JP5041516B2 - USB memory for computer screen monitoring - Google Patents

Description

  BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a USB memory for monitoring a computer screen, and in particular, the monitor can cause the computer to capture a display display screen at predetermined intervals and save or transmit it as continuous image data. The present invention relates to a USB memory (an external storage device having a built-in flash memory and connected via a USB port) used in a screen monitoring system that allows the contents of the screen to be confirmed.

  A system for automatically and continuously storing a display display screen that sequentially changes while the computer is driven as image data is well known as described in JP-A-10-254737 and JP-A-2003-330761. It is. The purpose of continuously recording and saving computer display screens at predetermined intervals in this way is to identify the operating status that causes software bugs, and the status of each stage of display data that changes during work or changes Can be reproduced.

  Also, in organizations such as companies, there are many cases where a plurality of staff members can relatively freely operate a computer storing important information as data and a terminal connected to the computer through a network line. It is used as a means to prevent unauthorized operations such as leakage or leakage of confidential information and alteration or destruction of important data. For example, Japanese Patent Application Laid-Open No. 2005-148267 proposes a screen monitoring system for monitoring such an illegal operation and saving it as evidence for the existence of an illegal act.

  Furthermore, by using such a screen monitoring system, it is possible to monitor the behavior of employees accessing Internet entertainment sites during working hours, or minors browsing harmful sites at home. Become. However, when operating the screen monitoring system as described above, it is required from the viewpoint of system operation and security to restrict the system operating authority and the monitoring image data viewing authority only to a specific supervisor (administrator). However, it is practically not easy to ensure such a restriction.

  In other words, when assigning conceptual keys such as specific IDs and user passwords to the monitor to limit the system management authority and the access authority to the monitoring image data, the monitor completely stores these keys. It becomes necessary to keep it and it tends to be a big burden. In addition, if these are written on paper and stored so as not to forget them, it is relatively easy for others to permit browsing of monitoring screen data and the like. Therefore, it is conceivable to store authentication information in a predetermined electronic device and use it as a physical key. By implementing this, it is possible to reduce the burden on the supervisor. However, since the key can be copied relatively easily by copying or analyzing the storage contents of the device, the security is not perfect.

  On the other hand, when remotely monitoring via a network line, there is a possibility that transmitted data may be leaked in the middle of the line. In this case, it is conceivable to continuously encrypt and store continuously captured image data. However, if the decryption program that decrypts the encrypted data and can be viewed is easy to copy, can be accessed by a computer that stores the decryption program, or can be operated by a person other than the supervisor, It tends to be difficult to secure.

Therefore, for example, when there are a plurality of computers constituting the image monitoring system on the network line, it is necessary to limit the computers used for system management and browsing of monitoring image data to specific computers that cannot be used or accessed by others. As a result, the situation tends to be extremely inconvenient for the observer.
Japanese Patent Laid-Open No. 10-254737 Japanese Patent Laid-Open No. 2003-330761 JP 2005-148267 A

  The present invention has been made to solve the above-described problems, and relates to a screen monitoring system that monitors a computer display screen using computer monitoring image data automatically and continuously stored. The challenge is to make the level high and at the same time ensure the convenience of the observer.

Therefore, the present invention provides a computer storing an automatic capture program that automatically and continuously captures the display display screen at a preset timing and automatically encrypts it as monitoring image data and stores it in a predetermined storage means. A USB memory used for a screen monitoring system that allows a predetermined monitor to decode and monitor the monitor image data using a browsing program to display a desired screen, and when the USB memory is manufactured The storage means stores a self-authentication program that self-authenticates that it is an original USB memory using the given unique identification information, and an automatic capture program that is installed in the computer and a browsing program. Stored and surveillance image data A self-authentication program used as a storage medium for a system execution program including a key for limiting system operation authority including browsing to a predetermined person and the automatic capture program, and connected to a computer constituting the screen monitoring system Is activated, self-authentication work is performed, and when the self-authentication is performed, the use restriction of the stored system execution program is released, and the identification information includes a serial number unique to the USB memory. The identification information is encrypted by the encryption program and stored in advance as encrypted identification information in the storage means, and the identification information is accessed by accessing the activation source of the program with the self-authentication program activated on the connection destination computer. encrypted identification information by detecting and decoding with detecting a compare these less Its self-authentication is the thing completed If the two match.

Normally, identification information unique to each hardware such as a vendor ID, product ID, serial number, etc. is given to the USB memory at the time of manufacture and recorded in its storage means. By using self-authentication as key information for identifying certain things, it is possible to reduce the burden of the observer storing or recording the key information while omitting the trouble of setting the key information individually, In addition, it is possible to make physical key replication difficult. By using a USB memory as a storage medium for system execution programs including automatic capture programs, it is not necessary to use an inconvenient medium such as a CD-ROM with a low security level, and it is easy to monitor. Ri's Do as the high security display monitoring system while ensuring the convenience of easily building, and, started and stored encrypted identification information including the serial number of the USB memory, the activated self-authentication program By making the self-authentication complete on condition that the original information is accessed and the identification information and the encrypted identification information are combined and matched, it becomes impossible to substitute with another USB memory. Therefore, it can be made more secure.

Then, the automatic capture program, is installed in the computer shall be monitored, during its installation, each installation is automatically captured program is the connection destination computer during each installation to individually specified Predetermined installation information corresponding to the situation is attached to the automatic capture program, and this installation information is automatically stored on the USB memory side, and after completion of self-authentication, the installation information of the connection destination Since the USB memory is characterized in that the monitoring image data can be browsed on the condition that it is present in the stored installation information, a system with higher security can be obtained .

  According to the present invention, a USB memory is used as a storage medium for a supervisor's physical key and system drive program, and identification information unique to the USB memory is used as key information for self-authentication. While the security level is high, the convenience of the observer can be sufficiently ensured.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

  FIG. 1 is a system layout diagram showing a first embodiment using a screen monitoring USB memory of the present invention. In this embodiment, in an organization such as a company, when a plurality of computers 4a, 4b, 4c, 4d, and 4e are connected via a LAN line 10 to form an in-house LAN, confidential information that is performed via each computer. A screen monitoring system 1A for monitoring and preventing unauthorized use such as leakage of data and falsification of important data will be described.

  In the case of this system, the supervisor is assumed to be an information manager who is entrusted with the protection and management of information within the company, and four computers that can be operated by a plurality of employees within the company's own computer 4a and can view important information. Computers 4b, 4c, 4d, and 4e are to be monitored, and the computer 4a receives monitoring image data of the display screen captured by each of the computers 4b, 4c, 4d, and 4e and performs management for centralized management of the system Also serves as a server.

  FIG. 2 is a functional block diagram conceptually showing functions of the screen monitoring USB memory 2 used by the administrator for system management and monitoring image data browsing. The USB memory 2 for monitoring the screen is a general-purpose USB memory with a built-in flash memory, and a unique serial number assigned to the hardware of the USB memory at the time of manufacture is stored in the storage means (flash memory). In addition, identification information such as a vendor ID and a product ID, and a system execution program including each program necessary for executing a screen monitoring method in the screen monitoring system 1A described later are stored.

  The storage means of the screen monitoring USB memory 2 is roughly divided into a system startup program storage area 27 for automatically starting a program when connected to a computer, and various programs for executing the system. A system execution program storage area 20 and an identification information storage area 25 storing identification information are set.

  The system execution program storage area 20 includes a management / browsing program storage area 21, an encryption / decryption program storage area 22, an encryption identification information storage area 23, and an automatic capture program storage area 26. It is a part which exhibits the core function in the screen monitoring system 1A which is the form.

  The management / browsing program stored in the management / browsing program storage area 21 is activated on the connection destination computer to display a management / browsing operation screen, and allows the administrator to perform various management / browsing operations. And a function for installing an automatic capture program, a self-authentication function described in detail later, and the like. The encryption / decryption program storage area 22 stores an encryption / decryption program. Identification information such as a unique serial number stored in the identification information storage area 25 and encryption / decryption of various programs and data. It has a decryption function.

  An automatic capture program is stored in the automatic capture program storage area 26, and is installed and stored in a state where the screen monitoring USB memory 2 is connected to a computer to be monitored. The number of installations can be set in advance. In this embodiment, the number of installations is limited to 5. The number of installations cannot be installed on a computer exceeding this number, and copying cannot be performed on the installation destination computer. Yes.

  The automatic capture program has a function of automatically encrypting the captured monitor image data of the display screen using a predetermined encryption key. In addition, the above-described management / browsing program also has a decryption program that uses a common encryption key. The user password input by the monitor in encryption / decryption of the monitoring image is used as the encryption key. If used, it becomes easy to achieve a high security level.

  On the other hand, the identification information storage area 25 stores a serial number, a vendor ID, and a product ID assigned to each hardware when the USB memory used for the screen monitoring USB memory 2 is manufactured. This identification information is used as key information for self-authentication. Even if only the serial number is used for this identification information, a certain level of security can be secured.

  Each program stored in the system execution program storage area 20 is stored as an archive encrypted by using an encryption key that only the manufacturer can know by the encryption / decryption program. Sometimes it is extracted from the archive, decrypted and used, and immediately deleted when it is no longer needed. For this reason, the number of files existing in the flash memory is small, and a neatly organized situation is maintained. In addition, this makes it difficult to copy and view program files and data files in the archive.

  The operation of the screen monitoring USB memory 2 and the computer to which it is connected will be described below with reference to the flowcharts of FIGS. If an automatic capture program is already installed on the destination computer (any of 4a to 4e), the display screen is automatically captured and encrypted during computer startup according to the administrator's settings, or LAN The encrypted surveillance image data transmitted from the other computer is received (B1) and stored in the encrypted surveillance image data storage means (B2).

  In order for the administrator to view the monitoring image data after the screen monitoring system is activated, the screen monitoring USB memory 2 owned by the administrator is connected to a computer in which the monitoring image data is stored. Then, an activation icon is displayed on the display, and when the administrator performs an operation such as double-clicking, the self-authentication program in the management / browsing program is read and activated on the connection destination computer (A1) and connected. A self-item authentication operation for determining whether or not the screen monitoring USB memory 2 is original is performed.

  Referring to the flowchart showing the details of the self-authentication procedure in FIG. 4, first, it is determined whether or not there is encrypted identification information in the connected screen monitoring USB memory 2 (C1), and there is no encrypted identification information. If it is completed, it is read if there is, and is decrypted and stored using an encryption / decryption program (C2). Then, the location (drive letter) where the self (self-authentication program) is activated is acquired via the operation system (C3), and the information on the connected USB memory is acquired to search for the connected drive letter ( C4), it is determined whether there is a USB memory with a matching drive letter (C5) (condition 1). Since the encrypted identification information is encrypted using an encryption key that only the manufacturer can know, it is impossible for the user to view and modify the identification information.

  If there is no matching USB memory, the process ends. If there is, the individual identification information stored in the matching USB memory is acquired (C6), and whether or not the identification information matches the decrypted identification information. Judgment is made (C7) (condition 2). If they do not match, authentication fails, and if they match, self-authentication is completed. By adopting such a procedure, for example, even if the content of the screen monitoring USB memory 2 is copied to a hard disk or the like, it is not a USB device and cannot be started up under condition 1, and the content of the screen monitoring USB memory 2 is Since the individual identification information is different even if it is copied to another USB memory, it cannot be activated according to condition 2, so that a high security level can be realized.

  Referring to the flowchart of FIG. 3 again, when this self-authentication fails, the process is terminated as it is, and when self-authentication is completed (successful), the use restriction of the system execution program is released (B4). Then, it is confirmed whether or not the automatic capture program is installed in the connection destination computer when the use restriction of the system execution program is released (B5). If it is not installed, a guide screen for guiding to the installation can be displayed by an operation of an administrator who desires installation, and the automatic capture program can be installed accordingly. At the time of installation, as a means for an unauthorized person to disable the operation of the program when another person obtains the screen monitoring USB memory 2, etc., a user password is registered and various settings are made. I do.

  When installation of the automatic capture program is confirmed, installation information (information for identifying each installed program, such as the installation destination PC name, installation location, installation date and time, and counter value) attached to this is stored. However, it is determined whether there is a match among the installation information stored in the same way on the screen monitoring USB memory 2 side (B6). If not, the process ends. Start (A2).

  At that time, a screen prompting the user password input is displayed on the display of the connection destination computer and the user password is input. If the user password does not match, the process ends here. Only when the user password matches, the encrypted monitoring image data is displayed. Decoded (B8) and displayed according to the operation (B9). In this case, by using the user password input by the supervisor as an encryption / decryption key and determining marker data in each file, whether or not there is predetermined data at the position at the time of decryption. The validity of the user password can be verified. This eliminates the need to store user password data in the installation destination, and can increase the system security level.

  In this way, a supervisor who is an information manager installs an automatic capture program on a plurality of computers on the in-house LAN line 10 using one screen monitoring USB memory 2 (5 in this embodiment). It is possible to construct a screen monitoring system with relative ease. For this reason, it is easy to ensure the convenience of the observer while realizing a high security level without requiring other media such as driver software or CD-ROM on the connected computer side.

  With this configuration, the administrator can monitor the screen of a desired computer from any computer on all the computers on the LAN line 10 in which the automatic capture program is installed. Furthermore, the administrator can easily realize centralized system management by setting all the monitoring image data captured by each computer to be transmitted by using the computer 4a as a management server.

  That is, the computer 4b, 4c, 4d, 4e encrypts the monitoring image data with the encryption program. However, the computer 4a, 4b, 4c, 4d, and 4e are set so that they are sequentially transmitted to the computer 4a without being stored in the storage means. If it is stored in the storage means when transmission is impossible, such as when it is disconnected from the computer, and if it is automatically transmitted and deleted after transmission is possible, each computer 4b, 4c, 4d, 4e It is difficult to burden the storage capacity, and security can be ensured more reliably.

  In addition, as described above, a USB memory that is convenient to carry and can be used as one physical key is used as the screen monitoring USB memory 2, and identification information previously assigned to the USB memory is used as key information for self-authentication. As a result, the burden of storing the key information by the administrator can be reduced, and by adding user password authentication as an authentication means at the time of monitoring image browsing, the screen monitoring USB memory 2 is obtained by another person. Even in such a case, the system security can be secured. In the above description, the case where the supervisor browses the monitoring image data has been described. However, the same self-authentication procedure and user password authentication procedure are required when the supervisor performs management such as setting and changing the system. Yes, and a high security level can be realized as well.

  Next, the operation in each stage and the operation procedure of the administrator in the screen monitoring system 1A of the present embodiment will be described in detail while showing an example of a display screen of a computer connected to the screen monitoring USB memory 2.

  When the screen monitoring USB memory 2 is connected to a computer, a dialog box having an activation icon is displayed. When this icon is double-clicked, the self-authentication program is activated in the background that cannot be recognized by the operator, and the self-authentication operation shown in FIG. 4 is automatically and immediately performed. Then, the initial screen shown in FIG. 5 is displayed when self-authentication is performed and the use restriction of the system execution program is released, and various operations are performed from this screen, and each setting screen is moved. It becomes possible. For example, by clicking the setting menu 70 on the menu bar to open the menu and selecting the item “capture program parameter setting”, the “capture program parameter setting” dialog box 71 shown in FIG. 7 can be opened.

  This dialog box 71 is only displayed when the automatic capture program has not been installed on the connection destination computer, or when it has been installed with the currently connected screen monitoring USB memory 2 (matching installation information). It becomes effective. That is, if it is not installed, it can be installed from this screen, and if it is already installed, various settings can be made.

  On this screen, in addition to initial registration, operations such as transfer destination designation, capture interval designation, file deletion designation, resolution designation, etc. can be performed, as well as confirmation of the number of times the automatic capture program can be installed, installation location designation, etc. be able to. Since the dialog box 71 and the operation by the dialog box are obtained by reading the management / browsing program in the USB memory 2 for screen monitoring, the common setting contents such as the number of installable times can be set on any computer. Is also stored on the screen monitoring USB memory 2 side. Further, the number of installable times is reduced by the installation operation and increased by the uninstallation operation.

  In order to view the monitoring image data, the folder selection button 81 on the initial screen of FIG. 5 is clicked to display a “reference folder” dialog box (not shown), and the user password input dialog is displayed by specifying the folder where the data exists. Is displayed and the user password is input, the initial state mode display 40A of the status bar of the display screen of FIG. 5 is changed to the page mode display 40B shown in FIG. .

  Thereafter, when the file menu 50 in the menu bar of the display screen of FIG. 6 is clicked, the menu opens. By selecting the item “display range date / time designation”, the “display start / end date / time setting” dialog box 61 shown in FIG. Can be opened. Then, by setting the display start / end date and time and clicking the OK button, the designated monitoring image data is displayed. In the state of the page mode display 40B in FIG. 6, the next time screen can be displayed by clicking the forward button 83 on the toolbar, and the previous time screen can be displayed by clicking the back button 82. .

  Furthermore, when the play button 84 on the tool bar is pressed in the page mode of FIG. 6, the monitoring image data can be automatically expanded in a slide show. In this case, when the display menu 60 in the menu bar is clicked and “operation setting” is selected from the menu, an “operation setting” dialog box 72 shown in FIG. 9 is opened. By using this, it is possible to set the development speed of the monitoring screen data so that efficient monitoring work can be easily performed.

  FIG. 10 is a system layout diagram showing a second embodiment using the screen monitoring USB memory of the present invention. In this embodiment, a case where a screen monitoring system is constructed in a small-scale facility such as a general household or a self-employed company will be described. In this case, the screen monitoring USB memory 3 to be used has substantially the same configuration as the screen monitoring USB memory 2 described above, but the number of setting units is as small as two computers 4f and 4g, and the LAN line is not set. The number of licenses for the automatic capture program is only about 2, and it is not necessary to set the monitoring image data transmission function. It is offered as a low-priced version combined with the use of a general-purpose USB memory. Easy to do.

  In the present embodiment, for example, in the case of a home, it is assumed that monitoring is performed so that a mother becomes a monitor and a minor does not browse harmful sites such as an adult site. In addition, for example, it can be used by an individual investor to store stock fluctuations over a long period of time and use it as reference for stock trading data. In these cases, the computer that wants to monitor the screen is started and the monitoring image data stored can be referred to by connecting the USB memory 3 for screen monitoring, while ensuring the security in the system management as described above. It is easy to ensure the convenience of the observer.

  As described above, according to the present invention, it is possible to increase the system security level for a screen monitoring system that monitors a computer display screen using computer monitoring image data automatically and continuously stored. , To ensure the convenience of the observer.

  In the above-described embodiment, the configuration in which the connected computer reads the USB memory having the self-authentication function and permits the self-authentication and the activation of the program has been described, but unlike this, the terminal connected to the USB memory and the Internet or the like The identification information unique to the USB memory and its encryption key are transmitted to a computer such as a server connected via a predetermined line, and the received computer encrypts the installation file, startup file, etc. using the identification information and the encryption key. The terminal may be downloaded and stored in a USB memory.

  For example, install a program providing server on the Internet, access from a terminal connected to a general-purpose USB memory, make a purchase contract for a system program, etc., and send this USB memory identification information and encryption key (user password, etc.) Thus, even if a system program or the like registered on the server side and encrypted using such information is downloaded and stored in the USB memory, the same screen monitoring USB memory as described above can be created. Internet sales can be realized.

  In addition, by using the above-described method, it can be widely applied to other fields as a program or system activation control means, and further, a relatively large storage capacity of a USB memory can be used to store a program including content. It can also be applied to download services. In this case, by arranging the negotiation logic with the server, the USB memory can be used as an authentication key of the server, and it is possible to enjoy services by being automatically accessed and automatically authenticated just by connecting. Therefore, it is not only convenient for the user but also advantageous for the service provider in terms of license management and copyright management.

The system arrangement | positioning figure which shows the 1st Embodiment of this invention. The functional block diagram of the USB memory for screen monitoring of FIG. The flowchart for demonstrating the operation | movement procedure and effect | action of the system of FIG. The flowchart which shows the detail of the self-authentication part among the flowcharts of FIG. An initial display screen when the screen monitoring USB memory of FIG. 1 is connected to a computer. Display screen when transitioning to page mode. Display display screen when the Capture Program Parameter Setting dialog box is opened. Display display screen when the display / end date and time setting dialog box is opened. Display display screen when the operation setting dialog box is opened. The system arrangement | positioning figure which shows the 2nd Embodiment of this invention.

Explanation of symbols

  1A, 2A screen monitoring system, 2, 3 screen monitoring USB memory, 4a, 4b, 4c, 4d, 4e, 4f, 4g computer, 10 LAN line, 20 system execution program storage area, 21 management / browsing program storage Area, 22 encryption / decryption program storage area, 23 encryption identification information storage area, 25 identification information storage area, 26 automatic capture program storage area

Claims (1)

The computer storing the automatic capture program automatically and continuously captures the display display screen of the computer at a preset timing and automatically stores it as monitoring image data and saves it in a predetermined storage means. A USB memory used in a screen monitoring system that allows a monitor of the user to decode the monitoring image data using a browsing program and display a desired screen for confirmation;
A system including at least a self-authentication program for self-authentication of the original USB memory using unique identification information given at the time of manufacturing the USB memory, the automatic capture program installed on the computer, and the browsing program An execution program is stored in a storage means, and is used as a storage medium for a system execution program including a key for limiting system operation authority including browsing of the monitoring image data to a predetermined person and the automatic capture program. By connecting to the computer constituting the screen monitoring system, the self-authentication program is started and self-authentication work is performed, and when the self-authentication is performed, the use restriction of the stored system execution program is released Is supposed to be The identification information includes a serial number unique to the USB memory, and the identification information is encrypted by an encryption program and stored in advance in the storage means as encrypted identification information. In the self-authentication program, the identification information is detected by accessing the program startup source, and the encrypted identification information is detected and decrypted and compared. are those completed, and the automatic capture program, which is installed is monitored on the computer, during the installation, each respectively installed the automatic capture program to the destination computer Specific installation depending on the status of each installation Installation information is attached to the automatic capture program, and the installation information is automatically saved on the USB memory side. After the self-authentication is completed, the installation information of the connection destination is saved. A USB memory for screen monitoring, wherein the monitoring image data can be browsed on the condition that it exists in installation information.

Images