Patent Application
20050010657
1. Field of the Invention
The present invention relates to, for example, a technique which is usable in a network system of a client/server model in which a client and servers are connected via a network such as an Intranet or a LAN.
2. Related Background Art
When a client operates electronic data (e.g., electronic data such as a medical image which requires protection of privacy) stored in a server via a network, it is important to record a log, which shows who logs on to the server, which data is accessed and downloaded, what kinds of operations are performed, and the like, in a log file and manage the log file surely.
In addition, a log file should never be corrected or falsified. Thus, it is desirable to transfer log files recorded in clients to a server and manage the log files collectively in the server to thereby prevent the log files from being falsified by a malicious client (user). Further, it is also desirable to make an arrangement such that an administrator can refer to the log files any time.
In order to realize this, conventionally, a log is generated every time a client (user) operates data stored in a server and the log is transferred to the server or, when a fixed time has elapsed, log files generated during the fixed time are transferred from the client to the server.
However, a large load is applied to a network with a low communication speed by generating a log every time a client operates data stored in a server and transferring the log to the server. The large load deteriorates response from the network to cause decline in operability on the client (server) side.
In addition, the method of transferring log files at a point when a fixed time has elapsed has a problem in that the log files are not transferred to a server if some failure (e.g., disconnection of a network) occurs until the time elapses, and the log files cannot be managed surely on the server side.
Those are very critical problems when a security function of a server is considered. For example, after a client (user) has logged on to the server and downloaded data, if the client interrupts a network intentionally, log files are not transferred to the server. Therefore, if the client repeats such a method, log files from this client are never transferred to the server.
One aspect of the present invention is a network system including a server apparatus and a client apparatus to be connected to the server apparatus, in which: the client apparatus includes first storage means for storing contents of operations on the client apparatus and sending means for sending the contents of operations stored by the first storage means to the server apparatus; the server apparatus includes reception means for receiving the contents of operations sent by the sending means; and second storage means for storing the contents of operations received by the reception means; and the sending means sends the contents of operations stored by the first storage means to the server apparatus in response to a logoff operation of the client apparatus.
Other objects and features of the present invention will become apparent from the following description and the attached drawings.
Preferred embodiments, to which the present invention is applied, will be hereinafter described in detail with reference to the accompanying drawings.
The clients 12 to 15 are each provided with: a function for accessing and downloading the data stored in the server 11 and storing a record of operations as a log file; a function for monitoring alteration of a display screen and logoff from the server 11; and a function for transferring the log file stored in the clients 12 to 15 to the server 11.
In addition, the server 11 is provided with: a function for authenticating a client requesting connection to decide whether the client is allowed to make connection and access data; and a function for confirming whether log files transferred from the clients 12 to 15 have been completely received.
In addition, reference numeral 26 denotes a log file record unit which, when operations are executed with respect to the data stored in the server 11, records a history of the operations as a log file; 27, a monitor unit which monitors alteration of a display screen and logoff from the server 11; 28, a log file transfer unit which transfers the log file recorded by the log file record unit 26 to the server 11; and 29, a communication unit which accesses the server 11 and the other clients via the network 16 and communicates with the server 11 when the log file is transferred to the server 11.
In addition, reference numeral 36 denotes an authentication unit which, when the clients 12 to 15 request connection, authenticates the clients to decide whether the clients are allowed to make connection and access data; 37, a confirmation unit for confirming whether log files transferred from the clients 12 to 15 have been completely received; and 38, a communication unit which accesses the clients 12 to 15 via the network 16 and communicates with the clients 12 to 15 when the log files are transferred from the clients.
When a client wishes to execute operations such as browsing and change with respect to the data stored in the server 11, the client instructs the communication unit 29 to request connection to the server 11 through the instruction input unit 21, and the communication unit 29 requests the communication unit 38 of the server 11 to make connection. When the server 11 confirms, through the communication unit 38, that the request for connection from the client is received, the server 11 authenticates the client using the authentication unit 36 to decide whether the client is allowed to make connection.
When the authentication is successful, after accessing and downloading the data stored in the server 11, the client can perform operations such as browsing and change through the display unit 25. It is the CPU 22 that actually executes operations. In addition, the log file record unit 26 records a history of the operations as a log file. The recorded log file is temporarily stored in the memory 24.
When a series of operations such as browsing and change end, the client alters the display screen or logs off from the server 11. The operation is monitored by the monitor unit 27. When the monitor unit 27 confirms that the operation is performed, the monitor unit 27 stores the log file, which is stored in the memory 24, in the storage device 23 and instructs the log file transfer unit 28 to transfer the log file to the server 11.
When the log file transfer unit 28 confirms the instruction from the monitor unit 27, the log file transfer unit 28 transfers the log file to the server 11 by using the communication unit 29. The confirmation unit 37 monitors the log file transferred from the communication unit 29. The confirmation unit 37 confirms whether the log file transferred from the client has been completely received by the communication unit 38 of the server 11. If the confirmation unit 37 judges that the log file could not be received completely, the confirmation unit 37 requests the client to transfer the log file again after a fixed time has elapsed or at the time of the next logon.
On the other hand, if the confirmation unit 37 judges that the log file could be completely received, the confirmation unit 37 notifies the client, which transferred the log file, that the log file have been received completely and causes the client to end the transfer. Then, the confirmation unit 37 stores the log file in the storage device 33 of the server. Consequently, it is possible to manage the log file in the server 11.
In addition, since the log file is transferred when the display screen of the client is altered, transfer processing is not performed frequently. Therefore, loads applied to the CPU and the network can be reduced. Moreover, it is possible to transfer the log file immediately after a series of operations such as browsing and change end by transferring the log file at the time of logoff. Therefore, the conventional problem in that a log file is not transferred to a server owing to a network failure or the like within a fixed time is also solved.
<First Embodiment>
The client, which has logged on to the server, can access or download data stored in the server (step S104) and perform operations such as browsing and change (step S105). Then, a history of the operations is recorded in a log file by the log file record unit 26 in step S106.
When the client ends the operations such as browsing and change, the client alters the display screen or logs off from the server in step S107. The monitor unit 27 monitors those operations. When those operations are executed, in step S108, the monitor unit 27 stores the log file in the storage device 23 and instructs the log file transfer unit 28 to transfer the log file to the server. When the log file transfer unit 28 confirms the instruction, the log file transfer unit 28 transfers the log file to the server (step S109).
The confirmation unit 37 of the server monitors the log file transferred from the client in step S110. If the log file could not be received completely, the server proceeds to step S111. In step S111, the server returns to S109 after a fixed time has elapsed, and causes the client to transfer the log file again. On this occasion, if the client has logged off or has shut down the machine, the server cannot cause the client to transfer the log file again after the fixed time has elapsed. Thus, the server causes the client to transfer the log file again at the time of the next logon.
In addition, if the log file could be received completely, the server notifies the client, which has transferred the log file, of completion of the reception in step S112, and ends the transfer. Then, the server stores the log file in the storage device 33 of the server in step S113. This makes it possible to transfer the log file surely and manage the log file in the server.
<Second Embodiment>
In the first embodiment, the authentication unit 36 is described as authenticating a connection request from the client. However, this is not necessarily the only function that the authentication unit 36 has. The authentication unit 36 also has a function for, if a log file at the time of the last logon of a client requesting connection has not been transferred to the server 11, not giving the client a right to access data stored in the server 11 even if the authentication is successful.
In step S201, the confirmation unit 37 judges whether a log file at the time of the last logon of the client, which logged on to the server, has been completely received in the server. If the log file has been received, the authentication unit 36 gives the client a right to access data. If the log file has not been received, the server requests the client to transfer the log file again, and the authentication unit 36 does not give the client a right to access data.
As described above, according to the embodiment, the conventional problem in that a client cannot transfer a log file owing to poor response, a network failure, or the like which is caused by a load on a network, and a server cannot manage a log file surely can be solved by transferring the log file to the server at the time of alteration of a display screen or at the time of logoff to prevent a large quantity of logs from being transferred to the server. Moreover, the problem in that a log file cannot be transferred owing to a network failure or the like, which has occurred within a fixed time, can also be solved.
In addition, it is possible to construct a network system provided with a higher security function by causing a client to transfer a log file again after a fixed time has elapsed or at the time of the next logon and by adding a function for, if a server could not receive a log file completely, not giving a client a right to access data even if the client is successful in logon next time.
In addition, the object of the present invention may be also attained by supplying a storage medium having stored thereon a program code for software for realizing the above-mentioned functions of the embodiments to a system or to an apparatus, and a computer (a CPU or an MPU) of the system or the apparatus reading out and executing the program code stored in the storage medium.
In this case, the program code itself read out from the storage medium realizes the above-mentioned functions of the embodiment. The program code itself and the storage medium having stored thereon the program code constitute the present invention.
Examples of an available storage medium for supplying the program code include a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, and a ROM.
In addition, the present invention may include not only a case in which the above-mentioned functions of the embodiments are realized by a computer executing a read-out program code but also a case in which an OS (a basic system or an operating system) or the like running on the computer performs actual processing partly or entirely on the basis of an instruction of the program code, and the above-mentioned functions of the embodiments are realized by the processing.
Moreover, the present invention may also include a case in which, after a program code read out from a storage medium is written in a memory provided in a function extended board inserted in a computer or provided in a function extended unit connected to the computer, a CPU or the like provided in the function extended board or in the function extended unit performs actual processing partly or entirely on the basis of an instruction of the program code, and the above-mentioned functions of the embodiments are realized by the processing.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2003-158531 | Jun 2003 | JP | national |
