JP5954369B2 - Information processing apparatus, information processing system, control method, and program - Google Patents

Description

  The present invention relates to an information security monitoring technique using a face authentication technique.

  In recent years, interest in telework has increased in each company. Telework has issues such as preventing third-party access to confidential information and optimizing labor management, and these issues must be resolved before it can be introduced.

  Currently, in order to solve these problems, a telework management support system using face authentication technology has been developed. By using this system, identity authentication is performed from a webcam image, and spoofing or peeping by a third party is performed. Status can be detected and notified to the administrator.

  In teleworking, an administrator cannot directly monitor a teleworking terminal screen. Therefore, what kind of information is displayed on the terminal screen when an information security problem occurs is important.

  Patent Document 1 is a technique for managing the working status of a telecommuter, and when the working status of the telecommuter is “on duty”, the display screen is periodically captured and stored in a server as a work trail. Send.

JP 2012-256329 A

  In the technique of Patent Document 1, the contents displayed on the terminal screen can be confirmed later by capturing the display screen periodically and leaving it as a trail.

  According to this method, the display content of the terminal screen can be left as a trail periodically, but the display content of the terminal screen at the moment when a malfunction situation in information security such as peeping by a third party occurs, It cannot be left as a trail.

  Therefore, for example, if a third party peeks at confidential information from the terminal screen and then restores the terminal screen state in a short time, there will be no trail and it will be impossible to grasp the fact of information leakage and investigate the cause. Become.

  If the screen capture cycle is shortened to deal with this problem, the probability that the trail will be lost decreases, but on the other hand, the communication volume and storage capacity of the trail data will become enormous, which will put pressure on system resources. .

  Further, even if a person other than the telecommuter himself / herself is looking at the terminal screen, there may be no problem in information security depending on the display content of the terminal screen and the authority of the person who was looking at the terminal screen.

  In that case, there is no need to leave a trail at any time, and by suppressing the recording of the trail, the communication amount and storage capacity of the trail data can be reduced.

  For example, in the case where the person working from home and the person in the same department who visited the place working from home are having a meeting while looking at the terminal screen, there is often no problem with information security.

  However, even if the person concerned is in the same department, if he / she is not authorized to inquire about the contents displayed on the terminal screen, it becomes an information security problem and needs to be left as a trail.

  Furthermore, in order to effectively use the limited system resources, it is necessary to leave trail data without excess or deficiency depending on the situation.

  Therefore, an object of the present invention is to make it possible to confirm the contents of an information security problem that has occurred while suitably utilizing system resources when monitoring the occurrence of an information security problem.

1st invention for solving the said subject is connected so that communication with the server which records the trail data for tracking the information browsing condition in information processing apparatus is possible, and can acquire the image which imaged the front of the display part a information processing apparatus, and the person identifying means for identifying a person in said acquired image, thus the change in the person identified by the person identification unit in the image of the captured forward direction of the display unit, the A status change determination means for determining whether there is a status change of the user of the information processing apparatus and / or a person other than the user in the image captured in front of the display unit; and the status change determination means Image data indicating a situation change of the user of the information processing apparatus and / or a person other than the user in the image obtained by capturing the front of the display unit when it is determined that there is a change of the situation A trail data acquisition control unit for acquiring unique association trail data the image data of the screen displayed on the display unit, the acquired by trail data acquisition control unit, said uniquely associating trail data Is provided with trail data transmission means for transmitting to the server for registration at the server.

A second invention for solving the above problems is an information processing apparatus capable of acquiring an image obtained by imaging the front of the display unit, a server for recording trail data for tracking information browsing status in the information processing apparatus, Is an information processing system that is communicably connected, and a person specified by a person specifying means for specifying a person in the acquired image and a person specified by the person specifying means in an image taken in front of the display unit Thus the change, and the information processing apparatus of the user identity and / or determining whether status change determining means is a person change in circumstances other than the user himself in the image of the captured forward direction of the display unit, The state of the user of the information processing apparatus and / or the person other than the user in the image obtained by capturing the front of the display unit when the state change determination unit determines that the state change has occurred. An image data showing a change, the trail data acquisition control unit for acquiring unique association trail data the image data of the screen displayed on the display unit, trail data acquired by the trail data acquisition control unit Is an information processing system comprising: trail data registration means for registering in a trail data storage unit.

According to a third aspect of the present invention for solving the above-described problem, an image obtained by imaging the front of the display unit can be acquired by being connected to a server that records trail data for tracking information browsing status in the information processing apparatus. A method for controlling an information processing apparatus, wherein a person specifying unit specifies a person in the acquired image, and a situation change determining unit includes the image in the image captured in front of the display unit. Thus the change in the person identified by the person identification unit, whether there is the user himself and / or person change in circumstances other than the user himself of the information processing apparatus in the image of the captured forward direction of the display unit a condition change determining step of determining, by the condition change determining step, when it is determined that there is the situation change, Oyo user identity of the information processing apparatus in the image of the captured forward direction of the display unit / Or image data indicating the status change of the person other than the user himself, and trail data acquisition control step of acquiring uniquely associated trail data image data of the has been displayed on the display unit screen, trail data A transmission means, comprising: a trail data transmission step of transmitting the trail data acquired by the trail data acquisition control means and uniquely associated with the server to be registered in the server; A control method for an information processing apparatus.

According to a fourth aspect of the present invention for solving the above-mentioned problem, an image obtained by imaging the front of the display unit can be obtained, which is communicably connected to a server for recording trail data for tracking information browsing status in the information processing apparatus A program that can be read and executed in a simple information processing apparatus, wherein the information processing apparatus includes a person specifying unit that specifies a person in the acquired image, and the person specifying in an image obtained by imaging the front of the display unit. Thus the change in the person identified by means determines whether the there is the user himself and / or changing conditions of a person other than the user himself of the information processing apparatus in the image of the captured forward direction of the display unit and status change determining means, by the status change determining means, when it is determined that there is the situation change, the identification of the user and / or of the information processing apparatus in the image of the captured forward direction of the display unit A trail data acquisition control unit for acquiring the image data indicating the status change of the person other than the user himself, uniquely associated trail data image data of the screen the has been displayed on the display unit, the trail data It is a program characterized by functioning as trail data transmission means for transmitting the uniquely associated trail data acquired by the acquisition control means to the server for registration at the server.

  According to the present invention, by leaving a trail at any time when an event related to information security occurs, it is possible to confirm the content of the information security problem that has occurred while suitably utilizing system resources. Play.

It is a system configuration figure showing an example of the composition of the telework management support system concerning the embodiment of the present invention. It is a block diagram which shows the hardware constitutions of the information processing apparatus applicable to the management server which concerns on embodiment of this invention, a database server, PC for teleworkers, and PC for administrators. FIG. 3 is a functional block diagram of a management server, a database server, a teleworker PC, and a management PC in the telework management support system according to the embodiment of the present invention. It is a flowchart which shows an example of the monitoring procedure in the telework management assistance system which concerns on the 1st Embodiment of this invention. It is a flowchart which shows an example of the terminal screen change detection procedure in the telework management assistance system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (case of active window transition-window switching) of a terminal screen change in the telework management assistance system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (transition of an active window-the case of the new start of an application) of a terminal screen change in the telework management assistance system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (case of increase / decrease / increase of the number of windows) of a terminal screen change in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (case of increase / decrease / decrease in the number of windows) of a terminal screen change in the telework management support system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (case of a change of a window size-reduction) in a terminal work change in the telework management assistance system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (case of change of a window size-enlargement) of a terminal screen change in the telework management assistance system which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example (change of a window position) of a terminal screen change in the telework management assistance system which concerns on embodiment of this invention. It is a data block diagram which shows an example of the trail data in the telework management assistance system which concerns on the 1st Embodiment of this invention. It is a data block diagram which shows an example of user information in the telework management assistance system which concerns on embodiment of this invention. It is an example of the screen for managers in the telework management support system concerning the embodiment of the present invention. It is a flowchart which shows an example of the monitoring procedure in the telework management assistance system which concerns on the 2nd Embodiment of this invention. It is explanatory drawing for demonstrating an example of the display condition of a terminal screen in the telework management assistance system which concerns on the 2nd Embodiment of this invention. It is a data block diagram which shows an example of the trail data in the telework management assistance system which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows an example of the monitoring procedure in the telework management assistance system which concerns on the 3rd Embodiment of this invention.

[First Embodiment]

  Hereinafter, a first embodiment of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system configuration diagram showing an example of a configuration of a telework management support system to which the information security monitoring process of the present invention is applied.

  The telework management support system 100 has a configuration in which one or more management servers 101, one or more database servers 102, one or more teleworker PCs 111, or one or more administrator PCs 121 are connected via the Internet 130. It has become.

  The management server 101 is a server that centrally manages the teleworker's absence status, peeping by others, or impersonation trail data as telework information, and is constructed on the service environment network 104.

  When the teleworker PC 111 and the administrator PC 121 are connected to the management server 101 by an authentication process using an account ID and a password, and the management server 101 receives the telework information from the teleworker PC 111, the database server 102 Store. When there is a telework information acquisition request from the administrator PC 121, necessary telework information is extracted from the database server 102.

  The database server 102 is a server that stores telework information based on the operation of the management server 101, and is constructed on the service environment network 104. The database server 102 is connected to the management server 101 in addition to the telework information. The account ID and password are also stored. Note that the database server 102 can be configured such that only connection from the management server 101 is permitted and connection from the outside is not possible.

  The teleworker PC 111 is a terminal that creates trail data that is the basis of telework information, and is present on the home network 110. The trail data is created by a dedicated application and passes through the router 112, the Internet 130, and the router 103. It is transmitted to the management server 101. The information security monitoring process of this embodiment operates as a function in this dedicated application.

  The administrator PC 121 is a terminal for confirming telework information, and is present on the in-house network 120. The telework information is confirmed by using a web management console (operating on a web browser), the router 122, the Internet. And the management server 101 via the router 103.

  Hereinafter, the hardware configuration of the information processing apparatus applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 illustrated in FIG. 1 will be described with reference to FIG.

  FIG. 2 is a block diagram illustrating a hardware configuration of an information processing apparatus applicable to the management server 101, the database server 102, the teleworker PC 111, and the administrator PC 121 illustrated in FIG. Since each apparatus has the same configuration, the description will be made using the same reference numerals.

  In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 212 is necessary to realize a BIOS (Basic Input / Output System), an operating system program (hereinafter referred to as OS), which is a control program of the CPU 201, and a function executed by each server or each PC. Various programs to be described later are stored.

  A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 212 to the RAM 203 and executing the loaded program.

  An input controller 205 controls input from a keyboard (KB) 209, a web camera 210, a pointing device such as a mouse (not shown), and the like. A video controller 206 controls display on a display device such as a CRT display (CRT) 211. In FIG. 2, although described as CRT 211, the display device may be not only a CRT but also other display devices such as a liquid crystal display. These are used by the administrator as needed.

  A memory controller 207 is provided in an external storage device (hard disk (HD)), a flexible disk (FD), or a PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 212 such as a compact flash (registered trademark) memory connected via an adapter.

  A communication I / F controller 208 is connected to and communicates with an external device via a network (for example, the network 104 shown in FIG. 1), and executes communication control processing on the network. For example, communication using TCP / IP is possible.

  Note that the CPU 201 can perform display on the CRT 211 by executing outline font rasterization processing on a display information area in the RAM 203, for example. Further, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 211.

  Various programs to be described later for realizing the present invention are recorded in the external memory 212, and are executed by the CPU 201 by being loaded into the RAM 203 as necessary. Further, a setting file used when executing the program is also stored in the external memory 212, and detailed description thereof will be described later.

  Hereinafter, the overall flow in the telework management support system 100 to which the information security monitoring process of the present invention is applied will be described with reference to FIG.

  In the telework management support system 100, the teleworker PC 111 performs labor monitoring and information security monitoring by personal authentication processing, the management server 101 and the database server 102 manage monitoring information, and the administrator PC 121 displays monitoring information.

  The teleworker PC 111 performs a personal authentication process using an image based on data obtained by photographing with the web camera 210 using a dedicated application. The dedicated application establishes a communication connection with the management server 101 using the account ID and password.

  After establishing a connection with the management server 101, the worker is monitored for labor and information security by the personal authentication process. During monitoring, it detects absence, spoofing, and third-party peeping as events. When an event is detected, the teleworker PC 111 transmits trail data of the event to the management server 101.

  When receiving the event trail data from the teleworker PC 111, the management server 101 stores the telework information in the table storing the telework information on the database server 102 as telework information. When receiving the trail data, the management server 101 transmits a detection notification mail to the administrator PC 121.

  The administrator PC 121 can check the trail data of the teleworker event on the management server using the web management console. The web management console can be used by accessing a dedicated URL from a web browser. In the web management console, you can check the time and image when an event is detected, the running application, the file being inquired, and so on.

  Next, each function of the teleworker PC 111 in the present embodiment will be described with reference to FIG. The system mainly has two purposes of labor monitoring and information security monitoring. The following description will focus on information security monitoring which is the object of the present invention.

  The teleworker PC 111 includes an imaging unit 303 and a camera image acquisition unit 304. The imaging unit 303 is a camera for photographing a teleworker that is a subject, corresponds to the above-described web camera 210, and has a camera image. The acquisition unit 304 acquires an image (hereinafter referred to as a camera image) obtained by photographing with the imaging unit 303 as data. The timing for acquiring the camera image may be acquired at every time interval set in advance, or may be acquired as soon as the previous processing is completed in the repetitive processing.

  The teleworker PC 111 includes a user information storage unit 301, a person identification unit 305, and a terminal forward situation change detection unit 306.

  The user information storage unit 301 stores information about users managed by the present system, including face photo data necessary for face recognition. In this embodiment, user information is stored directly in the external memory 212 (for example, a hard disk) of the teleworker PC 111. However, the user information is stored in the database server 102 and an event such as when the system is started, Alternatively, the database server 102 may distribute user data difference data to the teleworker PC 111 at a predetermined time.

  The person specifying unit 305 recognizes a person's face shown in the camera image acquired by the camera image acquiring unit 304 and specifies a person based on the face photo data stored in the user information storage unit 301. These can be realized by using a known face detection technique and face recognition technique.

  Further, the person specifying unit 305 classifies the terminal front state according to the specified person.

  The terminal front state is “only the person” when only the teleworker himself / herself is reflected in the camera image, and the teleworker himself / herself and other users (hereinafter referred to as other users) stored in the user information storage unit 301. When both of them are shown or only other users are shown, “other user's reflection”, the person who is not identified as the teleworker himself and the user stored in the user information storage unit 301 by the person specifying unit 305 (Hereinafter referred to as a third party) or when only a third party is captured, “Third Party Capture” is displayed. "Seat".

  The terminal front situation change detection unit 306 detects whether there is a change in the terminal front situation by comparing the person in the camera image specified by the person specifying unit 305 with the person in the camera image in the previous process. To do.

  For example, when the person in the camera image changes from the situation of only the person, the person in the camera image changes to the situation of the person and a third party, or the person in the camera image changes from the situation of the person and the other user, It is determined that there is a change in the situation ahead of the terminal when the person changes to the situation of only other users. Conversely, if there is no change in the person in the camera image, it is determined that “the terminal front situation has not changed”.

  The teleworker PC 111 includes a terminal screen information acquisition unit 307, a terminal screen change detection unit 308, and an authority check unit 309.

  The terminal screen information acquisition unit 307 acquires information regarding the window displayed on the terminal screen.

  The information acquired here includes the number of windows displayed on the terminal screen, the window ID of the active window (usually the foremost window), the window ID for each window, and the window size (vertical and horizontal pixel count). , Window position (coordinates on the screen), type of application being activated, ID of file being opened (file path and file name), and the like. These can be acquired from a running OS (operating system).

  The terminal screen change detection unit 308 determines whether there is a change in the terminal screen by comparing the terminal screen information acquired by the terminal screen information acquisition unit 307 with the terminal screen information in the previous process.

  Items to be compared are the ID of the active window, the number of windows, the window size of each window, and the window position.

  In this embodiment, the presence or absence of a change in the terminal screen is determined based on information about the window displayed on the terminal screen. However, the change in the terminal screen is obtained by comparing the captured images of the terminal screen before and after each pixel. You may determine the presence or absence of.

  With this determination method, the presence or absence of a change in the terminal screen can be grasped more strictly, but on the other hand, if even one pixel on the screen changes, it is determined that there is a “terminal screen change”, and therefore transmission of trail data described later is performed. May be frequent.

  For this reason, it is basically possible to determine the screen change based on information about the window, and to determine the screen change by acquiring and comparing the captured images of the terminal screen at regular time intervals. Good.

  The authority check unit 309 executes the person in the camera image with respect to the type of application activated in each window and the ID of the opened file among the terminal screen information acquired by the terminal screen information acquisition unit 307. Check if you have permission and access rights.

  The authority information is managed by the OS, and the authority information can be acquired from the OS and checked.

  However, instead of OS standard authority information, original authority information may be set and used for authority check.

  As a check example, when there is another user in the camera image, it is activated in each window in the screen for the system user ID (OS user ID) of the other user stored in the user information storage unit 301. Whether or not the user has execution and access authority for the open application and the open file based on the authority information of the OS management. Is determined as “no problem in terms of authority”.

  When there is a third party in the camera image, the fact that the third party is looking at the terminal screen itself is a security problem and always has a problem in terms of authority. The authority check is unnecessary for the three parties.

  However, when the execution authority and access authority with respect to the third party (anonymous user) are set in the application or file, the authority check with respect to the third party may be performed.

  In addition, since the application activated in each window in the screen and the opened file are executed and accessed with the authority of the person who has been authenticated by the OS, in this embodiment, the authority is given to the person. Check is not necessary.

  However, in consideration of the possibility that the principal may execute the application or access the file in an unauthorized manner, the authority check for the principal may be performed.

  The teleworker PC 111 includes a trail data transmission control unit 310 and a terminal screen image acquisition unit 311.

  The trail data transmission control unit 310 transmits the trail data to the management server 101 based on the determination result by the terminal forward situation change detection unit 306, the determination result by the terminal screen change detection unit 308, and the determination result by the authority check unit 309. If it is determined whether or not to transmit, the camera image acquired by the camera image acquisition unit 304, the terminal screen image acquired by the terminal screen image acquisition unit 311 described later, and the terminal screen information acquisition unit 307 Together with the acquired terminal screen information, trail data is created and transmitted to the management server 101.

  The terminal screen image acquisition unit 311 acquires (captures) the terminal screen image when the trail data transmission control unit 310 determines to transmit the trail data to the management server 101.

  Hereinafter, the flow of the information security monitoring process in the telework management support system 100 of the present embodiment will be described with reference to FIG.

  The information security monitoring process described in FIG. 4 is repeatedly executed while the dedicated application is activated on the teleworker PC 111 in the telework management support system 100.

  In step S <b> 401, the camera image acquisition unit 304 acquires a camera image obtained by photographing the front of the terminal by the imaging unit 303.

  In step S402, the person specifying unit 305 recognizes the person's face with respect to the camera image acquired in step S401, and specifies the person based on the face photo data for each user stored in the user information storage unit 301. To do. If the person could not be identified, it shall be “third party”.

  In this embodiment, the third party is not specified as an individual, but considering the case where there are a plurality of third parties, a facial photograph of the third party once reflected in the camera image is used for face recognition, A third party may be identified as an individual.

  Also, the person specifying unit 305 classifies the terminal front state based on the specified person. As described above, there are four types of terminal front states to be classified here: “person only”, “third party reflection”, “other user reflection”, and “seating”.

  In step S404, the terminal front situation change detection unit 306 compares the person in the camera image specified in step S402 with the person in the camera image in the previous process to determine whether the terminal front situation has changed. If there is a change, “the terminal front situation is changed”, and if there is no change, “the terminal front situation is not changed”.

  If it is determined in step S404 that “the terminal front situation has changed”, the trail data transmission control unit 310 creates the trail data in steps S406 and S407, which will be described later, and transmits the trail data to the management server 101.

  If it is determined in step S404 that “the terminal front situation does not change”, step S409 and subsequent steps are executed.

  In step S409, the subsequent processing is branched for each terminal front state.

  If the terminal front state is “person only” or “seated”, there is no problem with information security, so nothing is done, and an end determination is executed in step S408.

  When the terminal front state is “third party reflection” in step S409, first, in step S410, the terminal screen information acquisition unit 307 acquires information regarding the window displayed on the terminal screen.

  The information acquired here includes the number of windows displayed on the terminal screen, the window ID of the active window (usually the foremost window), the window ID for each window, and the window size (vertical and horizontal pixel count). , Window position (coordinates on the screen), type of application being activated, ID of file being opened (file path and file name), and the like.

  Next, in step S411, the terminal screen change detection unit 308 determines whether there is a change in the terminal screen by comparing the terminal screen information acquired in step S410 with the terminal screen information in the previous process. . Details of the terminal screen change detection process will be described later.

  Subsequently, in step S412, if the determination result in step S411 is “with terminal screen change”, the trail data transmission control unit 310 creates trail data in steps S406 and S407 described later, and the trail data is sent to the management server 101. Send. If the determination result in step S411 is “no change in terminal screen”, nothing is done and an end determination is executed in step S408.

  When the terminal front state is “other user reflection” in step S409, first, in step S413, the terminal screen information acquisition unit 307 acquires information regarding the window displayed on the terminal screen. The information to be acquired is as described above.

  Next, in step S414, the terminal screen change detection unit 308 determines whether there is a change in the terminal screen by comparing the terminal screen information acquired in step S413 with the terminal screen information in the previous process. . Details of the terminal screen change detection process will be described later.

  Subsequently, in S415, if the determination result in Step S414 is “There is a change in the terminal screen”, it is checked in Step S416, which will be described later, whether another user has a legitimate authority. If the determination result in step S414 is “no change in terminal screen”, nothing is done and an end determination is executed in step S408.

  In step S416, the authority check unit 309 determines whether the application image activated in each window and the ID of the opened file are included in the camera image in the terminal screen information acquired by the terminal screen information acquisition unit 307. Check if the person has execute and access rights. The authority information is managed by the OS, and the authority information can be acquired from the OS and checked.

  If other users have the right to execute and access to the type of application that is running in each window and the ID of the file that is opened, there is no problem in terms of authority. It is determined that there is a problem.

  In step S417, if the determination result in the previous or current step S416 is “problem with authority”, trail data is created in steps S406 and S407 described later, and the trail data is transmitted to the management server 101.

  Sending trail data not only for the current authority check result but also when the previous authority check result is "authoritative problem" allows you to check at which point the authority problem has been resolved Because. That is, if the previous authority check result is “has authority problem” and the current authority check result is “no authority problem”, it can be determined that the authority problem has been resolved at this time.

  In step S406, the trail data transmission control unit 310 determines whether to transmit the trail data to the management server 101, and when it is determined to transmit, the terminal screen image acquisition unit 311 acquires (captures) the terminal screen image. .

  Here, when the conditions for transmitting the trail data in this embodiment are organized, when the determination result by the terminal forward situation change detection unit 306 is “the terminal forward situation is changed”, or the terminal forward state is “third party reflection” ”And the determination result by the terminal screen change detection unit 308 is“ with terminal screen change ”, or the terminal front state is“ other user reflection ”and the determination result by the terminal screen change detection unit 308 is“ terminal screen change ”. In addition, the previous or current determination result by the authority check unit 309 is “problem with authority”.

  In step S407, the trail data transmission control unit 310 displays the camera image in front of the terminal acquired in step S401, the terminal screen image acquired in step S406, and the terminal screen information acquired in step S410 or step S413. In addition, trail data is generated and transmitted to the management server 101. Details of the trail data will be described later.

  In step S408, it is determined whether or not the information security monitoring process is to be ended. If the end determination is not made, the process is repeated from the camera image acquisition in step S401. Normally, the information security monitoring process is repeatedly executed while the dedicated application of the telework management support system is activated on the teleworker PC 111, and the end of the process is determined for the dedicated application associated with the OS shutdown. This is the case at the time of termination processing, when updating a dedicated application, or when performing system maintenance.

  Hereinafter, the detailed flow of the terminal screen change detection process in steps S411 and 414 will be described with reference to FIG.

  Further, various cases of terminal screen changes will be described with reference to FIGS. 6 to 11, each drawing is divided into an upper part and a lower part, and the terminal screen state before the change (previous) is shown in the upper part, and the terminal screen state after the change (this time) is shown in the lower part. The display status of one or more windows is shown in the entire terminal screen 601.

  In step S501, it is determined whether the system has just been started. If the system has just been started, it is determined in step S507 that “the terminal screen has changed”.

  That is, immediately after the system is started, the previous terminal screen information is not yet recorded, or since the previous terminal screen information becomes the terminal screen information immediately before the end of the previous system, the terminal screen is always changed.

  In step S502, it is determined whether there is a change in the ID of the active window. If there is a change, it is determined that “there is an active window transition”.

  6 and 7 illustrate a case where it is determined in step S502 that “active window transition is present”.

  FIG. 6 shows a case of window switching. “Window A” 602 was active before the change, but “Window A” 602 became inactive after the change, and “Window B” 603 was active. As a result, the display content of “Window B” 603 that was substantially hidden before the change can be seen.

  On the other hand, FIG. 7 shows a case in which a new application is started. “Window A” 702 was active before the change, but is different from the application started in “Window A” 702 after the change. When the application is newly activated in “Window B” 703 and “Window B” 703 is activated, the display contents of “Window B” 703 that did not exist before the change can be seen.

  However, although it has been described that the applications are different, a mode in which different windows are started in the same application is also the same.

  In step S503, it is determined whether there is a change in the number of displayed windows. If there is a change, it is determined that “the number of windows has increased or decreased”.

  8 and 9 exemplify cases where it is determined in step S503 that “the number of windows has increased or decreased”.

  FIG. 8 shows a case where the number of windows is increased. The number of windows before the change is 2, the number of windows after the change is 3, and the display contents of “Window C” 804 that did not exist before the change are shown. Can be seen.

  In FIG. 8, the newly activated “Window C” 804 is inactive after the change. However, by activating “Window A” 802 immediately after starting “Window C” 804, this state is changed. Occur.

  On the other hand, FIG. 9 shows a case in which the number of windows is reduced. The number of windows before the change is 3, and the number of windows after the change is 2. The “window C” 904 that is almost hidden before the change is shown. The displayed content becomes visible.

  In FIG. 9, “Window B” 903 that has been inactive is terminated, but this state occurs when it is terminated immediately after “Window B” 903 is activated.

  In step S504, it is determined whether there has been a change in the number of vertical and horizontal pixels in each window. If there has been a change, it is determined that there is a “window size change”. This includes not only simple window size changes, but also window maximization and window iconification.

  10 and 11 exemplify a case where it is determined in step S504 that “the window size has changed”.

  FIG. 10 shows a case of reducing the window size. By reducing the window size of “Window A” 1002, the display contents of “Window B” 1003 that was almost hidden before the change can be seen.

  On the other hand, FIG. 11 shows a case where the window size is enlarged. By enlarging the window size of “Window B” 1103, the display contents of “Window B” 1103 that was almost hidden before the change can be seen. Become.

  In FIG. 11, the window size of inactive “Window B” 1103 is enlarged before and after the change, but “Window A” 1102 is activated immediately after activating “Window B” 1103 and enlarging the window size. As a result, this state occurs.

  In S505, it is determined whether or not there is a change in the display position (upper left corner coordinates) of each window. If there is a change, it is determined that “the window position has changed”.

  FIG. 12 illustrates a case where it is determined in step S505 that “the window position has changed”. In FIG. 12, by moving “Window A” 1202 in the upper left direction, the display content of “Window B” 1103 that was substantially hidden before the change can be seen.

  As described above, due to changes in the display status of the terminal screen, the display content in the window that was not visible before the change may become visible after the change, and the person viewing the screen in front of the terminal screen Depending on the situation, this is a big security problem.

  As described above, each time the display status of the terminal screen changes, the risk level for information security changes. Therefore, the terminal screen change detection process captures changes in the terminal screen and determines whether to send trail data. use.

  As a result of the terminal screen change detection process, in step S506, if none of the above conditions is satisfied, it is determined that there is no terminal screen change. In step S507, if any of the above conditions is satisfied, It is determined that there is a screen change.

  In this embodiment, the presence / absence of a change in the terminal screen is determined based on the information about the window displayed on the terminal screen. However, as described in the description of the terminal screen change detection unit 308, the terminal screen is captured. The presence or absence of a change in the terminal screen may be determined by comparing the images before and after each pixel. Moreover, you may take the form of both combined use.

  FIG. 13 is a data configuration diagram showing an example of trail data in the telework management support system of the present embodiment.

  As shown in FIG. 13, the trail data includes a trail ID column 1301, a terminal ID column 1302, a date / time column 1303, a terminal front state column 1304, a user ID column 1305, a camera image column 1306, a terminal screen image column 1307, and a startup application column. 1308 and a display file field 1309.

  The data set in the trail ID column 1301 is an alphanumeric string uniquely set for each trail data in order to identify the trail data.

  The data set in the terminal ID column 1302 is an alphanumeric string assigned to each teleworker PC 111 for specifying which teleworker PC 111 is trail data.

  The data set in the date / time column 1303 is a date and time indicating when the trail data is acquired.

  The data set in the terminal front state column 1304 is the terminal front state classified by the person identifying unit 305, and is “person only”, “other user image”, “third party image”, “seating away”. "Is set.

  The data set in the user ID column 1305 is the ID of the user shown in the camera image specified by the person specifying unit 305. When a plurality of users are specified, the corresponding user ID is listed. Is done.

  Further, when the user cannot be specified by the person specifying unit 305, that is, in the case of a third party, “???” is set.

  However, when the person specifying unit 305 specifies a third party as an individual, “third party A”, “third party B”, or the like may be set.

  The data set in the camera image field 1306 represents a link destination for the camera image acquired by the camera image acquisition unit 304, that is, a folder path name and a file name. Stores camera images.

  The data set in the terminal screen image field 1307 represents a link destination for the terminal screen image acquired by the terminal screen image acquisition unit 311, that is, a folder path name and a file name, and a location specified by the link destination Stores the actual terminal screen image.

  The data set in the activation application column 1308 is the name of the application activated in each window acquired by the terminal screen information acquisition unit 307, and is applicable when a plurality of applications are activated. Application names to be listed are listed.

  In addition, when no window is displayed on the terminal screen, that is, when no application is activated on the window, “-” is set.

  Further, when the specified other user does not have the execution authority for the activated application, “★” indicating an authority violation is set after the application name. (There is no target in this example.)

  In this embodiment, since the authority check unit 309 performs authority check only for other users, the check result “★” is set only when the terminal front state is “other user reflection”. When the authority check is also performed for a third party or the person himself / herself, the check result is displayed even when the terminal front state is “Third-party reflection” or “Only the person himself / herself”, and a mark is given for each person. You may change it. For example, “☆” for the person himself, “◇” for the third party, etc.

  The data set in the display file field 1309 is the name of the file opened in each window, acquired by the terminal screen information acquisition unit 307, and is applicable when a plurality of files are opened. The file names to be listed are listed.

  Further, when no window is displayed on the terminal screen, that is, when no file is opened on the window, “−” is set.

  Further, if the specified other user does not have access authority to the opened file, “★” indicating authority violation is set after the file name.

  In this embodiment, since the authority check unit 309 performs authority check only for other users, the check result “★” is set only when the terminal front state is “other user reflection”. When the authority check is also performed for a third party or the person himself / herself, the check result is displayed even when the terminal front state is “Third-party reflection” or “Only the person himself / herself”, and a mark is given for each person. You may change it. For example, “☆” for the person himself, “◇” for the third party, etc.

  The information security monitoring result in the case of the data example of FIG. 13 will be described below.

  The data example in FIG. 13 shows continuous trail data for the same terminal (terminal ID = 30011). The acquisition date of the trail data in the data example is April 9, 2014.

  Since the trail data 1321 is the first trail data on the same day, it indicates that the telework management support system is started simultaneously with the PC activation at 8:50:10. Here, the terminal front state is “person only”, and there is no problem in information security.

  In the trail data 1322, the terminal front state is changed to “third party reflection” at 10:35:20, and the user ID is “0001” of the user and “???” representing the third party. For some reason, this means that a third party peeped.

  The applications running in the window at that time are “Spreadsheet A” and “Document Edit B”, the opened files are “Development Plan 01” and “Product Information 02”, and the camera image and terminal at that time You can check the screen image.

  About the camera image and terminal screen image at the time of trail data acquisition, it can confirm similarly also with the following trail data.

  In the trail data 1323, the front state of the terminal has changed to “only the person” at 10:35:45, indicating that the peeping by the third party has ended.

  In the trail data 1324, the terminal front state has changed to “seated” at 11:10:15, indicating that the person has left. You can confirm that there were no applications and open files running in the window at that time.

  In the trail data 1325, the front state of the terminal has changed to “person only” at 11:12:10, indicating that the person has returned to the seat.

  In the trail data 1326, at 11:20:32, the terminal front state is changed to “other user image”, and the user ID is “0001” of the user and “0002” of the other user. This shows that the other user “0002” was watching the terminal screen together.

  It can be confirmed that the application running at that time is “Spreadsheet A” and the opened file is “Design Document 03”.

  In the trail data 1327, “drawing edit C” is added to the start application at 11:22:51, and “suggestion 04” is added to the display file. This indicates that “Proposal 04” has been opened.

  Further, since “★” indicating an authority violation is set after the file name “proposal 04”, it can be confirmed that the other user “0002” does not have the access authority to the file.

  In the trail data 1328, “drawing edit C” is deleted from the start application at 11:25:43, “proposal 04” is deleted from the display file, and “★” is not set. This indicates that the above problem has been resolved.

  In the trail data 1329, the terminal front state has changed to “only the person” at 11:35:45, and after acquiring the trail data 1328, no authority problem occurred and other users left the front of the terminal. Represents that.

  In the trail data 1330, the terminal front state is changed to “leave seat” at 12:01:12, “document editing B” is set in the activation application, and “work report 06” is set in the display file. Indicates that the person has left the desk with this file open.

  In the trail data 1331, the terminal front state is changed to “person only” at 12:45:22, indicating that the person has returned to the seat.

  Further, since there is no trail data from the time when the trail data 1330 is acquired until the time when the trail data 1331 is acquired, it can be confirmed that no information security problem has occurred during that time.

  As described above, the trail data can be used to confirm the time of occurrence of the information security problem, the time of resolution, and the situation at the time of the problem. The situation at the time of the problem includes the person who was looking at the terminal screen, the application that was running, the file that was open, the presence or absence of authority violation, the camera image in front of the terminal, the terminal screen image, and so on.

  FIG. 14 is a data configuration diagram showing an example of user information in the telework management support system of the present embodiment. This user information is stored in the user information storage unit 301 and used in the person identification in step S402 and the authority check in step S416.

  As shown in FIG. 14, the user information includes a user ID column 1401, a system user ID column 1402, a department code column 1403, and a registered face photo column 1404.

  The data set in the user ID column 1401 is an alphanumeric string that identifies a user who uses this telework management support system.

  The data set in the system user ID column 1402 is an alphanumeric string that identifies a user for using the teleworker PC 111. In this embodiment, an OS login ID is set. Further, when checking the authority for an application and a file, the authority information given to the ID is basically referred to.

  The data set in the department code column 1403 is an alphanumeric string representing the department to which the user belongs. If the authority for applications and files is set not only for individual users but also for departments, authority checks using this code are also performed.

  The data set in the registered face photo field 1404 represents a link destination for the face photo data used for face recognition, that is, a folder path name and a file name, and an actual face photo at the location specified by the link destination. Data is stored.

  Hereinafter, an example of the administrator screen according to the present embodiment will be described with reference to FIG.

  The administrator screen 1501 is displayed on the CRT 211 of the administrator PC 121, and the trail data, the camera image registered in the trail data, and the terminal screen image can be confirmed.

  The administrator screen 1501 includes a selection condition setting unit 1502, a trail data display unit 1503, a camera image display unit 1504, and a terminal screen image display unit 1505.

  In the selection condition setting unit 1502, the terminal ID, the date and time, and the value or value range of the terminal front state are set as the selection conditions.

  In the trail data display unit 1503, trail data that meets the selection conditions set by the selection condition setting unit 1502 is displayed as a list.

  The items displayed on the trail data display unit 1503 are basically the same as the items of the trail data shown in FIG. 13, and in addition, a data selection column for data selection is displayed.

  By selecting one trail data in the data selection column of the trail data display unit 1503, the camera image registered in the selected trail data in the camera image display unit 1504 and the terminal screen image display unit 1505, and A terminal screen image is displayed.

[Second Embodiment]

  Next, a second embodiment of the present invention will be described.

  In addition, about the structure which concerns on 1st Embodiment, and the process in a flowchart, the same thing is demonstrated using the same code | symbol and the description shall be abbreviate | omitted for the detail.

  FIG. 16 shows an information security monitoring process flow of the telework monitoring system 100 in the second embodiment.

  In the second embodiment, steps S1601 and S1602 are added to the processing flow of the first embodiment shown in FIG.

  In step S1601, information about the window displayed on the terminal screen acquired by the terminal screen information acquisition unit 307 when the trail data transmission control unit 310 determines that the trail data is to be transmitted from the teleworker PC 111 to the management server 101. Based on the above, the ID of the file opened in the active window is acquired, and it is determined whether the data of the file has already been acquired as trail data.

  Here, the active window is a window that can be operated with a keyboard (KB) 209 or a mouse (not shown), and is normally displayed on the foreground on the terminal screen.

  However, when a scroll operation or the like is possible even with a window that is not displayed in the foreground by using special software, the actually operated window is set as the active window.

  At the time of the above determination, even if the data of the target file has been acquired previously, if the file has been updated since the previous acquisition, it is determined that it has not been acquired.

  In step S1602, if it is determined in step S1601 that the file data is not acquired as trail data, the file data is acquired.

  The trail data including the file data acquired in step S1602 is transmitted to the management server 102 in step S407.

  Instead of sending the trail data to the management server 101 every time the trail data is acquired, the trail data may be sent to the management server 101 in a lump after accumulating the trail data in the teleworker PC 111 under conditions such as a certain capacity for a certain period. Good.

  A situation in which the information security monitoring process according to the second embodiment is effective will be described with reference to FIG.

  In FIG. 17 (case A), a part of “window A” 1701 which is an active window is displayed in the terminal screen 601. The shaded portion indicates a portion that is not displayed because it does not fit in the terminal screen.

  In this case, in the terminal screen image, only the content displayed on the image, that is, a part of “Window A” 1701 can be confirmed.

  However, for the active window, it is possible to copy all data or perform printing without changing the context of other windows or changing the window display status such as window position and window size. is there.

  On the other hand, for an inactive window (a window other than an active window; the same applies hereinafter), the above-described processing cannot be performed by a normal operation. In other words, first, an operation for changing to an active window is required.

  Therefore, for files opened in the active window, other than the contents displayed on the terminal screen image. The contents of the entire file may have been leaked.

  Furthermore, if the file data itself is deleted after the information is leaked, it is difficult to verify the leaked information.

  Therefore, data of a file opened in the active window is acquired as trail data and transmitted to the management server, so that information that may be leaked by the administrator can be confirmed.

  Further, if the file data is transmitted to the management server 101 each time the trail data is transmitted and stored in the database server 102, the storage area of the database server 102 may be compressed. It is determined whether or not it has been acquired as data, and data is acquired and transmitted only when it is not acquired.

  In FIG. 17 (Case B), the display content of “Window A” 1703 which is an active window is composed of a plurality of sheets, and by pressing a tab 1704 attached to the sheet, the sheet to be displayed can be switched. .

  Since the above sheet switching operation is an operation inside the window, the contents of multiple sheets can be inquired without changing the context of other windows or changing the window display status such as window position and window size. can do.

  Not only the sheet switching operation but also the scrolling operation and the screen transition inside the window can change the display range without changing the window display status.

  For this reason, when a third person peeks or the like, there is a possibility that the contents of the file are leaked in addition to the contents recorded in the terminal screen image at the time when the window display state changes.

  On the other hand, in the inactive window, the sheet switching operation, the scrolling operation, and the like cannot be performed, so the content recorded in the terminal screen image may be confirmed.

  Therefore, as in case A, data of a file opened in the active window is acquired as trail data and transmitted to the management server, so that information that may be leaked by the administrator can be confirmed.

  Also, when a new file is opened in the active window, the file ID, that is, information about the window has changed. For example, in the case of a third-party image, the “terminal screen” is displayed in step S412. The file data is acquired together with the terminal screen image (if it has not been acquired), and is transmitted to the management server 101.

  FIG. 18 shows an example of the trail data in the second embodiment.

  In the second embodiment, an active file column 1801 is added to the trail data in the first embodiment shown in FIG.

  The active file column 1801 is a storage destination of data of a file opened in the active window transmitted to the management server 101, and is displayed as a link (not shown) to the file on the manager screen 1501.

  When data of the same file has been transmitted up to the previous time, the data of the file is not transmitted, and the same storage destination as the previous time is set in this item.

  On the other hand, even if the file ID is the same, if the file has been updated since the previous transmission, another storage destination is set.

  In this example, only the file ID (file path and file name) is set in the display file field 1309 for the file opened in the inactive window, but the outline, creator, updater, Bibliographic information such as creation date, update date, importance, etc. may be set as trail data.

[Third Embodiment]

  Next, a third embodiment of the present invention will be described.

  In addition, about the structure which concerns on 1st Embodiment, and the process in a flowchart, the same thing is demonstrated using the same code | symbol and the description shall be abbreviate | omitted for the detail.

  FIG. 19 shows an information security monitoring process flow of the telework monitoring system 100 in the third embodiment.

  In the third embodiment, steps S191 and S1902 are added to the processing flow of the first embodiment shown in FIG.

  In step S1901, information regarding the window displayed on the terminal screen acquired by the terminal screen information acquisition unit 307 when the trail data transmission control unit 310 determines that the trail data is to be transmitted from the teleworker PC 111 to the management server 101. Based on the above, it is determined whether or not all of the active windows are displayed on the terminal screen.

  If a part of the window is not displayed as shown in FIG. 17 (Case A), it is determined that the window is not displayed.

  If it is determined in step S1901 that all of the active windows are not displayed on the terminal screen, in step S1902, the outline of the file opened in the window, the creation updater, the creation date / time, the update date / time, and the importance level , Etc. are acquired as trail data.

  This is because, when a part of the active window is not displayed, information that may have been leaked cannot be verified by using only the terminal screen image, so various information about the file is acquired and used as trail data.

  In addition to the bibliographic information, the file data itself may be used as trail data, as in the second embodiment.

  The trail data acquired as described above is transmitted to the management server 101 in step S407.

  Instead of sending the trail data to the management server 101 every time the trail data is acquired, the trail data may be sent to the management server 101 in a lump after accumulating the trail data in the teleworker PC 111 under conditions such as a certain capacity for a certain period. Good.

  Although the embodiment has been described in detail above, the present invention can take an embodiment as, for example, a method, a program, or a storage medium. The present invention may be applied, or may be applied to an apparatus composed of one device.

  The program according to the present invention is a program that allows a computer to execute (read) each processing method, and the storage medium according to the present invention stores a program that allows the computer to execute each processing method.

  The program in the present invention may be a program for each processing method of each device.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by performing reading.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS or the like operating on the computer based on an instruction of the program is a part of the actual processing or It goes without saying that the case where the functions of the above-described embodiments are realized by performing all of the above processing is also included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device.

  Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 Telework Management Support System 101 Management Server 102 Database Server 103 Router 104 Service Environment Network 110 Home Network 111 Teleworker PC
112 router 120 in-house network 121 PC for administrator
122 router 130 Internet 201 CPU
202 ROM
203 RAM
204 System bus 205 Input controller 206 Video controller 207 Memory controller 208 Communication I / F controller 209 KB
210 Webcam 211 CRT
212 External memory

Claims (13)

An information processing apparatus that is communicably connected to a server that records trail data for tracking information browsing status in the information processing apparatus and that can acquire an image of the front of the display unit,
Person identifying means for identifying a person in the acquired image;
Thus the change in the person identified by the person identification unit in the image of the captured forward direction of the display unit, the user himself and / or the user of the information processing apparatus in the image of the captured forward direction of the display unit Situation change determination means for determining whether there is a situation change of a person other than the person,
The situation of the user of the information processing apparatus and / or the person other than the user in the image obtained by capturing the front of the display unit when the situation change judging means judges that the situation has changed Image data indicating a change, and trail data acquisition control means for acquiring trail data that uniquely associates the image data of the screen displayed on the display unit;
Trail data transmission means that is acquired by the trail data acquisition control means and transmits the uniquely associated trail data to the server to be registered at the server;
An information processing apparatus comprising: Display determination means for determining whether the image data of the screen displayed on the display unit is the same as the image data of the already acquired screen;
Further comprising
When the display determination unit determines that the image data of the screen displayed on the display unit is not the same as the image data of the already acquired screen, the trail data acquisition control unit images the front of the display unit. The image data indicating the status change of the user of the information processing device and / or the person other than the user in the image and the image data of the screen displayed on the display unit are uniquely associated with each other The information processing apparatus according to claim 1, wherein data is acquired . Before Symbol Table 示判 constant means, the information processing apparatus according to claim 2, wherein the determining the change by comparing the display state of the window displayed on the display unit of the previous and current.   The information processing apparatus according to claim 3, wherein the display state of the window includes an active window, a window front-rear positional relationship, the number of windows, a size of each window, and a position of each window. Table 示判 constant means, the information processing apparatus according to claim 2, wherein the determining the change by comparing the pixel information of the screen displayed on the display unit of the previous and current. 3. The trail data acquisition control means determines the type of data to be acquired as trail data according to whether the window displayed on the display unit is an active window or an inactive window . The information processing apparatus according to any one of 5. 3. The trail data acquisition control unit acquires data of a file opened in the active window as trail data when the window displayed on the display unit is an active window. The information processing apparatus according to claim 6. The trail data acquisition control means, wherein the window displayed on the display unit in the case of non-active window, characterized in that it does not get the data of a file opened by the non-active window as trail data The information processing apparatus according to any one of claims 2 to 7. The trail data acquisition control means characterized in that obtaining when the part of the active window displayed on the display unit is not displayed, the data of a file opened in the window as a trail data The information processing apparatus according to any one of claims 2 to 8. Authority determining means for determining whether a person in the image specified by the person specifying means has authority for the display content of the display unit;
The trail data acquisition control means and thereby acquiring the trail data when the person in the image by the previous SL permission determination unit determines that no rights to display content of the display unit The information processing apparatus according to any one of claims 1 to 9 . An information processing system in which an information processing device capable of acquiring an image captured in front of a display unit and a server for recording trail data for tracking information browsing status on the information processing device are connected to be communicable. ,
Person identifying means for identifying a person in the acquired image;
Thus the change in the person identified by the person identification unit in the image of the captured forward direction of the display unit, the user himself and / or the user of the information processing apparatus in the image of the captured forward direction of the display unit Situation change determination means for determining whether there is a situation change of a person other than the person,
The situation of the user of the information processing apparatus and / or the person other than the user in the image obtained by capturing the front of the display unit when the situation change judging means judges that the situation has changed Image data indicating a change, and trail data acquisition control means for acquiring trail data that uniquely associates the image data of the screen displayed on the display unit;
Trail data registration means for registering the trail data acquired by the trail data acquisition control means in a trail data storage unit;
An information processing system comprising: A control method for an information processing apparatus that is communicably connected to a server that records trail data for tracking information browsing status in the information processing apparatus and that can acquire an image obtained by imaging the front of the display unit,
A person specifying means for specifying a person in the acquired image;
Situations change determination means, the identification of the user of the information processing apparatus of said the change in the person identified by the person identification unit in the image of the captured forward direction of the display unit Hence, the image of the captured forward direction of the display unit And / or a situation change determination step for determining whether there is a situation change of a person other than the user himself / herself,
The situation of the user of the information processing apparatus and / or the person other than the user in the image obtained by capturing the front of the display unit when it is determined by the situation change determination step that the situation has changed A trail data acquisition control step of acquiring trail data that uniquely associates image data indicating a change and image data of a screen displayed on the display unit;
A trail data transmitting means is acquired in the trail data acquisition control step , and the uniquely associated trail data is transmitted to the server to be registered in the server.
An information processing apparatus control method comprising: A program that is communicatively connected to a server that records trail data for tracking information browsing status in an information processing apparatus and that can be read and executed in an information processing apparatus that can acquire an image of the front of a display unit. ,
The information processing apparatus;
Person identifying means for identifying a person in the acquired image;
Thus the change in the person identified by the person identification unit in the image of the captured forward direction of the display unit, the user himself and / or the user of the information processing apparatus in the image of the captured forward direction of the display unit Situation change determination means for determining whether there is a situation change of a person other than the person,
The situation of the user of the information processing apparatus and / or the person other than the user in the image obtained by capturing the front of the display unit when the situation change judging means judges that the situation has changed Image data indicating a change, and trail data acquisition control means for acquiring trail data that uniquely associates the image data of the screen displayed on the display unit;
Trail data transmission means that is acquired by the trail data acquisition control means and transmits the uniquely associated trail data to the server to be registered at the server;
A program characterized by functioning as

Images