JP2017059873A - Remote control device and control system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To remote control equipment installed inside a firewall from outside the firewall without deteriorating security strength.SOLUTION: A remote control device installed inside the firewall includes: a receiver unit which receives an encrypted electronic mail with an electronic signature, transmitted from a terminal device installed outside the firewall; a verification unit which decrypts the encrypted electronic mail, and verifies the electronic signature in the electronic mail; an analysis unit which, when the verification of the electronic signature is successful, analyzes the electronic mail to identify control target equipment which is provided inside the firewall and identify a command to be executed by the equipment; an instruction unit which instructs the identified equipment to execute the identified command; and a transmitter unit which acquires a command execution result from the equipment, and transmits it to the terminal device.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a remote control device for remotely controlling a target device installed inside a firewall, a control system, and the like.

  Conventionally, techniques for controlling cameras, network devices, and the like from a remote location are widely known.

  Patent Document 1 discloses a technique for performing system switching by remote control. In the method described in Patent Document 1, remote control is realized by a switching control unit that performs switching control of the low-order line switch device and the high-order line switch device. Specifically, when the switching control unit receives an instruction to form a detour from the outside, the switching control unit creates a control signal based on the instruction, and based on the instruction, the low-order line switch device and the high-order line switch Switch devices to form a detour to the standby system. In the method described in Patent Document 1, this makes it possible to quickly switch to the standby system when the system is down.

JP 05-030059 A

For example, in an in-house system constructed using an in-house network such as an intranet inside a company or the like, communication between the outside network and the in-house network is usually restricted by a firewall.
Therefore, in the conventional method as described in Patent Document 1, in order to control the control target device installed inside the firewall from the outside of the firewall, it is necessary to change the setting of the firewall. Further, since the control command is directly sent over the network, there is a possibility that the command or the control password may be easily eavesdropped due to eavesdropping or the like.

  In view of the above circumstances, an object of the present invention is to make it possible to remotely control a device installed inside a firewall from outside the firewall without reducing the security strength. .

  A remote control device according to the present invention is a remote control device installed inside a firewall, and transmits an encrypted electronic signature with an electronic signature transmitted from a terminal device installed outside the firewall. A receiving unit for receiving, a verification unit for decrypting the encrypted email and verifying the electronic signature applied to the email, and if the electronic signature can be verified, the email is analyzed, and the inside of the firewall An analysis unit for specifying a device to be controlled and specifying a command to be executed by the device, an instruction unit for instructing the specified device to execute the specified command, and a command execution result A transmission unit that acquires from the device and transmits to the terminal device.

  A control system according to the present invention is a control system including a remote control device installed inside a firewall and a terminal device installed outside the firewall, and the remote control device is transmitted from the terminal device. A receiving unit that receives an encrypted and electronically signed email, a verification unit that decrypts the encrypted email and verifies the electronic signature applied to the email, and the electronic signature is verified If it can, the analysis unit that analyzes the e-mail, identifies the device to be controlled inside the firewall and identifies the command to be executed by the device, and the command identified for the identified device An instruction unit for instructing execution of the command, and a transmission unit for acquiring a command execution result from the device and transmitting the command execution result to the terminal device. A user interface for assistance comprising a support unit to be displayed on the screen of the terminal device.

  In this specification and the like, the “unit” does not simply mean a physical configuration, but also includes a case where the functions of the configuration are realized by software. In addition, functions of one configuration may be realized by two or more physical configurations, or functions of two or more configurations may be realized by one physical configuration.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to remotely control the apparatus installed inside the firewall from the outside of the firewall without reducing the security strength.

It is a block diagram which shows an example of the system configuration | structure of the control system in the 1st Embodiment of this invention. It is a figure which shows an example of the functional block of the terminal and remote control apparatus in the 1st Embodiment of this invention. It is a figure which shows an example of the processing flow of the remote control apparatus in the 1st Embodiment of this invention. It is a figure which shows an example of the processing flow of the control system in the 1st Embodiment of this invention. It corresponds to FIG. 1 and is a block diagram showing an example of a system configuration of a control system according to a second embodiment of the present invention. It is a figure corresponding to FIG. 4 and showing an example of the processing flow of the control system in the 2nd Embodiment of this invention. It is a figure which shows an example of the hardware constitutions of the terminal and remote control apparatus in embodiment of this invention.

[First Embodiment]
Hereinafter, one embodiment of the present invention will be described in detail. The following embodiments are examples for explaining the present invention, and are not intended to limit the present invention only to the embodiments. The present invention can be variously modified without departing from the gist thereof. Furthermore, those skilled in the art can employ embodiments in which the elements described below are replaced with equivalent ones, and such embodiments are also included in the scope of the present invention. Furthermore, positional relationships such as up, down, left, and right shown as needed are based on the display shown unless otherwise specified. Furthermore, various dimensional ratios in the drawings are not limited to the illustrated ratios.

<1. Overview of system configuration>
FIG. 1 shows an example of a configuration of a control system 10 including a remote control device 100 and a terminal 200 according to the present embodiment. As shown in FIG. 1, the control system 10 includes a remote control device 100, a terminal 200, devices 300A to 300C (hereinafter also collectively referred to as “device 300”), a mail server M, and a firewall F1.

  The terminal 200 is connected to a network N1 such as the Internet or a dedicated line. On the other hand, the remote control device 100 and the device 300 are connected to the network N1 through the firewall F1.

  Hereinafter, the network inside the firewall F1 is referred to as an in-house network N2. The internal network N2 is an intranet configured to be connectable to the network N1 only through the firewall F1, for example.

  The terminal 200 is a computer connected to the network N1. Specifically, examples of the terminal 200 include a mobile phone, a smartphone, a PC (Personal Computer), a server device, a PDA (Personal Digital Assistants), a tablet, and a wearable terminal. The user of the terminal 200 uses this terminal 200 to remotely control the device 300 from the network N1. Specifically, the user can create an e-mail for controlling the device 300 using the terminal 200.

  The remote control device 100 is a computer connected to the in-house network N2, and examples thereof include a PC and a server device. The remote control device 100 receives an electronic mail from the terminal 200 through the firewall F1, and instructs the device 300 to execute the command based on the command described in the electronic mail.

  In the present embodiment, the mail server M is installed in a DMZ (demilitized zone) of the firewall F1, and is configured to relay transmission / reception of mail between the network N1 and the corporate network N2. The mail server M installed in the control system 10 is not limited to one. In this case, transmission / reception of mail between the network N1 and the in-house network N2 may be performed via a plurality of mail servers. Further, the installation location of the mail server M is not limited to the DMZ, and may be, for example, a configuration directly connected to the network N1 or a configuration connected to the in-house network N2.

  The firewall F1 may be realized by dedicated hardware, or may be realized by installing dedicated software on a PC or the like, but is not particularly limited. Moreover, the structure which installs the software for firewalls in the terminal 200 and the remote control apparatus 100 itself may be sufficient.

The firewall F1 is configured to permit only communication set in advance in communication between the network N1 and the in-house network N2.
In the present embodiment, the firewall F1 is at least set to permit delivery of mail transmitted from the network N1 via the mail server M installed in the DMZ into the in-house network N2. .

  The device 300 refers to a device group that is a target of remote control by the remote control device 100 according to the present embodiment. The device 300 may be any device that has an interface for receiving commands from the outside, such as a network device such as a router or a switch, a monitoring device such as a camera or a sensor, a server device, or a robot. .

<2. Functional configuration>
<2-1. Functions of terminal 200>
With reference to FIG. 2A, a functional configuration of the terminal 200 according to the present embodiment will be described.
The terminal 200 is configured to transmit an e-mail for remotely controlling the device 300 to the remote control device 100. In addition, the terminal 200 can encrypt or electronically sign an electronic mail to be transmitted by a method such as S / MIME (Secure / MIME) or PGP (Pretty Good Privacy).
By encrypting the electronic mail for remote control, it is possible to prevent leakage of the control command even when the electronic mail is eavesdropped on the network N1, for example. Further, tampering can be prevented by applying an electronic signature to an electronic mail for remote control.

  In the present embodiment, the remote control e-mail includes at least an identifier of a transmission source user, a transmission source e-mail address, a transmission destination e-mail address, and information for specifying the device 300 to be controlled (for example, an IP address, an identifier, etc. ), The command to use is included.

  The terminal 200 has an operation assistance data DB 231, a command execution history DB 232, and a support unit 201 as shown in FIG. 2A as a configuration for supporting creation of an electronic mail for remote control by the user. Yes.

  The operation assistance data DB 231 stores data for supporting creation of an e-mail used for remote control. For example, the operation assistance data DB 231 stores an IP address, a Mac address, a manufacturer, a model number, and the like associated with the identifier of the device 300. The identifier of the device 300 is associated with the identifier of a user who has authority to operate the device 300 (hereinafter also referred to as “administrative user”), the password for authentication, and the range of the operation authority. Yes. The scope of operation authority refers to, for example, the types of commands that the corresponding management user is permitted to use under the framework of the present invention.

In the operation assistance data DB 231, an identifier of a command that can be used in the control system 10 under the framework of the present invention and an identifier of the device 300 to be executed are stored in association with each other.
Further, the operation assistance data DB 231 stores the configuration of the in-house network N2, a secret key used for e-mail encryption and electronic signature, and the like.

  In the command execution history DB 232, in the control system 10, the identifier of the command that has been executed so far is associated with the identifier of the user who has instructed execution, the identifier of the executed device 300, the execution date and time, the execution result, and the like. Saved. When a user who is instructed to execute is a non-administrative user, a symbol such as “UNKOWN” may be stored in the user identifier. Although details will be described later, in this case, it is desirable that the command is not executed by the processing of the remote control device 100 described later.

  The support unit 201 is configured to provide a user with a UI (User Interface) for supporting creation of an electronic mail for remote control. For example, the support unit 201 refers to the operation assistance data DB 231, displays a list of devices 300 that can be remotely controlled, and provides a screen that accepts selection of the device 300 to be controlled by the user. Further, the support unit 201 refers to the operation assistance data DB 231 and displays a list of commands that can be used in the selected device 300 and provides a screen for accepting selection of a command to be used by the user.

  The support unit 201 can accept selection of a device 300 to be controlled and a command to be used from the user by displaying a pull-down or a check box, for example.

  Further, the support unit 201 can accept a user operation by clicking a button or the like, and can encrypt the created e-mail by using a secret key stored in the operation auxiliary data DB 231 to apply an electronic signature. It is. The support unit 201 can also invalidate the electronic signature based on an operation from the user. The support unit 201 can also update the secret key stored in the operation assistance data DB 231 at a predetermined cycle. As a result, the security strength of the control system 10 can be increased.

  Further, the support unit 201 receives a user operation by clicking a button or the like, and transmits the created electronic mail to the remote control device 100. Note that a general mail delivery protocol such as SMTP is used for transmission of the e-mail from the support unit 201 to the remote control device 100. However, as long as the firewall F1 uses a protocol that allows communication. It is not limited to this. For example, HTTP, FTP, UUCP, Messaging Network, or the like may be used for sending an e-mail from the support unit 201 to the remote control device 100.

<2-2. Functions of remote control device 100>
FIG. 2B is a diagram illustrating an example of a functional block diagram of the remote control device 100. The remote control device 100 includes, for example, a control data DB 131, a command execution history DB 132, a reception unit 101, a verification unit 102, an analysis unit 103, an instruction unit 104, and a transmission unit 105.

(A) Database The control data DB 131 stores the identifier of the management user in association with the e-mail address, the identifier of the device 300 permitted to be controlled, the public key, and the identifier of the usable command. Has been. A plurality of e-mail addresses may correspond to one management user identifier. The control DB 131 may store a password used for decrypting the e-mail in association with the management user identifier.

  The control data DB 131 stores the identifier of the device 300 in association with the IP address of the device 300, the identifier of the command that receives control, the available protocol, and the like.

  Similarly to the command execution history DB 232 in the terminal 200, the command execution history DB 132 also stores the execution history of commands executed so far in the control system 10. The command execution history DB 132 preferably stores information related to an email for which a command has not been executed by processing performed by the verification unit 102 and the analysis unit 103 described later. The information regarding the electronic mail for which the command has not been executed is, for example, the identifier of the transmission source user, the mail address, the mail reception date and time, the reason for discarding, and the like.

  Note that the command execution history DB 132 may be stored in the cloud, for example, without being built in the remote control device 100. In this case, the instruction unit 104, which will be described later, can store the execution result in the command execution history DB 132 using a protocol such as HTTP, for example.

(B) Receiving unit 101
The receiving unit 101 receives an e-mail transmitted from the terminal 200. For example, the receiving unit 101 can receive an e-mail via a mail server M installed in the DMZ.

(C) Verification unit 102
The verification unit 102 decrypts the electronic mail received by the reception unit 101 and verifies the electronic signature. Specifically, the verification unit 102 first decrypts the e-mail. For example, the verification unit 102 can acquire a password and a public key corresponding to the email address of the electronic mail from the control DB 131 and perform decryption using these.

  Next, the verification unit 102 refers to the control DB 131 and confirms whether the e-mail transmission source mail address corresponds to the identifier of any management user registered in the control data DB 131. To do. If the transmission source address does not correspond to the identifier of the management user, the verification unit 102 can notify the administrator of the in-house network N2, for example.

Next, the verification unit 102 verifies the electronic signature using the user's public key corresponding to the transmission source mail address. For example, when the electronic signature cannot be verified, the verification unit 102 can notify the terminal 200 that is the transmission source that the electronic mail is invalid.
The verification unit 102 can automatically invalidate the public key stored in the control DB 131 when the secret key is stolen. The verification unit 102 can perform this processing by using, for example, a CRL (Certificate Revocation List).

(D) Analysis unit 103
The analysis unit 103 analyzes the email verified by the verification unit 102 and identifies the device 300 to be controlled. In addition, the analysis unit 103 identifies a command to be executed by the device 300 from the email. For example, the analysis unit 103 can specify the device 300 and the command by existing text analysis or the like.

  Further, the analysis unit 103 refers to the control data DB 131 and determines whether or not the command can be executed based on whether or not the specified command is usable in the specified device 300 (hereinafter, “ It is also called “determination of correspondence”. Further, the analysis unit 103 determines whether or not the command can be executed based on whether or not the combination of the specified command and the device 300 is permitted to the user who transmitted the e-mail (hereinafter, “determination of authority”). Can also be called.).

  If the analysis unit 103 determines that the specified command cannot be executed by determining the correspondence or determining authority, for example, the analysis unit 103 can notify the transmission source user. In this case, the analysis unit 103 may notify the administrator of the in-house network N2.

(E) Instruction unit 104
The instruction unit 104 is configured to notify the device 300 identified by the analysis unit 103 of the analyzed command and instruct its execution. The instruction unit 104 can perform command notification using, for example, a protocol such as Telnet, ssh, and http, or a predetermined API. The instruction unit 104 can determine the notification method to be used with reference to the control data DB 131.

  In addition, the instruction unit 104 can acquire a command execution result from the device 300. For example, when the acquired execution result indicates an abnormal end of the control process, the instruction unit 104 may repeat the command notification a predetermined number of times. The instruction unit 104 associates the acquired execution result with the notified command identifier, the identifier of the notification target device 300, the execution time, and the like, and saves them in the command execution history DB 132.

(F) Transmitter 105
The transmission unit 105 is configured to transmit the execution result acquired by the instruction unit 104 to the terminal 200. For example, the transmission unit 105 can transmit an e-mail describing the execution result to the transmission source address of the e-mail received by the reception unit 101. Note that the transmission unit 105 can encrypt an electronic mail in which the execution result is recorded, or can apply an electronic signature.

(G) Processing Flow FIG. 3 is a flowchart showing an example of the processing flow of the remote control device 100 according to the present embodiment. Each processing step included in the processing flow described below can be executed in any order or in parallel as long as there is no contradiction in the processing contents. These steps may be added. Further, a step described as one step for convenience can be executed by being divided into a plurality of steps, while a step described as being divided into a plurality of steps for convenience can be grasped as one step.

  The receiving unit 101 of the remote control device 100 receives the email transmitted by the terminal 200 (S101: YES). The receiving unit 101 may receive the electronic mail transmitted from the terminal 200 by relaying it to another terminal or the mail server M.

  The verification unit 102 decrypts the electronic mail received by the reception unit 101 and verifies the electronic signature (S102). When the electronic signature cannot be verified (S103: NO), for example, the verification unit 102 returns an electronic mail to the terminal 200 and notifies the administrator (S153).

  When the verification unit 102 can verify the electronic signature (S103: YES), the analysis unit 103 analyzes the electronic mail and identifies the device 300 that performs control and the command to be executed (S104). Further, the analysis unit 103 determines the correspondence and authority, and determines that the command cannot be executed (S105: NO), for example, returns an e-mail to the terminal 200 and sends it to the administrator. A report is made (S153).

  On the other hand, when the analysis unit 103 determines that the command can be executed (S105: YES), the instruction unit 104 refers to the control data DB 131, selects an appropriate protocol, and selects the specified command. The specified device is notified and the execution is instructed (S106).

  When the execution of the notified command is completed in the device 300, the instruction unit 104 acquires the execution result from the device 300 (S107). When the result indicating that the command execution has failed is acquired from the control target device 300, the instruction unit 104 may repeatedly notify the command a predetermined number of times until the command execution is normally completed. The instruction unit 104 stores the acquired execution result, the command that has notified the execution, and the identifier of the device 300 in the command execution history DB 132.

  The transmission unit 105 transmits the execution result acquired by the instruction unit 104 to the terminal 200 (S108). At this time, the transmission unit 105 can transmit the execution result using an electronic mail with encryption or a digital signature.

<3. Processing sequence>
FIG. 4 is a sequence diagram illustrating a processing flow of the control system 10 according to the present embodiment.
When performing remote control by the control system 10, first, the user uses the terminal 200 to create an e-mail describing a command necessary for remotely controlling the device 300 (S21). At this time, the support unit 201 can support creation of an e-mail by presenting a command list screen or a list screen of the device 300 to the user with reference to the operation assistance DB 231. Further, the support unit 201 encrypts the created electronic mail and applies an electronic signature (S22). The terminal 200 transmits the created electronic mail to the remote control device 100 (S23).

  The receiving unit 101 of the remote control device 100 receives the transmitted electronic mail, for example, via the mail server M (S11). The verification unit 102 decrypts the received electronic mail and verifies the electronic signature (S12). If the electronic signature can be verified, the analysis unit 103 then analyzes the electronic mail to identify the device 300 to be controlled and the command to be executed (S13). At this time, the analysis unit 103 also determines the correspondence and authority.

  When the analysis unit 103 determines that the command can be executed, the instruction unit 104 instructs the device 300 to be controlled to execute the specified command (S14). The device 300 that has received the instruction executes the command (S31). When the execution of the command is completed, the instruction unit 104 acquires the execution result of the command from the device 300 (S15). If the execution result is abnormal termination, the instruction unit 104 can notify the device 300 of the execution of the command by repeating a predetermined number of times. The instruction unit 104 stores the acquired execution result, the command that has notified the execution, and the identifier of the device 300 in the command execution history DB 132 (S16).

  The transmission unit 105 transmits the execution result acquired by the instruction unit 104 to the terminal 200 after performing, for example, encryption or digital signature (S17). Upon receiving the execution result, the terminal 200 performs decryption and verification of the electronic signature (S24). When the execution result is decrypted / verified, the terminal 200 adds, to the identifier of the command executed in the command execution history DB 232, the identifier of the user who has instructed execution, the identifier of the executed device 300, the execution date and time, and the execution result. Is stored (S25).

  Thus, according to the remote control device 100 according to the present embodiment, it is possible to remotely control the device 300 provided inside the firewall from the outside without changing the firewall settings. Furthermore, according to the remote control device 100 according to the present embodiment, remote control can be performed from the outside without changing the setting of the Internet inside the firewall and the configuration of the in-house network N2.

[Second Embodiment]

  In the second and subsequent embodiments, description of matters common to the first embodiment is omitted, and only different points will be described. In particular, the same operation effect by the same configuration will not be sequentially described for each embodiment.

  FIG. 5 is a system configuration diagram of the control system 10 according to the present embodiment. In the present embodiment, the control system 10 has a terminal 210 outside the in-house network N2 and a terminal 220 inside. Terminals 210 and 220 are terminals used by authorized users.

  In the present embodiment, when the support unit 201 of the terminal 200 accepts transmission of an e-mail from the user, the support unit 201 transmits an approval request mail to the terminal 210, for example, before transmitting the e-mail to the remote control device 100. . When the approval user approves the transmission of the e-mail and the terminal 200 receives the approval notification from the terminal 210, the support unit 201 transmits the e-mail to the remote control device 100. When the approved user rejects the transmission, the support unit 201 notifies the user of the terminal 200 to that effect.

The support unit 201 can also display a request for approval on, for example, a popup on the screen of the terminal 210 by instructing predetermined software installed in the terminal 210, for example.
Other configurations and functions of the terminal 200 are the same as those in the first embodiment.

In the present embodiment, the instruction unit 104 of the remote control device 100 transmits an approval mail to the terminal 220 before notifying the device 300 of the command. When the authorized user permits the execution of the command and the remote control device 100 receives the notification of the permission from the terminal 220, the instruction unit 104 instructs the device 300 to execute the command.
Other configurations and functions of the remote control device 100 are the same as those in the first embodiment.

  FIG. 6 is a sequence diagram showing a processing flow of the control system 10 according to the present embodiment. Differences from the processing flow in the first embodiment will be described with reference to FIG.

  In this embodiment, the terminal 200 encrypts the created electronic mail and applies an electronic signature (S22), and transmits an approval request mail to the terminal 210 (S211). When the approval request mail is received at the terminal 210 and the approval user approves the transmission of the e-mail, the terminal 210 transmits a notification indicating the approval to the terminal 200 (S212). When receiving the approval notification, the support unit 201 of the terminal 200 transmits an e-mail to the remote control device 100 (S23).

On the other hand, when the analysis unit 103 determines that the command can be executed in the remote control device 100, the instruction unit 104 transmits an approval request mail to the terminal 220 (S221). When the approval request mail is received at the terminal 220 and the approval user approves the execution of the command, the terminal 220 transmits a notification of approval to the remote control device 100 (S222). When the instruction unit 104 of the remote control device 100 receives the notification of approval, the instruction unit 104 instructs the device 300 to execute the command (S14).
Other processing flows are the same as those in the first embodiment.

The control system 10 according to the present embodiment is configured to obtain approval from an approved user when an e-mail is transmitted and when a command is executed. For this reason, it is possible to more accurately prevent the execution of illegal commands, and it is possible to increase the security strength.
Other configurations and effects are the same as those of the first embodiment.

<Hardware configuration>
Hereinafter, an example of a hardware configuration when the terminal 200 and the remote control device 100 described above in the first embodiment and the second embodiment are realized by a computer 800 will be described with reference to FIG. The function of each device can be realized by dividing it into a plurality of devices.

  As illustrated in FIG. 7, the computer 800 includes a processor 801, a memory 803, a storage device 805, an input I / F unit 807, a data I / F unit 809, a communication I / F unit 811, and a display device 813.

  The processor 801 controls various processes in the computer 800 by executing a program stored in the memory 803. For example, the reception unit 101, the verification unit 102, the analysis unit 103, the instruction unit 104, the transmission unit 105, the support unit 201 of the terminal 200, and the like of the remote control device 100 are temporarily stored in the memory 803 and mainly used as a processor. It can be realized as a program that runs on 801.

  The memory 803 is a storage medium such as a RAM (Random Access Memory). The memory 803 temporarily stores a program code of a program executed by the processor 801 and data necessary for executing the program.

  The storage device 805 is a non-volatile storage medium such as a hard disk drive (HDD) or a flash memory. The storage device 805 stores an operating system and various programs for realizing the above-described configurations. In addition, the storage device 805 can also store a control data DB 131, a command execution history DB 132, an operation assistance data DB 231, and an execution history DBDB 232. Such programs and data are referred to by the processor 801 by being loaded into the memory 803 as necessary.

  The input I / F unit 807 is a device for receiving input from the user. Specific examples of the input I / F unit 807 include a keyboard, a mouse, a touch panel, various sensors, and a wearable device. The input I / F unit 807 may be connected to the computer 800 via an interface such as a USB (Universal Serial Bus).

  A data I / F unit 809 is a device for inputting data from the outside of the computer 800. Specific examples of the data I / F unit 809 include a drive device for reading data stored in various storage media. The data I / F unit 809 may be provided outside the computer 800. In this case, the data I / F unit 809 is connected to the computer 800 via an interface such as a USB.

  The communication I / F unit 811 is a device for performing data communication with the external device of the computer 800 via the Internet N by wire or wireless. The communication I / F unit 811 may be provided outside the computer 800. In that case, the communication I / F unit 811 is connected to the computer 800 via an interface such as a USB.

  The display device 813 is a device for displaying various information. Specific examples of the display device 813 include a liquid crystal display, an organic EL (Electro-Luminescence) display, and a wearable device display. The display device 813 may be provided outside the computer 800. In that case, the display device 813 is connected to the computer 800 via, for example, a display cable.

  Each embodiment described above is for facilitating understanding of the present invention, and is not intended to limit the present invention. The present invention can be changed / improved without departing from the spirit thereof, and the present invention includes equivalents thereof. Each embodiment is an exemplification, and it is needless to say that a partial replacement or combination of configurations shown in different embodiments is possible, and these are also included in the scope of the present invention as long as they include the features of the present invention. .

DESCRIPTION OF SYMBOLS 10 Control system 100 Remote control device 101 Receiving part 102 Verification part 103 Analysis part 104 Instruction part 105 Transmission part 131 Control data DB
132 Command execution history DB
200 terminal 201 support unit 231 operation assistance data DB
232 Command execution history DB
300 equipment N1 network N2 company network M mail server F1 firewall

Claims (5)

A remote control device installed inside a firewall,
A receiving unit that receives an email that is encrypted and has an electronic signature transmitted from a terminal device installed outside the firewall;
A verification unit that decrypts the encrypted email and verifies the electronic signature applied to the email;
When the electronic signature can be verified, the electronic mail is analyzed, an analysis unit for specifying a device to be controlled provided in the firewall, and a command to be executed by the device;
An instruction unit that instructs execution of the specified command to the specified device;
A transmission unit for acquiring the execution result of the command from the device and transmitting the command to the terminal device;
Comprising
Remote control device. The instruction unit includes:
The remote control device according to claim 1, wherein when instructing execution of the command, the approval user is notified of approval for execution of the command. The remote control device is:
The remote control device according to claim 1, further comprising a storage unit that stores an execution result when the command is executed in the device. A control system comprising a remote control device installed inside a firewall and a terminal device installed outside the firewall,
The remote control device is:
A receiving unit that receives an electronic mail that is encrypted and has an electronic signature transmitted from the terminal device;
A verification unit that decrypts the encrypted email and verifies the electronic signature applied to the email;
When the electronic signature can be verified, the electronic mail is analyzed, an analysis unit that is provided inside the firewall and is specified as a control target, and a command to be executed by the device;
An instruction unit that instructs execution of the specified command to the specified device;
A transmission unit for acquiring the execution result of the command from the device and transmitting the command to the terminal device;
With
The terminal device
A control system comprising a support unit that displays a list of devices that can be controlled by the remote control device and a user interface including a list of commands that can be used on the screen of the terminal device. The support unit
5. The control system according to claim 4, wherein when the electronic mail is transmitted to the remote control device, the approval user is notified of approval regarding the transmission of the electronic mail.