JP2000151604A - Remote management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a remote management system where security for electronic mail communication is enhanced via an open network such as the internet. SOLUTION: A manager local network 10 and a user local network 20 are connected by an internet 30. A manager 11 of the manager local network 10 collects a prescribed information from management information of an agent 25 of the user local network 20 via a firewall 23. Moreover, communication for electronic mails between agents 15, 25 and managers 11, 26 is enciphered by a password automatically changing to enhance the security.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention performs maintenance and management of devices connected to a user's network while remotely operating a remote location via an open external network such as the Internet. For remote management systems, especially printers that require maintenance services,
The present invention relates to a remote management system particularly effective for monitoring the status of a copying machine or the like.

[0002]

2. Description of the Related Art The prior art of this type of remote management system is disclosed in, for example, "Remote Management System" in Japanese Patent Application Laid-Open No. 9-134297 and "Service-Received Device, Sensor Device, and Service Device" in Japanese Patent Application Laid-Open No. 8-314835. And a remote control system ".

The former object is to provide a simple and economical remote management system that passes a security check of a firewall or the like. Management company SNMP
(Simple Network Management Protocol) The manager designates predetermined management information from among the management information of the SNMP manager on the user side, generates a text composed of a character string for e-mail based on the specified management information, and The requested management information is transmitted to the SNMP manager on the user side.

The user-side SNMP manager analyzes the received e-mail, activates a network management interface, collects necessary management information, converts the collected management information from a character string for e-mail to text, It is sent to the management company SNMP manager via e-mail. The management company SNMP manager performs remote monitoring and remote maintenance of the network on the user side based on the received management information.

[0005] The latter shows an example in which an authentication server is used to secure security when remote control is performed. That is, an object of the present invention is to enable a remote operation to be performed between a service device and a service target device connected to an internal network in which a firewall is installed.

The service-receiving device establishes connection A with the remote maintenance / operation center device via the user-side network and the firewall. Next, the service-receiving device transmits the security check information to the remote maintenance / operation center device via the connection A.

[0007] The remote maintenance / operation center device searches the security check information by searching the user authentication database and checks that the service-received device belongs to the contracted user. Establish a connection B with the service device via As a result, the service device can perform remote maintenance / operation of the service target device via the logical path configured by the connection A and the connection B.

[0008]

However, the conventional remote management system has several problems. First,
Unlike a local network connected only by a dedicated line for the Internet, the transfer is performed via many network server devices, and electronic mail is sent in a so-called bucket brigade method. Is not constant, and varies depending on the operating state of each network at that time, the traffic state, and the like. It is not clear when and where a malicious person exists. Therefore, when connected from the local network environment to the user-side local network environment via an environment such as the Internet to which an unspecified number of users connect, the e-mail transmitted via the external environment as described above is:
I do not know when and where its contents are stolen or tampered with.

In addition, even if an authentication server is installed, if passwords or the like as authentication information are leaked or analyzed, there is a disadvantage that the significance of authentication is lost. Further, if there is an unauthorized access in such a manner, the authentication server will pass, and the administrator often does not notice the unauthorized access, and the damage may be increased. Therefore, even when a user authentication server is installed and connected to an external device via a logical path, the risk of the above-mentioned wiretapping, (leakage) and tampering remains.

[0010] Therefore, an object of the present invention is to reduce the risk of information contained in an e-mail being leaked or falsified when communicating and controlling with a remote device by e-mail, and to temporarily prevent unauthorized access or tampering. It is an object of the present invention to provide a remote management system capable of immediately detecting the occurrence of such a problem and prompting the administrator to issue a warning and take a countermeasure.

[0011]

In order to solve the above-mentioned problems, a remote management system according to the present invention employs the following characteristic configuration.

(1) A user local network and a management company local network connected via an open network to the outside, such as the Internet, are provided. The management company local network includes a file wall on a device in the user local network. A remote management system that enables management information to be collected and analyzed over the network and eliminates the need for a network management device in the user local work.

(2) When sending and receiving electronic mail between an agent and a manager using the Internet,
The administrator performs initial registration and password 1 setting, the manager requests transmission using the password 1, the agent receives the transmission request, checks the password 1 and newly generates a password 2, The manager receives the response message, confirms the difference between the passwords 1 and 2, stores the password 2,
Remote management system that updates passwords sequentially.

(3) The remote management system according to (2), wherein the password is encrypted by adding a sum check value of the electronic mail message.

(4) The remote management system according to the above (2) or (3), wherein the mismatch between the password and the sum check is notified to an administrator by an alarm.

(5) The remote management system according to the above (2), (3) or (4), wherein a keyword required for decryption is changed for each communication.

[0017]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Preferred embodiments of a remote management system according to the present invention will be described below in detail with reference to the accompanying drawings.

FIG. 1 is a configuration diagram of a network to which a remote management system according to the present invention can be applied. This network is a management company local network (LAN) 1
0, a user network 20, and the Internet 30 connecting these two networks 10, 20.

The management company LAN 10 includes an SNMP manager 11, a router 12, and a plurality of SNMP agents (various network devices) 15. In the user LAN 20, a router 22, a firewall device 23, an external service server 24, a plurality of users SN
MP agent 25 and user SNMP manager 2
6.

In the network having such a configuration, the SNM
P managers 11, 26 and SNMP agent 1
5, 25 are SMTP which is an e-mail protocol
(SimpleMail Transfer Protocol) is a device that can send and receive e-mail.

The role of the SNMP manager 11 is to receive and process events from various agents interacting with the operator via a user interface as a management application that issues operations such as GET and SET to management information and commands to the agent. Notify the operator via the interface. It has a data store such as a database as needed, and stores management information and event history, and performs statistical processing analysis.

On the other hand, the role (function) of the firewall device 23 plays the role of confidentiality among the four principles of communication security (confidentiality, accuracy, credibility, and availability). Here, the confidentiality is to prevent the information from being unduly leaked to a third party other than the intended partner.
The roles of the SNMP agents 15 and 25 perform operations on the management target in response to requests from the managers 11 and 26, and return the results. In many cases, it has no user interface, always runs in the background like a daemon process, and can receive requests at any time. Detects a change in the status of a management target or occurrence of an abnormality, and notifies the manager as an event (trap). It should be noted that the process has a limitation that the load is lighter than that of the manager and the process must be one that does not hinder the original function and performance of the management target.

Next, the operation of the network shown in FIG. 1 will be described. SNMP manager 11 of management company LAN 10 is L
When managing network devices of agents in the AN 10, SNMP is generally implemented and communicated on UDP (User Datagram Protocol), which is a connectionless transport protocol in the TCP / IP protocol. It is used by many devices on the Internet 30 because it is easy to implement, has scalability, does not hinder normal operation of the device, and can be managed even when the network load is high. .

However, SNMP has low security because it is a protocol that assumes only the same (closed) environment in which the managed network and the management network are the same, and cannot pass through the firewall as it is. Therefore, by including the SNMP message information in the e-mail which is a highly reliable protocol, the message is passed through the firewall, and communication and control with the SNMP agent 25 installed in a remote place are enabled. However, the e-mail transmitted through the firewall can communicate with the destination device via the Internet 30.
However, it is not possible to determine what communication path is to be used for transmission in the Internet 30, and as described above, there is a risk that the content of the transmission is intercepted (leaked) or falsified.

Therefore, when sending an e-mail, SN
By encrypting and including MP message information,
Improve the confidentiality and credibility of communication contents. At this time, a special keyword is required for decrypting the encryption. The keyword itself is given a specific meaning to make it impossible to falsify the communication contents. Also, the keywords themselves are
Since the keyword is changed for each communication, by managing this keyword, when an unauthorized access occurs, it can be immediately detected and security is improved.

In the network shown in FIG. 1, only the components necessary for the configuration of the present invention are shown. Is often installed. In this case, for example, a firewall is often installed separately for each district, department, or the like.

In FIG. 1, a firewall may be installed between the SNMP manager 11 and the router 12 installed in the management company LAN 10. Various SNMP agents 25 to be managed installed in the user LAN 20 are connected to the router 22 via the firewall 23 and are connected to the Internet 30 therefrom.

FIG. 1 shows an SN in the management company LAN 10.
The flow of communication between the MP manager 11 and the SNMP agent 25 of the user LAN 20 is indicated by a broken line. The SNMP message information in the electronic mail is transmitted after being encrypted. The encryption procedure, decryption procedure, and communication procedure according to the present invention will be described below.

First, a communication procedure between the manager and the agent in the remote management system of the present invention will be described with reference to FIG. In the present invention, when performing communication, an initial setting and registration are performed by an agent administrator (step 501). In this initial registration, agents 15, 2
For 5, the serial number of the product, the e-mail address assigned to the agent device, the e-mail address of the administrator who notifies the alarm when an alarm occurs,
The mail address and the initial password of the NMP manager 11 are set.

At the same time, the management company is notified of the settings such as the serial number of the product, the mail address of the agent device, and the initial password. By this initial registration, the phases of the passwords between the manager and the agent are aligned. In the remote management system of the present invention, the expiration date of the password is limited to one time, and as long as normal communication is performed, any unauthorized access can be immediately detected.

When transmitting the request message for the first time, the managers 11 and 26 encrypt the password by combining the password and the serial number set in the initial registration, and transmit it by e-mail (step 502). The agent devices 15 and 25 receive the encrypted request message by electronic mail. Since a password necessary for decryption is attached to the e-mail together with the cipher text, it is verified that the password matches the stored password.

In the case of a mismatch, there is a possibility of unauthorized access by somebody, so that an alarm is generated to the administrator and the subsequent processing is interrupted. This authentication work (verification check)
If they match, decrypt the cipher, process according to the request message, and create a response message. When encrypting the response message, the agents 15 and 25 automatically generate a new password, use the new password in combination with the serial number, encrypt the new password, and return it to the managers 11 and 26 (step 503).

The managers 11 and 26 receive the reply mail and confirm whether the attached password matches the stored password. In the case of a mismatch, the system uses the password only once,
Since unauthorized access by somebody is conceivable, an alarm is sent to the administrator and the subsequent processing is interrupted. Although details will be described later, the password in this case does not have to be merely different, and the keyword necessary for encryption and decryption is configured by combining this password and the sum check of the message data, It is designed so that it cannot be decrypted with an inappropriate password. After passing the password confirmation, the managers 11 and 26 store the newly sent password and use it as the password for the next message transmission (step 504).

Thereafter, the steps 502 to 504 and the repetitive work are performed while sequentially updating the password.

When an alarm occurs, the administrator investigates the failure and, if there is no problem, re-executes the initial registration to recover the system. At this time, the information such as the password is not changed, and only the information at the time of the initial initial registration needs to be re-transferred. This is because the password is used only once, and the newly generated password changes with time.

Next, referring to FIG.
A processing flow at the time of sending an e-mail of 26 will be described. The manager creates an SNMP request message when performing agent management (step 201). Further, a sum check value of the entire message data is calculated (step 202). This sum check value is added to the registered password to generate a keyword required for encryption (step 203). Examples of keywords include
The password is “Password” and the sum check value is “123”
For "4", ":" is defined as a delimiter and "Password:
1234 "is conceivable.

Here, the manager encrypts the request message data by combining the serial number and this keyword (step 204). The encrypted data is included in the electronic mail together with the keyword, and transmitted to the agent function (step 205).

Next, the processing flow of the electronic mail (reception → transmission) of the agent will be described with reference to FIG. Upon receiving the e-mail from the manager (step 301), the agent separates the received keyword into a password portion and a sum check portion. As a separation example, the password part is “Password” and the sum check part is “1234” from the previous example, using the “:” symbol as a delimiter.
And separate. Then, it is confirmed that this password matches the stored password (step 302).
If they do not match, there is a possibility of unauthorized access or the like, so the subsequent processing is stopped and an alarm is notified to the administrator (step 303).

Further, decryption is performed from the received keyword and serial number (step 304). If the decryption fails, there is a possibility that the mail text has been destroyed for some reason, so the subsequent processing is stopped and the administrator is notified (step 307). On the other hand, if the sum check values match, processing is performed according to the request message, and the result is created as a response message.

Next, the sum check value of the entire response message data is calculated, and a new password different from the stored one is generated and updated and stored. Then, the calculated sum check is added to the new password to create a keyword. An example of creating a keyword may be, for example, “Password 2: 2345” in accordance with the rules described above. The response message data is encrypted by combining the serial number and this keyword (step 30).
8). The encrypted response message is included in the electronic mail together with the new keyword and returned to the manager (step 309).

Next, an e-mail reception processing flow of the manager will be described with reference to FIG. The manager receives an e-mail from the agent (step 401).
Therefore, the received keyword is separated into a password portion and a sum check portion. As a separation example, the password part is separated as “Password 2” and the sum check part is separated as “2345”, using the “:” symbol as a delimiter from the previous example. Then, it is confirmed that this password does not match the stored password (step 40).
2). If they match, there is a possibility of unauthorized access or the like, so the subsequent processing is stopped and an alarm is notified to the administrator (step 403).

Next, decryption is performed from the received keyword and serial number (step 404). Here, if the decryption fails, there is a possibility that the mail text has been destroyed for some reason, so the subsequent processing is stopped and an alarm is notified to the administrator (step 405). If the decryption is successful, a sum check calculation of the response message data is performed (step 406). This is compared with the separated sum check value (step 407). If the sum check values do not match, there is a possibility that the content of the message has been tampered with, so the subsequent processing is stopped and the administrator is notified (step 410).

If the sum check values match, the new password is stored and processed according to the response message. As a result of the processing, if a new message is needed, a request message is created (step 408). Even when the mail is sent next time, it operates according to the processing flow of FIG. 2, but the password used is the password used for the last received reply mail.

At the time of communication, if the order of the series of password updates is different, it is determined that an alarm has occurred, and the subsequent operations are stopped until the administrator resets the password. That is, if there is unauthorized access even once, inconsistency occurs in these series of operations,
An anomaly is found.

[0045] Even if the user simply looks at the information, a serial number is required in addition to the keyword in order to decrypt the remote management system of the present invention. It should be noted that this serial number is registered only at the time of initial setting, and cannot be known during normal communication.

In the above-described embodiment, an example of communication by electronic mail between the manager and the agent has been described. However, as shown in FIG.
It is also conceivable that the manager 26 is installed and managed by the user LAN. Even in this case, it is obvious that the encryption system of the present invention is effective.

In the above example, the case where the password is automatically generated has been described. However, since a unique message ID is always given to an electronic mail, it is also possible to use these IDs. Furthermore, the number of parameters required for encryption has been described in terms of the serial number and the keyword, but the number of parameters has been increased or the number of digits of the parameter has been increased to make decryption difficult according to the security requirements. May be.

Also, in order to reduce mail traffic, one mail message is used for one communication. However, there is relatively no traffic problem. It is also possible to disperse the mail text in the communication of the above and transfer it in a plurality of times. For example, it is possible to divide the encrypted data from the keyword, and further to divide and transfer the encrypted data itself. In the above example, the administrator is notified when an alarm occurs. However, when the notification itself is performed by e-mail, the administrator does not need to be in the same domain. In terms of security, another domain is more secure.

[0049]

According to the remote management system of the present invention, the agent administrator can automatically change and set the password for each communication by the agent device if only the necessary information is set for the initial registration. Does not cause any special work. Even if a malicious eavesdropper steals the current password, the security is improved because the password is changed to the new password at the next communication.

In this automatic password generation system, even a manager cannot recognize the password during normal communication, so there is no fear of password leakage.

Further, in the security system using a password, since no human element enters, the security system is optimal for an automatic response system between machines and has a wide range of applications.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration example of a network to which a remote management system according to the present invention is applied.

FIG. 2 is a processing flowchart at the time of sending an e-mail by a manager.

FIG. 3 is a processing flowchart of an agent (reception → reply).

FIG. 4 is a flowchart of a reception process of a manager.

FIG. 5 is a flowchart of a communication procedure between a manager and an agent.

[Explanation of symbols]

 10 Administrator local network 11, 26 Manager 15, 25 Agent 20 User local network 23 Firewall 30 Internet

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI theme coat ゛ (reference) H04Q 9/00 301 9/14 F term (reference) 5B089 GA31 GB08 HA06 HA10 HB06 HB07 JA35 JB14 KC57 KC58 KH30 5K030 GA14 GA15 HA06 HB06 HC01 HC14 HD03 HD08 JA10 MA01 MC07 MC09 MD07 5K033 BA08 BA11 DA06 DB20 EA07 5K048 BA53 DC07 EA12 9A001 JJ14 JJ25 LL03

Claims (5)

[Claims] A user local network connected to an external network such as the Internet via an open network and a management company local network, wherein the management company local network is connected to a device in the user local network via a file wall. A remote management system capable of collecting and analyzing management information by using a network management device in the user local work. 2. When sending and receiving an e-mail between an agent and a manager using the Internet, an administrator performs initial registration and sets a password 1, and the manager requests transmission using the password 1; Receives the transmission request, generates a new password 2 by checking the password 1, and receives the response message, confirms the difference between the passwords 1 and 2, saves the password 2, and sequentially saves the password 2. A remote management system characterized by updating to a new password. 3. The remote management system according to claim 2, wherein the password is encrypted by adding a sum check value of the electronic mail message. 4. The remote management system according to claim 2, wherein a mismatch between the password and the sum check is notified to an administrator by an alarm. 5. The remote management system according to claim 2, wherein a keyword required for decryption is changed for each communication.