JP2023106959A - Control relay device and control relay method - Google Patents

Abstract

To provide a technique for safely controlling a device to be controlled.SOLUTION: A control relay device comprises: an HDMI and a first USB interface which are connected to a device to be controlled; a second USB interface and a third USB interface which are connected to a control device for controlling the device to be controlled; an HDMI/USB conversion section that performs HDMI/USB conversion on display information received via an HDMI to output the display information to the second USB interface; and a USB/HID conversion section that performs USB/HID (Human Interface Device) conversion on control information received via the third USB interface to output the control information to the first USB interface.SELECTED DRAWING: Figure 1

Description

The present invention relates to a control relay device and a control relay method.

In Patent Document 1, a control-side station takes an image of the actual situation of a device to be controlled connected to an I/O control device, transmits it to an operation-side station, and displays all the images received at the operation-side station. At the same time, it displays a controlled object table showing the contents of possible control for each controlled object device, and accepts from the user the specification of two diagonal points P1 and P2 on the area where the controlled object device is displayed. There is a disclosure of a remote control device capable of creating an I/O map by accepting a designation from a control target table as to which control target device the area belongs to.

JP-A-10-215388

The technique described in Patent Document 1 above judges and controls a target device to be remotely controlled from an image. This technology is an example of a technology that constitutes a remote control technology, but since there is no particular description or consideration of how to connect to a controlled object, it cannot cope with connection restrictions on security policies.

SUMMARY OF THE INVENTION An object of the present invention is to provide a technique for safely controlling a device to be controlled.

The present application includes a plurality of means for solving at least part of the above problems, and examples thereof are as follows. In order to solve the above problems, a control relay device according to an aspect of the present invention includes a High-Definition Multimedia Interface (HDMI) and a first USB (Universal Serial Bus) interface connected to a device to be controlled, and the device to be controlled. a second USB interface and a third USB interface that are connected to a control device that controls the device, and performs HDMI/USB conversion on the display information received via the HDMI to the second USB interface an HDMI/USB conversion unit for outputting; and a USB/HID conversion unit for performing USB/HID (Human Interface Device) conversion of the control information received via the third USB interface and outputting the control information to the first USB interface. , is provided.

Further, in the above control relay device, when further connected to the control device via the third USB interface, a one-time passcode is generated and IN-transferred to the control device, and the input of the passcode is requested. It may be provided with a one-time passcode issuing unit to be obtained.

Further, in the above-described control relay device, the one-time passcode issuing unit, when the input control information does not match the one-time passcode, causes the HDMI/USB conversion unit and the USB/HID conversion unit to It may also deactivate the treatment.

Further, in the control relay device described above, when the HDMI/USB conversion unit is connected to the control target device via the HDMI, the HDMI/USB conversion unit receives display information for image authentication from the control target device, Image authentication may be performed by performing conversion and outputting to the second USB interface.

Further, in the above control relay device, the first USB interface connects the device to be controlled as a host controller, the third USB interface connects the control device as a host controller, and the USB/ The HID conversion unit may serial-convert the control information received via the third USB interface and then convert it into HID information.

Further, in the control relay device described above, the device to be controlled may be connected to a closed network, and the control device may substitute for input of a password token.

Further, in the above-described control relay device, the control device may instruct an operation of a physical operator with respect to the device to be controlled.

A control relay method according to another aspect of the present invention is a control relay method for a control relay device that relays between a device to be controlled and a control device that controls the device to be controlled, wherein the control relay device The device includes a High-Definition Multimedia Interface (HDMI) and a first USB (Universal Serial Bus) interface that connect to the device to be controlled, and a second USB that connects to the control device that controls the device to be controlled. an HDMI/USB conversion step of performing HDMI/USB conversion on display information received via the HDMI and outputting the display information to the second USB interface; and the third USB interface. and a USB/HID conversion step of performing USB/HID (Human Interface Device) conversion of control information received via an interface and outputting the control information to the first USB interface.

According to the present invention, it is possible to provide a technology for safely controlling a device to be controlled. Problems, configurations, and effects other than those described above will be clarified by the following description of the embodiments.

1 is a diagram showing a configuration example of a system using a control relay device according to the first embodiment of the present invention; FIG. It is a figure which shows the hardware structural example of a control relay apparatus. FIG. 10 is a diagram illustrating an example of a flow of relay processing; FIG. 10 is a diagram illustrating a configuration example of a system using a control relay device according to a second embodiment; FIG. FIG. 10 is a diagram illustrating an example of the flow of relay processing according to the second embodiment; It is a figure which shows the structural example of the alerting|reporting system to which a control relay apparatus is applied. FIG. 10 is a diagram showing a configuration example of a token input agency system to which a control relay device is applied; It is a figure which shows the structural example of the power-on assistance system to which the control relay apparatus is applied.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments according to the present invention will be described with reference to the drawings. In principle, the same members are denoted by the same reference numerals in all the drawings for describing the embodiments, and repeated description thereof will be omitted. In addition, in the following embodiments, the constituent elements (including element steps, etc.) are not necessarily essential, unless otherwise specified or clearly considered essential in principle. Needless to say. In addition, when saying "consisting of A", "consisting of A", "having A", or "including A", other elements are excluded unless it is explicitly stated that only those elements are included. It goes without saying that it is not something to do. Similarly, in the following embodiments, when referring to the shape, positional relationship, etc. of components, etc., unless otherwise specified or in principle clearly considered otherwise, the shape is substantially the same. It shall include things that are similar or similar to, etc.

In the following description, the input/output unit and display unit of the control device 200 may be one or more interface devices (not shown). The one or more interface devices may be at least one of the following:
- One or more I/O (Input/Output) interface devices. An I/O interface device is an interface device for the control device 200 . The I/O interface devices for the controller 200 may be either user interface devices, input devices such as keyboards and pointing devices, and output devices such as display devices.
- One or more communication interface devices. The one or more communication interface devices may be one or more of the same type of communication interface device (e.g., one or more NICs (Network Interface Cards)) or two or more different types of communication interface devices (e.g., NIC and It may be an HBA (Host Bus Adapter).

Also, in the following description, "memory" refers to one or more memory devices, which are examples of one or more storage devices, and may typically be a main memory device. At least one memory device in the memory may be a volatile memory device or a non-volatile memory device.

Also, in the following description, "storage unit" or "storage" may be memory or both of memory and permanent storage. In particular, the permanent storage device may be, for example, a HDD (Hard Disk Drive), an SSD (Solid State Drive), an NVME (Non-Volatile Memory Express) drive, or an SCM (Storage Class Memory).

Also, in the following description, a "processing unit" or "processor" may be one or more processor devices. The at least one processor device may typically be a microprocessor device such as a CPU (Central Processing Unit), but may be another type of processor device such as a GPU (Graphics Processing Unit). At least one processor device may be single-core or multi-core. At least one processor device may be a processor core. At least one processor device is a circuit (for example, FPGA (Field-Programmable Gate Array), CPLD (Complex Programmable Logic Device) or ASIC (Application A processor device in a broad sense such as Specific Integrated Circuit) may also be used.

In addition, in the following description, the function may be described using the expression “yyy part”, but the function may be realized by executing one or more computer programs by a processor, or may be realized by executing one or more computer programs. It may be realized by the above hardware circuits (for example, FPGA or ASIC), or may be realized by a combination thereof. When a function is realized by executing a program by a processor, the defined processing is performed using a storage device and/or an interface device as appropriate, so the function may be at least part of the processor. good. A process described with a function as the subject may be a process performed by a processor or a device having the processor. Programs may be installed from program sources. The program source may be, for example, a program distribution computer or a computer-readable recording medium (for example, a non-temporary recording medium). The description of each function is an example, and multiple functions may be combined into one function, or one function may be divided into multiple functions.

Further, in the following description, when processing is described with a "program" or "processing unit" as the subject, the processing described with the program as the subject may be processing performed by a processor or a device having the processor. Also, two or more programs may be implemented as one program, and one program may be implemented as two or more programs.

In the following explanation, the expression "xxx table" or "xxx storage part" may be used to describe information that can be obtained as an output for an input, but the information can be a table of any structure. Alternatively, it may be a learning model represented by a neural network, a genetic algorithm, or a random forest that generates an output in response to an input. Also, in the following description, the configuration of each table is an example, and one table may be divided into two or more tables, or all or part of two or more tables may be one table. may

Also, in the following description, the "control device" may be a system configured with one or more physical computers, or a system realized on a physical computing resource group (eg, cloud infrastructure) (eg, , cloud computing system). The “display” of the display information by the control station device may be the display of the display information on the display device of the computer, or the transmission of the display information from the computer to the display computer. (in the latter case the display information is displayed by a display computer).

PCs (Personal Computers) and server devices often belong to a closed network generally called a secure network, although the implementation mode differs depending on the application. In that case, it is desirable to be able to control the server device or the like to be controlled from the outside via communication for the convenience of operation management in an emergency. However, actually allowing control from the outside via a network runs the risk of significantly lowering security, so it is not easy to implement. For example, in order to make it possible to change the configuration of the server device via the Internet, it is necessary to install the server device in a DMZ (DeMilitarized Zone) with lower security, or to change the firewall policy on the network. In many cases, it is necessary to take measures and change the configuration, such as installing software for receiving operations from the outside on the controlled device.

The inventor has devised a method for safely controlling a device to be controlled with respect to such a problem. As a method for doing so, a method using a control relay device that relays between a device to be controlled and a control device that controls the device to be controlled was devised. There, the control relay device has an HDMI and a first USB interface for connecting with a device to be controlled, and a second USB interface and a third USB interface for connecting with a control device for controlling the device to be controlled. It is connected to a device to be controlled via HDMI and USB, and connected to a control device via two USBs, ie, a second USB interface and a third USB interface.

More specifically, the control relay device performs HDMI/USB conversion on the display information received from the control target device via the HDMI interface and outputs the display information to a second USB interface connected to the control device. USB for performing USB/HID (Human Interface Device) conversion of control information received via a third USB interface connected to the control device and outputting the control information to the first USB interface connected to the control target device; /HID conversion step.

In a more specific first embodiment, when screen information for display is received from a control target device via HDMI, the control relay device relays this to the control device via USB to make the control device a host. An IN transfer is made and passed and displayed by the controller. In addition, when an input from a mouse or keyboard is received from the control device via USB by OUT transfer with the control device as the host, the control relay device relays this to the control target device via USB. , and the control target device accepts it as an HID input operation.

FIG. 1 is a diagram showing a configuration example of a system using a control relay device according to the first embodiment of the present invention. The control relay device 100 connects via HDMI and USB to the controlled device 10 implemented by a general computer device. Since the controlled device 10 is a general computer, the description will be simplified. The HDMI driver 20 connects to the control relay device 100 so as to output screen information via HDMI, and the USB/controller driver 40 realizes the role of a host controller for the control relay device 100. 100 to accept a HID input, which the HID Class driver 30 accepts as an input.

The control relay device 100 includes a USB/HID converter 120 and an HDMI/USB converter 140 . When the HDMI/USB conversion unit 140 receives the screen information from the control target device 10 via HDMI, the HDMI/USB conversion unit 140 converts the screen information into USB CDC-ACM (Communications Device Class-Abstract Control Model) standard information and sends it to the control device 200 via USB. is delivered by IN transfer.

In addition, upon receiving input information from the control device 200 via the USB through OUT transfer using the control device 200 as a host, the USB/HID conversion unit 120 serially converts the input information and converts the serial data into HID data. Then, it is delivered to the controlled device 10 via USB by OUT transfer with the controlled device 10 as a host.

More specifically, the USB/HID conversion unit 120 includes a serial driver 121, a firmware 122, a one-time passcode issuing unit 123, a HID class report 124, a USB/controller driver 125, and a USB to serial and a conversion unit 130 .

USB to serial conversion unit 130 converts input information received from control device 200 via USB into serial information. Serial driver 121 accepts converted serial information. The firmware 122 uses the HID Class report 124 and the USB/controller driver 125 to reconfigure the serial information into HID information and transfer it to the control target device 10 via USB.

Since the control device 200 is a general computer, the explanation will be simplified. The control device 200 includes a USB/controller driver 210 , a USB CDC-ACM Class driver 220 and an authentication processing section 230 . The USB/controller driver 210 realizes the role of a host controller for the control relay device 100, is connected to receive input of screen information by USB from the control relay device 100, and the USB CDC-ACM Class driver 220 receives the screen information. is received and displayed on the display of the control device 200 or the like.

Input information received from a user 300 using the control device 200 via an input device such as a mouse or a keyboard is transferred to the control relay device 100 by the USB/controller driver 210 via USB.

FIG. 2 is a diagram illustrating a hardware configuration example of a control relay device. The control relay device 100 includes a processor 101 such as a CPU (Central Processing Unit), a memory 102 such as a RAM (Random Access Memory), a storage 103 such as a hard disk or an SSD (Solid State Drive), and an image display on the control device side. USB cable 107 for control device, USB cable 108 for receiving control on the control device side, HDMI cable 109 for receiving image on the device to be controlled, USB cable 110 for control output on the device to be controlled, and a bus connecting them. Configured.

The USB cable 110 for control output on the controlled device side described above corresponds to the first USB interface, the USB cable 107 for image display on the control device side corresponds to the second USB interface, and the USB cable 107 for control device side control reception corresponds to the second USB interface. The USB cable 108 for is equivalent to a third USB interface.

Note that the controlled device-side control output USB cable 110, the control device-side image display USB cable 107, and the control device-side control acceptance USB cable 108 all serve as USB peripherals (functions). In addition, the control device side image display USB cable 107 is responsible for IN transfer with the control device 200 as a host controller. The controller-side control acceptance USB cable 108 is responsible for OUT transfer with the controller 200 as a host controller. The controlled device side control output USB cable 110 performs IN transfer with the controlled device 10 as a host controller.

The USB/HID converter 120 and the HDMI/USB converter 140 described above are implemented by a program that causes the processor 101 to perform processing. This program is stored in memory 102 and executed by processor 101 upon execution.

The above is an example of the hardware configuration of the control relay device 100 according to this embodiment. However, the configuration is not limited to this, and may be configured using other hardware. Although not shown, the controlled device 10 and the control device 200 have known elements of a general computer such as an OS, middleware, and applications.

[Description of Operation] Next, the operation of the control relay device 100 in this embodiment will be described.

FIG. 3 is a diagram illustrating an example of the flow of relay processing. The relay processing is started when the control relay device 100 is connected to the control device 200 .

First, the one-time passcode issuing unit 123 of the control relay device 100 generates a one-time passcode for PIN authentication and transmits the one-time passcode to the control device 200 (step S001). Then, the authentication processing unit 230 of the control device 200 performs PIN authentication to determine whether or not the input information matches the passcode (step S002). Then, when the authentication is successful, the authentication processing unit 230 activates the control relay device 100 and starts subsequent communication (step S003).

When the control relay device 100 is activated, the controlled device 10 outputs the image authentication data to the control relay device 100 via HDMI (step S004). The HDMI/USB converter 140 of the control relay device 100 converts the image authentication data into USB data (step S005). Then, the HDMI/USB conversion unit 140 delivers the image authentication data converted into USB data to the control device 200 (step S006). Then, the authentication processing unit 230 of the control device 200 receives an input from the user 300 using the transferred image authentication data, and performs image authentication (step S007).

If the image authentication fails ("authentication failed" in step S007), the control device 200 deactivates the target device (control target device 10) (step S008). That is, the control relay device 100 cuts off subsequent communication between the control device 200 and the controlled device 10 .

If the image authentication is successful ("authentication successful" in step S007), the control device 200 activates the target device (control target device 10) (step S009). That is, the control relay device 100 continues subsequent communication between the control device 200 and the controlled device 10 .

USB/HID converter 120 of control relay device 100 then activates serial/USB conversion (step S010). Also, the HDMI/USB conversion unit 140 of the control relay device 100 activates HDMI/USB conversion (step S011).

Thereafter, the control relay device 100 relays input/output exchanges between the controlled device 10 and the control device 200 at any time. For example, when there is a display screen output from the controlled device 10, the controlled device 10 outputs the display screen to the control relay device 100 via HDMI (step S012). The HDMI/USB converter 140 of the control relay device 100 converts the display screen into USB data (step S013). Then, the HDMI/USB converter 140 transfers the display screen converted into USB data to the control device 200 (step S014).

Further, for example, when there is an input operation from the control device 200, the USB/controller driver 210 of the control device 200 accepts the operation of the input device on the display screen (step S015). The USB/controller driver 210 transfers the input device operation to the control relay device 100 (step S016).

Then, the USB/HID conversion unit 120 of the control relay device 100 performs USB/HID conversion on the received operation of the input device (step S017). Then, the USB/HID conversion unit 120 of the control relay device 100 transfers the input device operation to the control target device 10 by HID (step S018). By repeating this as needed, it is possible to perform input/output control between the control device 200 and the control target device 10, so that the control target device 10 can be operated from the control device 200 using a GUI (Graphical User Interface). can do.

The above is the system using the control relay device according to the first embodiment. According to the system using the control relay device according to the first embodiment, the control relay device that imitates a USB device can be connected to the control target device via the USB without going through an IP network such as the Internet and without installing software in the control target device. By connecting to the host controller, a pseudo remote desktop operation can be performed from the control device. Therefore, even if the control target device is connected to a closed network and cannot be controlled from the outside via the network, it can be said that the control target device can be controlled from the control device via the control relay device. In addition, it can be said that remote control becomes possible without changing the control target device (without installing software).

In addition, it is necessary to authenticate the control relay device that allows the control target device to be operated by the control device, and device authentication can be performed. Only when authenticated, the control relay device can pass the operation information from the control device to the controlled device.

In addition to authenticating the control relay device, unless the user recognizes and authenticates the image authentication data obtained from the control target device, the operation information of the control target device cannot pass from the control device.

Therefore, according to the system using the control relay device according to the first embodiment, even if there is a connection restriction on the security policy of the control target device 10, the security against unauthorized access is not lowered, and the control target device can be safely controlled. Device control can be performed.

Although the control relay device according to the first embodiment has been specifically described above, the present invention is not limited to this embodiment, and various modifications can be made without departing from the gist of the invention. Not even. For example, the control relay device 100 may be configured to allow a plurality of control target devices 10 to be connected. Alternatively, the control relay device 100 may be connected to a plurality of control target devices 10 via a Hub, and the connection switching may be switched by the Hub. By doing so, it is possible to maintain security performance and prevent unauthorized access even when a plurality of controlled devices are connected to the control relay device.

FIG. 4 is a diagram showing a configuration example of a system using a control relay device according to the second embodiment. The control relay device 100 shown in FIG. 4 is the same as the control relay device 100 according to the first embodiment. In the system using the control relay device according to the second embodiment, the control relay device 100 is not directly connected to the control target device 10 by HDMI and USB, but is connected to the control target device 10 and the control target device 10 via the Hub 5. It is connected to the target device EX11. The hub 5 includes an HDMI switching unit 6 and a USB switching unit 7. Upon receiving a switching instruction from the control relay device 100, the HDMI switching unit 6 and the USB switching unit 7 switch between the controlled device 10 and the controlled device EX11. , and either the controlled device 10 or the controlled device EX11 becomes communicable with the control relay device 100 .

FIG. 5 is a diagram illustrating an example of the flow of relay processing according to the second embodiment. The flow of the relay processing according to the second embodiment is basically the same as the flow of the relay processing according to the first embodiment, so differences will be mainly described.

Communication between the controlled device 10 and the control device 200 is similar, but when the control device 200 instructs the Hub 5 to select the controlled device EX11 (step S020), the Hub 5 connects to the HDMI The connection and the USB connection are switched to the controlled device EX11.

Then, the controlled device EX11 outputs the image authentication data to the control relay device 100 via HDMI (step S021). Thereafter, the image authentication procedure similar to that of the control-target device 10 of the relay processing according to the first embodiment is performed. That is, the HDMI/USB conversion unit 140 of the control relay device 100 converts the image authentication data into USB data (step S005), and the HDMI/USB conversion unit 140 sends the image authentication data converted into USB data to the control device 200. The data is transferred (step S006), and the authentication processing unit 230 of the control device 200 receives an input from the user 300 using the transferred image authentication data and performs image authentication (step S007).

The above is an example of the relay processing flow according to the second embodiment. According to the example of the relay processing flow according to the second embodiment, it is possible to maintain security performance and prevent unauthorized access even when a plurality of controlled devices are connected to the control relay device.

FIG. 6 is a diagram showing a configuration example of a notification system to which a control relay device is applied. This notification system is a specific example of configuring the notification system according to the third embodiment using the control relay device according to the first embodiment. A reporting device 200A in this system corresponds to the control device 200 according to the first embodiment. 200 A of notification apparatuses are provided with the notification process part 240 in addition to the structure of the control apparatus 200. FIG. When predetermined information is output from the controlled device 10 as display information, the notification processing unit 240 notifies the separately registered smartphone 400 by a message or an e-mail. For example, the notification processing unit 240 detects that a predetermined image, a predetermined character image, or a predetermined display is made at a predetermined position as image information from the control relay device 100, and transmits an alert mail to the smartphone 400. .

More specifically, when the notification processing unit 240 detects that a predetermined error message popup (for example, a message popup indicating that an error has been detected) has been displayed by image analysis of the screen information of the controlled device 10, Send an email containing the text to the smart phone 400 .

With such a notification system according to the third embodiment, even if the controlled device 10 cannot directly send an e-mail, the smartphone 400 can receive a notification via the notification device 200A. become.

FIG. 7 is a diagram showing a configuration example of a token input agency system to which a control relay device is applied. The proxy token input system is a concrete example of configuring the proxy token input system according to the fourth embodiment using the control relay device according to the first embodiment. The controlled device 10 is connected to a closed network. An operator device 200B in this system corresponds to the control device 200 according to the first embodiment, and substitutes for the controlled device 10 to input a password token. The operator device 200B includes a token input proxy processing unit 250 in addition to the configuration of the control device 200. FIG. When predetermined login account information is output from the controlled device 10 as display information, the token input proxy processing unit 250 reads the account ID and the like of the login account from the screen information, and transfers the account ID to the login proxy device 500. Instruct password token generation and keyboard input.

The login proxy device 500 is connected to an imaging device 550 and a password token display device 560 . The login proxy device 500 includes a token information acquisition unit 520 and a keyboard input robot 510. The token information acquisition unit 520 operates buttons on a password token display device 560 to generate and display a password token, The password token information is acquired by causing the imaging device 550 to read the password token. The keyboard input robot 510 can obtain screen information from the control target device 10, act for the input of the account ID and the password token, and act for the log-in for performing various procedures related to a predetermined account from the operator device 200B. . As a result, for example, when a customer logs in at a bank call center using a password token generated using the password token display device 560, the call center operator performs various procedures on behalf of the inexperienced customer. In this case, substitution of input can be realized without requiring the operator of the call center to know the password token.

FIG. 8 is a diagram showing a configuration example of a power-on auxiliary system to which a control relay device is applied. The power-on auxiliary system is a specific example of configuring the power-on auxiliary system according to the fifth embodiment using the control relay device according to the first embodiment. An operator device 200C in this system corresponds to the control device 200 according to the first embodiment. The operator device 200C includes a power-on processing section 260 in addition to the configuration of the control device 200 . When predetermined screen information is output from the controlled device 10 as display information, the power-on processing unit 260 separately instructs the auxiliary device 600 to turn on the controlled device 10 .

If the controlled device 10 is a device such as a supercomputer or does not support power-on via a network such as in a complete power-off state, it may be necessary to touch the controlled device 10 directly to turn on the power. However, there are not many cases where the operation of physically touching a device that requires the highest security is allowed, so in an emergency or the like, security may become an enemy and hindrance in turning on the power.

In order to solve this problem, an auxiliary device 600 having a power-on operator 670, which is a physical operator for pressing the power button of the controlled device 10, is provided near the power button. An imaging device 650 for imaging the status display 50 (display) is provided near the display of the control target device 10 . Then, the monitoring unit 620 of the auxiliary device 600 monitors the state of the status display 50 via the imaging device 650, and the operation control unit 610 controls the operation of the power-on operator 670 (pressing of the power button). make it

Then, when the operator device 200C issues a power-on instruction to the auxiliary device 600, the operation control unit 610 controls the power-on operation element 670 to power on the control target device 10, and the monitoring unit 620 The display 50 can be captured as an image via the imaging device 650 to monitor activation control. As a result, it is possible to safely and quickly power on the controlled device 10 even in an emergency.

The above is the embodiment of the control relay device according to the present invention. In addition, in the above-described embodiment, the configuration is described in detail in order to explain the present invention in an easy-to-understand manner.

Further, each of the configurations, functions, processing units, etc. described above may be realized by hardware, for example, by designing a part or all of them using an integrated circuit. Further, the control lines and information lines indicate those considered necessary for explanation, and not all control lines and information lines are necessarily indicated on the product. In practice, it may be considered that almost all configurations are interconnected.

Also, each configuration, function, processing unit, etc. of the control relay device 100 described above may be securely realized in a distributed system by executing a part or all of them in another device and performing integrated processing, for example. .

Also, the technical elements of the above-described embodiments may be applied singly, or may be applied after being divided into a plurality of parts such as program parts and hardware parts.

The present invention has been described above with a focus on the embodiments.

5: Hub, 10: Control target device, 20: HDMI driver, 30: HID Class driver, 40: USB/controller driver, 50: Status display, 100: Control relay device, 120: USB/HID converter, 121: Serial driver, 122: Firmware, 123: One-time passcode issuing unit, 124: HID Class report, 125: USB/controller driver, 130: USB to serial conversion unit, 140: HDMI/USB conversion unit, 200: Control Device, 210: USB/controller driver, 220: USB CDC-ACM Class driver, 230: authentication processing unit, 300: user.

Claims (8)

HDMI (High-Definition Multimedia Interface) and a first USB (Universal Serial Bus) interface for connecting with a device to be controlled;
a second USB interface and a third USB interface that connect to a control device that controls the device to be controlled;
an HDMI/USB conversion unit that performs HDMI/USB conversion on the display information received via the HDMI and outputs the display information to the second USB interface;
a USB/HID conversion unit that performs USB/HID (Human Interface Device) conversion of control information received via the third USB interface and outputs the control information to the first USB interface;
A control relay device comprising: The control relay device according to claim 1,
Further, when connected to the control device via the third USB interface, a one-time passcode is generated and transferred to the control device serving as a USB host by IN, and a one-time passcode is issued to request input of the passcode. having a department,
A control relay device characterized by: The control relay device according to claim 2,
The one-time passcode issuing unit deactivates the processing of the HDMI/USB conversion unit and the USB/HID conversion unit when the input control information does not match the one-time passcode.
A control relay device characterized by: The control relay device according to any one of claims 1 to 3,
When connected to the control target device via the HDMI, the HDMI/USB conversion unit receives display information for image authentication from the control target device, performs HDMI/USB conversion, and converts the information to the second USB. Output to the interface and perform image authentication,
A control relay device characterized by: The control relay device according to any one of claims 1 to 4,
the first USB interface connects the device to be controlled as a host controller;
the third USB interface connects the control device as a host controller;
The USB/HID conversion unit serially converts the control information received via the third USB interface and then converts it into HID information.
A control relay device characterized by: The control relay device according to any one of claims 1 to 5,
The device to be controlled is connected to a closed network,
The controller substitutes for input of a password token;
A control relay device characterized by: The control relay device according to any one of claims 1 to 5,
The control device instructs the operation of a physical operator for the device to be controlled;
A control relay device characterized by: A control relay method for a control relay device that relays between a device to be controlled and a control device that controls the device to be controlled,
The control relay device
an HDMI (High-Definition Multimedia Interface) and a first USB (Universal Serial Bus) interface for connecting with the device to be controlled;
a second USB interface and a third USB interface that connect with the control device that controls the device to be controlled;
an HDMI/USB conversion step of performing HDMI/USB conversion on the display information received via the HDMI and outputting the display information to the second USB interface;
a USB/HID conversion step of performing USB/HID (Human Interface Device) conversion of the control information received via the third USB interface and outputting the control information to the first USB interface;
A control relay method characterized by:

Images