JP4663688B2 - Terminal - Google Patents

Description

  The present invention relates to a technology for controlling a process operating on an OS (Operating System).

  Patent Document 1 discloses a process monitoring system that can arbitrarily set a process monitoring start / end period by monitoring an arbitrary process with a specified name and allocating linked processing when the monitoring process ends abnormally. Yes. In the process monitoring system described in Patent Document 1, upon receiving a notification from the process monitoring start unit, the monitoring process means reads the monitoring process definition file and acquires the process name of the monitoring target process. The process ID is retrieved from the process management table of the operating system based on the process name, and set so that it can be detected when the monitored process group ends abnormally. When an abnormal end of a process is detected, the end code is acquired, and the monitoring process definition file is searched using the process name and end code as keys, and the corresponding linked process is searched and executed. Also, upon receiving a notification from the process monitoring end unit, the process monitoring is stopped.

JP 2000-311099 A

  In recent years, so-called thin client type information processing systems have attracted attention. A thin client type information processing system can use various application programs and data installed in the local machine by remotely controlling the desktop of the local machine at home or office using the remote machine at hand. . The remote machine has at least a communication program for network connection of the remote machine to the local machine, a remote desktop program for causing the remote machine to function as an input / output device of the local machine, and an OS for operating these programs. It is only necessary to be mounted as much as possible. By not installing various application programs and data on the remote machine, the possibility of information leakage due to theft of the remote machine can be reduced.

  However, in a thin client type information processing system, when a remote machine is connected to a local machine using an external network service (for example, a commercial wireless access point service), an authentication process (usually for using the service) Login process) is required. A general-purpose Web browser program may be used for this authentication process. Many general-purpose web browser programs in recent years have many functions having a plug-in function and the like. And since it is multifunctional, there are many virus programs that use plug-in functions and the like. Therefore, from the viewpoint of security, it is preferable that the process of the Web browser program in the remote machine is operated only during the authentication process. The process monitoring technique described in Patent Document 1 does not consider this point at all.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to limit the number of activations of a predetermined program.

In order to solve the above problems, in the present invention, the operation of a predetermined process is monitored, and when the process is operated, the operation time is measured. When the operation time becomes equal to or longer than a predetermined time, the process is forcibly terminated .

For example, the present invention is a terminal connected to a data processing device via a network,
An input unit for inputting operation information for remotely operating the data processing device;
A display unit for displaying a processing result of the data processing device received via the network;
A storage unit for storing a web browser program;
The operation of the web browser program stored in the storage unit is monitored, and when the operation time of the web browser program reaches a predetermined time or more, the execution of the web browser program is terminated and a predetermined message is displayed on the display unit. A control unit having means for displaying and means for communicating with the data processing device via the network
It is characterized by.

  According to the present invention, the number of operations of the first monitoring target process (for example, the process of the Web browser program) can be limited. For this reason, the security of the system can be improved.

  Hereinafter, an embodiment of the present invention will be described.

  FIG. 1 is a schematic diagram of a remote desktop system (thin client type information processing system) to which an embodiment of the present invention is applied. As shown in the figure, the remote desktop system of the present embodiment is constructed at a local machine 1 connected to a local area network (LAN) 4A, which is an internal network constructed at a company, home, etc., and at a destination such as a hotel, a station, etc. A remote machine 2 connected to the LAN 4B, which is a connected external network. The LAN 4A is connected to a WAN (Wide Area Network) 5 via the router 3A. The LAN 4B is connected to the WAN 5 via the router 3B.

  In this embodiment, the router 3B permits free communication between the network terminals connected to the LAN 4B, but the communication between the LAN 4B and the WAN 5 is general-purpose for the network terminals connected to the LAN 4B. This is permitted only when an authentication process (login process) using the Web browser program is requested and the network terminal passes the authentication process. In addition, the communication between the LAN 4B and the WAN 5 is charged, and in order to terminate the charging, a notification process (logout process) using a general-purpose web browser program is performed on the network terminal connected to the LAN 4B. Demands.

  The local machine 1 constructs a VPN (Virtual Private Network) with the remote machine 2 and receives and processes input information (operation contents of the input device) sent from the remote machine 2 via the VPN. At the same time, video information (desktop screen of the display device) indicating the processing result is transmitted to the remote machine 2. The local machine 1 is a computer such as a PC (Peasonal Computer) or a server.

  FIG. 2 is a schematic diagram of the local machine 1. As illustrated, the local machine 1 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102 functioning as a work area of the CPU 101, a NIC (Network Interface Card) 103 for connecting to the LAN 4A, An HDD (Hard Disk Drive) 104, a flash ROM (Read Only Memory) 105, an I / O (Input / Output) connector 106 for connecting a keyboard and a mouse, a video card 107 for connecting a display, A bridge 108 that relays the bus BUS connected to each of the units 101 to 107 and a power source 109 are included.

  The flash ROM 105 stores a BIOS (Basic Input / Output System) 1050. After the power supply 109 is turned on, the CPU 101 first accesses the flash ROM 105 and executes the BIOS 10510 to recognize the system configuration of the local machine 1.

  The HDD 104 stores at least an OS (Operating System) 1041, a VPN communication program 1042, a remote server program 1043, and a plurality of application programs 1044.

  The OS 1041 is a program for the CPU 101 to control each unit 102 to 109 of the local machine 1 and execute each program 1042 to 1044 described later. In accordance with the BIOS 1050, the CPU 101 loads the OS 1041 from the HDD 104 to the RAM 102 and executes it. As a result, the CPU 101 comprehensively controls the units 102 to 109 of the local machine 1.

  The VPN communication program 1042 is a communication program for building a VPN with the remote machine 2, and is a communication program using, for example, IPsec (Security Architecture for the Internet Protocol). The CPU 101 loads the VPN communication program 1042 from the HDD 104 to the RAM 102 and executes it in accordance with the OS 1041. Thus, the CPU 101 establishes a VPN with the remote machine 2 in accordance with a communication start request received from the remote machine 2 via the NIC 103, and communicates with the remote machine 2 via this VPN.

  The remote server program 1043 is a program for enabling the desktop of the local machine 1 to be remotely operated from the remote machine 2, and is, for example, a VNC (Virtual Network Computing) server program developed at AT & T Cambridge Laboratory. The CPU 101 loads the remote server program 1043 from the HDD 104 to the RAM 102 and executes it in accordance with the OS 1041. As a result, the CPU 101 receives and processes the input information (keyboard and mouse operation contents) sent from the remote machine 2 via the VPN, and displays the video information (display desktop screen) indicating the processing result on the VPN. Via the remote machine 2.

  The application program 1044 includes programs such as general-purpose web browsers, word processors, and spreadsheets. In accordance with the OS 1041, the CPU 101 responds to an instruction received from the keyboard and mouse via the I / O connector 106 or an instruction received from the remote machine 2 via the remote server program 1043 to receive a desired application program 1044 from the HDD 104. Is loaded into the RAM 102 and executed. Then, video information representing the desktop screen reflecting the execution result is output from the video card 107 and transmitted to the remote machine 2 via the remote server program 1043.

  Returning to FIG. 1, the description will be continued. The remote machine 2 constructs a VPN with the server machine 1, and transmits input information (operation contents of the input device) input to the remote machine 2 to the server machine 1 through the VPN, and the server machine The video image information (desktop screen of the display device) is received from 1 and displayed on the display of the remote machine 2. The remote machine 2 is a so-called HDD-less PC, and is configured so that a printer, an external drive, an external memory, and the like cannot be connected locally or through a network. That is, the remote machine 2 is configured such that only a printer, an external drive, an external memory, or the like that is locally or network-connected to the local machine 1 can be used. By doing so, the possibility of information leakage due to theft of the remote machine 2 or the like is reduced.

  FIG. 3 is a schematic diagram of the remote machine 2. As shown in the figure, the remote machine 2 includes a CPU 201, a RAM 202 functioning as a work area for the CPU 201, a NIC 203 for connecting to the LAN 4B, a USB port 204 for connecting an authentication device (USB device) 6, and a flash ROM 205, I / O connector 206 for connecting a keyboard and mouse, video card 207 for connecting a display, bridge 208 for relaying a bus BUS connected to these units 201 to 207, a power source 209 Have.

The flash ROM 205 stores at least a BIOS 2050, an OS 2051, a VPN communication program 2052, a remote client program 2053, a Web browser program 2054A, and an update program 2054B.

  After the power supply 209 is turned on, the CPU 201 first accesses the flash ROM 205 and executes the BIOS 2050 to recognize the system configuration of the remote machine 2.

  The OS 2051 is a program for the CPU 201 to control each unit 202 to 209 of the remote machine 2 and execute each program 2052 to 2054 described later. In accordance with the BIOS 2050, the CPU 201 loads the OS 2051 from the flash ROM 205 to the RAM 202 and executes it. As a result, the CPU 201 comprehensively controls the units 2102 to 209 of the remote machine 2. Note that the OS 2051 of this embodiment uses a relatively small size that can be stored in the flash ROM 205 such as an embedded OS. The OS 2051 has a process control unit 20510 that controls the operation of the process. The process control unit 20510 will be described later.

  The VPN communication program 2052 is a communication program for building a VPN with the local machine 1, and is a communication program using, for example, IPsec. The CPU 201 loads the VPN communication program 2052 from the flash ROM 205 to the RAM 202 and executes it in accordance with the OS 2051. As a result, the CPU 201 transmits a communication start request to the local machine 1 via the NIC 203, constructs a VPN with the local machine 1, and communicates with the local machine 1 via this VPN.

  The remote client program 2053 is a program for the remote machine 2 to remotely access the desktop of the local machine 1, and is, for example, a VNC client (viewer) program. The CPU 201 loads the remote client program 2053 from the flash ROM 205 to the RAM 202 and executes it in accordance with the OS 2041. As a result, the CPU 201 transmits input information (operation contents of the keyboard and mouse) of the I / O connector 206 to the local machine 1 via the VPN, and video information (from the local server 1 via the VPN). The desktop screen of the display) is output to a display (not shown) connected to the video card 207.

  Note that the remote client program 2053 causes the CPU 201 to perform the next authentication process prior to the execution of the above-described process. That is, the CPU 201 displays a password input form on the display connected to the video card 207 and accepts the password input from the user via the keyboard and mouse connected to the I / O connector 206. Then, the received password is transmitted to the authentication device 6 connected to the USB port 204 to request password authentication. The above-described processing is executed only when password authentication is established.

  Here, the authentication device 6 will be described. The authentication device 6 authenticates the password received from the main body of the remote machine 2 and notifies the main body of the remote machine 2 of the verification result. FIG. 4 is a schematic diagram of the authentication device 6. As illustrated, the authentication device 6 includes a USB adapter 601 for connecting to the USB port 204 of the remote machine 2 and an IC chip 602. The IC chip 602 stores a user password 6031 and an authentication program 6032. When the USB adapter 601 of the authentication device 6 is connected to the USB port 204 of the remote machine 2 so that power is supplied from the remote machine 2 to the authentication device 6, the IC chip 602 executes the authentication program 6032. When a password is received from the remote machine 2 according to the authentication program 6032, it is compared with the password 6031 stored in the flash ROM 603. If they match, a message indicating successful authentication is output to the remote machine 2, while if they do not match, a message indicating authentication failure is output to the remote machine 2. In this embodiment, the case where the authentication device 6 is a USB device has been described as an example. However, the present invention is not limited to this. The authentication device 6 may be an IC card, for example. Alternatively, short-distance wireless communication such as Bluetooth (registered trademark) may be used. The authentication device 6 may be configured so that a flash memory can be externally attached, and a part of the data in the IC chip 602 may be stored in the flash memory.

  Returning to FIG. 3, the description will be continued. As the Web browser program 2054A, a general-purpose Web browser program that is commercially available or distributed free of charge is used. Note that many general-purpose web browser programs in recent years have many functions having plug-in functions and the like. And since it is multifunctional, there are many virus programs that use plug-in functions and the like. In this embodiment, the Web browser program 2054A includes an authentication process (login process) for the router 3B for accessing the WAN 5 from the LAN 4B, and a router for terminating the access from the LAN 4B to the WAN 5 and terminating the accounting. Used for notification processing (logout processing) for 3B.

  The update program 2054B accesses a server (not shown) via the NIC 203, obtains update data such as the OS 2051 from the server, and stores it in the RAM 202. Then, the update data stored in the RAM 202 is reflected in the OS 2051 or the like stored in the flash ROM 2051.

  A process control unit 20510 controls a process operating on the OS 2051. FIG. 5 is a diagram schematically showing the process control unit 20510. As illustrated, the process control unit 20510 includes a first monitoring target management table 20511, a second monitoring target management table 20512, a third monitoring target management table 20513, a process management unit 20514, a forcible termination unit 20515, a timer unit 20516, and an activation. A flag setting unit 20517 and an end flag setting unit 20518;

  In the first monitoring target management table 20511, a process ID and a module name of a process to be forcibly terminated are registered. Many general-purpose web browser programs in recent years have many functions having a plug-in function and the like. And since it is multifunctional, there are many virus programs that use plug-in functions and the like. Therefore, in the present embodiment, the Web browser program 2054A is set as a process program to be forcibly terminated.

In the second monitoring target management table 205 1 2, a process ID and a module name of a process that is prohibited from being executed after the forced termination target process is executed are registered. As described above, in this embodiment, the Web browser program 2054A is set as the program for the forced termination target process. The Web browser program 2054A is often multi-functional with a plug-in function or the like. When this plug-in function is implemented, the plug-in module may remain on the RAM 202 even after the Web browser program 2054A is terminated. If the update program 2054B is executed in this state, the plug-in module remaining on the RAM 202 may be written to the flash ROM 205. In this case, the operation of the remote machine 2 may be adversely affected. Therefore, in the present embodiment, the update program 2054B is set as a process program that is prohibited from being executed after the forced termination target process is executed.

  In the third monitoring target management table 20513, a process ID and a module name of a process for canceling the operation prohibition of the forcible termination target process are registered. As described above, in this embodiment, the Web browser program 2054A is set as the program for the forced termination target process. The Web browser program 2054A is used for authentication processing (login processing) for the router 3B and notification processing (logout processing) for the router 3B. Here, the notification process to the router 3B occurs when the access to the local machine 1 is terminated, and as a result, it is not necessary to use the WAN 5, that is, after the remote client PG 2053 is terminated. Therefore, in the present embodiment, the remote client program 2053 is set as a process program for canceling the prohibition of operation of the forced termination target process.

  The process management unit 20514 monitors a process running on the OS 2051. Specifically, when a new process is activated, the process ID and module name, which are identification information of the process, are registered in a process management table (not shown) provided in the process management unit 20514. If any of the active processes ends, the process ID and module name of the process are deleted from the process management table.

  The start flag setting unit 20517 includes a timer start flag that instructs to start measuring elapsed time, and sets the timer start flag on / off.

  The termination flag setting unit 20518 includes a forced termination flag that instructs execution of forced termination of the forced termination target program, and sets on / off of the forced termination flag.

  The timer unit 20516 monitors a timer activation flag included in the activation flag setting unit 20517, and starts measuring elapsed time when the timer activation flag transitions from off to on. If the timer activation flag transitions from on to off, the measurement of the elapsed time is terminated and the measured value is reset to zero.

  The forced termination unit 20515 is a process registered in the first monitoring target management table 20511 based on the timer activation flag provided in the activation flag setting unit 20517 and the on / off of the forced termination flag provided in the termination flag setting unit 20518. Controls execution of a process having the ID and module name (process of Web browser program 2054A) and a process having the process ID and module name registered in the second monitoring target management table 20512 (process of update program 2054B). .

  6 and 7 are flowcharts for explaining the processing of the CPU 201 by the process control unit 2051. This flow is originally executed by the CPU 201 according to the process control unit (program) 2051. However, here, in order to simplify the description, the flow will be described with each program constituting the process control unit 205 as an execution subject.

  When the activation flag setting unit 20517 detects that the process ID and module name of the process (first monitoring target) of the Web browser program 2054A are registered in the process management table included in the process management unit 20514 (YES in S100), It is checked whether or not the timer start flag is on (S101). If the timer start flag is off (NO in S101), it is changed to on (S103), and the process returns to S100. On the other hand, if the timer activation flag is on (YES in S101), the forced termination unit 20515 is notified of the detected process ID and module name of the Web browser program 2054A. In response to this, the forced termination unit 20515 forcibly terminates the process of the Web browser program 2054A having this process ID and module name, and also displays, for example, “the number of uses exceeds the upper limit” on the display connected to the video card 207. Is output (S102).

  Further, when the end flag setting unit 20518 detects that the process ID and module name of the process of the Web browser program 2054A are deleted from the process management table provided in the process management unit 20514 (YES in S110), the forcible end flag is set. It is checked whether or not it is off (S111). If the forced end flag is off (YES in S111), it is turned on (S112), and the process returns to S100. On the other hand, if the forced end flag is on (NO in S111), the process returns to S100 without changing the forced end flag.

  Further, the timer unit 20516 checks whether or not the timer activation flag is on (S120). If the timer activation flag is on (YES in S120), if the elapsed time is being measured (YES in S121). ), Return to S100. If the elapsed time is not being measured (NO in S121), the measurement of the elapsed time is started (S122), and then the process returns to S100.

  Further, the forcible end unit 20515 determines whether or not the measured value of the timer unit 20516 is equal to or greater than a predetermined value (at least the time required for login and logout processing to the router 3B by the Web browser program 2054A) (S130). If the measured value is equal to or greater than the predetermined value (YES in S130), if the forced termination flag is off (NO in S131), the process of the Web browser program 2054A is forcibly terminated and the display connected to the video card 207 is displayed, for example. A message such as “Used time has passed” is output (S132). Then, the process returns to S100. On the other hand, if the forced end flag is on (YES in S131), the process of the Web browser program 2054A has already ended, and the process immediately returns to S100.

  When the forced termination unit 20515 detects that the process ID and the module name of the process (second monitoring target) of the update program 2054B are registered in the process management table provided in the process management unit 20514 (YES in S140), It is checked whether or not the timer start flag is on (S141). If the timer activation flag is on (YES in S141), the process of the update program 2054B having this process ID and module name is forcibly terminated and, for example, “If a web browser is activated” is displayed on the display connected to the video card 207. A message such as “cannot be used” is output (S142).

  If the activation flag setting unit 20517 detects that the process ID and module name of the process (third monitoring target) of the remote client program 2053 are deleted from the process management table provided in the process management unit 20514 (YES in S150). If the timer activation flag is on (YES in S151), it is changed to off (S152). Similarly, when the end flag setting unit 20518 detects that the process ID and the module name of the process of the remote client program 2053 are deleted from the process management table (YES in S150), if the forced end flag is on (S153) YES), this is turned off (S154).

  Note that the timer start flag, the forced end flag, and the measured value of the elapsed time are returned to the initial values (flag off, elapsed time “0”) when the RAM 202 is cleared by restarting the remote machine 2 or the like.

  Next, a schematic operation of the remote desktop system having the above configuration will be described.

  FIG. 8 is a diagram for explaining the schematic operation of the remote desktop system.

  In the remote machine 2, the Web browser program 2054A is started according to the user's instruction, and when the Web browser program 2054A tries to access the WAN 5, the router 3B detects this and displays a login screen on the remote machine 2 (S202). , Prompting for login information.

  In the remote machine 2, when the user inputs login information on the login screen (S203), the login information is verified by the router 3B. If the login information is correct, the router 3B permits the remote machine 2 to access the WAN 5 (S204).

  Thereafter, in the remote machine 2, the VPN communication program 2052 establishes a VPN between the remote machine 2 and the local machine 1 in cooperation with the VPN communication program 1042 of the local machine 1 (S205).

  Next, in the remote machine 2, the remote client program 2053 requests a password from the user (S206), and transmits an authentication request including the password input by the user to the authentication device 6 connected to the remote machine 2 (S207). ). In response to this, the authentication device 6 authenticates the password and returns the authentication result to the remote machine 2 (S208).

  In the remote machine 2, if the authentication result received from the authentication device 6 is authentication successful, the remote client program 2053 starts remote operation of the desktop of the local machine 1 by the remote machine 2 using the VPN established in S205 ( S209). Thereby, the user input information input to the input device of the remote machine 2 is transmitted to the local machine 1 (S210), and the local machine 1 reflects the user input information on the desktop screen video information of the local machine 1. Is transmitted to the remote machine 2 (S211).

  Now, the remote machine 2 ends the remote operation of the local machine 1 according to the user's instruction (S212). Then, the web browser program 2054A is activated according to the user's instruction (S213), and a logout process is performed on the router 3B (S214). As a result, the router 3B ends the charging process (S215).

  Thereafter, in the remote machine 2, the VPN communication program 2052 cuts the VPN between the remote machine 2 and the local machine 1 in cooperation with the VPN communication program 1042 of the local machine 1 (S216).

  Here, since at least one of the timer start flag and the forced end flag is turned on for t1 from when the Web browser program 2054A is started in S201 to when the remote operation is ended in S212, the Web browser program 2054A and the update program The activation of 2054B is forcibly terminated immediately. When the remote operation ends, both the timer activation flag and the forced termination flag are turned off, so that the activation stop of the Web browser program 2054A and the update program 2054B is released. Therefore, logout processing using the Web browser program 2054A becomes possible. If the Web browser program 2054A is activated again, at least one of the timer activation flag and the forced termination flag is always on during the subsequent t2, so that the activation of the Web browser program 2054A and the update program 2054B is immediately forced. Is terminated. In order to cancel this state, for example, the remote machine 2 is restarted to clear the RAM 202, and the flag is returned to the initial state (off).

  The embodiment of the present invention has been described above.

  In the present embodiment, in the remote machine 2, the operation of the Web browser program 2054A that is the first monitoring target process can be restricted to once each before and after the end of the remote client program 2053. That is, for the authentication process (login process) for the router 3B required when accessing the WAN 5 to connect the remote machine 2 to the local machine 1, and the connection of the remote machine 2 to the local machine 1 is released. Thus, the operation of the Web browser program 2054A can be permitted only twice for the notification process (logout process) to the router 3B required to end the accounting when the access to the WAN 5 is terminated.

  As described above, many general-purpose web browser programs 2054A in recent years have many functions having a plug-in function or the like. And since it is multifunctional, there are many virus programs that use plug-in functions and the like. In the present embodiment, since the operation of the Web browser program 2054A can be limited to the minimum necessary number, security can be improved.

  When the plug-in function of the Web browser program 2054A is implemented, the plug-in module may remain on the RAM 202 even after the Web browser program 2054A is terminated. When the update program 2054B is executed in this state, the plug-in module remaining on the RAM 202 may be written to the flash ROM 205, and in this case, the operation of the remote machine 2 may be adversely affected. In the present embodiment, the update program 2054B is prohibited from being executed after the execution of the Web browser program 2054A. By doing so, the stability of the remote machine 2 can be further improved.

  In addition, it is not limited to said embodiment of this embodiment, Many deformation | transformation are possible within the range of the summary.

  For example, in the above embodiment, the process of the Web browser program 2054A has been described as an example of the forced termination target process. However, the present invention is not limited to this. Any process that is likely to be subject to virus infection or unauthorized access (for example, a program having a plug-in function) can be used as the process to be forcibly terminated.

  In the above embodiment, the process of the update program 2054B has been described as an example of the process that is prohibited from being executed after the execution of the forced termination target process. However, the present invention is not limited to this. A process of a program (for example, a duplicate program) that easily expands the influence of virus infection or unauthorized access may be a process that prohibits execution after execution of a forced termination target process.

  In the above embodiment, the remote client program 2053 has been described as an example of the process for canceling the operation prohibition of the forcible termination target process. However, the present invention is not limited to this. Any program process that can detect that the forced termination target process set to operation prohibition needs to be operated again may be used. For example, in this embodiment, instead of the remote client program 2053, the process of the VPN communication program 2052 may be a process for canceling the operation prohibition of the forcible termination target process.

  In the above embodiment, the case where a VPN is established between the local machine 1 and the remote machine 2 to perform communication has been described as an example. However, the present invention is not limited to this. Communication between the local machine 1 and the remote machine 2 may be performed without building a VPN.

  In the above embodiment, the case where the present invention is applied to the remote machine 2 of the remote desktop system which is a so-called thin client type information processing system has been described as an example. However, the present invention is not limited to various information including a normal PC. Applicable to processing equipment.

FIG. 1 is a schematic diagram of a remote desktop system to which an embodiment of the present invention is applied. FIG. 2 is a schematic diagram of the local machine 1. FIG. 3 is a schematic diagram of the remote machine 2. FIG. 4 is a schematic diagram of the authentication device 4. FIG. 5 is a diagram schematically showing the process control unit 20510. FIG. 6 is a diagram for explaining the operation of the process control unit 20510. FIG. 7 is a diagram for explaining the operation of the process control unit 20510. FIG. 8 is a diagram for explaining the schematic operation of the remote desktop system.

Explanation of symbols

  1 ... Local machine, 2 ... Remote machine, 3A, 3B ... Router, 4A, 4B ... LAN, 5 ... WAN

Claims (6)

A terminal connected to a data processing device via a network,
A storage unit for storing a first program for executing a process for remotely operating the data processing device and a second program for executing a process different from the first program;
Monitoring the health of each of the programs stored in the storage unit, during the period from the start the second program until the operating state of the first program are changed to run end state, the second terminal, characterized in that it comprises a control unit which Ru is terminated a second program of the program is the restarted when restarted. The terminal according to claim 1,
The controller is
A terminal characterized in that when the operation of the second program is detected, the second program is terminated after a predetermined time has elapsed. The terminal according to claim 1 or 2,
The storage unit further stores a third program,
The terminal, wherein the control unit prohibits execution of the third program when the second program is operated. The terminal according to claim 3, wherein
The second program is a web browser program,
The terminal according to claim 3, wherein the third program is an update program of the Web browser program. The terminal according to claim 3, wherein
The second program is a web browser program,
The terminal, wherein the third program is an update program that involves writing to the storage unit of the terminal. The terminal according to claim 1 or 2,
The terminal characterized in that the second program is a Web browser program.

Images