JP2009259236A - Information processing terminal and management server for the information processing terminal - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide various working environments corresponding to the needs of a user while an information processing terminal ensures high security. <P>SOLUTION: The information processing terminal 1c having an HDD 13c is provided with: a temporary area ensuring part 27 for ensuring a partial area in the HDD 13c as a temporary area 82 to be initialized upon starting or ending the information processing terminal 1c; an identification information transmitting part 21 for transmitting identification information for identifying a user using the information processing terminal 1c or the information processing terminal 1c to a management server 1s; a software receiving part 28 for receiving from the management server 1s software corresponding to the information processing terminal 1c relating to the identification information or the user; a temporary area recording part 29 for recording the software received by the software receiving part 28 in the temporary area 82; and a software executing part 31 for providing the user using the information processing terminal 1c with functions of the software by reading the software from the temporary area 82 and executing the software. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a user terminal management system having an information processing terminal and a management server.

  Conventionally, there is a virtual machine technology in which pseudo computer hardware called a virtual machine is configured on a host computer and a guest OS (operating system) is operated on the virtual machine (see, for example, Patent Document 1). .

  Also, the OS is not stored in an HDD (Hard Disk Drive) or the like directly connected to the host computer, and the OS is loaded from a DVD (Digital Versatile Disc) or other computer connected via a network at startup (For example, refer to Patent Document 2)

JP 2005-115653 A JP 2006-127169 A

  Conventionally, in information communication systems using a combination of information processing terminals and communication networks, events such as computer virus damage and information leakage have occurred. This is a recent computer configuration that rewrites programs and data. This is a problem caused by recording in a possible storage device. That is, once software that transmits data to the network regardless of the user's intention is recorded in the storage device, the software stays in the system and damage continues. Further, since the data is stored in the storage device of the computer, information is leaked when the computer is lost or stolen.

  In order to cope with such an event, conventionally, a technique that does not leave a program and data in an information processing terminal has been proposed. For example, there is a virtual machine technique in which pseudo computer hardware called a virtual machine is configured on a computer, a guest OS is started on the virtual machine, and work is performed on the guest OS. In addition, the OS is not stored in the information processing terminal, but an OS image is prepared at the tip of the network, downloaded over the network at the time of startup, and the RAM (Random Access Memory) of the information processing terminal that does not have a nonvolatile storage device. In other words, there is a so-called thin client method. And according to these methods, it is possible to cope with the problem that malware such as a virus stays resident and the information leaks from the upper processing terminal without leaving a program or data on the information processing terminal.

However, with these methods, the environment is unified, and it is difficult to construct an environment for each user or for each work. In the virtual machine method, if you give administrator rights to the user, it is possible to let the user build an environment, but the user has the right to freely install software or make changes to the system, Security is compromised. Also, if the administrator constructs an environment for each information processing terminal or usage scene without giving the administrator authority to the user, the amount of work for the administrator becomes enormous, which is not realistic. In order to construct an environment for each information processing terminal or each usage scene in the thin client method, it is necessary to store various combinations of OSs and combinations of OSs and applications on the server side that holds the OS image. There is a problem that a large amount of resources are consumed.

  In view of the above problems, an object of the present invention is to provide various work environments according to user needs while ensuring high security in an information processing terminal.

  In order to solve the above-described problems, the present invention records and executes software corresponding to an information processing terminal or user in a non-volatile storage device in an area that is initialized when the terminal is activated or terminated. In the information processing terminal, it is possible to provide various work environments according to the user's needs while ensuring high security.

  Specifically, the present invention relates to an information processing terminal that has a nonvolatile storage device and is communicably connected to a management server, wherein a part of the area in the nonvolatile storage device is activated by the information processing terminal. Alternatively, a temporary area securing unit that secures a temporary area that is initialized upon termination, and an identification information transmitting unit that transmits identification information for identifying the user who uses the information processing terminal or the information processing terminal to the management server And software receiving means for receiving software corresponding to the information processing terminal or user related to the identification information from the management server that received the identification information, and recording software received by the software receiving means in the temporary area A temporary area recording means that reads out the software from the temporary area and executes the software, Ability to, and a software execution means for providing a user who uses the information processing terminal, an information processing terminal.

  A non-volatile storage device is a storage device such as an HDD or a flash EEPROM that maintains recorded information even when power is not supplied. In the present invention, a temporary area that is initialized when the information processing terminal is started or terminated is secured on the nonvolatile storage device, and the software received from the management server is recorded in the temporary area to meet the needs of the user. In response to this, an information processing terminal capable of providing various work environments is realized.

  Further, the information processing terminal according to the present invention is a combination of software for constructing a predetermined work environment in the information processing terminal related to the identification information, or software for providing a predetermined service to the user related to the identification information A software list receiving unit that receives a list of software indicating the combination from the management server that has received the identification information, and one or a plurality of lists received by the software list receiving unit are presented to the user. Receiving means for accepting selection of a list, and the software receiving means may receive software included in the selected list from the server.

  A list desired by the user is selected from a list of software indicating a combination of software for constructing a predetermined work environment in the information processing terminal or a combination of software for providing a predetermined service to the user. By receiving the software included in, it is possible to prepare a work environment according to the user's needs.

The information processing terminal further includes a volatile storage device, and the temporary area recording unit intercepts write access to the nonvolatile storage device by the operating system of the information processing terminal, and writes the write access. By converting the destination address into an address in the temporary area, the software received by the software receiving means is recorded in the temporary area, and the converted address before and after the converted write access You may further provide the conversion information storage means which accumulate | stores the conversion information which shows a correspondence relationship in the said volatile memory | storage device.

  According to the present invention, since the conversion information is accumulated in the volatile storage device, the conversion information recorded in the volatile storage device is lost due to restart or power failure, and the conversion information is referred to the temporary area. It becomes impossible to access. This makes it difficult to read information from the temporary area, and it is possible to prevent malware from remaining and information leakage. The temporary area may be initialized by volatilizing conversion information stored in the volatile storage device when the information processing terminal is activated or terminated.

  The present invention can also be grasped as a management server that manages the information processing terminal. That is, the present invention is a management server that is communicably connected to a user terminal that is an information processing terminal used by a user, and includes identification information for identifying the user terminal or a user who uses the user terminal. The identification information receiving means received from the user terminal and the user terminal related to the identification information or the software corresponding to the user are transmitted to the user terminal and stored in a temporary area that is initialized when the user terminal is activated or terminated. A management server comprising software transmission means for storage.

  By managing the information processing terminal by such a management server, the administrator can flexibly provide the user with a work environment while keeping the security of the user terminal high.

  In addition, the management server according to the present invention includes a combination of software for constructing a predetermined work environment in the information processing terminal related to the identification information, or software for providing a predetermined service to the user related to the identification information. A software list storage unit that stores a list of software indicating combinations; and a software list transmission unit that transmits the list according to an information processing terminal or a user related to the identification information, and the software transmission unit includes: Software requested by the user terminal based on a list selected by the user terminal among one or a plurality of lists transmitted by the software list transmission means may be transmitted to the user terminal.

  The list is stored in association with information indicating an expiration date of the list, and the software list transmission unit is within the expiration date of the list corresponding to the information processing terminal or the user according to the identification information. Only the list may be transmitted. As a result, the administrator can set the usage period of the work environment provided by using the software list, and can control the period during which the work environment is provided to the user.

  The management server according to the present invention further includes an authentication unit that authenticates the user terminal or a user who uses the user terminal using the identification information received by the identification information receiving unit, and the software transmission unit includes: Software associated with the authenticated user terminal or user may be transmitted.

The present invention also provides:
An information processing terminal that has a nonvolatile storage device and is communicably connected to a management server,
A temporary area securing means for securing a part of the area in the nonvolatile storage device as a temporary area that is initialized when the information processing terminal is activated or terminated;
Temporary area recording means for causing the information processing terminal to operate in a restricted mode in which writing to other areas of the nonvolatile storage device is restricted by recording contents written to the nonvolatile storage apparatus in the temporary area. When,
Software receiving means for receiving, from the management server, software for leaving the restricted mode for ending the operation in the restricted mode;
Software execution means for terminating the operation of the information processing terminal in the restricted mode by reading and executing the software for leaving the restricted mode received by the software receiving means and recorded in the temporary area;
Is an information processing terminal.

The present invention also provides:
Communicating with an information processing terminal that can operate in a restricted mode, which restricts writing to other areas of the nonvolatile storage device by recording the contents written to the nonvolatile storage device in a temporary area of the nonvolatile storage device Connected and possible
Software storage means for storing restriction mode leaving software for ending the operation in the restriction mode by being executed by the information processing terminal;
Software transmitting means for transmitting the restriction mode leaving software to the information processing terminal and storing the software in the temporary area of the information processing terminal;
Is a management server.

  Here, the restriction mode leaving software is software for ending the restriction mode in which writing to an area other than the temporary area of the nonvolatile storage device is restricted. In the present invention, such restriction mode leaving software is distributed from the management server and recorded in the temporary area of the information processing terminal, thereby making it possible to prevent undesired restriction mode leaving due to user intention or negligence. Yes. Further, according to the present invention, since the management server can manage the presence / absence of distribution without constantly holding the software for leaving the restricted mode in the information processing terminal, the permission / non-permission of leaving the restricted mode can be controlled by the management server. It is possible to manage on the side.

In the present invention,
The software transmission unit may transmit the restriction mode leaving software to the information processing terminal when the information processing terminal is within a period during which the operation end in the restriction mode is permitted.

  That is, according to the present invention, by managing the period during which the management mode leaving software is transmitted by the management server, it is permitted to terminate the restriction mode in the information processing terminal only within the preset period. In the other periods, it is possible to prevent the restriction mode from ending.

In addition, the management server according to the present invention is
An identification information receiving means for receiving identification information for identifying the information processing terminal or a user who uses the information processing terminal from the information processing terminal;
When the information processing terminal or user related to the identification information is an information processing terminal or user who has the authority to end the operation in the restriction mode, the software transmission unit sends the restriction mode leaving software to the information processing terminal. You may transmit to a terminal.

  According to the present invention, it is determined whether or not the information processing terminal or the user has the authority to end the restriction mode, and it is permitted to end the restriction mode only when it has the authority. It is possible to prevent the processing terminal or the user from ending the restriction mode.

Furthermore, the present invention can be understood as a method executed by a computer or a program executed by a computer. Further, the present invention may be a program in which such a program is recorded on a recording medium readable by a computer, other devices, machines, or the like. Here, a computer-readable recording medium is a recording medium that stores information such as data and programs by electrical, magnetic, optical, mechanical, or chemical action and can be read from a computer or the like. Say.

  According to the present invention, it is possible to provide various work environments according to user needs while ensuring high security in an information processing terminal.

It is a figure which shows the outline of the hardware constitutions of the user terminal management system which concerns on embodiment. It is a figure which shows the outline of a function structure of the user terminal management system which concerns on embodiment. It is a figure which shows the structure of the software information table in embodiment. It is a figure which shows the structure of the software information table in embodiment. It is a figure which shows the structure of the authentication information table in embodiment. It is a figure which shows the structure of the restriction | limiting mode definition information table in embodiment. It is a figure which shows the structure of the storage area in embodiment. It is a figure which shows the address conversion table in embodiment. It is a flowchart which shows the flow of the process which produces the restriction | limiting mode definition information which concerns on embodiment. It is a figure which shows the image of the restriction | limiting mode definition information creation interface displayed on a display in embodiment. It is a flowchart which shows the flow of the restriction | limiting mode control process in embodiment. It is a flowchart which shows the flow of the restriction | limiting mode control process in embodiment. It is a figure which shows the image of the restriction | limiting mode definition information selection interface displayed on a display in embodiment. It is a figure which shows the image of the restriction | limiting mode leaving interface displayed on a display in embodiment. It is a flowchart which shows the flow of the non-restriction mode transfer process in embodiment. It is a flowchart which shows the flow of the residual prevention process in embodiment. It is a figure which shows the structure of the restriction | limiting mode definition information table in 2nd embodiment. It is a figure which shows the structure of the condition information table in 2nd embodiment. It is a flowchart which shows the flow of the restriction | limiting mode control processing in 2nd embodiment. It is a figure which shows the structure of the software information table in other embodiment. It is a figure which shows the structure of the restriction | limiting mode definition information table in other embodiment.

  An embodiment of a user terminal management system having an information processing terminal and a management server according to the present invention will be described based on the drawings.

<First embodiment>
FIG. 1 is a diagram illustrating an outline of a hardware configuration of a user terminal management system 1 according to the present embodiment. The user terminal management system 1 includes a management server 1s and one or a plurality of user terminals 1c connected to the management server 1s via the network 2. The management server 1s includes a CPU (Central Processing Unit) 11s, a RAM (Ran
A computer having a main storage device such as a dom Access Memory (12s), an auxiliary storage device such as an HDD (Hard Disk Drive) 13s, a ROM (Read Only Memory) 14s, and a network interface such as a NIC (Network Interface Card) 15s. . The management server 1s is managed by an administrator terminal 1a connected via the network 2, but may include a display, a keyboard, a mouse, and the like.

  Also, the user terminal 1c is a CPU 11c, a volatile storage device, a RAM 12c in which recorded information is lost when the terminal is restarted or terminated, and a non-volatile storage device, and when the terminal is restarted or terminated It is a computer having a network interface such as an HDD 13c, ROM 14c, and NIC 15c in which recorded information is maintained. In the present embodiment, the user terminal 1c further includes an output device such as a display 16c and an input device such as a keyboard 17c and a mouse 18c. The OS of the user terminal 1c is an OS that can set for each user whether or not there is an administrator authority that is an authority for making changes to the system or adding software.

  FIG. 2 is a diagram showing an outline of a functional configuration of the user terminal management system 1 according to the present embodiment. The management server 1s having the hardware configuration shown in FIG. 1 reads out a program installed on the HDD 13s by the CPU 11s and expands it in the RAM 12s. The CPU 11s interprets and executes the expanded program, whereby the software storage unit 46 A restriction mode definition information storage unit 44 that stores restriction mode definition information including a list of software, an identification information reception unit 42 that receives identification information of the user or the user terminal 1c from the user terminal 1c, and the received identification information The authentication unit 41 for authenticating the user terminal 1c or the user by using the information processing terminal, the restriction mode definition information transmitting unit 43 for transmitting the restriction mode definition information corresponding to the user, and the restriction mode definition selected by the user terminal 1c Sends software included in information to user terminal 1c Software transmitting unit 45 which functions as the management server 1s provided with.

  Similarly, the user terminal 1c having the hardware configuration shown in FIG. 1 allows the CPU 11c to interpret and execute the program expanded in the RAM 12c, thereby transmitting the identification information of the user or the user terminal 1c to the management server 1s. An information transmitting unit 21; a restricted mode definition information receiving unit 22 that receives restricted mode definition information from the management server 1s; a receiving unit 23 that receives an instruction to select restricted mode definition information and activate a restricted mode by a user; A setting unit 24, an authority setting unit 25 that sets a login user at the next start-up as a user who does not have administrator authority, a determination unit 26 that determines whether or not the restriction mode is valid, and an HDD 13c A temporary area securing unit 27 that secures the area of the copy as a temporary area 82, and included in the selected restriction mode definition information. A software receiving unit 28 that receives software from the management server 1s, a temporary area recording unit 29 that records data to be written to the HDD 13c in the temporary area 82 when the restriction mode is valid, and conversion information at the time of recording in the temporary area 82 are stored. Functioning as a user terminal 1c that includes a conversion information storage unit 30 that performs, a software execution unit 31 that reads and executes software from the temporary area 82, and a reading unit 32 that reads information recorded in the HDD 13c including the temporary area 82 .

  Here, the service is a function provided by software executed in the user terminal 1c or the service providing server. As a form of providing the service, a form in which the service is provided by software downloaded to the user terminal 1c being executed by the user terminal 1c, or a main process is performed in the service providing server. The form etc. in which the software mainly responsible for the display of the processing result received from is executed may be used.

  The temporary area 82 is a partial area in the HDD 13c that is initialized when the conversion information stored in the RAM 12c is lost when the user terminal 1c is activated or terminated. The temporary area recording unit 29 intercepts (hooks) the write access to the HDD 13c by the operating system and converts the write access to the temporary area 82 when the determination unit 26 determines that the restriction mode is valid. Thus, the data to be written to the HDD 13c is recorded in the temporary area 82. Then, the conversion information accumulation unit 30 accumulates conversion information indicating the correspondence relationship between the converted address of the write access and the converted address in the RAM 12c.

  The restricted mode is a state in which the function for ensuring security is enabled in the user terminal 1c, and a plurality of types of restricted modes are provided to provide various work environments while ensuring security. Is done.

  The restriction mode definition information accumulation unit 44 of the management server 1s is a combination of software for constructing a predetermined work environment in the information processing terminal related to the identification information, or software for providing a predetermined service to the user related to the identification information The restricted mode definition information including the combination of is accumulated.

  3A and 3B are diagrams showing the configuration of the software information tables 50A and 50B in the present embodiment. In the software information tables 50A and 50B, a software identifier 51 for identifying software accumulated by the software accumulation unit 46, a software name 52, and a file path 53 indicating a storage location of the software main body in the management server 1s are included. Contains software information. In the present embodiment, the software information table 50A stores information about software that is to be prevented from remaining, that is, software that does not remain on the HDD 13c of the user terminal 1c after the use of the user terminal 1c ends. On the other hand, in the software information table 50B, software that is not subject to residual prevention, for example, an operating system update file, a security countermeasure software update file, a virus definition file, or the like may be left in the system from the viewpoint of security. Preferred software information is stored.

  FIG. 4 is a diagram showing the configuration of the authentication information table 60 in the present embodiment. The authentication information table 60 includes an authentication identifier 61 for identifying a user or user terminal 1c to be authenticated, a user or terminal name 62 authenticated by the authentication identifier 61, a password used for authentication, and the like. Authentication information including reference numeral 63 is accumulated.

  FIG. 5 is a diagram showing a configuration of the restriction mode definition information table 70 in the present embodiment. The restriction mode definition information table 70 includes a restriction mode identifier 71, a restriction mode name 72, a software list 73 in which software identifiers 51 of software permitted to be used in this restriction mode are listed, and the use of this restriction mode. Restriction mode definition information including an authentication list 74 in which authentication identifiers 61 of permitted users or terminals are listed and a restriction mode expiration date 75 indicating a time limit in which the use of this restriction mode is permitted is accumulated. The user can receive provision of a work environment corresponding to the definition information by selecting desired restriction mode definition information from the plurality of types of restriction mode definition information presented.

FIG. 6 is a diagram showing the configuration of the storage area 80 in the present embodiment. The storage area 80 secured on the HDD 13c of the user terminal 1c includes a restricted mode flag 81 and a temporary area 82. The restricted mode flag 81 indicates that the restricted mode is valid by the restricted mode setting unit 24. A value (for example, “1”) or a value (for example, “0”) indicating that the restriction mode is invalid is written. The temporary area 82 is an area to which write access to the HDD 13c is redirected by address conversion while the restriction mode is valid. That is, data is recorded in the temporary area 82 in principle while the restriction mode is valid.

  FIG. 7 is a diagram showing the address conversion table 90 in the present embodiment. In the address conversion table 90, the correspondence relationship between the conversion source address 91 and the conversion destination address 92 at the time of writing to the temporary area 82 is accumulated. Information stored in the address conversion table 90 is referred to when information is read from the temporary area 82. In this embodiment, the address conversion refers to acquiring the conversion destination address 92 corresponding to the conversion source address 91 by referring to the correspondence table. Instead, the conversion source address 91 is calculated according to a predetermined calculation. It is good also as acquiring the conversion destination address 92 by converting using a type | formula.

  FIG. 8 is a flowchart showing a flow of processing for creating restriction mode definition information according to the present embodiment. The processing shown in this flowchart is started when the administrator terminal 1a logged in the management server 1s or the administrator terminal 1a inputs an instruction to start creation of restriction mode definition information by the administrator. .

  In steps S101 to S103, various information for the user to select when creating the restriction mode definition information is read, and these information are displayed on the display of the management server 1s or the administrator terminal 1a. The management server 1s reads software information prepared in advance from the software information tables 50A and 50B, and reads authentication information from the authentication information table 60. Then, the management server 1s displays the read software information and authentication information on the display connected to the management server 1s or the display of the administrator terminal 1a connected to the management server 1s.

  FIG. 9 is a diagram showing an image of the restriction mode definition information creation interface 100 displayed on the display in the present embodiment. The restriction mode definition information creation interface 100 includes a name input field 101 in which the name of the restriction mode related to the created restriction mode definition information is input, and a selectable software display field in which the software information read in step S101 is selected. 102, a selected software display field 103 in which one or a plurality of selected software is displayed, an add button 104a for adding software to be selected to the selected software, a delete button 104d for deleting the selected software, Selectable authentication information display field 105 for selecting the authentication information read in S102, selected authentication information display field 106 for displaying the selected one or more authentication information, and authentication information to be selected have been selected Add button 107a to add to authentication information and select A delete button 107d for deleting only the authentication information, an expiration date input field 108 for inputting the expiration date of the restriction mode definition information to be created, and a new creation button for creating new restriction mode definition information by confirming input or selection contents 109.

  In step S104, input and selection of information necessary for creating the restriction mode definition information is accepted. The management server 1s receives an input operation and a selection operation performed via the restriction mode definition information creation interface 100 displayed on the display, thereby accepting an input or selection of the restriction mode name, software, authentication information, and expiration date. .

That is, when creating the restriction mode definition information, the administrator uses the input device such as a keyboard and a mouse while viewing the restriction mode definition information creation interface 100 displayed on the display, Selection, authentication information selection, and expiration date input. Here, a plurality of software and authentication information may be selected. In the present embodiment, software or authentication information displayed using the drop-down menu is selected by pressing the add buttons 104a and 107a. The selected software / authentication information in the selected state is displayed in the selected software / authentication information display fields 103 and 106 and is confirmed by pressing the new creation button 109. Thereafter, the process proceeds to step S105.

  In step S105, restriction mode definition information is created. The management server 1s creates restriction mode definition information including the information input or selected in step S104 as the restriction mode name 72, the software list 73, the authentication list 74, and the restriction mode expiration date 75, and the restriction mode definition information table 70 is created. To accumulate. At this time, the management server 1 s generates a unique identifier for identifying the restriction mode definition information, and stores it in the restriction mode definition information as the restriction mode identifier 71. The identifier can be an identifier including a creation date and time, for example. Thereafter, the processing shown in this flowchart ends.

  That is, according to the processing shown in this flowchart, the administrator can easily create a restriction mode according to the work environment desired to be provided to the user and the security desired to be applied. Here, when the generation of the restriction mode definition information is successful, a message for informing the user that the restriction mode definition information has been successfully created may be displayed. The administrator can create a plurality of restriction mode definition information. By generating restriction mode definition information based on a combination of different software identifiers 51 and authentication identifiers 61, it is possible to select software and restrict users who can use the software only by selecting the restriction mode.

  For example, by setting software for accessing a file server and a user who wants to allow access to the restricted mode definition information, data can be shared among the restricted users.

  FIG. 10A and FIG. 10B are flowcharts showing the flow of the limited mode control process in the present embodiment. The processing shown in this flowchart is started when the system is activated. In the processing shown in this flowchart, the restriction mode flag 81 is operated, and the processing flow is determined based on the state of the restriction mode flag 81. First, the flow of processing when the restriction mode flag 81 is not valid (or invalid) at the time of activation will be described. In the present embodiment, the system program such as the OS is read from the HDD 13c. However, at least a part of the system program is recorded in a non-rewritable storage device such as a ROM or DVD, and every time the system is started. By modifying the program, modification of the program may be suppressed.

  In step S201 and step S202, a system activation process and a restriction mode flag 81 are determined. After the system is activated, the determination unit 26 refers to the restriction mode flag 81 stored in the HDD 13c and determines whether or not the restriction mode flag 81 is set to a value indicating that the restriction mode is valid. If it is determined that the restriction mode flag 81 is set to a value indicating that the restriction mode is valid, the process proceeds to step S221 (see FIG. 10B), and thereafter, the system until the restriction mode flag 81 is set to invalid. Operates in restricted mode. If it is determined that the restriction mode flag 81 is not set to a value indicating that the restriction mode is valid (or is set to a value indicating invalidity), the process proceeds to step S203, and thereafter the restriction mode flag 81 is valid. Until set to, the system will operate in unrestricted mode.

In steps S203 and S204, an authentication process based on the authentication information is performed. The user terminal 1c displays an authentication interface (not shown) on the display 16c of the user terminal 1c, and the identification information transmission unit 21 receives authentication information (for example, user name and password) input by the user via this interface. Etc.) is transmitted to the management server 1s (step S203). The identification information receiving unit 42 of the management server 1s receives the transmitted authentication information via the network 2, and the authentication unit 41 includes the received authentication information and the authentication information previously stored in the authentication information table 60. Are compared to authenticate the user terminal 1c or the user using the user terminal 1c (step S204).

  More specifically, the authentication unit 41 of the management server 1s searches the authentication information table 60 using the user 62 or terminal name 62 or the authentication identifier 61 included in the received authentication information as a search key, and the extracted authentication information The authentication is performed by comparing the authentication code 63 and the password included in the received authentication information. In this embodiment, authentication information input by the user is transmitted. Alternatively, preset authentication information may be automatically transmitted when the user terminal 1c is activated. Good. Thereafter, the process proceeds to step S205. The authentication process may be an authentication process using an authentication protocol adopted according to the embodiment, such as a one-time password or an authentication process using a secret key and a public key.

  In step S205 to step S207, transmission / reception of restriction mode definition information is performed. The restriction mode definition information transmission unit 43 of the management server 1s searches the restriction mode definition information table 70 using the authentication identifier 61 of the user or user terminal 1c authenticated in step S204 as a search key, thereby restricting the restriction mode definition related to authentication. Information is extracted (step S205). Here, the restriction mode definition information transmission unit 43 compares the date and time information based on the internal clock (not shown) of the management server 1s with the expiration date 75 included in the restriction mode definition information, and exceeds the expiration date. Yes (expired) restricted mode definition information is not included in the extraction result. Then, the restriction mode definition information transmission unit 43 transmits the extracted restriction mode definition information to the user terminal 1c (step S206), and the restriction mode definition information reception unit 22 of the user terminal 1c transmits the restriction mode definition via the network 2. Definition information is received (step S207). Thereafter, the process proceeds to step S208.

  In step S208, it is determined whether there are a plurality of restriction mode definition information received in step S207. If it is determined that a plurality of restriction mode definition information has been received, the process proceeds to step S209. If it is determined that the received restriction mode definition information is not plural (single), the process proceeds to step S210.

  In step S209, if there is a plurality of received restriction mode definition information, selection by the user is accepted. Based on the received plurality of restriction mode definition information, the accepting unit 23 selects restriction mode definition information for allowing the user to select restriction mode definition information provided to the user terminal 1c among the plurality of restriction mode definition information. The interface 110 is displayed on the display 16c.

  FIG. 11 is a diagram showing an image of the restriction mode definition information selection interface 110 displayed on the display 16c in the present embodiment. The restriction mode definition information selection interface 110 includes a message display field 111 including a description of the restriction mode for the user, and a restriction mode selection button 112 on which the restriction mode name 72 and the expiration date 75 are displayed. The user can select a desired restriction mode by clicking the restriction mode selection button 112 using an input device such as a mouse 18c. The accepting unit 23 accepts selection of restriction mode definition information by the user via the restriction mode definition information interface. Thereafter, the process proceeds to step S210.

In step S210, the software identifier 51 is transmitted. The software receiving unit 28 of the user terminal 1c, among the software included in the software list 73 of the restriction mode definition information, software that is not subject to residual prevention, that is, regardless of whether or not the restriction mode is valid. The identifier of the software to be left on the HDD 13c is transmitted. Here, “residual prevention” refers to preventing data from remaining in the terminal by recording data in the temporary area 82. Software that is not subject to residual prevention is software that is preferably left in the system from the viewpoint of security, such as an operating system update file, a security countermeasure software update file, or a virus definition file. As a method for identifying software that is not subject to residual prevention, in addition to the method using the software information table 50B in which software information that is not subject to residual prevention in the present embodiment is stored, the user terminal 1c in advance. A method of setting, a method of including a flag for determining whether or not software information or restriction mode definition information held in the management server 1s is a target for remaining prevention, and the like may be employed. Thereafter, the process proceeds to step S211.

  In steps S211 and S212, the management server 1s receives the software identifier 51 and transmits the software body. The software transmission unit 45 of the management server 1s receives the software identifier 51 transmitted from the user terminal 1c (step S211), and searches the software information table 50B using the received software identifier 51 as a search key, whereby the user terminal The location (here, the file path 53 in the management server 1s) where the main body of the software requested from 1c is stored is acquired. Then, the software main body stored by the software storage unit 46 is read and transmitted to the user terminal 1c (step S212). Thereafter, the process proceeds to step S213.

  In step S213, the software body is received. The software receiving unit 28 of the user terminal 1c receives the software transmitted from the management server 1s and stores it in the HDD 13c. Note that the area on the HDD 13c where the received software is stored is not the temporary area 82 used to prevent the remaining software. Thereafter, the process proceeds to step S214.

  In step S214 and step S215, the restriction mode flag 81 is set and restriction mode definition information is stored. The restriction mode setting unit 24 sets a value indicating that the restriction mode is valid in the restriction mode flag 81 on the HDD 13c (step S214), and the restriction mode definition information (step S207) selected in step S209 is stored in the HDD 13c. If there is only one restriction mode definition information received in step S215, the restriction mode definition information is stored (step S215). That is, in these steps, information used after restarting the user terminal 1c is recorded in the HDD 13c which is a nonvolatile storage device. As a result, the restriction mode is continued even after the user terminal 1c is restarted, and the restriction mode definition information referred to after the restart is maintained. Thereafter, the process proceeds to step S216.

  In step S216 and step S217, the user authority in the operating system of the user terminal 1c is changed, and the user terminal 1c is restarted. The authority setting unit 25 operates so that the user at the next startup becomes a user who does not have authority to install software to the user terminal 1c or change to the system (hereinafter referred to as “restricted user”). The system setting is forcibly changed (step S216). More specifically, the authority setting unit 25 forcibly rewrites the login user when starting the operating system in the operating system start setting file (registry or the like) of the user terminal 1c to a restricted user having no administrator authority. Thereafter, restart of the system is started (step S217), and the processing shown in this flowchart ends.

When the system is restarted, the processing from step S201 is executed again. The restarted system operates as a restricted user. Further, since the restriction mode flag 81 is set to the restriction mode in step S214, it is determined in the determination process in step S202 that the restriction mode flag 81 is set to a value indicating that the restriction mode is valid.

  Next, referring to FIG. 10B, the flow of subsequent processing when it is determined in step S202 that the restriction mode flag 81 is set to a value indicating that the restriction mode is valid, that is, when the system operates in the restriction mode. The processing flow will be described.

  In step S221, the remaining prevention function is validated. The temporary area securing unit 27 of the user terminal 1c indicates that the residual prevention function is valid in the residual prevention function flag on the RAM 12c in response to the determination that the restriction mode flag 81 is valid in step S202. Is set, and the temporary area 82 is secured and initialized, thereby enabling the residual prevention function. The residual prevention function flag is a reference for determining whether the residual prevention function is valid or invalid by being referred to in a residual prevention process described later. The temporary area 82 is initialized by setting a pointer indicating the write address of the address of the temporary area 82 as the head address of the temporary area 82 (see FIG. 6). Thereafter, the process proceeds to step S222.

  In step S222, the software identifier 51 is transmitted. The software receiving unit 28 of the user terminal 1c, among the software included in the software list 73 of the restriction mode definition information stored in the HDD 13c in step S215, the software that is the target of remaining prevention, that is, after the use of the user terminal 1c is finished. The identifier of the software not left on the HDD 13c of the user terminal 1c is transmitted. As a method for identifying the software that is the target of the residual prevention, in addition to the method of using the software information table 50A in which the information of the software that is the target of the residual prevention in the present embodiment is stored, the software is previously set in the user terminal 1c. And a method of including a flag for determining whether or not the software information or restriction mode definition information held in the management server 1s is a target for remaining prevention may be employed. Thereafter, the process proceeds to step S223.

  In steps S223 and S224, the management server 1s receives the software identifier 51 and transmits the software body. Details of the process are substantially the same as those in step S211 and step S212, and thus the description thereof is omitted. Thereafter, the process proceeds to step S225.

  In step S225, the software body is received. The software receiving unit 28 of the user terminal 1c receives the software main body transmitted from the management server 1s and stores it in the temporary area 82 initialized in step S221. That is, the software main body received here is lost from the user terminal 1c when the use of the user terminal 1c is completed or restarted. Thereafter, the process proceeds to step S226.

In steps S226 and S227, the software is activated and the restricted mode leaving interface 120 is displayed. The software execution unit 31 of the user terminal 1c activates the software by reading the software body received in steps S213 and S225 and recorded in the HDD 13c to the RAM 12c and causing the CPU 11c to execute the software (step S226). That is, at this point, software functions are provided to the user who uses the information processing terminal, and the user can perform work using various software that operates on the user terminal 1c. Then, the user terminal 1c displays on the display 16c the restriction mode leaving interface 120 for accepting an end operation when the user finishes the work in the restriction mode (step S227). Thereafter, the processing shown in this flowchart ends. The software for activating the restricted mode leaving interface 120 may be software registered in the software information table 50A and received in step S225 (hereinafter, software for displaying the restricted mode leaving interface 120 will be referred to as software). This is called “exit interface providing software”). In this case, since the restricted mode leaving interface 120 is displayed in the software activation process in step S226, the process in step S227 is not necessary. In this case, the leaving interface providing software is recorded in the temporary area 82 and does not remain in the user terminal 1c. Therefore, by adjusting the timing for registering the leaving interface providing software in the restriction mode definition information table 70, the administrator can control the time when the leaving mode can be removed from the restriction mode. More specifically, the administrator does not register the leaving interface providing software in the restriction mode definition information table 70 at a time when the user terminal always wants to operate in the restriction mode. Withdrawal and environmental changes can be prevented.

  FIG. 12 is a diagram showing an image of the restriction mode leaving interface 120 displayed on the display 16c in the present embodiment. The restricted mode leaving interface 120 is a message 121 for notifying that the system of the user terminal 1c is currently operating in the restricted mode, and a return button for instructing to return to the unrestricted mode (leave the restricted mode). 122. The user operates an input device such as a pointing device provided in the user terminal 1c and clicks the return button 122, thereby giving an instruction to end the work in the restricted mode and shift to the non-restricted mode. .

  After the activation of the software in step S226, the user terminal 1c operates in the restricted mode until the user detects that the return button 122 is clicked, and the user performs work using various software activated in the user terminal 1c. It is possible. According to this embodiment, the OS of the user terminal 1c operates as a restricted user and the residual prevention function operates, so that the user can restrict software installation and changes to the system. Alternatively, the changed data is restricted from remaining in the HDD 13c after the restart.

  FIG. 13 is a flowchart showing the flow of the non-restricted mode transition process in this embodiment. The process shown in this flowchart is started when a user's instruction to shift to the non-restricted mode is detected. The user terminal 1c receives an instruction to shift to the non-restricted mode based on the user operation via the restricted mode leaving interface 120 (step S301), and the restricted mode flag 81 on the HDD 13c indicates that the restricted mode is invalid. A value is set (step S302). Note that address conversion by the residual prevention function is not performed for writing to the restriction mode flag 81. Specifically, in the residual prevention process described later, the temporary area recording unit 29 writes to the HDD 13c without performing address conversion only when the write address is an address indicating the restriction mode flag 81. By doing in this way, it is possible to leave the restriction mode even when the residual prevention function is effective.

  Thereafter, the user terminal 1c restarts (step S303), and the processing from step S201 is executed. At this time, since it is determined in step S202 that the restriction mode flag 81 is not set to a value indicating validity, the process proceeds to step S203, and thereafter, the system is not set until the restriction mode flag 81 is set to valid. Operates in restricted mode.

  In the restricted mode, the user has been changed to a user who does not have administrator authority (see step S216). However, the user setting can be made by a user operation or automatically after restarting after leaving the restricted mode. It may be returned to the user before the change.

  FIG. 14 is a flowchart showing the flow of the residual prevention process in this embodiment. The processing shown in this flowchart is started when a read access from the HDD 13c or a write access to the HDD 13c by the OS occurs.

  In steps S401 and S402, it is determined whether or not the HDD access by the OS is intercepted (hooked) and the residual prevention function flag is set to be valid. When the HDD access by the OS occurs, the temporary area recording unit 29 of the user terminal 1c intercepts this access and refers to the remaining prevention function flag on the RAM 12c. If a value indicating that the residual prevention function is valid is set in the residual prevention function flag, the process proceeds to step S404. If the value indicating that the residual prevention function is valid is not set in the residual prevention function flag, the process proceeds to step S403.

  In step S403, access to the HDD 13c is performed. Since the residual prevention function is not effective, the temporary area recording unit 29 permits normal read or write access to the HDD 13c. Here, the area on the HDD 13 c to be read or written is an area other than the temporary area 82. For example, the writing process to the HDD 13c of the software body (operating system update file, security countermeasure software update file, virus definition file, etc.) received in step S213 described above is performed in a state where the residual prevention function is not effective. Therefore, it is performed according to the processing of this step. Since the data written to the HDD 13c in this step is not lost even when the restricted mode is terminated or the user terminal 1c is restarted, it is preferable that the data is not lost regardless of whether the restricted mode is valid or invalid, such as a system update file. The data is preferably written to the HDD 13c in a state where the residual prevention function flag is not valid. Thereafter, the processing shown in this flowchart ends.

  In step S404, the type of access is determined. When the residual prevention function flag is valid, the temporary area recording unit 29 determines whether the intercepted access type is a write access. If the access type is write access, the process proceeds to step S405. If the access type is not write access, the process proceeds to step S407.

  In step S405 and step S406, writing to the temporary area 82 is performed, and the address conversion table 90 is updated. The temporary area recording unit 29 records the data relating to the prewritten write access in the write address indicated by the write address pointer in the temporary area 82 secured on the HDD 13c (step S405). Then, the conversion information accumulating unit 30 associates the write destination address (conversion source address 91) indicated by the OS in the intercepted write access with the address (conversion destination address 92) where the data is actually written. The data is stored in the address conversion table 90 on the RAM 12c (step S406). Here, the conversion destination address 92 is an address indicated by the write address pointer at the time of writing to the temporary area 82. Further, the temporary area recording unit 29 updates the write address pointer according to the size of the written data. Thereafter, the processing shown in this flowchart ends.

  The processing shown from step S407 to step S409 is read access processing from the HDD 13c when the residual prevention function is valid. The reading unit 32 searches the address conversion table 90 based on the read access read address intercepted by the operating system, so that the read address is registered as the source address 91 of the address conversion table 90. That is, it is determined whether or not the data requested by the operating system is recorded in the temporary area 82 (step S407). When the address indicated by the OS is extracted from the address conversion table 90, the process proceeds to step S408. If the address indicated by the OS is not extracted from the address conversion table 90, the process proceeds to step S409.

In step S <b> 408, data is read from the temporary area 82. The reading unit 32 uses the OS
The requested data is read by accessing the conversion destination address 92 extracted in step S407. That is, according to the processing shown in this flowchart, data can be written to and read from the temporary area 82 without making the OS aware that the data is being written to and read from the temporary area 82. . Thereafter, the processing shown in this flowchart ends.

  In step S409, data is read from the HDD 13c. The reading unit 32 reads data requested by the OS by accessing a read address specified by the OS. The read process according to this step is performed when a read request for data excluding data recorded under the restriction mode is made. Thereafter, the processing shown in this flowchart ends.

  Since the address conversion table 90 for converting the write destination in the HDD write access of the OS to the temporary area 82 is secured on the RAM 12c, it is lost upon restart. That is, the information written in the HDD 13c during the restricted mode becomes difficult to access because the recording position (address) is lost after the restart. For this reason, even if a situation such as infection with a virus in the restricted mode or inappropriate software being installed occurs, the OS cannot access these software after rebooting. The system is kept safe. Further, the pointer indicating the write address of the temporary area 82 is initialized to the head of the temporary area 82 (step S221), so that information already written in the temporary area 82 is overwritten by subsequent writing to the temporary area 82. Thus, the information itself written from the HDD 13c can be erased.

  In order to prevent the information written in the restricted mode from being acquired by a method such as directly referring to the information on the HDD 13c without referring to the OS file management table, the HDD 13c is obtained in the restricted mode. A method of encrypting information to be written, a method of overwriting information written in the HDD 13c under the restriction mode with random information, or the like may be employed.

  More specifically, the encryption processing unit in which the key information is set through the encryption processing unit (not shown) that encrypts the information written in the temporary region 82 and decrypts the information read from the temporary region 82. It is possible to prevent the contents of the information from being known by directly referring to the information on the HDD 13c without going through. At this time, the encryption key used for encryption may be managed by the user, or may be automatically generated every time the restriction mode is entered, and may be discarded when the restriction mode ends. According to the method of automatically generating each time when the restricted mode is entered and discarding it when the restricted mode ends, the user does not need to be aware of the management of the encryption key, and the information written in the temporary area 82 under the restricted mode when leaving the restricted mode. Acquisition can be very difficult.

According to the information processing terminal and the management server 1 s according to the present embodiment, high security is realized by using the temporary area 82 that restricts the function to the OS and encloses the program and data. It is possible to achieve both high security and high-speed overhead by suppressing resource consumption associated with virtualization, OS download, and the like, compared to the thin client method. More specifically, according to the present embodiment, the image to be prepared by the administrator is only the software image stored in the management server 1s. For this reason, the system according to the present embodiment is more effective in setting resources, such as storage area and bandwidth, and OS settings than the virtual machine method and thin client method in which an OS image needs to be prepared in addition to the software image. It is advantageous in terms of the required load. In addition, since virtual machine processing is not performed, processing is lighter than that of the virtual machine method, and a comfortable working environment can be easily prepared. In particular, since the temporary area 82 is a continuous storage area that is not fragmented, the restriction mode of this embodiment operates as a whole at high speed even in a general environment for accessing a fragmented HDD.

<Second Embodiment>
In the first embodiment described above, the leaving interface providing software for starting the leaving interface 120 is one of the software that is recorded in the temporary area 82 and executed by being registered in the software information table 50A. It is described that the administrator controls the timing when the user can leave the restriction mode by adjusting the timing of registration in the interface providing software restriction mode definition information table 70. Here, in the second embodiment, an embodiment in which the provision timing of the leaving interface providing software is controlled in more detail in order to prevent undesired restriction mode leaving or environment change due to the intention or negligence of the user. Will be described. Note that the configuration of the user terminal management system according to the present embodiment is substantially the same as that of the user terminal management system described in the first embodiment, and thus only the parts that are different from the first embodiment will be mainly described below. The same configuration as that of the first embodiment will be described using the same reference numerals.

  FIG. 15 is a diagram illustrating a configuration of the restriction mode definition information table 170 according to the second embodiment. The restriction mode definition information accumulated in the restriction mode definition information table 170 includes a restriction mode identifier 71, a restriction mode name 72, a software list 73, an authentication list 74, and a restriction mode definition information included in the restriction mode definition information used in the first embodiment. In addition to the restricted mode expiration date 75, a software condition list 76 is included. The software condition list 76 is a list in which one or a plurality of condition information identifiers (hereinafter referred to as condition identifiers 154) that define the distribution conditions of the software listed in the software list 73 are set. The user can receive provision of a work environment corresponding to the definition information by selecting desired restriction mode definition information from the plurality of types of restriction mode definition information presented.

  FIG. 16 is a diagram illustrating a configuration of the condition information table 150 according to the second embodiment. The condition information table 150 stores condition information including a condition identifier 154 and a condition 155 that defines a specific condition. The management server 1s specifies the condition information using the condition identifier 154 when the condition is set for the restriction mode or the distribution target software, and determines whether or not the current state matches the condition 155. As a result, it is determined whether or not software can be distributed.

  Specific contents set in the condition 155 are not particularly limited. For example, in addition to the distributable period, specific information specifying the user terminal 1c, a distributable user terminal MAC (Media Access Control) address, an IP (Internet Protocol) address, the user terminal 1c location information, and the like 155 can be set. In the example shown in FIG. 16, condition 1 is set as a condition that the current time is after 23:00 on May 2, 2007 and before 23:00 on May 3, 2007 In condition 2, the conditional expression is that the MAC address of the user terminal is after AA-BB-CC-DD-EE-00 and before AA-BB-CC-DD-EE-FF. It is set in the format. The condition 155 may be set with AND (logical product) or OR (logical sum) of the conditional expressions together with a plurality of different types of conditional expressions. More complicated conditions 155 can be set by determining a combination of multiple types of information using AND or OR.

Also in the present embodiment, the restriction mode definition information is created by the same process as the process described with reference to the flowchart of FIG. 8 in the description of the first embodiment. However, in the present embodiment, in the process corresponding to step S104 shown in FIG. 8, the management server 1s accepts input or selection of software distribution conditions in addition to the name of the restriction mode, software, authentication information, and expiration date. . When a software distribution condition is newly input, the management server 1s generates condition information according to the input content, sets a condition identifier 154, and accumulates it in the condition information table. The administrator can select appropriate condition information from the condition information already stored in the condition information table by selecting the condition identifier 154, the name of the condition information, and the like.

  The management server 1s creates restriction mode definition information including the input or selected information as a restriction mode name 72, a software list 73, a software condition list 76, an authentication list 74, and a restriction mode expiration date 75, and the restriction mode definition information. Accumulate in table 170.

  Next, the flow of the limited mode control process in this embodiment will be described. When the restriction mode flag 81 is not valid from the activation of the user terminal 1c, the process until the restriction mode flag 81 is validated and restarted (the process from step S201 to step S217), and the residual prevention from the reboot Since the flow of processing until the function is activated (steps S201, S202, and S221) is substantially the same as that in the first embodiment described with reference to FIGS. 10A and 10B, description thereof is omitted.

  FIG. 17 is a flowchart showing the flow of the restriction mode control process in the second embodiment. As described above, in the restricted mode control process, the process flow from the activation of the user terminal 1c until the restricted mode flag 81 is activated and restarted is substantially the same as that shown in FIG. 10A. Therefore, illustration is abbreviate | omitted. FIG. 17 shows a flow of processing after the terminal B shown in FIG. 10A in the limited mode control processing.

  In step S222b, the restricted mode identifier 71 is transmitted by the user terminal 1c. The software receiving unit 28 of the user terminal 1c transmits the restriction mode identifier 71 of the restriction mode definition information stored in the HDD 13c to the management server 1s. Thereafter, the process proceeds to step S223b.

  In step S223b and step S224b, the management server 1s receives the restriction mode identifier 71 and determines whether the software main body can be transmitted. The software transmission unit 45 of the management server 1s receives the restriction mode identifier 71 transmitted from the user terminal 1c (step S223b), and searches the restriction mode definition information table 170 using the received restriction mode identifier 71 as a search key. Thus, the software list 73 distributed in the restricted mode requested from the user terminal 1c is acquired. Further, the software transmission unit 45 searches the restriction mode definition information table 170 using the received restriction mode identifier 71 as a search key, thereby obtaining a software condition list 76 that is a distribution condition of software distributed in the restriction mode. . Then, the condition is acquired by searching the condition information table 150 based on the condition identifier 154 listed in the acquired software condition list 76, and it is determined whether or not the current state satisfies the acquired condition. (Step S224b). That is, in this embodiment, it is determined whether or not the software requested from the user terminal 1c can be transmitted to the user terminal 1c.

According to the example illustrated in FIGS. 15 and 16, when the management server 1 s receives instance 1 as the restriction mode identifier 71, the management server 1 s acquires the corresponding software list 73 and software condition list 76. The software condition list 76 includes condition 1 which is an identifier 154 of condition information for determining whether or not the leaving interface providing software (service 6) can be transmitted (see FIG. 15). Therefore, the software transmission unit 45 refers to the condition information whose identifier 154 is condition 1 (see FIG. 16), and the current time is later than 23:00 on May 2, 2007 and 20
It is determined whether or not it is before 23:00 on May 3, 2007. If it is determined by the condition determination that transmission of software is possible, the process proceeds to step S224c. If it is determined that the software cannot be transmitted, the process proceeds to step S224d.

  In step S224d, it is determined whether or not transmission of all the software requested by the user terminal 1c is possible, and it is determined whether or not transmission of all the software that can be transmitted is completed. When it is determined that transmission of all transmittable software has been completed, the processing shown in this flowchart ends. If there is software whose transmission is not yet determined and transmission of all software that can be transmitted has not been completed, the process proceeds to step S224b. In other words, the processing shown in steps S224b to S224d is repeatedly executed until transmission of all transmittable software is completed.

  In step S224c, the software main body is transmitted by the management server 1s. The software transmission unit 45 of the management server 1s searches the software information table 50A using the software identifier 51 of the software determined to be transmittable in step S224b as a search key, so that the main body of the software to be transmitted is stored To get. Then, the software main body stored by the software storage unit 46 is read and transmitted to the user terminal 1c. Thereafter, the process proceeds to step S225.

  In steps S225 and S226, the software body is received and activated. The software receiving unit 28 of the user terminal 1c receives the software main body transmitted from the management server 1s and stores it in the temporary area 82 initialized in step S221 (step S225). Then, the software execution unit 31 of the user terminal 1c activates the software by reading the software main body received in steps S213 and S225 and recorded in the HDD 13c into the RAM 12c and causing the CPU 11c to execute the software (step S226). Thereafter, the processing shown in this flowchart ends.

  In the present embodiment, the leaving interface providing software is software registered in the software information table 50A and received in step S225. Therefore, the restriction mode leaving interface 120 is displayed in the software activation process in step S226. For this reason, in this embodiment, the process of step S227 demonstrated in 1st embodiment is unnecessary.

  According to the user terminal management system shown in the present embodiment, it is possible to control whether or not the user terminal 1c can leave the restricted mode by flexible condition setting. Further, it is not preferable due to intention or negligence of the user. It is possible to prevent the restriction mode from leaving or changing the environment.

<Other embodiments>
FIG. 18 is a diagram showing a configuration of a software information table 50C in another embodiment. In the example described with reference to FIG. 15 in the second embodiment, the same software is different for each restriction mode by setting the software condition list 76 for the software list 73 defined in each restriction mode identifier 71. The configuration was such that it could be provided in time. On the other hand, as shown in FIG. 18, if the software condition list 54 is set for each software identifier 51, the service provision time is changed for each software at once only by changing the software condition list 54. It becomes possible. According to such an embodiment, it is possible to provide a configuration for providing the leaving interface providing software in the same time zone in any restriction mode.

FIG. 19 is a diagram showing the configuration of the restriction mode definition information table 270 in other embodiments. In the example shown in FIG. 19, an authentication condition list 77 is set for each authentication list 74. The identification information receiving unit 42 of the management server 1s determines whether or not the received authentication information satisfies the condition information listed in the authentication condition list 77 in step S204 where user authentication is performed, and satisfies the condition. Only when this is done, the processing proceeds to the subsequent processing (processing after step S205). Note that the condition information for authentication evaluated here may be accumulated in the condition information table 150 shown in FIG. 16 together with the condition information for determining whether software distribution is possible. According to this configuration, in addition to the authentication for each user group defined in the restriction mode identifier 71, an authentication condition for each user can be set.

  In the example described with reference to FIG. 15 in the second embodiment, the limit mode expiration date (life) is given by setting the limit mode expiration date 75 for each limit mode. Instead, in the example shown in FIG. 19, a restriction mode condition list 78 is provided for each restriction mode. Then, in step 204, the identification information receiving unit 42 of the management server 1s receives the specific information specifying the user terminal together with the authentication information or included in the authentication information, and the received specific information is in the restricted mode. It is determined whether or not the condition information listed in the condition list 78 is satisfied, and only when the condition is satisfied, the process proceeds to the subsequent process (the process after step S205). Here, the specific information for specifying the user terminal is, for example, the MAC address of the user terminal, the IP address assigned to the user terminal, or the position information acquired by the GPS (Global Positioning System) provided in the user terminal 1c. Etc. According to this configuration, it is possible to set usage restrictions based on information specifying the user terminal, such as the MAC address, IP address, and location information of the user terminal 1c, as well as the limited mode availability period.

  For example, when the position information of the user terminal 1c is latitude / longitude information acquired by GPS or the like, the user terminal 1c has a function of acquiring latitude / longitude information, and the acquired latitude / longitude information together with the authentication information or authentication. It is included in the information and transmitted to the management server 1s. The latitude / longitude range is set in the condition 155 of the corresponding condition information (condition α in FIG. 19). For example, the management server 1s leaves only when the user terminal 1c is in the set latitude / longitude range. Distribute interface providing software.

  Further, for example, IP address information assigned to the user terminal 1c by an Internet connection provider or a DHCP server (IP address automatic assignment server in the local area network) or the like is included in the authentication information or included in the authentication information to the management server 1s. It is good also as transmitting. In this case, an IP address range is set in the condition 155 of the corresponding condition information (condition α in FIG. 19). For example, only when the user terminal 1c is in the set IP address range, the management server 1s distributes the leaving interface providing software.

DESCRIPTION OF SYMBOLS 1 User terminal management system 1s Management server 1c Information processing terminal 21 Identification information transmission part 22 Restriction mode definition information reception part 24 Restriction mode setting part 25 Authority setting part 26 Judgment part 27 Temporary area securing part 28 Software reception part 29 Temporary area recording part 30 Conversion Information Storage Unit 31 Software Execution Unit 41 Authentication Unit 42 Identification Information Reception Unit 43 Restricted Mode Definition Information Transmission Unit 45 Software Transmission Unit

Claims (16)

An information processing terminal that has a nonvolatile storage device and is communicably connected to a management server,
A temporary area securing means for securing a part of the area in the nonvolatile storage device as a temporary area that is initialized when the information processing terminal is activated or terminated;
Identification information transmitting means for transmitting identification information for identifying a user who uses the information processing terminal or the information processing terminal to the management server;
Software receiving means for receiving software corresponding to the information processing terminal or user related to the identification information from the management server that received the identification information;
Temporary area recording means for recording the software received by the software receiving means in the temporary area;
Software execution means for providing a function of the software to a user who uses the information processing terminal by reading and executing the software from the temporary area;
An information processing terminal comprising: A list of software indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information, or a combination of software for providing a predetermined service to the user related to the identification information, Software list receiving means for receiving identification information from the management server;
Accepting means for presenting one or more lists received by the software list receiving means to the user and receiving selection of the list by the user;
Further comprising
The software receiving means receives software included in the selected list from the server;
The information processing terminal according to claim 1. The information processing terminal further includes a volatile storage device,
The temporary area recording means intercepts the write access to the nonvolatile storage device by the operating system of the information processing terminal, and converts the write destination address of the write access to an address in the temporary area, so that the software Record the software received by the receiving means in the temporary area,
Conversion information storage means for storing, in the volatile storage device, conversion information indicating a correspondence relationship between an address before conversion of the converted write access and an address after conversion;
The information processing terminal according to claim 1 or 2. The temporary area is initialized by losing conversion information stored in the volatile storage device when the information processing terminal is activated or terminated.
The information processing terminal according to claim 3. A management server communicably connected to a user terminal that is an information processing terminal used by a user,
Identification information receiving means for receiving, from the user terminal, identification information for identifying the user terminal or a user who uses the user terminal;
Software transmission means for transmitting software corresponding to the user terminal or the user according to the identification information to the user terminal and storing the software in a temporary area that is initialized when the user terminal is activated or terminated;
A management server comprising: A software list indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information or a combination of software for providing a predetermined service to the user related to the identification information is stored. Software list storage means;
A software list transmission means for transmitting the list corresponding to the information processing terminal or user according to the identification information;
Further comprising
The software transmission means transmits software requested by the user terminal to the user terminal based on a list selected by the user terminal among one or a plurality of lists transmitted by the software list transmission means. To
The management server according to claim 5. The list is stored in association with information indicating an expiration date of the list,
The software list transmission means transmits only the list within the expiration date among the list corresponding to the information processing terminal or user related to the identification information,
The management server according to claim 6. Further comprising authentication means for authenticating the user terminal or a user using the user terminal using the identification information received by the identification information receiving means;
The software transmission means transmits software associated with the authenticated user terminal or user;
The management server according to any one of claims 5 to 7. An information processing terminal having a non-volatile storage device and connected to be able to communicate with the management server
A temporary area securing step for securing a partial area in the nonvolatile storage device as a temporary area that is initialized when the information processing terminal is activated or terminated;
An identification information transmission step of transmitting identification information for identifying the user who uses the information processing terminal or the information processing terminal to the management server;
Software receiving step for receiving software corresponding to the information processing terminal or user related to the identification information from the management server that received the identification information;
A temporary area recording step of recording the software received in the software receiving step in the temporary area;
A software execution step of providing the function of the software to a user who uses the information processing terminal by reading and executing the software from the temporary area;
An information processing method is executed. The information processing terminal
A list of software indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information, or a combination of software for providing a predetermined service to the user related to the identification information, A software list receiving step for receiving the identification information from the management server;
An accepting step of presenting one or a plurality of lists received in the software list receiving step to a user and receiving selection of the list by the user;
And execute
In the software receiving step, software included in the selected list is received from the server.
The information processing method according to claim 9. A management server that is communicably connected to a user terminal that is an information processing terminal used by a user,
An identification information receiving step for receiving, from the user terminal, identification information for identifying the user terminal or a user who uses the user terminal;
A software transmission step of transmitting software corresponding to the user terminal or the user according to the identification information to the user terminal and storing the software in a temporary area that is initialized when the user terminal is activated or terminated;
The management method of the information processing terminal which performs. The management server
A software list indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information or a combination of software for providing a predetermined service to the user related to the identification information is stored. Software list accumulation step;
A software list transmission step of transmitting the list according to an information processing terminal or a user according to the identification information;
And execute
In the software transmission step, software requested by the user terminal based on a list selected in the user terminal among one or a plurality of lists transmitted in the software list transmission step is transmitted to the user terminal. To be
The management method according to claim 11. An information processing terminal having a non-volatile storage device and connected to be able to communicate with the management server,
A temporary area securing means for securing a part of the area in the nonvolatile storage device as a temporary area that is initialized when the information processing terminal is activated or terminated;
Identification information transmitting means for transmitting identification information for identifying a user who uses the information processing terminal or the information processing terminal to the management server;
Software receiving means for receiving software corresponding to the information processing terminal or user related to the identification information from the management server that received the identification information;
Temporary area recording means for recording the software received by the software receiving means in the temporary area;
Software execution means for providing a function of the software to a user who uses the information processing terminal by reading and executing the software from the temporary area;
An information processing program that functions as The information processing terminal
A list of software indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information, or a combination of software for providing a predetermined service to the user related to the identification information, Software list receiving means for receiving identification information from the management server;
Accepting means for presenting one or more lists received by the software list receiving means to the user and receiving selection of the list by the user;
To further function,
The software receiving means receives software included in the selected list from the server;
The information processing program according to claim 13. A management server that is communicably connected to a user terminal that is an information processing terminal used by a user,
Identification information receiving means for receiving, from the user terminal, identification information for identifying the user terminal or a user who uses the user terminal;
Software transmission means for transmitting software corresponding to the user terminal or the user according to the identification information to the user terminal and storing the software in a temporary area that is initialized when the user terminal is activated or terminated;
Management program for information processing terminal to function as The management server
A software list indicating a combination of software for building a predetermined work environment in the information processing terminal related to the identification information or a combination of software for providing a predetermined service to the user related to the identification information is stored. Software list storage means;
A software list transmission means for transmitting the list corresponding to the information processing terminal or user according to the identification information;
Further function as
The software transmission means transmits software requested by the user terminal to the user terminal based on a list selected by the user terminal among one or a plurality of lists transmitted by the software list transmission means. To
The management program according to claim 15.

Images