JP5296726B2 - Web content providing system, web server, content providing method, and programs thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a Web content presenting system for presenting the same Web content to a plurality of Web client terminals, and also to provide a Web server, content providing method and program. <P>SOLUTION: The Web server 13 in the Web content providing system is equipped with: a request information analyzing means for receiving request information from a first Web client terminal to be collated with authentication information recorded in account information; an access history management means for checking an access control policy for the authentication information and recording access source identification information to an access history information database when there is no access source identification information for identifying a user of the first Web client terminal in the access history information; and a Web content providing means for presenting a Web content corresponding to the request information. The Web server presents a part or all of the same Web content to a second Web client terminal, according to the access control policy information. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to an access control technology when a user accesses a Web server while maintaining a session between client terminals using a plurality of client terminals, and in particular, continues a session between a plurality of Web client terminals. The present invention relates to a Web content providing system, a Web server, a content providing method, and a program for providing content as they are.

  When a user wants to use a plurality of Web client terminals according to the usage environment, the Web server is seamlessly switched between the Web client terminals while continuing the session. There is a technique for performing secure user authentication using temporary authentication information (see, for example, Patent Document 1).

  As a method for controlling access from a plurality of Web client terminals, the Web server records identification information in access history information and the like based on a login ID included in HTTP request information, and includes the same login ID. A technique for preventing so-called double login that rejects another request is also known. Furthermore, an access control technique is also known in which a Web server identifies user agent information included in HTTP request information and rejects a specific user agent.

JP-A-2005-122651

  In a conventionally known Web content providing system that accesses a Web server while maintaining a session between a plurality of client terminals, for example, a certain user can use a relatively advanced authentication means such as IC card authentication. Web client terminal (for example, digital television terminal) having relatively low-level authentication means such as ID / password even when using a Web client terminal (for example, a mobile phone equipped with an authentication IC chip) ), The same Web content is used, and individual access control for each of the plurality of Web client terminals is performed on the Web server side according to the session state of the Web client terminal and the content of the Web content. Cannot be realized.

  In other words, in a conventionally known web content providing system, it is impossible to simultaneously maintain a session between a plurality of web client terminals and control access to the web content to the same web server. Can receive only the same Web content service that can be used by both of a plurality of Web client terminals with respect to the same Web server.

  The object of the present invention has been made in view of the above-mentioned problems, and it is possible to simultaneously perform session maintenance between a plurality of Web client terminals and control of access to Web contents for the same Web server. Another object of the present invention is to provide a Web content providing system, a Web client terminal, a Web server, a content providing method, and a program for providing content while continuing a session between Web client terminals.

  In the Web content providing system of the present invention, the Web server simultaneously implements session maintenance and control of access to the Web content for the same Web server based on the access control policy information set and registered in advance. It is possible to implement fine access control according to the definition of the access control policy.

  For example, when a user uses Web content provided by a Web server using a plurality of Web client terminals having different authentication means that can access the Web server, such as a personal computer, a mobile phone, and a digital TV terminal, In accordance with an access control policy determined in advance by the server, access control corresponding to the authentication means included in each Web client terminal is realized in the implementation part of the Web server.

  More specifically, even when a Web client (for example, a digital TV terminal) having only a relatively low level authentication means such as ID / password is used, relatively high authentication such as IC card authentication is used. When another logged-in session by a Web client (for example, a mobile phone equipped with an IC chip) having a means is valid, Web content that can only be used from the mobile phone can be used from a digital television. This realizes access control that maintains security without sacrificing convenience.

  The Web server according to the present invention is accessed by HTTP or the like from a plurality of Web client terminals via a network, the request information related to login such as HTTP is analyzed by the communication processing unit, and the information obtained by the analysis is used. In addition, the access control unit collates with the access control policy information recorded in the database in advance, and according to the collation result, the content screen generation unit generates Web content, and the communication processing unit transmits a response such as HTTP (WEB content). Control whether or not.

  The access control policy information includes access corresponding to user agent information (information used by each Web client terminal and associated as usage environment information) included in request information related to login such as an HTTP header. There is a policy for priority information, a policy for restricting the use of access source identification information included in this request information in correspondence with the session information and login information, and the access history is stored in the access history information database by the access control unit. Referenced or updated at

  That is, a Web content providing system of the present invention provides a Web content that includes a Web server that provides a Web site on a network, and a first Web client terminal and a second Web client terminal that communicate with the Web server via a Web protocol. In the system, the Web server receives request information including authentication information at the time of log-in when accessing a predetermined Web site from the first Web client terminal and / or the second Web client terminal, and stores account information in advance. Request information analysis means for verifying with authentication information recorded in the account information registered in the database, and when the result of the verification is matched, session information for the access is generated and included in the request information Based on the authentication information, the access control policy information registered in advance in the access control policy information database is referred to confirm the access control policy corresponding to the authentication information, and Web contents corresponding to the access control policy are provided. An access control unit that determines whether or not it is possible, and a Web content providing unit that presents the Web content related to the request information when it is determined that the Web content according to the access control policy can be provided; It is characterized by providing.

  In the Web content providing system of the present invention, the request information analyzing means receives request information including authentication information at the time of login when accessing a predetermined Web site from the first Web client terminal, and stores account information in advance. A means for collating with authentication information recorded in the account information registered in the database, and the access control means generates session information for the access when the result of the collation is matched, and the request information The access control policy according to the authentication information is confirmed by referring to the access control policy information registered in advance in the access control policy information database based on the authentication information included in the information and recorded in the access history information database In the access history information, the first We When the access source identification information that identifies the user of the client terminal is present and is not present, the access source identification information that identifies the user is determined as the session information, the first Web client terminal. The access history information database as the access history information together with the user agent information for identifying the content, the content identification information for identifying the content of the website, the authentication means identification information for identifying the type of the authentication information, and the access date / time information related to the session Access history management means, and the Web content providing means has means for presenting Web content related to the request information after the access history information is confirmed.

  In the Web content providing system of the present invention, the request information analyzing means receives request information including authentication information at the time of login when accessing the predetermined Web site from the second Web client terminal, and stores the request information in advance. A means for collating with the authentication information recorded in the account information registered in the information database, and the access control means generates session information for the access when the result of the collation is a match, and the request When determining whether the content of the website can be used or not based on the access priority determined in the access control policy based on the authentication information included in the information, Access history information recorded in the history information database Means for extracting the latest content identification information presented to the first Web client terminal, wherein the Web content providing means outputs the Web content corresponding to the latest content identification information presented to the first Web client terminal; It has a means to present to a 1st Web client terminal, It is characterized by the above-mentioned.

Further, in the Web content providing system of the present invention, when the same Web content is presented on both the first Web client terminal and the second Web client terminal, the request information analysis unit is configured to display the first Web client terminal. When request information for logging out the Web content is received from the account ID included in the request information and access source identification information of the access history information in the access history information database,
The access history management means includes means for deleting the access history information in which the access source identification information and the account ID match when it is determined that the matching results match.

  Further, in the Web content providing system of the present invention, the access history management means receives the first Web client terminal from the second Web client terminal when the first Web client terminal has the highest priority in the access priority of the access control policy information. Regardless of whether or not session information with the same account ID as the account ID included in the request information at the time of login exists, there is a means for deleting access history information whose access source identification information and account ID match. Features.

  In the Web content providing system according to the present invention, when the access control policy information matches the access source identification information and the account ID, the same Web content is transferred to the first Web client terminal and the first ID unless they correspond to different policies. 2 The same when both the first Web client terminal and the second Web client terminal correspond to the policy that the two Web client terminals do not present synchronously and the access priority for each authentication information based on the user agent information. A policy that allows Web contents to be presented synchronously on both the first Web client terminal and the second Web client terminal and the contents of the Web contents for each authentication information based on the user agent information are presented in whole or in part. When the first Web client terminal and the second Web client terminal fall under the restriction on the availability of content based on the access priority order for each Web client terminal, all or part of the same Web content is And a policy that can be presented synchronously in both the 1 Web client terminal and the second Web client terminal.

  In the Web content providing system of the present invention, the authentication information of the first Web client terminal is defined in the access control policy information as a higher level of authentication than the authentication information of the second Web client terminal. To do.

  The Web server of the present invention is a Web server that provides a Web site on a network by communicating with a first Web client terminal and a second Web client terminal via a Web protocol, and the first Web client terminal and / or the first Web client terminal. 2 Request information analysis that receives request information including authentication information at the time of log-in when accessing a predetermined Web site from a Web client terminal, and collates with authentication information recorded in account information registered in the account information database in advance And the access control policy information registered in the access control policy information database in advance based on the authentication information included in the request information. Browse and authenticate It is possible to provide access control means for checking an access control policy corresponding to the information and determining whether or not Web content corresponding to the access control policy can be provided, and Web content corresponding to the access control policy. And a Web content providing means for presenting the Web content related to the request information.

  Furthermore, the present invention provides a content providing method by a web server that provides a web site on a network by communicating with the first web client terminal and the second web client terminal via a web protocol, and the content providing method in a computer configured as a web server. It is comprised as a program for performing each step of.

  According to the present invention, in a Web server, session maintenance between a plurality of Web client terminals and access control to Web contents are simultaneously realized for the same Web server. Even when the second Web client terminal having only the authentication means is used, the second Web client terminal is different from the first Web client terminal (for example, a mobile phone equipped with an authentication IC chip) having a relatively advanced authentication means such as IC card authentication. When the logged-in session is valid, Web content that can be used only from the first Web client terminal can also be used from the second Web client terminal.

It is a figure which shows the typical example of the web content provision system of one Example by this invention. It is a functional block diagram of the 1st Web client terminal in the Web content provision system of one Example by this invention. It is a functional block diagram of the 2nd Web client terminal 12 in the Web content provision system of one Example by this invention. It is a functional block diagram of the Web server in the Web content provision system of one Example by this invention. It is a figure which shows the operation | movement flow of the web content provision system of one Example by this invention. It is a figure which shows the operation | movement flow of the web content provision system of one Example by this invention. It is a figure which shows the operation | movement flow of the web content provision system of one Example by this invention. It is a figure which shows an example of the access control policy information which concerns on the web content provision system of one Example by this invention. It is a figure which shows an example of the access history information table which concerns on the web content provision system of one Example by this invention. (A) and (b) are figures which show an example of the account information table which concerns on the web content provision system of one Example by this invention.

  Hereinafter, a web content providing system according to an embodiment of the present invention will be described. The Web client terminal, the Web server, and their programs according to the present invention, and the content providing method according to the present invention will become apparent from the description of the Web content providing system according to an embodiment of the present invention.

〔System configuration〕
FIG. 1 is a diagram showing a typical example of a Web content providing system according to an embodiment of the present invention. The Web content providing system 1 according to the present embodiment manages access control policy information for each of a plurality of client terminals registered in advance with the Web server 13, thereby maintaining a session between the plurality of Web client terminals and managing the Web content. Access control is simultaneously implemented for the same Web server 13. Therefore, even when the user uses the second Web client terminal having only a relatively low level authentication means such as a digital TV terminal, the first Web having a relatively high level authentication means such as IC card authentication. Web content that can be used only from the first Web client terminal 11 can also be used from the second Web client terminal 12 when another logged-in session by a client terminal (for example, a mobile phone equipped with an authentication IC chip) is valid. And

  In the web content providing system 1 of the present embodiment illustrated in FIG. 1, a first web client terminal having a function of performing web access with relatively advanced authentication means (authentication means defined by a web application) such as IC card authentication. 11 (for example, a mobile phone), a second Web client terminal 12 (for example, a digital TV terminal) having only relatively low-level authentication means (authentication means defined by a Web browser), and a Web site that requires authentication The first web client terminal 11, the second web client terminal 12, and the web server 13 are connected via a WAN such as the Internet.

  The first Web client terminal 11 and the second Web client terminal 12 do not need special components for maintaining a session, and are installed in many client terminals (mobile phones and digital TV terminals). The web content providing system 1 according to the present embodiment can be realized only by changing the firmware without adding any hardware. Each Web client terminal is assumed to have a session cookie and a script function (Web protocol processing unit) supported by many user agents such as Web browsers. Even in stateless protocol communication such as HTTP, session maintenance is performed using session cookies and script functions.

  Hereinafter, the configurations of the first Web client terminal 11, the second Web client terminal 12, and the Web server 13 will be described more specifically.

  FIG. 2 is a functional block diagram of the first Web client terminal 11 in the Web content providing system according to the embodiment of the present invention. The first Web client terminal 11 controls input from a control unit (Web application unit) 111, a communication control unit 112 that constitutes an interface for performing Web communication with the Web server 13, and a user I / F 113a operated by a user. A user I / F control unit 113, a display control unit 114 for controlling the display device 114a for displaying Web content provided by the Web server 13, and a storage unit 115. The communication control unit 112 includes an asynchronous communication unit 1121 that enables asynchronous communication in a session with the Web server 13. The control unit 111 includes a web protocol processing unit 1111, an authentication information processing unit 1112, a request information generation unit 1113, and a web display control unit 1114. In addition, although each function of the control part 111 which concerns on this invention is demonstrated, it should be noted that it is not intended to exclude other functions provided in the first Web client terminal 11. The first Web client terminal 11 can be configured as a computer, and stores a program describing processing contents for realizing each function of the control unit 111 in the storage unit 115 of the computer, and performs central processing of the computer. This can be realized by reading and executing this program by a device (CPU).

  The web protocol processing unit 1111 has a function of establishing web communication with the web server 13. In particular, the web protocol processing unit 1111 has a function of starting a web application and executing an authentication process on the web server 13 through the network.

  The authentication information processing unit 1112 has a function of processing authentication information for realizing a relatively advanced authentication unit such as IC card authentication.

  The request information generation unit 1113 has a function of generating request information when a login ID / password input through a Web application is transmitted to the Web server 13 and a function of generating request information including an account ID at the time of logout.

  The web display control unit 1114 has a function of causing the display device 114 a to display the web content of the URL after the authentication process is performed by the web server 13 via the display control unit 114.

  FIG. 3 is a functional block diagram of the second Web client terminal 12 in the Web content providing system according to the embodiment of the present invention. The second Web client terminal 12 includes a control unit 121, a communication control unit 122 that configures an interface for performing Web communication with the Web server 13, and a user I / F that controls input from a user I / F 123a operated by a user. An F control unit 123, a display control unit 124 that controls a display device 124 a for displaying Web content provided by the Web server 13, and a storage unit 125 are provided. The communication control unit 122 includes an asynchronous communication unit 1221 that enables asynchronous communication in a session with the Web server 13. The control unit (Web browser) 121 includes a Web protocol processing unit 1211, an authentication information processing unit 1212, a request information generation unit 1213, and a Web display control unit 1214. In addition, although each function of the control part 121 which concerns on this invention is demonstrated, it should be noted that it is not intended to exclude other functions provided in the second Web client terminal 12. The second Web client terminal 12 can be configured as a computer, and stores a program describing processing contents for realizing each function of the control unit 121 in the storage unit 125 of the computer, and performs central processing of the computer. This can be realized by reading and executing this program by a device (CPU).

  The Web protocol processing unit 1211, the request information generation unit 1213, and the Web display control unit 1214 have the same functions as the Web protocol processing unit 1111, the request information generation unit 1213, and the Web display control unit 1214 in the first Web client terminal 11, respectively. Have. However, in this embodiment, an example will be described in which the authentication information processing unit 1212 has a function of processing authentication information for realizing a relatively low-level authentication unit such as an ID / password.

  FIG. 4 is a functional block diagram of the Web server 13 in the Web content providing system according to the embodiment of the present invention. The Web server 13 includes a control unit 131, a communication control unit 132 that configures an interface for performing Web communication with the first Web client terminal 11 and / or the second Web client terminal 12, and a predetermined account information table (FIG. 10). An account information database 133 for storing; an access control policy information database 134 for storing predetermined access control policy information (FIG. 8); an access history information database 135 for storing a predetermined access history information table (FIG. 9); A content database 136 that holds Web content information of a URL and a storage unit 137 are provided. The control unit 131 includes a communication processing unit (consisting of a web protocol processing unit 1311 and a request information analysis unit 1312), an access control unit 1313 (having an access history management unit 1314), and a content screen generation unit 1315. In addition, although each function of the control part 131 which concerns on this invention is demonstrated, it should be noted that it is not intended to exclude other functions provided in the Web server 13. The Web server 13 can be configured as a computer and stores a program describing processing contents for realizing each function of the control unit 131 in the storage unit 137 of the computer, and the central processing unit ( This program can be realized by reading and executing this program by a CPU.

  The web protocol processing unit 1311 in the communication processing unit has a function of establishing web communication with the first web client terminal 11 and / or the second web client terminal 12. In particular, the Web protocol processing unit 1311 has a function of generating session information based on request information. In addition, the web protocol processing unit 1311 sets the specific web content so that it can be continuously used for the normal session timeout time or more, and transmits polling execution script information to each web client terminal. Has a function to implement a script.

  The request information analysis unit 1312 in the communication processing unit analyzes the request information including the login ID / password and the logout request information, and the login ID / password information registered and recorded in the account information of the account information database 133 in advance. It has a function to match with.

  In addition, regarding the account information included in the request information, a plurality of logins can be permitted for the same account ID, for example, login 1 for the first Web client terminal 11 and login 2 for the second Web client terminal 12. Is shown in FIG. Further, in the account information database 133, the web application of the first web client terminal 11 and the web browser of the second web client terminal 12 that are identified as usage environment information with respect to the same account ID, the respective password and authentication information. (For example, use environment information corresponding to the type of authentication means such as an IC card) can be registered in advance (FIG. 10B).

  The access control unit 1313 confirms the policy by referring to the access control policy information in the access control policy information database 134 based on the login ID / password of the analysis result of the request information, and further, in the access history information database 135 It is confirmed whether or not access source identification information for identifying user A exists in the access history information table, and the access history management unit 1314 in the access control unit 1313 stores the access history information in the access history information database 135. Has a function of recording in the access history information table. Further, the access control unit 1313 causes the access history management unit 1314 to refer to the access history information table in the access history information database 135 based on the analysis result of the request information including the account ID at the time of logout, and stores the corresponding session information. It has a function of deleting access history information including it.

  The access control policy information includes a policy in which the same web content is not presented in synchronization with a plurality of web client terminals unless the access source identification information matches the account ID, and the user agent, unless the policy corresponds to another policy. When multiple Web client terminals correspond to the access priority for each authentication information based on information, a policy that allows the same Web content to be presented synchronously on multiple Web client terminals and authentication based on user agent information The same Web content when multiple Web client terminals are applicable to the content availability restriction according to the access priority for each Web client terminal, which can be presented in whole or in part as the content of Web content for each information All or part of And policies to be presented in synchronization with the Web client terminal can be configured to include a (FIG. 8). Further, the authentication information of the first Web client terminal 11 can be defined by access control policy information as a higher level of authentication than the authentication information of the second Web client terminal 12.

  The access history management unit 1314 has a function of updating the access history repeated for each access by each Web client terminal to the access history information table in the access history information database 135. In addition, the access history management unit 1314 stores, in the access history information database 135, access source identification information for specifying a user, session information, user agent information for specifying a Web client terminal, and content identification for specifying Web content of a Web site. The information is recorded as access history information together with authentication means identification information for identifying the type of authentication information (authentication means) and access date / time information related to the session (FIG. 9).

  In response to an instruction from the access control unit 1313, the content screen generation unit 1315 reads the Web content of the requested URL from the content database 136, generates a login screen or a service provision screen for each Web client terminal, and performs communication processing. Section (Web protocol processing section 1311). In addition, the content screen generation unit 1315 generates a Web content unserviceable screen according to an instruction from the access control unit 1313 when there is no matching result based on the access source identification information of the access history information by the access control unit 1313. And a function of presenting via the communication processing unit (Web protocol processing unit 1311).

  The operation of the Web content providing system according to the embodiment of the present invention will be described below.

[System operation]
5 to 7 are diagrams showing an operation flow of the Web content providing system according to the embodiment of the present invention. First, referring to FIG. 5, the user A activates a web application via the user I / F 113a of the first web client terminal 11 (for example, a mobile phone as an example), and the URL of the web content provided by the web server 13). To enter (step S1).

  The Web server 13 reads the response Web content from the content database 136 by the content screen generation unit 1315 and presents a login screen to the first Web client terminal 11 (step S2).

  User A inputs a login ID / password in a predetermined input field of the login screen via the user I / F 113a of the first Web client terminal 11, presses a send button, and requests information including the login ID / password is sent to the Web. It transmits to the server 13 (step S3).

  As an example of user authentication, it is possible to input with a combination of ID and password read using an IC card or the like, or to input a login ID. Also, it is assumed that the login ID / password registration has been performed in advance by the user A using the first Web client terminal 11 according to the login ID / password registration method provided by the Web server 13. The login ID / password can be individually registered in association with the first Web client terminal 11 to be used, or can be used in common by a plurality of Web client terminals.

  The Web server 13 analyzes the request information from the first Web client terminal 11 by the request information analysis unit 1312 of the communication processing unit, and collates with the login ID / password information recorded in the account information of the account information database 133 in advance. (Steps S4 and S5).

  If the web server 13 determines that they match as a result of this collation (step S6), the web protocol processing unit 1311 generates session information (step S7), and the access control unit 1313 Based on the access source identification information and the login ID / password, the access control policy according to the authentication information is confirmed by referring to the access control policy information in the access control policy information database 134, and the access history in the access history information database 135 is checked. It is confirmed whether or not access source identification information for identifying the user A exists in the information table (steps S8 and S9). The correspondence between the access source identification information and the request analysis result is registered in advance and defined in the access control policy information.

  If it is determined that the access is the first access as a result of the confirmation of the access source identification information (step S10), the Web server 13 determines that the access history management unit 1314 in the access control unit 1313 corresponds to that shown in FIG. The access source identification information, session information, user agent information, content identification information, authentication means identification information, and access date / time information related to the session are recorded in the access history information database 135 as access history information (step S11). If it is determined that it is not the first access, the corresponding access date / time information is updated.

  Subsequently, the Web server 13 reads out the Web content of the requested URL from the content database 136 by the content screen generation unit 1315 and generates the Web content (service provision screen) of the response to the first Web client terminal 11. The access control unit 1313 adds the Web content identification information to the access history information table in the access history information database 135 and records it.

  The Web server 13 presents the Web content (service provision screen) of the response to the first Web client terminal 11 to the first Web client terminal 11 together with the session information by the Web protocol processing unit 1311, and the Web site related to the request information Is allowed to access (step S12).

  While the user A uses the Web content, the repeated access between the first Web client terminal 11 and the Web server 13 is managed by the access history management unit 1314 (step S13), that is, when the Web content is used. Each time the request and response are repeated, the access history information table in the access history information database 135 is updated (steps S14 to S15). Further, the Web server 13 can be set so that only specific Web content can be used continuously beyond the normal session timeout time. In this case, the asynchronous communication of the first Web client terminal 11 is performed when the response information is transmitted. An asynchronous script is realized by transmitting polling execution script information to the unit 1121 (step S16).

  In this way, the user A can use the Web content provided by the Web server 13 by using the first Web client terminal 11.

  Subsequently, the user A uses the second Web client terminal 12 (for example, a digital TV terminal) for the reason that the screen of the first Web client terminal 11 is small and difficult to browse in using the Web content, for example. An example of accessing will be described.

  Referring to FIG. 6, user A activates a web browser via the user I / F 123a of the second web client terminal 12, and inputs the URL of the web content provided by the web server 13 for access (step S21). ).

  The Web server 13 reads the response Web content from the content database 136 by the content screen generation unit 1315 and presents a login screen to the first Web client terminal 11 (step S22).

  User A inputs a login ID / password in a predetermined input field of the login screen via the user I / F 123a of the second Web client terminal 12, presses a transmission button, and transmits request information including the login ID / password. (Step S23).

  As an example of user authentication, a login ID can be operated and input, or a combination of ID and password read using an IC card or the like can be used. Also, it is assumed that the login ID / password registration has been performed in advance by the user A using the first Web client terminal 11 according to the login ID / password registration method provided by the Web server 13. The login ID / password can be individually registered in association with the first Web client terminal 11 to be used, or can be used in common by a plurality of Web client terminals.

  The Web server 13 analyzes the request information from the first Web client terminal 11 by the request information analysis unit 1312 in the access control unit 1313, and the login ID / password information recorded in the account information of the account information database 133 in advance. (Steps S24 and S25).

  As a result of this collation, if it is determined that they match (step S26), the web server 13 generates session information by the communication processing unit (web protocol processing unit 1311) (step S27), and the access control unit 1313 requests the request information. Based on the login ID / password of the analysis result, the policy is confirmed by referring to the access control policy information in the access control policy information database 134 as described above, and the access history information table in the access history information database 135 is checked. Then, it is confirmed whether or not access source identification information for specifying the user A exists (steps S28 and S29).

  If the access control unit 1313 determines that the access source identification information is defined as the account ID associated with the login ID, the Web server 13 uses the user in the Web server 13 as a result of checking the access control policy information. When it is determined that the account ID of A is unique (determining that the same access source identification information exists), that is, when it is determined that the two Web client terminals cannot use the information synchronously, in the access control policy information, It is confirmed whether there is any other policy matching (step S30).

  As another policy, when the access priority according to the user agent information is set in the access control information policy, and the first Web client terminal 11 is set to have priority over the second Web client terminal 12, the first Web In a situation where session information from the client terminal 11 exists and is maintained, it is further confirmed whether there is any other policy matching (step S31).

  Furthermore, as another policy, when the content use restriction based on the access priority for each Web client terminal is set in the access control policy, the content identification recorded in the access history information as a result of this access control policy When it is determined that the Web content of the information is available with the access priority of the second Web client terminal 12 (step S32), the access control unit 1313 maintains the session information from the first Web client terminal 11 and maintains it. Under the circumstances, it is determined that the Web content according to the policy can be provided to the second Web client terminal 12. When it is determined that the content cannot be provided, the fact is notified to the second Web client terminal 12 each time.

  The Web server 13 uses the access control unit 1313 to extract the most recent content identification information transmitted to the first Web client terminal 11 from the content identification information of the Web content recorded in the access history information table. Based on the information, the content screen generation unit 1315 is requested to generate content in accordance with the policy. Based on the content identification information, the content screen generation unit 1315 generates Web content (service provision screen) of response information similar to that most recently transmitted to the first Web client terminal 11 and returns it to the access control unit 1313. .

  In response to a request from the access control unit 1313, the Web server 13 transmits the Web content (service providing screen) of the response information to the second Web client terminal 12 together with the session information by the Web protocol processing unit 1311 (Step S33). .

  In this way, the user A uses the Web content (service providing screen) of the response information in the first Web client terminal 11 transmitted from the Web server 13 using the Web browser of the second Web client terminal 12. As described above, an asynchronous script can also be executed for the asynchronous communication unit 1221 of the second Web client terminal 12 (step S34).

  While the user A uses the Web content, the repeated access between the second Web client terminal 12 and the Web server 13 is managed by the access history management unit 1314. That is, a request and a response when using the Web content are received. Each time it is repeated, the access history information table in the access history information database 135 is updated (steps S35 to S37).

  Subsequently, when the same Web content is presented on both the first Web client terminal 11 and the second Web client terminal 12, the user A uses the Web application of the first Web client terminal 11 to perform a logout operation or A case where the web application is terminated will be described.

  Referring to FIG. 7, when the request information analysis unit 1312 in the communication processing unit receives the request information for logging out the Web content from the first Web client terminal 11 of the user A, the Web server 13 includes the account ID. This request information is analyzed (steps S41 and S42), and the access control unit 1313 collates with the access source identification information of the access history information in the access history information database 135 (steps S43 and S44). The access history management unit 1314 updates (deletes) the access history information whose access source identification information matches the account ID (step S45). Further, when the first Web client terminal 11 has the highest priority in the access priority of the access control policy information, the same account ID as the account ID included in the request information at the time of login from the second Web client terminal 12 Regardless of whether or not the session information by exists, access history information whose access source identification information matches the account ID is deleted (step S46). Thus, the same operation is performed when the processes shown in FIGS. 5 and 6 are repeated again. The Web server 13 presents the service end screen of the Web content of the session to the first Web client terminal 11 by the content screen generation unit 1315 (Step S47).

  The web server 13 also manages the access history by the access control unit 1313 when the web protocol processing unit 1311 detects a polling timeout or a normal session timeout from the communication control unit 112 of the first web client terminal 11. The unit 1314 is instructed to delete the access history information including the corresponding session information as described above (step S48).

  Subsequently, when the user A performs a screen operation using the Web browser of the second Web client terminal 12 (Step S51), the request information analysis unit 1312 of the Web server 13 analyzes the corresponding request information (Step S51). In step S52, the access control unit 1313 collates with the access source identification information in the access history information (steps S53 and S54). Since the corresponding information does not exist (step S55), the content screen generation unit 1315 displays the web content ( A service incapable screen) is generated and presented to the second Web client terminal 12 via the Web protocol processing unit 1311 (step S56). Accordingly, with the service end for the first Web client terminal 11, the service provision for the second Web client terminal 12 is also ended, and the use restriction of the predetermined access control policy is maintained.

  As described above, according to the above embodiment, session maintenance between a plurality of Web client terminals and access control to Web contents can be simultaneously realized for the same Web server. For this reason, even when the second Web client terminal 12 having only a relatively low level authentication means such as a digital TV terminal is used, the first Web client terminal having a relatively high level authentication means such as IC card authentication. Web content that can be used only from the first Web client terminal 11 can also be used from the second Web client terminal 12 when another logged-in session by the terminal 11 (for example, a mobile phone equipped with an authentication IC chip) is valid. Become.

  In general, the Web server 13 according to the present invention receives request information including authentication information at the time of login when accessing a predetermined Web site from the first Web client terminal and / or the second Web client terminal, The request information analysis unit 1312 that collates with the authentication information recorded in the account information registered in the account information database in advance, and when matching is performed as a result of the collation, the access session information is generated, and the request information is Based on the included authentication information, the access control policy information registered in advance in the access control policy information database is referred to confirm the access control policy corresponding to the authentication information, and the Web content corresponding to the access control policy is Access control to determine whether or not it can be provided It includes a section 1313, if the Web content according to the access control policy is determined to be provided, the content screen generation unit 1315 for presenting the Web content according to the request information.

  In particular, the request information analysis unit 1312 receives request information including authentication information at the time of login when accessing a predetermined website from the first web client terminal 11, and stores the request information in account information registered in the account information database in advance. The access control unit 1313 generates a session information of the access when matching is made as a result of the verification, based on the authentication information included in the request information. The access control policy according to the authentication information is confirmed by referring to the access control policy information registered in the access control policy information database 133 in advance, and the access history information recorded in the access history information database 135 is added to the first Web. Specialize users of client terminal 11 If the access source identification information to be confirmed is not present and does not exist, the access source identification information for specifying the user is the session information, the user agent information for specifying the first Web client terminal 11, the Web It includes an access history management unit 135 that records in the access history information database 135 as access history information together with content identification information for identifying site content, authentication means identification information for identifying the type of authentication information, and access date / time information related to the session. .

  Here, the request information analysis unit 1312 of the Web server 13 according to the present invention receives request information including authentication information at the time of login when accessing the predetermined Web site from the second Web client terminal 12, and stores the request information in advance. The access control unit 1313 generates session information for the access when there is a match as a result of the verification, and the request information is recorded in the account information registered in the information database. Access history information when determining whether or not the content of the website can be used in accordance with the access priority determined in the access control policy based on the authentication information included in the information. From the access history information recorded in the database 135, the first Web The latest content identification information presented to the client terminal 11 is extracted, and the content screen generation unit 1315 presents the web content corresponding to the latest content identification information presented to the first Web client terminal 11 to the first Web client terminal 11. Generate a screen to be used.

  Further, when the same Web content is presented on both the first Web client terminal 11 and the second Web client terminal 12, the request information analysis unit 1312 requests information for logging out the Web content from the first Web client terminal 11. Is received, the account ID included in the request information is compared with the access source identification information of the access history information in the access history information database 135, and the access history management unit 1314 determines that the results match. In this case, the access history information whose access source identification information and account ID match is deleted. Furthermore, the access history management unit 1314, when the first Web client terminal 11 has the highest priority in the access priority of the access control policy information, the account ID included in the request information at the time of login from the second Web client terminal 12 Regardless of whether or not the session information with the same account ID exists, there is means for deleting the access history information whose access source identification information matches the account ID.

  When the first Web client terminal 11, the second Web client terminal 12, and the Web server 13 according to the present invention are configured by a computer, a program describing processing contents for realizing each function is stored in an internal or external computer. This program can be realized by reading out and executing this program by a central processing unit (CPU) of the computer. In addition, such a program can be distributed by selling, transferring, or lending a portable recording medium such as a DVD or a CD-ROM, and such a program is stored in a storage unit of a server on a network, for example. And the program can be distributed by transferring the program from the server to another computer via the network. In addition, a computer that executes such a program can temporarily store, for example, a program recorded on a portable recording medium or a program transferred from a server in its own storage unit. As another embodiment of the program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and each time the program is transferred from the server to the computer. In addition, the processing according to the received program may be executed sequentially. Therefore, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the present invention.

  According to the present invention, session maintenance between a plurality of Web client terminals and access control to Web contents can be realized simultaneously for the same Web server, so that the service utilization of users is improved. This is useful for a method of providing content.

DESCRIPTION OF SYMBOLS 1 Web content provision system 11 1st Web client terminal 12 2nd Web client terminal 13 Web server 111 Control part (Web application part)
112 Communication control unit 113 User I / F control unit 113a User I / F
114 Display control unit 114a Display device 115 Storage unit 121 Control unit (Web browser unit)
122 communication control unit 123 user I / F control unit 124 display control unit 125 storage unit 131 control unit 132 communication control unit 133 account information database 134 access control policy information database 135 access history information database 136 content database 137 storage unit 1111 Web protocol processing Unit 1112 Authentication information processing unit 1113 Request information generation unit 1114 Web display control unit 1121 Asynchronous communication unit 1211 Web protocol processing unit 1212 Authentication information processing unit 1213 Request information generation unit 1214 Web display control unit 1221 Asynchronous communication unit 1311 Web protocol processing unit 1312 Request information analysis unit 1313 Access control unit 1314 Access history management unit 1315 Content screen generation unit

Claims (8)

A web content providing system comprising: a web server that provides a web site on a network; and a first web client terminal and a second web client terminal that communicate with the web server via a web protocol via the network.
The web server
Wherein the 1Web receives the request information including the authentication information at the time of login when accessing client terminal or al a predetermined Web site, collates the authentication information to be recorded in the account information registered in advance in the account information database Request information analysis means,
If they match as a result of the collation, the access session information is generated and the access control policy information registered in advance in the access control policy information database is referred to based on the authentication information included in the request information. An access control means for confirming an access control policy corresponding to the authentication information and determining whether or not Web content corresponding to the access control policy can be provided;
Web content providing means for presenting Web content related to the request information when it is determined that Web content according to the access control policy can be provided;
Equipped with a,
Whether the access control means has access source identification information for identifying the user of the first Web client terminal in the access history information recorded in the access history information database when they match as a result of the collation If it does not exist, the access source identification information that identifies the user is the session information, the user agent information that identifies the first web client terminal, and the content identification that identifies the content of the website Information, authentication means identification information for identifying the type of the authentication information, and access history management means for recording in the access history information database as access history information together with access date and time information related to the session,
The web content providing means includes means for presenting web content related to the request information after the access history information is confirmed.
The request information analysis means receives request information including authentication information at the time of login when accessing the predetermined website from the second web client terminal, and records it in account information registered in the account information database in advance. Means for verifying with the authentication information
The access control means generates session information for the access when they match as a result of the collation, and based on the authentication information included in the request information, the access control means executes the Web according to the access priority determined in the access control policy. When determining whether the content of the site is available and determining that it is available, the latest information presented to the first Web client terminal from the access history information recorded in the access history information database Means for extracting content identification information;
The Web content providing means is characterized Rukoto to have a means for presenting the Web content to the first 2Web client terminal corresponding to said first 1Web most recent content identification information presented to the client terminal, Web content providing system . When the same Web content is presented on both the first Web client terminal and the second Web client terminal,
When the request information analysis unit receives request information for logging out the Web content from the first Web client terminal, the account ID included in the request information and the access source identification of the access history information in the access history information database Has a means to collate with the information,
It said access history management means, when it is determined that the matching as the collating result is characterized in that it comprises means for deleting the access history information access source identification information and account ID matches, according to claim 1 Web content providing system. The access history management means includes an account ID included in request information at the time of login from the second Web client terminal when the first Web client terminal has the highest priority in the access priority of the access control policy information. 3. The Web according to claim 2 , further comprising means for deleting access history information in which the access source identification information matches the account ID regardless of whether session information with the same account ID exists. Content provision system. The access control policy information is:
If the access source identification information and the account ID match, a policy that the same Web content is not presented synchronously on both the first Web client terminal and the second Web client terminal unless a different policy is applied,
When the first Web client terminal and the second Web client terminal correspond to the access priority for each authentication information based on the user agent information, both the first Web client terminal and the second Web client terminal receive the same Web content. A policy that can be presented synchronously with
The first Web client terminal and the first Web client terminal with respect to the content availability restriction according to the access priority for each Web client terminal, which can be presented in whole or in part as the contents of Web content for each authentication information based on the user agent information. A policy that allows all or part of the same Web content to be presented synchronously on both the first Web client terminal and the second Web client terminal when two Web client terminals are applicable. The Web content providing system according to any one of claims 1 to 3 . Wherein the 1Web authentication information of the client terminal, as a high degree of authentication than the authentication information of the first 2Web client terminal, characterized in that it is defined in the access control policy information, any one of the claims 1-4 Web content providing system according to item. A web server that communicates with a first web client terminal and a second web client terminal via a web protocol to provide a web site on the network;
Wherein the 1Web receives the request information including the authentication information at the time of login when accessing client terminal or al a predetermined Web site, collates the authentication information to be recorded in the account information registered in advance in the account information database Request information analysis means,
If they match as a result of the collation, the access session information is generated and the access control policy information registered in advance in the access control policy information database is referred to based on the authentication information included in the request information. An access control means for confirming an access control policy corresponding to the authentication information and determining whether or not Web content corresponding to the access control policy can be provided;
Web content providing means for presenting Web content related to the request information when it is determined that Web content according to the access control policy can be provided;
Equipped with a,
Whether the access control means has access source identification information for identifying the user of the first Web client terminal in the access history information recorded in the access history information database when they match as a result of the collation If it does not exist, the access source identification information that identifies the user is the session information, the user agent information that identifies the first web client terminal, and the content identification that identifies the content of the website Information, authentication means identification information for identifying the type of the authentication information, and access history management means for recording in the access history information database as access history information together with access date and time information related to the session,
The web content providing means includes means for presenting web content related to the request information after the access history information is confirmed.
The request information analysis means receives request information including authentication information at the time of login when accessing the predetermined website from the second web client terminal, and records it in account information registered in the account information database in advance. Means for verifying with the authentication information
The access control means generates session information for the access when they match as a result of the collation, and based on the authentication priority information included in the request information, When determining whether the content of the site is available and determining that it is available, the latest information presented to the first Web client terminal from the access history information recorded in the access history information database Means for extracting content identification information;
The Web content providing means is characterized Rukoto to have a means for presenting the Web content to the first 2Web client terminal corresponding to said first 1Web most recent content identification information presented to the client terminal, Web server. A content providing method by a web server that communicates with a first web client terminal and a second web client terminal via a web protocol to provide a website on a network,
The processing procedure of the web server is as follows:
Receiving request information including authentication information at the time of log-in when accessing a predetermined Web site from the first Web client terminal, and collating it with authentication information recorded in account information registered in the account information database in advance When,
If they match as a result of the collation, the access session information is generated and the access control policy information registered in advance in the access control policy information database is referred to based on the authentication information included in the request information. The access control policy corresponding to the authentication information is confirmed, and whether or not access source identification information for identifying the user of the first Web client terminal exists in the access history information recorded in the access history information database. If it does not exist after confirmation, the access source identification information that identifies the user is the session information, the user agent information that identifies the first web client terminal, the content identification information that identifies the content of the website, Authentication means identification that identifies the type of authentication information Distribution, and a step of recording in said access history information database as access history information with the access date and time information relating to the session,
After confirming the access history information, presenting Web content related to the request information;
Request information including authentication information at the time of login when accessing the predetermined Web site from the second Web client terminal is received and collated with authentication information recorded in the account information registered in the account information database in advance. Steps,
If they match as a result of the collation, the access session information is generated, and the contents of the website can be used according to the access priority order defined in the access control policy based on the authentication information included in the request information When it is determined whether or not it is available, the most recent content identification information presented to the first Web client terminal is extracted from the access history information recorded in the access history information database. Steps,
Presenting web content corresponding to the most recent content identification information presented to the first web client terminal to the second web client terminal;
A content providing method comprising: A computer configured as a Web server that communicates with a first Web client terminal and a second Web client terminal via a Web protocol to provide a Web site on a network.
Receiving request information including authentication information at the time of log-in when accessing a predetermined Web site from the first Web client terminal, and collating it with authentication information recorded in account information registered in the account information database in advance When,
If they match as a result of the collation, the access session information is generated and the access control policy information registered in advance in the access control policy information database is referred to based on the authentication information included in the request information. The access control policy corresponding to the authentication information is confirmed, and whether or not access source identification information for identifying the user of the first Web client terminal exists in the access history information recorded in the access history information database. If it does not exist after confirmation, the access source identification information that identifies the user is the session information, the user agent information that identifies the first web client terminal, the content identification information that identifies the content of the website, Authentication means identification that identifies the type of authentication information Distribution, and a step of recording in said access history information database as access history information with the access date and time information relating to the session,
After confirming the access history information, presenting Web content related to the request information;
Request information including authentication information at the time of login when accessing the predetermined Web site from the second Web client terminal is received and collated with authentication information recorded in the account information registered in the account information database in advance. Steps,
If they match as a result of the collation, the access session information is generated, and the contents of the website can be used according to the access priority order defined in the access control policy based on the authentication information included in the request information When it is determined whether or not it is available, the most recent content identification information presented to the first Web client terminal is extracted from the access history information recorded in the access history information database. Steps,
Presenting web content corresponding to the most recent content identification information presented to the first web client terminal to the second web client terminal;
A program for running

Images