JPH0965311A - Communication equipment and communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To conduct communication by providing a program means conducting input/output operation of a signal with respect to an external communication equipment and a permission setting means permitting input/output operation to the program means by a participant request person depending on a discrimination of a discrimination means so as to use a server program thereby protecting safely participants. SOLUTION: A conference terminal 101 receives an external participation request to a conference by using a reception means 102, uses a recognition means 103 to recognize a request person and discriminates whether or not the request is allowed and in the case of permitting the new participation, a permission setting means 104 references a conference server 107 as required to set an external operation permission to a window server 106 properly. Furthermore, the conference terminal equipment 101 uses the reception means 102 to receive a withdrawal request from the conference participant and a permission cancel means 105 references the conference server 107 as required and sets an external operation permission cancel to the window server 106. Thus, the participant receives the service with safety simply.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication device such as a terminal device and a communication system suitable for use in an electronic conference system or the like in which a display is shared among a plurality of terminals.

[0002]

2. Description of the Related Art Conventionally, in an electronic conferencing system in which a plurality of terminals are used to communicate still images and the like with each other, data of a sending side program operating on one terminal is shared in order to share the display of the program. May be received by the receiving programs on all terminals and a display operation may be performed. In that case, if the transmission / reception program is dedicated for electronic conferences, etc., the transmission program and the reception program are provided with dedicated authentication means and operation refusal / acceptance processing means, so that there is no security problem. It is possible. On the other hand, in order to operate by sharing a general program that is not dedicated to electronic conferences among multiple terminals,
Alternatively, in order to save the trouble of creating a dedicated reception program, a display operation from a general program running on one terminal is often received by a general-purpose display operation program of each terminal to perform the display operation. In a workstation or the like, this reception display operation is realized by using a server program called a window server.

In addition to a window server, a file I / O server is often used as a server program that provides some service based on a request from the outside. The file I / O server transfers data from a file to a requester according to a request from the outside. Like the window server, this file I / O server has been developed independently of the application of electronic conferencing, so it cannot be set to allow access to conference participants, and therefore individual passwords are required. It is either excessively strict security protection such as security protection, or excessively loose security protection such as allowing access to anyone. For example, the window server has a method of designating the person to whom operation permission is given in order to prevent execution of the display operation instruction sent from an inappropriate person. Since it is not possible to limit the communication partner in advance, the permission is given to the display operation instruction from any partner.

[0004]

However, when a service server such as a window server is used as described above, it becomes impossible to reject an operation instruction from an inappropriate partner, which causes a problem in security. Was coming.

Therefore, an object of the present invention is to obtain a communication device and a communication system used in an electronic conference system or the like that can protect participants by using a server program and perform communication.

[0006]

In a communication device according to the present invention, a decision means for accepting a request to participate in mutual communication and for determining permission or refusal of participation, and a signal input / output operation for an external communication device are performed. A program means and a permission setting means for permitting an input / output operation to / from the program means by a requester who has made a participation request according to the permission determination of the determination means are provided.

In the communication system according to the present invention, a predetermined terminal device determines whether or not an access request for communication from another terminal device can be made.

[0008]

According to the communication device of the present invention, the determination means determines whether to permit or deny participation to the participation requester, and the permission setting means performs the input / output operation from the participant to the program means according to the determination of the participation permission. Set permissions.

According to the communication system of the present invention, when an access request such as a request for participation in communication is given from a certain terminal device, only a predetermined terminal device determines whether or not the request can be made.

[0010]

1 is a block diagram showing a first embodiment in which the present invention is applied to an electronic conference system.
In the figure, 101 is one of the conference terminals as a communication device that participates in an electronic conference. In the conference terminal 101,
A receiving means 102 receives and processes a request for participation in and a request for leaving a conference, and accepts or rejects the request.
Reference numeral 3 denotes an authenticating unit that authenticates the sender of the request and informs the accepting unit 102. Reference numeral 104 denotes permission setting for setting the operation permission from the outside by the requester authorized to the window server 106 according to the determination of the accepting unit 102. Means, 105
Is the window server 1 according to the judgment of the acceptance means 102.
Permission canceling means for canceling the operation permission from the outside by the participant who requested the exit from 06, and 106 is a window server for performing input / output operations such as display.

Reference numeral 107 denotes a conference server that manages information on the members participating in the conference and the host name of the working terminal.
Reference numeral 08 is a display device, and 109 is an input device operated by the user.

The conference terminal 101 receives a request for participation in the conference from the outside by the accepting means 102 and authenticates the requester by the authenticating means 1.
03 is used to determine whether to permit or deny the request, and in the case of permission, the permission setting unit 104 refers to the conference server 107 as necessary to appropriately permit operation from the outside to the window server. Set to 106. Further, in the conference terminal 101, the accepting unit 102 receives an exit request from a conference participant, and the permission canceling unit 105 refers to the conference server 107 as necessary and sets the window server 106 to cancel the operation permission from the outside.

FIG. 2 is a flowchart showing the operation of the participation request process of the electronic conference system. In the figure, S20
1 is a request receiving step for receiving a participation request from the outside, S202 is an authentication step for authenticating a requester, S20
Reference numeral 3 is a step for judging whether or not the authentication has been correctly performed, S20
4 is an automatic determination step for automatically determining whether to permit or deny the participation request based on the information set in advance by the user, S205 is a determination step for determining whether or not the automatic determination has been performed, and S206 is a permission for the participation request or A user determination step of inquiring the user of the determination of refusal, S207 is a step of determining the determination result of the user, S208 is a permission setting step of setting operation permission from the outside to the window server 106, and S209 is a participation requester. Permission message transmitting step for transmitting the permission message of step S21
Reference numeral 0 is a rejection message transmission step of transmitting a participation rejection message to the participation requester.

Next, the operation will be described with reference to the above flow chart. The system using the present invention newly receives a request to join a conference from another user when the own terminal has already joined the conference, and newly when the own terminal has not joined the conference. It operates in two situations, when receiving a request to join a conference from another user.

First, in step S201, the accepting means 102 accepts a participation request from the outside. Next, the accepting means 102 authenticates the other party who has issued the request in step S202, using the authenticating means 103. Then, determination step S20
If it is determined in 3 that the requesting party cannot be correctly authenticated, the process proceeds to a reject message transmission step S210. If it is determined that the authentication has been correctly performed, permission or rejection of the participation request is automatically determined in step S204. In that case, the accepting means 102 refers to a specific file previously set by the user of the terminal, and if the file contains the name of the other party who has issued the participation request, it is automatically determined to be permitted. If it is determined that the determination is permitted in step S205, the process proceeds to permission setting step S208.

If it is determined that the determination cannot be automatically made, the process proceeds to the user determination step of step S206. In step S206, a panel for requesting the user's determination is popped up on the screen of the display device 108,
Whether to permit or deny is determined based on the input operation of the input device 109 by the user. If the determination is determined to be permitted in step S207, the permission setting step S208 is performed, and if the determination is denied, the rejection message transmission step S21 is performed.
Go to 0.

In the permission setting step S208, when the terminal itself has already participated in the conference, the conference server 107 and the permission setting means 104 are instructed to add the party who has issued the participation request. When the terminal itself is not participating in the conference, the permission setting unit 104 is instructed to add all the members of the conference. The permission setting means 104 communicates with the window server 106 so as to add the designated partner or member as a partner who is permitted screen operation.

Here, when it is instructed to add all the members of the conference or when the host name of the target party is required in the subsequent processing, the permission setting means 104 causes the conference server 107 to obtain the necessary information. To inquire. Conference server 10
7 is realized in a client-server format which has been widely used in recent years, and the permission setting means 104 communicates with the conference server 107 using a function for a client.

Then, in step S209, a request permission message is transmitted to the partner who has issued the participation request, and the participation request process is terminated. If the participation request is rejected, a request rejection message is transmitted to the partner who has issued the participation request in the rejection message transmission step S210, and the participation request process is terminated.

Window server 1 of permission setting means 104
The communication content to 06 is the X-Windows Server which is often used in this field for the window server 106.
Then, the addition operation of the person who permits the screen operation is X-
It is realized by using a command associated with the Windows System, such as xhost hostname or xhost username @ domain. Here, "hostname" indicates the host name of the target terminal's working terminal, and us
ername @ domain indicates the user name of the target partner and the domain name in which the user is managed.

Authentication step S20 by the authentication means 103
2 is implemented using public key cryptography with a digital signature method known in the art. This is because the key server generates a private key / public key pair for the individual, the sender transmits the encrypted message using the private key, and the communication destination uses the public key for the individual of the sender. By deciphering, it is confirmed that it is the message of the person concerned. Incidentally, in detail, information processing vo1.30, No.
8, pp. 892-901, trends in cryptography and security.

FIG. 3 is a diagram showing a panel that pops up on the screen of the display device 108 in the user determination step S206. FIG. 3A shows a panel when the terminal itself has already participated in the conference. b) is the panel in other cases. Reference numerals 301 to 304 denote buttons displayed on the panel.

FIG. 4 is a flow chart showing the detailed operation of the user determination step S206. Step S401
If the terminal is already participating in the conference,
(A), in other cases, the panel of FIG. 3 (b) is popped up, and the selection by pressing the button by the user is requested. When the participation button 301 or the participation permission button 303 is pressed, the process proceeds to the participation permission process in step S402, and the determination is ended as the participation permission in step S406. Non-participation button 302 or participation refusal button 30
When 4 is pressed, the process proceeds to the participation refusal process in step S403, and the determination is rejected in step S405 and the process ends. If the button is not pressed within the preset time in step S404, it is determined that the time-out has occurred, and in step S405, the determination is rejected and the process ends. The request for participation in the conference is processed as described above.

FIG. 5 is a flowchart showing a procedure for exiting from a conference. Step S501 is a step for accepting an exit request, step S502 is a step for canceling permission for screen operation, and step S503 is a step for transmitting an exit acceptance message.

When a conference participant leaves the conference or the conference ends, a leave request is transmitted to each terminal by means not shown. In step S501, the conference terminal 101 receives the exit request from the conference participant by the acceptance unit 102, and in step S502, the permission cancellation unit 105 cancels the operation permission cancellation from the outside by the exit requester.
Set to When the host name of the target partner is required, the permission canceling unit 105 inquires of the conference server 107 about the necessary information. Permission cancellation step S502
After that, in step S503, the exit acceptance message is returned to the sender of the exit request, and the process ends.

Assuming that the window server 106 is an X-Window Server which is widely used in this field, the cancel operation of the other party who permits the screen operation is X-W.
It is realized by using a command associated with the window system, such as xhost-hostname or xhost-username @ domain. Here, hostname is the host name of the working terminal of the target partner, user
ame @ domain is the user name of the target partner and the domain name in which the user is managed.

FIG. 6 is a block diagram showing the second embodiment. In the above-described first embodiment, the present invention is used as the security mechanism for the window server 106 for display operation, but in the present embodiment, it is used as the security mechanism for the shared file server. In FIG. 6, reference numeral 601 is one of the conference terminals participating in the electronic conference, 602 is a receiving means for receiving and processing the participation request and the exit request for the conference, 603 is an authentication means for authenticating the sender of the request, and 604 is sharing. Permission setting means for setting the operation permission from the outside by the requester permitted to the file server 606; 605, permission cancellation means for canceling the operation permission from the outside by the exit requester to the shared file server 606; A shared file server that performs input / output / transmission / reception operations of data files and the like, 607 is a conference server that manages information on the participating members of the conference and the host name of the terminal that is working, and 608 is a file that the shared file server 606 uses.

Next, the operation will be described. Conference terminal 60
1 is a means 602 for accepting a request for participation in a conference from the outside.
Then, the requester is authenticated by using the authenticating means 603, and then it is determined whether to permit or reject the request. In the case of permitting, the permission setting means 604 refers to the conference server 607 as necessary, and Appropriate operation permission from the outside by the requester is set in the shared file server 606.

Further, the conference terminal 601 receives an exit request from a conference participant by the acceptance means 602, and the permission cancellation means 605 refers to the conference server 607 as necessary to cancel the operation permission from the outside by the exit requester. The shared file server 606 is set. Further, when a conference participant leaves the conference or the conference ends, a leave request is transmitted to each terminal by means not shown. The conference terminal 601 receives an exit request from the conference participant by the acceptance unit 602, and the permission cancellation unit 605 sets in the shared file server 606 the cancellation of the operation permission from the outside by the exit requester. When the host name of the target partner is required, the permission cancellation means 6
05 inquires the conference server 607 about necessary information.
After that, the exit acceptance message is returned to the sender of the exit request, and the process ends.

The actual method of setting and canceling the access permission to the shared file server is realized by transmitting an appropriate command according to the mounting method of each shared file. For example, the additional setting is set as add user user @ domain, and the removal / cancellation is set as del user user @ domain. With this configuration,
Not only the shared file server 606 for display, but also access to the file information shared in a meeting or the like can be easily shared and used by the participants of the meeting, and safely protected from non-participants. It becomes possible to do.

Although the above-described embodiment has applied the present invention to the electronic conference system, the present invention is not limited to this and is applied when a predetermined terminal controls access between a plurality of terminals on the network. can do.

[0032]

As described above, according to the present invention, it is possible to provide a service that can be easily used by conference participants and can be safely protected from other people by using the existing server. it can. Further, by using the window server or the file server, it becomes possible to permit access from the conference participants while maintaining appropriate security for screen display operations or file input / output operations.

[Brief description of drawings]

FIG. 1 is a block diagram showing a first embodiment of the present invention.

FIG. 2 is a flowchart showing an operation of a participation request process of the electronic conference system using the present invention.

3 is a configuration diagram showing a panel that pops up on a screen in a user determination step S206 of FIG. 2. FIG.

FIG. 4 is a flowchart showing a detailed operation of a user determination step S206.

FIG. 5 is a flowchart showing an exit processing procedure from a conference.

FIG. 6 is a block diagram showing a second embodiment.

[Explanation of symbols]

 101 conference terminal 102 acceptance means 103 authentication means 104 permission setting means 105 permission cancellation means 106 window server 107 conference server 601 conference terminal 602 acceptance means 603 authentication means 604 permission setting means 605 permission cancellation means 606 shared file server 607 conference server

Claims (11)

[Claims] 1. A decision means for accepting a request for participation in mutual communication and deciding whether to permit or deny participation, a program means for inputting / outputting a signal to / from an external communication device, and a decision for permission of the decision means. And a permission setting means for permitting an input / output operation to the program means by the requester who has requested the participation. 2. The communication device according to claim 1, further comprising authentication means for authenticating the requester, wherein the judging means judges the requester authenticated by the authenticating means. 3. Accepting means for accepting a participation cancellation request by a participant to the mutual communication, and permission of input / output operation to the program means by a requester who has made the cancellation request in response to the acceptance by the accepting means. The communication device according to claim 1, further comprising: a permission cancellation unit that cancels the permission. 4. The determination means has a file in which a name is described in advance, and the determination is made by comparing the name of the requester with the name described in the file. Communication device. 5. The communication device according to claim 1, wherein the determination means displays the name of the requester and makes a determination input by the user based on the display. 6. The communication device according to claim 1, wherein the program means is a server program. 7. The communication device according to claim 1, wherein the program means is a window server. 8. The communication device according to claim 1, wherein the program means is a shared file server. 9. In a communication system for communicating between a plurality of terminal devices connected via a network, a predetermined terminal device determines whether or not an access request for the communication from another terminal device is permitted. Communication system. 10. The communication system according to claim 9, wherein the predetermined terminal device includes an authenticating unit that authenticates the participant who has issued the access request. 11. The communication system according to claim 9, wherein the communication system is an electronic conference system.