JP5854562B2 - Server and server login method - Google Patents

Description

  The present invention relates to a web authentication server that can be accessed after a login operation.

  For example, Patent Document 1 proposes a method for controlling login when accessing a server through a network.

JP 2002-132725 A

  However, when performing a login operation, it is necessary to input an ID and a password on the client side.

  Accordingly, an object of the present invention is to provide a server and a login method capable of simplifying a login operation in a state where an ID, a password, and the like cannot be decrypted by a third party.

  The server according to the present invention creates a program including an information input operation at the time of login including an ID, transmits an Internet shortcut file including a unique character string corresponding to the program or the character string to the client, and stores the Internet shortcut file. When there is an access from the client using the cookie information, the cookie information is used to confirm the identity with the client when the client program is created, and then the program corresponding to the character string is executed.

  The contents of the program are recorded in the storage of the server, and the client only records a unique character string corresponding to the program in a part of the URL of the Internet shortcut file. For this reason, even if another person sees the URL of the Internet shortcut file, the contents of the program are not decoded.

  Also, since the cookie information is individual information for each client, it cannot be used even if the Internet shortcut file is transferred to another client. For this reason, operations between the client and the server including the login operation can be simplified in a highly secure state.

  In addition, when a plurality of users are sharing one client, an Internet shortcut file for each of the plurality of users can be provided in the one client.

  Preferably, the program includes, in addition to the information input operation at the time of login, an operation for selecting a specific operation from the menu screen after login, and when the operation for selecting the specific operation is performed a predetermined number of times or more. The program is created.

  This makes it possible to automatically simplify operations that are frequently used by users.

  Preferably, the client is accessed using an Internet shortcut file, and before the program is executed, a control signal for turning on the camera provided in the client is transmitted and information captured by the camera is received. To do.

  The server X records user's face information as user information in advance and compares it with the user's photograph sent from the client by the face recognition function etc. It is possible to determine whether or not it is impersonation.

  Preferably, the URL of the Internet shortcut file includes an address for accessing the server and the character string provided at the end of the address, and records the program, the character string, and the cookie information of the client. .

  A method for logging in from a client to a server according to the present invention includes a program creation step for creating a program including an information input operation at the time of login including an ID, an Internet shortcut file including a unique character string corresponding to the program, or the character string. And a confirmation process for confirming the identity of the client when creating the client program using the cookie information when there is an access from the client using the Internet shortcut file. A program execution step of executing a program corresponding to the character string when it can be confirmed.

  The server according to the present invention creates a program including an information input operation at the time of login including an ID, transmits a unique character string corresponding to the program to the client, and after the access from the client and before the login A server that executes a program corresponding to a character string after confirming the identity of the client with the client information when creating the program using the cookie information when a column is input.

  As described above, according to the present invention, it is possible to provide a server and a login method that can simplify a login operation in a state where an ID, a password, and the like cannot be decrypted by a third party.

It is a block diagram of the information sharing system in this embodiment. It is a figure which shows the example of a login screen (authentication information input screen). It is a figure which shows the example of the menu screen after the users other than an administrator log in in 1st mode. It is a figure which shows the example of the menu screen after an administrator logs in in 1st mode. It is a figure which shows the example of the screen displayed on the administrator's client after switching to 2nd mode. It is a figure which shows the example of a 1st table. It is a figure which shows the example of the menu screen after the users other than an administrator log in in 2nd mode. It is a flowchart which shows a 1st procedure. It is a figure which shows the example of the login screen (authentication information input screen) containing the message which uses a camera or a microphone. It is a figure which shows the example of a 2nd table. It is a figure which shows the example of a 3rd table. It is a flowchart which shows a 2nd procedure. It is a flowchart which shows a 3rd procedure. It is a figure which shows the example of the login screen which provided the character string input column. It is a flowchart which shows a 4th procedure.

  Hereinafter, the present embodiment will be described with reference to the drawings. The information sharing system 1 in this embodiment includes a plurality of clients C1 to C5 and a server (web authentication server) X (see FIG. 1). The number of clients is an example and is not limited to five.

  The information sharing system 1 is an information sharing operation such as a video conference system or a training system in which each user accesses the server X using any of the clients C1 to C5 and logs in, and selects the information on the menu screen after logging in It is a system that executes (such as a specific meeting).

  Each of the clients is a computer capable of network connection (connection via the Internet network) having an input device such as a keyboard, a pointing device, a camera, a microphone, an output device such as a monitor, a speaker and a printer, and a control device such as a CPU. is there.

  The server X stores user information including an ID, has a storage in which software of the information sharing system 1 is installed, and a control device such as a CPU that executes the software. Service Provider) server. The clients C1 to C5 use the browser software to access the server X and operate the software of the information sharing system 1 installed on the server X.

  The user information recorded by the server X includes at least an ID, a password, and a user name for each user.

  When the user inputs a specific URL and accesses the server X using one of the clients C1 to C5, a login screen (authentication information input screen) is displayed (see FIG. 2). When an ID or password is entered on the login screen, the information sharing system 1 is logged in, and the menu screen after login is displayed (see FIG. 3). On the menu screen after logging in, an information sharing operation such as a meeting or training is made selectable, and the selected information sharing operation (first information sharing operation) is executed. That is, the server X executes the information sharing operation selected on the menu screen after logging in through the client as the first mode.

  The software of the information sharing system 1 in the present embodiment goes to the second mode in which not only the normal information sharing operation (first information sharing operation) in the first mode but also another information sharing operation (second information sharing operation) is performed. Switching function. Specifically, the server X is used after logging in after switching from the first mode to the second mode in the operation after logging in through the client with the ID of a specific person (administrator) among the users. A table of information (first table to third table)

  The server X records that a specific user among the users is an administrator, and when logging in using the administrator ID or password, the first information sharing operation is performed on the menu screen after logging in. In addition to the operation selection for the purpose, the switching to the second mode is made selectable (see FIG. 4).

  When the second information sharing operation key is clicked on the menu screen after login using the administrator ID and password, the server X switches from the first mode to the second mode, indicating that the mode has been switched. The screen display shown in FIG. 5 is performed, and the second mode is maintained until the administrator switches to the first mode. In the second mode, when logging in with an administrator ID or the like, the screen shown in FIG. 5 is displayed on the client used for logging in.

  When a user other than the administrator logs in in the second mode, the server X identifies the user name based on the user ID sent from the client at the time of login and the user information recorded in the server X. To do. The server X also specifies the date and time when the ID is transmitted and the IP address of the computer. After specifying these pieces of information, a table of information on the users who have logged in (first table, see step S13 in FIGS. 6 and 8) is created, and the login state is canceled (log off, in FIGS. 7 and 8). (See step S14).

  The first table is displayed by clicking the table list display key on the screen after login (see FIG. 5) using the administrator ID and password.

  As an example, the first table in Fig. 6 shows that the user (ID: Tanaka) logged in at 17:30 on August 3, 2012 at 17:30 on August 3, 2012. The user (Yamada XX) with ID: 123459 logged in, and the user (Suzuki △ □) with ID: 123473 logged in at 17:34 on August 3, 2012.

  Next, a first procedure in which the server X creates the first table will be described using the flowchart of FIG. The first procedure is performed at regular time intervals (for example, 1 ms). In step S11, the server X determines whether or not the second mode is set. If the second mode is set, the process proceeds to step S12. If the first mode is set, the first procedure is terminated.

  In step S12, the server X determines whether or not a login operation has been performed by a user other than the administrator. If there is a login operation, the process proceeds to step S13. If there is no login operation within a predetermined time, the first procedure is terminated.

  In step S13, the server X writes and updates the ID, user name, IP address, etc. of the user as information on the logged-in user in the first table.

  In step S14, the server X cancels (logs off) the login state of the user who has logged in in step S12, and ends the first procedure.

  By using the second mode of the information sharing system 1 in the present embodiment, the administrator can confirm the safety of the user from the login information in an emergency or the like. As in the first mode, the user can send necessary information to the server X only by performing a login operation, and thus does not need to learn a special operation.

  The information sharing system 1 can be used in addition to the first mode (normal information sharing operation). However, the second mode is used in an emergency or the like, and the necessity of operating the first mode is low. There are few demerits for the inability to operate the first mode during the two-mode operation.

  Since both the clients C1 to C5 and the server X use hardware necessary for the first mode, it is not necessary to add new hardware in order to execute the second mode.

  The software installed in the server X can also be realized by adding a function for executing the second mode and a function for switching between the first mode and the second mode to the function for executing the first mode. Therefore, the information sharing system 1 of the present embodiment can be easily realized by adding to software (for example, TV conference system software) having a function of executing the first mode.

  In the second mode, since the server X forcibly logs off after obtaining the login information, the login state of one user can be canceled within a few seconds. For this reason, even if the number of users who can log in simultaneously is limited (for example, all users have 100 users and 20 users can log in at the same time), it is easy for other users to log in. I can do it.

  In addition, when another user cannot log in due to the restriction of the number of users who can log in at the same time, Server X displays "Automatically update until login is possible" to the client of the user who could not log in. The browser screen may be displayed, and the login operation may be repeated at regular intervals until login is possible. If login is possible, the browser screen of FIG. 7 may be displayed. In this case, it is possible to repeatedly perform the login operation until one can log in with one login operation.

  The login screen in the second mode replaces the login screen shown in FIG. 2 with an instruction to input the ID and password, an instruction to turn the user's face toward the client camera, and a voice of the user on the client microphone. The server X may also be configured to display a message including an instruction indicating that the server X receives information on the user's face and voice at the time of login (see FIG. 9).

  Specifically, when the login screen in the second mode is displayed, the server X photographs the user's face using the camera when the client is provided with a camera for photographing the user. If the microphone for recording the user's voice is provided in the client, the voice uttered by the user is recorded using the microphone. When the login key on the login screen (see FIG. 9) is clicked, the image data obtained by shooting and the audio data obtained by recording are transmitted to the server X together with the ID and password.

  Operation control (on / off control) of the camera and microphone provided in the client may be performed manually by the user of the client, or when the server X transmits a control signal for causing the client to display a login screen. A form of sending a control signal for turning on the camera or the microphone may be used.

  The server X collects the user's face information and voice information as well as information related to the user's login, and the second table in a state where the user can view the face picture and reproduce the voice (see FIG. 10).

  The administrator may check the status of the logged-in user or determine whether the person is not a legitimate user by looking at face information or listening to audio information. It becomes possible. The server X records the user's face information and voice information in advance as user information and determines whether or not the user is a legitimate user by using a face recognition function or voice authentication (voice print authentication) function. The form performed by comparing may be sufficient.

  In addition, by displaying a message such as turning your face to the camera on the login screen, it is easier to record the face of the user who is logging in, and it is easier to record the voice of the user who is logging in. It has merit (without mistakes in timing).

  The 2nd table was the user of ID: 123456 (Tanaka ●●) logged in with video from the camera and sound from the microphone at 17:30 on August 3, 2012 at 17:00 on August 3, 2012. At 33 minutes, the user with ID: 123459 (Yamada ○ ×) logged in without video and audio. At 17:34 on August 3, 2012, the user with ID: 123473 (Suzuki △ □) Shows the state of logging in with sound from the microphone.

  Further, at the time of login, information on the type of personal computer used for login (company, home, mobile, etc.) is also transmitted, and the server X creates a third table (see FIG. 11) instead of the second table. Also good. In this case, the administrator can grasp the situation in which the user has logged in (such as being in the company).

  The third table shows that at 17:30 on August 3, 2012, the user with ID: 123456 (Tanaka ●●) logged in from the company PC with video from the camera and sound from the microphone. At 17:33 on the day, the user (Yamada ○ ×) with ID: 123459 logged in from his home PC without video and audio, and at 17:34 on August 3, 2012, the user with ID: 123473 ( Suzuki Δ □) shows a state of logging in from a company PC with a microphone.

  Next, a mode for simplifying the login operation will be described. Access to server X (input URL to access server X) via a client (for example, client C1), log in by entering ID and password on the login screen sent from server X, When the user of the ID gives an instruction to simplify the operation until a specific information sharing operation (for example, 3. internal meeting) is selected on the menu screen after login, the server X executes the operation. Program (macro, script, etc.) and a unique character string corresponding to the program are set and recorded in the storage together with the cookie information (HTTP Cookie) of the client C1. The unique character string in the present embodiment refers to an arrangement of characters and symbols that does not depend on the contents of the program (especially ID and password) such as “000001”. An operation performed by the program includes an information input operation at the time of login including at least an ID, and a specific information sharing operation is included up to an arbitrary level of the user.

  In addition, the server X transmits an Internet shortcut file including a URL for accessing the server X and the character string to the client C1, and stores it on the desktop of the client C1. For example, the URL of the Internet shortcut file is represented by “http://XX.com/auto/000001” (“XX.com” is an address for accessing the server X, “000001” Unique string corresponding to the program).

  When the server X is accessed using the Internet shortcut file via the client C1, the server X uses the cookie information recorded in the storage related to the client C1, and the cookie of the client C1 set by the server X at the time of the access. It is determined whether the information related to the identification of the client matches the information. If they match, the server X reads the program corresponding to the character string “000001” included in the URL of the Internet shortcut file from the storage and executes it. Thereby, the user is logged in with the ID and password included in the program, and a specific information sharing operation (here, 3. internal meeting) is selected.

  Next, a second procedure in which the server X creates an Internet shortcut file will be described using the flowchart of FIG. The second procedure is performed at regular time intervals (for example, 1 ms). In step S31, the server X determines whether an instruction for simplifying the login operation has been received via the client. If the instruction has been received, the process proceeds to step S32. If the instruction has not been received, the second procedure is terminated.

  In step S32, the server X performs an operation corresponding to the instruction (login by entering the ID and password on the login screen after starting the browser and accessing the server X, and performing a specific information sharing operation on the menu screen after the login) Is created (program creation step), a unique character string corresponding to the program is set, the program / character string / cookie information is recorded in the storage, and the server X is accessed. An Internet shortcut file including the URL and the character string is created and transmitted to the client who has instructed step S31 (transmission step). The information to be transmitted to the client is preferably an Internet shortcut file, but may be a form in which only the character string is transmitted and an Internet shortcut file is created on the client side. The shortcut file and the character string transmission means in the transmission step are performed by e-mail or a message transmission function via the software of the information sharing system 1.

  Next, a third procedure for the server X to accept a login from the client will be described with reference to the flowchart of FIG. The third procedure is performed at regular time intervals (for example, 1 ms). In step S51, the server X determines whether there is an access through the client. If there is an access, the process proceeds to step S52. If there is no access, the third procedure is terminated.

  In step S52, the server X determines whether or not the access is using an Internet shortcut file. Specifically, it is determined whether or not “/ auto /” or “specific character string (“ 000001 ”, etc.)” is included at the end of the address of the server X in the URL that is the access source. If it is included (if the access is using an Internet shortcut file), the process proceeds to step S53; otherwise, the process proceeds to step S55.

  In step S53, the server X determines whether the cookie information recorded in the storage related to the accessed client matches the cookie information of the client set by the server X at the time of access (identity is determined). Confirmation process to confirm). If they match, the process proceeds to step S54, and if they do not match, the process proceeds to step S55.

  In step S54, the server X reads out the program corresponding to the character string included in the Internet shortcut file from the storage, executes it, enters the ID and password on the login screen after starting the browser and accessing the server X. Log in and select a specific information sharing operation on the menu screen after login (program execution step). If the second mode is set, the user information and the like are written in the first table by the operation of step S54.

  In step S55, the server X starts up a browser and displays a login screen after accessing the server X.

  Since the program includes an ID and password, it must not be deciphered by others. In this embodiment, the contents of the program are recorded in the storage of the server X, and the unique character string corresponding to the program is only recorded in a part of the URL of the Internet shortcut file in the client C1. For this reason, even if another person sees the URL of the Internet shortcut file, the contents of the program are not decoded.

  Also, since the cookie information is individual information for each client, it cannot be used even if the Internet shortcut file is transferred to another client. For this reason, operations between the client and the server including the login operation can be simplified in a highly secure state.

  In addition, when a plurality of users are sharing one client, an Internet shortcut file for each of the plurality of users can be provided in the one client.

  The log-in operation in the second mode can also be performed with a simple operation using such an Internet shortcut file. For example, if an Internet shortcut file that simplifies the operation until entering a specific information sharing operation in the first mode (for example, 3. In-house conference), a login operation can be easily performed in the second mode (after login). You will be logged off immediately and no specific information sharing will occur).

  Also, when creating the Internet shortcut file, the type of client (computer used for login) (company, home, mobile, etc.) can also be determined. If so, the server X can create the third table (see FIG. 11).

  The login operation may be simplified in response to a user instruction (step S31 in FIG. 12) via the client, or may be automatically performed when a certain condition is satisfied. For example, when an operation for selecting a specific operation from a menu screen after login by the same client and the same user is performed more than a certain number of times, a program including the operation for selecting the specific operation is included. A form is conceivable in which a character string corresponding to a program or an Internet shortcut file including the character string is transmitted to the client. This makes it possible to automatically simplify operations that are frequently used by users.

  In addition, a form for simplifying such a login operation (a method for logging in from a client to a server) is not limited to a system that performs an information sharing operation such as a TV conference system, but an ID or password between the client and the server. It can also be applied to other systems where login operations are performed using.

  Before the client is accessed using the Internet shortcut file and the program is executed, the server X transmits a control signal for turning on the camera provided in the client and receives information captured by the camera. In the face recognition function etc., the server X recorded the user's face information etc. as user information in advance and the user's photo sent from the client, It is possible to determine whether or not the person is not a legitimate user.

  In the present embodiment, a description has been given of a mode in which a program including an information input operation at the time of login is executed after confirming cookie information when there is an access using a shortcut file. However, the server X does not use a shortcut file. It is possible to input the character string after logging in and before logging in, check the cookie information, and execute a program including an information input operation at the time of logging in.

  In this case, the information transmitted to the client in the transmission process is not the shortcut file but the character string. Therefore, it is possible to omit the work of creating a shortcut file.

  As a specific operation, when a user inputs a specific URL and accesses the server X using one of the clients C1 to C5, a login screen (authentication information input screen) including a character string input field is displayed. Is displayed (see FIG. 14). As a fourth procedure (see FIG. 15) in which the server X accepts login from the client every fixed time (for example, 1 ms), when the character string is input instead of an ID or password on the login screen. (See step S71 in FIG. 15), after the cookie information is confirmed (see step S72 in FIG. 15), the program corresponding to the character string is executed (see step S73 in FIG. 15). If the identity of the cookie information cannot be confirmed, the screen returns to the login screen display of FIG. 14 (see step S74 of FIG. 15).

1 Information Sharing System C1-C5 Client X Server

Claims (6)

Create a program including an information input operation at the time of login including ID, send an Internet shortcut file including a unique character string corresponding to the program or the character string to the client,
There was an access from the client using the Internet shortcut file that was sent to the client or an Internet shortcut file that was created by the client and that contained the character string sent to the client In this case, the server executes the program corresponding to the character string after confirming the identity of the client with the client at the time of creating the program using cookie information. The program includes an operation for selecting a specific operation from the menu screen after logging in, in addition to the information inputting operation at the time of logging in,
The server according to claim 1, wherein the program is created when an operation for selecting the specific operation is performed a predetermined number of times or more. There is access from the client using the Internet shortcut file sent to the client, or the Internet shortcut file created by the client that includes the character string sent to the client. 2. The server according to claim 1, wherein before executing the program, the server transmits a control signal for turning on a camera provided in the client and receives information photographed by the camera. Having been sent to the client a the Internet shortcut file, and URL of those containing the character string that has been transmitted to the client an Internet shortcut file that is created by the client, in order to access to the server And the character string provided at the end of the address,
2. The server according to claim 1, wherein the program, the character string, and cookie information of the client are recorded. A program creation step for creating a program including an information input operation at the time of login including an ID;
An internet shortcut file including a unique character string corresponding to the program or a transmission step of transmitting the character string to a client;
There was an access from the client using the Internet shortcut file that was sent to the client or an Internet shortcut file that was created by the client and that contained the character string sent to the client A confirmation step of confirming the identity of the client with the client at the time of creating the program using cookie information,
A program execution step of executing a program corresponding to the character string when the identity can be confirmed, and a login method from a client to a server. Create a program including an information input operation at the time of login including ID, send a unique character string corresponding to the program to the client,
After the access from the client and before the login, the character string is input, and after confirming the identity of the client with the client at the time of creating the program using cookie information, the character A server characterized by executing a program corresponding to a column.

Images