JP7690414B2 - Authentication server, work terminal, information processing method, and program - Google Patents

Description

The present invention relates to an authentication server that performs support processing for logging in to one or more websites.

Conventionally, when a user terminal accesses a URL specific to the user and transition site, the URL is analyzed based on a predetermined master, a security check is performed, and if the check is OK, a login screen is displayed on the user terminal (see Patent Document 1).

JP 2017-182781 A

However, in conventional technology, there was no mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the first invention is an authentication server that includes a code storage unit that stores codes for one or more pieces of authentication information that correspond to one or more user identifiers and enable login to one or more sites, an authentication request receiving unit that receives an authentication request corresponding to the user identifier from a user terminal, a code acquisition unit that acquires a code corresponding to the user identifier corresponding to the authentication request from the code storage unit in response to receiving the authentication request, a code sending unit that transmits the code acquired by the code acquisition unit to the user terminal, an access information receiving unit that receives the code sent by the code sending unit and receives access information, which is information corresponding to the code and is information for logging in to one or more sites, from a working terminal that has acquired the code from the user terminal that has output the code, and a support unit that performs support processing for the working terminal to log in to one or more sites using the access information.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the second invention is an authentication server according to the first invention, in which the support unit performs a first support process of acquiring one or more pieces of authentication information corresponding to the access information, accessing one or more sites using each of the one or more pieces of authentication information, acquiring a web page after logging in to each of the one or more sites, and transmitting the web page to the work terminal, or performs a second support process of acquiring one or more pieces of authentication information corresponding to the access information, accessing one or more sites, acquiring a web page for logging in to each of the one or more sites, constructing a web page into which the authentication information corresponding to the web page is input, and transmitting the web page to the work terminal, or performs a third support process of acquiring one or more pieces of authentication information corresponding to the access information and transmitting the web page to the work terminal.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the third invention is an authentication server according to the first or second invention, in which the authentication information corresponds to a user terminal identifier that identifies the user terminal, the authentication request includes a user identifier and a user terminal identifier, and the code acquisition unit acquires a code that enables logging in to one or more sites that can be logged in using the user identifier and one or more pieces of authentication information that correspond to the user identifier and user terminal identifier that correspond to the authentication request in response to receiving the authentication request.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the fourth invention is an authentication server according to any one of the first to third inventions, in which the authentication information corresponds to a work terminal identifier that identifies the work terminal, the authentication request includes a user identifier and a work terminal identifier, and the code acquisition unit acquires a code that enables logging in to one or more sites that can be logged in using one or more pieces of authentication information that correspond to the user identifier and work terminal identifier that correspond to the authentication request in response to receiving the authentication request.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the fifth invention is an authentication server according to the fourth invention, in which some authentication information is associated with a work terminal identifier while other authentication information is not associated with a work terminal identifier, and an authentication request may or may not have a work terminal identifier, and when an authentication request that does not have a work terminal identifier is received, the code acquisition unit is an authentication server that acquires a code that is authentication information corresponding to the user identifier corresponding to the authentication request and that enables logging in to two or more sites that can be logged in to using authentication information that does not correspond to a work terminal identifier.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server of the sixth invention is an authentication server according to any one of the first to fifth inventions, further comprising a time information acquisition unit that acquires time information for the code acquired by the code acquisition unit, a time information storage unit that stores the time information in association with a user identifier, and a prohibition processing unit that performs a prohibition process, which is a process for logging out or a process for preventing login to the site corresponding to the user identifier, if a certain time or more has passed since the time specified by the time information.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The work terminal of the seventh invention includes a terminal code acquisition unit that acquires a code from a user terminal, a selection item set configuration unit that configures a selection item set in which each of two or more sites is a selection item, the selection item set configuration unit being information corresponding to the code acquired by the terminal code acquisition unit, a selection item set output unit that outputs the selection item set, a selection acceptance unit that accepts the selection of one or more selection items from the selection item set, an access information configuration unit that configures access information for the sites corresponding to each of the one or more selection items, an access information transmission unit that transmits the access information, and the work terminal is capable of accessing the sites in response to the transmission of the access information.

This configuration provides a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

The authentication server according to the present invention can provide a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site.

Conceptual diagram of information system A in embodiment 1. Block diagram of information system A Block diagram of the authentication server 1 Block diagram of the work terminal 3 A flowchart for explaining an example of the operation of the authentication server 1. 1 is a flowchart illustrating a first example of the support process. 11 is a flowchart illustrating a second example of the support process. 11 is a flowchart illustrating a third example of the support process. A flowchart illustrating an example of the prohibition process. A flowchart for explaining an example of the operation of the user terminal 2 A flowchart illustrating an example of the operation of the work terminal 3. The authentication information management table A diagram showing the code information management table FIG. 2 is a diagram for explaining a specific example of the operation of the information system A. A diagram showing an example of the output A diagram showing the code information management table Overview of the computer system Block diagram of the computer system

Below, an embodiment of an authentication server and the like will be described with reference to the drawings. Note that components with the same reference numerals in the embodiments perform similar operations, so repeated explanations may be omitted.

(Embodiment 1)
In this embodiment, an information system including an authentication server that provides a mechanism for easily logging in to one or more sites while ensuring the security of authentication information for logging in to the sites will be described.

In addition, in this embodiment, we will explain an information system that includes an authentication server for logging in to one or more sites using only a specific user terminal.

In addition, in this embodiment, we will explain an information system that includes an authentication server for logging in to one or more sites only when a specific user terminal accesses the authentication server.

In addition, in this embodiment, we will explain an information system that includes an authentication server that supports logging in to one or more sites only from a specific work terminal.

Furthermore, in this embodiment, an information system including an authentication server that issues a code and provides a mechanism for preventing work on a site from being performed after a specified time has elapsed since the code was issued will be described.

In this embodiment, information X being associated with information Y means that information Y can be obtained from information X, or information X can be obtained from information Y, and the method of association is not important. Information X and information Y may be linked, may exist in the same buffer, information X may be included in information Y, or information Y may be included in information X, etc.

Figure 1 is a conceptual diagram of an information system A in this embodiment. Information system A includes an authentication server 1, one or more user terminals 2, one or more work terminals 3, and one or more sites 4.

The authentication server 1 is a server that assists a user in logging in to one or more sites 4 from a work terminal 3. The authentication server 1 is a server that transmits a code to a user terminal 2. The authentication server 1 is typically a server, for example, a cloud server or an ASP server, but the type is not important.

The user terminal 2 is a terminal used by a user and receives the code sent by the authentication server 1. The user terminal 2 may be, for example, a personal computer, a smartphone, or a tablet terminal, but the type is not important.

The work terminal 3 is a terminal used by a user, and is a terminal used when logging in to the site 4. The work terminal 3 is a terminal for performing various tasks on the site 4. The work terminal 3 is, for example, a personal computer, a smartphone, or a tablet terminal, but the type is not important.

Site 4 is usually a so-called website, but it can be anything that can be logged in to. Site 4 can be, for example, an e-commerce site on the web or a content viewing site, but the type does not matter. Site 4 can be, for example, a cloud server or an ASP server, but the type does not matter.

The authentication server 1 and one or more user terminals 2 can communicate with each other via a network such as the Internet or a LAN. The one or more work terminals 3 and one or more sites 4 can communicate with each other via a network such as the Internet or a LAN.

Figure 2 is a block diagram of information system A in this embodiment. Figure 3 is a block diagram of authentication server 1. Figure 4 is a block diagram of work terminal 3.

The authentication server 1 includes a storage unit 11, a receiving unit 12, a processing unit 13, and a transmitting unit 14. The storage unit 11 includes an authentication information storage unit 111, and a code storage unit 112. The receiving unit 12 includes an authentication request receiving unit 121, and an access information receiving unit 122. The processing unit 13 includes a code acquiring unit 131, a support unit 132, a time information acquiring unit 133, a time information storage unit 134, and a prohibition processing unit 135. The transmitting unit 14 includes a code transmitting unit 141.

The user terminal 2 includes a user storage unit 21, a user reception unit 22, a user processing unit 23, a user transmission unit 24, a user reception unit 25, and a user output unit 26.

The work terminal 3 includes a work storage unit 31, a work acceptance unit 32, a work processing unit 33, a work transmission unit 34, a work receiving unit 35, and a work output unit 36. The work acceptance unit 32 includes a selection acceptance unit 321. The work processing unit 33 includes a terminal code acquisition unit 331, a selected item set configuration unit 332, an access information configuration unit 333, and an access unit 334. The work transmission unit 34 includes an access information transmission unit 341. The work receiving unit 35 includes a web page reception unit 351. The work output unit 36 includes a selected item set output unit 361 and a web page output unit 362.

The storage unit 11 constituting the authentication server 1 stores various types of information. The various types of information include, for example, authentication information (described below), a code (described below), and prohibited conditions (described below).

The authentication information storage unit 111 stores one or more pieces of authentication information. The authentication information is information that enables logging in to one or more sites 4. The authentication information is, for example, an ID and a password. The authentication information is, for example, an ID. The ID is an identifier for logging in to the site 4, and is information that identifies a user. The ID may be called an account ID, a user ID, or the like. A user identifier is associated with each of the one or more pieces of authentication information. The user identifier is information that identifies a user. The user identifier is an ID of a user for enjoying the services provided by the authentication server 1. The user identifier is, for example, a user ID, a name, a telephone number, or an email address. The user identifier may be a user terminal identifier. The user terminal identifier is information that identifies the user's user terminal 2, and is, for example, a terminal ID, a MAC address, or a telephone number.

The authentication information storage unit 111 stores one or more pieces of authentication information in association with one or more user identifiers. It is preferable that the authentication information storage unit 111 stores two or more pieces of authentication information in association with one or more user identifiers.

It is preferable that the authentication information in the authentication information storage unit 111 also corresponds to a user terminal identifier that identifies the user terminal 2. When the authentication server 1 is accessed from a user terminal 2 identified by the user terminal identifier, the user terminal 2 can only log in to sites 4 that can be logged in to using the authentication information that pairs with the user terminal identifier.

It is preferable that the authentication information in the authentication information storage unit 111 also corresponds to a work terminal identifier that identifies the work terminal 3. From the work terminal 3 identified by the work terminal identifier, it is only possible to log in to sites 4 that can be logged in using the authentication information that pairs with the work terminal identifier.

The code storage unit 112 stores codes for one or more pieces of authentication information in association with one or more user identifiers.

The code is information used to log in to the site 4 from the work terminal 3. The code is information associated with authentication information. The code may be authentication information. A code usually corresponds to one piece of authentication information, but may correspond to two or more pieces of authentication information. A code associated with authentication information is, for example, a code in which one or more pieces of authentication information are embedded. The code is, for example, a pattern code, a character string, or a numeric string. A pattern code is, for example, a two-dimensional code or a one-dimensional code. A two-dimensional code is, for example, a QR code (registered trademark) or a color code. A one-dimensional code is, for example, a barcode. It is preferable that each of the two or more codes is unique.

The receiving unit 12 receives various types of information. The various types of information include, for example, an authentication request, which will be described later, and access information, which will be described later.

The authentication request receiving unit 121 receives an authentication request corresponding to a user identifier from the user terminal 2. The user identifier is an identifier for accessing the authentication server 1. The authentication request has, for example, a password for accessing the authentication server 1. The authentication request has, for example, one or more pieces of information among a user terminal identifier, a work terminal identifier, and a site identifier. The site identifier is information for identifying the site 4. Note that an authentication request corresponding to a user identifier is, for example, an authentication request including the user identifier. It goes without saying that an authentication request corresponding to a user identifier may have the same meaning as an authentication request corresponding to a user terminal identifier.

The access information receiving unit 122 receives access information from the work terminal 3. The work terminal 3 is a terminal that acquires a code from the user terminal 2. The user terminal 2 is a terminal that receives and outputs a code transmitted by the code transmitting unit 141 described below. The access information is information for logging in to one or more sites 4. The access information is information corresponding to the code transmitted by the code transmitting unit 141. The access information is, for example, authentication information for logging in to the site 4. The authentication information is, for example, a user identifier and a password. The access information is, for example, a code identifier that identifies the code transmitted by the code transmitting unit 141.

The access information receiver 122 receives the code sent by the code sending unit 141, and receives access information, which is information corresponding to the code and is used to log in to one or more sites, from the work terminal 3 that has acquired the code from the user terminal 2 that output the code. Here, the code sent by the code sending unit 141 and the code output from the user terminal 2 do not need to be the same information. It is sufficient that the code sent by the code sending unit 141 and the code output from the user terminal 2 are associated with each other.

The processing unit 13 performs various types of processing. The various types of processing are, for example, processing performed by the code acquisition unit 131, the support unit 132, the time information acquisition unit 133, the time information accumulation unit 134, and the prohibition processing unit 135.

In response to receiving an authentication request, the code acquisition unit 131 acquires a code corresponding to a user identifier corresponding to the authentication request. For example, in response to receiving an authentication request, the code acquisition unit 131 acquires a code corresponding to a user identifier corresponding to the authentication request from the code storage unit 112. For example, in response to receiving an authentication request, the code acquisition unit 131 generates a code corresponding to a user identifier corresponding to the authentication request. Note that such a code has, for example, one or more pieces of authentication information corresponding to the user identifier embedded therein. Furthermore, when the information to be embedded is determined, a technique for generating a code in which the information is embedded is a publicly known technique. Furthermore, the code acquisition unit 131 may, for example, associate the acquired code with a user identifier corresponding to the received authentication request and temporarily store the code in the code storage unit 112.

For example, in response to receiving an authentication request, the code acquisition unit 131 acquires one or more pieces of authentication information corresponding to a user identifier corresponding to the authentication request and a user terminal identifier corresponding to the user identifier, and acquires a code using the one or more pieces of authentication information. More specifically, for example, in response to receiving an authentication request, the code acquisition unit 131 acquires one or more pieces of authentication information corresponding to a user identifier corresponding to the authentication request and a user terminal identifier corresponding to the user identifier from the authentication information storage unit 111. Next, the code acquisition unit 131 acquires, for example, a code corresponding to the one or more pieces of authentication information from the code storage unit 112. Note that the code acquisition unit 131 may generate a code in which the one or more pieces of authentication information are embedded. Also, the code acquisition unit 131 may temporarily store the acquired code in the code storage unit 112, in association with a user identifier corresponding to the authentication request and a user terminal identifier corresponding to the user identifier.

It is preferable that the code acquisition unit 131 determines whether a pair of a user identifier corresponding to the authentication request and a user terminal identifier corresponding to the user identifier exists in the authentication information storage unit 111, and acquires the code only when it is determined that the pair exists. Note that the user identifier corresponding to the authentication request and the user terminal identifier corresponding to the user identifier are, for example, the user identifier and user terminal identifier contained in the authentication request.

For example, in response to receiving an authentication request, the code acquisition unit 131 acquires a code using one or more pieces of authentication information corresponding to a user identifier and a work terminal identifier corresponding to the authentication request. More specifically, for example, in response to receiving an authentication request, the code acquisition unit 131 acquires one or more pieces of authentication information corresponding to a user identifier corresponding to the authentication request and a work terminal identifier corresponding to the user identifier from the authentication information storage unit 111. Next, the code acquisition unit 131 acquires, for example, a code corresponding to the one or more pieces of authentication information from the code storage unit 112. Note that the code acquisition unit 131 may generate a code in which the one or more pieces of authentication information are embedded. Also, the code acquisition unit 131 may temporarily store the acquired code in the code storage unit 112 in association with a user identifier corresponding to the authentication request and a work terminal identifier corresponding to the user identifier.

It is preferable that the code acquisition unit 131 determines whether a pair of a user identifier corresponding to the authentication request and a work terminal identifier corresponding to the user identifier exists in the authentication information storage unit 111, and acquires the code only when it is determined that the pair exists. Note that the user identifier corresponding to the authentication request and the work terminal identifier corresponding to the user identifier are, for example, the user identifier and work terminal identifier contained in the authentication request.

For example, in response to receiving an authentication request, the code acquisition unit 131 acquires a code using one or more pieces of authentication information corresponding to a user identifier corresponding to the authentication request, a user terminal identifier corresponding to the user identifier, and a work terminal identifier corresponding to the user identifier. More specifically, for example, in response to receiving an authentication request, the code acquisition unit 131 acquires one or more pieces of authentication information corresponding to a user identifier corresponding to the authentication request and a work terminal identifier corresponding to the user identifier from the authentication information storage unit 111. Next, the code acquisition unit 131 acquires, for example, a code corresponding to the one or more pieces of authentication information from the code storage unit 112. Note that the code acquisition unit 131 may generate a code in which the one or more pieces of authentication information are embedded. In addition, the code acquisition unit 131 may temporarily store the acquired code in the code storage unit 112 in association with a user identifier corresponding to the authentication request, a user terminal identifier corresponding to the user identifier, and a work terminal identifier corresponding to the user identifier.

The code acquisition unit 131 preferably determines whether a pair of a user identifier corresponding to an authentication request, a user terminal identifier corresponding to the user identifier, and a work terminal identifier corresponding to the user identifier exists in the authentication information storage unit 111, and acquires the code only when it is determined that the pair exists. Note that the user identifier corresponding to an authentication request, the user terminal identifier corresponding to the user identifier, and the work terminal identifier corresponding to the user identifier are, for example, the user identifier, user terminal identifier, and work terminal identifier contained in the authentication request.

When an authentication request that does not have a work terminal identifier is received, the code acquisition unit 131 acquires a code using authentication information that corresponds to the user identifier corresponding to the authentication request and does not correspond to the work terminal identifier. More specifically, in response to receiving an authentication request, the code acquisition unit 131 acquires, for example, one or more pieces of authentication information that correspond to the user identifier corresponding to the authentication request and do not correspond to the work terminal identifier from the authentication information storage unit 111. Next, the code acquisition unit 131 acquires, for example, a code corresponding to each of the one or more pieces of authentication information from the code storage unit 112. Note that the code acquisition unit 131 may generate a code in which the one or more pieces of authentication information are embedded.

The code acquisition unit 131 may perform authentication processing for logging in to the authentication server 1 in response to the authentication request. Such authentication processing is, for example, processing using a user identifier and password contained in the authentication request, and is a well-known authentication technology, so a detailed description is omitted.

The support unit 132 performs support processing. The support processing is processing that supports the work terminal 3 to log in to one or more sites 4 using the access information received by the access information receiving unit 122. Note that the support processing may be processing that supports the work terminal 3 to log in to the site 4, and the details of the processing are not important.

The support unit 132 performs, for example, a first support process, a second support process, or a third support process.

The support unit 132 performs a first support process, for example, by acquiring one or more pieces of authentication information corresponding to the access information, accessing one or more sites using the one or more pieces of authentication information, acquiring a web page after logging in to each of the one or more sites, and transmitting the web page to the work terminal 3.

The support unit 132 performs a second support process, for example, by acquiring one or more pieces of authentication information corresponding to the access information, accessing one or more sites, acquiring a web page for logging in to each of the one or more sites, constructing a web page on which the authentication information corresponding to the web page is input, and transmitting the web page to the work terminal 3.

The support unit 132 performs a third support process, for example, to obtain one or more pieces of authentication information corresponding to the access information and transmit the one or more pieces of authentication information to the work terminal 3. In the third support process, typically, the user logs in to the site from the work terminal 3 without going through the authentication server 1. In the third support process, it is preferable that the support unit 132 also transmits link information corresponding to each piece of authentication information together with the one or more pieces of authentication information. The link information is information on a link for accessing the site 4 corresponding to the authentication information, for example, a URL or a URI.

The time information acquisition unit 133 acquires time information for the code acquired by the code acquisition unit 131. The time information for the code is usually information specifying the time when the code transmission unit 141 transmitted the code, but may be information specifying the time when the code acquisition unit 131 acquired the code. The time information is the time of day, or the elapsed time counted by a timer from the time for the code.

The time information accumulation unit 134 accumulates the time information acquired by the time information acquisition unit 133 in association with the user identifier.

The prohibition processing unit 135 performs prohibition processing when a certain time or more has passed since the time specified by the time information stored by the time information storage unit 134. The prohibition processing is processing for logging out of the site 4 corresponding to the user identifier or processing for preventing login to the site 4 corresponding to the user identifier.

The transmitting unit 14 transmits various types of information. The various types of information may be, for example, codes.

The code sending unit 141 sends the code acquired by the code acquisition unit 131 to the user terminal 2.

The user storage unit 21 constituting the user terminal 2 stores various types of information. The various types of information include, for example, a user identifier for accessing the authentication server 1 and a password for accessing the authentication server 1.

The user reception unit 22 receives various instructions and information. The various instructions and information are, for example, an authentication request and a work terminal identifier. The authentication request includes, for example, a password. The authentication request includes, for example, a user terminal identifier and a work terminal identifier. The authentication request includes, for example, a site identifier. The user reception unit 22, for example, reads a code (for example, a QR code) displayed on the work terminal 3 and obtains the work terminal identifier.

The means for inputting various instructions and information can be anything, such as a touch panel, keyboard, mouse, or menu screen.

The user processing unit 23 performs various types of processing. For example, the various types of processing are processing to change instructions, information, etc. received by the user receiving unit 22 into instructions, information, etc. with a structure to be transmitted. For example, the various types of processing are processing to change information received by the user receiving unit 25 into a structure to be output. The user processing unit 23 may use a code received by the user receiving unit 25 (for example, authentication information) to construct a code to be output (for example, a code with authentication information embedded (for example, a QR code)).

The user transmission unit 24 transmits various information, instructions, etc. Examples of the information, instructions, etc. include authentication requests.

The user receiving unit 25 receives various types of information. The various types of information are, for example, a code and a work terminal identifier. The user receiving unit 25 receives, for example, a work terminal identifier from the work terminal 3. The user receiving unit 25 receives, for example, the work terminal identifier from the work terminal 3 by a short-range wireless communication means.

The user output unit 26 outputs various information. The various information is, for example, information that is received by the device receiving unit 35 and has been restructured to be output by the device processing unit 33, such as codes and various screens. The user output unit 26 displays, for example, a code. The user output unit 26 transmits, for example, the code. When transmitting the code, it is preferable to use short-range wireless communication.

Here, output is a concept that includes displaying on a display, projecting using a projector, printing on a printer, outputting sound, sending to an external device, storing on a recording medium, and passing on the processing results to other processing devices or other programs, etc.

The work storage unit 31 constituting the work terminal 3 stores various types of information. The various types of information are, for example, a user identifier for logging in to the site 4 and a password for logging in to the site 4.

The work reception unit 32 receives various instructions and information. The various instructions and information are, for example, a code acquisition instruction, a selection instruction, and a login instruction. A code acquisition instruction is an instruction to acquire a code. A code acquisition instruction is, for example, an instruction to read a code output to the user terminal 2. A code acquisition instruction is, for example, an instruction to receive a code from the user terminal 2. A selection instruction is an instruction to select one site 4 from one or more login target sites 4. A login instruction is an instruction to log in to one site 4.

The means for inputting various instructions and information can be anything, such as a touch panel, keyboard, mouse, or menu screen.

The selection receiving unit 321 receives a selection of one or more selection items from the set of selection items output by the selection item set output unit 361. The selection receiving unit 321 receives a selection of one site 4 from two or more sites to be logged in. The reception of such a selection may be said to be the reception of a selection instruction.

The work processing unit 33 performs various types of processing. The various types of processing are, for example, processing performed by the terminal code acquisition unit 331, the selection item set configuration unit 332, the access information configuration unit 333, and the access unit 334.

The terminal code acquisition unit 331 acquires a code from the user terminal 2. For example, the terminal code acquisition unit 331 reads a code (for example, a two-dimensional code) displayed on the user terminal 2. In this case, the terminal code acquisition unit 331 includes, for example, a camera. For example, the terminal code acquisition unit 331 receives a code from the user terminal 2.

The selection item set configuration unit 332 configures a selection item set, which is information corresponding to the code acquired by the terminal code acquisition unit 331, with each of two or more sites 4 being selection items. The selection item set is a collection of selection items. Selection items are, for example, menu items, check boxes, and buttons that make up a menu. Selection items are selectable parts of a user interface.

The access information configuration unit 333 configures access information for the site 4 corresponding to one or more selection items for the selection accepted by the selection acceptance unit 321.

The access unit 334 uses one or more pieces of access information constructed by the access information construction unit 333 to access the site 4 corresponding to each piece of access information. As a result of the access, the user can log in to the site 4. After logging in to the site 4, the user can work on the site 4.

The work transmission unit 34 transmits various types of information. For example, the various types of information are access information.

The access information transmission unit 341 transmits the access information. For example, the access information transmission unit 341 transmits the access information to site 4. For example, the access information transmission unit 341 transmits the access information to authentication server 1.

The work receiving unit 35 receives various types of information. The various types of information are, for example, web pages and codes.

The web page receiving unit 351 receives a web page. The web page receiving unit 351 receives a web page from site 4. The web page receiving unit 351 may receive a web page from the authentication server 1. The web page is, for example, a web page after logging in to site 4, or a web page for logging in to site 4.

The work output unit 36 outputs various types of information. The various types of information are, for example, a set of selection items or a web page.

Here, output is a concept that includes displaying on a display, projecting using a projector, printing on a printer, outputting sound, sending to an external device, storing on a recording medium, and passing on the processing results to other processing devices or other programs, etc.

The selection item set output unit 361 outputs the selection item set constructed by the selection item set construction unit 332.

The web page output unit 362 outputs the web page received by the web page receiving unit 351.

The storage unit 11, authentication information storage unit 111, code storage unit 112, user storage unit 21, and work storage unit 31 are preferably non-volatile recording media, but can also be realized using volatile recording media.

The process by which information is stored in the storage unit 11, etc. is not important. For example, information may be stored in the storage unit 11, etc. via a recording medium, information transmitted via a communication line, etc. may be stored in the storage unit 11, etc., or information inputted via an input device may be stored in the storage unit 11, etc.

The receiving unit 12, the authentication request receiving unit 121, the access information receiving unit 122, the user receiving unit 25, the work receiving unit 35, and the web page receiving unit 351 are typically realized by wireless or wired communication means, but may also be realized by means of receiving broadcasts.

The processing unit 13, code acquisition unit 131, support unit 132, time information acquisition unit 133, time information storage unit 134, prohibition processing unit 135, user processing unit 23, task processing unit 33, terminal code acquisition unit 331, selection item set configuration unit 332, access information configuration unit 333, and access unit 334 can usually be realized by a processor, memory, etc. The processing procedures of the processing unit 13, etc. are usually realized by software, and the software is recorded in a recording medium such as a ROM. However, they may also be realized by hardware (dedicated circuit). The processor may be a CPU, MPU, GPU, etc., and the type does not matter.

The transmitting unit 14, the code transmitting unit 141, the user transmitting unit 24, the work transmitting unit 34, and the access information transmitting unit 341 are typically realized by wireless or wired communication means, but may also be realized by broadcasting means.

The user reception unit 22, the work reception unit 32, and the selection reception unit 321 can be realized by device drivers for input means such as a touch panel or a keyboard, control software for a menu screen, etc.

The user output unit 26, the work output unit 36, the selection item set output unit 361, and the web page output unit 362 may or may not include output devices such as a display or a speaker. The user output unit 26, etc. may be realized by driver software for an output device, or by driver software for an output device and an output device, etc.

Next, an example of the operation of authentication server 1 that constitutes information system A will be described using the flowchart in Figure 5.

(Step S501) The authentication request receiving unit 121 determines whether an authentication request has been received. If an authentication request has been received, the process proceeds to step S502. If an authentication request has not been received, the process proceeds to step S510.

(Step S502) The code acquisition unit 131 acquires the user identifier etc. contained in the authentication request. The user identifier etc. is, for example, a user identifier, a user identifier and a user terminal identifier, a user identifier and a work terminal identifier, or a user identifier, a user terminal identifier and a work terminal identifier.

(Step S503) The code acquisition unit 131 determines whether or not one or more pieces of authentication information corresponding to the user identifier, etc. acquired in step S502 are present in the authentication information storage unit 111. If one or more pieces of authentication information are present, the process proceeds to step S504; if not, the process proceeds to step S509.

(Step S504) The code acquisition unit 131 acquires one or more codes corresponding to one or more pieces of authentication information corresponding to the user identifier, etc. acquired in step S502. Here, the code acquisition unit 131 may acquire the code corresponding to the user identifier, etc. acquired in step S502 from the code storage unit 112. In addition, the code acquisition unit 131 may generate a code using one or more pieces of authentication information corresponding to the user identifier, etc. acquired in step S502.

(Step S505) The code sending unit 141 sends one or more codes acquired in step S504 to the user terminal 2.

(Step S506) The support unit 132 performs support processing. Examples of the support processing are described using the flowcharts in Figures 6, 7, and 8.

(Step S507) The time information acquisition unit 133 acquires time information using a clock or timer (not shown).

(Step S508) The time information accumulation unit 134 associates the time information acquired in step S507 with the user identifier and accumulates it at least temporarily. Return to step S501.

(Step S509) The processing unit 13 constructs an error message. The transmission unit 14 transmits the error message. Return to step S501.

(Step S510) The prohibition processing unit 135 performs prohibition processing. Return to step S501. An example of the prohibition processing will be described using the flowchart in FIG. 9.

In the flowchart in Figure 5, processing ends when the power is turned off or an interrupt occurs to end processing.

Next, a first example of the support process in step S506 will be described using the flowchart in FIG.

(Step S601) The support unit 132 determines whether the user's access destination has been determined to be one. If it has been determined to be one, the process proceeds to step S603; if it has not been determined, the process proceeds to step S602.

(Step S602) The access information receiving unit 122 determines whether or not access information has been received from the work terminal 3. If access information has been received, the process proceeds to step S603; if access information has not been received, the process returns to step S602.

(Step S603) The support unit 132 acquires a site identifier corresponding to the access information. Note that the site identifier corresponding to the access information is, for example, a site identifier included in the access information and authentication information included in the access information.

(Step S604) The support unit 132 acquires authentication information corresponding to the site identifier acquired in step S603. Note that the support unit 132 may acquire the authentication information included in the access information, or may acquire the authentication information corresponding to the site identifier from the authentication information storage unit 111.

(Step S605) The support unit 132 uses the authentication information acquired in step S604 to log in to site 4 identified by the site identifier and acquires the web page after logging in.

(Step S606) The support unit 132 sends the web page acquired in step S605 to the work terminal 3.

Next, a second example of the support process in step S506 will be described with reference to the flowchart in FIG. 7. Note that in the flowchart in FIG. 7, the description of the same steps as in the flowchart in FIG. 6 will be omitted.

(Step S701) The support unit 132 accesses the site 4 identified by the site identifier and obtains a login page, which is a page for logging in to the site 4.

(Step S702) The support unit 132 inputs the authentication information acquired in step S604 into the login page acquired in step S701.

(Step S703) The support unit 132 sends the login page created in step S702 to the work terminal 3.

Next, a third example of the support process in step S506 will be described using the flowchart in FIG. 8. Note that in the flowchart in FIG. 8, the description of the same steps as in the flowchart in FIG. 6 will be omitted.

(Step S801) The support unit 132 sends the authentication information acquired in step S604 to the work terminal 3.

Next, an example of the prohibition process in step S510 will be described using the flowchart in FIG.

(Step S901) The prohibition processing unit 135 assigns 1 to counter i.

(Step S902) The prohibition processing unit 135 determines whether the i-th time information is stored. Note that the i-th time information is the time information stored in step S508.

(Step S903) The prohibition processing unit 135 acquires current time information, which is information about the current time, from a clock (not shown) or a timer (not shown).

(Step S904) The prohibition processing unit 135 obtains the elapsed time, which is the difference between the current time information and the i-th time information.

(Step S905) The prohibition processing unit 135 determines whether the elapsed time acquired in step S904 satisfies the prohibition condition. If the prohibition condition is satisfied, the process proceeds to step S906. If the prohibition condition is not satisfied, the process proceeds to step S908.

(Step S906) The prohibition processing unit 135 performs a work prohibition process for the user corresponding to the i-th time information. The work prohibition process is a process that prohibits the user from performing work on the site 4 corresponding to the i-th time information using the work terminal 3. The work prohibition process is, for example, for the site 4 currently logged in,

(Step S907) The prohibition processing unit 135 deletes the i-th time information.

(Step S908) The prohibition processing unit 135 increments the counter i by 1. Return to step S902.

Next, an example of the operation of the user terminal 2 will be explained using the flowchart in FIG. 10.

(Step S1001) The user reception unit 22 determines whether or not an authentication request has been received from the user. If an authentication request has been received, the process proceeds to step S1002; if an authentication request has not been received, the process returns to step S1001.

(Step S1002) The user processing unit 23 uses the authentication request accepted in step S1001 to construct an authentication request to be sent. The user sending unit 24 sends the authentication request to the authentication server 1.

(Step S1003) In response to the transmission of the authentication request, the user receiving unit 25 determines whether or not a code has been received from the authentication server 1. If a code has been received, the process proceeds to step S1004; if a code has not been received, the process returns to step S1003.

(Step S1004) The user processing unit 23 uses the received code to construct a code to be output. The user output unit 26 outputs the code. Return to step S1001.

In the flowchart in Figure 10, processing ends when the power is turned off or an interrupt occurs to end processing.

Next, an example of the operation of the work terminal 3 will be described using the flowchart in FIG. 11.

(Step S1101) The work reception unit 32 determines whether or not a code acquisition instruction has been received. If a code acquisition instruction has been received, the process proceeds to step S1102. If a code acquisition instruction has not been received, the process proceeds to step S1110.

(Step S1102) The terminal code acquisition unit 331 acquires the code output by the user terminal 2.

(Step S1103) The selection item set construction unit 332 constructs a selection item set using the code obtained in step S1102.

(Step S1104) The selection item set output unit 361 outputs the selection item set constructed in step S1103.

(Step S1105) The selection receiving unit 321 determines whether or not the selection of one of the items included in the set of selected items acquired in step S1104 has been received. If the selection of one item has been received, the process proceeds to step S1106, and if the selection of one item has not been received, the process returns to step S1105.

(Step S1106) The access information construction unit 333 constructs access information corresponding to the selection accepted in step S1105.

(Step S1107) The access information sending unit 341 sends the access information. The access information is, for example, authentication information for logging in to the site 4 corresponding to the selection, and an ID that identifies the authentication information for logging in to the site 4 corresponding to the selection.

(Step S1108) In response to the access information being transmitted, the web page receiving unit 351 determines whether or not a web page has been received. If a web page has been received, the process proceeds to step S1109, and if a web page has not been received, the process returns to step S1108. Note that the received web page is a web page after logging in to the site 4 corresponding to the selection, or a web page for logging in to the site 4 corresponding to the selection. The web page for logging in to the site 4 corresponding to the selection includes, for example, authentication information.

(Step S1109) The web page output unit 362 outputs the web page received in step S1108. Return to step S1101.

(Step S1110) The work reception unit 32 determines whether or not input has been received. If input has been received, the process proceeds to step S1111, and if input has not been received, the process returns to step S1101. Note that input is, for example, input to the web page output in step S1109.

(Step S1111) The work processing unit 33 etc. performs processing according to the input received in step S1110. Return to step S1101.

In the flowchart of FIG. 11, the work reception unit 32 may receive a login instruction to log in to one site 4. In such a case, the access information configuration unit 333 configures access information according to the login instruction, and the access unit 334 uses the access information to log in to one site 4.

In addition, in the flowchart in Figure 11, processing ends when the power is turned off or an interrupt occurs to end processing.

The following describes a specific example of the operation of information system A in this embodiment.

Now, suppose that the authentication information management table shown in FIG. 12 is stored in the authentication information storage unit 111 of the authentication server 1. The authentication information management table is a table that manages one or more pieces of authentication information for each user. The authentication information management table manages records having "ID", "user identifier", "user terminal identifier", "work terminal identifier", "site information", "authentication information", and "flag". "Site information" is information about the site 4 to which the user logs in, and has a "site identifier" and a "site URL". "Authentication information" is "ID" and "PW" here. "ID" is information that identifies the record. "Site identifier" is information that identifies the site, and in this case, for example, is the site name. "Site URL" is information for accessing the site 4, and in this case, is the URL. "ID" is an ID (which may be called an account ID) for logging in to the site 4, and "PW" is a password for logging in to the site 4. "Flag" is information that specifies whether the site 4 is a site used for work or a site used for personal use. A flag "1" indicates that the corresponding site 4 is a site used for work. Flag "2" indicates that the corresponding site 4 is a private site.

The authentication information in the authentication information management table is, for example, information that is input by a user to the user terminal 2, transmitted from the user terminal 2 to the authentication server 1, and stored by the authentication server 1.

It is also assumed that the code storage unit 112 stores a code information management table as shown in FIG. 13. The code information management table is a table that manages codes. The code here is, for example, a QR code. The code information management table manages one or more records that have an "ID," "user identifier," and "code."

The "code" of "ID=1" in FIG. 13 has authentication information embedded therein for logging in to each of the three sites 4 of "ID=1" in FIG. 12. Also, the "code" of "ID=1" has authentication information embedded therein for logging in to each of the three sites 4 of "ID=2" in FIG. 12. Each code in the code information management table is a code that is generated by the code acquisition unit 131, for example, after the authentication information is accumulated, by embedding the one or more pieces of authentication information using the one or more pieces of authentication information corresponding to the authentication information.

In this situation, a specific example of the operation of information system A will be described with reference to FIG. 14.

(Specific Example 1)
Assume that the user inputs an authentication request "<user identifier>U01" to the user terminal 2. Next, the user accepting unit 22 of the user terminal 2 accepts the authentication information. The user processing unit 23 uses the accepted authentication information to compose authentication information to be transmitted. The user transmitting unit 24 transmits the authentication information "<user identifier>U01" to the authentication server 1 (FIG. 14 (1)).

Next, the authentication request receiving unit 121 of the authentication server 1 receives the authentication request "<user identifier>U01". Next, the code obtaining unit 131 obtains the user identifier "U01" contained in the authentication request. Next, the code obtaining unit 131 obtains the code corresponding to the user identifier "U01" from the code management table in FIG. 13. Next, the code transmitting unit 141 transmits the code to the user terminal 2 (FIG. 14 (2)).

Next, the user receiving unit 25 of the user terminal 2 receives the code. Next, the user processing unit 23 uses the received code to construct a code to be output. Next, the user output unit 26 outputs the code (1401 in FIG. 14).

Next, the user inputs a code acquisition instruction to the work terminal 3. Next, the work reception unit 32 of the work terminal 3 accepts the code acquisition instruction. Note that the work reception unit 32 accepts, for example, a code acquisition instruction, which is an instruction to read a code, here. Next, the terminal code acquisition unit 331 reads the code 1301 output by the user terminal 2.

Next, the selection item set construction unit 332 obtains the information embedded in the read code. The embedded information is, for example, "<site information> <site identifier>EC01 <site URL>URL1 <ID>ID11 <PW>PW11 <flag>2 </site information> <site information> <site identifier>EC02 <site URL>URL2 <ID>ID12 <PW>PW12 <flag>2 </site information> <site information> <site identifier>Library <site URL>URL3 <ID>ID13 <PW>PW13 <flag>2 </site information> <site information> <site identifier>Integrated ID <site URL>URL4 <ID>ID14 <PW>PW14 <flag>1 </site information> <site information> <site identifier>RDS <site URL>URL5 <ID>ID15 <PW>PW15 <flag>1 </site information>."

Next, the selection item set constructing unit 332 constructs a selection item set using the acquired information. Next, the selection item set output unit 361 outputs the constructed selection item set. An example of such output is shown in FIG. 15.

In FIG. 15, the selection item set configuration unit 332 configures a selection item set with the selection items ranging from "site identifier corresponding to <flag> 1" (work) to "site identifier corresponding to <flag> 2" (personal).

Next, let us assume that the user selects the site "EC01" from among the site identifiers output in FIG. 15. The selection acceptance unit 321 of the work terminal 3 then accepts the selection of one item "EC01" from among the items included in the set of selected items. Next, the access information configuration unit 333 acquires the access information "<site URL> URL1 <ID> ID11 <PW> PW11" corresponding to the accepted selection. Next, the access information transmission unit 341 transmits the access information and the work terminal ID to the authentication server 1 (FIG. 14 (4)). The work terminal ID is the ID of the work terminal for accessing the work terminal 3, and is, for example, an IP address. Also, "associating personal computer/smartphone information" in FIG. 14 means that the work terminal 3 and the user terminal 2 are associated in the authentication server 1 by transmitting the ID of the work terminal 3 in association with the ID of the user terminal 2.

Next, the access information receiving unit 122 of the authentication server 1 receives the access information "<site URL> URL1 <ID> ID11 <PW> PW11" and the work terminal ID. Next, the support unit 132 uses the access information to access the site 4 corresponding to "<site URL> URL1" and makes an authentication request to the site 4 using "<ID> ID11 <PW> PW11" and the work terminal ID (FIG. 14 (4)).

Next, site 4 receives "<ID>ID11 <PW>PW11" and the work terminal ID, and performs authentication to permit login using "<ID>ID11 <PW>PW11", and obtains the web page after login. Next, site 4 transmits the web page to the work terminal 3 identified by the work terminal ID (FIG. 14 (5)).

Next, the work terminal 3 receives and outputs the web page. Thereafter, the user can use the work terminal 3 to perform various operations on the site 4 corresponding to "<site URL> URL1".

(Specific Example 2)
In a specific example of this embodiment, it is assumed that the code information management table shown in FIG. 16 is stored in the code storage unit 112 of the authentication server 1 instead of the table shown in FIG.

Then, suppose that the user inputs an authentication request "<user identifier> U01 <user terminal identifier> UT11 <work terminal identifier> WT11" to the user terminal 2. Next, the user reception unit 22 of the user terminal 2 receives the authentication information. The user processing unit 23 uses the received authentication information to construct authentication information to be sent. The user transmission unit 24 transmits the authentication information to the authentication server 1 (FIG. 14 (1)).

Next, the authentication request receiving unit 121 of the authentication server 1 receives the authentication request "<user identifier> U01 <user terminal identifier> UT11 <work terminal identifier> WT11". Next, the code acquisition unit 131 acquires the user identifier "U01", the user terminal identifier "UT11", and the work terminal identifier "WT11" contained in the authentication request. Next, the code acquisition unit 131 acquires a code corresponding to the user identifier, etc., from the code management table of FIG. 16. Next, the code transmission unit 141 transmits the code to the user terminal 2 (FIG. 14 (2)).

Next, the user receiving unit 25 of the user terminal 2 receives the code. The user processing unit 23 uses the received code to construct a code to be output. Next, the user output unit 26 outputs the code (1401 in FIG. 14).

Next, the work reception unit 32 of the work terminal 3 receives a code acquisition instruction. For example, the work reception unit 32 receives a code acquisition instruction, which is an instruction to read a code. The terminal code acquisition unit 331 reads the code output by the user terminal 2.

Next, the selection item set constructor 332 obtains the information embedded in the read code. The embedded information is, for example, "<site information> <site identifier> library <site URL> URL3 <ID> ID13 <PW> PW13 <flag> 2."

Next, the selection item set construction unit 332 determines that the information about site 4 contained in the embedded information is information about a single site, and does not construct a selection item set.

Next, the access information configuration unit 333 obtains the access information "<site URL> URL3 <ID> ID13 <PW> PW13" that corresponds to the embedded information. Next, the access unit 334 uses the access information to access site 4 identified by "URL3" and logs in to site 4 using "<ID> ID13 <PW> PW13."

Then, the user can use the work terminal 3 to perform various operations on the site 4 corresponding to "<site URL> URL 3".

As described above, this embodiment provides a mechanism for easily logging in to a site while ensuring the security of authentication information used to log in to the site.

Furthermore, according to this embodiment, a mechanism can be provided that allows logging in to the site 4 from the work terminal 3 only when a specific user terminal 2 is used.

Furthermore, according to this embodiment, a mechanism can be provided that allows logging in to site 4 from a work terminal 3 only when a specific work terminal 3 is used.

The processing in this embodiment may be realized by software. This software may be distributed by software download or the like. This software may also be recorded on a recording medium such as a CD-ROM and distributed. This also applies to the other embodiments in this specification. The software that realizes the authentication server 1 in this embodiment is a program such as the following. In other words, this program is a program for causing a computer that can access a code storage unit in which codes for one or more pieces of authentication information that correspond to one or more user identifiers and enable logging in to one or more sites to function as an authentication request receiving unit that receives an authentication request corresponding to a user identifier from a user terminal, a code acquisition unit that acquires a code corresponding to the user identifier from the code storage unit in response to receiving the authentication request, a code sending unit that transmits the code acquired by the code acquisition unit to the user terminal, an access information receiving unit that receives the code transmitted by the code sending unit and receives access information, which is information corresponding to the code and is information for logging in to one or more sites, from a work terminal that has acquired the code from the user terminal that has output the code, and a support unit that uses the access information to perform support processing for the work terminal to log in to one or more sites.

The software for realizing the work terminal 3 in this embodiment is the following program. That is, this program causes a computer to function as a terminal code acquisition unit that acquires a code from a user terminal, a selection item set configuration unit that configures a selection item set in which two or more sites are selected items and which is information corresponding to the code acquired by the terminal code acquisition unit, a selection item set output unit that outputs the selection item set, a selection acceptance unit that accepts the selection of one or more selection items from the selection item set, an access information configuration unit that configures access information for the sites corresponding to each of the one or more selection items, and an access information transmission unit that transmits the access information, and the computer becomes able to access the sites in response to the transmission of the access information.

FIG. 16 also shows the appearance of a computer that executes the programs described in this specification to realize the authentication server 1 and the like of the various embodiments described above. The above-mentioned embodiments can be realized by computer hardware and computer programs executed thereon. FIG. 16 is an overview of this computer system 300, and FIG. 17 is a block diagram of system 300.

In FIG. 16, computer system 300 includes computer 301, which includes a CD-ROM drive, keyboard 302, mouse 303, and monitor 304.

In FIG. 17, in addition to a CD-ROM drive 3012, computer 301 includes an MPU 3013, a bus 3014 connected to the CD-ROM drive 3012 etc., a ROM 3015 for storing programs such as a boot-up program, a RAM 3016 connected to the MPU 3013 for temporarily storing instructions for application programs and providing temporary storage space, and a hard disk 3017 for storing application programs, system programs, and data. Although not shown here, computer 301 may further include a network card that provides connection to a LAN.

A program that causes computer system 300 to execute functions such as the authentication server of the above-mentioned embodiment may be stored on CD-ROM 3101, inserted into CD-ROM drive 3012, and then transferred to hard disk 3017. Alternatively, the program may be sent to computer 301 via a network (not shown) and stored on hard disk 3017. The program is loaded into RAM 3016 when executed. The program may be loaded directly from CD-ROM 3101 or the network.

The program does not necessarily have to include an operating system (OS) or third-party programs that cause computer 301 to execute functions such as the authentication server of the above-described embodiment. The program only needs to include instructions that call appropriate functions (modules) in a controlled manner to achieve the desired results. How computer system 300 operates is well known, and a detailed description will be omitted.

In the above program, the steps of transmitting information and receiving information do not include processing performed by hardware, such as processing performed by a modem or interface card in the transmission step (processing that is performed only by hardware).

The computer that executes the above program may be a single computer or multiple computers. In other words, it may perform centralized processing or distributed processing.

Furthermore, in each of the above embodiments, it goes without saying that two or more communication means present in one device may be realized physically by one medium.

In addition, in each of the above embodiments, each process may be realized by centralized processing in a single device, or may be realized by distributed processing in multiple devices.

The present invention is not limited to the above-described embodiment, and various modifications are possible, and it goes without saying that these are also included within the scope of the present invention.

As described above, the authentication server according to the present invention has the effect of providing a mechanism for easily logging in to a site while ensuring the security of the authentication information used to log in to the site, and is useful as an authentication server, etc.

A Information system 1 Authentication server 2 User terminal 3 Work terminal 4 Site 11 Storage unit 12 Receiving unit 13 Processing unit 14 Transmission unit 21 User storage unit 22 User receiving unit 23 User processing unit 24 User transmitting unit 25 User receiving unit 26 User output unit 31 Work storage unit 32 Work receiving unit 33 Work processing unit 33 Terminal processing unit 34 Work transmitting unit 35 Terminal receiving unit 35 Work receiving unit 36 Work output unit 111 Authentication information storage unit 112 Code storage unit 121 Authentication request receiving unit 122 Access information receiving unit 131 Code acquisition unit 132 Support unit 133 Time information acquisition unit 134 Time information accumulation unit 135 Prohibition processing unit 141 Code transmission unit 321 Selection receiving unit 331 Terminal code acquisition unit 332 Selection item set constructing section 333 Access information constructing section 334 Access section 341 Access information transmitting section 351 Web page receiving section 361 Selection item set output section 362 Web page output section

Claims (11)

a code storage unit in which codes for one or more pieces of authentication information that enable login to one or more sites are stored in association with one or more user identifiers;
an authentication request receiving unit that receives an authentication request corresponding to a user identifier from a user terminal;
a code acquisition unit configured to acquire a code corresponding to the user identifier from the code storage unit in response to receiving the authentication request;
a code transmission unit that transmits the code acquired by the code acquisition unit to the user terminal;
an access information receiving unit that receives the code transmitted by the code transmitting unit and receives, from an operating terminal that has acquired the code from the user terminal that output the code, access information that corresponds to the code and is information for logging in to one or more sites;
and a support unit that uses the access information to perform a support process for the work terminal to log in to one or more sites. The support unit includes:
The authentication server of claim 1 performs a first support process of acquiring one or more authentication information corresponding to the access information, accessing one or more sites using the one or more authentication information, acquiring a web page after logging in to each of the one or more sites, and sending the web page to the work terminal; or performs a second support process of acquiring one or more authentication information corresponding to the access information, accessing one or more sites, acquiring a web page for logging in to each of the one or more sites, constructing a web page into which authentication information corresponding to the web page is input, and sending the web page to the work terminal; or performs a third support process of acquiring one or more authentication information corresponding to the access information and sending it to the work terminal. The authentication information is associated with a user terminal identifier for identifying a user terminal,
The authentication request includes a user identifier and a user terminal identifier;
The code acquisition unit
An authentication server as described in claim 1 or claim 2, which, in response to receiving the authentication request, obtains a code that enables logging in to one or more sites that can be logged in using the user identifier corresponding to the user identifier and one or more pieces of authentication information corresponding to the user terminal identifier. The authentication information is associated with a work terminal identifier for identifying the work terminal,
The authentication request includes a user identifier and a work terminal identifier,
The code acquisition unit
The authentication server according to any one of claims 1 to 3, wherein in response to receiving the authentication request, a code is obtained that enables logging in to one or more sites that can be logged in using the user identifier corresponding to the user identifier and one or more pieces of authentication information corresponding to the work terminal identifier. A part of the authentication information is associated with a work terminal identifier in association with a user identifier, but other authentication information is not associated with a work terminal identifier,
The authentication request may or may not include a work terminal identifier,
The code acquisition unit
The authentication server of claim 4, wherein when an authentication request that does not have the work terminal identifier is received, a code is obtained that enables logging in to the two or more sites that can be logged in using authentication information that corresponds to the user identifier and does not correspond to the work terminal identifier. a time information acquisition unit that acquires time information for the code acquired by the code acquisition unit;
a time information storage unit that stores the time information in association with the user identifier;
The authentication server of any one of claims 1 to 5, further comprising a prohibition processing unit that performs a prohibition process, which is a process for logging out or preventing login to a site corresponding to the user identifier, if a certain time or more has passed since the time specified by the time information. A terminal code acquisition unit that acquires a code from a user terminal;
a selection item set configuration unit that configures a selection item set, the selection item set being information corresponding to the code acquired by the terminal code acquisition unit, and having two or more sites as selection items;
a selection item set output unit that outputs the selection item set;
a selection receiving unit that receives a selection of one or more selection items from the set of selection items;
an access information configuration unit that configures access information for a site corresponding to each of the one or more selection items;
an access information transmitting unit that transmits the access information to the authentication server according to any one of claims 1 to 6 ;
A work terminal that is capable of accessing the site in response to the transmission of the access information. An information processing method implemented by a code storage unit in which a code for one or more pieces of authentication information that enables login to one or more sites is stored in association with one or more user identifiers, an authentication request receiving unit, a code acquiring unit, a code transmitting unit, an access information receiving unit, and a support unit,
an authentication request receiving step in which the authentication request receiving unit receives an authentication request corresponding to a user identifier from a user terminal;
a code acquisition step of acquiring, from the code storage unit, a code corresponding to the user identifier in response to receiving the authentication request, the code acquisition unit;
a code transmitting step in which the code transmitting unit transmits the code acquired in the code acquiring step to the user terminal;
an access information receiving step in which the access information receiving unit receives the code transmitted in the code transmitting step, and receives, from a working terminal that has acquired the code from the user terminal that output the code, access information that corresponds to the code and is information for logging in to one or more sites;
and a support step in which the support unit performs a support process for the work terminal to log in to one or more sites using the access information. An information processing method implemented by a terminal code acquisition unit, a selection item set configuration unit, a selection item set output unit, a selection reception unit, an access information configuration unit, and an access information transmission unit,
a terminal code acquisition step in which the terminal code acquisition unit acquires a code from a user terminal;
a selection item set constructing step in which the selection item set constructing unit constructs a selection item set having two or more sites as selection items, the selection item set being information corresponding to the code acquired in the terminal code acquiring step;
a selection item set output step in which the selection item set output unit outputs the selection item set;
a selection receiving step in which the selection receiving unit receives a selection of one or more selection items from the set of selection items;
an access information construction step in which the access information construction unit constructs access information for a site corresponding to each of the one or more selection items;
an access information transmitting step of transmitting the access information to the authentication server according to any one of claims 1 to 6,
The information processing method further comprises the step of: enabling access to the site in response to transmission of the access information. A computer that can access a code storage unit in which codes for one or more pieces of authentication information that enable login to one or more sites are stored in association with one or more user identifiers,
an authentication request receiving unit that receives an authentication request corresponding to a user identifier from a user terminal;
a code acquisition unit configured to acquire a code corresponding to the user identifier from the code storage unit in response to receiving the authentication request;
a code transmission unit that transmits the code acquired by the code acquisition unit to the user terminal;
an access information receiving unit that receives the code transmitted by the code transmitting unit and receives, from an operating terminal that has acquired the code from the user terminal that output the code, access information that corresponds to the code and is information for logging in to one or more sites;
A program for causing the operating terminal to function as a support unit that uses the access information to perform support processing for logging in to one or more sites. Computer,
A terminal code acquisition unit that acquires a code from a user terminal;
a selection item set configuration unit that configures a selection item set, the selection item set being information corresponding to the code acquired by the terminal code acquisition unit, and having two or more sites as selection items;
a selection item set output unit that outputs the selection item set;
a selection receiving unit that receives a selection of one or more selection items from the set of selection items;
an access information configuration unit that configures access information for a site corresponding to each of the one or more selection items;
7. A program for causing the authentication server according to claim 1 to function as an access information transmission unit that transmits the access information,
A program that enables the computer to access the site in response to transmission of the access information.

Images