JPH09168055A - Security controller - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain security check in the unit of maintenance personnel and secure and flexible security by revising execution enable operation information which is stored in a way that a range of the operation executed by the maintenance personnel is much more restricted. SOLUTION: A security information storage means 111 of a maintenance operation device 100 stores security information corresponding to a maintenance personnel. Furthermore, an operation mistake number count means 112 counts the number of times of operation mistake by maintenance personnel corresponding to each maintenance personnel. Then a security level revision means 113 revises execution enable operation information stored in the security information storage means 111 so that the range of operation executed by the corresponding maintenance personnel is more limited for the maintenance personnel whose number of times of operation mistake counted by the operation mistake number count means 112 exceeds a prescribed threshold level. Thus, in a broad area intansive maintenance form maintenance operation system, the security check in the unit of maintenance personnel in response to the actual technical level of the maintenance personnel is conducted.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a maintenance terminal in a maintenance operation system that collects monitoring information from each maintenance target device distributed in each area through a line and controls each maintenance target device through the line. The present invention relates to a device that manages security information for maintenance personnel who perform maintenance operations through.

[0002]

2. Description of the Related Art For example, a telecommunications carrier providing a communication service through a network needs to monitor the failure state of exchanges and the like distributed in each area within a service area and take immediate action when a failure is detected. However, it takes a lot of time and labor if the maintenance personnel go to the installation site of the exchange to perform maintenance work.Therefore, maintenance centers are usually set up at important points in the service area, and each maintenance center is within the scope of jurisdiction. A method of collecting and managing the monitoring information of all the exchanges through the line and transmitting the control information for maintenance to the exchanges in which an abnormality is detected is used.

In such a wide area integrated maintenance type maintenance operation system, maintenance is performed on the exchange through a maintenance terminal installed in a maintenance center. However, if a person who is not qualified as a maintenance person performs a maintenance operation, an operation error or the like is serious. Since it may cause various troubles, it is necessary to perform a security check on the operator who logs in from the maintenance terminal. Conventionally, when the maintenance person logs in from the maintenance terminal, the password assigned to each person is input together with the maintenance person ID, and the maintenance computer or the like checks the password to determine whether or not login is possible.

Further, in the maintenance operation system of the wide-area integrated maintenance mode, since the number of maintenance target devices is large, it is necessary to display the monitoring screen showing the monitoring status of each device hierarchically for each region. FIG. 18 is a diagram showing an example of hierarchical display of the monitoring screen. In this example, the monitoring screen is hierarchically displayed in three stages of city area <prefecture area <local area, and is displayed in device units in the city area monitoring screen, in city units in the prefecture area monitoring screen, and in prefecture units in the local area monitoring screen. Each shows the monitoring status.

On the Yokohama city monitoring screen in the figure, all the exchanges a1, a2, a3 installed in Yokohama city and the maintenance control device A above them are displayed. For each exchange, the normal / abnormal distinction, the degree of failure, etc. are represented by, for example, color coding according to the respective monitoring states. In addition, the Kanagawa prefecture monitoring screen, which is a higher screen of the Yokohama city monitoring screen, collectively shows the monitoring status of all cities in Kanagawa prefecture such as Yokohama city and Kawasaki city. For example, if there is an abnormality in one of the exchanges in the city of Yokohama, the frame indicating Yokohama is filled with a color indicating the abnormality. Similarly, the Kanto region monitoring screen, which is a higher screen of the Kanagawa prefecture monitoring screen, collectively displays the monitoring information of all prefectures belonging to the Kanto region.

[0006]

As described above, the conventional security check is a simple method in which the password entered by the maintenance person at the time of login is checked to determine whether or not the login is possible. However, this method does not consider the security against erroneous operation after the maintenance person logs in. To maintain security against erroneous operations by maintenance personnel, maintain a security level (specifically, types of usable operations, operable maintenance target devices, etc.) according to the maintenance personnel's technical skills regarding system operations. It is decided for each person in charge, and the security level of each maintenance person is registered in the system.
It is desirable to judge the prohibition. However, even with this security check method, security can be applied according to the level of the maintainer once determined at the time of registration, so if the maintainer does not have the technical capability corresponding to the registered security level, the maintainer is originally Since the permission is given to the operation that should not be performed, the security against the erroneous operation cannot be sufficiently maintained.

[0007] In most cases, a maintenance person who logs in to a maintenance operation system that hierarchically displays monitoring screens selects and displays a monitoring screen in his or her own area after logging in. Therefore, the maintainer has to perform the same selection operation every time he logs in, which is complicated.

Further, in the hierarchical monitor screen display, the monitor state of the upper screen is displayed in a form in which the monitor states of the lower screens are aggregated as described above, but in the conventional method, only the upper and lower membership relationships are displayed. Since the monitoring statuses are aggregated in consideration, the maintenance person cannot judge whether or not the switching device he is in charge of is out of order simply by looking at the upper screen. Specifically, in FIG. 18, when the maintenance personnel X are in charge of the exchanges a1 and a2 in Yokohama, and a failure occurs in the exchange a3 in Yokohama, when the Kanagawa prefecture monitoring screen is displayed, The fault condition is indicated (eg in red). However, when the Yokohama-shi monitoring screen is displayed next time, the exchange a3 shows a failure state, and the exchanges a1 and a2 show a normal state. Therefore, at this point, the maintenance person X has no trouble in his / her own device. To know In other words, the maintenance person cannot judge the occurrence of a failure in his / her own device until the lowest monitor screen is displayed.

[0009] Further, when the monitoring states other than the device in charge of the maintenance person are displayed on the monitoring screen in this way, not only is it troublesome for the maintenance person, but it may be a problem in the corporate strategy of the telecommunications carrier. . For example, when a telecommunications carrier outsources maintenance work to multiple external organizations, it may be desirable for each external company to display only the status of the equipment within the scope of consignment and hide the status of other equipment. .

Further, when performing a security check according to the security level of the maintenance person, whether or not the maintenance operation is possible is determined for each operation target device, so the type of operation to be performed and the operation target device are selected. Enter the password. The operation sequence is as follows. Only if the selected operation type and the operation target device are permitted by the security level of the maintenance person, and the entered password is correct,
The maintenance person can carry out the operation. However, when performing maintenance on a plurality of devices in charge in succession, it is necessary to repeat the operation of, and the maintenance person feels complicated.

Further, since the security information of each maintenance person is registered in the maintenance center to which the maintenance person belongs, the maintenance person can only log in from the maintenance terminal of the maintenance center to which the maintenance person belongs. For example, when a maintenance engineer X who belongs to the maintenance center B in the Tokai region is in a business trip to the maintenance center A in the Kanto region and his or her device fails, he / she is in charge of the maintenance terminal of the maintenance center A via the maintenance center B. Even if the user tries to perform maintenance operation by connecting to the device, he cannot log in because the security information of the maintenance person X is not registered in the maintenance center A.

The present invention has been made in view of the above problems, and in a maintenance operation system of a wide area integrated maintenance mode, a security check is performed for each maintenance person according to the actual technical level of the maintenance person, and maintenance is performed. It is an object of the present invention to improve the efficiency and certainty of maintenance work by maintenance personnel, and further to allow maintenance personnel to perform maintenance work without being restricted by the location area.

[0013]

In order to solve the above-mentioned problems, the present invention provides a maintenance operation device 100 for performing maintenance on a plurality of maintenance target devices through lines.
A security information storage unit 111 that stores security information for maintenance personnel including executable operation information indicating the types of operations that can be performed by maintenance personnel, and the number of operation mistakes that counts the number of operation mistakes performed by maintenance personnel for maintenance personnel. Counting means 112
For the maintenance person whose number of operation mistakes counted by the operation mistake frequency counting means 112 exceeds a predetermined threshold, the security information storage means 111 is arranged so that the range of operations that the maintenance person can perform is further restricted. Security level changing means 1 for changing the executable operation information stored in
There is provided a security control device 110 including

Further, in the present invention, the maintenance operation device 100 for performing maintenance on a plurality of maintenance target devices through a line, and target device information indicating the maintenance target device 101 which can be operated by the maintenance person, and each maintenance target device. A security information storage unit 111 for storing security information for a maintenance person including the belonging area information in which the belonging area of 101 is hierarchically divided into a plurality of division levels from a small division to a large division, and a maintenance person who should determine the maintenance range Based on the target device information and the affiliation area information stored in the security information storage unit 111, the partition level of the minimum hierarchy including all maintenance target devices 101 operable by the maintenance person is determined, and the area of the partition level is determined. Maintenance range determination means 11 for displaying the monitoring screen of
4 is provided.

Further, according to the present invention, the maintenance operation device 100 for performing maintenance on a plurality of maintenance target devices through a line is provided with the target device information indicating the maintenance target device 101 which can be operated by the maintenance person and each maintenance target device 101. Security information storage unit 111 for storing security information for maintenance personnel including the area information indicating the area to which the maintenance target apparatus 101 belongs, and the maintenance person who requests the display of the monitoring screen of the specific area to which the maintenance target apparatus 101 that can be operated by itself belongs. The target device information and belonging area information stored in the security information storage means 111, and the maintenance target device 101 operable by the maintenance person.
There is provided a security control device 110 including a monitoring screen display means 115 for displaying a monitoring screen showing a monitoring situation in the specific area based on the device state information notified from the device.

The security control device 110 described above stores in the security information storage means 111 each device 10 to be maintained.
When the belonging area information in which one belonging area is hierarchized into a plurality of division levels from a small division to a large division is stored, and the monitoring screen display unit 115 has a lower division level area belonging to the display target area of the monitoring screen. The most important monitoring situation indicated by each area of the lower division level may be reflected and displayed on the monitoring screen of the display target area.

Further, according to the present invention, the maintenance operation device 100 for performing maintenance on a plurality of maintenance target devices through a line is provided, and the executable operation information indicating the type of operation that can be performed by the maintenance person and the maintenance person's operation possible. Security information storage unit 111 that stores security information for maintenance personnel including target device information indicating the target maintenance target device 101, and maintenance based on the executable operation information and target device information stored in the security information storage unit 111. Menu display means 11 for displaying only the operation and the operation target device permitted by the maintenance person who is going to select the operation in the operation selection menu.
A security control device 110 is provided.

Further, according to the present invention, each maintenance operation device 100 in the maintenance operation system of the form in which a plurality of maintenance operation devices 100 for performing maintenance on the respective maintenance target devices through lines are connected to each other is provided in each maintenance operation device 100. Security information storage means 111 for storing security information for each maintenance person who belongs to the maintenance operation device 100.
And each maintenance operation device 100 in the maintenance operation system
The belonging information is extracted from the belonging information storage means 117 that stores the correspondence between the corresponding information and the assigned belonging information, and the belonging information from the maintenance person identification information of the maintenance person who started the maintenance operation in the maintenance operation device 100. The affiliation determination unit 118 that determines the maintenance operation device 100 corresponding to the affiliation information based on the correspondence relationship stored in the affiliation information storage unit 117.
When the affiliation determination unit 118 determines that the affiliation information of the maintenance person who started the maintenance operation on the maintenance operation device 100 corresponds to another maintenance operation device 100 ′, the other maintenance operation device 100 ′ On the other hand, the security information of the maintenance person is requested, and the other maintenance operation device 100 ′ is requested accordingly.
Security information requesting means 119 for receiving the security information returned from the other security operation device 100 '.
A security information providing unit that receives a request for security information of a maintenance person who belongs to the maintenance operation device 100, extracts the requested security information from the security information storage unit 111, and returns the security information to another maintenance operation device 100 ′. Security control device 11 including 120
0 is provided.

[0019]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 2 is a diagram showing a software configuration of the security control device 1 as one embodiment of the present invention. The security control device 1, as a software processing unit, a security update processing unit 10, an error counter cycle reset processing unit 11, a monitoring screen initial display processing unit 12,
Virtual monitoring screen display processing unit 13, command input processing unit 14
Further, the security information communication processing unit 15 is provided, and the data unit includes a security information table 20, a maintenance person operation error counter 21, a maintenance person id memory 22, an error threshold memory 23, and an affiliated center management information table 24.

FIG. 3 is a diagram showing the structure of the security information table 20. The security information table 20 stores the security information of all the maintenance personnel who belong to the maintenance center corresponding to the maintenance personnel, and the security information of a specific maintenance personnel is searched by using the maintenance personnel id as a key.
The security information of each maintainer consists of monitorable area information, monitorable node information, and a node / enterable command matrix.

The monitorable area information is hierarchized into three division levels of district, prefecture, and city, and indicates the area where the maintenance person can monitor. The monitorable node information indicates the node number of the node device that can be monitored by the maintenance person among all the node devices (switches and the like) that are controlled by the maintenance center. The observable area information and the observable node information are stored in such a manner that the correspondence between the observable node and the observable area to which it belongs can be understood. In the example in the figure, nodes # 1 to #
It can be seen that the node device of n belongs to the Kanto region, Kanagawa prefecture, and Yokohama city. The node / submittable command matrix is a matrix in which each node device that can be monitored by the maintenance person is associated with each row and each command that can be submitted to the node device is associated with each column. Flag information is stored so that the command and the input prohibition command can be identified.

FIG. 4 is a diagram showing the configuration of the maintenance personnel operation error counter 21. The maintenance person operation error counter 21 records the number of errors in command units and the total number of errors in all commands as operation error number information corresponding to the maintenance person (total number of times the result of command input is an error). The operation error frequency information of a specific maintenance person is searched using the person id as a key.

The maintenance person id memory 22 is a memory for storing the maintenance person id input by the maintenance person at the time of login. The error count threshold memory 23 is a memory that holds a threshold T1 of the error count of one command and a threshold T2 of the error count of all commands. The affiliation center management information table 24 is a memory that holds the correspondence between maintenance centers in each region and their center ids.

Next, the operation of each software processing unit constituting the security control device 1 will be described. The security update processing unit 10 counts the number of operation mistakes for each maintenance person, and when the number of operation mistakes exceeds a prescribed threshold value, adjusts (lowers) the security level of the maintenance person.

FIG. 5 is a flowchart showing the processing by the security update processing unit 10. When the maintenance person logs in, the security update processing unit 10 stores the maintenance person's id in the maintenance person id memory 22 (step S1), and when a command execution instruction is received from the maintenance person (step S2), the designated replacement node To the command execution command (step 3), and the command execution result notified from the switching node is received (step 4).

Then, the notified command execution result is analyzed (step 5), and if the command ends normally, the security update processing ends, but if the command ends abnormally, the maintenance that issued the command is completed. The operator's id is acquired from the maintainer's id memory 22 (step S6), and for that maintainer, 1 is added to the error count corresponding to the command in the maintainer operation error counter 21 and the total error count of all commands. (Step S
7).

Next, the total error count of all commands added in step 7 is compared with the total error count threshold T2 of all commands held in the error count threshold memory 23 (step S8), and the error after addition is compared. If the number of times is less than or equal to the threshold value T2, the process proceeds to step S10. If the number of errors after addition exceeds the threshold value T2, the maintenance person is permitted to input the node / entryable command matrix in the security information table 20. All the / prohibition flags are changed to "prohibition" (step S9), and the process proceeds to step S12.

Further, the error count corresponding to the command added in step 7 is compared with the error count threshold T1 of one command held in the error threshold memory 23 (step S10), and the error count after addition is the threshold value. If it is T1 or less, the security update process is terminated, and if the number of errors after addition exceeds the threshold T1, the node in the security information table 20 for the maintenance person concerned.
All the input permission / prohibition flags for the command in the inputtable command matrix are changed to "input prohibited" (step S11). When the security information is changed in step 9 or 11, the maintenance person and the system administrator are notified (step 12).

In order to obtain the operation error rate of the maintenance person, it is necessary to count the number of errors within a predetermined period, but since the number of errors in the maintenance operation error counter 21 is cumulatively added, the predetermined period has elapsed. It is necessary to reset the error count to "0" each time. The error counter cycle reset processing unit 11 resets the number of errors periodically. FIG. 6 is a flowchart showing the processing by the error counter cycle reset processing unit 11. The error counter cycle reset processing unit 11 is periodically activated and sets the error count of all maintenance personnel recorded in the maintenance personnel operation error counter 21 to “0”.
Reset to. If it is necessary to reset the number of errors in each maintenance person, for example, the error counter cycle reset processing unit 11 may be started in a fixed cycle for each maintenance person, or may be started when the maintenance person logs in or logs out. It is possible to reset only the error count of the maintenance person.

The monitoring screen initial display processing unit 12 is a process for determining the maximum range that can be monitored by the maintenance person when the maintenance person displays the monitoring screen, and displaying the monitoring screen corresponding to the maximum range. . For example, when the monitored device (exchange) is arranged as shown in FIG. 7, the maximum range that can be monitored by the maintenance person is determined by the following logic. Maintenance person X When the exchanges that can be monitored are a1 and a2 → Yokohama city monitoring screen is displayed When the maintenance personnel that can be monitored are a1, a2 and b1 → Kanagawa prefecture monitoring screen is displayed The maintenance person can be monitored Exchanges are a1, a2, b1, c
If it is 1 → Display Kanto area monitoring screen

Such determination processing can be performed by using the monitorable area information and the monitorable node information held in the security information table 20. As a result, the item to be selected when the maintenance person performs the operation of displaying the monitoring screen is automatically determined, so that the maintenance person's operation is simplified.

FIG. 8 is a flow chart showing the processing by the monitor screen initial display processing unit 12. When the maintenance person selects the monitoring operation from the operation menu, the monitoring screen initial display processing unit 1
2 acquires the id of the maintenance person from the maintenance person id memory 22 (step S20), and further acquires the security information of the maintenance person from the security information table 20 (step S21). Then, all the prefectures that can be monitored by the maintenance person are extracted from the acquired security information (step S22), and it is checked whether or not the number of extracted prefectures is plural (step S23). If there are a plurality of prefectures that can be monitored by the maintenance person, a local level monitoring screen is initially displayed (steps S24 and S29), and the monitoring screen initial display processing ends. In addition, if the prefecture that can be monitored by the maintenance person is only one prefecture, all the cities that can be monitored by the maintenance person are extracted from the security information (step S25), and it is checked whether or not the number of the extracted cities is plural. Yes (step S26). If there are multiple cities that can be monitored by the maintenance person, a prefecture-level monitoring screen is initially displayed (steps S27 and S29), and if there is only one city that the maintenance person can monitor, city-level monitoring is performed. Initially display the screen (steps S28 and S2
9).

The virtual monitoring screen display processing unit 13 sets a virtual monitoring target corresponding to the maintenance person, which includes only devices that can be monitored by the maintenance person, collects monitoring information in the virtual monitoring target, and monitors based on the result. Perform the process of displaying the screen. For example, even if the exchanges are actually arranged as shown in FIG. 7, when the maintenance personnel X can monitor only the exchanges a1 and a2 in Yokohama city, b1 in Kawasaki city and c1 in Urawa city, As shown in FIG. 9, as the maintenance target of the maintenance person X at the city level, a1, a2
Virtual Yokohama city containing only b1, virtual Kawasaki city containing only b1, and virtual Urawa city containing only c1 are set, and a1, a
The virtual Kanagawa prefecture containing only 2 and b1 and the virtual Saitama prefecture containing only c1 are set, and a1 and a are set as the local level monitoring targets of the maintenance person X.
Set a virtual Kanto region that includes only 2, b1 and c1,
Only the exchanges included in each virtual monitoring target are displayed on the monitoring screen.

In addition, the monitoring screen is displayed in the local area> prefecture area>
When displaying hierarchically like a city area, the display of the state of each city on the prefecture area monitoring screen should reflect the state of the most severe device among the monitorable devices belonging to that city, and each prefecture on the local area monitoring screen The status display of
The state of the most serious equipment that can be monitored in the prefecture should be reflected. For example, when the device status is displayed in three stages of red (severe failure status), yellow (slight failure status), and blue (normal status) on the monitoring screen displayed hierarchically as shown in FIG. , If a1 is blue, a2 is yellow, and a3 is red on the Yokohama city monitoring screen, the Yokohama city frame on the Kanagawa prefecture monitoring screen is displayed in red, reflecting the condition of the most seriously affected exchange a3. To be done.

FIG. 10 is a diagram specifically showing the configuration of the virtual monitoring screen display processing unit 13. Virtual monitoring screen display processing unit 1
Reference numeral 3 includes an operation selection reception unit, a monitor screen display control unit, and a message reception / distribution processing unit. The operation selection reception unit
A monitor screen display control unit is created and activated in response to a monitor selection made by a maintenance person. The message reception / distribution processing unit collectively receives the autonomous messages transmitted by all the accommodation nodes of the maintenance center, and distributes the messages to the operating monitor screen display control units.

When the monitor screen display control unit is activated, it creates a screen display information management table from the security information of the maintenance personnel and the delivered message, and controls the virtual monitor screen display based on it. FIG. 11 is a diagram showing a configuration example of the screen display information management table. In the screen display information management table, the alarm states of the monitorable node and the monitorable area of the maintenance person are managed. The alarm status of the monitorable node includes a minor failure, a serious failure, and a fatal failure depending on the degree of failure of the node. In addition, the alarm status of the monitorable area reflects the alarm status of the most severe node among the nodes belonging to the area, and is managed for each layer of district / prefecture / city. In the example of FIG. 11, the monitorable node # 4
Node # 4 because the alarm state of indicates a fatal failure.
The alarm conditions in the Kanto region, Kanagawa prefecture, and Yokohama city, to which the company belongs, also indicate fatal failures.

12 to 14 are flowcharts showing the processing by the virtual monitor screen display processing unit 13. When the maintenance person selects monitoring from the operation menu, the operation selection receiving unit creates a monitoring screen display control unit corresponding to the maintenance person and newly starts it (step S30). An identifier is given to the newly started monitoring screen display control unit. In the example of FIG.
Identifier # for each of the maintainers #a, #b, ...
A monitoring screen display control unit to which α, # β, ... Are added has been created and activated.

For example, when the monitor screen display control unit # α is newly activated, the maintenance person id passed as the activation parameter.
Thus, the information of the monitorable node of the maintenance person #a is extracted from the security information table 20 (step S31), and the screen display information management table is created with the information (step S32). Next, the maintenance person #a performs message notification registration with the message reception / distribution processing unit in order to receive notification of autonomous messages from all the nodes that can be monitored (step S33). At that time, as registration information,
The identifier # α of the monitoring screen display control unit and the notification designated node list (list of all the nodes that can be monitored by the maintenance person #a) are delivered to the message reception / distribution processing unit.

Upon receiving the message notification registration from the monitor screen display control unit # α, the message reception / distribution processing unit registers a message distribution request for the notification designated node in the message distribution table (step S34).
As shown in FIG. 13, the message delivery table is a table in which the identifiers of the monitoring screen display control units, which are message delivery destinations, are registered for all the accommodation nodes of the maintenance center. In the example of the figure, as a result of the message acceptance / distribution processing unit accepting the message notification registration of the monitoring screen display control unit # α, the monitorable node # of the maintenance person #a #
# Α is registered as the message delivery destination id for 1, # 4, and # 11.

When receiving the autonomous message from the node, the message reception / distribution processing unit extracts the source node id from the autonomous message (step S35),
The message delivery destination id corresponding to the node id is extracted from the message delivery table (step S36), and the autonomous message received from the node is delivered to the monitor screen display control unit corresponding to all the extracted delivery destination ids. In the above example, when the message reception / distribution processing unit receives an autonomous message from the node # 1, node # 4, or node # 11, the autonomous message is distributed to the monitoring screen display control unit # α.

When the monitoring screen display control unit # α receives the delivery of the autonomous message from the message reception / distribution processing unit, the monitoring screen display control unit # α delivers the message to the alarm state (* 3 in FIG. 11) of the corresponding node in the screen display information management table. The failure status indicated by the generated autonomous message is set (step S38). Next, the alarm state of the city area (* 3 in FIG. 11) is set to the most severe alarm state of all the nodes in the city (step S39),
Furthermore, the alarm status of the prefecture area (* 2 in FIG. 11) is set to the most severe alarm status of all cities in the prefecture (step S4).
0). Then, the alarm display is updated according to the change in the alarm state of the prefecture, city, or node corresponding to the displayed monitoring screen (step S41).

The virtual monitoring screen display processing unit 1 described above
By the processing of 3, the maintenance person can display only the alarm status of his / her monitorable node on the monitor screen, and can quickly detect the change in the alarm status of the monitorable node.

The command input processing unit 14 displays a menu of only the node devices that can input the command for the command selected by the maintenance person based on the node / inputable command matrix in the security information table 20. , For the node device selected by the maintenance personnel,
Only the commands permitted to be input to the node device are displayed on the menu, and the command input from the maintenance person is accepted within the range displayed on the menu.

FIG. 15 is a flow chart showing the processing by the command input processing section 14. When the maintenance person selects command input from the operation menu, the command input processing unit 14
Acquires the maintenance person's id from the maintenance person id memory 22 (step S50), and also obtains the maintenance person's security information from the security information table 20 (step S51). Then, it is determined which of the input command and the command input destination node is to be selected first (step S52). The information for this determination can be included in the system control information or the security information of the maintenance person, for example.

When the input command is to be selected first, the command input processing unit 14 first causes the maintenance person to select the command (step 53) and refers to the node / input possible command matrix in the security information of the maintenance person. Thus, a node to which the command selected by the maintenance person can be input is extracted (step S54). Next, only the extracted nodes are displayed on the "node selection menu" (step S55), and the maintenance person is allowed to select the command input destination node (step S56).

When the command input destination node is selected first, the command input processing unit 14 first causes the maintenance person to select the command input destination node (step 57), and the node / input in the security information of the maintenance person. By referring to the available command matrix, the commands permitted for the selected destination node are extracted (step S58). Next, only the extracted command is displayed in the "command selection menu" (step S5
9) Have the maintenance person select the input command (step S
60). When the input command and the command input destination node are selected as described above, the command input processing unit 14 executes the subsequent command input processing.

The security information communication processing unit 15 performs a process of exchanging the security information of the maintenance person between the maintenance centers through a line. Each maintenance person inputs a maintenance person id having a predetermined number of digits as maintenance person identification information when logging in. Also,
A center id (for example, 00 for Hokkaido, 01 for Tohoku, 02 for Kanto, etc.) corresponding to the jurisdiction is assigned to each maintenance center. For example, in the case where the maintainer id is composed of 8 digits, the first 2 digits are the belonging center id, and the subsequent 6 digits are the maintainer identification number, a part of the maintainer id is the center ID of the maintainer. In this case, the maintenance operation system can identify the logged-in maintenance person and at the same time identify the center to which the maintenance person belongs.

FIG. 16 shows an example of security information exchange between maintenance centers. The maintenance person X belongs to the maintenance center B in the Tokai region, and the security information of the maintenance person X is registered in the database of the maintenance center B. When the maintenance person X logs in from the maintenance terminal m of the maintenance center A in the Kanto region, it is confirmed that the maintenance person X belongs to the maintenance center B from the belonging center id included in the maintenance person id input by the maintenance person X. Therefore, the maintenance center A connects the maintenance terminal m to the maintenance center B and requests the security information of the maintenance person X. Since the maintenance center B returns the security information in response to this request, the maintenance center A can carry out the security check of the maintenance person X based on it.

After the security check, the maintenance person X selects a device in the Kanto region, and if it is a device that can be operated by the maintenance person X, the maintenance terminal m is reconnected to the maintenance center A. If the maintenance person X selects a device in the Tokai region and it is a device that can be operated by the maintenance person X, the connection between the maintenance terminal m and the maintenance center B is maintained. By exchanging the security information between the maintenance centers as described above, the maintenance person can perform maintenance from any maintenance center anywhere in the country in an area-free manner.

FIG. 17 shows the security information communication processing unit 15
It is a flowchart which shows the process by. For example, as described above, when the maintenance person X who belongs to the maintenance center B travels to the maintenance center A and logs in from the maintenance terminal of the maintenance center A to perform maintenance work, the security information communication processing unit on the maintenance center A side. 15 extracts the affiliated center id from the maintainer id input by the maintainer X at the time of login (step S70), and searches the affiliated center management information table 24 for the maintenance center corresponding to the affiliated center id. Of the maintenance center B is confirmed to be the maintenance center B (step S71), communication access to the maintenance center B is started (step 72), and the maintenance person id of the maintenance person X is transmitted to the maintenance center B to perform maintenance. The security information of person X is requested (step S73).

On the other hand, the security information communication processing unit 15 on the maintenance center B side is activated by communication access from the maintenance center A, and the maintenance person i transmitted from the maintenance center A side.
When d is received, the security information corresponding to the maintenance person id is read from the security information table 20 (step S75) and returned to the maintenance center A (step S7).
6).

The security information communication processing unit 15 on the side of the maintenance center A receives the security information of the maintenance person X returned from the side of the maintenance center B, and uses it to perform a security check on the maintenance person X (step S7).
4).

[0053]

As described above, according to the present invention, it is possible to perform a security check for each maintenance person in consideration of the technical level regarding the system operation of the maintenance person, and moreover, according to the actual technical level Since the security level can be adjusted, safer and more flexible security is possible.

Further, according to the present invention, the redundancy can be eliminated from the maintenance operation to simplify the operation.

Further, according to the present invention, since it is possible to display an easy-to-see monitoring screen in which only the monitoring information necessary for the maintenance person is displayed, human error such as oversight or mistake of the monitoring information is reduced, and the monitoring is strengthened. Also, in the case of dividing maintenance work into a plurality of external organizations in the maintenance operation system in the wide area integrated maintenance mode, it is possible to hide the monitoring information outside the scope of consignment from the maintenance personnel of the external organization. It is possible to secure security.

Further, according to the present invention, in the maintenance operation system in the wide area integrated maintenance mode, the security check can be performed for the maintenance person from any maintenance center nationwide, so that the maintenance person can perform maintenance operation area-free. it can.

[Brief description of the drawings]

FIG. 1 is an explanatory view of the principle according to the present invention.

FIG. 2 is a diagram showing a software configuration of a security control device as an embodiment of the present invention.

FIG. 3 is a diagram showing a configuration of a security information table.

FIG. 4 is a diagram showing a configuration of a maintenance person operation error counter.

FIG. 5 is a flowchart showing processing of a security update processing unit.

FIG. 6 is a flowchart showing processing of an error counter cycle reset processing unit.

FIG. 7 is a diagram illustrating an arrangement example of monitoring target devices.

FIG. 8 is a flowchart showing processing of a monitoring screen initial display processing unit.

FIG. 9 is a diagram illustrating a setting example of a virtual monitoring target.

FIG. 10 is a diagram illustrating a specific configuration example of a virtual monitoring screen display processing unit.

FIG. 11 is a flowchart (1/3) showing the processing of a virtual monitoring screen display processing unit.

FIG. 12 is a diagram showing a screen display information management table created by a virtual monitoring screen display processing unit.

FIG. 13 is a flowchart (2/3) showing the processing of a virtual monitoring screen display processing unit.

FIG. 14 is a flowchart (3/3) showing the processing of a virtual monitoring screen display processing unit.

FIG. 15 is a flowchart showing processing of a command input processing unit.

FIG. 16 is a diagram showing an example of security information exchange between maintenance centers.

FIG. 17 is a flowchart showing processing of a security information communication processing unit.

FIG. 18 is a diagram showing an example of hierarchical display of a monitoring screen.

[Explanation of symbols]

 1 security control device 10 security update processing unit 11 error counter cycle reset processing unit 12 monitoring screen initial display processing unit 13 virtual monitoring screen display processing unit 14 command input processing unit 15 security information communication processing unit 20 security information table 21 maintenance personnel operation error Counter 22 Maintenance person id memory 23 Error threshold memory 24 Affiliation center management information table 100 Maintenance operation device 101 Maintenance target device 102 Maintenance terminal 110 Security control device 111 Security information storage means 112 Operation error frequency counting means 113 Security level changing means 114 Maintenance Range determination means 115 Monitoring screen display means 116 Menu display means 117 Affiliation information storage means 118 Affiliation determination means 119 Security information requesting means 120 Security Tea information providing means

 ─────────────────────────────────────────────────── ─── Continuation of the front page (72) Inventor Yasunobu Harada 1015 Kamiodanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Within Fujitsu Limited (72) Inventor Masanori Furuya 3-19-2 Nishishinjuku, Shinjuku-ku, Tokyo Nippon Telegraph and Telephone Incorporated (72) Inventor Yuko Senda 3-19-2 Nishishinjuku, Shinjuku-ku, Tokyo Within Nippon Telegraph and Telephone Corporation

Claims (6)

[Claims] 1. A maintenance operation device for performing maintenance on a plurality of maintenance target devices through lines, and stores security information for a maintenance person including executable operation information indicating a type of operation that can be performed by a maintenance person. A security information storage means, an operation error number counting means for counting the number of operation errors of a maintenance person corresponding to the maintenance person, and a maintenance person whose number of operation errors counted by the operation error number counting means exceeds a predetermined threshold value. With regard to the security control device, the security level changing means for changing the executable operation information stored in the security information storage means so that the range of operations that can be performed by the maintenance person is further restricted. 2. A maintenance operation device for performing maintenance on a plurality of maintenance target devices through lines, target device information indicating maintenance target devices that can be operated by a maintenance person, and a subdivision of a region to which each maintenance target device belongs. The security information storage means for storing the security information for the maintenance person including the belonging area information hierarchically divided into a plurality of division levels from minute to large division, and the maintenance information for the maintenance person whose maintenance range is to be determined are stored in the security information storage means. Based on the stored target device information and affiliation area information, the maintenance range that determines the division level of the lowest hierarchy that includes all maintenance target devices that can be operated by the maintenance person and displays the area monitoring screen of the division level A security control device comprising a determination means. 3. A maintenance operation device for performing maintenance on a plurality of maintenance target devices through a line, target device information indicating maintenance target devices operable by a maintenance person, and affiliation indicating an area to which each maintenance target device belongs. Security information storage means for storing security information for maintenance personnel including area information and maintenance personnel requesting to display a monitoring screen of a specific area to which a maintenance target device that can be operated belongs belong to the security information storage means. Monitoring screen display means for displaying a monitoring screen showing a monitoring situation in the specific area based on the stored target apparatus information and belonging area information and apparatus status information notified from the maintenance target apparatus operable by the maintenance person. And a security control device. 4. The security information storage means stores affiliation area information in which the affiliation area of each maintenance target device is hierarchized into a plurality of division levels from a small division to a large division, and the monitoring screen display means comprises: If there is a subdivision level area belonging to the area displayed on the monitoring screen, the most important one of the monitoring situations indicated by the subdivision level areas is
The security control device according to claim 3, wherein the security control device is displayed while being reflected on the monitoring screen of the display target area. 5. A maintenance operation device for performing maintenance on a plurality of maintenance target devices through a line, which includes executable operation information indicating a type of operation that can be performed by a maintenance person and maintenance target devices that can be operated by the maintenance person. Security information storage means for storing security information for maintenance personnel including target device information shown, and maintenance for selecting a maintenance operation based on the executable operation information and target device information stored in the security information storage means A security control device including a menu display unit that displays only the operation and the operation target device permitted by the operator in the operation selection menu. 6. A maintenance operation device in a maintenance operation system in which a plurality of maintenance operation devices, each of which performs maintenance on a device to be maintained under its jurisdiction through a line, are provided in each maintenance operation device and belong to the maintenance operation device. Security information storage means for storing security information corresponding to each maintenance person, and affiliation destination information storage means for memorizing a correspondence relationship between each maintenance operation device in the maintenance operation system and affiliation information given thereto. Affiliation information is extracted from the maintenance person identification information of a maintenance person who has started maintenance operation on the maintenance operation device, and maintenance operation corresponding to the belonging information is performed based on the correspondence relation stored in the belonging information storage means. The location determination means for determining the device and the location information of the maintenance person who started the maintenance operation on the maintenance operation device may correspond to another maintenance operation device. When judged by the affiliation judging means, a security information request for requesting the security information of the maintenance person to the other maintenance operation device, and receiving the security information returned from the other maintenance operation device in response thereto. Means for receiving security information of a maintenance person who belongs to the maintenance operation device from the maintenance operation device, and extracts the requested security information from the security information storage means to the other maintenance operation device. A security control device comprising a security information providing means for returning a reply.