from the portal failure acquisition unit 40 determines whether or not to activate the direct login mechanism of the present system according to the content of the failure. The link information generation unit 23 of the access control unit 21 includes failure information indicating that a failure has occurred in the portal and the direct login mechanism has been activated. The generated failure information is transmitted to the overseas corporation IB server 41 (note that the transmission destination is the IB server unlike the case of FIG. 1).

  The portal failure confirmation means 40 makes the administrator make a final decision when the failure is minor or when it is clear that the system monitoring means 42 has erroneously detected a portal failure. This is because there is no need to activate the direct login mechanism. The failure includes portal maintenance in a broad sense, and the failure information includes maintenance information.

  In the overseas corporation IB server 41, when it is confirmed that the portal site is in trouble or under maintenance according to the trouble information received from the Web server 20, the home screen generation means 37 of the overseas corporation IB server 41 uses the overseas corporation IB server 41. An IB home screen is generated and transmitted to the customer terminal 10.

  As described above, the login authentication means 32 and the authorization means 22 are divided into two stages, and the processing stages are shared by the authentication server 31 and the Web server 20 (access control means 21). A portal failure confirmation unit 40 can be provided between them. In this way, even if a failure occurs in the portal server body, it is possible to directly connect to all systems including the IB that uses the portal as an entrance. At this time, the customer terminal 10 may display information indicating that the client terminal 10 is directly connected to the IB without going through the portal as failure information or maintenance information.

  Further, the other system (SSO target) 38 can be included in the above-mentioned portal failure countermeasure target. In this case, the Web server 10 includes a connection priority DB 43 for each user, and the connection priority DB 43 for each user stores a table that defines connection priority for each user as shown in FIG. According to this table, the access control means 21 of the Web server 10 can be connected to a server of another external system by a mechanism similar to that for accessing an overseas IB server even when a portal failure occurs. Of course, there may be a plurality of other external systems. In the example of FIG. 5, the priority order 1 of the sites accessed by each user is common to the portals, but the priority order 2 is different for each user. Therefore, in this case, when a portal failure occurs, it is possible to access different sites for each user.

  FIG. 6 is a diagram showing a list of processing timings according to the embodiment of the present invention. Although detailed description is omitted, FIG. 6 shows a login authentication stage, an authorization stage, and linkage information performed by the Web server 20, the AP server 30 (physical server), the authentication server 31 (logical server), and the ACS (access control means 21). The timing of each process in the generation stage is summarized in a list. Contin login in the table means IB direct login of overseas affiliates of this system as part of an emergency response plan (Contingency Plan) that defines countermeasures for accidental failures or accidents. It means that there is.

  FIG. 7 is a diagram showing an example of a portal site top page and Internet banking home screen according to an embodiment of the present invention. The screen 100 is the top page of the portal that is displayed first after logging in to the portal, and the screen 110 is the home screen (top page) that is displayed first in the overseas corporation Internet banking (IB).

  Normally, when “Internet Banking System” in the System Link column 101 of the screen 100 is clicked, the Internet banking home screen of the screen 110 is displayed as shown in the figure. Here, it goes without saying that login to the IB is not necessary since the portal is already logged in. In addition, when a portal failure or maintenance occurs, the screen 100 is not displayed. Therefore, if the login screen to the portal is normal and the portal can be logged in by the direct login mechanism of this system (if the authentication server is normal) ) Even if the portal site itself is faulty, the screen 110 is displayed without going through the screen 100, so that the IB can be accessed.

  FIG. 8 is a diagram illustrating an example of a maintenance information screen at the time of portal site failure. The screen 200 indicates that a direct login (direct login) is being performed because the portal site is currently under maintenance. Actually, the system name or popular name of Internet banking is displayed in “00”. If there is a service other than Internet banking, the name of the system is added to the above message.

  The screen 210 is a screen indicating that the user has actually directly accessed Internet banking by direct login. By displaying the screen 200 and the screen 210 to the user, it is possible to notify the user of the system status (failure occurrence, recovery, etc.) more quickly.

  This is the end of the description of the embodiment of the present system. However, the above-described system configuration is merely an example, and one functional block (database and processing unit) is divided, or a plurality of functional blocks are combined into one function. It may be configured as a block. Each processing unit is realized by a computer program executed by the CPU by reading out a computer program stored in a storage device such as a ROM (Read Only Memory) or a hard disk by a CPU (Central Processing Unit) built in the device. Is done. That is, each processing unit reads and writes necessary data such as a table from a database (DB; Data Base) stored in a storage device or a storage area on a memory. It is realized by controlling hardware (for example, input / output device, display device, communication interface device). Further, the database (DB) in the embodiment of the present invention may be a commercial database, but it simply means a collection of tables and files, and the internal structure of the database itself is not questioned.

(Effect of embodiment)
According to this system, even if a failure occurs in a portal, it is possible to connect directly to another system that is an SSO target including the IB that uses the portal without going through the portal. it can. Here, since the portal site and the internet banking server are SSO targets, it is possible to log in to the internet banking server even if the portal site has a failure. Further, by providing the connection priority DB for each user, it becomes possible to access different system sites for each user in the event of a portal failure.

(Application to other systems)
The embodiment of the present invention has been described by taking Internet banking for overseas corporations in particular as an example, but in particular, a single login location is used like a portal, and multiple systems are used with a single user authentication and SSO. It can be applied to a system that enables it. Moreover, it is applicable not only to overseas Internet banking but also to domestic Internet banking and other systems, and Internet banking and other systems targeted at individuals.

  As mentioned above, although this invention was demonstrated using embodiment, it cannot be overemphasized that the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above embodiment. Further, it is apparent from the scope of the claims that embodiments with such changes or improvements can also be included in the technical scope of the present invention. In the above-described embodiment, the present invention has been described as a product system with a login system. However, the present invention can also be understood as a method invention (login method) or a computer program invention (login program).

  Also, the first system (Web server), the second server (authentication server), the third server (portal server), and the fourth server, which are generalized from the system and connected to the user terminal via the Internet It can also be regarded as an invention of an access control system that controls access from a user terminal in a system to which (IB server) is connected.

10 Customer terminal (browser)
11 Overseas corporation portal login screen 12 Overseas corporation IB home screen 13 Overseas corporation IB startup screen from overseas corporation portal 14 Overseas corporation IB home screen 20 Web server 21 Access control means 22 Authorization means 23 Cooperation information generation means 30 AP server (application server) )
31 Authentication Server 32 Login Authentication Means 33 Overseas Corporate Portal Server (Overseas Corporate Portal Site)
34 Top page generation means of overseas corporate portal 35 ID management server 36 Registration ID data DB
37 IB home screen generation means 38 Other systems (SSO destination)
39 Home screen generation means of other systems 40 Portal failure acquisition means 41 Overseas corporation IB server (overseas corporation IB site)
42 System monitoring means 43 User-specific connection priority DB
100 Portal top page 110 Home screen of IB site 200 Maintenance information screen indicating that the portal site is under maintenance 210 Maintenance information screen indicating that the portal site is directly connected to the IB site

Claims (6)

A login system comprising a Web server connected to a customer terminal via the Internet, and an authentication server connected to the Web server,
The authentication server is
Login authentication means for performing login authentication of a customer from the customer terminal;
Portal failure acquisition means for acquiring failure information of a portal site that serves as an entrance to the customer's Internet banking server,
The web server
Authorization means for authorizing access from the customer terminal to the Internet banking server after login authentication of the authentication server;
After completion of authorization by the authorization means, the cooperation information generation means for generating cooperation information including the failure information of the portal site acquired by the portal failure acquisition means and transmitting to the Internet banking server,
The internet banking server is
When the received cooperation information includes failure information of the portal site, the Internet banking home screen is transmitted to the customer terminal.
A login system characterized by that.   The login system according to claim 1, wherein the login authentication unit performs login authentication with single sign-on for the Internet banking server.   The Web server is connected to the Internet banking server and a server of another system subject to single sign-on according to a user connection destination priority stored in a connection priority DB for each user. The login system according to 2. A login method in a system comprising a Web server connected to a customer terminal via the Internet and an authentication server connected to the Web server,
The authentication server is
Performing customer login authentication from the customer terminal;
Obtaining fault information of a portal site that serves as an entrance to the customer's Internet banking server,
The web server is
Authorizing access to the Internet banking server of the customer terminal after login authentication of the authentication server;
After the completion of the authorization by the step of authorizing, generating linkage information including the failure information of the portal site acquired in the step of acquiring failure information of the portal site, and transmitting to the Internet banking server,
The internet banking server is
A login method comprising a step of transmitting an Internet banking home screen to the customer terminal when the received cooperation information includes failure information of the portal site.   The login program which makes a computer perform each step of Claim 4. An access control system comprising a first server connected to a user terminal via the Internet, and a second server connected to the first server,
The second server is
Means for authenticating the user via the first server;
Means for the user to control access to a fourth server via a third server connected to the second server;
Means for acquiring failure information of the third server,
The first server is
Means for authorizing access to the fourth server of the terminal of the user after authentication of the user;
Means for transmitting failure information of the third server to the fourth server after the authorization by the means for authorizing is completed,
The fourth server is
In response to the received failure information, a means for accessing the fourth server is transmitted to the user terminal.
An access control system characterized by that.

Images