JP2003050781A - Device and method for authenticating individuals, device and method for managing version, program for making computer execute individual authenticating method and program for making computer execute the version managing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To more smoothly achieve the so-called 'single sing-on' in a plurality of applications, by unifiedly managing individual authentication information and using the unifiedly managed authentication information. SOLUTION: A client PC 200 is provided with an authentication core 503, which displays authentication image to which an ID number and a password are entered, requests authentication information from an authentication database 331 for storing the authentication information composed of information for authenticating an individual, on the basis of the inputted ID number and the password, acquires the authentication information from the authentication database 331 and temporarily stores the authentication information, and a WF manager 504 for starting an optional application program (WF business module) on the basis of the temporarily stored authentication information, a GUI controller 505, a WF business module 506, etc., and authenticates a plurality of applications with a single input of an ID number and a password.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an individual authentication device for authenticating an individual, an individual authentication method, a program for causing a computer to execute the individual authentication method, a version management device for managing a version of the individual authentication program, a version management method, And a program that causes a computer to execute the version management method.

[0002]

2. Description of the Related Art Conventionally, in order to ensure security,
In an in-house system consisting of multiple systems,
In order to start the application of each system,
It was necessary to perform personal authentication processing.

Generally, a personal authentication program (module)
Is often provided individually on each system side and managed individually. Therefore, the authentication screen is displayed for each system, and you have to enter the ID number and password each time, and the operation is complicated. There was a problem that Therefore, personal authentication program (module)
The above-mentioned problem can be solved by installing the above-mentioned on the PC of each client and centrally managing the individual authentication information by the authentication database connected via the network.

[0004]

However, in order to maintain the latest version of the personal authentication program (module) installed in the PC of each client, each individual upgrades many clients at the same time. Is difficult. Further, if each individual downloads a new program (module) for each version upgrade and installs the downloaded program (module) to each client, the work efficiency of the entire company is reduced. was there.

The present invention has been made in order to solve the above-mentioned problems, and centrally manages personal authentication information, and uses so-called single sign-on to manage so-called single sign-on in a plurality of applications. A personal authentication device and a personal authentication method that can be realized more smoothly.
It is intended to provide a program that causes a computer to execute a personal authentication method.

Further, according to the present invention, a version management device, a version management method, and a version management method capable of efficiently upgrading a personal authentication program (module) and the like without burdening a user are executed on a computer. The purpose is to provide a program to let you.

[0007]

In order to solve the above-mentioned problems, the personal identification device according to the invention of claim 1
Based on the ID number and the password input by the input means, the authentication information is input to the input means for inputting the D number and the password and the authentication information database storing the authentication information including the information for authenticating the individual. Requesting authentication information requesting means, authentication information acquiring means for acquiring the authentication information requested by the authentication information requesting means from the authentication database, and temporarily storing the authentication information acquired by the authentication information acquiring means It is characterized by comprising a storage means and an application starting means for starting an arbitrary application program based on the authentication information temporarily stored by the temporary storage means.

According to the invention described in claim 1, a plurality of applications can be authenticated by inputting the ID number and the password once.

The personal authentication apparatus according to a second aspect of the present invention is the personal identification device according to the first aspect of the invention, which is connected to the authentication database via a network and communicates with the authentication database by HTTP (Hyper Text).
It is characterized in that it is performed using Transfer Protocol).

According to the second aspect of the present invention, it is possible to realize high-speed and responsive network communication with the authentication database that stores the centrally managed authentication information.

The personal authentication apparatus according to the invention of claim 3 is the same as that of the invention of claim 1 or 2.
A version check means for checking whether the version of the currently installed application program is the latest version, which controls the start of any application program by the application start means, and a result checked by the version check means, If the version of the currently installed application program is not the latest version, download means for downloading the application program of the latest version of the currently installed application program, and the application program downloaded by the download means are provided. An overwriting means for overwriting the currently installed application program, And it said that there were pictures.

According to the third aspect of the present invention, the application program relating to personal authentication is always installed in the latest state.

Further, in the personal authentication device according to the invention described in claim 4, in the invention according to claim 3, the overwriting means activates the latest version of the application program downloaded by the downloading means. Afterwards, the currently installed application program is terminated, the currently installed application program is terminated, and then the latest version of the application program is overwritten on the currently installed application program. And

According to the invention of the fourth aspect, it is possible to efficiently and smoothly rewrite the application program relating to personal authentication.

According to the fifth aspect of the present invention, there is provided a version management device which comprises a version checking means for checking whether or not the version of the application program currently installed is the latest version, and the version checking means. As a result of the check, if the version of the currently installed application program is not the latest version, download means for downloading the latest version of the application program of the currently installed application program, and download by the download means. And a means for overwriting the installed application program over the currently installed application program. And butterflies.

According to the invention of claim 5, the application program is always installed in the latest state.

Further, in the version management apparatus according to the invention described in claim 6, in the invention described in claim 5, the overwriting means activates the latest version of the application program downloaded by the downloading means. After that, the currently installed application program is terminated, and after the termination, the latest version of the application program is overwritten on the currently installed application program.

According to the sixth aspect of the invention, the application program can be rewritten efficiently and smoothly.

The personal authentication method according to the invention of claim 7 is directed to an input step of inputting an ID number and a password, and an authentication information database storing authentication information consisting of information for authenticating an individual. An authentication information requesting step of requesting authentication information based on the ID number and the password input in the inputting step, and an authentication information acquiring step of acquiring the authentication information required by the authentication information requesting step from the authentication database. And an application starting step of starting an arbitrary application program based on the authentication information acquired by the authentication information acquiring step.

According to the invention described in claim 7, a plurality of applications can be authenticated by inputting the ID number and the password once.

The personal authentication method according to an eighth aspect of the present invention is the personal authentication method according to the seventh aspect, wherein the authentication information is requested by the authentication information requesting step and the authentication information is obtained by the authentication information acquiring step. At least one of them is characterized by using HTTP.

According to the invention described in claim 8, it is possible to realize high-speed and responsive network communication with the authentication database which stores the centrally managed authentication information.

The personal authentication method according to the invention of claim 9 is the same as that of the invention of claim 7 or 8.
A version check step for checking whether the version of the currently installed application program is the latest version, which controls the start of any application program by the application start step, and the result checked by the version check step, If the version of the currently installed application program is not the latest version, the downloading step of downloading the latest version of the application program currently installed and the application program downloaded by the downloading step are performed. An overwriting step of overwriting the currently installed application program, Characterized in that I do.

According to the invention described in claim 9, the application program relating to personal authentication is always installed in the latest state.

The personal authentication method according to a tenth aspect of the invention is the personal authentication method according to the ninth aspect, wherein the overwriting step activates the latest version of the application program downloaded by the download program. And a termination step of terminating the currently installed application program after activating the latest version of the application program by the activation step, and the currently installed application program by the termination step. After finishing
The currently installed application program is overwritten with the latest version of the application program.

According to the tenth aspect of the present invention, it is possible to efficiently and smoothly rewrite the application program relating to personal authentication.

According to the eleventh aspect of the present invention, there is provided a version management method including a version check step of checking whether the version of the currently installed application program is the latest version, and the version check step. As a result of the check, if the version of the currently installed application program is not the latest version, the downloading step of downloading the latest version of the application program of the currently installed application program, and the downloading step Overwriting the installed application program over the currently installed application program, and And it features.

According to the eleventh aspect of the present invention, the application program is always installed in the latest state.

The version management method according to a twelfth aspect of the present invention is the version control method according to the eleventh aspect of the present invention, in which the overwriting step activates the latest version of the application program downloaded by the downloading step. And a termination step of terminating the currently installed application program after activating the latest version of the application program by the activation step, and the currently installed application program by the termination step. Is terminated, the latest version of the application program is overwritten on the currently installed application program.

According to the twelfth aspect of the invention, the application program can be rewritten efficiently and smoothly.

Further, a program according to the invention of claim 13 can cause a computer to execute the personal authentication method described in any one of claims 7 to 10.

Further, the program according to the invention described in claim 14 can cause a computer to execute the version management method described in claim 11 or 12.

[0033]

BEST MODE FOR CARRYING OUT THE INVENTION A personal authentication apparatus, a version management apparatus, a personal authentication method, a version management method, a program for causing a computer to execute the personal authentication method, and a version management method according to the present invention will be described below with reference to the accompanying drawings. A preferred embodiment of a program that causes a computer to execute will be described in detail.

(Functional Configuration of Personal Authentication System) First,
The functional configuration of the personal identification system including the personal identification device and the version management device according to the embodiment of the present invention will be described. FIG. 1 is an explanatory diagram showing a functional configuration of a personal authentication system according to the embodiment of the present invention.

In FIG. 1, the personal authentication system includes an online system 101 as a common authentication function 100.
And a batch system 102. The online system 101 includes, as the authentication client 103, a version management function 111, an identity confirmation function 112, an authority confirmation function 113, an integrated menu display function 114, and a log function 115.

Further, the version management function 111 includes a version check function 121, a distribution function 122, and an automatic installation function 123. In addition, the integrated menu display function 114 is the menu display function 131.
And an external APP activation function 132.

Each function 111 to 111 of the authentication client 103
Details of 132 will be described later. Further, the batch system 102 includes an authentication DB construction function 141, and periodically (for example, every day) performs batch processing to update basic information such as registration, change, and deletion of a password.

(Concept of Online System) Next, the concept of the online system of the personal identification system according to the embodiment of the present invention will be described. FIG. 2 is an explanatory diagram showing the concept of the client (apparatus) in the online system of the personal authentication system according to the embodiment of the present invention.

In FIG. 2, the client (device) 20
0 is an HT between the external server 300 shown in FIG. 3 and the WWW server and WWW client on the Internet.
A file transfer protocol FTP (FileTr) that works in an upper layer of HTTP 251 and TCP / IP protocol, which are communication protocols used for transmitting and receiving ML documents.
and a transfer protocol 252. In this way, in the internal network HTT
By using P251 and FTP252, high-speed and responsive communication can be realized.

[0040] Then, the business APP201 consisting of confirmation of additional duties, confirmation of authority, confirmation of user, etc., and the authentication client 1
And 03. The authentication client 103 uses a version check API (Application P
rogam Interface) 202 and himself /
Authority confirmation API 203 and expiration date check API 20
4 and an APP information acquisition API 205.
Then, these APIs realize the principal confirmation function 112, the version check function 121, and the (business) menu display function 131 shown in FIG. 1, as well as the expiration date confirmation function 211 and the APP information acquisition function 212.

Further, an HTTP connector 206 and a client side authentication controller (hereinafter referred to as "authentication controller (C)") 207 are provided. The client side authentication controller 207 is a client side HTTP.
API (hereinafter referred to as "HTTP API (C)") 20
8, distribution API 209, and external APP activation API 21
It has 0 and. In addition, setup. exe221
, GUI controller 222, and WF (Workfl
ow) 223, and a module (program) such as a WWW browser 224.

Here, the authentication controller (C) 207
Collaborates with an authentication controller (S) 302, which will be described later, of the external server 300, and uses the HTTP API (C).
Data communication is performed using 208. HTTP AP
The I (C) 208 is connected via the HTTP connector 206.
Version check API 202, principal / authority confirmation AP
I203, expiration date check API 204, and APP information acquisition API 205 govern communication of each information with the external server 300.

The distribution API 209 is an external APP activation AP.
I210 has the latest version of setup.
Download exe221. Setup.exe installed on each client 200. exe
Whether or not 221 is the latest version is version check A
It is determined by the PI 202. Then, the version check API 202 activates the distribution API 209 when the version does not match (not the latest version). setup. The details of the specific process of downloading the exe 221 will be described later.

The external APP activation API 210 is set up from the OS (for example, Microsoft Windows) of the client PC. In addition to the exe 221, the GUI controller 222, the WF 223, and the WWW browser 224 represented by the business menu display function 131 are activated.

Here, the setup. The exe 221 is a setup module that sets up the authentication client 103 itself, and by executing this module, the program is installed in each client.

The external APP activation API 210 causes se
tup. As a premise when starting exe221,
setup. The exe 221 needs to be the latest version.
If it is not the latest version, distribute the latest version API2
09, and the latest version of setup.exe downloaded after the download is completed. exe
221 is executed.

FIG. 3 is an explanatory diagram showing the concept of the external server in the online system of the personal authentication system according to the embodiment of the present invention. As shown in FIG. 3, the external servers are HTTP 251 and FTP 25.
2 is connected to the client 200 shown in FIG. In FIG. 3, the external server 300 includes a business controller 301, a server-side authentication controller (hereinafter referred to as “authentication controller (S)”) 302, and a server-side HTTP API (hereinafter referred to as “HTTP API (S)”).
And 345).

The authentication controller (S) 302 has an authentication D
Authentication API 321 with B331 and authority DB332
Permission API 322 with a version management DB33
Version check API 323 with 3 and APP
APP information acquisition API 324 including information DB 334
And an affiliated company code acquisition API 325 including an affiliated company code DB 335.

Further, the external server 300 is, for example,
SOLARIS341 and Netscape www /
s342, Oracle WAS343, PL / S
QL Cartridge 344 and HTTP API
(S) 345. Also, 346 is
setup. A storage area for storing the latest version of the exe 221.

(Hardware Configuration of Client Device / Server) FIG. 4 is an explanatory diagram (block diagram) showing the hardware configuration of the client device and the external server device of the personal authentication system according to the embodiment of the present invention. is there. In the block diagram of FIG. 4, the client (device)
200 is a CPU 401, a ROM 402, and a RAM 4
03, an HDD (hard disk drive) 404,
HD (hard disk) 405, FDD (floppy (registered trademark) disk drive) 406, and FD (floppy disk) 4 as an example of a removable recording medium
07, display 408, KB (keyboard) 4
09, a mouse 410, a scanner 411, a network I / F (interface) 412, and a printer 41.
3 and 3 are provided. Further, each component is connected by a bus 414.

Here, the CPU 401 controls the entire client device. The ROM 402 stores a program such as a boot program. RAM403 is
It is used as a work area for the CPU 401. HDD
404 is an HD 405 under the control of the CPU 401.
Controls data read / write to. HD40
5 stores the data written under the control of the HDD 404.

The FDD 406 controls data read / write with respect to the FD 407 under the control of the CPU 401. The FD 407 stores the data written under the control of the FDD 406. As a removable recording medium,
Other than FD407, CD-ROM (CD-RW), MO,
DVD (Digital Versatile Dis)
k) or the like. The display 408 displays a window (browser) relating to data such as a document, an image, and function information in addition to a cursor, an icon or a tool box. For example, a CRT, a TFT liquid crystal display, a plasma display, etc.

The KB 409 is provided with keys for inputting characters, numerical values, various instructions, etc., and inputs data. The mouse 410 moves the cursor, selects a range, moves a window, and changes the size. A trackball, a joystick or the like may be used as long as it has a similar function as a pointing device.

The scanner 411 optically reads an image. The network I / F (interface) 412 is
It is connected to the network 400 via a communication line, and is connected to the external server 300 via the network 400. The network I / F 412 controls the interface between the network 400 and the inside, and controls the input / output of data from / to other servers and terminal devices. The printer 413 also prints image data and document data.
For example, a laser printer, an inkjet printer, or the like.

The external server 300 (module management server 801, version management server 802 described later)
Is a CPU 451, a ROM 452, and a RAM 453.
And HDD (hard disk drive) 454 and HD
(Hard disk) 455, FDD (floppy disk drive) 456, FD (floppy disk) 457 as an example of a removable recording medium, display 458, KB (keyboard) 459, mouse 4
60, a scanner 461, a network I / F (interface) 462, and a printer 463. Further, the above-mentioned components are connected to each other by a bus 464.

(Contents of Single Sign-On Function) Next, contents of the single sign-on function will be described.
FIG. 5 is an explanatory diagram showing the single sign-on function of the personal authentication system according to the exemplary embodiment of the present invention. In FIG. 5, the client PC (apparatus) 200 includes not only the authentication client 103 but also each WF business module 50.
6 and software dedicated to gui 507.
Then, the authentication client 103 displays the authentication screen 502.
, Authentication core 503, WF manager 504, gu
i controller 505.

The authentication screen 502 is created, for example, by Visual Basic (VB) manufactured by Microsoft Corporation, and has a function of inputting authentication information such as a user ID (U-ID) and Password, and a person confirmation request function. The authentication core 503 may be, for example, Microsoft Visual Basic (VB) or Acti.
ve-X and the like, a server communication function that controls communication with the external server 300, a function of storing the user ID (U-ID), Password, etc. received by the server communication function in the memory, and a user of the memory saved. I
Each module has a function of notifying authentication information necessary for authentication based on D (U-ID), Password, and the like.

The WF manager 504 is, for example, Visual Basic (VB) or Ac manufactured by Microsoft.
Each WF business module 50 is provided with a function of requesting the authentication information required for authentication, which is created by Tive-X or the like.
Controls the activation of 6. Also, the gui controller 505
For example, Microsoft Visual Basic
(VB), the authentication information request function and Sa
p It has a user information requesting function and controls the activation of the gui-dedicated software 507. Note that Sap is ERP package software.

Further, the authentication DB 331 of the external server 300
Is connected by the server communication function of the authentication core 503, and the personal identification API (SP) 551 and the Sap user information acquisition API (SP) 552 of the authentication DB 331 are activated. SP means a store procedure (application program).

FIG. 6 is an explanatory diagram showing an example of the data structure of the authentication database shown in FIG. The data structure of the authentication database shown in FIG. 6 is “name number”, “lock counter”, “lockout”, “timeout”, “password update date”, “password (current)”, “password (one generation ago)”. , ... "Password (5 generations ago)".

Information such as a user ID is stored in the item "name number". Further, in the item of “lock counter”, information regarding the number of times the password confirmation has failed is stored. In the item “lockout”, “0” is stored in the normal case, and “1” is stored in the case that the name number cannot be used. The item "timeout" stores "0" when the password is normal and "1" when the password has expired. Also, information about passwords is stored over multiple generations. In FIG.
Although the password is stored up to 5 generations ago, the password is not limited to 5 generations ago, and may be less or more than that. Furthermore, it is desirable to store the password in encrypted form.

(Processing Procedure of Single Sign-On Function) Next, a processing procedure of the single sign-on function will be described. FIG. 7 is a flowchart showing a procedure of processing of the single sign-on function of the personal authentication system according to the exemplary embodiment of the present invention. In the flowchart of FIG. 7, first, (1) the authentication screen 502 is displayed, and the name and password are displayed on the screen (step S701). Then, after waiting for the input of the name number / password, and when those name number / password are input (step S702: Yes), (2) a request for personal authentication confirmation is made to the authentication core 503 (step S702). S703).

Next, (3) communication with the authentication DB 503 is performed using the server communication function of the authentication core 503 (step S
704), personal authentication is executed by the personal identification API 551. Then, it is determined whether or not the user ID / password is received in accordance with the personal authentication in the personal identification API 551 (step S705). Here, when the information regarding the result of the personal authentication is received, and the information regarding the result of the personal authentication is received, and it is confirmed that the user is the principal (step S705: Yes), next, (4) The user ID and password are stored in a predetermined storage area (step 706).

Next, (5) WF manager 504, g
ui controller 505, each WF business module 506
It is determined whether or not there is a request for authentication information from (step S707). Here, after waiting for the request for the authentication information, if the request is made (step S707: Yes)
Notifies the authentication information based on the user ID / password stored in the memory (step S708).

Further, it is judged whether or not there is a request for Sap user information (step S709), and if there is no request (step S709: No), nothing is done and the process proceeds to step S713. On the other hand, when (6) Sap user information is requested (step S709: Yes).
The authentication core 503 that received the request uses the server communication function to communicate with the authentication DB 331 (step S710),
The Sap user information acquisition API 552 is caused to acquire the main Sap user information.

Then, the SAP user information acquisition API 55
It is determined whether the Sap user information acquired in step 2 has been received (step S711). Here, after waiting for the reception of the Sap user information, when the Sap user information is received (step S711: Yes), the received S
The ap user information is notified to the gui controller 505 (step S712). Then, based on the notified information, it is determined that the authentication is proper, the module is activated (step S713), and the series of processes is ended.

(Contents of Version Upgrade Management Function) Next, contents of the version upgrade management function will be described. FIG. 8 is an explanatory diagram showing the version management function of the personal identification system according to the embodiment of the present invention. 8, the personal authentication system includes terminal devices 800 for managers and developers of each business, a module management server 801 that manages each module, a version management server 802 that manages versions, and a general client (user). ) The device 200 is connected to each other via a network. In FIG. 8, a module management server 801 and a version management server 802
Although it is shown as another server, the functions of both may be realized by one server.

In the module management server 801, a setup module (ModuleID1, ModuleID) after generation management in each application is performed.
2, ...) are stored. Various module files related to the setup module are managed for each version generation. Then, when there are a plurality of modules, not all the modules are transferred but the differential transfer is performed.

Specifically, a differential transfer version of set created according to the status set up in the client.
up. exe file and its setup. The exe file stores the minimum required modules and version files in association with each other. Therefore, each module is separately registered in the module management server 801.

As described above, the version management server 802 stores the version check API 323 and HTTP.
The (S) API 345 and the version management DB 333 are provided. FIG. 9 shows the version management server 802.
5 is an explanatory diagram showing an example of a data structure stored in a version management DB 333 of FIG. This version management DB33
The contents of some of the latest versions and compatible versions of applications (modules) are stored in 3, and in the "Address" item, addresses related to where each application (module) is stored in the database. Information is stored.

As described above, the authentication client 103 of the general client (user) device 200 has the version check API 202 and the HTTP API (C) 20.
8, a distribution API 209, and an external APP activation API 210 are provided. First, version check API 202
The processing contents ((1) to (4)) will be described. Here, FIG. 9 shows the contents of the version check API 202.

(1) Version check: First, the version check API 202 performs a version check. Specifically, the “version.txt” of each module managed by each client (device) 200 shown in FIG. 10 is referred to, and information regarding the current version of each client (device) 200 is acquired. In addition, HTTP API (C) 208, HT
Version management DB using TP (S) API345
Information regarding the latest version of each module in 333 is acquired.

Then, the information about the versions of both is compared to determine whether the information about the current version in the client (device) 200 is the latest version or compatible. Here, if the latest version or compatible, version check API202
Does nothing. On the other hand, if it is not the latest version and is not compatible,
An alert instructing the version upgrade is output from the version check API 202. The output of the alert is specifically performed by displaying the version upgrade screen of FIG. 12 described later, for example.

(2) setup. Download exe: Next, if you need to upgrade, distribute AP
I209, ModuleID2_setup.stored in the module management server. Download exe221 automatically. If it is not necessary, it is not executed thereafter.

(3) setup. exe is executed / Authentication client end: After that, external APP activation API 210
Downloaded ModuleID2_s using
etup. exe 221 is executed. And Modu
leID2_setup. After executing exe221, the authentication client 103 is terminated.

(4) Module and version file differential transfer / setting: and ModuleID2_se
tup. According to exe221, the minimum required modules and version files are differentially transferred. Then, the OS (for example, Windows) is set. As a result, the authentication client 103 is rewritten to the latest version.

(Processing Procedure of Version Management Function) Next, a processing procedure of the version management function will be described. FIG. 11 is a flow chart showing the procedure of processing of the version management function of the personal identification system according to the embodiment of the present invention. In the flowchart of FIG. 11, first, when the personal computer (PC) is started by the operator (step S1101), the version check is executed (step S1102). Then, it is determined whether the module currently stored in the PC is an old version (step S110).
3).

In step S1103, if the version is not the old version (step S1103: No), the version management function ends without doing anything. Then, the other functions (for example, the authentication (single sign-on) function) are continuously executed.

On the other hand, in step S1103, if the module currently stored in the PC is an old version (step S1103: Yes), then, for example, a version upgrade screen 1200 as shown in FIG. Is displayed (step S1104). In FIG. 12, the upgrade screen 1200 has an upgrade list display field 1201, an “update all” button 1202 for starting updater, and a “stop” button 1.
And 203. The version upgrade list display field 1201 displays a list of applications (modules) determined to require a version upgrade by the version check API 202.

Then, for example, the upgrade screen 1
It is determined whether or not the OK button for instructing the start (execution) of the version upgrade displayed on 200 is pressed by the operator (step S1105). Where O
If the K button has not been pressed (step S110)
5: No) similarly determines whether or not the stop button for instructing the stop of the version upgrade, which is displayed on the version upgrade screen 1200, has been pressed (step S1106).

If the cancel button is pressed (step S1106: YES), the version management function is terminated without completing the version upgrade. Therefore,
Modules that have not been upgraded as required cannot be used. In particular, if the module that has not been upgraded is the personal authentication module, the authentication is not performed, so that other modules that require authentication cannot be started.

If the cancel button is not pressed in step S1106 (step S1106: NO),
It returns to step S1105. When the OK button is pressed in step S1105 (step S110)
5: Yes), using the distribution API 209,
The latest version of setup. The exe 221 is downloaded (step S1107). Then, after waiting for the download to be completed, if the download is completed (step S1108: Yes), then, for example, as shown in FIG.
An end confirmation screen 1300 as shown in is displayed as, for example, a pop-up screen (step S1109). At this time, the end confirmation screen 1300 is still displayed. In FIG. 13, an end confirmation screen 1300 is a screen for prompting the operator to confirm whether or not the application related to the authentication client is activated, and urging the application to be terminated when the application is activated. .

Then, an "OK" button 1301 is displayed, and after confirming the above with the operator, this "OK" button 1
Press 301. Here, for example, the end confirmation screen 1
It is determined whether or not a confirmation button such as the “OK” button 1301 displayed on 300 is pressed (step S111).
0), waits for the pressing, and when the pressing is performed (step S1110: Yes), the external APP activation API 21
0 downloaded by setup. exe2
21 is executed (step S1111). As a result, the setup. The exe 221 is activated. After that, the end command of the authentication client 103 is executed (step S1112). Next, the downloaded module and the version file are overwritten (step S1113).

Then, after waiting for the overwriting process to be completed, when the overwriting process is completed (step S1114:
Yes), for example, displays the upgrade completion screen 1400 as shown in FIG. 14 as a pop-up screen (step S1115). Then, after waiting for the confirmation button such as the “OK” button 1401 displayed on the upgrade completion screen 1400 to be pressed, if it is pressed (step S1116: Yes), the series of processes of the version management function is ended. To do. Then, the other functions (for example, the authentication (single sign-on) function) are continuously executed.

(Application field of personal authentication system) FIG.
FIG. 4 is an explanatory diagram showing the concept of an information system to which the personal authentication system according to the present embodiment of the present invention can be applied.
In FIG. 15, the common authentication function 10 of the personal authentication system
0 is a core system 1501 and a common OA system 150
2. In each system of the personnel system 1503, individual common authentication can be realized. Core system 15
01 includes management accounting, financial accounting, production information, master management, and the like. In addition, the common OA system 150
2 includes a plurality of libraries, a company-wide information sharing system, a workflow and the like. Personnel system 1503
The term includes management of internal personnel (salary, evaluation, etc.).

As described above, according to the personal identification device, version management device, personal identification method, version management method, program for causing a computer to execute the personal identification method, and program for causing a computer to execute the version management method according to the present embodiment. By applying the realized common authentication function 100 to a plurality of independent systems, the efficiency of the authentication process can be improved.

As described above, according to the present embodiment, the client PC 200 displays the authentication screen for inputting the ID number and password, and the input I
Based on the D number and the password, the authentication information is requested to the authentication database 331 that stores the authentication information including the information for authenticating the individual, the requested authentication information is acquired from the authentication database 331, and the acquired information is acquired. An authentication core 503 that temporarily stores authentication information, a WF manager 504 that activates an arbitrary WF module based on the temporarily stored authentication information, and a gui controller 5
05, WF business module 506, etc.
Authentication of multiple applications can be performed by inputting the ID number and password for each application. By doing so, personal authentication information can be centrally managed, and by using the centrally managed personal authentication information, so-called single Sign-on can be realized more smoothly.

Further, according to this embodiment, the authentication database 331 is connected to the network via the HTTP database.
Authentication database 331 by PI 208 (345)
Since HTTP is used for communication with the authentication database, high-speed and responsive network communication can be realized with the authentication database 331 that stores authentication information that is centrally managed.

Further, according to the present embodiment, the version check API 202 that controls the activation of an arbitrary application program and checks whether the version of the currently installed application program is the latest version, and the version check API 202 AP
As a result of checking by I202, if the version of the currently installed application program is not the latest version, the distribution API 209 for downloading the latest version of the application program currently installed and the distribution API 209 Since the external APP startup API 210 that overwrites the currently installed application program with the installed application program is installed, the application program related to personal authentication is always installed in the latest state.
It is possible to manage personal authentication information in a unified manner, and to use this centrally managed personal authentication information to more smoothly realize so-called single sign-on in multiple applications, and to upgrade the version of the personal authentication program. It can be done efficiently without burdening the user.

Further, according to the present embodiment, the external APP
The activation API 210 activates the latest version of the application program downloaded by the distribution API 209, activates the latest version of the application program, and then terminates the latest version of the application program. Then, after that, the application program downloaded by the distribution API 209 is overwritten on the currently installed application program, so that the application program relating to personal authentication can be rewritten efficiently and smoothly.

The personal authentication method and version management method described in the present embodiment may be computer-readable programs prepared in advance, and the programs can be executed by a computer such as a personal computer or a workstation. It is realized by doing. This program is HD (hard disk), FD (floppy disk), CD-R
It is recorded on a computer-readable recording medium such as OM, MO, and DVD, and executed by being read from the recording medium by the computer. Further, this program may be a transmission medium that can be distributed via a network such as the Internet.

[0092]

As described above, according to the invention described in claim 1, the input means for inputting the ID number and the password, and the individual based on the ID number and the password input by the input means Authentication information requesting means for requesting authentication information from an authentication information database storing authentication information consisting of information for authentication, and authentication information acquisition for acquiring the authentication information requested by the authentication information requesting means from the authentication database Means, a temporary storage means for temporarily storing the authentication information acquired by the authentication information acquisition means, and an application for starting an arbitrary application program based on the authentication information temporarily stored by the temporary storage means Since the activation means is provided, it is possible to input a plurality of ID numbers and passwords once. It is possible to perform application authentication, which enables centralized management of individual authentication information, and the use of centrally managed individual authentication information enables smoother implementation of so-called single sign-on in multiple applications. This has the effect of obtaining a unique personal authentication device.

Further, in the personal authentication device according to the invention described in claim 2, in the invention described in claim 1, the personal authentication device is connected to the authentication database through a network, and communication with the authentication database is performed using HTTP. High-speed and responsive network communication can be realized with an authentication database that stores centrally managed authentication information, which enables centralized management of personal authentication information and centralized management of personal authentication information. By using the above, there is an effect that it is possible to obtain a personal authentication device that can realize so-called single sign-on more smoothly in a plurality of applications.

According to a third aspect of the invention, in the invention of the first or second aspect, the version of the currently installed application program that controls the activation of an arbitrary application program by the application activation means. Version check means to check whether is the latest version,
As a result of checking by the version checking means, if the version of the currently installed application program is not the latest version, download means for downloading the latest version of the application program of the currently installed application program, Overwriting means for overwriting the application program downloaded by the downloading means over the currently installed application program;
As a result, the application program related to personal authentication will always be installed in the latest state, and this will centrally manage personal authentication information and use the centrally managed personal authentication information in multiple applications. It is possible to achieve so-called single sign-on more smoothly, and to obtain an effect that a personal authentication device that can efficiently perform version upgrade of a personal authentication program and the like without burdening the user is obtained. .

According to the invention described in claim 4, in the invention described in claim 3, the overwriting means activates the latest version of the application program downloaded by the downloading means, and An application relating to personal authentication in order to terminate the currently installed application program, terminate the currently installed application program, and then overwrite the currently installed application program with the latest version of the application program. It is possible to rewrite the program efficiently and smoothly, so that the personal authentication information can be centrally managed, and the centrally managed personal authentication information can be used for multiple applications. It is possible to achieve a so-called single sign-on more smoothly, and to obtain an effect that a personal authentication device that can efficiently perform version upgrades of personal authentication programs etc. without burdening the user is obtained. Play.

According to the invention described in claim 5, version checking means for checking whether or not the version of the application program currently installed is the latest version, and the version checking means checks the version. As a result, when the version of the currently installed application program is not the latest version, download means for downloading the latest version of the application program currently installed, and the application downloaded by the download means. And a means for overwriting the program over the currently installed application program, the application program Ram always will be installed with the latest state, whereby an effect of efficiently performing it is possible version management device without burdening the version-up of the application program to the user is obtained.

According to a sixth aspect of the invention, in the invention of the fifth aspect, the overwriting means activates the latest version of the application program downloaded by the downloading means, and Since the currently installed application program is terminated and the latest version of the application program is overwritten on the currently installed application program after the termination, the application program can be rewritten efficiently and smoothly. Yes, this
Thus, there is an effect that it is possible to obtain a version management device capable of efficiently performing version upgrade of an application program without burdening the user.

According to the invention described in claim 7, I
Requesting authentication information from an input step of inputting a D number and a password, and an authentication information database storing authentication information consisting of information for authenticating an individual based on the ID number and password input in the input step An authentication information requesting step, an authentication information acquiring step of acquiring the authentication information requested by the authentication information requesting step from the authentication database, and an authentication information acquired by the authentication information acquiring step based on the authentication information, Since it includes an application starting step for starting the application program of, the multiple authentications can be performed by inputting the ID number and the password once, and thus the individual authentication information can be centrally managed and centrally managed. Using the personal authentication information
It is possible to obtain an individual authentication method that can more smoothly realize so-called single sign-on in a plurality of applications.

Further, according to the invention described in claim 8, in the invention described in claim 7, at least one of the request for the authentication information in the authentication information requesting step and the acquisition of the authentication information in the authentication information acquiring step is performed. One is HTT
Since P is used, it is possible to realize high-speed and responsive network communication with an authentication database that stores authentication information that is centrally managed. This enables centralized management of individual authentication information and unified management. There is an effect that a personal authentication method capable of more smoothly realizing so-called single sign-on in a plurality of applications can be obtained by using the personal authentication information thus obtained.

[0100] According to the invention described in claim 9, in the invention described in claim 7 or 8, the present invention controls the start of an arbitrary application program (workflow manager, Gui controller, etc.) in the application starting step. The version check step of checking whether the version of the installed application program is the latest version, and the version of the currently installed application program is not the latest version as a result of checking by the version check step. In this case, the download step of downloading the latest version of the application program of the currently installed application program, and the download step An overwriting step of overwriting the downloaded application program over the currently installed application program is included, so that the application program relating to personal authentication is always installed in the latest state. It is possible to manage authentication information in a centralized manner, and use so-called individually managed individual authentication information to more smoothly realize so-called single sign-on in multiple applications. There is an effect that it is possible to obtain a personal identification device that can be efficiently performed without burdening.

According to the invention described in claim 10,
10. The invention according to claim 9, wherein after the overwriting step activates the latest version of the application program downloaded by the download program, and the activation step activates the latest version of the application program. And a termination step of terminating the currently installed application program, wherein the latest version of the application program is currently installed after the termination of the currently installed application program by the termination step. Since the existing application program is overwritten, the application program related to personal authentication can be rewritten efficiently and smoothly.
As a result, it is possible to manage personal authentication information in a centralized manner, and use the centrally managed personal authentication information to more smoothly realize so-called single sign-on in a plurality of applications. There is an effect that it is possible to obtain a personal authentication method capable of efficiently performing version upgrade without burdening the user.

The version management method according to the invention of claim 11 includes a version check step of checking whether the version of the currently installed application program is the latest version, and the version check step. As a result of the check, if the version of the currently installed application program is not the latest version, the downloading step of downloading the latest version of the application program of the currently installed application program, and the downloading step Overwriting the installed application program over the currently installed application program, Since the application program is always installed in the latest state, this has the effect of providing a version management method that can efficiently perform the version upgrade of the application program without burdening the user. .

The version management method according to a twelfth aspect of the invention is the version management method according to the eleventh aspect of the invention, in which the overwriting step activates the latest version of the application program downloaded by the downloading step. And a termination step of terminating the currently installed application program after activating the latest version of the application program by the activation step, and the currently installed application program by the termination step. After overwriting, the latest version of the application program is overwritten on the currently installed application program. Manner and can be smoothly performed, thereby, an effect that versioning method which can efficiently perform without straining the version-up of the application program to the user is obtained.

The program according to the thirteenth aspect of the present invention can cause a computer to execute the personal authentication method according to any one of the seventh to tenth aspects.

According to the invention described in claim 13,
There is an effect that a personal authentication program capable of realizing the operation described in any one of claims 7 to 10 by a computer can be obtained.

According to the invention described in claim 14,
There is an effect that a version management program capable of realizing the operation described in claim 11 or 12 by a computer can be obtained.

[Brief description of drawings]

FIG. 1 is an explanatory diagram showing a functional configuration of a personal authentication system according to an embodiment of the present invention.

FIG. 2 is an explanatory diagram showing a concept of a client device of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 3 is an explanatory diagram showing a concept of an external server device of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 4 is an explanatory diagram showing a hardware configuration of a client device and an external server device of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 5 is an explanatory diagram showing a single sign-on function of the personal authentication system according to the exemplary embodiment of the present invention.

6 is an explanatory diagram showing an example of a data structure of the authentication database shown in FIG.

FIG. 7 is a flowchart showing a processing procedure of a single sign-on function of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 8 is an explanatory diagram showing a version management function of the personal identification system according to the embodiment of the present invention.

9 is an explanatory diagram showing an example of a data structure of the version management database shown in FIG.

10 is an explanatory diagram showing the contents of a version check API of the authentication client shown in FIG.

FIG. 11 is a flowchart showing a procedure of processing of a version management function of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 12 is an explanatory diagram showing an example of a display screen of the client device of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 13 is an explanatory diagram showing another example of the display screen of the client device of the personal authentication system according to the embodiment of the present invention.

FIG. 14 is an explanatory diagram showing another example of the display screen of the client device of the personal authentication system according to the exemplary embodiment of the present invention.

FIG. 15 is an explanatory diagram showing the concept of an information system to which the personal authentication system according to the embodiment of the present invention can be applied.

[Explanation of symbols]

100 Common Authentication Function 103 Authentication Client 111 Version Management Function 121 Version Check Function 131 Menu Display Function 132 External APP Start Function 200 Client (Device) 202 Version Check API 207, 302 Authentication Controller 208, 345 HTTP API 209 Distribution API 210 External APP Start API 221 setup. exe 251 HTTP 300 External server 331 Authentication DB 333 Version management DB 400 Network 502 Authentication screen 503 Authentication core 504 WF manager 505 gui controller 506 WF operation module 507 gui dedicated software 800 Terminal device 801 for administrator and developer of each operation Module management server 802 Version management server 1200 Version upgrade screen (popup screen) 1300 Finish confirmation screen (popup screen) 1400 Version upgrade completion screen (popup screen) 1501 Core system 1502 Common OA system 1503 Personnel system

Continued front page    (72) Inventor Tamotsu Miyamoto             Osaka Prefecture Osaka City Nishi Ward Shinmachi 1-5-8 Stock Association             Company Japan Research Institute (72) Inventor Toguri Isao             Osaka Prefecture Osaka City Nishi Ward Shinmachi 1-5-8 Stock Association             Company Japan Research Institute (72) Inventor Makoto Nakamura             Osaka Prefecture Osaka City Nishi Ward Shinmachi 1-5-8 Stock Association             Company Japan Research Institute F-term (reference) 5B017 AA07 BA05 CA15                 5B076 AC05 BB06 EA05                 5B085 AE01 AE23    (54) [Title of Invention] A personal authentication device, a version management device, a personal authentication method, a version management method, and a personal authentication method are integrated.                     Computer, and the program that causes the computer to execute the version control method.                     G

Claims (14)

[Claims] 1. An input means for inputting an ID number and a password, and an authentication information database storing authentication information consisting of information for authenticating an individual, based on the ID number and password input by the input means. Authentication information requesting means for requesting authentication information, authentication information acquiring means for acquiring the authentication information requested by the authentication information requesting means from the authentication database, and authentication information acquired by the authentication information acquiring means A personal authentication device comprising: a temporary storage unit for temporarily storing the application information; and an application starting unit for starting an arbitrary application program based on the authentication information temporarily stored by the temporary storage unit. 2. The network is connected to the authentication database, and communication with the authentication database is HTTP.
(Hyper Text TransferProto
The personal authentication device according to claim 1, wherein the personal authentication device is used for the personal authentication device. 3. A version checking unit for checking whether the version of the currently installed application program is the latest version, which controls the starting of an arbitrary application program by the application starting unit, and the version checking unit. As a result of the check, if the version of the currently installed application program is not the latest version, download means for downloading the latest version of the application program of the currently installed application program; and download by the download means. The latest version of the application program Personal identification device according to claim 1 or 2, comprising: the override means to override the arm, the. 4. The overwriting means starts the latest version of the application program downloaded by the downloading means, then terminates the currently installed application program, and replaces the currently installed application program with the currently installed application program. 4. The personal identification device according to claim 3, wherein after the termination, the latest version of the application program is overwritten on the currently installed application program. 5. A version check unit for checking whether or not the version of the currently installed application program is the latest version, and a result of the version check unit checking the version of the currently installed application program. Download means for downloading the latest version of the application program of the currently installed application program when the version is not the latest version, and the latest version of the application program downloaded by the download means is currently installed. A version management device comprising: an overwriting means for overwriting an existing application program. 6. The overwriting means starts the latest version of the application program downloaded by the downloading means, terminates the currently installed application program, terminates the application program, and then terminates the latest version. 6. The version management device according to claim 5, wherein the application program of [3] is overwritten on the currently installed application program. 7. An input step of inputting an ID number and a password, and an authentication information database storing authentication information consisting of information for authenticating an individual, based on the ID number and password input by the input step. An authentication information requesting step of requesting authentication information, an authentication information acquiring step of acquiring the authentication information requested by the authentication information requesting step from the authentication database, and authenticating the authentication information acquired by the authentication information acquiring step. An individual authentication method comprising: an application starting step of starting an arbitrary application program based on information. 8. The method according to claim 7, wherein at least one of the request for the authentication information in the authentication information requesting step and the acquisition of the authentication information in the authentication information acquiring step is performed using HTTP. Personal authentication method. 9. A version check process for checking whether or not the version of the currently installed application program is the latest version, which controls the start of an arbitrary application program by the application start process, and the version check process. As a result of the check, if the version of the currently installed application program is not the latest version, a downloading step of downloading the latest version of the application program of the currently installed application program; The latest version of the application program Personal authentication method of claim 7 or 8, characterized in that it includes a overwriting step of overwriting the arm, the. 10. The overwriting step includes a start-up step of starting up the latest version of the application program downloaded by the download program, and the current installation after starting up the latest version of the application program in the start-up step. Terminating the currently installed application program by terminating the currently installed application program by terminating the currently installed application program by the terminating step. The personal authentication method according to claim 9, wherein the personal identification method is overwritten. 11. A version check step of checking whether or not the version of the application program currently installed is the latest version, and a result of checking by the version check step of the currently installed application program A download step of downloading the latest version of the application program of the currently installed application program when the version is not the latest version; and the latest version of the application program downloaded by the download step is currently installed. A version control method characterized by including an overwriting process of overwriting existing application programs. 12. The overwriting step includes a starting step of starting the latest version of the application program downloaded by the downloading step, and the current installation after starting the latest version of the application program by the starting step. Terminating the currently installed application program by terminating the currently installed application program by terminating the currently installed application program by the terminating step. The version management method according to claim 11, wherein the version management is performed by overwriting. 13. A program for causing a computer to execute the personal authentication method according to any one of claims 7 to 10. 14. A program for causing a computer to execute the version management method according to claim 11 or 12.