JP2003009243A - Authenticating device and method, network system and computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authenticating device which makes it difficult to pretend to be someone else in accessing information and also can be applied to the existing portable telephone. SOLUTION: When an access request is received from a portable telephone, an authentication server receives a user ID and a password from the portable telephone. In the case the user ID and password are legal, the telephone number of a CTI(computer telephony integration) device is notified to make the portable telephone to call the telephone number. In the case a detected telephone number is legal, the authentication server generates a session key to distinguish the telephone number from the other telephone numbers. The session key is embedded in a connection URL requested to be viewed by the portable telephone T to be sent to the portable telephone. In the case the portable telephone selects the connection URL for identification and the connection URL for identification is returned to the authentication server, the authentication server decides the propriety of the session key embedded in the connection URL for identification. If the session key is legal, the authentication server decides that the access request is legal.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication technique used when an information providing service is performed using a mobile phone, for example.

It has been a long time since an intelligent mobile phone (a mobile phone having an information processing mechanism) has spread, but nowadays,
Various services have been realized using intelligent mobile phones. For example, by using an intelligent mobile phone as a terminal for Internet mail service, the server side provides information services for individual users, and services such as business communication between companies or within the company are performed. It is becoming more common to actively utilize such computer networks.

Such a service is realized on the server side by controlling communication with the mobile phone via the Internet and accompanying access to a specific server. This type of service using a mobile phone is usually provided only to a specific person managed by the service provider, that is, a person who has registered in advance. From this point of view, in order to execute the service as described above, it is necessary to perform an authentication procedure to confirm whether the person who requests the service is under the control of the service provider. Become.

Authentication is generally performed using some permission information, for example, a user name or other user ID or password. That is, the user ID and password sent by the user from the mobile phone are compared with the user ID and password managed by the service provider, and if they match, the user is a valid person. Determines that he is not a legitimate person. Then, only the user who is judged to be a legitimate person can enjoy the predetermined service prepared on the server side. However, such an authentication method is not without problems. That is, if the user ID and password are stolen by another person, the other person can impersonate a legitimate user by using it.

[0005]

The present invention provides a new authentication technique capable of reliably preventing the above-mentioned "spoofing" problem, which could not be prevented even by using the conventional authentication method. That is the task. Another object of the present invention is to provide an application technique of such an authentication technique.

[0006]

The occurrence of "spoofing" is caused by the fact that the authorization information that has been conventionally used for authentication can be used regardless of whether it is a mobile phone or not as long as the authorization information can be obtained. . On the contrary, if the information unique to the mobile phone is used for authentication and the authentication that the access is made by the legitimate user is made only when the terminal is used, most impersonation can be prevented. be able to. On the other hand, when the above information unique to mobile phones is used for authentication, it is often necessary for the mobile phone to have a special function. If there is an authentication technology that allows you to use your existing mobile phone as it is, its value is high. The present invention has been made based on such findings.

According to the present invention, first, when a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device,
We propose an authentication device having the following configuration for authenticating whether or not the mobile phone is valid. The authentication device includes a recording unit in which the user identification information and a telephone number of a mobile phone used by each user are associated with each other, and a mobile phone that has requested access to predetermined information. The user identification information of the user who uses the telephone is received, and the received user identification information is compared with the user identification information recorded in the user identification information recording means to determine whether the user identification information is valid or not. A user identification information determining unit that detects the phone number of the mobile phone by accepting a call from the mobile phone to the mobile phone when the received user identification information is determined to be valid. The notification means for notifying the telephone number of the caller number detecting device of the While accepting information, when the telephone number specified by the information is recorded in the recording means, it distinguishes the mobile phone specified by the information from other mobile phones, and the predetermined connection information. The terminal identification information that can be added to the terminal identification information generating means for recording in the recording means in association with the telephone number of the mobile phone, and the connection information for accessing the predetermined information. The identification connection information transmitting means for embedding the terminal identification information to generate the identification connection information and transmitting the generated identification connection information to the mobile phone, and the mobile phone that has received the identification connection information The identification connection information is accepted, and the terminal identification information included in the accepted identification connection information is compared with the terminal identification information recorded in the recording means. Terminal identification information determining means for determining whether or not the terminal identification information is valid, and when the terminal identification information included in the received identification connection information is valid, the mobile phone requests access. The permission information is transmitted to a predetermined information recording device in which the information is recorded. Then, the mobile phone is allowed to access the information specified by the connection information sent from the permitting means to the information recording device.

This authenticating device issues a process of issuing terminal identification information associated with a telephone number unique to a mobile phone in association with user identification information for each mobile phone, and performing authentication using the terminal identification information. It can execute the processing to be performed. That is, the information used for authentication by this authentication device is the terminal identification information unique to each mobile phone. Therefore, if someone tries to impersonate another user, he / she cannot do so unless he / she obtains the mobile phone of the user who impersonates. Therefore, this authentication device has higher authentication reliability than the conventional authentication device. Further, in this authentication device, the terminal identification information is used as the information unique to the mobile phone, but this is generated by using the caller number notification function that a general mobile phone normally has. In addition, the terminal identification information is connection information normally used in an intelligent mobile phone (for example,
URL), and the authentication device embeds this in the connection information to generate identification connection information. This connection information for identification is used in the authentication device by sending it to the mobile phone and sending it back to the mobile phone. The connection information itself is also commonly used in a normal mobile phone. Therefore, this authentication device can be used in a normal intelligent mobile phone without any special function such as the use of Java (“Java” is a registered trademark of Sun Microsoft Co., Ltd.) program. It has become. The “access” in the present specification is a concept that includes various instructions such as a FAX instruction and a print instruction in addition to a request and an acquisition of information.

The user identification information according to the present invention is information assigned to each user, and may be any unique information that can identify each user. For example, it may consist of a set of ID and password. Further, in the identification connection information (the identification connection information specified by the mobile phone) transmitted from the mobile phone to the authentication device, the user identification information of the user who uses the mobile phone is added to, for example, the header thereof. There is a case. In this case, the terminal identification information determination means, the terminal identification information included in the identification connection information received from the mobile phone,
The user identification information is compared with the previous term terminal identification information and the user identification information recorded in the recording medium and associated with each other to determine whether or not the terminal identification information is valid. Is also good.

The identifying connection information transmitting means may hold connection information. This connection information may include information about the range to which each mobile terminal can connect. The connection information transmitting means for identification may be adapted to receive the connection information from the information recording device. In this case, the terminal identification information is embedded in the connection information received from the predetermined information recording device to generate the identification connection information. By doing so, the configuration of the authentication device can be simplified.

The authentication apparatus may further include identification information control means for stopping or canceling the use of the terminal identification information. By enabling the terminal identification information to be stopped and released by controlling the identification information, it is possible to improve the security of authentication. The identification information control means may stop the use of the terminal identification information for the mobile phone when there is no request for access to the predetermined information from a mobile phone for a predetermined time. In the authentication device of the present invention, the terminal identification information is generated in response to a call made from the mobile phone to the caller number detection device, and the subsequent authentication is performed by using this information. It is difficult for the authentication device to monitor access start (login) and end (logout). If a request for access to information is made after a certain period of time, the mobile terminal is more likely to have been picked up or stolen by a third party than if it was not. . If the terminal identification information is available at such a time, it is easy for a third party who obtains the mobile terminal to "spoof". If the identification information control means stops the use of the terminal identification information for the mobile phone when there is no request for accessing the predetermined information from the mobile phone for the predetermined time, It becomes possible to prevent such "spoofing".

The terminal identification information generating means in the authentication device of the present invention generates new terminal identification information each time a mobile phone is permitted to access predetermined information, and uses this to generate a new phone identification number of the mobile phone. It is also possible to overwrite the terminal identification information recorded in association with. By frequently changing the terminal identification information in this way, it is possible to further prevent the occurrence of “spoofing”.

The information to be accessed by the mobile phone is, for example, present in a predetermined network requiring security, and at least a part of the file has a common content with a file existing outside the network. It can be the record information of the common file maintained.

In the authentication device of the present invention, the information to be accessed by the mobile phone exists in a predetermined network requiring security, and a file existing outside the network and at least a part of the file. May be recorded information of a common file in which the common content is maintained.

According to the present invention, the first server which records the information accessible by the mobile phone and the authentication as to whether or not the mobile phone trying to access the information recorded in the first server is authorized. A mobile phone which is an originator of the access, in which the first server retrieves relevant information in response to an access from the mobile telephone which is determined to be valid. It can also be applied to a network system configured to send data to a network. In this case, the authentication device includes a recording unit that records the user identification information and the mobile phone number used by each user in association with each other, and a mobile phone that requests access to predetermined information. Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means A user identification information determining unit that determines whether the received user identification information is valid, and the telephone number of the mobile phone is detected by receiving a call from the mobile phone to the mobile phone. A notification means for notifying the telephone number of a predetermined caller number detecting device, and the telephone number of the mobile phone that has made the call from the caller number detecting device. The mobile phone specified by the information is discriminated from other mobile phones when the telephone number specified by the information is recorded in the recording means. Terminal identification information generating means for recording the terminal identification information that can be added to the connection information in the recording means in association with the telephone number of the mobile phone, and connection information for accessing the predetermined information. Specified by an identification connection information transmitting unit that embeds the terminal identification information in the terminal to generate identification connection information, and transmits the generated identification connection information to the mobile phone, and the mobile phone that has received the identification connection information. The identification connection information is accepted, and the terminal identification information included in the accepted identification connection information is compared with the terminal identification information recorded in the recording means. A terminal identification information determining means for determining whether or not the terminal identification information is legitimate,
When the terminal identification information included in the received identification connection information is valid, the connection information requested by the mobile phone to be accessed is the first information in which the information is recorded.
The permission means for transmitting to the server is provided, and the mobile phone is permitted to access the information specified by the connection information.

In the above-mentioned network, the first server is a second server existing outside the network in the network (at least a part of the first server and the record information thereof are maintained in common contents). A common file in which at least a part of the record information of each of the first server and the second server is maintained in common with each other. The authentication device may authenticate whether or not the mobile phone that attempts to access the record information of the common file of the first server is valid. In this case, the authentication device is configured to perform authentication as to whether or not the mobile phone attempting to access the record information in the common file of the first server is valid. In the case of a network system in which a first server and a second server are connected, each of these servers, when a change occurs in the record information of its own common file, the difference data before and after the change is sent to the other server. In addition to sending, when the difference data is received from the other server, a copying task of copying the difference data to its own common file can be automatically executed. A configuration in which the second server is provided corresponding to each of the plurality of first servers is also possible according to the present invention.

The authentication device provided in the network system of the present invention includes extraction means for extracting the information transmitted from the first server to the mobile telephone, and data regarding transmission information indicating what information has been transmitted. A transmission information recording unit for recording each mobile phone may be further provided. Alternatively, it further comprises a sending information presenting means for generating, based on the data recorded in the sending information recording means, sending information about the mobile phone, for displaying the data on the display of the mobile phone. May be. With such an authentication device, it becomes possible for the user to display the sending information about the information once used by the user in a state like a headline on the mobile phone, which is convenient for the user.

The former network system and the latter network system to which the first server is connected are groupware for each user company (generally, the term "groupware" refers to work performed by a group having a common task or purpose). Although it refers to supporting computer software, in this patent specification, it means that a concept including hardware resources for realizing it) is realized, and an environment for realizing the above can be easily constructed. The form of business in a company is diversified, and it is rare for one person to complete the business, and normally,
A plurality of people collaborate to perform work by using groupware. Groupware, for example,
A number of mobile phones (client terminals) operated by employees and access from the mobile phones to an intranet protected by a firewall under certain conditions 1
It is realized by connecting a server and installing a computer program for forming a user interface function, a security function, etc. in the first server.

[0019] Usually, a WWW (World Wide Web) server of an internet provider is also connected to the intranet, and electronic mail can be delivered within the intranet from an external terminal via the internet. If a server that manages the company's in-house information is installed on the company's intranet and an environment where the above various terminals can be connected to this server can be constructed, employees of the company can access the in-house information from any location at any time. It becomes possible, and it becomes a very preferable form of utilization for the business of a company. However, there are the following problems in utilizing the intranet. (I) In the access form of in-house information, which is premised on the use of the Internet mail service, a WWW server operated by a person who has no duty of confidentiality intervenes, so it is not known whether sufficient security can be secured. (Ii) To ensure security, for example, connect all terminals for realizing groupware with dedicated lines, or connect the intranet of the corporate head office and the intranet of each branch and the intranet of the head office and each branch. It is possible to connect all with a dedicated line,
This inevitably necessitates the installation of many dedicated lines, resulting in a dramatic increase in the cost of maintaining operation, resulting in higher costs. (Iii) If you try to use an existing Internet mail service for business, the Internet mail service provided as a standard by the mobile phone service provider, depending on the service conditions set by the operator, for example, the number of characters in one email. , It is difficult to send large data because there are restrictions on the number of mails that can be stored in the mail server, the form of attached documents, etc. Also, in the case of mobile phones, the operation method of the mail function differs slightly depending on the model. Since it becomes difficult to provide uniform education and proficiency regarding operation, the operability of groupware is not good. (Iv) A company staff who has received a notification from a mobile phone manually starts an application program of the notification content, or a computer prepared in a specific service provider through wired communication registers an application program in advance with a digital wired terminal. Although it has been conventionally done to decode the content of the control signal input from, and automatically start and execute it, without using the existing infrastructure by the service provider etc. It is not currently performed to arbitrarily start and execute the application program prepared in 1. from a mobile phone terminal or the like, and there remains a problem in expandability of groupware. Each of the above network systems solves such a problem.

According to the present invention, when a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device,
There is provided a method for causing an authentication device including a predetermined computer to perform authentication as to whether or not the mobile phone is valid, wherein the computer performs at least the following steps. (1) A process of correlating the user identification information with a telephone number of a mobile phone used by each user and recording the information in a predetermined recording means, (2) From a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means (3) When the received user identification information is determined to be valid, the mobile phone receives a phone call from the mobile phone to detect the phone number of the mobile phone. The process of notifying the telephone number of the caller number detecting device of (4) receiving information about the telephone number of the mobile phone making the call from the caller number detecting device. With kicking, if the telephone number identified are recorded in the recording means by the information,
The mobile phone specified by the information is distinguished from other mobile phones, and the terminal identification information that can be added to the predetermined connection information is associated with the phone number of the mobile phone. (5) The terminal identification information is embedded in the connection information for accessing the predetermined information to generate identification connection information, and the generated identification connection information is transmitted to the mobile phone. process,
(6) The identification connection information specified by the mobile phone that has received the identification connection information is received, and the terminal identification information included in the received identification connection information and the terminal recorded in the recording unit are received. A process of comparing with the identification information to determine whether the terminal identification information is valid, (7)
A process of transmitting the connection information requested by the mobile phone to access when the terminal identification information included in the received identification connection information is valid, to a predetermined information recording device in which the information is recorded. .

The present invention also provides the following programs. The program of the present invention is stored in a predetermined computer.
When a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device, it authenticates whether the mobile phone is valid or not. It is a computer-readable program for causing the computer to function as an authentication device by executing the following processing. (1) A process of correlating the user identification information with the telephone number of a mobile phone used by each user to record in a predetermined recording means, (2) from a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means (3) When it is determined that the received user identification information is valid, the mobile phone accepts a call from the mobile phone to detect the phone number of the mobile phone. (4) Receive information about the telephone number of the mobile phone that originated the call from the caller number detection device With kicking, if the telephone number identified are recorded in the recording means by the information,
The mobile phone specified by the information is distinguished from other mobile phones, and the terminal identification information that can be added to the predetermined connection information is associated with the phone number of the mobile phone. Processing for recording in recording means, (5) Embedding the terminal identification information in the connection information for accessing the predetermined information to generate identification connection information, and transmitting the generated identification connection information to the mobile phone. processing,
(6) The identification connection information designated by the mobile phone that has received the identification connection information is accepted, and the terminal identification information included in the accepted identification connection information and the terminal recorded in the recording unit are received. A process of comparing with the identification information to determine whether the terminal identification information is valid, (7)
A process of transmitting connection information requested to be accessed by the mobile phone when the terminal identification information included in the received identification connection information is valid, to a predetermined information recording device in which the information is recorded. . By using such a program, a general-purpose computer can be made to function as the authentication device of the present invention.

The present invention provides the following as another authentication device different from the above authentication device. The authentication device determines whether or not the mobile phone used by the user to whom the predetermined user identification information is assigned accesses the predetermined information held by the predetermined information recording device, and whether the mobile phone is valid. This is a device that performs authentication. Then, the user identification information and the recording means in which the telephone number of the mobile phone used by each user is recorded in association with each other, and the mobile phone is used from the mobile phone that has requested access to predetermined information. User identification for accepting the user identification information of the user and comparing the received user identification information with the user identification information recorded in the user identification information recording means to determine whether the user identification information is valid or not. Information determining means and a predetermined caller number detecting device that detects a telephone number of the mobile phone by receiving a call from the mobile phone, while receiving information about the telephone number of the mobile phone that made the call, When the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is transferred to another mobile phone. Terminal identification information generating means for distinguishing from the conversation and for recording the terminal identification information, which can be added to the predetermined connection information, in the recording means in association with the telephone number of the mobile phone, Identification connection information transmitting means for generating identification connection information by embedding the terminal identification information in the connection information for accessing the predetermined information, and transmitting the generated identification connection information to the mobile phone; Receiving the connection information, the identification connection information designated by the mobile phone is received, and the terminal identification information included in the received identification connection information is compared with the terminal identification information recorded in the recording unit. The terminal identification information determining means determines whether the terminal identification information is valid, and the user identification information determining means determines that the received user identification information is valid. In addition, when the terminal identification information determining means determines that the terminal identification information included in the received connection information for identification is valid, the connection information requested by the mobile phone is changed to the relevant information. And a permitting means for transmitting the information to a predetermined information recording device in which is recorded, and the mobile phone is permitted to access the information specified by the connection information. In this authentication device, a means for recording the electronic mail address used by each user in association with the user identification information assigned to each user, and the user identification information determination means for validating the user identification information. When the determination is made, authentication connection information for connecting to the authentication information for authenticating the legitimacy of the user to which the user identification information is allocated is generated by embedding the terminal identification information associated with the mobile phone. And a means for transmitting an e-mail in which the authentication connection information is written to the e-mail address of the user, and the user who receives the e-mail sends the authentication information to the mobile phone by the authentication information connection information. When connecting to, the user identification information of the user may be input. This authentication device is basically the same as the above-mentioned authentication device, and may be the same as the above-mentioned authentication device. It can also be applied to the network system described above. This authentication device is different from the above-mentioned authentication device in that it does not include the notification means included in the above-mentioned authentication device. Therefore, when using this authentication device, the telephone number of the sender number detection device is notified to the user in advance by some means. In this authentication device, the user identification information determination means and the identification information determination means respectively perform,
Either of the determination of the validity of the user identification information and the determination of the validity of the terminal identification information may be performed first. These two pieces of information are used for authentication. Then, only when the user identification information is valid and the terminal identification information is valid, the access is regarded as valid.

The same effect as this authentication device can be obtained by the following method. The method is, for example, when the mobile phone used by the user to which the predetermined user identification information is assigned accesses the predetermined information held by the predetermined information recording device, is the mobile phone valid? A method for causing an authentication device including a predetermined computer to perform authentication of whether or not the authentication is performed, wherein the computer executes at least the following steps. (1) A process of correlating the user identification information with a telephone number of a mobile phone used by each user and recording the same in a predetermined recording means, (2) From a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means In the process of determining (3), while accepting information about the telephone number of the mobile phone that made the call, from a predetermined caller number detection device that detects the telephone number of the mobile phone by receiving the call from the mobile phone, If the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is separated from other mobile phones. And (4) a step of recording the terminal identification information, which is capable of being added to the predetermined connection information, in the recording means in association with the telephone number of the mobile phone, (4) A process of generating the identification connection information by embedding the terminal identification information in the connection information for access, and transmitting the generated identification connection information to the mobile phone, (5) the mobile phone accepting the identification connection information Accept the connection information for identification specified in, and compare the terminal identification information contained in the received connection information for identification with the terminal identification information recorded in the recording means, and confirm that the terminal identification information is valid. (6) The accepted user identification information is determined to be valid, and the terminal identification information included in the accepted connection information for identification is valid. If it is determined as it is, the process of transmitting the connection information to the mobile phone has requested access, the predetermined information recording device to which the information is recorded.

The same effect as this authentication device can be obtained by the following program. The program is, for example, a mobile phone used by a user whose predetermined user identification information is assigned to a predetermined computer,
When the predetermined information stored in the predetermined information recording device is accessed, the computer is used as an authentication device by executing the following process for authenticating whether or not the mobile phone is valid. It is a computer-readable program for making it function. (1) A process of correlating the user identification information with the telephone number of a mobile phone used by each user to record in a predetermined recording means, (2) from a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means And (3) accepting information about the telephone number of the originating mobile phone from a predetermined caller number detection device that detects the telephone number of the mobile telephone by accepting the call from the mobile telephone. If the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is separated from other mobile phones. And (4) a process of recording the terminal identification information, which is capable of being added to the predetermined connection information, in the recording means in association with the telephone number of the mobile phone, and (4) the predetermined information. A process of embedding the terminal identification information in the connection information for access to generate identification connection information and transmitting the generated identification connection information to the mobile phone, (5) the mobile phone that has received the identification connection information Accept the connection information for identification specified in, and compare the terminal identification information contained in the received connection information for identification with the terminal identification information recorded in the recording means, and confirm that the terminal identification information is valid. (6) It is determined that the received user identification information is valid, and the terminal identification information included in the received identification connection information is valid. If it is determined as it is, the connection information that the mobile phone has requested access, and transmits the predetermined information recording device to which the information is recorded processed. By using such a program, a general-purpose computer can be made to function as the authentication device of the present invention.

[0025]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, preferred embodiments of the present invention will be described with reference to the drawings. <Overall Configuration> FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied. The network system of the present embodiment is a network system that can be built after the fact that has a secure intranet LN installed in a management company in which a public communication network DN is installed. The intranet LN has a plurality of segments Sa to Sn that can be connected to the dedicated line network PN.
The segments Sa to Sn are host servers 10a, 10 that are the first servers of user companies to be managed, respectively.
assigned to deploy b, ... An authentication server 1, a firewall (FW) 11, a router 12 and a CTI (Computer) are provided near the entrance of the intranet LN.
Telephony Integration) device 5 is provided, and only a specific access from the legitimate mobile phone T1 passes through these and any segment S in the intranet LN is passed.
It is designed to be guided to a to Sn. That is, security against access from outside the intranet LN is maintained. The CTI device 5 is a system for interlocking an information processing device including a computer with a communication system so as to supplement a portion lacking in the computer with a communication function and to supplement a portion lacking in the communication system with a processing function of the computer. The device includes the device and has a function as a caller number detecting device in the present invention. That is, the CTI device 5 has a function of detecting the telephone number of the mobile phone T1 when receiving a call from the mobile phone. A call from the mobile phone T1 reaches the CTI device 5 via the wireless network WN and the public communication network DN. The CTI device 5 is also connected to the authentication server 1 and can transmit information about the detected telephone number to the authentication server 1.
The CTI device 5 may be integrated with the authentication server 1.

The firewall 11 has a mobile phone T1.
Access from mobile phone network MN including wireless network WN
And the public communication network DN connected via the router 14 in the mobile phone network MN and the router 12 connected via the public communication network DN. Mobile phone network MN
Is managed by an entity that provides a mobile phone communication service business. In addition to the mobile phones (mobile phone radios) in the narrow sense, the mobile phones mentioned here include PHS.
It also includes things like.

The mobile phone T1 is an intelligent mobile phone (a mobile phone having an information processing mechanism). The mobile phone T1 is equipped with a browser program for forming a browser screen on a display unit (display) included therein. This browser program may be installed in the mobile phone T1 from the beginning, and "Java applet (Java is a trademark of Sun Microsystems, USA)"
Alternatively, it may be sent from the host server 10 side each time. The mobile phone T1 is also provided with an input unit such as a ten-key pad, so that an ID (authentication ID and user ID described later) and a password (authentication password and user password described later) can be input. ing.

As is well known, the cellular phone network MN is provided with a DNS (Domain Name Server) 30, and a global DNS 40 is also provided for the Internet IN.
Is provided. The DNS 30 and the DNS 40 each have an address table that describes the correspondence between a domain name and an IP (Internet Protocol) address. By referencing the address tables to each other, it is possible to resolve the address difference at the time of access. Has become.

The leased line network PN is composed of a set of leased lines or virtual leased lines (for example, a line (virtual private network) in which a public line is virtually dedicated between parties by using encryption technology and encapsulation technology). It is a communication network. As the private line network PN, a so-called next-generation communication network (for example, a private line network called "PRISM (PRISM is a registered trademark of Japan Telecom Co., Ltd.)") is in practical use, and there are a plurality of networks all over Japan or all over the world. Since the access point of is prepared, the operation cost can be reduced by using it. In the present embodiment, local servers 20a and 20b, which are an example of a second server of a user company located in a remote place, are connected to the dedicated line network PN from the nearest access points, respectively, and are handled via this dedicated line network PN. Host server 10a,
10b is configured to be connected in a form capable of bidirectional communication.

<Structure of Intranet> FIG. 2 shows a detailed structural example of the intranet LN. FIG. 2 shows an example of an intranet LN composed of five segments Sa to Se. Each segment, for example segment Sa,
It has multiple connection ports. One is connected to the host server 10a and the other is connected to the router 13. By connecting a specific line of the dedicated line network PN to the port of the router 13, the user company can individually use the segment Sa. A switching hub (intelligent communication path switching device) or a router may be provided between the segment Sa and the dedicated line network PN, and the connection may be made to the dedicated line network PN via this. Other segments Sb to Se
Is also the same.

At the connection ports of each segment Sa to Se,
When the host servers 10a to 10e are provided and the local servers are connected to the respective host servers 10a to 10e via the switching hub 14 and the dedicated line network PN, a secure housing is built in the intranet LN. That is, all the host servers 10a-1
0e and the corresponding local server are connected by the private line network PN, there is no room for a third party to intervene, and the segments Sa to Se in which the respective host servers 10a to 10e are arranged.
Are protected by the firewall 11, respectively, so that they become a housing that is difficult for an unauthorized access person to enter. Therefore, by allocating the individual segments Sa to Se of such a housing to the user company, it becomes possible for the user company to build a secure network environment (or groupware environment) dedicated to the company at a low cost. .

<Configuration of Router> Routers 12, 13, 14
Performs routing at the third layer (network layer) of the OSI (Open Systems Interconnection) basic reference model. OSI because it is connected at the network layer
Data can be relayed even if the second and subsequent layers (data link layer) of the basic reference model are different. Router 12, 1
Since 3 and 14 also have a route setting function, it is possible to connect different networks such as the intranet LN and the public communication network DN, or the intranet LN and the dedicated line network PN.

FIG. 3 is a diagram showing a configuration example of the router. Since the router performs bidirectional routing, the receiving receiver RR and the receiving buffer RB and the transmitting driver SD and the transmitting buffer SB are provided symmetrically with respect to the transmission lines R1 and R2, and further, the routing execution units U1 and NA.
T (Network Address Translation) table NT, R
An IP (Routing Information Protocol) execution unit U2 is provided. The reception receiver RR receives data from the transmission lines R1 and R2. The receive buffer RB is
It stores the received data. Transmission driver S
D is for transmitting (transferring) data to the transmission lines R1 and R2. The transmission buffer SB stores data to be transmitted (transferred). Routing execution unit U1
Is for processing the received RIP, performing address conversion, and establishing a communication path. The RIP execution unit U2 sends the necessary RIP to the transmission lines R1 and R2. N
In the AT table NT, "Destinatio" indicating an address used for address conversion, that is, a destination address is displayed.
“N” and “Source” indicating the address of the caller are recorded.

FIG. 4 is a diagram showing an example of the contents of the NAT table provided in the router 12 outside the intranet LN. FIG. 4A is a NAT for routing data from the public communication network DN to the firewall 11.
A table, FIG. 4B shows N when routing data from the firewall 11 to the public communication network DN.
An example of an AT table is shown. "2 ×× .111.22.33"
Is a local server 20 of a user company registered in the domain
IP address, “1 × .111.22.33” is the IP address of the host server 10, “2 × .444.55.6” is the IP address of the calling terminal on the Internet, and “1 × .444.5”.
5.6 ”is the transmission terminal I that can be recognized by the intranet LN.
P address. By setting the NAT table as shown in FIG. 4, it becomes possible to access the intranet LN with an IP address different from the Internet.

In the router 13, the address of the transmission terminal that has passed through the firewall 11 and the address of the host server to be managed are set in its NAT table. By setting the NAT table in this way, a communication path control means for selectively establishing a communication path between the source terminal of access that has passed through the firewall 11 and the segment (host server provided therein) is realized. be able to. Even when a router is used instead of the switching hub 14, the address is set in the NAT table by the same procedure.

<Host Server and Local Server> Host servers (10a and 10b in FIG. 1 and 10a to 10 in FIG. 2)
e, hereinafter, if it is not necessary to identify each individual item, it is represented by reference numeral 10 with a suffix omitted) and a local server (20a, 20b and below in FIG. 1; if it is not necessary to identify each individual item, the suffix is omitted) Will be described). In principle, one local server 20 corresponds to one host server 10 and is connected to each other via a dedicated line network PN.
However, a plurality of local servers 20 may correspond to one host server 10, and each local server 20
Unique L to which one or more client terminals are connected to
An AN (Local Area Network) may be connected.
In short, the host server 1 existing in the intranet LN
0 and local server 2 outside the intranet LN
It suffices that 0 and 1 correspond to each other.

The host server 10 has a web mail server function capable of data transfer, a search function, a copy function, and a scheduler function, and further has a database including a mail file, a schedule file, etc., which is information to be accessed by the user. It is a computer equipped. The search function is a function for searching a corresponding file in the database, and the copy function is a function for activating and executing a copy task for copying data corresponding to the change in the database with the local server 20. The schedule function is a function of managing a schedule file prepared for each registered user company. The local server 20 is a computer having at least the above copy function and database.

Although not necessary, in this embodiment, at least some of the files in the databases of the host server 10 and the local server 20 are maintained in common with the other server. It is a common file. When the host server 10 and the local server 20 constitute groupware, the common file has common contents in the groupware. For example, the contents of the mail file and schedule file in the local server 20 are as they are in the host server 1.
It becomes the contents of the mail file and schedule file in 0. Therefore, accessing the common file of the host server 10 is substantially equivalent to accessing the common file managed by the local server 20.

Various modes are conceivable for maintaining the contents of the common file of the host server 10 and the local server 20 in common, but in this embodiment, this is realized by executing copy tasks in each server. To do. That is, when the local server 20 changes its own common file, the difference data before and after the change is stored in the host server 1.
When the differential data is received from the host server 10, the differential data is copied to its own common file. The copy task when the common file of the host server 10 is changed is similarly performed.

<Configuration of Authentication Server> Next, the authentication server 1
Will be described. The authentication server 1 corresponds to the authentication device of the present invention, and when the mobile phone T1 makes an access request to the information recorded in the common file of the host server 10, the mobile phone T1 is authorized. The authentication is performed to determine whether or not the mobile phone T1 that has made an access request is authorized, and the access by the mobile phone T1 is permitted.

The authentication server 1 is realized by a server body and a computer program recorded on a computer-readable recording medium. The computer program is usually recorded in a recording device included in the server main body, and the CPU of the server main body reads out from the recording device as appropriate and executes it.
It may be recorded on a portable recording medium such as M or DVD-ROM. Alternatively, it may be downloaded through a predetermined computer network. Further, this program may realize various functions required for the authentication server 1 by the cooperation of the program and the hardware of the computer, or in addition to these, an OS (operation system) program held by the computer and the like. It may be realized by collaborating with other programs.

FIG. 7 is a functional block diagram formed by the CPU of the server main body reading and executing the above computer program. In this embodiment,
An input / output unit 31 and a processing unit 32 are formed. I / O section 3
1 is between the mobile phone T1 and the host server 10,
Alternatively, communication is performed with the CTI device 5 while controlling the input / output of data. More specifically, for example, the mobile phone T
1 to receive user identification information and terminal identification information (each of which will be described later), to return the result of the authentication to the mobile phone T1 to control the subsequent data entry / exit, or to call from the CTI device 5. Receive information about numbers.

The processing section 32 performs authentication and processing related to the authentication, and can exchange data with the input / output section 31. As shown in FIG. 7, the processing unit 32 in this embodiment includes a control unit 32a, a user identification information determination unit 32b, a terminal identification information generation unit 32c, a terminal identification information determination unit 32d, an identification information control unit 32e, and a recording unit. It is configured to include 32f.

The control section 32a controls the basic operation of the entire apparatus. The user identification information determination unit 32b, the terminal identification information generation unit 32c, the terminal identification information determination unit 32d, and the identification information control unit 32e all operate under the control of this control unit 32a. The control unit 32a has, in addition to the functions described above,
When the terminal identification information determination unit 32d, which will be described later, authenticates the mobile phone T1 for which authentication is required, the mobile phone T1.
Has a function of permitting access to the record information of the common file of the server 10. Further, the mobile phone T1 has a function of extracting information sent from the first server to the mobile phone T1, and a function of recording data about the send information for each mobile phone T1, and based on the recorded data, It has a function of generating data for displaying the transmission information about the mobile phone T1 on the display unit of the mobile phone. When the user identification information determination unit 32b determines that the user identification information received by the input / output unit 31 from the predetermined mobile phone T1 is valid, the control unit 32a provides the CTI device to the mobile phone T1. It has the function of notifying the 5 telephone numbers. The form of notification of telephone number is
Any kind of sound or image may be used. Further, the notification may be made by packet communication using e-mail or the like, or may be made by telephone. In this embodiment, the CT of the mobile phone T1 is displayed by displaying information about the phone number.
The telephone number of the I-device 5 is notified to the mobile phone T1. That is, the control unit 32a has a function of generating image data for that purpose.

The user identification information determination unit 32b receives the user identification information of the user who uses the mobile phone from the mobile phone that has requested access to predetermined information, and the received user identification information and the recording unit 32f. It has a function of comparing with the recorded user identification information and determining whether or not the user identification information is valid. Information about the determination result is sent to the control unit 32a.

The terminal identification information generating section 32c receives information about the telephone number of the portable telephone T1 as the transmission source from the CTI device 5 and, when the telephone number is recorded in the recording section 32f, a session key (described later). .) Is generated and recorded in the recording unit 32f.

The terminal identification information determination unit 32d is specified by the mobile phone T1 that has received the identification connection URL (described later), and the identification connection UR returned from the mobile phone T1.
L is accepted via the input / output unit 31, and the session key and the recording unit 32 included in the accepted identification connection URL.
It has a function of comparing with the session key recorded in f and determining whether or not the session key is valid. Information about the determination result is sent to the control unit 32a. The control unit 32 that accepted this
The a guides the access from the mobile phone T1 to the connection destination URL that is the corresponding identification connection URL excluding the session key. This enables communication between the accessing mobile phone T1 and the target host server 10. The identification connection URL returned from the mobile phone T1 may include user identification information of the user who uses the mobile phone T1. in this case,
The terminal identification information determination unit 32d uses the session key included in the identification connection URL received from the mobile phone T1,
By comparing the user identification information with the session key recorded in the recording unit 32f and the user identification information associated with the session key, the portable terminal T that has requested access.
The validity of 1 may be determined.

The identification information control unit 32e has a function of managing a flag described later in order to stop or cancel the use of the session key. The flag is the recording unit 32f.
Is written in a predetermined area of.

The recording section 32f records various information used for authentication. In the recording unit 32f, for example, as shown in FIG. 8, the user identification information, the telephone number of each mobile phone,
And range information are recorded, and an area for writing a session key and a stop flag is provided. These pieces of information and areas are associated with each other, and information for each mobile phone T1 to be authenticated is recorded. User identification information is unique information that can identify each user from other users,
Although not limited to this, in this embodiment, the user ID
It consists of (UserID) and password (PASSWORD). The user ID and password in this example consist of numbers only, letters only, or a combination thereof. The user identification information is assigned to each user in advance and recorded in the recording unit 32f. The user identification information is, for example,
It may be appropriately assigned to each user by the network administrator, or may be appropriately selected by each user under the control of the network administrator for the purpose of preventing duplication. The phone number is the phone number of each mobile phone and is the number notified by the caller number notification function of the mobile phone. This is also written in the recording unit 32f in advance. The range information defines the range of information that each mobile phone T1 can connect to. This is also recorded in advance in the recording unit 32.
It is written in f. The range indicated by A, B, etc. is the range in which each mobile terminal T1 is permitted to connect. The session key is unique information for distinguishing the mobile phone T1 specified by the information from other mobile phones T1, and is written as necessary. The session key is recorded in the recording unit 32 by the terminal identification information generating unit 32c described above.
written to f. The session key corresponds to the terminal identification information in the present invention and can be embedded in a predetermined URL. The session keys in this example consist of numbers only, letters only, or a combination thereof. The stop flag indicates that the flag is set when it is set (in FIG. 8, when there is "1" in the area, it is set, and when nothing is written, the flag is set). The session key associated with the area is made unusable. The stop flag is managed by the identification information controller 32e. The mobile phone T1 is associated with the range information recorded in the recording section 32f.
The connection destination URL for the information that can be connected may be recorded in association with each range information. In this case, the information recorded in the recording unit 32f is as shown in FIG.

The operation mode of the network system configured as described above is as follows, for example. As described above, the segments Sa to Se of the intranet LN are
Since each is assigned to the host server of the user company to be managed, it can be provided to the user company in segment units. The usage form provided to the user company may be only the segments Sa to Se (in this case, the user company brings in the host server 10 and the local server 20 corresponding to this host server 10) and has a predetermined function. It may be the segments Sa to Se in which the mounted host server 10 is provided. The latter is
It is suitable when the user company already has the local server 20 corresponding to the host server 10.

When the user company to be managed, the segment, and the host server 10 to be deployed in the intranet LN are determined, the system administrator sets the firewall 11
In addition, various conditions (protocol, system-specific data format,
The address of the host server 10) is registered, and further, the address of the host server 10 is registered in the address table of the router 13 in the intranet LN as a destination and a source in the intranet LN. Further, the address of the host server 10 is registered in the connection source of the switching hub 14. Further, the recording unit 32f in the authentication server 1
In addition, each data of user identification information (user ID, password in this example) and range information (in some cases, in addition to this, connection destination URL) is recorded for each mobile phone T1.

The members (usually employees) of the user company are
Operate the mobile phone T1 to display the IP address (for example, XX
Information access is made to the desired host server 10 at (XX @@ XX.co.jp). This access is via the wireless network W
It is transferred from N to the DNS 30 connected to the mobile phone network MN. Based on the domain name included in the access, the DNS 30 sends the global IP address (for example, 2 ×× 111.22.3) for the user company from the global DNS 40.
3) is acquired and transferred to the router 12.

The router 12 uses the NAT having the contents shown in FIG.
Referring to the table, the global IP address given by DNS is set to the IP address (1
XX.111.22.33), and at the same time, the global IP address (2 * .444.55.6) of the mobile phone T1 is converted to an IP address (1 * .444.55.6). Then, the access is transferred to the firewall 11 by using the routing function. The firewall 11 determines whether or not this access conforms to the conditions registered in advance, and if it conforms, it passes it and transfers it to the authentication server 1. The authentication server 1 determines whether or not the mobile phone T1 that has made the access request is proper, and if it is authenticated as proper, sends the access to the router 13. The process of this authentication will be described later.

The router 13 deciphers the contents of this access, determines the corresponding segment and the host server 10, and transfers the access to the host server 10. The host server 10 searches the common file for data corresponding to the access request, and retrieves the data from the common file.
And returns to the router 12 via the firewall 11. The router 12 refers to the NAT table having the content of FIG.
1 is converted into an IP address, and the reply data is transferred to the mobile phone T1 via the public communication network DN and the wireless network WN by using the routing function.

Since the copying task is executed between the host server 10 and the local server 20 via the private line network PN and the contents of the common files of both are maintained, the above-mentioned host server The information returned from 10 has the same content as the information held by the local server 20. Therefore, by using this network system, it is possible to easily realize a low-cost company-dedicated system that ensures security. Especially, the information held by the local server 20 (mail file, schedule file, etc.) from the mobile phone T1 whose position is not specified.
You can get the information securely, as if it were a mobile phone T1
Since the local server 20 and the local server 20 are connected to each other through a dedicated line and there is no intervention by a third party, it is extremely convenient for handling in-house information. Further, according to this network system, for example, all the information handled by the local server of the corporate headquarters and the local servers of each of the plurality of branches is made into a common file, and this is centrally managed by the host server in the intranet LN. In addition, by making this common file accessible from the mobile phone T1 from any location at any time, consistent in-house information can be accessed by a uniform operation, and preferable operation of groupware in a company. The form is easily realized.

<Application Example 1: In-House Mailing System> Next, an application example of the network system will be described. Here, an example will be given in which a specific segment of the intranet LN is assigned to a user company and is applied to an in-house mailing system that accesses in-house information of the user company using the mobile phone T1. The “mail” here is a concept including not only a normal electronic mail document but also various list data, edited data, and various documents registered in advance. In addition, it is a web mail that allows you to attach documents without any restrictions on the number of characters that can be used or the number of stored items. By using the web mail, the mail can be delivered by a unified operation that does not depend on the model of the mobile phone T1.

As the mobile phone T1, for example, a "i-mode terminal" provided by NTT DoCoMo, Inc., which can be a mobile phone having a web mail function by itself, is widely used. So it can be used. However, the mail server is not the i-mode server for the “i-mode terminal” but the host server 1
0 uses the web mail server function. This allows the i-mode terminal to use the operating environment of the browser function that the “i-mode terminal” has as standard equipment, as it is.
It becomes possible to remove restrictions on various uses by the server, such as restrictions on the type and size of data that can be transmitted and received, and the number of cases. Also, it becomes possible to realize a unified operating environment that absorbs the difference in model.

Host server 10 and local server 20
As the computer, a computer equipped with "DOMINO server (DOMINO (or Domino) is a trademark of the same company, the same applies hereinafter)" provided by Lotus, Inc. of the United States can be used.
The "DOMINO server" is equipped with the functions suitable for carrying out the present invention, such as the communication function, the mail function, the server function (especially the HTTP server function), the schedule function, and the copying function as standard equipment. It is convenient to take advantage of this as programming is allowed to improve its functionality. A web mail server function suitable for implementing the present invention, for example, editing a menu list dedicated to in-house mail, adding charge information for each document, and automatically storing a large amount of data according to the memory capacity of the recipient. To send in divided form, reduce the attached document in the limited display area of the mobile phone, and restrict the display when there are many mail destinations to display only the text, see This can be easily realized by additionally creating an application program in addition to the standard mail function of the “DOMINO server”. Further, as a schedule function, a function of constantly monitoring the current time and extracting only the schedule after the current time can be easily realized by additionally creating an additional application program.

FIG. 5 shows a functional configuration diagram of the host server 10 using the “DOMINO server”. The host server 10 includes a CPU 101 that operates under the control of a predetermined OS (operating system), a RAM 102, and an RO.
M103 and mail file 10 built in a fixed storage device such as a hard disk readable by the CPU 101
4. Communication for controlling communication between the router 13 and the like, an email address book and an employee database 105 in which personal information of employees is recorded, a document database 106 in which HTTP documents and the like are recorded, a schedule file 107 in which internal schedule data is recorded, and the router 13 and the like. And an adapter 108.
In the RAM 102, a DOMINO engine, a duplication task, an HTTP task, which is standard equipment of the DOMINO server,
In addition to the schedule management task, a program for implementing the web mail server function for employees is stored.
The ROM 103 has a BIOS (Basic Input Output Sys
The control program including the tem) is recorded. DO
The MINO engine is a platform and network O
It provides a unified operating environment by absorbing the differences in S, and can realize a powerful document management function including document integration and search.

The HTTP task is from the mobile phone to HTTP.
This is a task of specifying a data file corresponding to the HTTP transmission request when the transmission request is accepted and converting this to an HTML format. Since the extended URL can be used, the data file corresponding to the HTTP transmission request can be dynamically converted into the HTML format. The local server 20 can also use the above-mentioned DOMINO server.

Host server 10 and local server 20
Are designed to maintain the common file identity with each other by the duplication task shown in FIG. That is, based on the configuration of each directory, the replication task is activated at regular time intervals, and it is compared whether the common file of its own is different from the common file of the other side. If there is a difference, the difference data is transferred bidirectionally and reflected in the contents of its own common file. The duplication is performed in field units as shown. It differs from normal "file copy" in that only the changed fields are copied.

Next, referring to FIGS. 10 to 29, the usage pattern of the in-house mail system will be described. (Advance Preparation) A client terminal (not shown) on the local server 20 side is operated in advance to set a set of a user ID and a password as permission information. In this example, the employee ID is used as the user ID. The set contents are the employee database 1 of the host server 10.
It is reflected in 05. What is set here is the information required for authentication when accessing the intranet LN from the mobile phone and for charging. Employee I in this example
Identification data for each group is assigned to the D or password in order to enable charging for each group (department). Since the charge when using a mobile phone is made according to the total amount of data (total amount of packet size), it is possible to collect this for each identification data. In the employee database 105, the address of the mobile phone is also set in advance. Further, the terminal identification information, the user ID, the password, and the authentication URL information are set in the authentication server 1.

(Creating Address Book for Mobile Phone) Addresses for about 10 persons are extracted from the in-house address book of the employee database 105, and can be sent to the mobile phone at any time. This is done, in principle, on the client terminal described above. The procedure in this case is shown in FIGS. Referring to FIG. 10, first, a user address list of the in-house address book is displayed on a display device of a mobile phone, which is a mobile phone (S101). The generation of a click event (one of the displayed events selected by the operator's click operation, the same applies hereinafter) is waited for (S102), and if a click event occurs, its content is determined (S10).
3). If the click event is "selection field", a selection mark is displayed in front of a specific person in the user address list, and the process returns to step S103 (S104). In the case of the "copy button", the data of the person with the selection mark is copied to the personal address book and the process returns to S101 (S10).
5). If it is the "end button", the end process is performed (S10).
6). As a result, a personal address book including addresses for several people is generated.

When extracting an address to be actually used from the personal address book, the process is performed according to the procedure shown in FIG. First, the user address list of the personal address book is displayed on the display unit of the client terminal (S201). The generation of a click event is waited for (S202), and if a click event occurs, its content is determined (S20).
3). If the click event is "selection field", a selection mark is displayed in front of a specific person in the user address list, and the process returns to step S203 (S204). In the case of the "copy button", the data with the selection mark is sequentially copied to the mail file and the process returns to S201 (S20).
5). If it is the "end button", the end process is performed (S20).
6) The process of extracting the address from the in-house address book and creating the address book for the mobile phone can also be performed from the mobile phone. However, in this case, instead of copying once to the personal address book, it is directly selected from the in-house address book.

(Authentication and Information Access) Next, an operation procedure when a member of the user company accesses the host server 10 from the mobile phone T1 will be described. FIG. 12 is an explanatory diagram of the overall procedure of the information access method. First, the user makes an access request using the mobile phone T1 by performing an appropriate operation. The data regarding the access request is sent to the authentication server 1. Next, the login screen as shown in FIG. 27A is displayed on the display unit of the mobile phone T1 (S301). Next, login authentication is performed (S302). If the authentication fails, the process returns to S301. If the authentication is successful, that is, if the user is an authorized user, the main screen is displayed (S302: Yes, S).
303). The main screen is, for example, as shown in FIG. 27B, and an event selection area 52 for reception / transmission / search / schedule and a SUBMIT selection area 53 are displayed.

Regarding the above-described login authentication, FIG.
A detailed description will be given with reference to FIG. FIG. 13 is a diagram showing a procedure of login authentication processing. As mentioned above,
For the authentication in this embodiment, a session key unique to each mobile phone T1 is used, and this session key is given to each user terminal T1 by the authentication server S1. This session key is given to each mobile phone T1 as follows. First, the mobile phone T1 is connected to the authentication server S1 (S3101). Specifically, the mobile phone T1 is connected to the authentication server 1 by inputting a URL whose connection request destination is the authentication server 1. When such a connection is made, a login screen is displayed on the screen of the mobile phone T1. The login screen is generated by the control unit 32a that has received the data regarding the access request via the public communication network DN and the input / output unit 31, and is displayed on the display unit when the mobile phone 1 receives the transmitted image data. It The login screen may be, for example, as shown in FIG. 14 (a). On this login screen, a user ID (here, employee ID, the same applies hereinafter) and a password input area 51 are displayed. The user inputs a user ID and password previously assigned to the user in the input area 51 according to the instruction on the screen. The data about the entered user ID and password is
It is sent from the mobile phone T1 to the authentication server 1, and the authentication server 1 accepts it (S3102). This data is
It is sent to the user identification information determination unit 32b in the processing unit 32 via the output / input unit 31.

User identification information determination unit 32b (see FIG. 7)
Determines whether the received user ID and password indicated by the data matches any one of the user ID and password pairs recorded in advance in the recording unit 32f (S3103). User identification information determination unit 32b
Indicates that the user ID and password indicated by the received data have been previously recorded in the recording unit 32f.
If it matches with either D or the password pair (S31
03: Yes), it is determined that the user who requested the access is valid (S3104). The user ID and password indicated by the received data are stored in the recording unit 32.
If none of the set of the user ID and the password pre-recorded in f matches (S3103: No), the access is determined to be improper. In this case, the process returns to the process of inputting and transmitting the user ID and password (S3102), and the process is performed again. This process is repeated until the correct user ID and password are entered. If the correct user ID and password are not entered after all, the process ends here. If the number of times the user ID and password are input is limited and it is not determined that the access is valid even if the user ID and password are input for the limited number of times, further It is also possible to stop accepting the user ID and password and forcibly terminate the processing there.

When it is determined that the user who requested the access is valid (S3104), the user identification information determination unit 32b transmits information indicating that to the control unit 32a. The control unit 32a that has received the information sends the CT
The telephone number of the I-device 5 is notified (S3105). In this notification, the control unit 32a that has received the above-described information generates image data for displaying the telephone number of the CTI device 5 on the display unit of the mobile phone T1 via the input / output unit 31,
This is done by sending this to the mobile phone T1. FIG. 14B shows an example of an image displayed on the display unit of the mobile phone T1 that has received the request. In this example, the CTI
Although the telephone number of the device 5 is not displayed, clicking the character "Tell" displayed in the image automatically calls the mobile phone T1 to the CTI device 5. There is. In this way, the notification of the telephone number of the CTI device 5 to the mobile phone T1 can be performed without clearly indicating the telephone number to the user. still,
When a call is being made, the communication between the mobile phone T1 and the authentication device 1 can be temporarily interrupted. This processing may be automatically performed.
Further, an image as shown in FIG. 14C may be displayed on the display unit of the mobile phone T1 when a call is being made. This image is displayed by the data generated by the control unit 32a and sent to the mobile phone T1, for example.

When a call is made from the mobile phone T1 to the CTI device 5, the CTI device 5 detects the telephone number of the mobile phone T1 that has called. The authentication device 1 receives this information about the telephone number (S310).
6). This information is sent from the input / output unit 31 to the terminal identification information generation unit 32c. The terminal identification information generator 32c
It is determined whether or not the telephone number indicated by the information is recorded in the recording unit 32f (S3107), and if the telephone number indicated by the received information is recorded (S31).
07: Yes), a session key is generated, and the session key is recorded in the recording area for recording the session key associated with the telephone number in the recording unit 32f (S3108).
Although not limited to this, the session key in this embodiment is generated by randomly arranging alphabets and numbers. In the example shown in FIGS. 8 and 9, the user ID
The session key “ababaa” is recorded in association with the telephone number associated with “VFDTSK”, the session key “aaabbc” is recorded in association with the telephone number associated with the user ID “infoepli”, respectively. There is. If the telephone number indicated by the received information is not recorded, the access is determined to be unauthorized (S310).
9), the authentication process is stopped (S3110).

Next, the control unit 32a accesses the host server 10 to acquire the connection URL in the range indicated by the range information, and acquires the connection URL. As shown in FIG. 9, when the connection URL is recorded in the recording unit 32f, the acquisition of the connection URL from the host server 10 can be omitted. Next, the control unit 32a acquires the acquired connection UR.
The connection UR for identification by embedding the above-mentioned session key in L
L is generated (S3111). This is done, for example, by converting the connection URL shown in Table 1 below into the one shown in Table 2. In this example, <A href = "IRecive?
openform? "accesskey =" 1 ">&#63789; Receive </A><BR
>, <A href="Memo?openform?"accesskey="2">&# 6378
9; Send </A><BR>,<A href = "Iserch? Openform?" Acc
esskey = "3">&#63789; Search </A><BR>,<A href = "IS
K? Openform? "Accesskey =" 4 ">&#63789; Plan </A><BR
>, <A href="Ipws?openform?"accesskey="5">&# 6378
9; Password change /> The session key is embedded in each of the connection URLs </A> and <BR>. The examples shown in FIGS. 8 and 9 are for the case where a call is made to the CTI device 5 from the mobile phone having the telephone number associated with the user ID “infoepli”, so the embedded session key is It is "aaabbc". The session key may be embedded anywhere in the connection URL that is the connection information.

[Table 1]

[Table 2]

Next, the authentication server 1 sends the identification connection URL in which the session key is embedded to the mobile phone T1 (S3112). Based on this identification connection URL, a top menu including a character string corresponding to each identification connection URL is displayed on the display unit of the mobile phone as shown in FIG. 14D. The user operates the input unit of the mobile terminal T1 as appropriate to select from the menus "1. reception", "2. transmission", "3. search", "4. plan", and "5. password change". Select one. The identification connection URL corresponding to the selected menu is set to the mobile phone T1.
Is transmitted via the public communication network DN. Authentication server 1
Accepts this identification connection URL (S311)
3). The connection URL for identification is the terminal identification information determination unit 32d.
Sent to. Based on the received connection URL for identification,
The terminal identification information determination unit 32d determines the validity of the session key (S3114). Information about the user ID and password is added to the header of the identification connection URL sent from the mobile phone T1, for example. The terminal identification information determination unit 32d receives the identification connection UR
A set of a session key, a user ID, and a password is extracted from the information of L, and the set is compared with the set of the session key, the user ID, and the password recorded in the recording unit 32f, and the session key and the user ID that all match.
And a password pair exists (S311).
4: Yes), it is determined that the session key is valid (S3115), and if there is no such set (S31).
14: No), the access is determined to be unauthorized (S3109), and the authentication process is stopped (S311).
0).

When it is determined that the session key is valid, the information is sent to the controller 32a. The control unit 32a regenerates the connection URL by removing the session key from the accepted connection URL for identification, and sends it to the host server 10 via the input / output unit (S311).
6). As a result, predetermined information is sent from the host server 10 to the mobile phone T. In other words, in this embodiment, the data transmission of the information from the host server 10 and the authentication process are performed integrally.

The authentication device 10 determines whether or not the mobile phone T1 has requested to browse further information (S311).
7). When further information is requested (S3117: Y
In es), the above processing is repeated. In this embodiment, the session key is then regenerated and overwritten. By generating a session key each time a request for access to information is made, authentication can be made more secure. If there is no request for further information (S3117: No), the authentication process ends.

Incidentally, it is also possible to perform processing such that the session key recorded in the recording section 32f is not overwritten each time the identification connection URL is transmitted. That is, it is possible to carry out an authentication process in which the above-mentioned authentication is performed only in the case of an access request for the first information, and in the case of the subsequent procedure, only the process after the session key generation is repeated. In such a case, it is necessary to monitor whether or not a predetermined time has elapsed since the last access request to the predetermined information, and if the predetermined time has elapsed, disable the session key. You can This management is performed by the identification information control unit 32e described above.
Can be performed by writing a stop flag in the stop flag recording area of the recording unit 32f. Identification information control unit 3
2e may also delete the session key at the same time.

It should be noted that, in the case where the authentication device is recognized that the user ID and the password are valid and the telephone number of the CTI device 5 is sent to the mobile phone T1, the mobile phone T1.
If there is an access request from a mobile phone T1 other than the mobile phone T1 earlier than the mobile phone T1 and impersonation is performed using the user ID and password of the user of the mobile phone T1, the mobile phone T1 The user cannot access. In such a case, the user of the mobile phone T1 may call again and regenerate the session key.

Returning to FIG. 12, after that, the occurrence of a click event is waited for (S304), and if a click event occurs, the content thereof is determined (S305). If the click event is "reception", reception processing is performed according to the procedure of FIGS. 15 to 20 (S306). If it is “transmission”, transmission processing is performed according to the procedure of FIG. 21 (S307). If the result is "search", the search process is performed according to the procedure of FIGS. 22 to 24 (S308). If it is "scheduled", schedule processing is performed in the procedure of FIGS. 25 and 26 (S309). When these processes are completed, the process returns to step S302. Even when each of these processes is executed, the above authentication process is repeated. Hereinafter, the contents of the reception process, the transmission process, the search process, and the schedule process will be described in detail.

= Reception Processing = The reception processing of S306 will be described. In the receiving process,
As shown in FIG. 15, the data is sorted in the descending order by the reception date of the inbox of the mobile phone, and the data numbers are sequentially numbered from "+1" from 1 (S401). Ten items of sorted data are selected in ascending order, and the first item is set to START (first data number, the same applies hereinafter) (S402). afterwards,
Display the selected data in the reception list display area (S
403). In the reception list display area, as shown in FIG.
As shown in (d), the subject area 54 and the fee area 55 representing the fee information required to receive the case are displayed as a pair. By displaying the charge information required for reception in this way, the operator of the mobile phone can be informed of the size of the data and the cost at that time. The mobile phone operator (that is, the employee) looks at the title of the subject and the amount of charge to determine whether the content is worth the cost of reading, or guesses the time required for receiving from the amount of charge You will be able to determine if you should read now or later. In addition, a large amount of data, such as 20,000 words, is sent while being automatically divided by the webmail function, so you can view it halfway and stop browsing the divided mails thereafter. Morphology is also possible. Selection buttons of "previous" and "next" are also displayed at the bottom of the reception list display area. The generation of a click event is waited for (S404), and if a click event has occurred, its content is determined (S405). If the click event is "Next", "+9" is set to START (S406) and S
Select 10 from TART. When START is less than 10, only existing data is displayed (S40
7). If the click event was "Previous",
"-9" is set to START (S408) and STAR
Select 10 from T. When START is less than 10, "1" is set to START (S409). If the click event is "document number", received text display processing is performed (S410).

The details of the received sentence process of S410 are as shown in FIG. When it is detected that the operator of the mobile phone clicks the desired document number on the display (S50
1) The document having the clicked document number is displayed on the display unit (S502). The display at this time is, for example, FIG.
It becomes like (e). If there is an attached document, a notification indicating its existence is displayed on the display unit. This depends on the web mail server function of the host server 10. When the attached document is a table object or bitmap data, by clicking the notation of the attached document, it can be displayed as an HTML document in accordance with the size of the display area. Further, assuming that the number of destinations of a document is large, the destination portion in the frame of the received sentence is not displayed in advance. As a result, only the text can be displayed on the display unit of the mobile phone. However, the destination information is managed by the host server 10 side, so if you want to confirm the destination from the mobile phone, you can specify it from the browser screen (prepare icons or command characters). , Can be displayed. In the case of received sentence processing, "Delete", "Reply",
The "transfer" and "FAX" selection areas 56 are displayed. Waiting for a click event to occur (S503), and if a click event has occurred, determine its content (S50).
4). For the click event, "Delete" processing (S50
5), "Reply" processing (S506), "Transfer" processing (S5)
07) and "FAX" processing (S508).

FIG. 17 shows the procedure of the "deletion" process in step S505, that is, the process when "delete" is selected in the display contents of FIG. 27 (e). While deleting the current document (S601), "Delete
“D” is displayed (S602).

FIG. 18 shows the procedure of the "reply" process in step S506, that is, the process when "reply" is selected in the display contents of FIG. 27 (e). First, a new document for reply is created (S701). Then, the sender of the received document is set as the destination (S702), the character "Re:" is added to the beginning of the subject of the received document as the subject (S703), and the new document is displayed (S70).
4). The generation of a click event is waited for (S705), and if a click event has occurred, its contents are determined (S706). If the click event is "subject", subject edit processing is performed (S707), if it is "content", document content edit processing is performed (S708), and if it is "new destination", new destination edit is performed (S709). , "CC new", a new editing process of the CC (carbon copy) destination is performed (S710). After completion of each, the process returns to S705.

If the click event determined in step S706 is "destination", destination editing processing is performed (S7).
11). At this time, a list of mobile personal destinations (personal address book) is displayed (S712). Then, the selected destination is set as "TO" (S713). afterwards,
It returns to the process of S705. When the click event is "CC", CC destination edit processing is performed (S714). At this time,
A list of mobile personal destinations (personal address book) is displayed (S715). Then, the selected destination is set as "CC" (S716). Then, the process returns to S705. If the click event is "SUBMIT", the new document is transmitted (S717), "Form processed" is displayed, and the reply process ends (S718).

FIG. 19 shows the procedure of the "transfer" process in step S507, that is, the process when "transfer" is selected in the display contents of FIG. 27 (e). Processing content (S8
01-S818) is almost the same as the case of FIG.
In S803, "FW:" is added to the beginning of the subject of the received document as the subject.
The only difference is the addition of the character. The procedure of the "FAX" process in step S508, that is, the process when "FAX" is selected in the display content of FIG. 27E is as shown in FIG. First, create a new fax document (S
901). Then, the content of the received document is set in the content column (S902), the character "FW:" is added to the beginning of the subject of the received document in the subject (S903), and the new document is displayed (S904). The generation of a click event is waited for (S905), and if a click event has occurred, its contents are determined (S906). If the click event is "Subject", subject edit processing is performed (S90
7), in the case of "FAX number", the FAX number editing process is performed (S908), and after the end, the process returns to S905. If the click event is "send", the new document is sent (S909), "Form processed" is displayed, and the FAX data sending process is finished (S910). The data thus transmitted is FAX-printed by the FAX number. The above-mentioned FAX printing may be realized as one of the functions of the DOMINO engine.
The application program for X printing may be installed in the host server 10 and may be activated by starting it at any time.

= Transmission Process = Next, the transmission process of step S307 of FIG. 12 will be described. In the transmission process, as shown in FIG. 21, a new document for transmission is created (S1001), and the new document is displayed on the display unit (S1002). Subsequent processing (S10
03 to S1016) is the same procedure as steps S707 to S718 of the reply process shown in FIG. However, the display content of the display unit of the mobile phone changes as shown in FIG.

= Search Process = Next, the search process of step S308 of FIG. 12 will be described. The search process is executed when the user selects "search" as shown in FIG. In this process, as shown in FIG. 22, first, the data in the search view is sorted in ascending alphabetical order and 10 items are selected (S1101). After that, the search list is displayed in the list display area (S1102). The generation of a click event is waited for (S1103), and if a click event has occurred, its contents are determined (S1104). If the click event is "next", the data of +10 from the tenth item on the page being displayed is set (S1105). afterwards,
The set amount of data is selected, but when the data is less than 10, only the existing data is selected (S1106).
Then, the process returns to S1102. If the click event is "Previous", from the 10th page on the page being displayed-
The data of 10 is set (S1107). After that, the set amount of data is selected, but if there is no data, the data of the current page is reselected (S1108). afterwards,
It returns to the process of S1102.

When the click event is "search list display", the contents displayed on the display unit of the mobile phone are as shown in FIG.
It changes from (a) to the keyword list searched in the past. FIG. 28B shows this state. In the figure, "ito
"h", "okada", and "suzuki" are the searched keywords. The procedure of this search list display processing is as shown in FIG. That is, the generation of a click event is waited for (S1201), and when it is detected that the first and last names of the alphabet (for example, "itoh") are clicked, all documents including the clicked first and last names are displayed (S1202, S1203). If the click event is "new keyword", the search process is performed using the new keyword. At this time, the display content of the display unit is as shown in FIG.
As shown in 8 (c), the screen changes to a new keyword input screen. As shown in FIG. 24, the process in this case waits for the occurrence of a click event (S1301), and when the click event occurs, determines the content thereof (S130).
2). If the click event is "new keyword", new keyword editing is performed (S1301), and S13.
Return to the processing of 01. Click event is "SUBMI
In the case of “T”, the keyword is transmitted (S1304),
"Form processed" is displayed and the process is terminated (S130).
5). When the search result is transmitted from the host server 10, the process proceeds to the search list display process as appropriate. The screen of the display unit changes as shown in FIG. 28D, and when an alphabet (for example, “pat”) is clicked, the screen shown in FIG.
All documents including "pat" are displayed.

= Scheduled Processing = Next, the scheduled processing in step S309 of FIG. 12 will be described. The schedule process is executed when the user selects “plan” as shown in FIG. In this process, as shown in FIG. 25, first, the data in the schedule view is sorted in descending order by date, and 10 items are selected (S140).
1). After that, the schedule list is displayed in the list display area of the display unit (S1402). FIG. 29B is an example of the list display area 60, and shows a state in which when a certain date is clicked, the time zone set for that date and a brief description are displayed. At the top of the display,
Areas for selecting “previous”, “next”, and “create” events are formed. The generation of a click event is waited for (S1403), and if a click event has occurred, the content thereof is determined (S1404). If the click event is "Next", start from the 10th item on the displayed page +
The data of 10 is set (S1405). After that, the set amount of data is selected, but when the data is less than 10, only the existing data is selected (S1406). Then, the process returns to S1402. If the click event is "Previous", -10 from the 10th item on the displayed page
Data is set (S1407). After that, the set amount of data is selected, but if there is no data, the data of the current page is reselected (S1408). After that, S1
Returning to the processing of 402. The data in the schedule view is
Only those after "Today's date" are applicable. That is,
From the schedule file 107, the schedules after the relevant date are extracted, and this is made a list (View in the DOMINO server) so that it can be viewed on the mobile phone.
By doing so, it is possible to prevent the situation in which data regarding past schedules is recorded in the mobile phone, and it is possible to effectively use the memory of the mobile phone. Host server 1 for data regarding the schedule before the date and before the current time
The schedule file 107 of 0 may be automatically deleted. In this case, since unnecessary data is sequentially deleted from the schedule file 107 (same for the local server 20), the host server 10
There is an advantage that the memory area of the local server 20 can be effectively utilized at the same time and the leakage of the in-house information can be surely prevented.

When the click event is "new creation", that is, when "create" is selected in the display contents of FIG. 29 (c), the process proceeds to new creation processing of the schedule list. FIG. 26 is a procedure diagram of new creation processing. In this process, first, a schedule creation menu is displayed (S150).
1). In the schedule creation menu, as shown in FIG. 29D, for example, schedule registration, conference call, event, confirmation,
An anniversary selection area 61 is formed. The user can arbitrarily select any of these. The generation of a click event is waited for (S1502), and if a click event occurs, its content is determined (S150).
3). When a specific menu is selected from the selection area 61, data is input and edited (S1504), and S1
Returning to the processing of 502. Click event is "SUBMI
In the case of “T”, the input data is transmitted (S150
5), "Form processed" is displayed and the process ends (S).
1506). FIG. 29E is a diagram showing an example of the contents of the data input area 62 when “2. convening a meeting” is selected. A brief description and time are associated with each date. The data input area 62 is adapted to be scrolled. The data thus input is reflected in the schedule file 107 of the host server 10 and further in the local server 20.

As a part of the scheduled process or as a process different from the scheduled process, a so-called “To Do list” function, that is, a function for managing the work to be performed and the work to be performed, can be operated from the mobile phone. It can also be configured to be executed when triggered. In this case, "DOMIN
This can be easily realized by additionally creating an application program in the standard scheduler function of the "O server R5".

As described above, in the in-house mail system, the host server 1 can be sent from the mobile phone from any place at any time.
You can access the company information that 0 manages. There are various modes of access as described above, and it is as if the access was made from a fixed terminal inside the intranet LN or a client terminal of the local server 20. Since the in-house information of the host server 10 is the same as that of the local server 20 connected via the dedicated line network PN, it is possible to indirectly contact the person connected to the network to which the local server 20 belongs. , It becomes possible to operate groupware efficiently.

In this system, reception processing,
The information transmitted from the host server 10 to the mobile phone when the transmission process, the search process, the schedule process, and the like are executed is monitored by the control unit 32a. This monitoring is performed, for example, by the control unit 32a extracting the connection URL of the page browsed by the user. By extracting such information, the control unit 32a generates transmission information that is information about what information was transmitted from the host server 10 to the mobile phone, that is, which page the user viewed. Then, for example, the recording unit 32a
And the like on a predetermined recording medium. This transmission information is recorded for each mobile phone, and is recorded in the control unit 32a while clarifying the corresponding mobile phone.

This transmission information can be used, for example, as data for charging each mobile phone. In addition, in order to reduce the effort when the user accesses the host server 10,
It can also be used as follows. That is, the transmission information is used to display the menu screen on the display unit of the mobile phone. In this case, if there is an access request and the mobile phone requesting the access is authenticated as a legitimate mobile phone, for example, the following processing may be executed. First, of the recorded transmission information, the control unit 32a reads from the recording unit 32f the transmission information regarding the mobile phone that has made the access request. Then, the control unit 3
The data 2a generates data for displaying a predetermined image on the display unit of the mobile phone, and sends the data to the mobile phone via the input / output unit 31. Based on this, a predetermined menu image is displayed on the display unit of the mobile phone. The displayed menu image has the same form as that of FIG. 29A, but the menu displayed there is different for each mobile phone.

<Application Example 2: Remote Application Operating System> The network system of the present invention can be applied as a remote application operating system instead of the in-house mail system or together with the in-house mail system. The configuration in this case is basically the same as in the case of the in-house mail system, but a predetermined application program, for example, a search program for performing information search from an external database that is not a common file, a common file A printing program that automatically prints specific information inside, a point that an automatic control program for in-house office equipment, etc. are installed, and a web image screen displayed on the mobile phone displays the operation image for starting the application program on the web mail screen. They are different in that they are formed on the screen, or special commands can be input.

In operation, a person who has a mobile phone accesses the host server 10 by selecting an operation image on a browser screen, for example. The host server 10 decodes the content of the command corresponding to this access, notifies the content of the command to the local server 20, and activates and executes the corresponding application program. After the application program is executed, the host server 10 acquires information on the execution result from the local server 20 and notifies the mobile phone of the acquired information.
By doing so, not only the transfer of the in-house information but also the in-house application program can be remotely activated from the mobile phone, so that a highly expandable in-house network system can be easily constructed.

In this embodiment, it is assumed that the network forming the housing is the intranet LN, but any network can be used as long as it can be protected by a firewall. The housing can be configured in a normal local network. Also, as a preferred embodiment, the case where the mobile phone passes through the firewall 11 has been described, but even if the access is made from the mobile phone T1 through the Internet IN, the firewall 11 is allowed to pass through under the certain conditions. Can be configured as follows. However, in this case, access from an unspecified user connected to the Internet IN is permitted, and it is necessary to keep in mind that the load on the firewall 11 is heavy. << Modification >> The authentication server 1 described above can be replaced with the following, and the network described above can be configured using the authentication server.
In addition, in the configuration of this authentication server, the above-mentioned authentication server 1
Parts that are in common with and will be assigned the same reference numerals. This authentication server is also realized by the server body and a computer program recorded on a computer-readable recording medium. This program may realize various functions required of the authentication server by the cooperation of the program and the hardware of the computer, or in addition to these, it may be realized by the cooperation of other programs held by the computer. Anything is fine.

It is a functional block diagram formed by the CPU of the server main body reading and executing the above computer program. Also in this authentication server, the input / output unit 31 and the processing unit 32 are formed. Input / output unit 31
Performs communication with the mobile phone T1, the host server 10, or the CTI device 5 while controlling the input and output of data, as in the case described above.

The processing section 32 performs authentication and processing related to the authentication as in the case described above, and can exchange data with the input / output section 31. As in the case described above, the processing unit 32 in this embodiment, as shown in FIG. 7, has a control unit 32a and a user identification information determination unit 32.
b, terminal identification information generation unit 32c, terminal identification information determination unit 3
2d, an identification information control unit 32e, and a recording unit 32f.

Control unit 32a, user identification information determination unit 32
b, terminal identification information generation unit 32c, terminal identification information determination unit 3
2d, each function of the identification information control unit 32e is substantially the same as the case of the authentication server 1 described above, and the content recorded in the recording unit 32f is the same as the case of the authentication server 1 described above.

Differences are as follows. First, unlike the above-described authentication server 1, the control unit 32a of this authentication server does not have a function as a notification unit. When using the network system including this authentication server, C
Since the telephone number of the TI device 5 is notified to each of the users in advance by e-mail, for example, C
This is because it is not necessary to notify the telephone number of the TI device 5. The control unit 32a of the authentication server determines that the user identification information (user ID and password) received from the mobile phone T1 is valid.
When the terminal identification information determination unit 32d determines that the session key included in the identification connection Url received by the terminal 2b is valid, the mobile phone T1
Has a function of transmitting connection information requested to be accessed by the host server 10 in which the information is recorded. Here, the user identification information determination unit 32b determines that the user identification information received from the mobile phone T1 is valid, and the terminal identification information generation unit 32c generates the session key, whichever comes first. It doesn't matter if it is done at Finally, the user identification information determination unit 32b determines that the user identification information is valid, and if the session key included in the accepted connection for identification Url is valid, the terminal identification information determination unit. When 32d determines, the control part 32a performs the above-mentioned permission.

The network system including this authentication server can provide the same service as the above-mentioned network system. The difference is the process for login authentication. Login authentication realized using this authentication server will be described in detail with reference to FIGS. 30 and 31. FIG. 30 is a diagram showing a procedure of login authentication processing. As described above, the session key unique to each mobile phone T1 is used for the authentication in this embodiment, and this session key is given to each user terminal T1 by the authentication server S1. The authentication process is performed as follows.

First, the user dials the previously notified telephone number on the mobile phone T1 to call the CTI device 5. When a call is made from the mobile phone T1 to the CTI device 5, the CTI device 5 detects the telephone number of the mobile phone T1 that has made a call. This information about the telephone number is sent to the authenticator and accepted by the authenticator (S3201). This information is sent from the input / output unit 31 to the terminal identification information generation unit 32c. The terminal identification information generation unit 32c determines whether or not the telephone number indicated by the information is recorded in the recording unit 32f (S320).
2) If the telephone number indicated by the received information is recorded (S3202: Yes), a session key is generated, and the session key associated with the telephone number in the recording unit 32f is generated. The data is recorded in the recording area for recording (S3203). The recording method is as shown in FIGS. 8 and 9. If the telephone number indicated by the received information is not recorded, it is determined that the access is unauthorized (S3204), and the authentication process is stopped (S3205).

Next, the user connects the mobile phone T1 to the authentication server S1 (S3206). In this case, the Url of the connection destination of the mobile phone T1 may have been notified to the mobile phone T1 in advance by some means. However, in order to enhance the security of authentication, the following Url may be used.
That is, when the telephone number accepted by the authentication device is valid and the above-described session key is generated, the Url notified to the mobile phone T1 by e-mail may be used. The Url in this case may be generated by, for example, the control unit 32a of the authentication device when the session key is generated. Further, in this case, the e-mail address for transmitting the above-mentioned Url is recorded in advance in the recording unit 32f in association with the user ID. The session key of the mobile phone T1 is embedded in Url in this case. This processing is performed by the controller 32a in this embodiment. When such a connection is made, a login screen is displayed on the screen of the mobile phone T1. The login screen is displayed on the display unit when the mobile phone 1 receives the image data generated and transmitted by the control unit 32a. The login screen is, for example, as shown in FIG. This login screen has a user ID and password input area 51.
Is displayed. The user inputs a user ID and password previously assigned to the user in the input area 51 according to the instruction on the screen. The data about the entered user ID and password is the mobile phone T1.
Is sent to the authentication server 1 (S3207). This data is sent to the user identification information determination unit 32b in the processing unit 32 via the input / output unit 31.

User identification information determination unit 32b (see FIG. 7)
Determines whether the received user ID and password indicated by the data matches any one of the user ID and password pairs recorded in advance in the recording unit 32f (S3208). User identification information determination unit 32b
Indicates that the user ID and password indicated by the received data have been previously recorded in the recording unit 32f.
If it matches with either D or password (S32)
08: Yes), and determines that the user who requested the access is valid (S3209). The user ID and password indicated by the received data are stored in the recording unit 32.
If none of the set of user ID and password prerecorded in f matches (S3208: No), it is determined that the access is invalid. In this case, the process returns to the data input and transmission process (S3207) for the user ID and password, and the process is performed again. The limitation on the number of times of processing is the same as in the above case.

When it is determined that the user who requested the access is valid (S3209), the user identification information determination section 32b sends information indicating that to the control section 32a.

Next, the control unit 32a accesses the host server 10 to acquire the connection URL in the range indicated by the range information, and acquires the connection URL. As shown in FIG. 9, when the connection URL is recorded in the recording unit 32f, the acquisition of the connection URL from the host server 10 can be omitted. Next, the control unit 32a acquires the acquired connection UR.
The connection UR for identification by embedding the above-mentioned session key in L
L is generated (S3210).

Next, the authentication server 1 sends the identification connection URL in which the session key is embedded to the mobile phone T1 (S3211). Based on this identification connection URL, a top menu including a character string corresponding to each identification connection URL is displayed on the display unit of the mobile phone as shown in FIG. 14D. The user operates the input unit of the mobile terminal T1 as appropriate to select from the menus "1. reception", "2. transmission", "3. search", "4. plan", and "5. password change". Select one. The identification connection URL corresponding to the selected menu is set to the mobile phone T1.
Is transmitted via the public communication network DN. Authentication server 1
Accepts this identification connection URL (S321)
2). The connection URL for identification is the terminal identification information determination unit 32d.
Sent to. Based on the received connection URL for identification,
The terminal identification information determination unit 32d determines the validity of the session key (S3213). Information about the user ID and password is added to the header of the identification connection URL sent from the mobile phone T1, for example. The terminal identification information determination unit 32d receives the identification connection UR
A set of a session key, a user ID, and a password is extracted from the information of L, and the set is compared with the set of the session key, the user ID, and the password recorded in the recording unit 32f, and the session key and the user ID that all match.
And a password pair exists (S321).
3: Yes), it is determined that the session key is valid (S3214), and if there is no such set (S32).
13: No), the access is determined to be unauthorized (S3204), and the authentication process is stopped (S320).
5).

When it is determined that the session key is valid, the information is sent to the control unit 32a. The control unit 32a regenerates the connection URL by removing the session key from the accepted connection URL for identification, and sends it to the host server 10 via the input / output unit (S321).
5). As a result, predetermined information is sent from the host server 10 to the mobile phone T. In other words, in this embodiment, the data transmission of the information from the host server 10 and the authentication process are performed integrally.

The authentication device 10 determines whether or not the mobile phone T1 has requested to browse further information (S321).
6). When further information is requested (S3216: Y
In (es), the process after recording the session key (S3203) is repeated. If there is no request for further information (S3216: No), the authentication process ends.

In the processing using this authentication server, a call is made to the CTI device 5, the processing from (S3201) to (S3203) until the session key is generated, and the mobile phone T1 is connected to the authentication server. , (S3206) to (S32) until the validity of the user identification information is determined.
The order of the processing of 08) may be reversed.

[0109]

As is apparent from the above description, according to the present invention, "spoofing" can be surely prevented. In addition, existing mobile phones can be used as they are for the application.

[Brief description of drawings]

FIG. 1 is a diagram showing an example of the overall configuration of a network system to which the present invention is applied.

FIG. 2 is a diagram showing a detailed configuration example of an intranet.

FIG. 3 is a diagram showing a configuration example of a router.

[Fig. 4] N provided in a router outside the intranet
6A and 6B are explanatory views of the contents of an AT table, in which FIG. 7A is an example in which data is routed from a public communication network to a firewall, and FIG. .

FIG. 5 is a functional configuration diagram of a host server using a DOMINO server.

FIG. 6 is an explanatory diagram showing a mechanism of replication executed between a host server and a local server.

FIG. 7 is a functional block diagram showing the configuration of an authentication server.

FIG. 8 is an explanatory diagram for explaining data recorded in an information recording unit of the authentication server.

FIG. 9 is an explanatory diagram for explaining another example of data recorded in the information recording unit of the authentication server.

FIG. 10 is an explanatory diagram of a procedure for copying a personal address book for about 10 people from the in-house address book.

FIG. 11 is an explanatory diagram of a procedure for copying a personal address book to a mail file.

FIG. 12 is an explanatory diagram of a procedure when an employee accesses a host server.

FIG. 13 is a procedure explanatory view for explaining a flow of processing executed by the authentication server at the time of authentication.

14 (a), (b), (c), and (d) are diagrams showing examples of display screens displayed on the display unit of the mobile phone during the authentication process.

FIG. 15 is an explanatory diagram of a procedure of reception processing.

FIG. 16 is an explanatory diagram of a procedure of received sentence processing.

FIG. 17 is an explanatory diagram of a procedure of deletion processing.

FIG. 18 is an explanatory diagram of a procedure of reply processing.

FIG. 19 is an explanatory diagram of a procedure of transfer processing.

FIG. 20 is an explanatory diagram of a FAX processing procedure.

FIG. 21 is an explanatory diagram of a procedure of transmission processing.

FIG. 22 is an explanatory diagram of a procedure of search processing.

FIG. 23 is an explanatory diagram of a procedure of search list display processing.

FIG. 24 is an explanatory diagram of a procedure of new keyword processing.

FIG. 25 is an explanatory diagram of a procedure of scheduled processing.

FIG. 26 is an explanatory diagram of a procedure of a schedule list new creation process.

FIG. 27 is a diagram showing an example of a display screen on a display unit of a mobile phone, where (a) is a login screen, (b) is a main screen, (c) and (d) are screens during reception processing, and (e). Is a document display screen, and (f) is a screen during transmission processing.

FIG. 28 (a) is a main screen showing that a search is selected, (b) is a screen during search processing, (c) is a new keyword input screen, and (d) is a search result by the new keyword. Is a list screen, and (e) is a document display screen after the search.

FIG. 29 (a) is a main screen showing that a schedule is selected, (b) is a screen of a list display area of a schedule list, (c) is a schedule creation menu selection screen, and (d) is a schedule. It is a data input screen for new creation of a list.

FIG. 30 is a procedure explanatory view for explaining a flow of processing executed by the authentication server according to the modified example during authentication.

[Explanation of symbols]

LN Intranet WN wireless network MN mobile phone network DN public communication network PN leased line network IN Internet T1 mobile phone (mobile phone) Sa to Se segment 10, 10a to 10e Host server 1 Authentication server 31 Input / output section 32 processing unit 32a control unit 32b User identification information determination unit 32c terminal identification information generation unit 32d terminal identification information determination unit 32e identification information control unit 32f recording unit 101 CPU 102 RAM 103 ROM 104 mail file 105 employee database 106 document database 107 Schedule file 108 Communication adapter 11 firewall 12, 13, 14 router 14 Switching hub 20, 20a, 20b Local server 30,40 DNS

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04M 11/00 302 H04L 9/00 673A 673B F term (reference) 5B085 AE01 AE23 BC01 5J104 AA07 KA01 KA02 KA07 MA04 NA03 PA02 5K067 AA32 BB04 DD17 FF07 HH22 HH23 HH24 KK15 5K101 LL12 MM07 PP03

Claims (20)

[Claims] 1. When a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device, whether the mobile phone is valid or not. A device for performing such authentication, and requesting access to predetermined information and recording means in which the user identification information and the telephone number of the mobile phone used by each user are recorded in association with each other. The user identification information of the user who uses the mobile phone is received from the mobile phone, and the received user identification information is compared with the user identification information recorded in the user identification information recording means to confirm that the user identification information is valid. User identification information determining means for determining whether or not the received mobile phone information is determined to be valid. A notification means for notifying the telephone number of a predetermined caller number detection device that detects the telephone number of the mobile phone by accepting a telephone call from the mobile phone number; Is received, and when the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is distinguished from other mobile phones and Terminal identification information generation means for recording the terminal identification information that can be added to the connection information in the recording means in association with the telephone number of the mobile phone, and connection information for accessing the predetermined information An identification connection information transmitting means for generating the identification connection information by embedding the terminal identification information in the mobile terminal and transmitting the generated identification connection information to the mobile phone; The identification connection information specified by the mobile phone that has received the information is accepted, and the terminal identification information included in the accepted connection information for identification is compared with the terminal identification information recorded in the recording unit. Terminal identification information determining means for determining whether or not the terminal identification information is valid, and the mobile phone accesses if the terminal identification information included in the accepted connection information for identification is valid. And a permitting means for transmitting the connection information requested to the predetermined information recording device in which the information is recorded, so that the mobile phone is allowed to access the information specified by the connection information. An authentication device. 2. The user identification information of a user who uses the mobile phone is added to the identification connection information specified by the mobile phone that has received the identification connection information.
The terminal identification information determining means stores the terminal identification information included in the identification connection information received from the mobile phone and the user identification information in the recording medium and associated with each other. The authentication device according to claim 1, wherein whether the terminal identification information is valid or not is determined by comparing with the identification information and the user identification information. 3. The authentication device according to claim 1, wherein the user identification information includes a set of an ID and a password assigned to each user. 4. The identification connection information transmitting means receives the connection information from the information recording device, and embeds the terminal identification information in the connection information to generate identification connection information. The authentication device according to claim 1. 5. The authentication apparatus according to claim 1, further comprising identification information control means for stopping or canceling the use of the terminal identification information. 6. The identification information control means stops the use of the terminal identification information for the mobile phone when a request for accessing the predetermined information from the mobile phone is not made for a predetermined time. The authentication device according to claim 5. 7. The terminal identification information generating means generates new terminal identification information each time a mobile phone is permitted to access predetermined information, and associates the new terminal identification information with the telephone number of the mobile phone. The authentication device according to claim 1, wherein the terminal identification information recorded as above is overwritten. 8. The content that the information to be accessed by the mobile phone exists in a predetermined network requiring security and is common to at least a part of a file existing outside the network. The authentication device according to any one of claims 1 to 7, wherein the authentication information is record information of a common file maintained in. 9. An authentication for authenticating whether or not a first server storing information accessible by a mobile phone and a mobile phone trying to access the information recorded in the first server are valid or not. A first device, the first server retrieves relevant information in response to an access from a legitimate mobile phone, and sends the retrieved information to the mobile phone that is the originator of the access. The authentication device is a recording unit that records the user identification information and a mobile phone number used by each user in association with each other, and a mobile device that requests access to predetermined information. The user identification information of the user who uses the mobile phone is received from the telephone, and the received user identification information is compared with the user identification information recorded in the user identification information recording means. User identification information determination means for determining whether or not the user identification information is valid, and if the received user identification information is determined to be valid, the mobile phone receives a call from the mobile phone. A notification means for notifying the telephone number of a predetermined caller number detecting device that detects the telephone number of the mobile phone, and accepts information about the telephone number of the mobile phone that made the call from the caller number detecting device At the same time, when the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is distinguished from other mobile phones and is added to the predetermined connection information. Terminal identification information generating means for recording the terminal identification information that is enabled in the recording means in association with the telephone number of the mobile phone, and for accessing the predetermined information. The connection information for access is embedded in the terminal identification information to generate connection information for identification, and the connection information transmitting means for identification transmits the generated connection information for identification to the mobile phone, and the connection information for identification is accepted. The identification connection information designated by the mobile phone is accepted, and the terminal identification information included in the accepted connection information for identification is compared with the terminal identification information recorded in the recording means to identify the terminal. A terminal identification information determination unit that determines whether the information is valid, and a connection that the mobile phone requested to access when the terminal identification information included in the received connection information for identification is valid. The information is recorded in the first
And a permitting means for transmitting to the server, wherein the mobile phone is permitted to access the information specified by the connection information. 10. The first server is connected to a second server existing outside the network by a leased line or a virtual leased line in the network, and the first server and the second server are respectively connected to the second server. At least a part of the record information has a common file in which the contents are maintained in common with each other, and the authentication device is a valid mobile phone that attempts to access the record information of the common file of the first server. 10. The network system according to claim 9, which authenticates whether or not it is. 11. Each of the first server and the second server sends difference data before and after the change to the other server when the record information of its own common file is changed, and from the other server. The network system according to claim 10, wherein when the difference data is received, a copy task of copying the difference data to its own common file is automatically executed. 12. The network system according to claim 10, wherein a plurality of the first servers are provided, and the second server is provided corresponding to each of the plurality of the first servers. 13. The extracting device, wherein the authentication device extracts information transmitted from the first server to the mobile phone,
Transmission information recording means for recording, for each mobile phone, data regarding transmission information indicating what information has been transmitted,
The network system according to claim 10, further comprising: 14. The sending information, wherein the authentication device generates data for displaying sending information about the mobile phone on the display of the mobile phone, based on the data recorded in the sending information recording means. The network system according to claim 10, further comprising presenting means. 15. When a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device, whether the mobile phone is valid or not. A method for causing an authentication device including a predetermined computer to execute the authentication, wherein the computer executes at least the following steps. (1) A process of correlating the user identification information with a telephone number of a mobile phone used by each user and recording the information in a predetermined recording means, (2) From a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means (3) When the received user identification information is determined to be valid, the mobile phone receives a phone call from the mobile phone to detect the phone number of the mobile phone. The process of notifying the telephone number of the caller number detecting device of (4) receiving information about the telephone number of the mobile phone making the call from the caller number detecting device. With kicking, if the telephone number identified are recorded in the recording means by the information,
The mobile phone specified by the information is distinguished from other mobile phones, and the terminal identification information that can be added to the predetermined connection information is associated with the phone number of the mobile phone. (5) The terminal identification information is embedded in the connection information for accessing the predetermined information to generate identification connection information, and the generated identification connection information is transmitted to the mobile phone. process,
(6) The identification connection information specified by the mobile phone that has received the identification connection information is received, and the terminal identification information included in the received identification connection information and the terminal recorded in the recording unit are received. A process of comparing with the identification information to determine whether the terminal identification information is valid, (7)
A process of transmitting the connection information requested by the mobile phone to access when the terminal identification information included in the received identification connection information is valid, to a predetermined information recording device in which the information is recorded. . 16. When a mobile phone used by a user to whom predetermined user identification information is assigned to a predetermined computer accesses predetermined information stored in a predetermined information recording device, the mobile phone is authorized. A computer-readable program for causing the computer to function as an authentication device by executing the following processing for authenticating whether or not the computer is the one. (1) A process of correlating the user identification information with the telephone number of a mobile phone used by each user to record in a predetermined recording means, (2) from a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means (3) When it is determined that the received user identification information is valid, the mobile phone accepts a call from the mobile phone to detect the phone number of the mobile phone. (4) Receive information about the telephone number of the mobile phone that originated the call from the caller number detection device With kicking, if the telephone number identified are recorded in the recording means by the information,
The mobile phone specified by the information is distinguished from other mobile phones, and the terminal identification information that can be added to the predetermined connection information is associated with the phone number of the mobile phone. Processing for recording in recording means, (5) Embedding the terminal identification information in the connection information for accessing the predetermined information to generate identification connection information, and transmitting the generated identification connection information to the mobile phone. processing,
(6) The identification connection information designated by the mobile phone that has received the identification connection information is accepted, and the terminal identification information included in the accepted identification connection information and the terminal recorded in the recording unit are received. A process of comparing with the identification information to determine whether the terminal identification information is valid, (7)
A process of transmitting connection information requested to be accessed by the mobile phone when the terminal identification information included in the received identification connection information is valid, to a predetermined information recording device in which the information is recorded. . 17. Whether or not the mobile phone used by the user to which the predetermined user identification information is allocated accesses the predetermined information held by the predetermined information recording device, and whether the mobile phone is valid or not. A device for performing such authentication, and requesting access to predetermined information, and recording means in which the user identification information and the mobile phone number used by each user are recorded in association with each other. The user identification information of the user who uses the mobile phone is received from the mobile phone, and the received user identification information is compared with the user identification information recorded in the user identification information recording means to confirm that the user identification information is valid. And a predetermined caller number for detecting the telephone number of the mobile phone by accepting a call from the mobile phone. When the telephone number specified by the information is recorded in the recording means while receiving the information about the telephone number of the calling mobile phone from the number detecting device, the mobile telephone specified by the information is displayed. Generation of terminal identification information that distinguishes it from other mobile phones and records the terminal identification information that can be added to the predetermined connection information in the recording means in association with the telephone number of the mobile phone. Means for generating connection information for identification by embedding the terminal identification information in the connection information for accessing the predetermined information, and transmitting the connection information for identification, which has been generated, to the mobile phone. Receiving the identification connection information specified by the mobile phone that has received the identification connection information, and the terminal identification information included in the received identification connection information, The terminal identification information determining means for comparing the terminal identification information recorded in the recording means to determine whether the terminal identification information is valid, and the received user identification information is valid When the user identification information determination means determines that the terminal identification information included in the received connection information for identification is valid, the mobile phone requests access. And a permitting means for transmitting the connection information to a predetermined information recording device in which the information is recorded, and the mobile phone is allowed to access the information specified by the connection information. Become an authentication device. 18. A unit for recording an electronic mail address used by each user in association with the user identification information assigned to each user; and the user identification information determination unit, wherein the user identification information is valid. When the determination is made, authentication connection information for connecting to the authentication information for authenticating the legitimacy of the user to which the user identification information is allocated is generated by embedding the terminal identification information associated with the mobile phone. And a means for transmitting an e-mail in which the authentication connection information is recorded to the e-mail address of the user, wherein the user who receives the e-mail sends the mobile phone to the authentication information by the authentication information connection information. 18. The authentication device according to claim 17, wherein the user identification information of the user is input when the user is connected to. 19. When a mobile phone used by a user to which predetermined user identification information is assigned accesses predetermined information held by a predetermined information recording device, whether the mobile phone is valid or not. A method for causing an authentication device including a predetermined computer to execute the authentication, wherein the computer executes at least the following steps. (1) A process of correlating the user identification information with a telephone number of a mobile phone used by each user and recording the same in a predetermined recording means, (2) From a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means In the process of determining (3), while accepting information about the telephone number of the mobile phone that made the call, from a predetermined caller number detection device that detects the telephone number of the mobile phone by receiving the call from the mobile phone, If the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is separated from other mobile phones. And (4) a step of recording the terminal identification information, which is capable of being added to the predetermined connection information, in the recording means in association with the telephone number of the mobile phone, (4) A process of generating the identification connection information by embedding the terminal identification information in the connection information for access, and transmitting the generated identification connection information to the mobile phone, (5) the mobile phone accepting the identification connection information Accept the connection information for identification specified in, and compare the terminal identification information contained in the received connection information for identification with the terminal identification information recorded in the recording means, and confirm that the terminal identification information is valid. (6) The accepted user identification information is determined to be valid, and the terminal identification information included in the accepted connection information for identification is valid. If it is determined as it is, the process of transmitting the connection information to the mobile phone has requested access, the predetermined information recording device to which the information is recorded. 20. When a mobile phone used by a user, who is assigned predetermined user identification information to a predetermined computer, accesses predetermined information held by a predetermined information recording device, the mobile phone is authorized. A computer-readable program for causing the computer to function as an authentication device by executing the following processing for authenticating whether or not the computer is the one. (1) A process of correlating the user identification information with the telephone number of a mobile phone used by each user to record in a predetermined recording means, (2) from a mobile phone requesting access to predetermined information Whether or not the user identification information of the user who uses the mobile phone is accepted and whether the received user identification information is compared with the user identification information recorded in the user identification information recording means And (3) accepting information about the telephone number of the originating mobile phone from a predetermined caller number detection device that detects the telephone number of the mobile telephone by accepting the call from the mobile telephone. If the telephone number specified by the information is recorded in the recording means, the mobile phone specified by the information is separated from other mobile phones. And (4) a process of recording the terminal identification information, which is capable of being added to the predetermined connection information, in the recording means in association with the telephone number of the mobile phone, and (4) the predetermined information. A process of embedding the terminal identification information in the connection information for access to generate identification connection information and transmitting the generated identification connection information to the mobile phone, (5) the mobile phone that has received the identification connection information Accept the connection information for identification specified in, and compare the terminal identification information contained in the received connection information for identification with the terminal identification information recorded in the recording means, and confirm that the terminal identification information is valid. (6) It is determined that the received user identification information is valid, and the terminal identification information included in the received identification connection information is valid. If it is determined as it is, the connection information that the mobile phone has requested access, and transmits the predetermined information recording device to which the information is recorded processed.