JP2000047971A - Server and client system device with user certifying function, user certifying method, server with user certifying function, and computer-readable recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To secure the security based on user certification and to improve the operability at the time of charge imposing processing concerning a server/ client system for performing sessionless communication such as HTTP communication. SOLUTION: When the user certification performed by a user certifying processing part 13 while inputting a log-in name/password provided by the request of a log-in name/password or the like input request processing part 12, is OK, a parameter (log-in name/pass word or the like) transmission instructing part 19 for user identification transmits that log-in name/password or the like to a client 5 at the time of session end and in the case of requesting a connection to the other server, the client 5 transmits that log-in name/ password or the like to that server. Then that server performs the user certification by inputting that log-in name/password or the like.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a server client system apparatus with a user authentication function for performing sessionless communication from at least one client to a plurality of servers including at least one server with a user authentication function. The present invention relates to a server client system device with a user authentication function capable of ensuring security and obtaining simple operability.

[0002]

2. Description of the Related Art In recent years, sessionless communication such as HTTP communication (a communication method in which a session is disconnected each time) is performed by a server client system as shown in FIG. There are many examples of such systems.

[0003] In such a system, there are many cases where it is necessary to authenticate a user in order to secure security depending on functions provided by a server. In addition, from the viewpoint of cost burden, there is a case where a user is specified and a billing process is performed.

[0004] Therefore, a server client system with a user authentication function which is usually considered from the prior art will be described. As shown in FIG. 28, a system including a server A1, a server B2, a server C3 and a plurality of clients 5 and 6 is taken as an example. Each server has a user authentication function in addition to its own function, and therefore includes user authentication processing units 13, 33, and 43. Further, the user authentication processing units 13, 33, 43 have authentication databases 14, 34, 44, respectively.

[0005] The server A1 and the client 5 shown in FIG.
Will be described. Interface processing unit 11
Is configured to receive a connection request from the client 5 with the URL of the HTML document, and to perform an interface process with the browser 51 of the client 5 such as transmitting the HTML document to the client in response to the request. Interface processing unit 11 and browser 5
Passing parameters between 1 is the argument, Cookie
e, file, etc.

The login name / password etc. input request processing section 12 is configured to make a request for prompting the operator to input a login name / password etc. necessary for user authentication processing.

[0007] The user authentication processing unit 13 compares the input login name / password and the like with the contents of the authentication database 14 to authenticate the user. If the user is determined to be a valid user, OK is output, and if it is determined that the user is not a valid user, NG is output.

The authentication database 14 is a database for managing information necessary for user authentication, and has a data format as shown in FIG. One record corresponds to one user, and each record has items of a login name 91, a password 92, and a billing code 93. The login name 91 is a code for identifying a user. The password 92 is a secret code known only to the user. The billing code 93 is a code for specifying a person, an organization, or the like who bears the cost required for each function used by the user. These items are configured to be updated when the system administrator adds or deletes a user or changes a password or the like.

The menu selection requesting section 15 is configured to make a request for prompting the operator to select a menu.

When the function a (internal database search function) is selected, the function a (internal database search function) processing section 16 performs processing based on the search condition.
7, and is configured to output a search result. The internal database 17 is a database inside the server A1.

When the function b (external database search function) or the function c (statistical processing function) is selected in response to the menu selection request, the next connection server instruction section 18 relates to each function of the server B2 or the server C3. HTM
It is configured to set the URL of the L document.

The billing processing section 21 outputs information such as the execution time required to calculate the cost required for the function used by the user based on the execution history output from the function a (internal database search function) processing section 16. It is configured so that it is totaled and stored together with a billing code which is a code for specifying a person or an organization who bears the cost.

The client 5 is an HT placed on the server.
It has a browser 51 which is software for browsing ML documents.

The configuration of the server B2 shown in FIG. 32 will be described. The interface processing unit 31 includes an interface processing unit 11, a login name / password input request processing unit 32, a login name / password input request processing unit 12, a user authentication processing unit 33 includes a user authentication processing unit 13, The authentication database 34 is configured to perform the same function as the authentication database 14, respectively.

A function b (external database search function) processing unit 35 connects to an external database search server 36,
Perform an external database search based on the search criteria,
It is configured to output search results. The external database search server 36 is a database search server outside the server B2, and the connection method with the server B2 does not matter.

The next connection server instruction unit 37 is configured to set the URL of an HTML document relating to the menu selection request of the server A1.

The billing processing unit 40 is configured to perform the same processing as the billing processing unit 21 except that it is based on the execution history output from the function b (external database search function) processing unit 35.

Next, based on the processing flows of the server A1, the client, and the server B2 shown in FIGS. 30, 31, and 33, the function b of the server A2 is followed by the function b of the server B2. The operation of executing the (external database search function) will be described.

The operator operates the browser 5 of the client 5
When instructing the server A1 to connect to the menu selection request of the server A1, the browser 51 sets the URL of the HTML document relating to the menu selection request of the server A1, and requests the server A1 to connect.

As shown in FIG. 30, in the server A1 which has received the connection request via the interface processing unit 11,
The login name / password etc. input request processing unit 12 makes a request for prompting the operator to enter a login name / password etc. necessary for the user authentication process (step 300).
1).

As a result, a login name / password input request screen as shown in FIG. 25 is displayed on the browser 51 of the client 5. Then, the operator inputs his / her login name, password, and charging code into the login name input line 71, the password input line 72, and the charging code input line 73, respectively, and selects the execution icon 75. These pieces of information are transmitted to the server A1 (Step 3002).

The user authentication processing section 13 compares the input login name / password and the like with the contents of the authentication database 14 to authenticate the user. Specifically, FIG.
A search is performed for a record having the same login name as the input login name from the data format of the authentication database as shown in (1), and the password and charging code of the record match the input password and charging code, respectively. In this case, the operator is determined to be a valid user and OK is output. If there is no record with the same login name, or if one or both of the password and the billing code do not match, it is determined that the operator is not a valid user and NG is output (step 3003).

If the result of the user authentication is OK, a session is started (step 3004). Then, menu selection requesting unit 15 makes a request for prompting the operator to select a menu (step 3005).

Thus, a menu selection request screen as shown in FIG. 26 is displayed on the browser 51 of the client 5. Then, the operator selects the function a (internal database search function) selection icon 81, and then selects the execution icon 85. This information is transmitted to the server A1 (Step 3006).

Since the function a (internal database search function) is selected, the function a (internal database search function) processing section 16 searches the internal database 17 based on the search conditions input by the operator, and the client 5
The search result is output to the browser 51 (step 300).
7).

When the processing of the function a (internal database search function) is completed, a menu selection request screen as shown in FIG. 26 is displayed again on the browser 51 of the client 5 (step 3005). Then, the operator
(External Database Search Function) The selection icon 82 is selected, and then the execution icon 85 is selected. This information
The data is transmitted to the server A1 (Step 3006).

Since the function b (external database search function) has been selected, the next connection server instructing unit 18 sets the HTML relating to the function b (external database search function) of the server B.
The URL of the document is set (step 3008).

The billing processing section 21 outputs information such as the execution time required for calculating the cost required for the function used by the user based on the execution history output from the function a (internal database search function) processing section 16. The data is totaled and stored together with a billing code which is a code for specifying a person, an organization or the like who bears the cost (step 3010).

The server A1 ends the session as described above.
At the same time, the UR of the HTML document related to the function b (external database search function) of the server B2 is sent to the client 5.
L, and then instructs to connect to server B2 (step 3011).

As shown in FIG. 31, the browser 51 of the client 5 receiving the URL of the HTML document related to the function b (external database search function) of the server B2 to be connected next from the server A1, sets the URL, and sets the URL. Request connection to B2 (steps 3101 and 311)
102, 3103).

As shown in FIG. 33, the server B2 that has received the connection request via the interface processing unit 31 also
As in the case of the server A1, the login name / password etc. input request processing unit 32 makes a request to prompt the operator to input a login name / password necessary for the user authentication process (step 3301).

Thus, similar to the case of the server A1,
A login name / password input request screen as shown in FIG. 25 is displayed again on the browser 51 of the client 5. The operator again enters his / her login name, password, and billing code into the login name input line 71,
Password input line 72, billing code input line 73
, And select the execution icon 75. These pieces of information are transmitted to the server A1 (Step 3302).

As in the case of the server A1, the user authentication processing section 33 compares the input login name / password and the like with the contents of the authentication database 34 to authenticate the user (step 3303).

If the result of the user authentication is OK, a session is started (step 3304). The function b (external database search function) processing unit 35 connects to the external database search server 36, searches the external database based on search conditions input by the operator, and outputs the search result to the browser 51 of the client 5. (Step 3305).

When the processing of the function b (external database search function) is completed, the next connection server instruction unit 37
The URL of the HTML document related to the first menu selection request is set (step 3306).

The accounting unit 40 performs the same processing as that of the accounting unit 21 of the server A1, except that it is based on the execution history output from the function b (external database search function) processing unit 35 (step 3307).

The server B1 ends the session as described above.
At the same time, the URL of the HTML document relating to the menu selection request of the server A1 is transmitted to the client 5, and the client 5 is instructed to connect to the server A1 (step 330).
8).

As described above, in sessionless communication, 1
Since the session is terminated every time, a user authentication process is required every time a server is switched and a connection request is made. Further, when the user recognition function of each server as shown in FIG. 28 is used, the user authentication function of each server is independent, so that even a user who has been authenticated at the previous server can re-authenticate at the later server. Processing must be performed. Therefore, the operator has to respond to the input of the login name and the password required by the user recognition function of each server every time the connection is started, and has to perform a complicated operation of repeatedly inputting the same parameters.

Such an operation is essentially performed in a system in which a series of functions such as searching for necessary information from a plurality of databases is realized by switching a plurality of servers as in this example. Since an operator who does not need to be conscious is forced to perform an operation that is deemed unnecessary, the operator is strongly uncomfortable and the utility of the system is significantly reduced.

[0040]

SUMMARY OF THE INVENTION The present invention has been made in order to eliminate the above-mentioned drawbacks of the prior art, and has as its object to provide at least one client with at least one user authentication function. In a server client system device with a user authentication function that performs sessionless communication with a plurality of servers including a server,
It is to ensure both security and easy operability.

That is, in the server client system that performs sessionless communication, security is ensured by user authentication and accounting processing is enabled, and furthermore, an input request for a login name, a password, and the like is prevented from being repeated, thereby reducing the operational load. That is.

[0042]

SUMMARY OF THE INVENTION A server client system device with a user authentication function of the present invention provides a user who performs sessionless communication from at least one client to a plurality of servers including at least one server with a user authentication function. A server client system device with an authentication function, characterized in that at least a part of the parameters at the time of the previous user authentication are retained inside the server client system device, and the parameters are used at the time of the subsequent user authentication. It is.

Still further, at least some of the parameters for the previous user authentication are transferred from the server that has performed the user authentication to the client, and further transferred from the client to the server that performs the subsequent user authentication. It is a feature.

Still further, at least a part of the parameters at the time of the user authentication is at least a part of the parameters input to the server which has performed the user authentication, stored in the client. Is transferred to a server that performs user authentication.

Further, at least a part of the parameters at the time of the user authentication is at least a part of the parameters input at the time of the user authentication.

Further, at least a part of the parameters at the time of the user authentication is at least a part of the parameters output at the time of the user authentication.

According to the user authentication method of the present invention, at least one
In a user authentication method of a server client system that performs sessionless communication from one client to a plurality of servers including at least one server with a user authentication function, at least a part of the parameter at the time of the previous user authentication is set in the server client system. The method is characterized in that the method includes a step of holding the parameter inside the apparatus and a step of using the parameter at the time of user authentication later.

The server with a user authentication function of the present invention is a server with a user authentication function that is sessionlessly communicated from at least one client, and has a user authentication processing unit for inputting a parameter received simultaneously with a connection request from the client. It is characterized by the following.

A server with a user authentication function according to the present invention is a server with a user authentication function that is sessionlessly communicated from at least one client, wherein a parameter to be input at the time of user authentication to another server is transmitted from the client. A user authentication parameter transmission instructing unit that instructs the client to perform the following.

A computer-readable recording medium according to the present invention includes a step of inputting parameters received at the same time as a connection request from a client as an input, performing user authentication, a step of connecting to the client, a step of executing an application, and a step of executing an application. A program for causing a computer to execute a server-side sessionless communication method having a step of terminating a connection is recorded.

A computer-readable recording medium according to the present invention includes a step of connecting to a client, a step of executing an application, and a step of transmitting, from the client, parameters to be input at the time of user authentication to another server. , And a program for causing a computer to execute a server-side sessionless communication method having a step of ending a connection with a client.

[0052]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiment 1 Hereinafter, the present invention will be described based on embodiments shown in the drawings. As shown in FIG. 1, a server A1 according to the present embodiment includes an interface processing unit 11, a login name / password input request processing unit 1
2, user authentication processing unit 13, authentication database 14,
Menu selection requesting unit 15, function a (internal database search function) processing unit 16, internal database 17, next connection server instruction unit 18, user authentication parameter (login name / password etc.) transmission instruction unit 19, and charging processing unit 21 Have. Of these, each processing unit other than the user authentication processing unit 13 and the user authentication parameter (login name / password etc.) transmission instructing unit 19 has the same configuration as each processing unit according to the conventional example described above (FIG. 29). Have been.

If there is a login name / password etc. received at the same time as the connection request from the client, the user authentication processing unit 13 authenticates the user by inputting the login name / password etc. If there is no name / password or the like, the user is authenticated by inputting the login name / password or the like input via the login name / password input request processing unit 12 as in the conventional example. ing.

The user authentication parameter (login name / password, etc.) transmission instructing unit 19 determines that the result of the user authentication is O.
In the case of K, the user authentication parameters (login name / password, etc.) are acquired from the user authentication processing unit 13, and the user authentication parameters are transmitted from the client to the next server to be connected. Parameters (login name / password, etc.)
Is set in the interface processing unit 11.

As shown in FIG. 1, the client 5 according to the present embodiment has a browser 51 as in the above-described conventional example.

As shown in FIG. 4, server B according to the present embodiment
2 is an interface processing unit 31, a user authentication processing unit 33, an authentication database 34, a function b (external database search function) processing unit 35, an external database search server 36, a next connection server instruction unit 37, a user authentication parameter (login A name / password, etc.) transmission instructing section 38 and an accounting section 40. Among them, the interface processing unit 31, the authentication database 34, the function b
(External Database Search Function) The processing units of the processing unit 35, the external database search server 36, the next connection server instructing unit 37, and the billing processing unit 40 are the same as those of the above-described conventional processing units (FIG. 32). It is configured.

If there is a login name / password etc. received at the same time as the connection request from the client, the user authentication processing section 33 authenticates the user by inputting the login name / password etc. When there is no name / password or the like, the processing of the server B2 is ended without starting a session. Therefore, the conventional example does not include the login name / password input request processing unit 32 (FIG. 32).

The user authentication parameter (login name / password, etc.) transmission instructing unit 38 is the same as the user authentication parameter (login name / password, etc.) transmission instructing unit 19 of the server A1, and the result of the user authentication is OK. In this case, the user authentication parameters (login name / password, etc.) are acquired from the user authentication processing unit 33, and the user authentication parameters are transmitted from the client to the server to be connected next. (A login name / password, etc.) is set in the interface processing unit 31.

This embodiment is configured as described above, and its operation will be described below. In the same manner as in the description of the conventional example, based on the processing flow of the server A1, the client, and the server B2 shown in FIGS.
The operation of executing the function b (external database search function) of the server B2 following the function a (internal database search function) of No. 1 will be described.

As in the conventional example, when the operator instructs the browser 51 of the client 5 to connect to the menu selection request of the server A1, the browser 51 transmits the URL of the HTML document relating to the menu selection request of the server A1.
Is set to request connection to the server A1.

As shown in FIG. 2, in the server A1 which has received the connection request via the interface processing unit 11, there is no login name / password etc. received simultaneously with the connection request from the client. The user authentication processing unit 13 authenticates the user by inputting the login name / password input via the login name / password input request processing unit 12 (steps 201 to 2).
04).

As in the conventional example, the result of the user authentication is O
In the case of K, a session is started (step 20).
5) The menu selection requesting unit 15 makes a request for prompting the operator to select a menu, and information that the operator has selected the function a (internal database search function) is transmitted from the client to the server A1 (step 20).
6,207).

As in the conventional example, the server A1 has the function a
(Internal database search function) processing, and when the processing is completed, a request is again made to prompt the operator to select a menu. When the operator receives the information that the function b (external database search function) is selected, the next connection server instruction is issued. The unit 18 sets the URL of the HTML document relating to the function b (external database search function) of the server B (steps 208, 206, 207, 209).

In the present embodiment, in particular, a user authentication parameter (login name / password, etc.) transmission instructing section 19
Is to acquire the user authentication parameters (login name / password, etc.) from the user authentication processing unit 13 when the result of the user authentication is OK, and to transmit the user authentication parameters from the client to the next server to be connected. Together with the instruction, these user authentication parameters (login name / password, etc.)
1 is set (step 211).

As in the conventional example, the billing processing section 21 performs billing processing in which information such as the execution time of the processing of the function a (internal database search function) is totaled and stored together with the billing code (step 212).

As in the conventional example, the server A1 ends the session as described above, and at the same time transmits the URL of the HTML document relating to the function b (external database search function) of the server B2 to the client 5, and then transmits the URL to the server B2. (Step 213).

However, in the present embodiment, in particular, the instruction to transmit the user authentication parameters from the client to the server to be connected next and the user authentication parameters (login name / password, etc.) are also transmitted to the client at the same time as the end of the session. 5 is transmitted.

As shown in FIG. 3, similarly to the conventional example, the browser 51 of the client 5 receiving the URL of the HTML document relating to the function b (external database search function) of the server B2 to be connected next from the server A1, The URL
Is set (steps 301 and 302).

However, in this embodiment, in particular, the server A1
According to the instruction to receive the user authentication parameters (login name / password, etc.) from the server and simultaneously transmit the received user authentication parameters to the next server to be connected.
The user authentication parameters (login name / password, etc.) are set and transmitted to the server B2 together with a connection request (steps 303 to 305).

As shown in FIG. 5, in this embodiment, in particular, in the server B2 which has received the connection request via the interface processing unit 31, there is a login name / password and the like received simultaneously with the connection request from the client. ,
The user authentication processing unit 33 authenticates the user by inputting the login name / password and the like (step 501,
502). Therefore, unlike the conventional example, the operator is not repeatedly prompted to input the login name / password required for the user authentication process.

As in the conventional example, the user authentication processing unit 33
Compares the input login name / password and the like with the contents of the authentication database 34 and authenticates the user (step 502).

As in the conventional example, the result of the user authentication is O
In the case of K, a session is started, processing of function b (external database search function) is performed, and when the processing is completed, the next connection server instructing unit 37 outputs the URL of the HTML document relating to the menu selection request of server A1. It is set (steps 503 to 505).

In the present embodiment, in particular, a user authentication parameter (login name / password, etc.) transmission instructing section 38
Is to acquire the user authentication parameters (login name / password, etc.) from the user authentication processing unit 33 when the result of the user authentication is OK, and to transmit the user authentication parameters from the client to the server to be connected next. Together with the instruction, these user authentication parameters (login name / password, etc.)
1 is set (step 506).

In the same manner as in the conventional example, the billing processing section 40 performs billing processing in which information such as the execution time of the processing of the function b (external database search function) is totaled and stored together with the billing code (step 507).

In the same manner as in the conventional example, the server B2 ends the session as described above, and at the same time, transmits the UR of the HTML document relating to the menu selection request of the server A1 to the client 5.
L, and then instructs to connect to server A1 (step 508).

However, in this embodiment, in particular, the instruction to transmit the user authentication parameters from the client to the server to be connected next and the user authentication parameters (login name / password, etc.) are also transmitted to the client at the same time as the end of the session. 5 (step 508).

Thereafter, the server B performs the same processing flow.
Switch from 2 to server A1. However, as shown in FIG. 2, since the server A1 has a login name / password etc. received at the same time as the connection request from the client, the user authentication processing unit 13 inputs the login name / password etc. Authentication is performed (step 201).

A method for managing the authentication database 14 will be described. As shown in FIG. 6, the authentication databases of a plurality of servers are continuously updated. For example, when the system administrator instructs to add a user, the user is added to the authentication database 14 of the server A1, and then the server B is added.
Similarly, a user is added to the authentication database 34 of
Further, the user is similarly added to the authentication database 44 of the server C3. The addition of a user is performed by a method of adding a new record or finding an empty record according to the data format shown in FIG. 27, and recording information of each item such as a login name in the record.

Similarly, when deleting a user or changing a password or the like, the authentication databases 14, 34 and 44 are continuously updated.

As described above, by continuously updating the authentication databases of a plurality of servers, it is possible to easily maintain the consistency of the contents of the authentication databases of the respective servers. As a result, the same authentication result can be obtained for each server for the same authentication parameter, so that the user authentication function in which the same parameter is automatically input to the authentication function of a different server as in the present embodiment. In the attached server client system, the server can be reliably switched.

Embodiment 2 As shown in FIG. 7, the server A1 according to the present embodiment includes an interface processing unit 11, a login name / password input request processing unit 12, a user authentication processing unit 13, an authentication database 14, a menu selection request unit 15, a function a (Internal Database Search Function) Processing Unit 16, Internal Database 17, Next Connection Server Instruction Unit 1
8, a user authentication parameter (login name / password, etc.) transmission instructing unit 19 and an accounting unit 21 are provided. Of these, each processing unit other than the user authentication processing unit 13 and the user authentication parameter (login name / password etc.) transmission instructing unit 19 has the same configuration as each processing unit according to the conventional example described above (FIG. 29). Have been.

The user authentication processing section 13 has the same configuration as in the first embodiment.

The user authentication parameter (login name / password, etc.) transmission instructing section 19 sets in the interface processing section 11 only an instruction to transmit the user authentication parameter from the client to the next server to be connected. Is configured.

As shown in FIG. 7, the client 5 according to the present embodiment includes a browser 51 and a user authentication parameter (login name / password, etc.) storage unit 52.

The user authentication parameter (login name / password, etc.) storage section 52 is configured to store a login name / password etc. inputted by an operator in response to a login name / password etc. input request.

As shown in FIG. 10, the server B2 according to the present embodiment includes an interface processing unit 31, a user authentication processing unit 33, an authentication database 34, a function b (external database search function) processing unit 35, and an external database search server. 36, a next connection server instruction unit 37, a user authentication parameter (login name / password, etc.) transmission instruction unit 38,
An accounting unit 40 is provided. Among them, the interface processing unit 31, the authentication database 34, the function b
(External Database Search Function) The processing units of the processing unit 35, the external database search server 36, the next connection server instructing unit 37, and the billing processing unit 40 are the same as those of the above-described conventional processing units (FIG. 32). It is configured.

The user authentication processing section 33 has the same configuration as in the first embodiment.

The user authentication parameter (login name / password, etc.) transmission instructing section 38 sets, to the interface processing section 31, only an instruction to transmit the user authentication parameter from the client to the next server to be connected. Is configured.

This embodiment is configured as described above, and its operation will be described below. Similar to the description of the conventional example, based on the processing flows of the server A1, the client, and the server B2 shown in FIGS. 8, 9, and 11, following the function a (the internal database search function) of the server A1,
An operation of executing the function b (external database search function) of the server B2 will be described.

As shown in FIG. 8, the processing flow of the first embodiment (steps 201 to 208, 206, 207, 20
Similarly to 9), the server A1 receiving the connection request requests the input of the login name / password and the like, waits for the input of the login name / password and the like by the operator, authenticates the user, and requests the menu selection. Waiting for the operator to select function a (internal database search function), processing function a (internal database search function), requesting menu selection again, and selecting function b (external database search function) by the operator UR of HTML document related to function b (external database search function)
L is set (steps 801 to 808, 806, 8
07,809).

In this embodiment, however, the login name / password etc. input by the operator in response to the login name / password etc. input request is stored in the user authentication parameter (login name / password etc.) storage unit 5 of the client 5.
2 remembers.

In the present embodiment, in particular, the user authentication parameter (login name / password etc.) transmission instructing section 19 transmits only an instruction to transmit the user authentication parameter from the client to the server to be connected next. Although set for the processing unit 11, it is not necessary to set parameters for user authentication (login name / password, etc.) (step 811).

Processing Flow of First Embodiment (Step 21)
Similarly to (2, 213), the server A1 performs a charging process and a session termination process (steps 812, 813).

However, in the present embodiment, in particular, an instruction to transmit the user authentication parameter from the client to the next server to be connected is transmitted to the client 5 at the same time as the end of the session. It is not necessary to send login name / password etc.).

As shown in FIG. 9, similarly to the processing flow of the first embodiment (steps 301 and 302), the client 5 transmits the HTML document related to the function b (external database search function) of the server B2 to be connected next. The URL is received, and the URL is set (steps 901 and 90).
2).

In the present embodiment, however, the user authentication parameters (login name / password etc.) are obtained from the user authentication parameter (login name / password etc.) storage unit 52 of the client 5 (step 903).

Processing Flow of First Embodiment (Step 30)
Similarly to (4,305), the user authentication parameters (login name / password, etc.) are set and transmitted to the server B2 together with the connection request (steps 904, 905).

As shown in FIG. 11, similar to the processing flow of the first embodiment (steps 501 to 508), server B
2 operates (steps 1101 to 1108).

However, in this embodiment, in particular, the server A1
Similarly to the above, it is not necessary to set parameters for user authentication (login name / password, etc.), and it is not necessary to transmit them (steps 1106, 1108).

Embodiment 3 The server client system with a user authentication function according to the present embodiment has a configuration as shown in FIG.
Embodiment 1 (FIG. 28) is provided with 33 and 43.
Is the same as However, each user authentication processing unit 13, 3
The third and fourth embodiments are different from the first embodiment in that user authentication is performed using an authentication database 41 which is connected to an authentication server 4 and managed centrally.

As shown in FIG. 13, the configuration of the server A1 is such that the user authentication processing unit 13 connects to the authentication server 4 connected to each server instead of the authentication database 14 connected only to the server A1. The configuration is the same as that of the server A1 (FIG. 1) of the first embodiment except for the point described above.

As shown in FIG. 13, the configuration of the client is the same as that of the first embodiment (FIG. 1).

As shown in FIG. 14, also in the configuration of the server B1, the user authentication processing section 33 connects to the authentication server 4 connected to each server instead of the authentication database 34 connected only to the server B2. The configuration is the same as that of the server B1 (FIG. 4) of the first embodiment except for the point described above.

This embodiment is configured as described above,
The operation is performed similarly to the processing flow of the first embodiment (FIGS. 2, 3, and 5).

Embodiment 4 As shown in FIG. 12, the user authentication processing units 13, 33, 4
3 is connected to an authentication server 4 and performs user authentication using an authentication database 41 which is centrally managed.
5 and FIG. 16, other configurations are the same as those of the second embodiment (FIGS. 7 and 10).

This embodiment is configured as described above,
The operation is performed in the same manner as in the processing flow of the second embodiment (FIGS. 8, 9, and 11).

In the third and fourth embodiments, the user authentication method using the same function of the authentication server has been described.
As described above, since the user authentication function of a plurality of servers uses the function of the same authentication server, the same authentication result can always be obtained for the same user authentication parameter, and the same authentication function for different servers is automatically used. In the server client system with a user authentication function to which the user authentication parameters of (1) and (2) are input, server switching is performed more reliably.

Embodiment 5 FIG. As shown in FIG. 12, similarly to the third embodiment, each of the user authentication processing units 13, 33, 4
Reference numeral 3 is connected to the authentication server 4 and performs user authentication using an authentication database 41 which is centrally managed.

As shown in FIG. 17, the configuration of the server A1 is different from the server A1 (FIG. 13) of the third embodiment in that the user authentication parameter (login name / password, etc.) Parameters (authentication I
D) A transmission instruction unit 20 is provided. The authentication ID is an ID given by the authentication server 4 to identify the user when the result of the user authentication is OK.

If there is an authentication ID received at the same time as the connection request from the client, the user authentication processing unit 13 authenticates the user by inputting the authentication ID, and if there is no authentication ID received at the same time, In the same manner as in the conventional example, the user is authenticated by inputting the login name / password or the like input via the login name / password input request processing unit 12, and if the result of the user authentication is OK, It is configured to receive an authentication ID from the authentication server 4.

The user authentication parameter (authentication ID) transmission instructing section 20 acquires the user authentication parameter (authentication ID) from the user authentication processing section 13 when the result of the user authentication is OK, and outputs the user authentication parameter. The user authentication parameter (authentication ID) is set in the interface processing unit 11 together with an instruction to transmit to the server to be connected next from the client.

As shown in FIG. 17, the client 5 according to the present embodiment has a browser 51 as in the above-described conventional example.

As shown in FIG. 20, the configuration of server B2 is different from server B2 of the third embodiment (FIG. 14) in that user authentication parameter (login name / password, etc.) transmission instructing section 38 is replaced with user authentication server B2. Parameters (authentication I
D) A transmission instruction unit 39 is provided.

If there is an authentication ID received at the same time as the connection request from the client, the user authentication processing unit 33 performs authentication of the user by inputting the authentication ID. Is configured to end the processing of the server B2 without starting a session.

The user authentication parameter (authentication ID) transmission instructing unit 39 is, like the user authentication parameter (authentication ID) transmission instructing unit 20 of the server A1, a user authentication parameter when the result of the user authentication is OK. (Authentication ID) is acquired from the user authentication processing unit 33, and the user authentication parameter (authentication ID) is transmitted from the client to the server to be connected next, and the user authentication parameter (authentication ID) is transmitted to the interface processing unit 31
It is configured to be set with respect to.

The present embodiment is configured as described above, and its operation will be described below. Similarly to the description of the conventional example, based on the processing flows of the server A1, the client, and the server B2 shown in FIGS. 18, 19, and 21, the server B2 is followed by the function a (internal database search function) of the server A1. Function b (external database search function)
Will be described.

As in the conventional example, when the operator instructs the browser 51 of the client 5 to connect to the menu selection request of the server A1, the browser 51 transmits the URL of the HTML document relating to the menu selection request of the server A1.
Is set to request connection to the server A1.

As shown in FIG. 18, in the server A1 which has received the connection request via the interface processing unit 11,
Authentication ID received at the same time as the connection request from the client
Therefore, the login name / password input via the input request processing unit 12 such as the login name / password
The user authentication processing unit 13 authenticates the user by inputting a password or the like (steps 1801 to 1804). Further, when the result of the user authentication is OK, an authentication ID is received from the authentication server 4 (step 1805).

Processing Flow of First Embodiment (Step 20)
5 to 208, 206, 207, and 209), a menu selection is requested, and after the operator selects function a (internal database search function), processing of function a (internal database search function) is performed. The menu selection is requested again, and after the operator selects function b (external database search function), the URL of the HTML document related to function b (external database search function) is set (steps 1807 to 1810, 1808, 180).
9, 1811).

In the present embodiment, in particular, the user authentication parameter (authentication ID) transmission instructing section 20 acquires the user authentication parameter (authentication ID) from the user authentication processing section 13 when the result of the user authentication is OK. The interface processing unit 11 transmits the user authentication parameter (authentication ID) together with an instruction to transmit the user authentication parameter from the client to the server to be connected next.
(Step 1813).

The processing flow of the first embodiment (step 21
Similarly to (2, 213), the server A1 performs a charging process and a session termination process (steps 1814, 181).
5).

However, in this embodiment, in particular, an instruction to transmit a user authentication parameter from a client to a server to be connected next and a user authentication parameter (authentication I
D) is also transmitted to the client 5 simultaneously with the end of the session.

As shown in FIG. 19, the client 5 operates similarly to the processing flow (steps 301 to 305) of the first embodiment (steps 1901 to 1905).

However, in this embodiment, in particular, an authentication ID is obtained and set instead of the login name / password and the like (steps 1903 and 1904).

As shown in FIG. 20, in this embodiment, in particular, in server B2 which has received the connection request, there is an authentication ID received simultaneously with the connection request from the client. The user is authenticated by inputting the authentication ID (steps 2101 and 210)
2).

The processing flow of the first embodiment (step 50)
3 to 505), the server B2 starts a session, executes the processing of the function b (external database search function), and instructs the next connection server (steps 2103 to 2103).
105).

In this embodiment, in particular, the user authentication parameter (authentication ID) transmission instructing section 39 obtains the user authentication parameter (authentication ID) from the user authentication processing section 33 when the result of the user authentication is OK. The interface processing unit 31 transmits the user authentication parameter (authentication ID) together with an instruction to transmit the user authentication parameter from the client to the server to be connected next.
Set for

The processing flow of the first embodiment (step 50
7, 508), the server B2 performs a charging process and a session termination process (steps 2107, 210).
8).

However, in the present embodiment, in particular, an instruction to transmit a user authentication parameter from a client to a server to be connected next and a user authentication parameter (authentication I
D) is also transmitted to the client 5 simultaneously with the end of the session.

Next, a process of user authentication when a login name / password or the like is input to the authentication server 4 will be described with reference to FIG. User authentication processing unit 1 of server A1
The authentication server 4 which has received the login name / password and the like from the server 3 receives the record having the same login name as the input login name from the data format of the authentication database as shown in FIG. And if the password and billing code of that record match the entered password and billing code respectively,
The operator is determined to be a valid user, and OK is set (steps 2201 to 2203 and 2205). If no record with the same login name exists or if one or both of the password and the billing code do not match, it is determined that the operator is not a valid user, and NG is set (step 2204).

Further, when the authentication result is OK,
An authentication ID for identifying the user is determined and set (steps 2206 and 2207).

The session is terminated and the authentication result (O
K) and the authentication ID or the authentication result (NG) are transmitted, and the process ends (step 2208).

Next, a process when an authentication ID is input to the authentication server 4 will be described with reference to FIG. For example,
The authentication server 4 that has received the authentication ID from the user authentication processing unit 33 of the server B2 checks whether or not the authentication ID matches the authentication ID previously given. Verification result, authentication ID
If they match, the operator is determined to be a valid user and OK is set (steps 2301 to 230
4). If the authentication IDs do not match, it is determined that the operator is not a valid user, and NG is set (step 2303).

The session is terminated, and the authentication result (O
K) or the authentication result (NG) is transmitted, and the process ends (step 2306).

[0135]

According to the present invention, at least a part of the parameters at the time of the previous user authentication is held in the server client system device, and the parameters are used at the time of the subsequent user authentication. In this case, there is no need to repeatedly input parameters such as a login name and a password, and a simple operation can be realized without making the operator aware of server switching. By this, in the case of a system that realizes a series of functions such as searching for necessary information from multiple databases by switching a plurality of servers, security is ensured without making the operator aware of server switching, By performing a billing process, the practicality of the system can be significantly improved.

In the present invention, at least a part of the parameters at the time of the previous user authentication are transferred from the server that has performed the user authentication to the client, and further transferred from the client to the server that performs the subsequent user authentication. Therefore, from the start of the session to the end of the session, there is no need to store the parameters on the client side, and the client only needs to temporarily store the parameters for delivery until a connection request to the next server is made. Therefore, there is no need to always provide an area for storing parameters. Therefore, the processing load on the client side is small, a general-purpose browser is sufficient, and the system can be easily constructed.

In the present invention, at least a part of the parameters at the time of the user authentication is at least a part of the parameters input to the server that has performed the user authentication, stored in the client. Is transferred to a server that performs later user authentication, so that processing on the server can be reduced. In addition, there is an advantage that processing can be continued even when the server that has requested connection does not operate normally.

In the present invention, at least a part of the parameters at the time of the user authentication is at least a part of the parameters input at the time of the user authentication. In this case, the authentication process is performed, and there is an advantage that security is ensured.

In the present invention, at least a part of the parameters at the time of the previous user authentication is at least a part of the parameters output at the time of the user authentication. Judge the legitimacy of
There is an advantage that the comparison with the authentication database is unnecessary, and the authentication process can be sped up.

In the present invention, the server with the user authentication function that is sessionlessly communicated from at least one client includes the user authentication processing unit for inputting the parameter received simultaneously with the connection request from the client. Input becomes unnecessary, and the operation is simplified.

In the present invention, in a server with a user authentication function which is sessionlessly communicated from at least one client, the client is instructed to transmit a parameter to be input at the time of user authentication to another server. The provision of the user authentication parameter transmission instructing unit eliminates the need for the operator to input parameters, thereby simplifying the operation.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a server A and a client according to Embodiment 1 of the present invention.

FIG. 2 is a diagram illustrating a processing flow of a server A according to Embodiments 1 and 3 of the present invention.

FIG. 3 is a diagram showing a processing flow of a client according to Embodiments 1 and 3 of the present invention.

FIG. 4 is a configuration diagram of a server B and a client according to the first embodiment of the present invention.

FIG. 5 is a diagram showing a processing flow of a server B according to Embodiments 1 and 3 of the present invention.

FIG. 6 is a processing flow of management of an authentication database according to the first and second embodiments of the present invention.

FIG. 7 is a configuration diagram of a server A and a client according to Embodiment 2 of the present invention.

FIG. 8 is a diagram showing a processing flow of a server A according to Embodiments 2 and 4 of the present invention.

FIG. 9 is a diagram illustrating a processing flow of a client according to Embodiments 2 and 4 of the present invention.

FIG. 10 is a configuration diagram of a server B and a client according to Embodiment 2 of the present invention.

FIG. 11 is a server B according to the second and fourth embodiments of the present invention.
It is a figure of the processing flow of.

FIG. 12 is a schematic diagram of a server client system with a user authentication function according to Embodiments 3 to 5 of the present invention.

FIG. 13 is a configuration diagram of a server A and a client according to Embodiment 3 of the present invention.

FIG. 14 is a configuration diagram of a server B and a client according to Embodiment 3 of the present invention.

FIG. 15 is a configuration diagram of a server A and a client according to Embodiment 4 of the present invention.

FIG. 16 is a configuration diagram of a server B and a client according to Embodiment 4 of the present invention.

FIG. 17 is a configuration diagram of a server A and a client according to Embodiment 5 of the present invention.

FIG. 18 is a diagram depicting a processing flow of the server A according to the fifth embodiment of the present invention;

FIG. 19 is a diagram showing a processing flow of a client according to the fifth embodiment of the present invention.

FIG. 20 is a configuration diagram of a server B and a client according to Embodiment 5 of the present invention.

FIG. 21 is a diagram depicting a processing flow of the server B according to the fifth embodiment of the present invention;

FIG. 22 is a diagram showing a processing flow when a login name, a password, and the like of the authentication server according to Embodiment 5 of the present invention are input.

FIG. 23 is a diagram showing a processing flow when an authentication ID of an authentication server according to Embodiment 5 of the present invention is input.

FIG. 24 is a schematic diagram of a server client system according to the related art.

FIG. 25 is a diagram of a login name / password input request screen according to the prior art and the first to fifth embodiments of the present invention.

FIG. 26 is a diagram of a menu selection request screen according to the related art, and first to fifth embodiments of the present invention.

FIG. 27 is a diagram of a data format of an authentication database according to the related art and the first to fifth embodiments of the present invention.

FIG. 28 is a schematic diagram of a conventional technology, a server client system with a user authentication function according to Embodiments 1 and 2 of the present invention.

FIG. 29 is a configuration diagram of a server A and a client according to the related art.

FIG. 30 is a diagram showing a processing flow of a server A according to a conventional technique.

FIG. 31 is a diagram showing a processing flow of a client according to the conventional technique.

FIG. 32 is a configuration diagram of a server B and a client according to the related art.

FIG. 33 is a diagram illustrating a processing flow of a server B according to the related art.

[Explanation of symbols]

1 server A, 2 server B, 3 server C, 4 servers for authentication, 5 clients, 6 clients, 7
Login name / password input request screen, 8 menu selection request screen, 11 interface processing unit, 12 login name / password input request processing unit, 13 user authentication processing unit, 14 authentication database, 15 menu selection request unit, 16 functions a (internal database search function) processing unit, 17 internal database, 18th connection server instruction unit, 19 user authentication parameter (login name / password, etc.) transmission instruction unit, 20 user authentication parameter (authentication ID) transmission instruction unit, 21 billing processor,
31 interface processing unit, 32 input request processing unit such as login name / password, 33 user authentication processing unit,
34 authentication database, 35 function b (external database search function) processing unit, 36 external database search server, 37th connection server instruction unit, 38 user authentication parameter (login name / password etc.) transmission instruction unit,
39 user authentication parameter (authentication ID) transmission instructing unit, 40 accounting unit, 41 authentication database, 4
3 User authentication processing unit, 44 Authentication database, 5
1 browser, 52 user authentication parameter (login name / password, etc.) storage unit, 71 login name input line, 72 password input line, 73 charging code input line, 74 end icon, 75 execution icon,
81 function a (internal database search function) selection icon, 82 function b (external database search function) selection icon, 83 function c (statistical processing function) selection icon,
84 end icon, 85 execution icon, 91 login name, 92 password, 93 billing code.

Claims (10)

[Claims] 1. A server client system device with a user authentication function that performs sessionless communication from at least one client to a plurality of servers including at least one server with a user authentication function. Characterized in that at least a part of the server client system device is held inside the server client system device, and its parameters are used at the time of subsequent user authentication. 2. A method according to claim 1, wherein at least a part of the parameters at the time of the previous user authentication is transferred from the server that has performed the user authentication to the client, and further transferred from the client to the server that performs the subsequent user authentication. 2. The server client system device with a user authentication function according to claim 1, wherein 3. At least a part of the parameter at the time of the previous user authentication stores at least a part of the parameter input to the server that has performed the user authentication in the client, and the client performs the later processing. 2. The server client system device with a user authentication function according to claim 1, wherein the server client system device is transferred to a server that performs user authentication. 4. The apparatus according to claim 1, wherein at least a part of the parameter at the time of the user authentication is at least a part of a parameter input at the time of the user authentication.
A server client system device with a user authentication function according to the above. 5. The apparatus according to claim 1, wherein at least a part of the parameter at the time of the user authentication is at least a part of the parameter output at the time of the user authentication.
A server client system device with a user authentication function according to the above. 6. In a user authentication method of a server client system that performs sessionless communication from at least one client to a plurality of servers including at least one server with a user authentication function, parameters of the user authentication at the time of the previous user authentication are set. A user authentication method for a server client system, comprising: a step of holding at least a part of the server client system inside the apparatus; and a step of using the parameters at the time of user authentication later. 7. A server with a user authentication function that is sessionlessly communicated from at least one client, comprising a user authentication processing unit that inputs a parameter received simultaneously with a connection request from the client. Attached server. 8. In a server with a user authentication function that is sessionlessly communicated from at least one client, a user authentication parameter for instructing the client to transmit a parameter input at the time of user authentication to another server from the client. A server with a user authentication function, comprising a transmission instruction unit. 9. A server having a step of inputting parameters received at the same time as a connection request from a client and performing user authentication, a step of connecting with the client, a step of executing an application, and a step of terminating the connection with the client. A computer-readable recording medium recording a program for causing a computer to execute the sessionless communication method. 10. Connecting to a client;
A server-side sessionless having a step of executing an application, a step of instructing a client to transmit a parameter to be input at the time of user authentication to another server from the client, and a step of terminating the connection with the client A computer-readable recording medium on which a program for causing a computer to execute a communication method is recorded.