JP2017076364A - Information processing system and information processing apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the influence due to executing a security function.SOLUTION: An information processing system includes: storage means of storing information on execution conditions for security functions, for each of security functions; acquisition means of acquiring information on the execution condition of a security function corresponding to an execution request, in response to the execution request for a security function transmitted from a terminal device, from the storage means; determination means of determining whether to execute the security function in a first device, on the basis of the information on the execution condition acquired by the acquisition means; and execution means of causing the first device to execute the security function, when the determination means determines to execute the security function in the first device. The execution means transmits the execution request for the security function, to a second device, when the determination means determines not to execute the security function in the first device.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an information processing system and an information processing apparatus.

  2. Description of the Related Art Conventionally, systems that control and monitor the operation of equipment, equipment, plants, etc. in facilities such as factories and power plants are known.

  In addition, a technique for dynamically setting a security level of a security function has been conventionally known (see, for example, Patent Documents 1 and 2).

JP 2003-316650 A JP 2011-151541 A

  However, in the above-described conventional technology, for example, the usage rate of a CPU (Central Processing Unit) and a memory increases due to execution of a security function, which affects the operation of equipment, equipment, plants, etc. in facilities such as factories and power plants. There was a case.

  That is, for example, as a result of an increase in the usage rate of the CPU and memory due to the execution of the security function, there are cases where operation control and operation monitoring of facilities, equipment, plants, etc. cannot be performed sufficiently.

  One embodiment of the present invention has been made in view of the above points, and an object thereof is to reduce the influence accompanying execution of a security function.

  In order to achieve the above object, an embodiment of the present invention is an information processing system including a first device and a second device connected to the first device via a network. For each security function that can be executed by the first device and the second device, the information is transmitted from a first storage unit that stores information on execution conditions of the security function and a terminal device connected to the information processing system. In response to a security function execution request, an acquisition unit that acquires information on the execution condition of the security function corresponding to the execution request from the first storage unit, and information on the execution condition acquired by the acquisition unit Based on a first determination means for determining whether or not to execute the security function in the first device, and the security function by the first determination means. Execution means for causing the first apparatus to execute the security function when it is determined to be executed by the first apparatus, and the execution means performs the security function by the first determination means. When it is determined not to be executed by the first device, an execution request for the security function is transmitted to the second device.

  According to one embodiment of the present invention, the impact associated with the execution of security functions is reduced.

It is a figure which shows an example of the control system which concerns on 1st embodiment. It is a figure which shows an example of the hardware constitutions of the terminal device which concerns on 1st embodiment, a monitoring apparatus, and a control apparatus. It is a figure which shows an example of a function structure of the control system which concerns on 1st embodiment. It is a sequence diagram which shows an example of the registration process of the execution condition of the security function which concerns on 1st embodiment. It is a figure which shows an example of the setting screen of the execution condition of the security function which concerns on 1st embodiment. It is a figure which shows an example of the execution condition information which concerns on 1st embodiment. It is a sequence diagram which shows an example of the execution process of the security function which concerns on 1st embodiment. It is a flowchart which shows an example of the execution determination process of the security function which concerns on 1st embodiment. It is a sequence diagram which shows an example of the registration process of the execution condition of the security function which concerns on 2nd embodiment. It is a figure which shows an example of the setting screen of the execution condition of the security function which concerns on 2nd embodiment. It is a figure which shows an example of the execution condition information which concerns on 2nd embodiment. It is a figure which shows an example of a function structure of the control system which concerns on 3rd embodiment. It is a figure which shows an example of utilization rate historical information. It is a flowchart which shows an example of the execution determination process of the security function which concerns on 3rd embodiment. It is a figure which shows an example of a function structure of the control system which concerns on 4th embodiment. It is a figure which shows an example of the execution condition information which concerns on 4th embodiment. It is a flowchart which shows an example of the execution determination process of the security function which concerns on 4th embodiment. It is a figure which shows an example of execution waiting information.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

[First embodiment]
<System configuration>
First, the system configuration of the control system 1 according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of a control system according to the first embodiment.

  The control system 1 illustrated in FIG. 1 includes one or more terminal devices 10, one or more monitoring devices 20, and one or more control devices 30. The terminal device 10 and the monitoring device 20 are communicably connected via a network N1 such as a LAN (Local Area Network). Further, the monitoring device 20 and the control device 30 are communicably connected via a network N2 such as a LAN.

  Further, one or more conversion devices 40 are connected to the control device 30. In addition, one or more devices 50 are connected to the conversion device 40.

  Here, the monitoring device 20, the control device 30, the conversion device 40, and the device 50 are included in a facility environment E1 that is a system environment in a facility such as a factory or a power plant. Therefore, the terminal device 10 and the facility environment E1 are connected to be communicable via the network N1. The facility environment E1 is not limited to a system environment in a factory or a power plant, and may be a system environment in various facilities such as a water treatment facility and a waste treatment facility, for example.

  The terminal device 10 is a desktop PC, a notebook PC, a smartphone, a tablet terminal, or the like used by a user. The user can connect to the facility environment E1 using the terminal device 10 and acquire various information.

  For example, the user uses the terminal device 10 to connect to the monitoring device 20 included in the facility environment E1, and obtains various monitoring results (such as the operation status and alarms of the device 50) provided by the monitoring device 20. be able to.

  The monitoring device 20 collects operation logs, sensor information (information obtained by measuring various devices such as the temperature and pressure of the device 50), and the like of the control device 30 and the device 50 included in the facility environment E1. And an information processing apparatus that performs monitoring based on sensor information and the like. In addition, the monitoring device 20 provides a monitoring result to the terminal device 10 in response to a request from the terminal device 10.

  The control device 30 is, for example, a PLC (Programmable Logic Controller) or the like, and is an information processing device that controls the device 50. The control device 30 controls the operation of the device 50, acquires operation logs and sensor information from the device 50, and transmits them to the monitoring device 20.

  The conversion device 40 is, for example, a module that performs A / D conversion or D / A conversion, and converts information between the control device 30 and the device 50. That is, the conversion device 40 converts various types of information output from the control device 30 into a format that can be input by the device 50, and also converts various types of information output from the device 50 into a format that can be input by the control device 30. To do. Note that the conversion device 40 may be included in the control device 30.

  The equipment 50 is, for example, a power generation facility such as a gas turbine or a steam turbine, a substation / distribution facility such as a transformer or a gas circuit breaker, a manufacturing facility in a factory, etc., and various facilities and plants controlled by the control device 30 Etc.

  The control system 1 according to the present embodiment dynamically changes the execution subject of security functions such as login authentication and access control when the user connects to the facility environment E1 using the terminal device 10.

  That is, for example, when the user connects to the facility environment E1 using the terminal device 10 and logs in to the facility environment E1, the resource usage rate such as the CPU usage rate or the memory usage rate of the monitoring device 20 or the control device 30 is used. Based on the above, the apparatus (the monitoring apparatus 20 or the control apparatus 30) that performs login authentication is dynamically changed. Similarly, for example, when a user logs in to the facility environment E1 using the terminal device 10 and then obtains a monitoring result provided by the monitoring device 20, based on the resource usage rate of the monitoring device 20 or the control device 30. The device that performs access control is dynamically changed.

  Thus, in the control system 1 according to the present embodiment, for example, the execution subject of the security function is dynamically changed based on the CPU usage rate. For this reason, in the control system 1 according to the present embodiment, for example, the CPU usage rate is increased due to the execution of the security function (that is, due to a high load on the CPU), the monitoring and control of the device 50, and the like. It is possible to prevent a situation that affects

<Hardware configuration>
Next, the hardware configuration of the terminal device 10, the monitoring device 20, and the control device 30 according to the first embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of a hardware configuration of the terminal device, the monitoring device, and the control device according to the first embodiment. Since the terminal device 10, the monitoring device 20, and the control device 30 have the same hardware configuration, the hardware configuration of the terminal device 10 will be mainly described below.

  The terminal device 10 includes an input device 11, a display device 12, an external I / F 13, a RAM (Random Access Memory) 14, a ROM (Read Only Memory) 15, a CPU 16, a communication I / F 17, and a storage device. 18. Further, each of these hardware is communicably connected via a bus B.

  The input device 11 is, for example, a keyboard, a mouse, a touch panel, or the like, and is used by a user to input various operation signals. The display device 12 is, for example, a display and displays the processing result. The monitoring device 20 and the control device 30 may be configured to use the input device 11 and the display device 12 connected to the bus B when necessary.

  The external I / F 13 is an interface with an external device. The external device includes a recording medium 13a. Accordingly, the terminal device 10 can read and / or write the recording medium 13a via the external I / F 13. Examples of the recording medium 13a include a flexible disk, a CD, a DVD, an SD memory card, and a USB memory. The recording medium 13a may store a program that realizes the present embodiment.

  The RAM 14 is a non-volatile semiconductor memory that can retain programs and data even when the power is turned off. The ROM 15 stores data and programs such as BIOS (Basic Input / Output System), OS (Operating System) settings, and network settings that are executed when the terminal device 10 is activated.

  The CPU 16 is an arithmetic device that realizes control and functions of the entire terminal device 10 by reading a program and data from the ROM 15 and the storage device 18 onto the RAM 14 and executing processing.

  The communication I / F 17 is an interface for connecting the terminal device 10 to the network N1. Thereby, the terminal device 10 can perform data communication via the communication I / F 17.

  The storage device 18 is a nonvolatile memory that stores programs and data, and is, for example, an HDD (Hard Disk Drive), an SSD (solid state drive), or the like. The data stored in the storage device 18 includes a program that implements the present embodiment, an OS that is basic software for controlling the entire terminal device 10, and application software that provides various functions on the OS. The storage device 18 manages stored programs and data by a predetermined file system and / or DB (database).

  The terminal device 10, the monitoring device 20, and the control device 30 according to the present embodiment can implement various processes as described later by having the hardware configuration illustrated in FIG. 2.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the first embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a functional configuration of the control system according to the first embodiment.

  The terminal device 10 includes an input reception unit 101, a display control unit 102, a registration request unit 103, and an execution request unit 104. Each of these functional units is realized by processing that one or more programs installed in the terminal device 10 cause the CPU 16 to execute.

  The input receiving unit 101 receives various input operations by the user. For example, the input receiving unit 101 receives an operation for registering an execution condition for a security function.

  For example, the input receiving unit 101 receives an execution operation for executing a security function.

  The execution condition is a condition when the security function is executed in the monitoring device 20 and the control device 30 for each security function. For example, “CPU usage rate is less than 20%” or “memory usage rate”. Is less than 30% "etc.

  The security function is a function related to various security executed when the user connects to the facility environment E1 using the terminal device 10, and examples thereof include login authentication and access control.

  The display control unit 102 displays various screens. For example, the display control unit 102 displays a screen for setting and registering security function execution conditions.

  When the registration operation is received by the input receiving unit 101, the registration request unit 103 transmits an execution condition registration request to the monitoring device 20.

  When the execution operation (for example, login operation) for executing the security function is received by the input reception unit 101, the execution request unit 104 receives the execution request for the security function (for example, execution request for login authentication). Send to.

  The monitoring device 20 includes a registration processing unit 201, an execution determination processing unit 202, and a function execution unit 203. Each of these functional units is realized by processing that one or more programs installed in the monitoring device 20 cause the CPU 16 to execute.

  In addition, the monitoring device 20 includes an execution condition storage unit 204. The storage unit can be realized using the storage device 18. Note that the storage unit may be realized using, for example, a storage device connected to the monitoring device 20 via a network.

  In response to the registration request for the execution condition, the registration processing unit 201 registers the execution condition based on the registration request in the monitoring device 20. That is, when receiving the execution condition registration request, the registration processing unit 201 causes the execution condition storage unit 204 to store execution condition information indicating the execution condition.

  In addition, when the execution condition information is stored in the execution condition storage unit 204, the registration processing unit 201 transmits an execution condition registration request to the control device 30. That is, the registration processing unit 201 transfers the execution condition registration request received from the terminal device 10 to the control device 30.

  In response to a security function execution request, the execution determination processing unit 202 executes a process (security function execution determination process) for determining whether or not the monitoring apparatus 20 executes the security function. Here, the execution determination processing unit 202 includes a condition acquisition unit 212 and a condition determination unit 222.

  In response to the security function execution request, the condition acquisition unit 212 acquires the security function execution condition information related to the execution request from the execution condition storage unit 204. When the condition acquisition unit 212 acquires the execution condition information, the condition determination unit 222 determines whether or not the execution condition of the security function related to the execution request is satisfied based on the execution condition information.

  Here, when the condition determination unit 222 determines that the execution condition of the security function is satisfied, the execution determination processing unit 202 determines that the monitoring function 20 executes the security function. On the other hand, when the condition determination unit 222 determines that the execution condition for the security function is not satisfied, the execution determination processing unit 202 determines that the security function is not executed by the monitoring device 20.

  When the execution determination processing unit 202 determines that the security function is to be executed by the monitoring device 20, the function execution unit 203 executes the security function (for example, login authentication).

  In addition, when the execution determination processing unit 202 determines that the security function is not to be executed by the monitoring device 20, the function execution unit 203 transmits (transfers) the security function execution request to the control device 30.

  The execution condition storage unit 204 stores the execution condition information stored by the registration processing unit 201. Details of the execution condition information will be described later.

  The control device 30 includes a registration processing unit 301, an execution determination processing unit 302, and a function execution unit 303. Each of these functional units is realized by processing that one or more programs installed in the control device 30 cause the CPU 16 to execute.

  In addition, the control device 30 includes an execution condition storage unit 304. The storage unit can be realized using the storage device 18. Note that the storage unit may be realized using, for example, a storage device connected to the control device 30 via a network.

  In response to the registration request for the execution condition, the registration processing unit 301 registers the execution condition based on the registration request in the control device 30. That is, when receiving a registration request for an execution condition, the registration processing unit 301 stores execution condition information indicating the execution condition in the execution condition storage unit 304.

  In response to a security function execution request, the execution determination processing unit 302 executes a process (security function execution determination process) for determining whether or not to execute the security function in the control device 30. Here, the execution determination processing unit 302 includes a condition acquisition unit 312 and a condition determination unit 322.

  In response to the security function execution request, the condition acquisition unit 312 acquires the security function execution condition information related to the execution request from the execution condition storage unit 304. When the condition acquisition unit 312 acquires the execution condition information, the condition determination unit 322 determines whether or not the execution condition of the security function related to the execution request is satisfied based on the execution condition information.

  Here, when the condition determination unit 322 determines that the execution condition of the security function is satisfied, the execution determination processing unit 302 determines that the control device 30 executes the security function. On the other hand, when the condition determination unit 322 determines that the execution condition for the security function is not satisfied, the execution determination processing unit 302 determines that the control function 30 does not execute the security function.

  If the execution determination processing unit 302 determines that the security function is to be executed by the control device 30, the function execution unit 303 executes the security function (for example, login authentication).

  The execution condition storage unit 304 stores the execution condition information stored by the registration processing unit 301. Details of the execution condition information will be described later.

<Details of processing>
Next, details of processing of the control system 1 according to the first embodiment will be described.

  First, in the control system 1 according to the present embodiment, processing for registering security function execution conditions in the monitoring device 20 and the control device 30 will be described with reference to FIG. FIG. 4 is a sequence diagram illustrating an example of the registration process of the execution condition of the security function according to the first embodiment. In the following, “registration” includes “new registration” for newly adding execution condition information to the execution condition storage unit 204 and the execution condition storage unit 304, and storage in the execution condition storage unit 204 and the execution condition storage unit 304. "Update registration" for updating the execution condition information that has been executed is included.

  First, the input accepting unit 101 of the terminal device 10 accepts a security function execution condition registration operation by the user on the security function execution condition setting screen 1000 shown in FIG. 5, for example (step S401).

  Here, the security function execution condition setting screen 1000 shown in FIG. 5 is displayed on the display device 12 or the like by the display control unit 102 of the terminal device 10, and includes a security function list 1100, an execution condition list 1200, and a registration. Button 1300 is included.

  The security function list 1100 is a list for selecting a security function for setting execution conditions, and includes, for example, security functions such as “login authentication” and “access control”. The execution condition list 1200 is a list for selecting execution conditions to be set for the security function selected in the security function list 1100. For example, “CPU usage rate is less than 20%”, “CPU usage rate 30”. Execution conditions such as “less than%” are included. The registration button 1300 is a display component for registering the security function and execution condition selected in the security function list 1100 and the execution condition list 1200. In the execution condition, for example, the user may be able to arbitrarily input values such as a CPU usage rate and a memory usage rate.

  The user selects a desired security function and execution condition from the security function list 1100 and the execution condition list 1200 on the security function execution condition setting screen 1000 and presses a registration button 1300 to perform a registration operation. It can be carried out.

  Hereinafter, as an example, it is assumed that “login authentication” and “less than 30% CPU usage” are selected from the security function list 1100 and the execution condition list 1200, respectively, and the registration button 1300 is pressed by the user. .

  Next, when the registration operation is accepted by the input accepting unit 101, the registration requesting unit 103 of the terminal device 10 transmits an execution condition registration request to the monitoring device 20 (step S402). The registration request includes the security function “login authentication” selected by the user and the execution condition “less than 30% CPU usage”.

  Upon receiving the execution condition registration request, the registration processing unit 201 of the monitoring device 20 creates execution condition information indicating the security function “login authentication” and the execution condition “less than 30% CPU usage” included in the registration request. And stored in the execution condition storage unit 204 (step S403).

  Here, the execution condition information stored in the execution condition storage unit 204 is shown in FIG. As shown in FIG. 6A, in step S 403, the registration processing unit 201 stores the execution condition information with the security function “login authentication” and the execution condition “CPU usage rate of less than 30%” in the execution condition storage unit 204. Is done.

  As a result, the execution condition for the security function selected by the user is registered in the monitoring device 20. If execution conditions for the same security function have already been registered in the monitoring device 20, the registration processing unit 201 overwrites execution condition information indicating the already registered execution conditions with the execution condition information created above. To do.

  As shown in FIG. 6A, the execution condition storage unit 204 stores, for each security function, an execution condition when the security function is executed in association with each other.

  Next, when the registration processing unit 201 of the monitoring device 20 stores the execution condition information in the execution condition storage unit 204, the registration processing unit 201 transmits an execution condition registration request to the control device 30 (step S404). The registration request includes the security function “login authentication” selected by the user in step S401 and the execution condition “CPU usage rate of less than 30%”.

  Upon receiving the execution condition registration request, the registration processing unit 301 of the control device 30 creates execution condition information indicating the security function “login authentication” and the execution condition “less than 30% CPU usage” included in the registration request. And stored in the execution condition storage unit 304 (step S405).

  Here, the execution condition information stored in the execution condition storage unit 304 is shown in FIG. As illustrated in FIG. 6B, in step S <b> 405, the registration processing unit 301 stores execution condition information indicating the security function “login authentication” and the execution condition “CPU usage rate of less than 30%” in the execution condition storage unit 304. Is done.

  As a result, the execution condition for the security function selected by the user is registered in the control device 30. If execution conditions for the same security function have already been registered in the monitoring device 20, the registration processing unit 301 overwrites execution condition information indicating the already registered execution conditions with the execution condition information created above. To do.

  Subsequently, when the registration processing unit 301 of the control device 30 stores the execution condition information in the execution condition storage unit 304, the registration processing unit 301 transmits a registration result indicating that the execution condition has been registered to the monitoring device 20 (step S406).

  And the registration process part 201 of the monitoring apparatus 20 will transmit the said registration result to the terminal device 10, if a registration result is received from the control apparatus 30 (step S407).

  As described above, in the control system 1 according to the present embodiment, the security function execution conditions set by the user are registered in the monitoring device 20 and the control device 30. That is, in the control system 1 according to the present embodiment, the user can use the terminal device 10 to appropriately register the security function execution condition in the monitoring device 20 and the control device 30.

  Thereby, in the control system 1 according to the present embodiment, for example, when the control content of the control system 1 or the configuration of the device 50 is changed, the user may register an appropriate execution condition according to the changed content. become able to.

  Next, in the control system 1 according to the present embodiment, processing for executing a security function in the monitoring device 20 or the control device 30. This will be described with reference to FIG. FIG. 7 is a sequence diagram illustrating an example of security function execution processing according to the first embodiment. Hereinafter, a case where “login authentication” is executed as an example of the security function will be described.

  First, the input reception unit 101 of the terminal device 10 receives a login operation for logging in to the facility environment E1 (step S701).

  That is, the user inputs a login ID, a login password, and the like on a predetermined login screen displayed by the display control unit 102 of the terminal device 10 and performs a login operation which is an example of an execution operation of the security function. Then, the input reception unit 101 of the terminal device 10 receives the login operation.

  Next, when the input reception unit 101 receives a login operation, the execution request unit 104 of the terminal device 10 transmits a login authentication execution request, which is an example of a security function, to the monitoring device 20 (step S702). The execution request includes a login ID and a login password input by the user on the login screen.

  When receiving the login authentication execution request, the execution determination processing unit 202 of the monitoring device 20 determines whether the monitoring device 20 executes login authentication based on the execution condition information stored in the execution condition storage unit 204. Determination is made (step S703). That is, the execution determination processing unit 202 of the monitoring device 20 executes the security function execution determination process. Details of the security function execution determination process in this step will be described later.

  In step S703, when the execution determination processing unit 202 determines that the login authentication is to be executed by the monitoring device 20, the function execution unit 203 of the monitoring device 20 executes login authentication (step S704). That is, the function execution unit 203 of the monitoring device 20 determines whether the login ID, password, and the like included in the login authentication execution request match a preset login ID, password, etc., for example. Authenticate.

  Then, the function execution unit 203 of the monitoring device 20 transmits an authentication result, which is an example of the security function execution result, to the terminal device 10 (step S704).

  As described above, when it is determined in the security function execution determination process in step S703 that the security function is to be executed, the function execution unit 203 of the monitoring device 20 executes the security function related to the execution request.

  On the other hand, if the execution determination processing unit 202 determines in step S703 that login authentication is not to be executed by the monitoring device 20, the function execution unit 203 of the monitoring device 20 transmits a login authentication execution request to the control device 30 ( Step S706).

  As described above, when it is determined in the security function execution determination process in step S703 that the security function is not executed, the monitoring device 20 transmits (transfers) a security function execution request to the control device 30.

  When receiving the login authentication execution request, the execution determination processing unit 302 of the control device 30 determines whether or not the control device 30 executes login authentication based on the execution condition information stored in the execution condition storage unit 304. Determination is made (step S707). That is, the execution determination processing unit 302 of the control device 30 executes a security function execution determination process. Details of the security function execution determination process in this step will be described later.

  In step S707, when the execution determination processing unit 302 determines that the login authentication is to be executed by the control device 30, the function execution unit 303 of the control device 30 executes the login authentication (step S708). That is, for example, the function execution unit 303 of the control device 30 determines whether or not the login ID and password included in the login authentication execution request match a preset login ID and password. Authenticate.

  Then, the function execution unit 303 of the control device 30 transmits the authentication result to the monitoring device 20 (step S709).

  When receiving the authentication result, the function execution unit 303 of the monitoring device 20 transmits the authentication result to the terminal device 10 (step S710).

  As described above, when the monitoring device 20 does not execute the security function, when it is determined in the security function execution determination process in step S707 that the security function is to be executed, the control device 30 executes the security function related to the execution request. To do.

  On the other hand, in step S707, when the execution determination processing unit 302 determines that the login authentication is not performed by the control device 30, the function execution unit 303 of the control device 30 monitors the execution impossibility notification indicating that the login authentication cannot be performed. It transmits to the apparatus 20 (step S711).

  When the function execution unit 303 of the monitoring device 20 receives the execution impossibility notification, the function execution unit 303 transmits the execution impossibility notification to the terminal device 10 (step S712).

  Thus, when neither the monitoring device 20 nor the control device 30 executes the security function, an unexecutable notification indicating that the security function cannot be executed is transmitted to the terminal device 10.

  In addition, although said control apparatus 30 shall transmit a non-executable notification to the monitoring apparatus 20 by said step S711, it is not restricted to this. When it is determined by the execution determination processing unit 302 that the login authentication is not executed by the control device 30, the control device 30 may transmit a security function execution request to, for example, another control device 30, the monitoring device 20, or the like. .

  As described above, in the control system 1 according to the present embodiment, in response to a security function execution request from the terminal device 10, the monitoring device 20 and the control device 30 perform execution determination based on the execution conditions of the security function. Do.

  Thereby, for example, when the execution condition is “less than 30% CPU usage rate” and the CPU usage rate of the monitoring device 20 is 30% or more, the monitoring device 20 does not execute the security function. The same applies to the control device 30.

  Therefore, in the control system 1 according to the present embodiment, for example, the security function is executed in the monitoring device 20 or the control device 30, resulting in an increase in the processing load on the CPU. It is possible to prevent the situation of giving.

  Next, details of the security function execution determination process in steps S703 and S707 will be described with reference to FIG. FIG. 8 is a flowchart illustrating an example of security function execution determination processing according to the first embodiment.

  Here, the execution determination process of the security function in step S703 is executed by the execution determination processing unit 202 of the monitoring device 20. On the other hand, the security function execution determination process in step S <b> 707 is executed by the execution determination processing unit 302 of the control device 30. Hereinafter, the security function execution determination process in step S703 will be mainly described.

  Note that the monitoring device 20, the execution determination processing unit 202, the condition acquisition unit 212, the condition determination unit 222, and the execution condition storage unit 204 are respectively included in the control device 30, the execution determination processing unit 302, the condition acquisition unit 312, and the condition determination unit 322. And the execution condition storage unit 304, the same applies to the security function execution determination processing in step S707.

  First, the condition acquisition unit 212 of the execution determination processing unit 202 acquires the execution condition information of the corresponding security function from the execution condition storage unit 204 (step S801). That is, the condition acquisition unit 212 acquires execution condition information whose security function is “login authentication” from the execution condition storage unit 204.

  In the following description, it is assumed that execution condition information with the security function “login authentication” and the execution condition “CPU usage rate of less than 30%” has been acquired.

  Next, the condition determination unit 222 of the execution determination processing unit 202 determines whether or not the execution condition included in the execution condition information acquired by the condition acquisition unit 212 is satisfied (step S802). That is, the condition determination unit 222 determines whether the current usage rate of the CPU 16 of the monitoring device 20 is less than 30%.

  In step S802, when the condition determination unit 222 determines that the execution condition is satisfied, the execution determination processing unit 202 determines that the corresponding security function is to be executed by the monitoring device 20 (step S803). That is, the execution determination processing unit 202 determines that the login authentication is executed by the monitoring device 20.

  In step S802, when the condition determination unit 222 determines that the execution condition is not satisfied, the execution determination processing unit 202 determines that the corresponding security function is not executed by the monitoring device 20 (step S804). That is, the execution determination processing unit 202 determines that the login authentication is not executed by the monitoring device 20.

  As described above, in the control system 1 according to the present embodiment, the security device execution determination is performed in the monitoring device 20 and the control device 30. Moreover, such execution determination is performed based on execution conditions indicating resource usage rate conditions such as CPU usage rate and memory usage rate of the monitoring device 20 and the control device 30.

  For this reason, in the control system 1 according to the present embodiment, for example, when the resource usage rate of the monitoring device 20 is high, execution of the security function can be switched to the control device 30. That is, in the control system 1 according to the present embodiment, for example, the security function execution subject can be dynamically changed based on the resource usage rate of the monitoring device 20.

  As a result, in the control system 1 according to the present embodiment, it is possible to prevent a situation in which operation monitoring or operation control of the device 50 is affected as a result of an increase in the resource usage rate due to execution of the security function.

[Second Embodiment]
Next, a second embodiment will be described. The second embodiment is different from the first embodiment in that different execution conditions can be set between the monitoring device 20 and the control device 30 for the same security function. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and parts having the same functional configuration as those of the first embodiment and parts performing the same processing will be described. The same reference numerals as those in the embodiment are given, and the description thereof is omitted.

<Details of processing>
The security function execution condition registration process will be described below with reference to FIG. FIG. 9 is a sequence diagram illustrating an example of security function execution condition registration processing according to the second embodiment.

  First, the input receiving unit 101 of the terminal device 10 receives, for example, a security function execution condition registration operation by the user on the security function execution condition setting screen 2000 shown in FIG. 10 (step S901).

  Here, the security function execution condition setting screen 2000 shown in FIG. 10 includes a security function list 2100, an execution condition (monitoring apparatus) list 2200, an execution condition (control apparatus) list 2300, and a registration button 2400. And are included.

  A security function list 2100 is a list for selecting a security function for setting execution conditions.

  The execution condition (monitoring device) list 2200 is a list for selecting an execution condition to be set for the security function selected in the security function list 2100 in the monitoring device 20. Similarly, the execution condition (control device) list 2300 is a list for selecting execution conditions to be set for the security function selected in the security function list 2100 in the control device 30. The registration button 2400 is a display component for registering the security function and execution condition selected in the security function list 2100, the execution condition (monitoring device) list 2200, and the execution condition (control device) list 2300.

  In the security function execution condition setting screen 2000, the user sets desired security functions and execution conditions from the security function list 2100, execution condition (monitoring device) list 2200, and execution condition (control device) list 2300, respectively. A registration operation can be performed by selecting and pressing a registration button 2400.

  Hereinafter, as an example, the user performs “login authentication” and “CPU usage rate less than 20%” from the security function list 2100, the execution condition (monitoring device) list 2200, and the execution condition (control device) list 2300, respectively. , And “CPU usage rate less than 40%” is selected and the registration button 2400 is pressed.

  Next, when the registration operation is accepted by the input accepting unit 101, the registration requesting unit 103 of the terminal device 10 transmits an execution condition registration request to the monitoring device 20 (step S902). The registration request includes a security function “login authentication” selected by the user, an execution condition of the monitoring device 20 “CPU usage rate less than 20%”, and an execution condition of the control device 30 “CPU usage rate less than 40%”. Is included.

  When the registration processing unit 201 of the monitoring device 20 receives the registration request for the execution condition, the execution condition indicating the security function “login authentication” and the execution condition “less than 20% of CPU usage” included in the registration request. Information is created and stored in the execution condition storage unit 204 (step S903).

  Here, the execution condition information stored in the execution condition storage unit 204 is shown in FIG. As illustrated in FIG. 11A, in step S <b> 903, the registration processing unit 201 stores execution condition information indicating the security function “login authentication” and the execution condition “CPU usage rate less than 20%” in the execution condition storage unit 204. Is done.

  Next, when the registration processing unit 201 of the monitoring device 20 stores the execution condition information in the execution condition storage unit 204, the registration processing unit 201 transmits an execution condition registration request to the control device 30 (step S904).

  When the registration processing unit 301 of the control device 30 receives the registration request for the execution condition, the execution condition indicating the security function “login authentication” included in the registration request and the execution condition “less than 40% CPU usage” of the control device 30. Information is created and stored in the execution condition storage unit 304 (step S905).

  Here, the execution condition information stored in the execution condition storage unit 304 is shown in FIG. As shown in FIG. 10B, in step S 905, the registration processing unit 301 stores execution condition information indicating the security function “login authentication” and the execution condition “CPU usage rate less than 40%” in the execution condition storage unit 304. Is done.

  As described above, in the control system 1 according to the present embodiment, different execution conditions can be registered between the monitoring device 20 and the control device 30 for the same security function. Thereby, the user can set an appropriate execution condition according to the RAM 14 or the CPU 16 provided in the monitoring device 20 or the control device 30.

[Third embodiment]
Next, a third embodiment will be described. The third embodiment is different from the first embodiment in that it is determined whether or not to execute the security function based on the resource usage rate trend. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and parts having the same functional configuration as those of the first embodiment and parts performing the same processing will be described. The same reference numerals as those in the embodiment are given, and the description thereof is omitted.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the third embodiment will be described with reference to FIG. FIG. 12 is a diagram illustrating an example of a functional configuration of a control system according to the third embodiment.

  The monitoring device 20 includes an execution determination processing unit 202A. In addition, the monitoring device 20 includes a usage rate history storage unit 205. The storage unit can be realized using the storage device 18. Note that the storage unit may be realized using, for example, a storage device connected to the monitoring device 20 via a network.

  The execution determination processing unit 202A includes a usage rate acquisition unit 232, a trend analysis unit 242, and a condition determination unit 222A. The usage rate acquisition unit 232 acquires the resource usage rate (for example, the CPU usage rate or the memory usage rate) of the monitoring device 20 and stores it in the usage rate history storage unit 205. The trend analysis unit 242 analyzes the trend of the resource usage rate stored in the usage rate history storage unit 205. The condition determination unit 222A determines whether or not the tendency of the resource usage rate analyzed by the trend analysis unit 242 is a tendency to be a high usage rate (hereinafter referred to as “high usage rate trend”).

  Here, the execution determination processing unit 202A determines that the security function is to be executed by the monitoring device 20 when the condition determination unit 222A determines that the trend of the resource usage rate is not the high usage rate trend. On the other hand, the execution determination processing unit 202A determines that the security function is not executed by the monitoring device 20 when the condition determination unit 222A determines that the resource usage rate trend is a high usage rate trend.

  The usage rate history storage unit 205 stores usage rate information that is time-series information of resource usage rates. Here, the usage rate information stored in the usage rate history storage unit 205 is shown in FIG. As illustrated in FIG. 13A, the usage rate information stored in the usage rate history storage unit 205 indicates the resource usage rate (for example, the CPU usage rate or the memory usage rate) of the monitoring device 20, and the resource usage rate. This is information associated with the acquired acquisition time.

  The control device 30 includes an execution determination processing unit 202A. In addition, the control device 30 includes a usage rate history storage unit 305. The storage unit can be realized using the storage device 18. Note that the storage unit may be realized using, for example, a storage device connected to the control device 30 via a network.

  The execution determination processing unit 302A includes a usage rate acquisition unit 332, a trend analysis unit 342, and a condition determination unit 322A. The usage rate acquisition unit 332 acquires the resource usage rate (for example, CPU usage rate or memory usage rate) of the control device 30 and stores it in the usage rate history storage unit 305. The trend analysis unit 342 analyzes the trend of the resource usage rate stored in the usage rate history storage unit 305. The condition determination unit 322A determines whether or not the resource usage rate trend analyzed by the trend analysis unit 342 is a high usage rate trend.

  Here, the execution determination processing unit 302 </ b> A determines that the security function is to be executed by the control device 30 when the condition determination unit 322 </ b> A determines that the resource usage rate trend is not the high usage rate trend. On the other hand, when the condition determination unit 322A determines that the resource usage rate trend is a high usage rate trend, the execution determination processing unit 302A determines that the security function is not executed by the control device 30.

  The usage rate history storage unit 305 stores usage rate information that is time-series information of resource usage rates. Here, the usage rate information stored in the usage rate history storage unit 305 is shown in FIG. As shown in FIG. 13B, the usage rate information stored in the usage rate history storage unit 305 indicates the resource usage rate (for example, the CPU usage rate or the memory usage rate) of the control device 30, and the resource usage rate. This is information associated with the acquired acquisition time.

<Details of processing>
Hereinafter, the security function execution determination process will be described with reference to FIG. FIG. 14 is a flowchart illustrating an example of security function execution determination processing according to the third embodiment.

  Hereinafter, as in the first embodiment, the security function execution determination process in step S703 will be mainly described.

  As in the first embodiment, the monitoring device 20, the execution determination processing unit 202A, the condition acquisition unit 212, the condition determination unit 222A, the usage rate acquisition unit 232, the trend analysis unit 242, the execution condition storage unit 204, and the use The rate history storage unit 205 includes a control device 30, an execution determination processing unit 302A, a condition acquisition unit 312, a condition determination unit 322A, a usage rate acquisition unit 332, a trend analysis unit 342, an execution condition storage unit 304, and a usage rate history storage, respectively. By replacing it with the unit 305, it is similarly applied to the security function execution determination processing in step S707.

  The usage rate acquisition unit 232 of the execution determination processing unit 202A acquires the resource usage rate of the monitoring device 20. Then, the usage rate acquisition unit 232 creates usage rate information in which the acquired resource usage rate is associated with the acquisition time, and stores the usage rate information in the usage rate history storage unit 205 (step S1401).

  As a result, the usage rate history storage unit 205 stores usage rate information indicating the history of the resource usage rate acquired by the usage rate acquisition unit 232.

  In step S <b> 802, when the condition determination unit 222 </ b> A determines that the execution condition is satisfied, the trend analysis unit 242 analyzes the trend of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205. (Step S1402).

  The condition determination unit 222A of the execution determination processing unit 202A determines whether or not the resource usage rate trend analyzed by the trend analysis unit 242 is a high usage rate trend (step S1403).

  Here, the trend of the resource usage rate is determined by the condition determination unit 222A as a high usage rate trend when the analysis results analyzed by the trend analysis unit 242 are as shown in the following (1) to (3), for example. Determined.

  (1) Deriving an approximate expression that approximates (primary approximation) the increase / decrease of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205, and the slope of the approximate expression is equal to or greater than a predetermined first threshold value If it is.

  For example, as shown in FIG. 13A, the resource usage rate included in the usage rate information increases to “6%”, “12%”, “18%”, etc. every 5 minutes according to the acquisition time. The approximate expression is expressed as “y = 1.2x”. Note that y is a resource usage rate and x is time (minutes).

  Therefore, at this time, when the slope “1.2” is equal to or greater than the first threshold, the execution determination processing unit 202A determines that the resource usage rate trend is a high usage rate trend. As a result, the execution determination processing unit 202A can determine that the usage rate tends to be high, for example, when the resource usage rate increases rapidly.

  (2) Increase / decrease in the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205 when the resource usage rate of the monitoring device 20 acquired in step S1401 is equal to or greater than a predetermined second threshold. When the slope of the approximate expression that approximates is positive.

  Thereby, even if the resource usage rate acquired in step S1401 satisfies the execution condition, the execution determination process is performed when the resource usage rate is equal to or higher than the second threshold and the resource usage rate is increasing. The unit 202A can determine that the trend is high.

  (3) Increase / decrease in the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205 when the resource usage rate of the monitoring device 20 acquired in step S1401 is equal to or greater than a predetermined second threshold. When the slope of the approximate expression that approximates is greater than or equal to a predetermined first threshold.

  Thereby, when the resource usage rate acquired in step S1401 is equal to or higher than the second threshold and the resource usage rate increases at a predetermined rate or higher, the execution determination processing unit 202A tends to have a high usage rate trend. It can be determined that there is.

  (4) Based on the slope of the approximate expression that approximates the increase or decrease of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205, the resource usage rate is a predetermined third threshold value within a predetermined time. If this is the case.

  That is, for example, when “y = mx” is the approximate expression and “T” (minutes) is the predetermined time, “y = mT” is equal to or greater than the third threshold. As a result, for example, when it is predicted that the threshold value will be greater than or equal to the third threshold after a predetermined time has elapsed, the execution determination processing unit 202A can determine that the trend is high.

  However, the analysis method by the trend analysis unit 242 is not limited to the above, and various methods for analyzing the increasing tendency or decreasing tendency of the resource usage rate may be used.

  If the execution determination processing unit 202A does not determine that the analysis result by the trend analysis unit 242 is a high usage rate trend, for example, a “steady trend” indicating that the resource usage rate has not increased or decreased. May be determined. In addition, the execution determination processing unit 202A, for example, “increase trend” indicating that the resource usage rate is increasing although it is not a high usage rate, “decreasing trend” indicating that the resource usage rate is decreasing, and the like. You may judge.

  When the condition determination unit 222A determines that the resource usage rate trend is a high usage rate trend, the process proceeds to step S803. On the other hand, if the condition determination unit 222A determines that the resource usage rate trend is not the high usage rate trend, the process proceeds to step S804.

  As described above, in the control system 1 according to the present embodiment, even when the execution condition of the security function is satisfied, if the resource usage rate tends to be high, the security function is not executed. can do.

  Thereby, in the control system 1 according to the present embodiment, for example, when the control of the tendency to increase the CPU usage rate is performed in process control or the like, the security function can be prevented from being executed.

[Fourth embodiment]
Next, a fourth embodiment will be described. The fourth embodiment is different from the first embodiment in that the resource usage rate of the security function waiting for execution is predicted and it is determined whether to execute the security function. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and parts having the same functional configuration as those of the first embodiment and parts performing the same processing will be described. The same reference numerals as those in the embodiment are given, and the description thereof is omitted.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the fourth embodiment will be described with reference to FIG. FIG. 15 is a diagram illustrating an example of a functional configuration of a control system according to the fourth embodiment.

  The monitoring device 20 includes an execution determination processing unit 202B. The execution determination processing unit 202B includes an execution waiting management unit 252, an expected usage rate calculation unit 262, and a condition determination unit 222B.

  The monitoring apparatus 20 includes an execution condition storage unit 204A and an execution waiting storage unit 206. These storage units can be realized using the storage device 18. Note that these storage units may be realized using, for example, a storage device connected to the monitoring device 20 via a network.

  Upon receiving the security function execution request, the execution waiting management unit 252 stores the execution request in the execution waiting storage unit 206 as execution waiting information.

  Based on the execution condition information stored in the execution condition storage unit 204 </ b> A and the security function execution request stored in the execution waiting storage unit 206, the predicted usage rate calculation unit 262 calculates the expected resource usage rate (hereinafter, “ , Expressed as “expected resource usage rate”).

  Whether the condition determination unit 222B satisfies the execution condition of the security function related to the execution request based on the execution condition information acquired by the condition acquisition unit 212 and the predicted resource usage rate calculated by the expected usage rate calculation unit 262 Determine whether or not.

  The execution condition storage unit 204A stores execution condition information. Details of the execution condition information will be described later.

  The execution waiting storage unit 206 stores a security function execution request as execution waiting information. Details of the execution waiting information will be described later.

  The control device 30 includes an execution determination processing unit 302B. The execution determination processing unit 302B includes an execution waiting management unit 352, an expected usage rate calculation unit 362, and a condition determination unit 322B.

  In addition, the control device 30 includes an execution condition storage unit 304A and an execution waiting storage unit 306. These storage units can be realized using the storage device 18. In addition, these memory | storage parts may be implement | achieved using the memory | storage device etc. which are connected via the network with the control apparatus 30, for example.

  When receiving the execution request for the security function, the execution waiting management unit 352 stores the execution request in the execution waiting storage unit 306 as execution waiting information.

  The expected usage rate calculation unit 362 calculates the expected resource usage rate based on the execution condition information stored in the execution condition storage unit 304A and the security function execution request stored in the execution waiting storage unit 306. .

  Whether the condition determination unit 322B satisfies the execution condition of the security function related to the execution request based on the execution condition information acquired by the condition acquisition unit 312 and the predicted resource usage rate calculated by the expected usage rate calculation unit 362 Determine whether or not.

  The execution condition storage unit 304A stores execution condition information. Details of the execution condition information will be described later.

  The execution waiting storage unit 306 stores a security function execution request as execution waiting information. Details of the execution waiting information will be described later.

  Here, the execution condition information stored in the execution condition storage unit 204A is shown in FIG. As shown in FIG. 16A, the execution condition information according to the present embodiment stores a resource usage rate per unit time for each security function.

  For example, the resource usage rate per unit time of the security function “login authentication” is “CPU usage rate 1%”. Similarly, for example, the resource usage rate per unit time of the security function “access control” is “CPU usage rate 2%”. Note that the resource usage rate may be a memory usage rate or the like.

  The resource usage rate per unit time included in the execution condition information may be set in advance for each security function by a user or the like, or an average of actual values at the time of execution of past security functions may be set. .

  Further, the execution condition information stored in the execution condition storage unit 304A is shown in FIG. As shown in FIG. 16B, the execution condition information according to the present embodiment stores a resource usage rate per unit time for each security function, as described above.

  As described above, in the execution condition information according to the present embodiment, the resource usage rate per unit time is stored for each security function. Accordingly, the monitoring device 20 and the control device 30 according to the present embodiment can calculate the expected resource usage rate of the security function that is waiting to be executed.

<Details of processing>
Hereinafter, the security function execution determination process will be described with reference to FIG. FIG. 17 is a flowchart illustrating an example of security function execution determination processing according to the fourth embodiment.

  Hereinafter, as in the first embodiment, the security function execution determination process in step S703 will be mainly described.

  As in the first embodiment, the monitoring device 20, the execution determination processing unit 202B, the condition acquisition unit 212, the condition determination unit 222B, the execution waiting management unit 252, the expected usage rate calculation unit 262, the execution condition storage unit 204A, And the execution waiting storage unit 206, the control device 30, the execution determination processing unit 302B, the condition acquisition unit 312, the condition determination unit 322B, the execution waiting management unit 352, the expected usage rate calculation unit 362, the execution condition storage unit 304A, and the execution By replacing it with the waiting storage unit 306, it is similarly applied to the security function execution determination processing in step S707.

  The execution waiting management unit 252 stores the received security function execution request (login authentication execution request here) in the execution waiting storage unit 206 as execution waiting information (step S1701).

  Here, the execution waiting information stored in the execution waiting storage unit 206 is shown in FIG. As shown in FIG. 18, the execution waiting storage unit 206 stores security function execution requests as execution waiting information. As described above, the monitoring device 20 stores an unexecuted execution request in the execution waiting storage unit 206 as execution waiting information among the security function execution requests received from the plurality of terminal devices 10.

  Next, the expected usage rate calculation unit 262 is waiting for execution based on the execution condition information stored in the execution condition storage unit 204A and the execution wait information stored in the execution wait storage unit 206. An expected resource usage rate of the security function is calculated (step S1702).

  That is, for example, as illustrated in FIG. 18, it is assumed that two login authentication execution requests and one access control execution request are stored in the execution waiting storage unit 206 as execution waiting information. In this case, the expected usage rate calculation unit 262 stores the resource usage rate (1%) per unit time of the login authentication execution request and the resource usage rate (2%) per unit time of the access control execution request. From the unit 204A.

  Then, the expected usage rate calculation unit 262 adds the current resource usage rate of the monitoring device 20 and the total of the resource usage rates per unit time of the security functions waiting to be executed, thereby calculating the expected resource usage rate. calculate. Specifically, when the current resource usage rate of the monitoring device 20 is 25 (%), the expected usage rate calculation unit 262 calculates the total (2 × 1%) of the resource usage rate per unit time of the login authentication execution request. ) And the resource usage rate (1 × 2%) per unit time of the access control execution request, the expected resource usage rate is calculated as 25 + 2 × 1 + 1 × 2 = 29 (%).

  Next, the condition determination unit 222B determines whether the predicted resource usage rate calculated by the expected usage rate calculation unit 262 satisfies the execution condition included in the execution condition information acquired by the condition acquisition unit 212 in step S801. Determination is made (step S1703). That is, the condition determination unit 222B determines whether or not the expected usage rate of the resource is less than 30%, which is a login authentication execution condition.

  In step S1703, when the condition determination unit 222B determines that the execution condition is satisfied, the monitoring device 20 executes the process of step S803. On the other hand, if it is determined in step S1703 that the execution condition is not satisfied by the condition determination unit 222B, the monitoring device 20 executes the process of step S804.

  Then, the execution waiting management unit 252 deletes the execution waiting information stored in the execution waiting storage unit 206 in step S1701 (step S1704).

  Thereby, in the control system 1 according to the present embodiment, for example, when a security function execution request is made from a plurality of terminal devices 10 and the expected usage rate of resources is high, execution of a new security function is restricted. can do.

  Although the embodiments of the present invention have been described in detail above, the present invention is not limited to such specific embodiments, and various modifications are possible within the scope of the gist of the present invention described in the claims.・ Change is possible.

DESCRIPTION OF SYMBOLS 1 Control system 10 Terminal apparatus 20 Monitoring apparatus 30 Control apparatus 40 Conversion apparatus 50 Apparatus 101 Input reception part 102 Display control part 103 Registration request part 104 Execution request part 201 Registration process part 202 Execution determination process part 203 Function execution part 204 Execution condition memory | storage Unit 212 Condition acquisition unit 222 Condition determination unit 301 Registration processing unit 302 Execution determination processing unit 303 Function execution unit 304 Execution condition storage unit 312 Condition acquisition unit 322 Condition determination unit

Claims (9)

An information processing system including a first device and a second device connected to the first device via a network,
For each security function that can be executed by the first device and the second device, a first storage unit that stores information relating to an execution condition of the security function;
An acquisition unit configured to acquire, from the first storage unit, information related to the execution condition of the security function corresponding to the execution request in response to the security function execution request transmitted from the terminal device connected to the information processing system; ,
First determination means for determining whether or not to execute the security function on the first device based on information on the execution condition acquired by the acquisition means;
Execution means for causing the first apparatus to execute the security function when the first determination means determines that the security function is to be executed by the first apparatus;
Have
The execution means includes
An information processing system which transmits an execution request for the security function to the second device when the first determination unit determines that the security function is not to be executed by the first device.   The information processing system according to claim 1, wherein the information related to the execution condition is information indicating a condition related to a resource usage rate of the first device.   The information processing system according to claim 2, wherein the resource usage rate is a CPU usage rate or a memory usage rate of the first device and the second device. Second storage means for storing information relating to the history of the resource usage rate;
When it is determined by the first determination means that the security function is to be executed by the first device, information regarding the history of the resource usage rate is acquired from the second storage unit, and the tendency of the resource usage rate is obtained. Analysis means to analyze;
Second determination means for determining whether or not the analysis result by the analysis means indicates that the resource usage rate has a predetermined tendency;
Have
The execution means includes
4. The security function according to claim 2, wherein the security function is executed by the first device when the second determining means determines that the resource usage rate does not indicate a predetermined tendency. Information processing system. The execution means includes
5. The security function execution request is transmitted to the second device when the second determination means determines that the resource usage rate trend indicates a predetermined trend. Information processing system described in 1.   The information processing system according to claim 1, wherein the security function is a function related to login authentication or a function related to access control. Third storage means for storing information related to an execution request for an unexecuted security function, which is a security function execution request transmitted from the terminal device;
Calculation means for calculating an expected resource usage rate when the unexecuted security function is executed based on information on an execution request for the unexecuted security function;
Have
The first determination means includes
7. The method according to claim 1, further comprising: determining whether or not to execute the security function on the first device based on the expected resource usage rate calculated by the calculation unit and information on the execution condition. The information processing system according to claim 1. The first storage means is
For each security function, the resource usage rate per unit time of the security function is stored,
The calculating means includes
Calculating an expected resource usage rate when the unexecuted security function is executed based on information on an execution request of the unexecuted security function and the resource usage rate per unit time of the security function; The information processing system according to claim 7. An information processing apparatus connected to another information processing apparatus,
For each security function that can be executed by the information processing apparatus and the other information processing apparatus, storage means for storing information relating to execution conditions of the security function;
An acquisition unit that acquires information on the execution condition of the security function corresponding to the execution request from the storage unit in response to the security function execution request transmitted from the terminal device connected to the information processing apparatus;
Determination means for determining whether or not to execute the security function in the information processing device based on information on the execution condition acquired by the acquisition means;
Execution means for causing the information processing apparatus to execute the security function when the determination means determines that the information processing apparatus executes the security function;
Have
The execution means includes
An information processing apparatus that transmits an execution request for the security function to the other information processing apparatus when the determination unit determines that the security function is not executed by the information processing apparatus.

Images