JP2019165411A - Information processing apparatus, method, and program - Google Patents

Abstract

To provide an information processing apparatus, a method, and a program, for quickly eliminating an illegal state of data as compared to presenting a status code in response to a request for data.SOLUTION: An image forming apparatus 12A includes: a data receiving unit 40 (receiving means) for receiving data from one or more IoT devices (external devices); and notification means 56 for notifying an outside that an illegal state of the data received from the IoT device has been detected and notifying the outside of a verification result that verifies a validity of a change in a security state of the IoT device.SELECTED DRAWING: Figure 3

Description

  The present invention relates to an information processing apparatus, method, and program.

  In Patent Document 1, when data corresponding to a request from the client apparatus is received from the server apparatus, and the falsification of the data (that is, an illegal state of the data) is detected, the client apparatus receives the data. An apparatus is disclosed that presents an HTTP status code instead of sending data.

JP 2003-087243 A

  However, in the device disclosed in Patent Document 1, the user who requested data may not understand how to take measures to improve the security state after receiving the status code via the client device. As a result, measures for improving the security state are delayed, and it takes time to solve this problem.

  An object of the present invention is to provide an information processing apparatus, method, and program that can resolve an illegal state of data more quickly than when a status code is presented in response to a request for data.

  The invention according to claim 1 is a receiving means for receiving data from one or a plurality of external devices, and notifies the outside that an illegal state of the data received from the external devices has been detected. An information processing apparatus comprising: a notification unit configured to notify a verification result obtained by verifying validity of a change in the security state of the apparatus.

  The invention according to claim 2 is the information processing apparatus according to claim 1, wherein the notification means notifies different notification destinations according to the verification result.

  According to a third aspect of the present invention, the notification means further verifies the validity of the change after notifying the first notification destination of the verification result that the validity of the change has not been verified. The information processing apparatus according to claim 2, wherein if there is not, the verification result is notified to a second notification destination different from the first notification destination.

  According to a fourth aspect of the present invention, the notification means re-notifies the notification destination when there is no change within a time set by notification to the notification destination. The information processing apparatus according to the item.

  The invention according to claim 5 further includes retransmission request means for requesting retransmission of the same data to the external device when the illegal state is detected, and the notification means is continuously performed a plurality of times. The information processing apparatus according to any one of claims 1 to 4, wherein a notification is made to the outside only when an illegal state is detected in any of the received data.

  According to a sixth aspect of the present invention, the notifying means transmits a person having security setting authority in the external apparatus, a person having security management authority in the external apparatus, and data in which an illegal state is detected. The information processing apparatus according to claim 1, wherein at least one of the external devices is notified.

  The invention according to claim 7 is a receiving step for receiving data from one or a plurality of external devices, and notifies the outside that an illegal state of the data received from the external devices has been detected, and the external An information processing method in which one or a plurality of computers execute a notification step of notifying the outside of a verification result that verifies the validity of a change in the security state of the apparatus.

  The invention according to claim 8 is a receiving step for receiving data from one or a plurality of external devices, and notifies the outside that an illegal state of data received from the external devices has been detected. An information processing program that causes one or a plurality of computers to execute a notification step of notifying the outside of a verification result that verifies the validity of a change in the security state of an apparatus.

According to the first, seventh, and eighth aspects of the present invention, an illegal state of data is resolved more quickly than when a status code is presented in response to a request for data.
According to the second aspect of the invention, notification is made to a suitable notification destination according to the verification result.
According to the third aspect of the present invention, there is a possibility that the illegal state of the data is resolved earlier than in the case where the same person (first notification destination) continues to be involved and the security state is changed. Rise.
According to the invention described in claim 4, prompt change of the security state is promptly prompted through the re-notification.
According to the fifth aspect of the present invention, it is possible to prevent an illegal state of data from being erroneously detected under a situation where data transmission / reception is successful through multiple retransmissions.
According to the sixth aspect of the present invention, the party requesting improvement of the security status is notified directly.

1 is an overall configuration diagram of an information processing system common to each embodiment. It is the schematic which shows the operation example of the information processing system in 1st Embodiment. FIG. 2 is a functional block diagram illustrating a main part of the image forming apparatus according to the first embodiment. It is a flowchart which shows an example of operation | movement of the information processing system in 1st Embodiment. It is a sequence diagram which shows operation | movement of the information processing system in 1st Embodiment. 6A and 6B are diagrams showing an example of the notification setting table of FIG. It is the schematic which shows the operation example of the information processing system in 2nd Embodiment. It is a flowchart which shows an example of operation | movement of the information processing system in 2nd Embodiment. It is a sequence diagram which shows operation | movement of the information processing system in 2nd Embodiment. It is the schematic which shows the operation example of the information processing system in 3rd Embodiment. It is a functional block diagram which shows the principal part of the image forming apparatus in 3rd Embodiment. It is a sequence diagram which shows an example of operation | movement of the information processing system in 3rd Embodiment. It is a figure which shows an example of the notification setting table of FIG. It is a functional block diagram which shows the principal part of the image forming apparatus in 4th Embodiment. It is a flowchart which shows an example of operation | movement of the information processing system in 4th Embodiment. It is a sequence diagram which shows an example of operation | movement of the information processing system in 4th Embodiment.

  Hereinafter, an information processing apparatus according to the present invention will be described with reference to the accompanying drawings by giving preferred embodiments in relation to an information processing method and an information processing program.

[Overall Configuration of Information Processing System 10]
FIG. 1 is an overall configuration diagram of an information processing system 10 common to the embodiments. Note that this system is not limited to the apparatus configuration or network configuration illustrated in this figure.

  The information processing system 10 is a system that supports office work by performing desired information processing using an image forming apparatus 12 described later. Specifically, the information processing system 10 includes an image forming apparatus 12 (information processing apparatus), a user terminal 14, a relay device 15 that functions as a wireless access point, a mobile terminal 16, a network printer 17, and an administrator. A terminal 18 and an information management server 20 are included.

  The image forming apparatus 12 includes a paper feed / discharge unit 21, a print unit 22, a post-processing unit 23, a reading unit 24, a communication unit 25, a user interface unit (hereinafter referred to as UI unit 26), and a control unit 30. And comprising.

  The paper feed / discharge unit 21 is a unit that supplies a recording medium on which an image is to be formed and discharges the recording medium on which the image has been formed. The print unit 22 is a unit that performs print processing on a recording medium using, for example, an electrophotographic method or an inkjet method. The post-processing unit 23 is a unit that performs post-processing including, for example, paper folding processing, binding processing, and punching processing.

  The reading unit 24 is a unit that reads an image formed on a recording medium. The communication unit 25 is a unit that performs communication processing with an external device (for example, the information management server 20). The UI unit 26 is a unit configured to accept an input operation (including a security state setting operation) by a user via a hardware button or a touch panel.

  The control unit 30 includes a processor 32 and a memory 34, and is a unit that comprehensively controls each unit constituting the image forming apparatus 12. Through the control of the control unit 30, the image forming apparatus 12 realizes at least one of a printer function, a copy function, a scan function, a facsimile function, and a data transmission function.

  The processor 32 is a processing arithmetic device including a CPU (Central Processing Unit) and an MPU (Micro-Processing Unit). The memory 34 is a non-transitory and computer-readable storage medium. Here, the computer-readable storage medium is a portable medium such as a magneto-optical disk, ROM, CD-ROM, or flash memory, or a storage device such as a hard disk built in the computer system.

  Various apparatuses including the image forming apparatus 12 are connected to each other via a network NW built in the office. Thereby, the image forming apparatus 12 can collect and manage a large amount of data (so-called big data) transmitted from the IoT (Internet of Things) device 36 in the information processing system 10. In the example of this figure, the IoT device 36 corresponds to the user terminal 14, the relay device 15, the mobile terminal 16, and the network printer 17.

  The mobile terminal 16 is a multi-function / multi-purpose apparatus that can be used while being carried by the terminal owner Ow, and is specifically a tablet, a smartphone, or a wearable computer. The administrator terminal 18 is a computer (for example, PC: Personal Computer) used by the machine administrator Ad of the image forming apparatus 12. The machine administrator Ad is an administrator of the image forming apparatus 12 and a person who has security setting authority or management authority.

  The information management server 20 is a computer configured to be able to execute various processes related to information processing of the image forming apparatus 12. Further, the information management server 20 stores information (for example, user information, security information, data management information) necessary for the operation of the image forming apparatus 12 and stores this information in response to a request from the image forming apparatus 12. It may be provided in a timely manner.

[First Embodiment]
First, the information processing system 10A in the first embodiment will be described with reference to FIGS.

<Operation example and configuration>
FIG. 2 is a schematic diagram illustrating an operation example of the information processing system 10A according to the first embodiment. Here, it is assumed that the IoT device 36, the image forming apparatus 12A, and the machine administrator Ad are involved as main parties. For example, when the image forming apparatus 12A detects that the data collected from the IoT device 36 is in an “invalid state” (for example, falsification has been made), the image forming apparatus 12A temporarily holds the data processing for falsification. Is notified to the machine administrator Ad (first notification). Here, the “illegal state” means an information security component (specifically, at least one of information confidentiality, integrity, availability, responsibility traceability, authenticity, and reliability). It refers to a damaged or damaged state.

  The machine administrator Ad who has received the notification inspects the information processing system 10A and takes appropriate security measures to solve the problem of tampering. Thereafter, the image forming apparatus 12A restarts the processing of the recollected data and notifies the machine administrator Ad that the problem of falsification has been solved (second notification).

  FIG. 3 is a functional block diagram illustrating a main part of the image forming apparatus 12A according to the first embodiment. The image forming apparatus 12A includes a data receiving unit 40 (receiving unit), a data processing unit 42 (processing unit), a fraud detection unit 44, a detection information recording unit 46, a data transmission unit 48, and a notification control unit 50. (Including the notification information generation unit 52 and the notification setting unit 54). Here, the data transmission unit 48 and the notification control unit 50 function as a notification unit 56 that notifies various information related to the detection result of the data received from the IoT device 36 to the outside.

<Operation of Image Forming Apparatus 12A>
Next, the operation of the image forming apparatus 12A shown in FIG. 3 will be described with reference to the flowchart of FIG. 4 and the sequence diagram of FIG.

  In step S01, the data receiving unit 40 of the image forming apparatus 12A requests the IoT device 36 to transmit data regularly or irregularly. Then, the data receiving unit 40 receives the data transmitted from the IoT device 36 via the network NW. This data includes not only content data indicating content but also communication log data indicating a communication state of devices connected to the network NW or a communication history between devices.

  In step S02, the fraud detection unit 44 of the image forming apparatus 12A analyzes the data received in step S01 and detects the presence / absence of a specific event (hereinafter simply referred to as “event”) indicating an illegal state of the data. Specifically, the fraud detection unit 44 uses various information security technologies to detect various events including tampering, wiretapping, impersonation, unauthorized intrusion, and information leakage. Specific examples of the tampering detection technique include digital signature, HMAC (Hash-based Message Authentication Code), public key encryption, and decryption using a predetermined common key.

  In step S03, the fraud detector 44 determines whether one or more events have been detected from the received data based on the detection result in step S02. For example, the fraud detector 44 determines that an event has been detected when the data transmitted from the relay device 15 (FIGS. 1 and 3) has been tampered with (S03: detected).

  In step S04, the detection information recording unit 46 of the image forming apparatus 12A records information that can identify the cause of the event detected in step S03. For example, the detection information recording unit 46 records at least the reception time, the event type, the identification information of the IoT device 36, and the data transmission source (for example, IP address, host name) as “event detection information”. To do.

  In step S05, the notification unit 56 of the image forming apparatus 12A notifies the outside that an event has been detected in step S03 (first time). Prior to this notification, the notification information generation unit 52 generates notification information (text of notification mail) including event detection information. This notification information includes, for example, the reception time, event type, and data transmission source. The data transmission unit 48 generates a notification generated by the notification information generation unit 52 for a notification destination statically set by the notification setting unit 54 (here, the email address of the machine administrator Ad registered in advance). Send a notification email with information.

  As a result, the machine administrator Ad receives a notification (first notification) that an illegal state of data has been detected via the administrator terminal 18. The person who has received the notification (that is, the machine administrator Ad) promptly grasps that the falsification of data has occurred in the vicinity of the relay device 15 using the notification content (for example, message) indicated by the notification mail as a clue.

  In step S06, the machine administrator Ad performs an inspection of the information processing system 10A centering on the relay device 15, and then takes a security measure (either a provisional measure or a permanent measure) for improving the security state. This security measure is a measure involving a change in the security state of the IoT device 36 (or the data processing unit 42), and specific examples include firewall setting change, network device replacement / addition, and security scan execution. It is done.

  In step S07, the machine administrator Ad performs an instruction operation to resume data reception via the UI unit 26 or the information management server 20 (FIG. 1). Then, after receiving the operation of the machine administrator Ad, the data receiving unit 40 requests the IoT device 36 to transmit data.

  Returning to step S01, the data receiving unit 40 receives data again from the IoT device 36 via the network NW. If appropriate security measures are taken in step S06, the fraud detector 44 determines that no event has been detected from the data received this time (step S03: no detection).

  In step S08, the fraud detection unit 44 uses the event detection information recorded in the detection information recording unit 46 to search for past detection results (here, detection results at the previous reception) at the same transmission source. .

  In step S09, the fraud detector 44 confirms whether an event has been detected at the previous reception. If an event has been detected (step S09: detected), the process proceeds to step S10.

  In step S10, the notification unit 56 notifies the outside of the result of verifying the validity of the change in the security state of the IoT device 36 (hereinafter referred to as the verification result). Specifically, the notification means 56 notifies the machine administrator Ad that the security measures (change of the security state) by the machine administrator Ad are appropriate and that no event is detected in step S03 (second time). To do.

  Prior to this notification, the notification information generation unit 52 generates notification information (text of notification mail) including information related to the event. The data transmission unit 48 transmits a notification mail including the notification information generated by the notification information generation unit 52 to the same notification destination as the case of the first notification (here, the mail address of the machine administrator Ad). .

  As a result, the machine administrator Ad receives a notification (second notification) that an illegal state of data has not been detected via the administrator terminal 18. The person who has received the notification (that is, the machine administrator Ad) quickly grasps that the security state has been improved by the security measures he / she has taken using the notification contents indicated by the notification mail as a clue.

  In step S11, the data processing unit 42 of the image forming apparatus 12A performs processing according to the data received in step S01. When this data is document data, the data processing unit 42 performs print processing (print unit 22) for printing on a recording medium based on the document data, or transmission processing (communication unit 25) for transmitting the document data to the outside. )I do. When this data is communication log data, the data processing unit 42 performs various processing processes including database processing, analysis / analysis processing, and learning processing.

  Returning to step S09, if the event is not detected (step S09: no detection), the data processing unit 42 responds to the data received in step S01 with the execution of step S10 (second notification) omitted. The process is performed (step S11).

  By the way, in the sequence diagram shown in FIG. 5, the security state is improved by only one countermeasure, but there may be a situation where the security state is not improved by only one countermeasure. In this case, an event that is the same as or different from the previously detected event is detected (step S03: detected), the process proceeds to step S04, and thereafter, steps S01 to S07 are sequentially repeated.

  In step S05, the notifying unit 56 notifies the outside of the verification result of verifying the validity of the change in the security state of the IoT device 36. Specifically, the notification unit 56 notifies the machine administrator Ad that the security measure (change of the security state) by the machine administrator Ad is not valid and the event has been detected again in the second step S03. .

  As a result, the machine administrator Ad receives a notification (second notification) that an illegal state of data has been detected via the administrator terminal 18. Receiving the notification, the machine administrator Ad quickly grasps that the falsification of the data has not been resolved, and takes other security measures, using the notification content indicated by the notification mail as a clue. By repeating this operation, the security state of the IoT device 36 is finally improved.

  By the way, the notification means 56 (notification setting unit 54) may make various custom settings regarding notification with reference to a first table (hereinafter referred to as notification setting table T1) that stores setting information. Hereinafter, a specific example of the notification setting table T1 illustrated in FIG. 3 will be described with reference to FIGS.

  FIG. 6A is a diagram illustrating an example of a table describing settings related to events. This notification setting table T1 shows the correspondence between the event type, detection method, acquired information, and importance. “Type” includes, for example, falsification, wiretapping, impersonation, unauthorized intrusion, and information leakage. The “detection method” includes not only an algorithm / method, but also a fulfillment condition for identifying whether the state is an unauthorized state. “Acquired information” indicates the type of information included in the event detection information. “Importance” means the magnitude of the influence on the information processing system 10A or the urgency of taking security measures.

  FIG. 6B is a diagram illustrating an example of a table describing settings related to notification. This notification setting table T1 shows the correspondence between importance, notification timing, notification content, and notification destination. “Importance” is defined in the same way as the importance of an event, and here, three levels (high, medium, and low) are provided. “Notification timing” includes, for example, “sequential processing” that immediately notifies each time an event is detected, and “batch processing” that performs batch notification every day without notifying immediately. The “notification content” may include specific items in addition to the information content of the notification content. Examples of “notification destination” include an IP address and a host name.

  The notification is customized by using the notification setting table T1. Thereby, for example, the notification unit 56 notifies a plurality of notification contents collectively at predetermined time intervals (for example, a designated time every day), or notifies a higher-priority event at a relatively high frequency. be able to.

<Effects of Image Forming Apparatus 12A>
As described above, the image forming apparatus 12A as the information processing apparatus in the first embodiment includes [1] the data receiving unit 40 (receiving unit) that receives data from one or a plurality of IoT devices 36 (external devices). [2] Notifying means for notifying the outside that an invalid state of the data received from the IoT device 36 has been detected and notifying the outside of the verification result verifying the validity of the change in the security state of the IoT device 36 56.

  In addition, according to the information processing method and program in the first embodiment, [1] a reception step (S01) for receiving data, and [2] notifying the outside that an illegal state of the data has been detected, One or a plurality of computers execute a notification step (S05, S10) for notifying the outside of the verification result that verifies the validity of the change in the security state.

  In this way, not only the fact that an illegal state of data has been detected but also the verification result regarding the validity of the change in the security state is notified, so that the person receiving the notification associates the change in the security state and its effect. Can be grasped. Thereby, compared with the case where a status code is presented in response to a request for data, an illegal state of data can be resolved earlier.

  In addition, the notification unit 56 notifies the same notification destination that an illegal state of data has been detected (first notification) and that no illegal state of data has been detected (second notification). Also good. In other words, since the same notification destination is notified that a security problem has occurred and that the problem has been resolved, a person who has received a series of notifications can grasp changes in the situation before and after security measures. it can.

  The notification unit 56 may notify a person who has security setting authority or management authority (for example, the machine administrator Ad). Since the notification is made directly to the party requesting improvement of the security status (here, the worker engaged in the operation / maintenance work), appropriate security measures are promptly taken through the party.

[Second Embodiment]
Next, an information processing system 10B according to the second embodiment will be described with reference to FIGS. 3 and 7 to 9. In addition, about the same structure and function as 1st Embodiment, while attaching | subjecting the same referential mark, the description may be abbreviate | omitted.

<Operation example and configuration>
FIG. 7 is a schematic diagram illustrating an operation example of the information processing system 10B in the second embodiment. Here, it is assumed that the IoT device 36, the image forming apparatus 12B, and the person to be notified are involved as main parties. For example, when the image forming apparatus 12B detects that the data collected from the IoT device 36 is in an invalid state (for example, falsification), the image forming apparatus 12B temporarily suspends the processing of the data and the falsification has occurred. Is notified to the terminal owner Ow or machine administrator Ad who is the notification target (first notification). The person to be notified checks the information processing system 10B and takes appropriate security measures for solving the problem of tampering. Thereafter, the image forming apparatus 12B restarts the processing of the recollected data, and notifies the same notification target person that the tampering problem has been solved (second notification).

  As shown in FIG. 3, the image forming apparatus 12B includes a data receiving unit 40, a data processing unit 42, a fraud detection unit 44, and a detection information recording unit 46, as in the first embodiment (image forming apparatus 12A). And a data transmission unit 48 and a notification control unit 50. However, it should be noted that the notification unit 60 performs an operation different from that of the first embodiment (notification unit 56).

<Operation of Image Forming Apparatus 12B>
Next, the operation of the image forming apparatus 12B shown in FIG. 3 (mainly the operation peculiar to the second embodiment) will be described with reference to the flowchart of FIG. 8 and the sequence diagram of FIG. Note that description of steps with substantially the same operation as in the first embodiment may be omitted.

  Steps S21 to S24 correspond to steps S01 to S04 in FIGS. 3 and 4, respectively. Hereinafter, it is assumed that data transmitted from the mobile terminal 16 (FIGS. 1 and 7) has been tampered with and a specific event has been detected (S23: detected).

  In step S25, the notification setting unit 54 of the image forming apparatus 12B reads the event detection information recorded in step S24, and acquires an e-mail address associated with the data transmission source. Here, the notification setting unit 54 may directly extract the email address included in [1] event detection information, or [2] refer to an address book that is managed and registered in advance, thereby An email address corresponding to the user information extracted from the detection information may be acquired.

  In step S26, the notification setting unit 54 determines whether or not the mail address of the transmission source (that is, the terminal owner Ow) has been acquired in step S25. If the e-mail address can be acquired (step S26: YES), the notification setting unit 54 sets “terminal owner Ow” specified by the e-mail address as the notification destination (step S27o). On the other hand, when the e-mail address cannot be acquired (step S26: NO), the notification setting unit 54 sets “machine administrator Ad” whose e-mail address is known as the notification destination (step S27a).

  In step S28, the notification unit 60 of the image forming apparatus 12B notifies the notification destination set in step S27o (S27a) that the event has been detected in step S23 (first time). Specifically, the data transmission unit 48 transmits a notification mail including the notification information generated by the notification information generation unit 52 to the notification destination dynamically set by the notification setting unit 54.

  For example, the terminal owner Ow receives a notification (first notification) that an illegal state of data has been detected via the mobile terminal 16. The person who has received the notification (that is, the terminal owner Ow) quickly grasps that data has been falsified around the mobile terminal 16 using the notification content indicated by the notification mail as a clue.

  In step S29, the terminal owner Ow inspects the information processing system 10B centering on the mobile terminal 16, and then takes security measures for improving the security state. Specific measures include, for example, execution of a security scan or change of network settings (transfer to a higher security level).

  In step S <b> 30, the terminal owner Ow operates the portable terminal 16 to take security measures, and then performs an instruction operation to resume data reception, for example, via the UI unit 26. Then, after receiving the operation of the terminal owner Ow, the data receiving unit 40 requests the IoT device 36 to transmit data.

  Returning to step S21, the data receiving unit 40 receives data from the IoT device 36 again via the network NW. If appropriate security measures are taken in step S29, the fraud detector 44 determines that no event has been detected from the data received this time (step S23: no detection).

  Steps S31 and S32 correspond to steps S08 and S09 in FIGS. 3 and 4, respectively. Hereinafter, it is assumed that an event has been detected at the time of the previous reception (S32: with detection).

  In step S <b> 33, the notification unit 60 notifies the verification result regarding the validity of the change in the security state of the IoT device 36 to the outside. Specifically, the notification unit 60 notifies the notification target person that the security measure (change of the security state) by the notification target person is appropriate and that the event is not detected in step S23 (second time).

  Here, the data transmission unit 48 transmits a notification mail including the notification information generated by the notification information generation unit 52 to the same notification destination (notification target person) as in the case of the first notification. That is, “terminal owner Ow” is set as the notification destination when step S27o is executed, and “machine administrator Ad” is set as the notification destination when step S27a is executed.

  As a result, the person to be notified receives a notification (second notification) that the illegal state of the data is no longer detected. The person who has received the notification (that is, the person to be notified) quickly grasps that the security state has been improved by the security measures he / she has taken, based on the notification content indicated by the notification mail.

  In step S34, as in the case of the first embodiment (step S11 in FIGS. 3 and 4), the data processing unit 42 of the image forming apparatus 12B performs processing according to the data received in step S21. Returning to step S32, if an event is not detected (step S32: no detection), the data processing unit 42 responds to the data received in step S21 with the execution of step S33 (second notification) omitted. The process is performed (step S34).

<Effects of Image Forming Apparatus 12B>
As described above, the image forming apparatus 12B as the information processing apparatus in the second embodiment includes the data receiving unit 40 and the notification unit 60 that operates differently from the first embodiment. Even if comprised in this way, the effect similar to the case of 1st Embodiment is acquired. That is, the illegal state of data can be resolved more quickly than when a status code is presented in response to a data request. In particular, since the notification means 60 notifies the variably set notification destination, it is possible to operate and maintain security management with a high degree of freedom.

  The notification unit 60 may notify the IoT device 36 (external device) that transmitted the data. Since the party requesting the improvement of the security state (here, the data sender) is notified directly, appropriate security measures are promptly taken through the party.

  In addition, the notification unit 60 may notify the IoT device 36 that is the transmission source when the data transmission source can be identified based on the data analysis result. Thereby, the external device specified as the data transmission source is notified directly.

[Third Embodiment]
Next, an information processing system 10C according to the third embodiment will be described with reference to FIGS. In addition, about the same structure and function as 1st Embodiment, while attaching | subjecting the same referential mark, the description may be abbreviate | omitted.

<Operation example and configuration>
FIG. 10 is a schematic diagram illustrating an operation example of the information processing system 10 </ b> C according to the third embodiment. Here, it is assumed that the four members of the IoT device 36, the image forming apparatus 12C, the information management server 20, and the machine administrator Ad are involved as main parties. For example, when the image forming apparatus 12C detects that the data collected from the IoT device 36 is in an illegal state (for example, falsification has been made), the image forming apparatus 12C temporarily holds the data processing and the falsification has occurred. Is notified to the machine administrator Ad via the information management server 20 (first notification). Receiving the notification, the machine administrator Ad checks the information processing system 10C and takes appropriate security measures for solving the problem of tampering. Thereafter, the image forming apparatus 12C restarts the data processing, and notifies the machine manager Ad via the information management server 20 that the falsification problem has been solved (second notification).

  FIG. 11 is a functional block diagram showing a main part of the image forming apparatus 12C in the third embodiment. As in the case of the first embodiment (FIG. 3), the image forming apparatus 12C includes a data reception unit 40, a data processing unit 42, a fraud detection unit 44, a detection information recording unit 46, and a data transmission unit 48. And a notification control unit 50. However, it should be noted that the notification unit 70 includes not only the data transmission unit 48 and the notification control unit 50 but also the information management server 20.

<Operation of Image Forming Apparatus 12C>
Next, the operation of the image forming apparatus 12C in FIG. 11 (mainly the operation peculiar to the third embodiment) will be described with reference to the flowchart in FIG. 4 and the sequence diagram in FIG. In addition, since other steps except steps S05 and S10 are accompanied by the same operation as in the first embodiment, description thereof is omitted.

  In step S05 in FIG. 12, the notification unit 70 of the image forming apparatus 12C notifies the outside that an event has been detected in step S03 (first time). Here, the notification means 70 performs notification in two sub-steps (S05a, S05b).

  In step S05a, prior to notification, the notification information generation unit 52 generates notification information including event detection information. Then, the data transmission unit 48 sends the notification information generated by the notification information generation unit 52 to the notification destination statically set by the notification setting unit 54 (here, the information management server 20 registered in advance). Send.

  In step S05b, the information management server 20 extracts the mail address of the machine administrator Ad with reference to the notification setting tables T1 (FIG. 6) and T2 (FIG. 13), and sends the notice mail including the event detection information to the machine administrator. Send to Ad. As a result, the machine administrator Ad receives a notification (first notification) that an illegal state of data has been detected via the administrator terminal 18.

  In step S10, the notification means 70 notifies the outside that the event is not detected in step S03 (second time). Here, the notification means 70 performs notification in two sub-steps (S10a, S10b).

  In step S10a, prior to notification, the notification information generation unit 52 generates notification information including event detection information. Then, the data transmission unit 48 transmits the notification information generated by the notification information generation unit 52 to the notification destination (here, the information management server 20) statically set by the notification setting unit 54.

  In step S10b, the information management server 20 extracts the mail address of the machine administrator Ad with reference to the notification setting tables T1 (FIG. 6) and T2 (FIG. 13), and sends the notice mail including the event detection information to the machine administrator. Send to Ad. As a result, the machine administrator Ad receives a notification (second notification) that the illegal state of the data is no longer detected via the administrator terminal 18.

  By the way, the notification means 70 (information management server 20) may make various custom settings related to notification with reference to a second table (hereinafter referred to as notification setting table T2) that stores setting information. Hereinafter, a specific example of the notification setting table T2 illustrated in FIG. 13 will be described with reference to FIG.

  FIG. 13 is a diagram illustrating an example of the notification setting table T2 of FIG. This notification setting table T2 shows the correspondence between the type of phase, the notification destination, and the phase transition condition. Here, as “type of phase”, [1] new detection, [2] validity verification (unresolved 1), [3] validity verification (unresolved 2), [4] non-detection (resolved) Are listed.

  First, in phase 1 (new detection), the notification means 70 notifies the machine administrator Ad that an event has been detected, and shifts from phase “1” to “2”. Thereafter, the worker X starts the inspection of the information processing system 10C (execution of security measures if necessary) independently in response to a request from the machine administrator Ad.

  In phase 2 (validity verification; unsolved 1), the notification means 70 notifies the worker X of the verification result regarding the validity of the change in the security state. When the security problem is solved by the worker X, the notification unit 70 shifts from the phase “2” to “4”. On the other hand, if the problem is not solved even if the security measures are taken a predetermined number of times (one or more times), the notification means 70 shifts from the phase “2” to “3”.

  In phase 3 (validity verification; unsolved 2), the notification means 70 notifies both the worker X and the worker Y of the verification result regarding the validity of the change of the security state. For example, the worker Y is a person having a higher skill level than the worker X. When the security problem is solved by helping the operator Y, the notification unit 70 shifts from the phase “3” to “4”.

  Finally, in the phase 4 (non-detection), the notification means 70 notifies the machine administrator Ad and the involved workers (one or two in this case) that the event is no longer detected. End “4”.

<Effects of Image Forming Apparatus 12C>
As described above, the image forming apparatus 12C as the information processing apparatus in the third embodiment includes the data receiving unit 40 and the notification unit 70 having a configuration different from that of the first embodiment. As described above, the notification unit 70 including a plurality of computers can provide the same operational effects as in the case of the first embodiment. That is, the illegal state of data can be resolved more quickly than when a status code is presented in response to a data request.

  Further, the notification unit 70 may notify different notification destinations according to the verification result regarding the validity of the change in the security state of the IoT device 36. As a result, a notification destination suitable for the verification result is notified.

  Furthermore, the notification means 70 notifies the first notification destination (worker X) at least once of the verification result that the validity of the change has not been verified, and then the validity of the change is not further verified, The verification result may be notified to a second notification destination (worker Y) different from the first notification destination. Compared with the case where the same person (first notification destination) continues to be involved and the security state is changed, the possibility that the illegal state of the data is resolved earlier increases.

[Fourth Embodiment]
Next, an information processing system 10D according to the fourth embodiment will be described with reference to FIGS. 10 and 14 to 16. In addition, about the same structure and function as 3rd Embodiment, while attaching | subjecting the same referential mark, the description may be abbreviate | omitted.

<Operation example and configuration>
As illustrated in FIG. 10, the information processing system 10 </ b> D according to the fourth embodiment can employ an operation example similar to that of the third embodiment (information processing system 10 </ b> C). That is, it is assumed that the four parties of the IoT device 36, the image forming apparatus 12D, the information management server 20, and the machine administrator Ad are involved as main parties.

  FIG. 14 is a functional block diagram illustrating a main part of the image forming apparatus 12D according to the fourth embodiment. The image forming apparatus 12D includes a data receiving unit 40, a data processing unit 42, a fraud detection unit 44, a detection information recording unit 46, a data transmission unit 48, a notification control unit 50, and a retransmission request unit 72 (retransmission). Requesting means).

<Operation of Image Forming Apparatus 12D>
Next, the operation of the image forming apparatus 12D in FIG. 14 (mainly the operation peculiar to the fourth embodiment) will be described with reference to the flowchart in FIG. 15 and the sequence diagram in FIG. Note that description of steps with substantially the same operation as in the third embodiment may be omitted.

  Steps S41 to S43 correspond to steps S01 to S03 of FIGS. 4 and 12, respectively. Hereinafter, it is assumed that data transmitted from the mobile terminal 16 has been tampered with and a specific event has been detected (S43: with detection).

  In step S44, the retransmission request unit 72 counts the number of retries (counts up by 1) and confirms the magnitude relationship with a predetermined threshold (for example, 5 times). This “number of retries” means the number of times the same data is continuously transmitted, and the initial value is zero.

  In step S45, the retransmission request unit 72 determines whether or not the current number of retries has reached a threshold value. If the threshold value has not been reached (step S45: the threshold value has not been reached), the process returns to step S41, and steps S41 to S45 are sequentially repeated while updating the number of retries.

  When the number of retries reaches the threshold value (step S45: reaching the threshold value), the process proceeds to the next step S46. Hereinafter, steps S46 to S53 correspond to steps S04 to S11 of FIGS. 4 and 12, respectively.

<Effects of Image Forming Device 12D>
As described above, in the image forming apparatus 12D as the information processing apparatus in the fourth embodiment, [1] the data receiving unit 40, [2] the notification unit 70, and [3] the illegal state of the data are detected. In this case, a retransmission request unit 72 (retransmission request unit) is provided to request the IoT device 36 to retransmit the same data. [4] The notification means 70 may notify the outside for the first time when an invalid state is detected in any of the data continuously received a plurality of times. Thereby, it is possible to prevent an incorrect state of data from being erroneously detected under a situation where data transmission / reception succeeds through multiple retransmissions.

[Modification]
In addition, this invention is not limited to the 1st-4th embodiment mentioned above, It can change freely in the range which does not deviate from the main point of this invention. Alternatively, it is a matter of course that the configurations may be arbitrarily combined within a range where no technical contradiction occurs.

  In the first to fourth embodiments described above, notification is performed by mail, but the mode of notification is not limited to this. For example, the notification means 56, 60, and 70 (notification setting unit 54) may perform notification using a report, notification using an SNMP (Simple Network Management Protocol) function, and notification using the UI unit 26 (FIG. 1).

  In the first to fourth embodiments described above, the first notification and the second notification are performed for one notification destination, but the method of setting the notification destination is not limited to this. For example, the notification means 56, 60, and 70 (notification setting unit 54) may notify two or more notification destinations simultaneously, or may perform the second notification to a notification destination different from the first notification. The notification means 56, 60, and 70 may change the notification destination according to the type of event.

  In the first to fourth embodiments described above, the first notification or the second notification is performed once each, but the method of setting the number of notifications is not limited to this. For example, the notification means 56, 60, 70 (notification setting unit 54), when there is no change in the security state within the time set by the notification to the notification destination (for example, within one day) (in the above embodiment) In the example, when the “reception restart instruction operation” in steps S07, S30, and S49 is not accepted, the notification destination may be notified again. As a result, through a re-notification to the notification destination, a prompt change of the security state is promptly prompted.

  In the first to fourth embodiments described above, when the machine administrator Ad receives a notification that an illegal state of the data has been detected, the machine administrator Ad checks the information processing system 10 and performs security measures. Although the reception is resumed, the data reception resumption timing is not limited to this. For example, the data may be kept in a state that can be recognized later and the data may be continuously received. Thereby, it can be understood that the reliability of data is low, and the real-time property of data processing is satisfied.

  In the above-described fourth embodiment, the upper limit value (that is, the threshold value) of the number of retries is handled as a fixed value, but the threshold value determination method is not limited to this. For example, the retransmission request unit 72 calculates the number of retries that can determine whether a simple transmission / reception failure or an event to be detected is generated by a learning process using past communication history information, and sets this number as a threshold value. May be set as

  10 (A, B, C, D) Information processing system, 12 (A, B, C, D) Image forming device (information processing device), 36 IoT device (external device), 40 Data receiving unit (receiving means), 42 Data processing unit (processing unit), 56, 60, 70 Notification unit, 72 Retransmission request unit (retransmission request unit), Ad Machine administrator, Owner of Ow terminal.

Claims (8)

Receiving means for receiving data from one or more external devices;
Notifying the outside that an invalid state of data received from the external device has been detected, and a notification means for notifying the outside of a verification result verifying the validity of the change in the security state of the external device;
An information processing apparatus comprising:   The information processing apparatus according to claim 1, wherein the notification unit notifies different notification destinations according to the verification result.   If the validity of the change is not further verified after notifying the first notification destination of the verification result that the validity of the change has not been verified at least once, the notification means The information processing apparatus according to claim 2, wherein the verification result is notified to a second notification destination different from the verification result.   The information according to any one of claims 1 to 3, wherein the notification unit re-notifies the notification destination when the change has not occurred within a time set by notification to the notification destination. Processing equipment. If the unauthorized state is detected, further comprising a retransmission request means for requesting the external device to retransmit the same data,
The information according to any one of claims 1 to 4, wherein the notification means notifies the outside for the first time when an invalid state is detected in any of the data continuously received a plurality of times. Processing equipment.   The notification means is at least one of a person having security setting authority in the external apparatus, a person having security management authority in the external apparatus, and the external apparatus that has transmitted data in which an illegal state is detected. The information processing apparatus according to claim 1, wherein notification is performed. Receiving a data from one or more external devices;
Notifying the outside that an illegal state of data received from the external device has been detected, and notifying the outside of the verification result that verifies the validity of the change in the security state of the external device;
Is executed by one or more computers. Receiving a data from one or more external devices;
Notifying the outside that an illegal state of data received from the external device has been detected, and notifying the outside of the verification result that verifies the validity of the change in the security state of the external device;
An information processing program that causes one or a plurality of computers to execute.