WO2015002321A1 - Communication system - Google Patents

Communication system Download PDF

Info

Publication number
WO2015002321A1
WO2015002321A1 PCT/JP2014/068047 JP2014068047W WO2015002321A1 WO 2015002321 A1 WO2015002321 A1 WO 2015002321A1 JP 2014068047 W JP2014068047 W JP 2014068047W WO 2015002321 A1 WO2015002321 A1 WO 2015002321A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
communication terminal
terminal device
user
personal identification
Prior art date
Application number
PCT/JP2014/068047
Other languages
French (fr)
Japanese (ja)
Inventor
摩利夫 岡部
Original Assignee
株式会社Gct研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Gct研究所 filed Critical 株式会社Gct研究所
Priority to JP2015525306A priority Critical patent/JP6312672B2/en
Publication of WO2015002321A1 publication Critical patent/WO2015002321A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the embodiment described in this specification relates to a communication system.
  • the contents of communication When sending and receiving data via data communication, the contents of communication must not be acquired by a receiver that is not intended by the sender, but the contents of communication may be leaked due to erroneous transmission or server intrusion.
  • Measures such as setting a password on the document to be sent are taken as means to prevent such inconvenience.
  • One embodiment of the present invention allows only the person originally intended by the sender to view without sending fingerprint data to another person (sender or receiver of the other party of communication). It aims at providing the technique which prevents a person who is not originally intended for browsing from browsing.
  • the first embodiment of the present invention is proposed as a communication system.
  • This communication system includes storage means, management means, and request processing means.
  • the storage means includes first personal identification data corresponding to the user of the transmission source communication terminal device and registration data paired with the user identification information of the user, and second corresponding to the user of the transmission destination communication terminal device. Personal identification data of the user and registration data paired with the user identification information of the user.
  • the management means stores the communication content transmitted from the transmission source communication terminal device, sets at least a part of the communication content, and sets a browsing restriction portion that is a portion that cannot be viewed in the transmission destination communication terminal device, Before the fingerprint authentication of the user of the transmission destination communication terminal device is successful, the communication content in which the browsing restriction portion is disabled to be browsed is transmitted to the transmission destination communication terminal device, and the user of the transmission destination communication terminal device After fingerprint authentication is successful, the transmission destination communication terminal apparatus transmits data that enables browsing of the browsing restricted portion to the transmission destination communication terminal apparatus.
  • the request processing means When receiving the browsing restriction release request message from the transmission destination communication terminal device, the request processing means receives third personal identification data transmitted together with the user identification information from the transmission destination communication terminal device, and includes the user identification information in the user identification information.
  • the management means An instruction is sent to the destination communication terminal apparatus for transmitting the data that allows the browsing restricted portion to be viewed on the destination communication terminal apparatus.
  • the block diagram which shows the structural example of the communication system concerning this Embodiment.
  • Functional block diagram showing a configuration example of a transmission source communication terminal device
  • Functional block diagram showing a configuration example of a destination communication terminal device
  • Functional block diagram showing a configuration example of the communication management server
  • Sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the transmission source communication terminal device
  • Sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the destination communication terminal device
  • the flowchart which shows the example of the browsing restriction cancellation request process which is the main operation
  • Fingerprint data refers to a fingerprint image or data generated based on the fingerprint image, and refers to data that can uniquely identify a user.
  • fingerprint image data either a fingerprint or a part of a fingerprint may be used
  • Fingerprint feature value data and data obtained as a result of transforming fingerprint feature value data by a predetermined transformation method (such as fast Fourier transform).
  • Perfect identification data refers to data that can uniquely identify an individual.
  • the personal identification data includes so-called biometric data such as fingerprint data, face image data, and vein pattern data.
  • FIG. 1 is a block diagram illustrating a configuration example of a communication system according to the present embodiment.
  • the communication system 1 includes a transmission source communication terminal device 10 that can be connected to the communication network 40 and a transmission destination communication terminal device 30 that can be connected to the communication network 40 when connected to the communication network 40.
  • the transmission source communication terminal device 10 is a device that transmits some content to the transmission destination communication terminal device 30 via the communication management server 20.
  • the transmission source communication terminal device 10 is an information processing device having a communication function such as a computer (including a tablet computer), a mobile phone (including a smartphone), a game machine, and the like.
  • FIG. 2 is a functional block diagram showing a configuration example of the transmission source communication terminal device 10.
  • the components shown in the functional block diagram are the functions of the transmission source communication terminal device 10 that are collectively regarded as a block for each function, and the transmission source communication terminal device 10 corresponds to each component. It does not mean that physical components such as circuits, parts, etc. must be provided. “Connected” means that data, information, instructions, etc. can be sent, received, delivered, etc. It is not limited. The same applies to the description of other functional block diagrams in this specification.
  • the transmission source communication terminal device 10 includes a communication control unit 11 that can be connected to the communication network 40, a client unit 12 connected to the communication control unit 11, a fingerprint reading unit 14 connected to the client unit 12, an input unit 15, And an output unit 16.
  • the client unit 12 has a fingerprint registration request unit 13.
  • the communication control unit 11 converts the data generated by the client unit 12 into an electric signal or the like, transmits the individual electric signal or the like to the communication network 40 according to a predetermined communication protocol, and transmits the electric signal or the like from the communication network 40 to the predetermined signal. It has a function of receiving according to a communication protocol, converting the data into data readable by the client unit 12, and passing the converted data to the client unit 12.
  • the communication control unit 11 is, for example, a LAN adapter or a communication board.
  • the client unit 12 has a function of processing transmission / reception of communication contents in cooperation with the communication management server 20.
  • the client unit 12 is, for example, a mail client, a Web browser, a mobile application, or the like.
  • the fingerprint registration request unit 13 has a function of executing the fingerprint / user registration of the user (communication executor) in the communication management server 20.
  • Fingerprint / user registration refers to recording a pair of image data of a user's fingerprint and user identification information, which is information that uniquely identifies the user.
  • the fingerprint registration request unit 13 is, for example, an add-in, an application, or an application.
  • the fingerprint reading unit 14 has a function of reading a fingerprint of a user (communication executor) and outputting fingerprint image data that is fingerprint image data.
  • the fingerprint reading unit 14 is, for example, a fingerprint reading device and its driver software.
  • the fingerprint reader may be either a fingerprint sensor built in a PC or a mobile phone, or a so-called external fingerprint sensor.
  • the input unit 15 has a function of inputting user's instruction content to the transmission source communication terminal device 10, and is, for example, a keyboard, a numeric keypad, a touch panel, a pointing device, or the like.
  • the output unit 16 has a function of outputting the processing result of the transmission source communication terminal device 10 in a manner that can be recognized by the user, and is, for example, a liquid crystal panel device.
  • the transmission destination communication terminal device 30 is a device that receives communication contents from the transmission source communication terminal device 10 via the communication management server 20.
  • the destination communication terminal device 30 is an information processing device having a communication function such as a computer (including a tablet computer), a mobile phone (including a smartphone), a game machine, and the like.
  • FIG. 3 is a functional block diagram showing a configuration example of the transmission destination communication terminal device 30.
  • the destination communication terminal device 30 includes a communication control unit 31 that can be connected to the communication network 40, a client unit 32 connected to the communication control unit 31, a fingerprint reading unit 34 connected to the client unit 32, an input unit 35, and And an output unit 36.
  • the client unit 32 has a fingerprint registration request unit 33 and a browsing restriction release request unit 37.
  • the communication control unit 31, the client unit 32, the fingerprint reading unit 34, the input unit 35, and the output unit 36 of the transmission destination communication terminal device 30 are respectively the communication control unit 11, the client unit 12, and the fingerprint reading unit of the transmission source communication terminal device 10. 14, since it is a component which has the same function as the input part 15 and the output part 16, these detailed description is abbreviate
  • the browsing restriction release request unit 37 can browse the contents restricted by the communication management server 20 when a part of the communication contents is restricted.
  • a browsing restriction release request which is a message requesting that the communication management server 20 be generated.
  • the browsing cancellation request message includes image data of the fingerprint of the user of the destination communication terminal device 30 and user identification information that is information for uniquely identifying the user, or is transmitted separately.
  • the viewing restriction release request unit 37 is, for example, an add-in, an application, an application, or the like.
  • the communication management server 20 has a function of receiving communication contents from the transmission source communication terminal apparatus 10 and causing the transmission destination communication apparatus to receive the communication contents.
  • the communication management server 20 transmits a part of the communication contents to the transmission destination communication terminal apparatus 30 so that the contents of the browsing restriction area cannot be browsed with the browsing restriction area.
  • the communication management server 20 makes it possible for the user of the destination communication terminal apparatus 30 to view the contents of the viewing restricted area on condition that the user of the destination communication terminal apparatus 30 succeeds in fingerprint authentication.
  • the communication management server 20 is an information processing apparatus having a communication function such as a computer, a workstation, or a server.
  • the information processing apparatus includes an arithmetic processing unit (CPU), a main memory (RAM), and a read-only memory (ROM), an input / output device (I / O), and, if necessary, an external storage device such as a hard disk device.
  • CPU central processing unit
  • RAM main memory
  • ROM read-only memory
  • I / O input / output device
  • an external storage device such as a hard disk device.
  • the present embodiment is also established as a configuration in which a plurality of computers, workstations, and servers are connected to each other and function as the communication management server 20.
  • FIG. 4 is a functional block diagram showing a configuration example of the communication management server 20.
  • the communication management server 20 includes a server-side communication control unit 21 connected to the communication network 40, a fingerprint data registration unit 22 connected to the server-side communication control unit 21, and a fingerprint database unit connected to the fingerprint data registration unit 22. 23, a communication management unit 24 connected to the server side communication control unit 21, and a browsing restriction release request processing unit connected to the server side communication control unit 21 and connected to the fingerprint database unit 23 and the communication management unit 24 25.
  • the fingerprint database unit 23 corresponds to the storage unit according to the present embodiment
  • the communication management unit 24 corresponds to the management unit of the present embodiment
  • the browsing restriction release request processing unit 25 performs the request processing according to the present embodiment. Corresponds to means.
  • the server-side communication control unit 21 converts the data generated by the communication management server 20 into an electric signal or the like, and transmits the individual electric signal or the like to the communication network 40 according to a predetermined communication protocol. Is received according to a predetermined communication protocol, converted into readable data, and the converted data is passed to each unit.
  • the server side communication control unit 21 is, for example, a LAN adapter, a communication board, or the like.
  • the fingerprint data registration unit 22 has a function of executing a fingerprint / user registration when receiving a fingerprint / user registration request from the transmission source communication terminal device 10 and the transmission destination communication terminal device 30.
  • the fingerprint data registration unit 22 generates fingerprint / user registration data that is a pair of fingerprint data and user identification information, and stores the fingerprint / user registration data in the fingerprint database unit 23.
  • the fingerprint database unit 23 has a function of storing the fingerprint / user registration data generated by the fingerprint data registration unit 22.
  • the fingerprint database unit 23 corresponds to the storage unit of the present embodiment.
  • the communication management unit 24 stores the communication content transmitted from the transmission source communication terminal device 10, sets a browsing restriction area in this communication content, and transmits the communication before the user's fingerprint authentication of the transmission destination communication terminal device 30 succeeds.
  • the communication content is transmitted to the destination communication terminal device 30 in a state in which the browsing restricted area is not viewable, and after the fingerprint authentication of the user of the destination communication terminal device 30 is successful, the browsing restricted region (or the destination communication terminal device 30 is displayed).
  • the browsing restriction itself may be canceled) and the communication content is transmitted.
  • the communication management unit 24 corresponds to the management unit of the present embodiment.
  • the method for making the browsing-restricted area unviewable is as follows, for example.
  • the browsing restriction release is performed by transmitting only the deleted data or the communication content before the deletion to the transmission destination communication terminal device 30 by the communication management server, more specifically, the communication management unit 24.
  • the communication management server more specifically, the communication management unit 24 adds data indicating the browsing restriction area to the communication content. For example, a tag indicating the start of the browsing restricted area, a tag indicating the end of the browsing restricted area, and the like.
  • the communication management server more specifically, the communication management unit 24, transmits the communication content to which the data indicating the browsing restriction area is added to the transmission destination communication terminal device 30.
  • the transmission destination communication terminal device 30 that has received the communication content to which the data indicating the browsing restriction area is added, more specifically, the client unit 12 specifies the data specified by the data indicating the browsing restriction area in displaying and reproducing the communication content. Is replaced with other data (for example, blank, a specific symbol (asterisk, etc.), and the replaced content data is displayed.
  • Browsing restriction release is performed according to a browsing restriction release permission message from the communication management server 20.
  • the transmission destination communication terminal device 30, more specifically, the client unit 12 displays the communication content before the replacement is performed.
  • the communication management server, more specifically, the communication management unit 24 encrypts a portion corresponding to the browsing restricted area in the communication content. Any encryption method may be used.
  • the communication management server, more specifically, the communication management unit 24, transmits the communication content in which the browsing restriction area is encrypted to the transmission destination communication terminal device 30.
  • the transmission destination communication terminal device 30 that has received the communication content in which the browsing restriction area is encrypted more specifically, the client unit 12 displays the communication content as it is. A message indicating that the browsing restricted area is encrypted may be displayed in the communication content.
  • the browsing restriction release in response to a browsing restriction release permission message from the communication management server 20, the destination communication terminal device 30, more specifically, the client unit 12 decrypts the encrypted part, and the communication content after decryption By displaying.
  • the browsing restriction area is a method in which the original communication content is not displayed as it is before the browsing restriction is released and the communication content is displayed with the original content after the browsing restriction is released. It is applicable to the present invention.
  • the browsing restriction release request processing unit 25 When the browsing restriction release request processing unit 25 receives the browsing restriction release request message from the transmission destination communication terminal device 30, the browsing restriction release request processing unit 25 associates the fingerprint data transmitted together with the user identification information from the transmission destination communication terminal device 30 with the user identification information. If the fingerprint data stored in the fingerprint database unit 23 is compared and collated and it is determined that the two fingerprint data match, the communication management unit 24 releases the browsing restriction area of the communication content (releases the browsing restriction itself). ).
  • the browsing restriction release request processing unit 25 corresponds to request processing means of the present invention.
  • the communication network 40 may be any communication line that connects the transmission destination communication terminal device 30 and the communication management server 20, and the transmission source communication terminal device 10 and the communication management server 20 so that they can communicate with each other. .
  • the communication network 40 may be any communication line that connects the transmission destination communication terminal device 30 and the communication management server 20, and the transmission source communication terminal device 10 and the communication management server 20 so that they can communicate with each other.
  • FIG. 5 is a sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the transmission source communication terminal device 10.
  • the transmission source communication terminal device 10 When the user of the transmission source communication terminal device 10 activates the fingerprint registration request unit 13 of the transmission source communication terminal device 10, the transmission source communication terminal device 10, more specifically, the fingerprint registration request unit 13 registers the fingerprint in the communication management server 20. A request message is transmitted (S110). The communication management server 20 that has received the fingerprint registration request message activates the fingerprint data registration unit 22, and the fingerprint data registration unit 22 transmits a fingerprint registration request acceptance message to the transmission source communication terminal device 10 (S120).
  • the source communication terminal device 10 that has received the fingerprint registration request acceptance message, more specifically, the fingerprint registration request unit 13 activates the fingerprint reading unit 14 to enable the fingerprint reading and causes the output unit 16 to read the fingerprint to the user.
  • a prompt message (for example: “Start fingerprint reading. Touch your index finger in the fingerprint reading area”) is displayed, and the fingerprint reading unit 14 reads the fingerprint (S130).
  • the fingerprint reading unit 14 When the fingerprint reading is successful, the fingerprint reading unit 14 generates fingerprint data and passes the fingerprint data to the fingerprint registration requesting unit 13.
  • the fingerprint registration request unit 13 that has received the fingerprint data transmits user identification information of the user who is executing the fingerprint registration request to the communication management server 20 together with the fingerprint data (S140).
  • the user registration information is automatically read by the fingerprint registration requesting unit 13 from information stored in the source communication terminal device 10 or the client unit 12 (for example, individual identification information, telephone number, web service user ID).
  • the fingerprint registration request unit 13 may display a message prompting the user to input user identification information on the output unit 16, and information input by the user using the input unit 15 ( For example, any one of characters, symbols, numbers, or a combination of two or more thereof may be transmitted as the user identification information.
  • the communication management server 20 that has received the fingerprint data and the user identification information from the transmission source communication terminal device 10, more specifically, the fingerprint data registration unit 22, generates fingerprint / user registration data paired with the fingerprint data and the user identification information, A fingerprint / user registration process, which is a process to be stored in the fingerprint database unit 23, is executed (S150).
  • the communication management server 20 When the fingerprint / user registration process is completed, the communication management server 20, more specifically the fingerprint data registration unit 22, transmits a registration completion notification message to the transmission source communication terminal device 10 (S160).
  • the transmission source communication terminal device 10 that has received the registration completion notification message, more specifically, the fingerprint registration request unit 13 displays a display informing the user that the fingerprint registration process has been completed normally on the output unit 16 and ends the fingerprint registration process. To do.
  • FIG. 6 is a sequence diagram illustrating an operation example at the time of fingerprint / user registration for the user of the transmission destination communication terminal device 30. Since each of step S210 to step S260 shown in FIG. 6 has the same processing contents as step S110 to step S160 shown in FIG. 5, description of these processing contents is omitted.
  • the communication management server 20 is a process for enabling the user of the destination communication terminal apparatus 30 to view the contents of the browsing restricted area on condition that the user of the destination communication terminal apparatus 30 succeeds in fingerprint authentication.
  • FIG. 7 shows a sequence diagram showing an example of communication management processing in the communication system 1.
  • a case where the user of the transmission source communication terminal apparatus 10 transmits Web mail to the user of the transmission source communication terminal apparatus 10 will be described as an example.
  • the user of the source communication terminal device 10 activates the client unit 12 of the source communication terminal device 10 and inputs communication contents (destination address, mail subject, mail text) from the input unit 15.
  • communication contents destination address, mail subject, mail text
  • the user causes the client unit 12 of the transmission source communication terminal device 10 to transmit a Web mail (S310).
  • the communication content transmitted from the client unit 12 of the transmission source communication terminal device 10 is received by the communication management server 20 (corresponding to a Web mail server in this example), and the communication management server 20, more specifically, communication management.
  • the unit 24 stores the communication content (S320).
  • communication content identification information (referred to as a mail ID) for uniquely specifying the communication content is assigned to each communication content and stored.
  • the communication management server 20, more specifically, the communication management unit 24, sets the mail text in the communication restriction in the browsing restriction area. It should be noted that which part is set as the browsing restriction area may be set in the communication management unit 24 in advance, or can be arbitrarily designated when the user of the transmission source communication terminal device 10 transmits the communication contents. Also good.
  • the user of the transmission destination communication terminal apparatus 30 activates the client unit 32 of the transmission destination communication terminal apparatus 30 in order to view the Web mail addressed to the user.
  • the client unit 32 of the transmission destination communication terminal device 30 browses the communication contents together with information (for example, user ID, mail address, etc.) that identifies the user of the transmission destination communication terminal device 30 to the communication management server 20, more specifically, the communication management unit 24.
  • a request message is transmitted (S330).
  • the communication management server 20 that has received the communication content browsing request message, more specifically, the communication management unit 24, extracts and extracts the communication content addressed to the user of the destination communication terminal device 30 from the stored communication content.
  • the communication content is transmitted to the destination communication terminal apparatus 30 (S340).
  • the content of communication transmitted at this time has been deleted from the browsing-restricted area or has been replaced with another content (for example, “browsing is restricted”).
  • the transmission destination communication terminal device 30 that has received the communication content transmitted in step S340, more specifically, the client unit 32 causes the output unit 36 to display the communication content.
  • the content of the viewing restricted area is deleted or replaced with another content (for example, “browsing restricted” is displayed)
  • the actual content of the viewing restricted area is displayed in the output unit 36.
  • the user of the destination communication terminal device 30 is in a state where the sender and the subject of the Web mail addressed to himself / herself can be viewed but the mail text cannot be viewed.
  • the browsing restriction release request unit 37 is activated by activating a predetermined icon or button.
  • the activated browsing restriction release request unit 37 starts a browsing restriction release request process (S360).
  • the browsing restriction release request unit 37 that has started the browsing restriction release request process activates the fingerprint reading unit 34 to make the fingerprint readable state and prompts the output unit 36 to read the fingerprint (for example: “print fingerprint reading”). Touch the index finger in the fingerprint reading area. ”) And the fingerprint reading unit 34 reads the fingerprint (S370).
  • the fingerprint reading unit 34 When the fingerprint reading is successful, the fingerprint reading unit 34 generates fingerprint data and passes the fingerprint data to the browsing restriction release requesting unit 37.
  • the browsing restriction release request unit 37 that has received the fingerprint data, together with the browsing restriction release request message, sets the fingerprint data read in step S370, the user identification information of the user who is executing the fingerprint registration request, and the target of the browsing restriction release.
  • Communication content identification information (for example, mail ID) for specifying the communication content is transmitted to the communication management server 20 (S380).
  • the communication management server 20, more specifically, the browsing restriction release request processing unit 25 performs fingerprint data authentication processing (S390). Specifically, the browsing restriction release request processing unit 25 reads out fingerprint data corresponding to the user identification information from the fingerprint database unit 23 using the user identification information transmitted in step S380 as a key, and in step S380. The sent fingerprint data is collated (S390).
  • the browsing restriction release request processing unit 25 releases the browsing restriction area for the communication content corresponding to the communication content identification information transmitted to the communication management unit 24 in step S380. Then, it instructs the transmission destination communication terminal apparatus 30 that has transmitted the browsing restriction release request message to transmit it. On the other hand, when it is determined that they do not match as a result of the collation, the browsing restriction release request processing unit 25 transmits a message notifying that the authentication has failed to the transmission destination communication terminal device 30 that has transmitted the browsing restriction release request message. (Not shown).
  • the communication management unit 24 instructed to release the browsing restriction releases the browsing restriction area and browses the communication content corresponding to the communication content identification information transmitted in step S380.
  • the restriction release request message is transmitted to the transmission destination communication terminal device 30 (S400).
  • the communication management unit 24 transmits the communication content in which the content of the mail text remains as it is to the transmission destination communication terminal device 30.
  • “Release the browsing restriction area” means that the contents of the browsing restriction area can be browsed in the destination communication terminal device 30.
  • the transmission destination communication terminal device 30 that has received the communication content whose browsing restriction area has been released, more specifically, the client unit 32, displays the communication content on the output unit 16 in a state where the browsing restricted area can be browsed ( S410). Specifically, the mail text (viewing restricted area) whose contents were not displayed on the output unit 36 in step S350 is displayed in step S410.
  • FIG. 8 is a flowchart illustrating an example of processing (viewing restriction release request processing) when a browsing restriction release request that is the main operation of the communication management server 20 is received.
  • the communication management server 20, more specifically, the browsing restriction release request processing unit 25 receives a communication content browsing request message from the destination communication terminal device 30 (S10).
  • the communication management server 20 that has received the communication content browsing request message, more specifically, the communication management unit 24, determines whether there is communication content addressed to the user of the destination communication terminal device 30 among the stored communication content. (S20). When it is determined that there is no communication content addressed to the user of the destination communication terminal device 30 (S20, No), the communication management server 20, more specifically, the communication management unit 24 sends a message that there is no communication content addressed to the user. The data is transmitted to the destination communication terminal device 30 (S30), and the process is terminated. On the other hand, when it is determined that there is communication content addressed to the user of the destination communication terminal device 30 (S20, Yes), the communication management server 20, more specifically, the communication management unit 24, addresses the user of the destination communication terminal device 30. The communication content is extracted, and the extracted communication content is transmitted to the destination communication terminal device 30 (S40).
  • the communication management server 20 more specifically, the browsing restriction release request processing unit 25 waits for a browsing restriction release request message from the transmission destination communication terminal device 30 (S50).
  • the communication management server 20 When receiving the browsing restriction release request message from the transmission destination communication terminal device 30, the communication management server 20, more specifically, the browsing restriction release request processing unit 25, uses the user identification information transmitted from the transmission destination communication terminal device 30 as a key. Then, the fingerprint data corresponding to the user identification information is read from the fingerprint database unit 23, and it is determined whether or not the fingerprint data transmitted from the destination communication terminal device 30 matches (S60).
  • the browsing restriction release request processing unit 25 displays the communication content corresponding to the communication content identification information transmitted to the communication management unit 24 in the browsing restriction area. And the communication management unit 24 instructed to transmit the browsing restriction release request message to the transmission destination communication terminal apparatus 30 and instructed to release the browsing restriction, corresponds to the transmitted communication content identification information.
  • the communication content is released from the browsing restriction area and transmitted to the destination communication terminal device 30 that has sent the browsing restriction release request message (S70), and then the communication management server 20 ends the browsing restriction release request process.
  • the communication management server 20 when it is determined that these do not match as a result of the collation (S60, No), the communication management server 20, more specifically, the browsing restriction release request processing unit 25, transmits the destination communication terminal device 30 that has transmitted the browsing restriction release request message. (S80), and then the communication management server 20 ends the browsing restriction release request process.
  • the communication management server 20 ends the browsing restriction release request process.
  • the communication system according to the second embodiment has basically the same configuration as the communication system 1 according to the first embodiment. In the following, differences between the communication system according to the second embodiment and the communication system 1 according to the first embodiment will be described.
  • FIG. 9 shows a functional block diagram of the transmission source communication terminal apparatus in the present embodiment.
  • the source communication terminal device 10A in the present embodiment is different in that the client unit 12A further includes a fingerprint data providing unit 17 for identity verification, and other configurations are related to the first embodiment. This is the same as the transmission source communication terminal device 10.
  • the same components are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the personal identification fingerprint data providing unit 17 The fingerprint data of the user of the communication terminal device 10A is newly acquired by the fingerprint reading unit 14, or the fingerprint data of the user of the transmission source communication terminal device 10A that has been stored in the transmission source communication terminal device 10A in advance is read. The fingerprint data is transmitted to the communication management server 20A.
  • the personal identification fingerprint data providing unit 17 corresponds to a personal identification data providing unit.
  • FIG. 10 shows a functional block diagram of the communication management server in the present embodiment.
  • the communication management server 20A in the present embodiment is different in that it further includes an identity verification processing unit 26, and the other configuration is the same as that of the communication management server 20 according to the first embodiment.
  • the same components are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the identity verification processing unit 26 is connected to the server side communication control unit 21 and the fingerprint database unit 23.
  • the identity confirmation processing unit 26 When the identity confirmation processing unit 26 receives the identity confirmation request message from the transmission destination communication terminal device 30A, the fingerprint data transmitted together with the communication content from the transmission destination communication terminal device 30A and the user of the transmission source communication terminal device 10A.
  • the user's fingerprint data stored in the fingerprint database unit 23 at the time of user registration is compared, and if both fingerprint data match, a notification message indicating that the identity verification was successful is sent to the destination communication terminal device 30A. It has the function to do.
  • the identity verification processing unit 26 sends a fingerprint data transmission request message to the transmission source communication terminal device 10A, more specifically, to the identity verification fingerprint data providing unit 17.
  • the fingerprint data transmitted from the transmission source communication terminal device 10A, more specifically, the personal identification fingerprint data providing unit 17 may be used in accordance with this.
  • the identity verification processing unit 26 corresponds to identity verification processing means.
  • FIG. 11 shows a functional block diagram of the transmission destination communication terminal apparatus in the present embodiment.
  • the destination communication terminal device 30A in the present embodiment is different in that the client unit 32 further includes an identity confirmation requesting unit 38, and the other configuration is the source communication according to the first embodiment. This is the same as the terminal device 30.
  • the same components are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the identity confirmation requesting unit 38 communicates an identity confirmation request message, which is a message requesting confirmation that the communication content is transmitted by the user himself / herself of the destination communication terminal device 30A, in accordance with a user operation or the like. It has a function of transmitting to the management server 20A, more specifically to the identity confirmation processing unit 26).
  • the identity verification request unit 38 corresponds to a sender identity verification request unit.
  • FIG. 12 is a sequence diagram illustrating an operation of the communication system according to the second embodiment.
  • the user of the transmission source communication terminal device 10A inputs communication contents (e-mail text etc.) (not shown) and executes fingerprint data reading (S310A).
  • the fingerprint data is read by the fingerprint reading unit 14, and the fingerprint data generated as a result of the fingerprint data reading is passed to the client unit 12.
  • the client unit 12 transmits fingerprint data (hereinafter referred to as “identification fingerprint data for identification”) to the communication management server 20A together with information for identifying the user and communication contents (S310B).
  • fingerprint data hereinafter referred to as “identification fingerprint data for identification”
  • the communication management server 20A that has received the communication content and the fingerprint data for identity verification stores these (S310C). More specifically, the communication content is stored by the communication management unit 24, and the personal identification fingerprint data is stored in the personal verification processing unit 26.
  • the client unit 32 of the transmission destination communication terminal apparatus 30 includes information (for example, a user ID, a mail address, etc.) that identifies the user of the transmission destination communication terminal apparatus 30 to the communication management server 20, more specifically, the communication management unit 24.
  • a communication content browsing request message is transmitted (S501).
  • the transmission destination communication terminal device 30 transmits a sender identity confirmation request message to the communication management server 20 (S502).
  • the communication management server 20A uses the information for specifying the user as a key to print fingerprint data corresponding to the information for specifying the user from the fingerprint database unit 23 (“user registration fingerprint”). Data)).
  • the personal identification processing unit 26 collates the personal identification fingerprint data with the user registration fingerprint data, and determines whether these fingerprint data match (S503). If it is determined that the fingerprint data match, the communication management server 20A, more specifically the identity verification processing unit 26, sends a message notifying that the identity of the sender who is the user of the transmission source communication terminal device 10A has been successfully verified. A certain identity verification success message is transmitted to the destination communication terminal apparatus 30A (S504). If it is determined that these fingerprint data do not match, a message notifying that the identity of the sender who is the user of the transmission source communication terminal apparatus 10A has not been successfully transmitted is transmitted to the transmission destination communication terminal apparatus 30A.
  • step S504 the communication system executes the processing from step S340 to step S410 described above, as in the first embodiment.
  • FIG. 13 is a sequence diagram illustrating an operation example of a modification of the communication system according to the second embodiment.
  • steps S310 and S320 are executed (not shown) as in the first embodiment.
  • the transmission destination communication terminal apparatus 30 transmits a sender identity confirmation request message to the communication management server 20 prior to the above-described step S330 or simultaneously with the transmission of the communication content browsing request message in step S330 (S601). ).
  • the communication management server 20A more specifically, the identity verification processing unit 26 transmits a fingerprint data request message to the destination communication terminal device 10A that is the destination of the communication contents (S602).
  • the destination communication terminal device 10A that has received the fingerprint data request message activates the fingerprint reading unit 14 to prompt the user to read the fingerprint, and the user responds accordingly.
  • the fingerprint reading unit 14 When the fingerprint reading process is executed (S603), the fingerprint reading unit 14 generates fingerprint data (hereinafter referred to as “identification fingerprint data”), and passes it to the identity verification fingerprint data providing unit 17.
  • the identity verification fingerprint data providing unit 17 sends this fingerprint data to the communication management server 20A, more specifically to the identity verification processing unit 26, together with information specifying the user, which is information specifying the user of the transmission source communication terminal device 20A. Transmit (S604).
  • the communication management server 20A that has received the fingerprint data for identity verification more specifically, the identity verification processing unit 26 stores the fingerprint data for identity verification (S605). Note that information identifying the user is stored in association with the fingerprint data for identity verification.
  • the communication management server 20A uses the information for specifying the user as a key to print fingerprint data corresponding to the information for specifying the user from the fingerprint database unit 23 (“user registration fingerprint”). Data)).
  • the personal identification processing unit 26 collates the personal identification fingerprint data with the user registration fingerprint data, and determines whether these fingerprint data match (S606). If it is determined that the fingerprint data match, the communication management server 20A, more specifically the identity verification processing unit 26, sends a message notifying that the identity of the sender who is the user of the transmission source communication terminal device 10A has been successfully verified. A certain identity verification success message is transmitted to the destination communication terminal device 30A (S607). If it is determined that these fingerprint data do not match, a message notifying that the identity of the sender who is the user of the transmission source communication terminal apparatus 10A has not been successfully transmitted is transmitted to the transmission destination communication terminal apparatus 30A.
  • step S607 the communication system executes the processing after step S330 described above, as in the first embodiment.
  • the communication management server 20 does not transmit the contents of the browsing restriction area to the transmission destination communication terminal device 30, but the communication management server 20 does not transmit the contents of the browsing restriction area.
  • the transmission destination communication terminal device 30 transmits the data as it is without deletion or replacement to the transmission destination communication terminal device 30 until the confirmation of fingerprint data matching is transmitted from the communication management server 20 to the transmission destination communication terminal device 30.
  • the present embodiment is established even when the client unit 12 is configured to suppress the display of the browsing restriction area.
  • the fingerprint data may not be the entire image of the read fingerprint, and a part (or a plurality of locations) of the image may be registered and collated.
  • the present invention is not limited to the Web mail, but an electronic mail and a file storage system. Browsing on systems that send and distribute data and information by identifying senders and information providers such as data exchange systems, personal pages such as auction sites, online securities, SNS, and corporate websites It is also possible to apply to.
  • the present invention can also be realized by using “personal identification data”, which is data that can uniquely identify an individual, instead of the fingerprint data of the above embodiment. [5. Summary, etc.] As mentioned above, although embodiment of this invention was described, this invention is not limited to these, A various change, addition, a combination, etc. are possible in the range which does not deviate from the meaning of invention.

Abstract

[Problem] To prevent communication content from being accessed by a person other than a recipient intended by a sender, by permitting access only by the recipient originally intended by the sender, without causing another person to acquire fingerprint data. [Solution] A communication management unit (24) stores communication content transmitted from a transmission source, sets a limited access region in the communication content, transmits the communication content, which is in a state in which the limited access region cannot be accessed, to a transmission destination before successful fingerprint authentication of a person using the transmission destination, and transmits the communication content, the limited access region of which has been cancelled, to the transmission destination after successful fingerprint authentication. If a limited access cancellation request processing unit (25) receives a limited access cancellation request message from the transmission destination, said processing unit compares: fingerprint data that has been transmitted, together with user identification information, from the transmission destination; and fingerprint data that is associated with the user identification information and stored in a storage means. If it is determined that both sets of fingerprint data match, the limited access cancellation request processing unit (25) instructs the communication management unit (24) to cancel the limited access region of the communication content.

Description

通信システムCommunications system
 本明細書に記載の実施の形態は、通信システムに関する。 The embodiment described in this specification relates to a communication system.
 近年の通信インフラの普及拡大、コンピュータなどの通信可能な機器の普及により、ネットワークを介してデータ通信により意思疎通を図ることが常態となってきている。例えば電子メールによる連絡、サイト閲覧による情報交換などである。 In recent years, with the spread of communication infrastructure and the spread of communicable devices such as computers, it has become normal to communicate through data communication over a network. For example, contact by e-mail and information exchange by browsing the site.
 データ通信による送受信に際しては、送信者が意図しない受信者に通信内容が取得されてはならないが、誤送信やサーバ侵入などにより通信内容が漏えいしてしまうことも考えられる。 When sending and receiving data via data communication, the contents of communication must not be acquired by a receiver that is not intended by the sender, but the contents of communication may be leaked due to erroneous transmission or server intrusion.
 かかる不都合を防止する手段として、送信する文書にパスワードを設定するなどの対策が採られている。 Measures such as setting a password on the document to be sent are taken as means to prevent such inconvenience.
特開平7-73123号公報JP-A-7-73123
 しかし、パスワードによる秘密保護では、解析ツールなどでパスワードを破られたり、不正な方法でパスワードを盗まれたりしてしまう恐れがある。パスワードに代わって指紋認証のような生体認証データを使用することも考えられるが、このような重要な情報をパスワードとして他者に取得させることは、問題が生じる恐れがある。 However, in the case of password protection, there is a risk that the password may be broken by an analysis tool, or the password may be stolen by an unauthorized method. Although it is conceivable to use biometric authentication data such as fingerprint authentication in place of the password, there is a possibility that a problem may occur if another person acquires such important information as a password.
 本発明の一の実施の形態は、指紋データを他者(通信の相手方である送信者、若しくは受信者)に取得させることなく、送信者が本来意図した者だけに閲覧を許容し、送信者にとって本来意図しない者が閲覧することを防止する技術を提供することを目的とする。 One embodiment of the present invention allows only the person originally intended by the sender to view without sending fingerprint data to another person (sender or receiver of the other party of communication). It aims at providing the technique which prevents a person who is not originally intended for browsing from browsing.
 本発明の第1の実施の形態は通信システムとして提案される。この通信システムは、記憶手段と、管理手段と、要求処理手段を有する。 The first embodiment of the present invention is proposed as a communication system. This communication system includes storage means, management means, and request processing means.
 記憶手段は、送信元通信端末装置の使用者に対応する第1の個人識別データと当該使用者のユーザ識別情報を対とする登録データと、送信先通信端末装置の使用者に対応する第2の個人識別データと当該使用者のユーザ識別情報を対とする登録データとを記憶する。 The storage means includes first personal identification data corresponding to the user of the transmission source communication terminal device and registration data paired with the user identification information of the user, and second corresponding to the user of the transmission destination communication terminal device. Personal identification data of the user and registration data paired with the user identification information of the user.
 管理手段は、送信元通信端末装置から送信された通信内容を記憶し、当該通信内容の少なくとも一部であって、送信先通信端末装置において閲覧不可とした部分である閲覧制限部分を設定し、送信先通信端末装置の使用者の指紋認証成功前においては、閲覧制限部分を閲覧不可の状態にした前記通信内容を前記送信先通信端末装置に送信し、前記送信先通信端末装置の使用者の指紋認証成功後においては、前記送信先通信端末装置において前記閲覧制限部分を閲覧可能とするデータを前記送信先通信端末装置に送信する。 The management means stores the communication content transmitted from the transmission source communication terminal device, sets at least a part of the communication content, and sets a browsing restriction portion that is a portion that cannot be viewed in the transmission destination communication terminal device, Before the fingerprint authentication of the user of the transmission destination communication terminal device is successful, the communication content in which the browsing restriction portion is disabled to be browsed is transmitted to the transmission destination communication terminal device, and the user of the transmission destination communication terminal device After fingerprint authentication is successful, the transmission destination communication terminal apparatus transmits data that enables browsing of the browsing restricted portion to the transmission destination communication terminal apparatus.
 要求処理手段は、前記送信先通信端末装置から閲覧制限解除要求メッセージを受信すると、前記送信先通信端末装置からユーザ識別情報と共に送信された第3の個人識別データを受信し、そのユーザ識別情報に対応付けられて前記記憶手段に記憶されている前記第2の個人識別データとを照合し、第3の個人識別データと第2の個人識別データが一致すると判定した場合は、前記管理手段に前記閲覧制限部分を前記送信先通信端末装置において閲覧可能とするデータを前記送信先通信端末装置に送信するよう命令する。 When receiving the browsing restriction release request message from the transmission destination communication terminal device, the request processing means receives third personal identification data transmitted together with the user identification information from the transmission destination communication terminal device, and includes the user identification information in the user identification information. When the second personal identification data associated with the second personal identification data stored in the storage means is collated and it is determined that the third personal identification data and the second personal identification data match, the management means An instruction is sent to the destination communication terminal apparatus for transmitting the data that allows the browsing restricted portion to be viewed on the destination communication terminal apparatus.
本実施の形態にかかる通信システムの構成例を示すブロック図The block diagram which shows the structural example of the communication system concerning this Embodiment. 送信元通信端末装置の構成例を示す機能ブロック図Functional block diagram showing a configuration example of a transmission source communication terminal device 送信先通信端末装置の構成例を示す機能ブロック図Functional block diagram showing a configuration example of a destination communication terminal device 通信管理サーバの構成例を示す機能ブロック図Functional block diagram showing a configuration example of the communication management server 送信元通信端末装置のユーザについての指紋・ユーザ登録時の動作例を示すシーケンス図Sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the transmission source communication terminal device 送信先通信端末装置のユーザについての指紋・ユーザ登録時の動作例を示すシーケンス図Sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the destination communication terminal device 通信システムにおける通信管理処理の一例を示したシーケンス図Sequence diagram showing an example of communication management processing in a communication system 通信管理サーバ20の主たる動作である閲覧制限解除要求処理の例を示すフローチャートThe flowchart which shows the example of the browsing restriction cancellation request process which is the main operation | movement of the communication management server 20. 第2の実施の形態における送信元通信端末装置の機能ブロック図Functional block diagram of a transmission source communication terminal device in the second embodiment 第2の実施の形態における通信管理サーバの機能ブロック図Functional block diagram of the communication management server in the second embodiment 第2の実施の形態における送信先通信端末装置の機能ブロック図Functional block diagram of a destination communication terminal device according to the second embodiment 第2の実施の形態にかかる通信システムの動作を示すシーケンス図The sequence diagram which shows operation | movement of the communication system concerning 2nd Embodiment. 第2の実施の形態にかかる通信システムの変形例の動作例を示すシーケンス図The sequence diagram which shows the operation example of the modification of the communication system concerning 2nd Embodiment.
 以下、図面を参照して本発明の実施の形態にかかる通信システムを説明する。
[0.用語の定義]
 本明細書において使用する用語の定義を述べる。
(1)「指紋データ」とは、指紋画像若しくはそれに基づいて生成させるデータであって、ユーザを一意に特定できるデータをいい、例えば、指紋画像データ(指紋全部、指紋の一部どちらでも良い)、指紋の特徴量データ、指紋の特徴量データを所定の変換方式(高速フーリエ変換など)で変換した結果得られるデータなどである。
(2)「個人識別データ」とは、個人を一意に識別可能なデータをいう。個人識別データは、指紋データ、顔画像データ、静脈パターンデータなどの、いわゆるバイオメトリクスデータを含む。
[1.第1の実施の形態]
 本発明の第1の実施の形態を説明する。第1の実施の形態は、通信内容の受信者の本人認証に成功した受信者のみに通信内容の閲覧をさせる通信システムとして提案される。図1は、本実施の形態にかかる通信システムの構成例を示すブロック図である。 Hereinafter, a communication system according to an embodiment of the present invention will be described with reference to the drawings.
[0. Definition of terms]
Definitions of terms used in this specification will be described.
(1) “Fingerprint data” refers to a fingerprint image or data generated based on the fingerprint image, and refers to data that can uniquely identify a user. For example, fingerprint image data (either a fingerprint or a part of a fingerprint may be used) , Fingerprint feature value data, and data obtained as a result of transforming fingerprint feature value data by a predetermined transformation method (such as fast Fourier transform).
(2) “Personal identification data” refers to data that can uniquely identify an individual. The personal identification data includes so-called biometric data such as fingerprint data, face image data, and vein pattern data.
[1. First Embodiment]
A first embodiment of the present invention will be described. The first embodiment is proposed as a communication system that allows only a recipient who has succeeded in authenticating the recipient of the communication content to view the communication content. FIG. 1 is a block diagram illustrating a configuration example of a communication system according to the present embodiment.
 通信システム1は、通信網40に接続されたと、前記通信網40に接続可能な送信元通信端末装置10と、前記通信網40に接続可能な送信先通信端末装置30とを有している。 The communication system 1 includes a transmission source communication terminal device 10 that can be connected to the communication network 40 and a transmission destination communication terminal device 30 that can be connected to the communication network 40 when connected to the communication network 40.
 [1.1.送信元通信端末装置]
 送信元通信端末装置10は、通信管理サーバ20を経由して送信先通信端末装置30に何らかの内容を送信する装置である。この送信元通信端末装置10は、コンピュータ(タブレット・コンピュータを含む)、携帯電話器(スマートフォンを含む)、ゲーム機、などの通信機能を備えた情報処理装置であって、この情報処理装置は、演算処理装置(CPU)、主メモリ(RAM)、読み出し専用メモリ(ROM)、入出力装置(I/O)、及び必要な場合にはハードディスク装置等の外部記憶装置を具備している装置である。 [1.1. Source communication terminal device]
The transmission source communication terminal device 10 is a device that transmits some content to the transmission destination communication terminal device 30 via the communication management server 20. The transmission source communication terminal device 10 is an information processing device having a communication function such as a computer (including a tablet computer), a mobile phone (including a smartphone), a game machine, and the like. An arithmetic processing unit (CPU), a main memory (RAM), a read-only memory (ROM), an input / output device (I / O), and an external storage device such as a hard disk device if necessary. .
 図2に送信元通信端末装置10の構成例を示す機能ブロック図を掲げる。なお、機能ブロック図中に示す構成要素は、送信元通信端末装置10の機能を機能ごとにまとめてブロックとして捉えたものであり、送信元通信端末装置10が各構成要素に対応する基板、装置、回路、部品などの物理的構成要素を備えていなければならないことを意味するわけではない。また、「接続されている」とは、データ、情報、命令などの送受信、受け取り、受け渡しなどが可能な状態になっていることをいい、互いに配線で連結されているような物理的な接続に限られる意味ではない。本明細書中の他の機能ブロック図の説明についても同様である。 FIG. 2 is a functional block diagram showing a configuration example of the transmission source communication terminal device 10. Note that the components shown in the functional block diagram are the functions of the transmission source communication terminal device 10 that are collectively regarded as a block for each function, and the transmission source communication terminal device 10 corresponds to each component. It does not mean that physical components such as circuits, parts, etc. must be provided. “Connected” means that data, information, instructions, etc. can be sent, received, delivered, etc. It is not limited. The same applies to the description of other functional block diagrams in this specification.
 送信元通信端末装置10は、通信網40と接続可能な通信制御部11と、通信制御部11に接続されたクライアント部12と、クライアント部12に接続された指紋読み取り部14、入力部15及び出力部16とを有する。クライアント部12は指紋登録要求部13を有している。 The transmission source communication terminal device 10 includes a communication control unit 11 that can be connected to the communication network 40, a client unit 12 connected to the communication control unit 11, a fingerprint reading unit 14 connected to the client unit 12, an input unit 15, And an output unit 16. The client unit 12 has a fingerprint registration request unit 13.
 通信制御部11は、クライアント部12で生成されたデータを電気信号等に変換し、個の電気信号等を所定の通信プロトコルに従って通信網40に送信し、通信網40から電気信号等を所定の通信プロトコルに従って受信し、これをクライアント部12で読み取り可能なデータに変換し、変換したデータをクライアント部12に渡す機能を有する。通信制御部11は例えばLANアダプタ、通信ボードなどである。 The communication control unit 11 converts the data generated by the client unit 12 into an electric signal or the like, transmits the individual electric signal or the like to the communication network 40 according to a predetermined communication protocol, and transmits the electric signal or the like from the communication network 40 to the predetermined signal. It has a function of receiving according to a communication protocol, converting the data into data readable by the client unit 12, and passing the converted data to the client unit 12. The communication control unit 11 is, for example, a LAN adapter or a communication board.
 クライアント部12は、通信管理サーバ20と協働して通信内容の送受信を処理する機能を有する。クライアント部12は、例えばメール・クライアント、Webブラウザ、携帯アプリ、などである。 The client unit 12 has a function of processing transmission / reception of communication contents in cooperation with the communication management server 20. The client unit 12 is, for example, a mail client, a Web browser, a mobile application, or the like.
 指紋登録要求部13は、通信管理サーバ20にユーザ(通信実行者)の指紋・ユーザ登録を実行する機能を有する。指紋・ユーザ登録とは、ユーザの指紋の画像データと当該ユーザを一意に特定する情報であるユーザ識別情報を対にして記録することをいう。指紋登録要求部13は、例えば、アドイン、アプリケーション、アプリなどである。 The fingerprint registration request unit 13 has a function of executing the fingerprint / user registration of the user (communication executor) in the communication management server 20. Fingerprint / user registration refers to recording a pair of image data of a user's fingerprint and user identification information, which is information that uniquely identifies the user. The fingerprint registration request unit 13 is, for example, an add-in, an application, or an application.
 指紋読み取り部14は、ユーザ(通信実行者)の指紋を読み取って指紋の画像データである指紋の画像データを出力する機能を有する。指紋読み取り部14は、例えば指紋読み取り装置及びそのドライバソフトである。指紋読み取り装置はPCや携帯電話器に内蔵された指紋センサーでも、いわゆる外付けの指紋センサーでもどちらでも構わない。 The fingerprint reading unit 14 has a function of reading a fingerprint of a user (communication executor) and outputting fingerprint image data that is fingerprint image data. The fingerprint reading unit 14 is, for example, a fingerprint reading device and its driver software. The fingerprint reader may be either a fingerprint sensor built in a PC or a mobile phone, or a so-called external fingerprint sensor.
 入力部15は、ユーザの指示内容を送信元通信端末装置10に入力する機能を有し、例えばキーボート、テンキー、タッチパネル、ポインティングデバイスなどである。 The input unit 15 has a function of inputting user's instruction content to the transmission source communication terminal device 10, and is, for example, a keyboard, a numeric keypad, a touch panel, a pointing device, or the like.
 出力部16は、送信元通信端末装置10の処理結果をユーザに認識可能な態様で出力する機能を有し、例えば液晶パネル装置である。 The output unit 16 has a function of outputting the processing result of the transmission source communication terminal device 10 in a manner that can be recognized by the user, and is, for example, a liquid crystal panel device.
 [1.2.送信先通信端末装置]
 送信先通信端末装置30は、通信管理サーバ20を経由して送信元通信端末装置10から通信内容を受信する装置である。この送信先通信端末装置30は、コンピュータ(タブレット・コンピュータを含む)、携帯電話器(スマートフォンを含む)、ゲーム機、などの通信機能を備えた情報処理装置であって、この情報処理装置は、演算処理装置(CPU)、主メモリ(RAM)、読み出し専用メモリ(ROM)、入出力装置(I/O)、及び必要な場合にはハードディスク装置等の外部記憶装置を具備している装置である。 [1.2. Destination communication terminal device]
The transmission destination communication terminal device 30 is a device that receives communication contents from the transmission source communication terminal device 10 via the communication management server 20. The destination communication terminal device 30 is an information processing device having a communication function such as a computer (including a tablet computer), a mobile phone (including a smartphone), a game machine, and the like. An arithmetic processing unit (CPU), a main memory (RAM), a read-only memory (ROM), an input / output device (I / O), and an external storage device such as a hard disk device if necessary. .
 図3に送信先通信端末装置30の構成例を示す機能ブロック図を掲げる。送信先通信端末装置30は、通信網40と接続可能な通信制御部31と、通信制御部31に接続されたクライアント部32と、クライアント部32に接続された指紋読み取り部34、入力部35及び出力部36とを有する。クライアント部32は指紋登録要求部33及び閲覧制限解除要求部37を有している。 FIG. 3 is a functional block diagram showing a configuration example of the transmission destination communication terminal device 30. The destination communication terminal device 30 includes a communication control unit 31 that can be connected to the communication network 40, a client unit 32 connected to the communication control unit 31, a fingerprint reading unit 34 connected to the client unit 32, an input unit 35, and And an output unit 36. The client unit 32 has a fingerprint registration request unit 33 and a browsing restriction release request unit 37.
 送信先通信端末装置30の通信制御部31、クライアント部32、指紋読み取り部34、入力部35及び出力部36はそれぞれ、送信元通信端末装置10の通信制御部11、クライアント部12、指紋読み取り部14、入力部15及び出力部16と同一の機能を有する構成要素であるので、これらの詳細な説明は省略する。 The communication control unit 31, the client unit 32, the fingerprint reading unit 34, the input unit 35, and the output unit 36 of the transmission destination communication terminal device 30 are respectively the communication control unit 11, the client unit 12, and the fingerprint reading unit of the transmission source communication terminal device 10. 14, since it is a component which has the same function as the input part 15 and the output part 16, these detailed description is abbreviate | omitted.
 閲覧制限解除要求部37は、通信管理サーバ20から通信内容を受信した場合、その通信内容の一部が閲覧制限されているときに、通信管理サーバ20にその閲覧制限されている内容を閲覧可能にするように要求するメッセージである閲覧制限解除要求を生成し、通信管理サーバ20に送信する機能を有する。閲覧解除要求メッセージには、送信先通信端末装置30の使用者の指紋の画像データ、当該使用者を一意に特定する情報であるユーザ識別情報が含まれているか、別途送信される。 When the communication restriction is received from the communication management server 20, the browsing restriction release request unit 37 can browse the contents restricted by the communication management server 20 when a part of the communication contents is restricted. A browsing restriction release request, which is a message requesting that the communication management server 20 be generated. The browsing cancellation request message includes image data of the fingerprint of the user of the destination communication terminal device 30 and user identification information that is information for uniquely identifying the user, or is transmitted separately.
 閲覧制限解除要求部37は、例えば、アドイン、アプリケーション、アプリなどである。 The viewing restriction release request unit 37 is, for example, an add-in, an application, an application, or the like.
 [1.3.通信管理サーバ]
 通信管理サーバ20は、送信元通信端末装置10から通信内容を受信し、この通信内容を送信先通信装置に受信させる機能を有する。通信管理サーバ20は、通信内容の一部を閲覧制限領域として、閲覧制限領域の内容は閲覧できないように送信先通信端末装置30に送信する。通信管理サーバ20は送信先通信端末装置30使用者の指紋認証成功を条件として、閲覧制限領域の内容を送信先通信端末装置30使用者が閲覧可能にする。 [1.3. Communication management server]
The communication management server 20 has a function of receiving communication contents from the transmission source communication terminal apparatus 10 and causing the transmission destination communication apparatus to receive the communication contents. The communication management server 20 transmits a part of the communication contents to the transmission destination communication terminal apparatus 30 so that the contents of the browsing restriction area cannot be browsed with the browsing restriction area. The communication management server 20 makes it possible for the user of the destination communication terminal apparatus 30 to view the contents of the viewing restricted area on condition that the user of the destination communication terminal apparatus 30 succeeds in fingerprint authentication.
 この通信管理サーバ20は、コンピュータ、ワークステーション、サーバなどの通信機能を備えた情報処理装置であって、この情報処理装置は、演算処理装置(CPU)、主メモリ(RAM)、読み出し専用メモリ(ROM)、入出力装置(I/O)、及び必要な場合にはハードディスク装置等の外部記憶装置を具備している装置である。なお、複数台のコンピュータ、ワークステーション、サーバを互いに接続して、通信管理サーバ20として機能させる構成としても本実施の形態は成立する。 The communication management server 20 is an information processing apparatus having a communication function such as a computer, a workstation, or a server. The information processing apparatus includes an arithmetic processing unit (CPU), a main memory (RAM), and a read-only memory ( ROM), an input / output device (I / O), and, if necessary, an external storage device such as a hard disk device. Note that the present embodiment is also established as a configuration in which a plurality of computers, workstations, and servers are connected to each other and function as the communication management server 20.
 図4に通信管理サーバ20の構成例を示す機能ブロック図を掲げる。通信管理サーバ20は、通信網40に接続されたサーバ側通信制御部21と、サーバ側通信制御部21に接続された指紋データ登録部22と、指紋データ登録部22に接続された指紋データベース部23と、サーバ側通信制御部21に接続された通信管理部24と、サーバ側通信制御部21に接続されるとともに、指紋データベース部23、通信管理部24に接続された閲覧制限解除要求処理部25とを有する。なお、指紋データベース部23は本実施の形態にかかる記憶手段に相当し、通信管理部24は本実施の形態の管理手段に相当し、閲覧制限解除要求処理部25は本実施の形態の要求処理手段に相当する。 FIG. 4 is a functional block diagram showing a configuration example of the communication management server 20. The communication management server 20 includes a server-side communication control unit 21 connected to the communication network 40, a fingerprint data registration unit 22 connected to the server-side communication control unit 21, and a fingerprint database unit connected to the fingerprint data registration unit 22. 23, a communication management unit 24 connected to the server side communication control unit 21, and a browsing restriction release request processing unit connected to the server side communication control unit 21 and connected to the fingerprint database unit 23 and the communication management unit 24 25. The fingerprint database unit 23 corresponds to the storage unit according to the present embodiment, the communication management unit 24 corresponds to the management unit of the present embodiment, and the browsing restriction release request processing unit 25 performs the request processing according to the present embodiment. Corresponds to means.
 サーバ側通信制御部21は、通信管理サーバ20で生成されたデータを電気信号等に変換し、個の電気信号等を所定の通信プロトコルに従って通信網40に送信し、通信網40から電気信号等を所定の通信プロトコルに従って受信し、これを読み取り可能なデータに変換し、変換したデータを各部に渡す機能を有する。サーバ側通信制御部21は例えばLANアダプタ、通信ボードなどである。 The server-side communication control unit 21 converts the data generated by the communication management server 20 into an electric signal or the like, and transmits the individual electric signal or the like to the communication network 40 according to a predetermined communication protocol. Is received according to a predetermined communication protocol, converted into readable data, and the converted data is passed to each unit. The server side communication control unit 21 is, for example, a LAN adapter, a communication board, or the like.
 指紋データ登録部22は、送信元通信端末装置10及び送信先通信端末装置30から指紋・ユーザ登録要求を受信すると、指紋・ユーザ登録を実行する機能を有する。指紋データ登録部22は、指紋データとユーザ識別情報を対とする指紋・ユーザ登録データを生成し、指紋データベース部23に記憶させる。 The fingerprint data registration unit 22 has a function of executing a fingerprint / user registration when receiving a fingerprint / user registration request from the transmission source communication terminal device 10 and the transmission destination communication terminal device 30. The fingerprint data registration unit 22 generates fingerprint / user registration data that is a pair of fingerprint data and user identification information, and stores the fingerprint / user registration data in the fingerprint database unit 23.
 指紋データベース部23は、指紋データ登録部22が生成した指紋・ユーザ登録データを記憶する機能を有する。指紋データベース部23は、本実施の形態の記憶手段に相当する。 The fingerprint database unit 23 has a function of storing the fingerprint / user registration data generated by the fingerprint data registration unit 22. The fingerprint database unit 23 corresponds to the storage unit of the present embodiment.
 通信管理部24は、送信元通信端末装置10から送信された通信内容を記憶し、この通信内容に閲覧制限領域を設定し、送信先通信端末装置30の使用者の指紋認証成功前においては送信先通信端末装置30に閲覧制限領域を閲覧不可の状態で前記通信内容を送信し、送信先通信端末装置30の使用者の指紋認証成功後においては送信先通信端末装置30に閲覧制限領域(若しくは閲覧制限そのものを解除でも良い)を解除して前記通信内容を送信する機能を有する。通信管理部24は本実施の形態の管理手段に相当する。 The communication management unit 24 stores the communication content transmitted from the transmission source communication terminal device 10, sets a browsing restriction area in this communication content, and transmits the communication before the user's fingerprint authentication of the transmission destination communication terminal device 30 succeeds. The communication content is transmitted to the destination communication terminal device 30 in a state in which the browsing restricted area is not viewable, and after the fingerprint authentication of the user of the destination communication terminal device 30 is successful, the browsing restricted region (or the destination communication terminal device 30 is displayed). The browsing restriction itself may be canceled) and the communication content is transmitted. The communication management unit 24 corresponds to the management unit of the present embodiment.
 上記閲覧制限領域を閲覧不可の状態にする方法は、例えば以下の通りである。
(1)通信管理サーバ、より詳しくは通信管理部24は、通信内容から閲覧制限領域に該当するデータを削除し、削除後の通信内容を送信先通信端末装置30に送信する。閲覧制限解除は、通信管理サーバ、より詳しくは通信管理部24が上記削除したデータのみ、若しくは削除前の通信内容を送信先通信端末装置30に送信することによって行う。 The method for making the browsing-restricted area unviewable is as follows, for example.
(1) The communication management server, more specifically, the communication management unit 24, deletes data corresponding to the browsing restriction area from the communication content, and transmits the communication content after the deletion to the transmission destination communication terminal device 30. The browsing restriction release is performed by transmitting only the deleted data or the communication content before the deletion to the transmission destination communication terminal device 30 by the communication management server, more specifically, the communication management unit 24.
 (2)通信管理サーバ、より詳しくは通信管理部24は、通信内容に閲覧制限領域を示すデータを書き加える。例えば、閲覧制限領域の開始を示すタグ、閲覧制限領域の終わりを示すタグ、などである。通信管理サーバ、より詳しくは通信管理部24は、閲覧制限領域を示すデータを書き加えられた通信内容を送信先通信端末装置30に送信する。閲覧制限領域を示すデータを書き加えられた通信内容を受信した送信先通信端末装置30、より詳しくはクライアント部12は、通信内容の表示、再生において、閲覧制限領域を示すデータによって特定されたデータを、他のデータ(例えば、空白、特定の記号(アスタリスクなど)に置き換えて、置き換えの行われた内容データを表示する。閲覧制限解除は、通信管理サーバ20からの閲覧制限解除許可メッセージに応じて、送信先通信端末装置30、より詳しくはクライアント部12が上記置き換えを行う前の通信内容を表示することによって行う。
(3) 通信管理サーバ、より詳しくは通信管理部24は、通信内容のうち、閲覧制限領域に該当する部分を暗号化する。暗号化方式はどのような方式でも良い。通信管理サーバ、より詳しくは通信管理部24は、閲覧制限領域が暗号化された通信内容を送信先通信端末装置30に送信する。閲覧制限領域が暗号化された通信内容を受信した送信先通信端末装置30、より詳しくはクライアント部12は、通信内容の表示をそのまま行う。当該閲覧制限領域は暗号化されている旨のメッセージを通信内容の中に表示するようにしても良い。閲覧制限解除は、通信管理サーバ20からの閲覧制限解除許可メッセージに応じて、送信先通信端末装置30、より詳しくはクライアント部12が上記暗号化された部分を復号化し、復号化後の通信内容を表示することによって行う。
(4)その他どのような方式でも、閲覧制限領域は閲覧制限解除前においては、本来の通信内容がそのまま表示されず、閲覧制限解除後には通信内容が当初の内容で表示される方式であれば、本発明に適用可能である。 (2) The communication management server, more specifically, the communication management unit 24 adds data indicating the browsing restriction area to the communication content. For example, a tag indicating the start of the browsing restricted area, a tag indicating the end of the browsing restricted area, and the like. The communication management server, more specifically, the communication management unit 24, transmits the communication content to which the data indicating the browsing restriction area is added to the transmission destination communication terminal device 30. The transmission destination communication terminal device 30 that has received the communication content to which the data indicating the browsing restriction area is added, more specifically, the client unit 12 specifies the data specified by the data indicating the browsing restriction area in displaying and reproducing the communication content. Is replaced with other data (for example, blank, a specific symbol (asterisk, etc.), and the replaced content data is displayed. Browsing restriction release is performed according to a browsing restriction release permission message from the communication management server 20. The transmission destination communication terminal device 30, more specifically, the client unit 12 displays the communication content before the replacement is performed.
(3) The communication management server, more specifically, the communication management unit 24 encrypts a portion corresponding to the browsing restricted area in the communication content. Any encryption method may be used. The communication management server, more specifically, the communication management unit 24, transmits the communication content in which the browsing restriction area is encrypted to the transmission destination communication terminal device 30. The transmission destination communication terminal device 30 that has received the communication content in which the browsing restriction area is encrypted, more specifically, the client unit 12 displays the communication content as it is. A message indicating that the browsing restricted area is encrypted may be displayed in the communication content. In the browsing restriction release, in response to a browsing restriction release permission message from the communication management server 20, the destination communication terminal device 30, more specifically, the client unit 12 decrypts the encrypted part, and the communication content after decryption By displaying.
(4) In any other method, the browsing restriction area is a method in which the original communication content is not displayed as it is before the browsing restriction is released and the communication content is displayed with the original content after the browsing restriction is released. It is applicable to the present invention.
 閲覧制限解除要求処理部25は、送信先通信端末装置30から閲覧制限解除要求メッセージを受信すると、送信先通信端末装置30からユーザ識別情報と共に送信された指紋データと、そのユーザ識別情報に対応付けられて指紋データベース部23に記憶されている指紋データとを比較照合し、双方の指紋データが一致すると判定した場合は、通信管理部24に通信内容の閲覧制限領域の解除(閲覧制限そのものの解除)を指示する機能を有する。閲覧制限解除要求処理部25は、本発明の要求処理手段に相当する。 When the browsing restriction release request processing unit 25 receives the browsing restriction release request message from the transmission destination communication terminal device 30, the browsing restriction release request processing unit 25 associates the fingerprint data transmitted together with the user identification information from the transmission destination communication terminal device 30 with the user identification information. If the fingerprint data stored in the fingerprint database unit 23 is compared and collated and it is determined that the two fingerprint data match, the communication management unit 24 releases the browsing restriction area of the communication content (releases the browsing restriction itself). ). The browsing restriction release request processing unit 25 corresponds to request processing means of the present invention.
 [1.4.通信網]
 通信網40は、送信先通信端末装置30と通信管理サーバ20、及び送信元通信端末装置10と通信管理サーバ20とを通信可能に接続する通信回線であればどのようなものであっても良い。
[2.本実施の形態の動作例]
 次に、本実施の形態にかかる通信システム1の動作例を説明する。 [1.4. Communication network]
The communication network 40 may be any communication line that connects the transmission destination communication terminal device 30 and the communication management server 20, and the transmission source communication terminal device 10 and the communication management server 20 so that they can communicate with each other. .
[2. Example of operation of this embodiment]
Next, an operation example of the communication system 1 according to the present embodiment will be described.
 [2.1.指紋・ユーザ登録]
 まず、送信元通信端末装置10のユーザについての指紋・ユーザ登録時の動作について述べる。図5に送信元通信端末装置10のユーザについての指紋・ユーザ登録時の動作例を示すシーケンス図を掲げる。 [2.1. Fingerprint / User registration]
First, the operation at the time of fingerprint / user registration for the user of the transmission source communication terminal device 10 will be described. FIG. 5 is a sequence diagram showing an operation example at the time of fingerprint / user registration for the user of the transmission source communication terminal device 10.
 送信元通信端末装置10のユーザが本通信システム1を利用する場合には、まず指紋・ユーザ登録を行う必要がある。 When the user of the source communication terminal device 10 uses the communication system 1, it is necessary to first perform fingerprint / user registration.
 送信元通信端末装置10のユーザは、送信元通信端末装置10の指紋登録要求部13を起動させると、送信元通信端末装置10、より詳しくは指紋登録要求部13は通信管理サーバ20に指紋登録要求メッセージを送信する(S110)。指紋登録要求メッセージを受信した通信管理サーバ20は指紋データ登録部22を起動させ、指紋データ登録部22は送信元通信端末装置10に指紋登録要求受付メッセージを送信する(S120)。 When the user of the transmission source communication terminal device 10 activates the fingerprint registration request unit 13 of the transmission source communication terminal device 10, the transmission source communication terminal device 10, more specifically, the fingerprint registration request unit 13 registers the fingerprint in the communication management server 20. A request message is transmitted (S110). The communication management server 20 that has received the fingerprint registration request message activates the fingerprint data registration unit 22, and the fingerprint data registration unit 22 transmits a fingerprint registration request acceptance message to the transmission source communication terminal device 10 (S120).
 指紋登録要求受付メッセージを受信した送信元通信端末装置10、より詳しくは指紋登録要求部13は、指紋読み取り部14を起動させ、指紋読み取り可能な状態にさせるとともに出力部16にユーザに指紋読み取りを促すメッセージ(例えば:「指紋読み取りを開始します。指紋読み取りエリアに人差し指をタッチしてください。」)を表示し、指紋読み取り部14が指紋の読み取りを実行する(S130)。 The source communication terminal device 10 that has received the fingerprint registration request acceptance message, more specifically, the fingerprint registration request unit 13 activates the fingerprint reading unit 14 to enable the fingerprint reading and causes the output unit 16 to read the fingerprint to the user. A prompt message (for example: “Start fingerprint reading. Touch your index finger in the fingerprint reading area”) is displayed, and the fingerprint reading unit 14 reads the fingerprint (S130).
 指紋の読み取りに成功すると、指紋読み取り部14は指紋データを生成し指紋登録要求部13に指紋データを渡す。指紋データを受け取った指紋登録要求部13は、この指紋データとともに、指紋登録要求を実行しているユーザのユーザ識別情報を通信管理サーバ20に送信する(S140)。なお、ユーザ識別情報は、送信元通信端末装置10又はクライアント部12に記憶されている情報(例えば、個体識別情報、電話番号、ウエブサービスのユーザID)を指紋登録要求部13が自動的に読み取ってこれを送信するようにしても良いし、指紋登録要求部13が出力部16にユーザ識別情報の入力を促すメッセージを表示させ、これに応じてユーザが入力部15を用いて入力した情報(例えば、文字、記号、数字のいずれか、若しくはこれらのうち二以上の組み合わせ)をユーザ識別情報として送信するようにしても良い。 When the fingerprint reading is successful, the fingerprint reading unit 14 generates fingerprint data and passes the fingerprint data to the fingerprint registration requesting unit 13. The fingerprint registration request unit 13 that has received the fingerprint data transmits user identification information of the user who is executing the fingerprint registration request to the communication management server 20 together with the fingerprint data (S140). The user registration information is automatically read by the fingerprint registration requesting unit 13 from information stored in the source communication terminal device 10 or the client unit 12 (for example, individual identification information, telephone number, web service user ID). Alternatively, the fingerprint registration request unit 13 may display a message prompting the user to input user identification information on the output unit 16, and information input by the user using the input unit 15 ( For example, any one of characters, symbols, numbers, or a combination of two or more thereof may be transmitted as the user identification information.
 送信元通信端末装置10から指紋データ及びユーザ識別情報を受信した通信管理サーバ20、より詳しくは指紋データ登録部22は、指紋データとユーザ識別情報を対とする指紋・ユーザ登録データを生成し、指紋データベース部23に記憶させる処理である指紋・ユーザ登録処理を実行する(S150)。 The communication management server 20 that has received the fingerprint data and the user identification information from the transmission source communication terminal device 10, more specifically, the fingerprint data registration unit 22, generates fingerprint / user registration data paired with the fingerprint data and the user identification information, A fingerprint / user registration process, which is a process to be stored in the fingerprint database unit 23, is executed (S150).
 指紋・ユーザ登録処理が終了すると、通信管理サーバ20、より詳しくは指紋データ登録部22は、登録完了通知メッセージを送信元通信端末装置10に送信する(S160)。登録完了通知メッセージを受信した送信元通信端末装置10、より詳しくは指紋登録要求部13は出力部16に指紋登録処理が正常に完了したことをユーザに知らせる表示を表示させ、指紋登録処理を終了する。 When the fingerprint / user registration process is completed, the communication management server 20, more specifically the fingerprint data registration unit 22, transmits a registration completion notification message to the transmission source communication terminal device 10 (S160). The transmission source communication terminal device 10 that has received the registration completion notification message, more specifically, the fingerprint registration request unit 13 displays a display informing the user that the fingerprint registration process has been completed normally on the output unit 16 and ends the fingerprint registration process. To do.
 送信先通信端末装置30においても、本通信システム1を利用するに先立って、指紋登録処理を行っておく必要がある。図6に送信先通信端末装置30のユーザについての指紋・ユーザ登録時の動作例を示すシーケンス図を掲げる。なお、図6に示すステップS210からステップS260のそれぞれは、図5に示したステップS110からステップS160と同様の処理内容であるので、これらの処理内容の説明は省略する。 Also in the transmission destination communication terminal device 30, it is necessary to perform fingerprint registration processing prior to using the communication system 1. FIG. 6 is a sequence diagram illustrating an operation example at the time of fingerprint / user registration for the user of the transmission destination communication terminal device 30. Since each of step S210 to step S260 shown in FIG. 6 has the same processing contents as step S110 to step S160 shown in FIG. 5, description of these processing contents is omitted.
 [2.2.通信管理処理]
 次に、本通信システム1における通信管理処理を説明する。通信管理処理は通信内容の一部を閲覧制限領域として、閲覧制限領域の内容は閲覧できないように送信先通信端末装置30に送信する。通信管理サーバ20は送信先通信端末装置30使用者の指紋認証成功を条件として、閲覧制限領域の内容を送信先通信端末装置30使用者が閲覧可能にする処理である。 [2.2. Communication management processing]
Next, communication management processing in the communication system 1 will be described. In the communication management process, a part of the communication contents is set as a browsing restriction area, and the contents of the browsing restriction area are transmitted to the transmission destination communication terminal device 30 so that the contents cannot be browsed. The communication management server 20 is a process for enabling the user of the destination communication terminal apparatus 30 to view the contents of the browsing restricted area on condition that the user of the destination communication terminal apparatus 30 succeeds in fingerprint authentication.
 図7に本通信システム1における通信管理処理の一例を示したシーケンス図を掲げる。ここでは、送信元通信端末装置10のユーザが送信元通信端末装置10のユーザにWebメールを送信する場合を例として説明する。 FIG. 7 shows a sequence diagram showing an example of communication management processing in the communication system 1. Here, a case where the user of the transmission source communication terminal apparatus 10 transmits Web mail to the user of the transmission source communication terminal apparatus 10 will be described as an example.
 送信元通信端末装置10のユーザは、送信元通信端末装置10のクライアント部12を起動させ、入力部15より通信内容(宛先アドレス、メールの件名、メール本文)を入力する。入力が完了すると、ユーザは送信元通信端末装置10のクライアント部12にWebメールを送信させる(S310)。 The user of the source communication terminal device 10 activates the client unit 12 of the source communication terminal device 10 and inputs communication contents (destination address, mail subject, mail text) from the input unit 15. When the input is completed, the user causes the client unit 12 of the transmission source communication terminal device 10 to transmit a Web mail (S310).
 送信元通信端末装置10のクライアント部12から送信された通信内容は通信管理サーバ20(この例では、Webメールのサーバに相当する)に依って受信され、通信管理サーバ20、より詳しくは通信管理部24は、通信内容を記憶する(S320)。このとき通信内容を一意に特定する通信内容識別情報(メールIDとする)をそれぞれの通信内容に割り当てて記憶しておく。また、通信管理サーバ20、より詳しくは通信管理部24は、この通信内容のうちメール本文を閲覧制限領域に設定する。なお、どの部分を閲覧制限領域とするかは予め通信管理部24に設定するようにしても良いし、送信元通信端末装置10のユーザが通信内容を送信する際に任意に指定できるようにしても良い。 The communication content transmitted from the client unit 12 of the transmission source communication terminal device 10 is received by the communication management server 20 (corresponding to a Web mail server in this example), and the communication management server 20, more specifically, communication management. The unit 24 stores the communication content (S320). At this time, communication content identification information (referred to as a mail ID) for uniquely specifying the communication content is assigned to each communication content and stored. Further, the communication management server 20, more specifically, the communication management unit 24, sets the mail text in the communication restriction in the browsing restriction area. It should be noted that which part is set as the browsing restriction area may be set in the communication management unit 24 in advance, or can be arbitrarily designated when the user of the transmission source communication terminal device 10 transmits the communication contents. Also good.
 次に送信先通信端末装置30のユーザが自分宛てのWebメールを閲覧するために、送信先通信端末装置30のクライアント部32を起動させたとする。 Next, it is assumed that the user of the transmission destination communication terminal apparatus 30 activates the client unit 32 of the transmission destination communication terminal apparatus 30 in order to view the Web mail addressed to the user.
 送信先通信端末装置30のクライアント部32は、通信管理サーバ20、より詳しくは通信管理部24に送信先通信端末装置30のユーザを特定する情報(例えばユーザID、メールアドレスなど)とともに通信内容閲覧要求メッセージを送信する(S330)。 The client unit 32 of the transmission destination communication terminal device 30 browses the communication contents together with information (for example, user ID, mail address, etc.) that identifies the user of the transmission destination communication terminal device 30 to the communication management server 20, more specifically, the communication management unit 24. A request message is transmitted (S330).
 この通信内容閲覧要求メッセージを受信した通信管理サーバ20、より詳しくは通信管理部24は、記憶している通信内容のうち、送信先通信端末装置30のユーザ宛ての通信内容を抽出し、抽出した通信内容を送信先通信端末装置30に送信する(S340)。このとき送信される通信内容は閲覧制限領域について内容が削除されているか、別の内容(例えば「閲覧制限されています」との表示)に差し替えられている。 The communication management server 20 that has received the communication content browsing request message, more specifically, the communication management unit 24, extracts and extracts the communication content addressed to the user of the destination communication terminal device 30 from the stored communication content. The communication content is transmitted to the destination communication terminal apparatus 30 (S340). The content of communication transmitted at this time has been deleted from the browsing-restricted area or has been replaced with another content (for example, “browsing is restricted”).
 ステップS340で送信された通信内容を受信した送信先通信端末装置30、より詳しくはクライアント部32は通信内容を出力部36に表示させる。前述の通り閲覧制限領域について内容が削除されているか、別の内容(例えば「閲覧制限されています」との表示)に差し替えられているので、出力部36には閲覧制限領域の実際の内容は表示できない。送信先通信端末装置30のユーザは自分宛てのWebメールの送信元、件名は閲覧できるがメール本文は閲覧することができない状態である。 The transmission destination communication terminal device 30 that has received the communication content transmitted in step S340, more specifically, the client unit 32 causes the output unit 36 to display the communication content. As described above, since the content of the viewing restricted area is deleted or replaced with another content (for example, “browsing restricted” is displayed), the actual content of the viewing restricted area is displayed in the output unit 36. Cannot be displayed. The user of the destination communication terminal device 30 is in a state where the sender and the subject of the Web mail addressed to himself / herself can be viewed but the mail text cannot be viewed.
 ここで、送信先通信端末装置30のユーザが閲覧制限領域の内容、即ちメール本文を閲覧したい場合には、通信管理サーバ20に閲覧制限解除要求を行う必要がある。具体例としては、所定のアイコンやボタンを活性化させるなどして閲覧制限解除要求部37を起動させる。起動した閲覧制限解除要求部37は閲覧制限解除要求処理を開始する(S360)。 Here, when the user of the destination communication terminal device 30 wants to browse the contents of the browsing restriction area, that is, the mail text, it is necessary to make a browsing restriction release request to the communication management server 20. As a specific example, the browsing restriction release request unit 37 is activated by activating a predetermined icon or button. The activated browsing restriction release request unit 37 starts a browsing restriction release request process (S360).
 閲覧制限解除要求処理を開始した閲覧制限解除要求部37は、指紋読み取り部34を起動させ、指紋読み取り可能な状態にさせるとともに出力部36にユーザに指紋読み取りを促すメッセージ(例えば:「指紋読み取りを開始します。指紋読み取りエリアに人差し指をタッチしてください。」)を表示し、指紋読み取り部34が指紋の読み取りを実行する(S370)。 The browsing restriction release request unit 37 that has started the browsing restriction release request process activates the fingerprint reading unit 34 to make the fingerprint readable state and prompts the output unit 36 to read the fingerprint (for example: “print fingerprint reading”). Touch the index finger in the fingerprint reading area. ”) And the fingerprint reading unit 34 reads the fingerprint (S370).
 指紋の読み取りに成功すると、指紋読み取り部34は指紋データを生成し閲覧制限解除要求部37に指紋データを渡す。指紋データを受け取った閲覧制限解除要求部37は、この閲覧制限解除要求メッセージとともに、ステップS370で読み取った指紋データ、指紋登録要求を実行しているユーザのユーザ識別情報及び閲覧制限解除の対象とする通信内容を特定する通信内容識別情報(例えば、メールID)を通信管理サーバ20に送信する(S380)。 When the fingerprint reading is successful, the fingerprint reading unit 34 generates fingerprint data and passes the fingerprint data to the browsing restriction release requesting unit 37. The browsing restriction release request unit 37 that has received the fingerprint data, together with the browsing restriction release request message, sets the fingerprint data read in step S370, the user identification information of the user who is executing the fingerprint registration request, and the target of the browsing restriction release. Communication content identification information (for example, mail ID) for specifying the communication content is transmitted to the communication management server 20 (S380).
 通信管理サーバ20、より詳しくは閲覧制限解除要求処理部25は指紋データの認証処理を行う(S390)。具体的には、閲覧制限解除要求処理部25は、ステップS380で送信されてきたユーザ識別情報をキーとして、指紋データベース部23からこのユーザ識別情報に対応する指紋データを読み出し、これとステップS380で送信されてきた指紋データの照合を行う(S390)。 The communication management server 20, more specifically, the browsing restriction release request processing unit 25 performs fingerprint data authentication processing (S390). Specifically, the browsing restriction release request processing unit 25 reads out fingerprint data corresponding to the user identification information from the fingerprint database unit 23 using the user identification information transmitted in step S380 as a key, and in step S380. The sent fingerprint data is collated (S390).
 指紋データの照合の結果これらが一致すると判定した場合、閲覧制限解除要求処理部25は通信管理部24にステップS380で送信されてきた通信内容識別情報に対応する通信内容を、閲覧制限領域を解除して、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に送信するよう指示する。一方、照合の結果これらが一致しないと判定した場合、閲覧制限解除要求処理部25は、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に認証が失敗したことを通知するメッセージを送信する(図略)。 When it is determined that the two match as a result of the fingerprint data collation, the browsing restriction release request processing unit 25 releases the browsing restriction area for the communication content corresponding to the communication content identification information transmitted to the communication management unit 24 in step S380. Then, it instructs the transmission destination communication terminal apparatus 30 that has transmitted the browsing restriction release request message to transmit it. On the other hand, when it is determined that they do not match as a result of the collation, the browsing restriction release request processing unit 25 transmits a message notifying that the authentication has failed to the transmission destination communication terminal device 30 that has transmitted the browsing restriction release request message. (Not shown).
 照合の結果これらが一致すると判定され、閲覧制限解除を指示された通信管理部24は、ステップS380で送信されてきた通信内容識別情報に対応する通信内容を、閲覧制限領域を解除して、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に送信する(S400)。具体的には、通信管理部24は、メール本文の内容がそのままの状態である通信内容を送信先通信端末装置30に送信する。なお、「閲覧制限領域を解除する」とは、送信先通信端末装置30において閲覧制限領域の内容が閲覧可能となるようにすることをいう。 As a result of the collation, it is determined that these match, and the communication management unit 24 instructed to release the browsing restriction releases the browsing restriction area and browses the communication content corresponding to the communication content identification information transmitted in step S380. The restriction release request message is transmitted to the transmission destination communication terminal device 30 (S400). Specifically, the communication management unit 24 transmits the communication content in which the content of the mail text remains as it is to the transmission destination communication terminal device 30. “Release the browsing restriction area” means that the contents of the browsing restriction area can be browsed in the destination communication terminal device 30.
 閲覧制限領域が解除された通信内容を受信した送信先通信端末装置30、より詳しくはクライアント部32は、閲覧制限領域の内容が閲覧可能となった状態で通信内容を出力部16に表示させる(S410)。具体的には、ステップS350では出力部36に内容が表示されていなかったメール本文(閲覧制限領域)が、ステップS410では表示されるようになる。 The transmission destination communication terminal device 30 that has received the communication content whose browsing restriction area has been released, more specifically, the client unit 32, displays the communication content on the output unit 16 in a state where the browsing restricted area can be browsed ( S410). Specifically, the mail text (viewing restricted area) whose contents were not displayed on the output unit 36 in step S350 is displayed in step S410.
 [2.3.通信管理サーバの動作]
 次に通信管理サーバ20の動作例について説明する。図8は、通信管理サーバ20の主たる動作である閲覧制限解除要求を受信した場合の処理(閲覧制限解除要求処理)の例を示すフローチャートである。 [2.3. Operation of the communication management server]
Next, an operation example of the communication management server 20 will be described. FIG. 8 is a flowchart illustrating an example of processing (viewing restriction release request processing) when a browsing restriction release request that is the main operation of the communication management server 20 is received.
 まず、通信管理サーバ20、より詳しくは閲覧制限解除要求処理部25は送信先通信端末装置30から通信内容閲覧要求メッセージを受信する(S10)。 First, the communication management server 20, more specifically, the browsing restriction release request processing unit 25 receives a communication content browsing request message from the destination communication terminal device 30 (S10).
 通信内容閲覧要求メッセージを受信した通信管理サーバ20、より詳しくは通信管理部24は、記憶している通信内容のうち、送信先通信端末装置30のユーザ宛ての通信内容があるかいないかを判定する(S20)。送信先通信端末装置30のユーザ宛ての通信内容がないと判定した場合(S20, No)、通信管理サーバ20、より詳しくは通信管理部24は、当該ユーザ宛ての通信内容はない旨のメッセージを送信先通信端末装置30に送信し(S30)、処理を終了する。一方、送信先通信端末装置30のユーザ宛ての通信内容があると判定した場合(S20, Yes)、通信管理サーバ20、より詳しくは通信管理部24は、送信先通信端末装置30のユーザ宛ての通信内容を抽出し、抽出した通信内容を送信先通信端末装置30に送信する(S40)。 The communication management server 20 that has received the communication content browsing request message, more specifically, the communication management unit 24, determines whether there is communication content addressed to the user of the destination communication terminal device 30 among the stored communication content. (S20). When it is determined that there is no communication content addressed to the user of the destination communication terminal device 30 (S20, No), the communication management server 20, more specifically, the communication management unit 24 sends a message that there is no communication content addressed to the user. The data is transmitted to the destination communication terminal device 30 (S30), and the process is terminated. On the other hand, when it is determined that there is communication content addressed to the user of the destination communication terminal device 30 (S20, Yes), the communication management server 20, more specifically, the communication management unit 24, addresses the user of the destination communication terminal device 30. The communication content is extracted, and the extracted communication content is transmitted to the destination communication terminal device 30 (S40).
 その後通信管理サーバ20、より詳しくは閲覧制限解除要求処理部25は、送信先通信端末装置30からの閲覧制限解除要求メッセージを待ち受ける(S50)。 Thereafter, the communication management server 20, more specifically, the browsing restriction release request processing unit 25 waits for a browsing restriction release request message from the transmission destination communication terminal device 30 (S50).
 送信先通信端末装置30からの閲覧制限解除要求メッセージを受信すると、通信管理サーバ20、より詳しくは閲覧制限解除要求処理部25は、送信先通信端末装置30から送信されてきたユーザ識別情報をキーとして、指紋データベース部23からこのユーザ識別情報に対応する指紋データを読み出し、これと送信先通信端末装置30から送信されてきた指紋データが一致するか否かを判定する(S60)。 When receiving the browsing restriction release request message from the transmission destination communication terminal device 30, the communication management server 20, more specifically, the browsing restriction release request processing unit 25, uses the user identification information transmitted from the transmission destination communication terminal device 30 as a key. Then, the fingerprint data corresponding to the user identification information is read from the fingerprint database unit 23, and it is determined whether or not the fingerprint data transmitted from the destination communication terminal device 30 matches (S60).
 指紋データの照合の結果これらが一致すると判定した場合(S60, Yes)、閲覧制限解除要求処理部25は通信管理部24に送信されてきた通信内容識別情報に対応する通信内容を、閲覧制限領域を解除して、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に送信するよう指示し、閲覧制限解除を指示された通信管理部24は、送信されてきた通信内容識別情報に対応する通信内容を、閲覧制限領域を解除して、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に送信し(S70)、その後通信管理サーバ20は閲覧制限解除要求処理を終了する。 When it is determined that the two match as a result of the fingerprint data collation (S60, 閲 覧 Yes), the browsing restriction release request processing unit 25 displays the communication content corresponding to the communication content identification information transmitted to the communication management unit 24 in the browsing restriction area. And the communication management unit 24 instructed to transmit the browsing restriction release request message to the transmission destination communication terminal apparatus 30 and instructed to release the browsing restriction, corresponds to the transmitted communication content identification information. The communication content is released from the browsing restriction area and transmitted to the destination communication terminal device 30 that has sent the browsing restriction release request message (S70), and then the communication management server 20 ends the browsing restriction release request process.
 一方、照合の結果これらが一致しないと判定した場合(S60, No)、通信管理サーバ20、より詳しくは閲覧制限解除要求処理部25は、閲覧制限解除要求メッセージを送信した送信先通信端末装置30に認証が失敗したことを通知するメッセージを送信し(S80)、その後通信管理サーバ20は閲覧制限解除要求処理を終了する。
[3.第2の実施の形態]
 本発明の第2の実施の形態を説明する。第2の実施の形態にかかる通信システムは、受信者が送信者の本人確認(なりすましでないこと)を確認できることを特徴とする。 On the other hand, when it is determined that these do not match as a result of the collation (S60, No), the communication management server 20, more specifically, the browsing restriction release request processing unit 25, transmits the destination communication terminal device 30 that has transmitted the browsing restriction release request message. (S80), and then the communication management server 20 ends the browsing restriction release request process.
[3. Second Embodiment]
A second embodiment of the present invention will be described. The communication system according to the second embodiment is characterized in that the receiver can confirm the identity of the sender (not impersonation).
 [3.1.構成例]
 第2の実施の形態にかかる通信システムは、第1の実施の形態にかかる通信システム1と基本的に同様の構成を有する。以下に、第2の実施の形態にかかる通信システムが第1の実施の形態にかかる通信システム1と異なる点を述べる。 [3.1. Configuration example]
The communication system according to the second embodiment has basically the same configuration as the communication system 1 according to the first embodiment. In the following, differences between the communication system according to the second embodiment and the communication system 1 according to the first embodiment will be described.
  [3.1.1.送信元通信端末装置]
 図9に、本実施の形態における送信元通信端末装置の機能ブロック図を示す。本実施の形態における送信元通信端末装置10Aは、そのクライアント部12Aが本人確認用指紋データ提供部17をさらに有している点で異なっており、その他の構成は第1の実施の形態にかかる送信元通信端末装置10と同様である。同一の構成要素には同一の参照符号を付し、それらの詳細な説明は省略する。 [3.1.1. Source communication terminal device]
FIG. 9 shows a functional block diagram of the transmission source communication terminal apparatus in the present embodiment. The source communication terminal device 10A in the present embodiment is different in that the client unit 12A further includes a fingerprint data providing unit 17 for identity verification, and other configurations are related to the first embodiment. This is the same as the transmission source communication terminal device 10. The same components are denoted by the same reference numerals, and detailed description thereof is omitted.
 本人確認用指紋データ提供部17は、本実施の形態にかかる通信システムが送信元通信端末装置10Aの使用者の本人確認を行う場合若しくは通信内容を通信管理サーバ20Aに送信する場合に、送信元通信端末装置10Aの使用者の指紋データを指紋読み取り部14によって新たに取得し、若しくは予め送信元通信端末装置10Aに記憶させておいた、送信元通信端末装置10Aの使用者の指紋データを読み出し、これらの指紋データを通信管理サーバ20Aに送信する機能を有する。本人確認用指紋データ提供部17は、個人識別データ提供手段に相当する。 When the communication system according to the present embodiment confirms the identity of the user of the transmission source communication terminal device 10A or transmits the communication contents to the communication management server 20A, the personal identification fingerprint data providing unit 17 The fingerprint data of the user of the communication terminal device 10A is newly acquired by the fingerprint reading unit 14, or the fingerprint data of the user of the transmission source communication terminal device 10A that has been stored in the transmission source communication terminal device 10A in advance is read. The fingerprint data is transmitted to the communication management server 20A. The personal identification fingerprint data providing unit 17 corresponds to a personal identification data providing unit.
  [3.1.2.通信管理サーバ]
 図10に、本実施の形態における通信管理サーバの機能ブロック図を示す。本実施の形態における通信管理サーバ20Aは、本人確認処理部26をさらに有している点で異なっており、その他の構成は第1の実施の形態にかかる通信管理サーバ20と同様である。同一の構成要素には同一の参照符号を付し、それらの詳細な説明は省略する。 [3.1.2. Communication management server]
FIG. 10 shows a functional block diagram of the communication management server in the present embodiment. The communication management server 20A in the present embodiment is different in that it further includes an identity verification processing unit 26, and the other configuration is the same as that of the communication management server 20 according to the first embodiment. The same components are denoted by the same reference numerals, and detailed description thereof is omitted.
 本人確認処理部26は、サーバ側通信制御部21と指紋データベース部23に接続されている。 The identity verification processing unit 26 is connected to the server side communication control unit 21 and the fingerprint database unit 23.
 本人確認処理部26は、送信先通信端末装置30Aから本人確認要求メッセージを受け取ると、送信先通信端末装置30Aから通信内容とともに送信されている指紋データと、送信元通信端末装置10Aの使用者のユーザ登録時に指紋データベース部23に記憶された、当該使用者の指紋データを比較し、双方の指紋データが一致する場合に、本人確認が成功した旨の通知メッセージを送信先通信端末装置30Aに送信する機能を有する。なお、指紋データベース部23に記憶されている指紋データに代えて、本人確認処理部26は、送信元通信端末装置10A、より詳しくは本人確認用指紋データ提供部17に、指紋データ送信要求メッセージを送信し、これに応じて送信元通信端末装置10A、より詳しくは本人確認用指紋データ提供部17から送信された指紋データを使用するようにしても良い。 When the identity confirmation processing unit 26 receives the identity confirmation request message from the transmission destination communication terminal device 30A, the fingerprint data transmitted together with the communication content from the transmission destination communication terminal device 30A and the user of the transmission source communication terminal device 10A. The user's fingerprint data stored in the fingerprint database unit 23 at the time of user registration is compared, and if both fingerprint data match, a notification message indicating that the identity verification was successful is sent to the destination communication terminal device 30A. It has the function to do. Instead of the fingerprint data stored in the fingerprint database unit 23, the identity verification processing unit 26 sends a fingerprint data transmission request message to the transmission source communication terminal device 10A, more specifically, to the identity verification fingerprint data providing unit 17. The fingerprint data transmitted from the transmission source communication terminal device 10A, more specifically, the personal identification fingerprint data providing unit 17 may be used in accordance with this.
 本人確認処理部26は、本人確認処理手段に相当する。 The identity verification processing unit 26 corresponds to identity verification processing means.
  [3.1.2.送信先通信端末装置]
 図11に、本実施の形態における送信先通信端末装置の機能ブロック図を示す。本実施の形態における送信先通信端末装置30Aは、そのクライアント部32が本人確認要求部38をさらに有している点で異なっており、その他の構成は第1の実施の形態にかかる送信元通信端末装置30と同様である。同一の構成要素には同一の参照符号を付し、それらの詳細な説明は省略する。 [3.1.2. Destination communication terminal device]
FIG. 11 shows a functional block diagram of the transmission destination communication terminal apparatus in the present embodiment. The destination communication terminal device 30A in the present embodiment is different in that the client unit 32 further includes an identity confirmation requesting unit 38, and the other configuration is the source communication according to the first embodiment. This is the same as the terminal device 30. The same components are denoted by the same reference numerals, and detailed description thereof is omitted.
 本人確認要求部38は、ユーザの操作等に応じて、通信内容が送信先通信端末装置30Aの使用者本人によって送信されたものであることの確認を要求するメッセージである本人確認要求メッセージを通信管理サーバ20A、より詳しくは本人確認処理部26)に送信する機能を有する。本人確認要求部38は、送信者本人確認要求手段に相当する。 The identity confirmation requesting unit 38 communicates an identity confirmation request message, which is a message requesting confirmation that the communication content is transmitted by the user himself / herself of the destination communication terminal device 30A, in accordance with a user operation or the like. It has a function of transmitting to the management server 20A, more specifically to the identity confirmation processing unit 26). The identity verification request unit 38 corresponds to a sender identity verification request unit.
 [3.2.動作例]
 第2の実施の形態にかかる通信システムの動作を説明する。図12は、第2の実施の形態にかかる通信システムの動作を示すシーケンス図である。 [3.2. Example of operation]
The operation of the communication system according to the second embodiment will be described. FIG. 12 is a sequence diagram illustrating an operation of the communication system according to the second embodiment.
 まず、通信システムにおいて、送信元通信端末装置10Aの使用者は通信内容(メール本文など)の入力を行う(図示省略)と共に、指紋データの読み取りを実行する(S310A)。指紋データの読み取りは、指紋読み取り部14によって行われ、指紋データ読み取りの結果生成される指紋データはクライアント部12に渡される。 First, in the communication system, the user of the transmission source communication terminal device 10A inputs communication contents (e-mail text etc.) (not shown) and executes fingerprint data reading (S310A). The fingerprint data is read by the fingerprint reading unit 14, and the fingerprint data generated as a result of the fingerprint data reading is passed to the client unit 12.
 クライアント部12は、ユーザを特定する情報、通信内容とともに指紋データ(以下、区別のため「本人確認用指紋データ」と呼ぶ)を通信管理サーバ20Aに送信する(S310B)。 The client unit 12 transmits fingerprint data (hereinafter referred to as “identification fingerprint data for identification”) to the communication management server 20A together with information for identifying the user and communication contents (S310B).
 通信内容と本人確認用指紋データを受信した通信管理サーバ20Aは、これらを記憶する(S310C)。より詳しくは通信内容は通信管理部24によって記憶され、本人確認用指紋データは本人確認処理部26に記憶される。 The communication management server 20A that has received the communication content and the fingerprint data for identity verification stores these (S310C). More specifically, the communication content is stored by the communication management unit 24, and the personal identification fingerprint data is stored in the personal verification processing unit 26.
 この後、送信先通信端末装置30のクライアント部32は、通信管理サーバ20、より詳しくは通信管理部24に送信先通信端末装置30のユーザを特定する情報(例えばユーザID、メールアドレスなど)とともに通信内容閲覧要求メッセージを送信する(S501)。 Thereafter, the client unit 32 of the transmission destination communication terminal apparatus 30 includes information (for example, a user ID, a mail address, etc.) that identifies the user of the transmission destination communication terminal apparatus 30 to the communication management server 20, more specifically, the communication management unit 24. A communication content browsing request message is transmitted (S501).
 次に、送信先通信端末装置30は、通信管理サーバ20に送信者本人確認要求メッセージを送信する(S502)。 Next, the transmission destination communication terminal device 30 transmits a sender identity confirmation request message to the communication management server 20 (S502).
 次に、通信管理サーバ20A、より詳しくは本人確認処理部26は、前記ユーザを特定する情報をキーとして、指紋データベース部23から当該ユーザを特定する情報に対応する指紋データ(「ユーザ登録用指紋データ」と呼ぶ)を読み出す。次に本人確認処理部26は本人確認用指紋データとユーザ登録用指紋データを照合し、これら指紋データが一致するか否かを判定する(S503)。これら指紋データが一致すると判定した場合、通信管理サーバ20A、より詳しくは本人確認処理部26は、送信元通信端末装置10Aの使用者である送信者の本人確認が成功した旨を通知するメッセージである本人確認成功メッセージを送信先通信端末装置30Aに送信する(S504)。これら指紋データが一致しないと判定した場合は、送信元通信端末装置10Aの使用者である送信者の本人確認が成功しなかった旨を通知するメッセージを送信先通信端末装置30Aに送信する。 Next, the communication management server 20A, more specifically, the identity verification processing unit 26 uses the information for specifying the user as a key to print fingerprint data corresponding to the information for specifying the user from the fingerprint database unit 23 (“user registration fingerprint”). Data)). Next, the personal identification processing unit 26 collates the personal identification fingerprint data with the user registration fingerprint data, and determines whether these fingerprint data match (S503). If it is determined that the fingerprint data match, the communication management server 20A, more specifically the identity verification processing unit 26, sends a message notifying that the identity of the sender who is the user of the transmission source communication terminal device 10A has been successfully verified. A certain identity verification success message is transmitted to the destination communication terminal apparatus 30A (S504). If it is determined that these fingerprint data do not match, a message notifying that the identity of the sender who is the user of the transmission source communication terminal apparatus 10A has not been successfully transmitted is transmitted to the transmission destination communication terminal apparatus 30A.
 ステップS504の後、通信システムは、第1の実施の形態と同様に、前述のステップS340からステップS410の処理を実行する。 After step S504, the communication system executes the processing from step S340 to step S410 described above, as in the first embodiment.
 第2の実施の形態にかかる通信システムの変形例の動作例を説明する。図13は、第2の実施の形態にかかる通信システムの変形例の動作例を示すシーケンス図である。 An operation example of a modification of the communication system according to the second embodiment will be described. FIG. 13 is a sequence diagram illustrating an operation example of a modification of the communication system according to the second embodiment.
 まず、通信システムにおいて、第1の実施の形態と同様に、ステップS310、S320が実行される(図示省略)。 First, in the communication system, steps S310 and S320 are executed (not shown) as in the first embodiment.
 次に、送信先通信端末装置30は、前述のステップS330に先立って、あるいはステップS330での通信内容閲覧要求メッセージの送信と同時に、通信管理サーバ20に送信者本人確認要求メッセージを送信する(S601)。 Next, the transmission destination communication terminal apparatus 30 transmits a sender identity confirmation request message to the communication management server 20 prior to the above-described step S330 or simultaneously with the transmission of the communication content browsing request message in step S330 (S601). ).
 通信管理サーバ20A、より詳しくは本人確認処理部26は、通信内容の送信先である送信先側通信端末装置10Aに指紋データ要求メッセージを送信する(S602)。 The communication management server 20A, more specifically, the identity verification processing unit 26 transmits a fingerprint data request message to the destination communication terminal device 10A that is the destination of the communication contents (S602).
 指紋データ要求メッセージを受信した送信先側通信端末装置10A、より詳しくは本人確認用指紋データ提供部17は、指紋読み取り部14を起動させ、ユーザに指紋の読み取りを促し、ユーザがこれに応じて指紋読み取り処理を実行する(S603)と、指紋読み取り部14は指紋データ(以下、「本人確認用指紋データ」と呼ぶ)を生成し、これを本人確認用指紋データ提供部17に渡す。本人確認用指紋データ提供部17は、当該送信元通信端末装置20Aの使用者を特定する情報であるユーザを特定する情報とともにこの指紋データを通信管理サーバ20A、より詳しくは本人確認処理部26に送信する(S604)。 The destination communication terminal device 10A that has received the fingerprint data request message, more specifically, the personal identification fingerprint data providing unit 17 activates the fingerprint reading unit 14 to prompt the user to read the fingerprint, and the user responds accordingly. When the fingerprint reading process is executed (S603), the fingerprint reading unit 14 generates fingerprint data (hereinafter referred to as “identification fingerprint data”), and passes it to the identity verification fingerprint data providing unit 17. The identity verification fingerprint data providing unit 17 sends this fingerprint data to the communication management server 20A, more specifically to the identity verification processing unit 26, together with information specifying the user, which is information specifying the user of the transmission source communication terminal device 20A. Transmit (S604).
 本人確認用指紋データを受信した通信管理サーバ20A、より詳しくは本人確認処理部26は、この本人確認用指紋データを記憶する(S605)。なお、この本人確認用指紋データには前記ユーザを特定する情報が対応付けされて記憶される。 The communication management server 20A that has received the fingerprint data for identity verification, more specifically, the identity verification processing unit 26 stores the fingerprint data for identity verification (S605). Note that information identifying the user is stored in association with the fingerprint data for identity verification.
 次に、通信管理サーバ20A、より詳しくは本人確認処理部26は、前記ユーザを特定する情報をキーとして、指紋データベース部23から当該ユーザを特定する情報に対応する指紋データ(「ユーザ登録用指紋データ」と呼ぶ)を読み出す。次に本人確認処理部26は本人確認用指紋データとユーザ登録用指紋データを照合し、これら指紋データが一致するか否かを判定する(S606)。これら指紋データが一致すると判定した場合、通信管理サーバ20A、より詳しくは本人確認処理部26は、送信元通信端末装置10Aの使用者である送信者の本人確認が成功した旨を通知するメッセージである本人確認成功メッセージを送信先通信端末装置30Aに送信する(S607)。これら指紋データが一致しないと判定した場合は、送信元通信端末装置10Aの使用者である送信者の本人確認が成功しなかった旨を通知するメッセージを送信先通信端末装置30Aに送信する。 Next, the communication management server 20A, more specifically, the identity verification processing unit 26 uses the information for specifying the user as a key to print fingerprint data corresponding to the information for specifying the user from the fingerprint database unit 23 (“user registration fingerprint”). Data)). Next, the personal identification processing unit 26 collates the personal identification fingerprint data with the user registration fingerprint data, and determines whether these fingerprint data match (S606). If it is determined that the fingerprint data match, the communication management server 20A, more specifically the identity verification processing unit 26, sends a message notifying that the identity of the sender who is the user of the transmission source communication terminal device 10A has been successfully verified. A certain identity verification success message is transmitted to the destination communication terminal device 30A (S607). If it is determined that these fingerprint data do not match, a message notifying that the identity of the sender who is the user of the transmission source communication terminal apparatus 10A has not been successfully transmitted is transmitted to the transmission destination communication terminal apparatus 30A.
 ステップS607の後、通信システムは、第1の実施の形態と同様に、前述のステップS330以降の処理を実行する。 After step S607, the communication system executes the processing after step S330 described above, as in the first embodiment.
 第2の実施の形態の動作の変形例を説明する。
[4.変形例]
(1)第1及び第2の実施の形態では、通信管理サーバ20は閲覧制限領域の内容を送信先通信端末装置30に送信しないものとしたが、通信管理サーバ20が閲覧制限領域の内容を削除や置き換えをせずにそのまま送信先通信端末装置30に送信し、指紋データの一致の確認が通信管理サーバ20から送信先通信端末装置30に送信されるまで、送信先通信端末装置30、より詳しくはクライアント部12が閲覧制限領域の表示を抑止する構成としても本実施の形態は成立する。
(2)指紋データは読み取った指紋の画像全体でなくとも良く、画像の一部(複数個所でも可)を登録し、照合するようにしても良い。
(3)第1及び第2の実施の形態では、Webメールの一部を閲覧制御領域とする例を挙げたが、本発明はWebメールに限定されるものではなく、電子メール、ファイル保管システム、データ交換システム、オークションサイトなどの個人ページ、ネット証券、SNS、企業内HPなど送信者、情報提供者がデータや情報の受け取り手を特定して、データや情報の送配信を行うシステムにおける閲覧にも適用することが可能である。
(4)上記実施の形態の指紋データに代えて、個人を一意に識別可能なデータである「個人識別データ」を使用しても本発明は成立する。
[5.まとめ、その他]
 以上、本発明の実施の形態を説明したが、本発明はこれらに限定されるものではなく、発明の趣旨を逸脱しない範囲内において、種々の変更、追加、組み合わせ等が可能である。 A modification of the operation of the second embodiment will be described.
[4. Modified example]
(1) In the first and second embodiments, the communication management server 20 does not transmit the contents of the browsing restriction area to the transmission destination communication terminal device 30, but the communication management server 20 does not transmit the contents of the browsing restriction area. The transmission destination communication terminal device 30 transmits the data as it is without deletion or replacement to the transmission destination communication terminal device 30 until the confirmation of fingerprint data matching is transmitted from the communication management server 20 to the transmission destination communication terminal device 30. Specifically, the present embodiment is established even when the client unit 12 is configured to suppress the display of the browsing restriction area.
(2) The fingerprint data may not be the entire image of the read fingerprint, and a part (or a plurality of locations) of the image may be registered and collated.
(3) In the first and second embodiments, an example has been given in which a part of the Web mail is used as the browsing control area. However, the present invention is not limited to the Web mail, but an electronic mail and a file storage system. Browsing on systems that send and distribute data and information by identifying senders and information providers such as data exchange systems, personal pages such as auction sites, online securities, SNS, and corporate websites It is also possible to apply to.
(4) The present invention can also be realized by using “personal identification data”, which is data that can uniquely identify an individual, instead of the fingerprint data of the above embodiment.
[5. Summary, etc.]
As mentioned above, although embodiment of this invention was described, this invention is not limited to these, A various change, addition, a combination, etc. are possible in the range which does not deviate from the meaning of invention.
 1・・・通信システム; 10、10A・・・送信元通信端末装置; 20、20A・・・通信管理サーバ; 30、30A・・・送信先通信端末装置; 40・・・通信網; 11,31・・・通信制御部; 12、32・・・クライアント部; 13,33・・・指紋登録要求部; 14、34・・・指紋読み取り部; 15、35・・・入力部; 16、36・・・出力部; 21・・・サーバ側通信制御部; 22・・・指紋データ登録部; 23・・・指紋データベース部; 24・・・通信管理部; 25・・・制限解除要求処理部; DESCRIPTION OF SYMBOLS 1 ... Communication system; 10, 10A ... Transmission source communication terminal device; 20, 20A ... Communication management server; 30, 30A ... Transmission destination communication terminal device; 40 ... Communication network; 31: Communication control unit; 12, 32 ... Client unit; 13, 33 ... Fingerprint registration request unit; 14, 34 ... Fingerprint reading unit; 15, 35 ... Input unit: 16, 36・ ・ ・ Output unit; 21 ... Server side communication control unit; 22 ... Fingerprint data registration unit; 23 ... Fingerprint database unit; 24 ... Communication management unit; ;

Claims (3)

  1.  送信元通信端末装置の使用者に対応する第1の個人識別データと当該使用者のユーザ識別情報を対とする登録データと、送信先通信端末装置の使用者に対応する第2の個人識別データと当該使用者のユーザ識別情報を対とする登録データとを記憶する記憶手段と、
     送信元通信端末装置から送信された通信内容を記憶し、当該通信内容の少なくとも一部であって、送信先通信端末装置において閲覧不可とした部分である閲覧制限部分を設定し、送信先通信端末装置の使用者の指紋認証成功前においては、閲覧制限部分を閲覧不可の状態にした前記通信内容を前記送信先通信端末装置に送信し、前記送信先通信端末装置の使用者の指紋認証成功後においては、前記送信先通信端末装置において前記閲覧制限部分を閲覧可能とするデータを前記送信先通信端末装置に送信する管理手段と、
     前記送信先通信端末装置から閲覧制限解除要求メッセージを受信すると、前記送信先通信端末装置からユーザ識別情報と共に送信された第3の個人識別データを受信し、そのユーザ識別情報に対応付けられて前記記憶手段に記憶されている前記第2の個人識別データとを照合し、第3の個人識別データと第2の個人識別データが一致すると判定した場合は、前記管理手段に前記閲覧制限部分を前記送信先通信端末装置において閲覧可能とするデータを前記送信先通信端末装置に送信するよう命令する要求処理手段と
    を有する、通信システム。     First personal identification data corresponding to the user of the transmission source communication terminal device and registration data paired with the user identification information of the user, and second personal identification data corresponding to the user of the transmission destination communication terminal device And storage means for storing registration data paired with the user identification information of the user,
    Stores the communication content transmitted from the transmission source communication terminal device, sets at least a part of the communication content, and sets a browsing restriction portion which is a portion that cannot be viewed in the transmission destination communication terminal device, and transmits to the transmission destination communication terminal Before the fingerprint authentication of the user of the device is successful, the communication content in which the browsing restricted portion is disabled from being browsed is transmitted to the transmission destination communication terminal device, and after the fingerprint authentication of the user of the transmission destination communication terminal device is successful In the transmission destination communication terminal device, a management means for transmitting data that enables browsing of the browsing restricted portion to the transmission destination communication terminal device,
    When receiving a browsing restriction release request message from the transmission destination communication terminal device, the third personal identification data transmitted together with the user identification information from the transmission destination communication terminal device is received, and associated with the user identification information The second personal identification data stored in the storage means is collated, and if it is determined that the third personal identification data and the second personal identification data match, the browsing restriction portion is added to the management means. A communication system comprising: request processing means for instructing transmission to the transmission destination communication terminal apparatus of data that can be browsed in the transmission destination communication terminal apparatus.
  2.  前記通信内容が当該通信内容の送信者本人によって送信されたものであることの確認を要求するメッセージである本人確認要求メッセージを送信する送信者本人確認要求手段と、
     前記本人確認要求メッセージを受け取ると、前記通信内容とともに送信されている個人識別データと、前記送信者のユーザ登録時に記憶された当該送信者の個人識別データを比較し、双方の個人識別データが一致する場合に、本人確認が成功した旨の通知メッセージを送信する本人確認処理手段と、
    をさらに有する請求項1に記載の通信システム。     A sender identity confirmation requesting means for transmitting an identity confirmation request message that is a message requesting confirmation that the communication content is transmitted by the sender of the content of the communication;
    When the identity confirmation request message is received, the personal identification data transmitted together with the communication content is compared with the personal identification data of the sender stored at the time of the user registration of the sender, and the personal identification data of both coincides. The identity verification processing means for sending a notification message to the effect that the identity verification is successful,
    The communication system according to claim 1, further comprising:
  3.  送信者の個人識別データの送信を要求するメッセージである個人識別データ送信要求メッセージを受信すると、前記送信者の個人識別データを取得し、この個人識別データを送信する個人識別データ提供手段と、
     前記通信内容が当該通信内容の送信者本人によって送信されたものであることの確認を要求するメッセージである本人確認要求メッセージを送信する送信者本人確認要求手段と、
     前記本人確認要求メッセージを受け取ると、前記個人識別データ送信要求メッセージを送信し、前記個人識別データ送信要求メッセージに応じて送信された前記個人識別データを受信し、この受信した個人識別データと前記送信者のユーザ登録時に記憶された当該送信者の個人識別データを比較し、双方の個人識別データが一致する場合に、本人確認が成功した旨の通知メッセージを送信する本人確認処理手段と、
    をさらに有する請求項1に記載の通信システム。     Receiving a personal identification data transmission request message, which is a message requesting transmission of personal identification data of the sender, obtaining personal identification data of the sender and transmitting personal identification data;
    A sender identity confirmation requesting means for transmitting an identity confirmation request message that is a message requesting confirmation that the communication content is transmitted by the sender of the content of the communication;
    Upon receipt of the personal identification request message, the personal identification data transmission request message is transmitted, the personal identification data transmitted in response to the personal identification data transmission request message is received, and the received personal identification data and the transmission Personal identification processing means for comparing the personal identification data of the sender stored at the time of the user registration of the sender, and transmitting a notification message that the personal identification has been successful when both personal identification data match,
    The communication system according to claim 1, further comprising:
PCT/JP2014/068047 2013-07-05 2014-07-07 Communication system WO2015002321A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2015525306A JP6312672B2 (en) 2013-07-05 2014-07-07 Communications system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013141310 2013-07-05
JP2013-141310 2013-07-05

Publications (1)

Publication Number Publication Date
WO2015002321A1 true WO2015002321A1 (en) 2015-01-08

Family

ID=52143888

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/068047 WO2015002321A1 (en) 2013-07-05 2014-07-07 Communication system

Country Status (2)

Country Link
JP (1) JP6312672B2 (en)
WO (1) WO2015002321A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016200864A (en) * 2015-04-07 2016-12-01 バイオニクス株式会社 Message service system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001125871A (en) * 1999-10-28 2001-05-11 Minolta Co Ltd Electronic message board and electronic message board system
US20040049686A1 (en) * 2002-09-05 2004-03-11 Chun-Yu Chen Fingerprint identification applied data storage system and method
JP2007115228A (en) * 2005-09-20 2007-05-10 Iti:Kk Masking program and masking system
JP2013030157A (en) * 2011-06-24 2013-02-07 Nihon Univ Secret information browsing method and secret information browsing system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3227031B2 (en) * 1993-06-14 2001-11-12 富士通株式会社 Email processing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001125871A (en) * 1999-10-28 2001-05-11 Minolta Co Ltd Electronic message board and electronic message board system
US20040049686A1 (en) * 2002-09-05 2004-03-11 Chun-Yu Chen Fingerprint identification applied data storage system and method
JP2007115228A (en) * 2005-09-20 2007-05-10 Iti:Kk Masking program and masking system
JP2013030157A (en) * 2011-06-24 2013-02-07 Nihon Univ Secret information browsing method and secret information browsing system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016200864A (en) * 2015-04-07 2016-12-01 バイオニクス株式会社 Message service system

Also Published As

Publication number Publication date
JP6312672B2 (en) 2018-04-18
JPWO2015002321A1 (en) 2017-02-23

Similar Documents

Publication Publication Date Title
RU2522024C2 (en) Method of signing electronic documents with analogue-digital signature with additional verification
JP5711430B2 (en) ID authentication management apparatus and method
JP6882080B2 (en) Image processing equipment, methods, programs and systems
US10848304B2 (en) Public-private key pair protected password manager
US10992838B2 (en) System for executing process associated with biometric information, and method in system, information processing apparatus, and method in information processing apparatus for same
US9998288B2 (en) Management of secret data items used for server authentication
US20070136820A1 (en) Server apparatus, client apparatus, control method therefor, and computer program
JP4555322B2 (en) Image communication system and image communication apparatus
JP2008181178A (en) Network output system, authentication information registration method, and authentication information registration program
JP7278802B2 (en) Service use device, method, and program
JP2006155547A (en) Individual authentication system, terminal device and server
KR101831381B1 (en) Method of smart login using messenger service and device thereof
JP2006048651A (en) Network print system and facsimile communication system
JP2022044080A (en) Information processing apparatus and program
JP6325654B2 (en) Network service providing apparatus, network service providing method, and program
JP6312672B2 (en) Communications system
JP7079528B2 (en) Service provision system and service provision method
JP5005394B2 (en) Mail server access method and e-mail system
JP4749017B2 (en) Pseudo biometric authentication system and pseudo biometric authentication method
JP2008225831A (en) Thin client system, server used for the same, client terminal, security card, and data communication method
JP6989906B1 (en) Password management system, password management device, password management method, password management program and recording medium
JP2019003509A (en) Information processing device and information processing program
JP6470006B2 (en) Shared authentication information update system
JP4717356B2 (en) Information processing device, information processing method using the same, and information processing program
CN117478785A (en) Method and device for exiting child mode, storage medium and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14819323

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2015525306

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14819323

Country of ref document: EP

Kind code of ref document: A1