JP6571624B2 - Device management system, management target device, device management server, control method, and control program - Google Patents

Description

  The present invention relates to a technique for improving convenience and safety (security) related to maintenance work in an apparatus managed by a server on a network (hereinafter referred to as “managed apparatus”).

  2. Description of the Related Art In recent years, a system that centrally manages changes in settings of mobile terminals has been introduced in business using a large number of mobile terminals.

  An example of a technique for centrally managing setting changes of portable terminals is disclosed in Patent Document 1. The portable terminal management system of Patent Literature 1 includes an electronic device such as a PC (Personal Computer) and a portable terminal. The electronic device transmits in advance a setting value file containing the setting values of the portable terminal including the password and the position information of the electronic device to the portable terminal via the wireless network. The position information is information representing the position of the electronic device acquired based on GPS (Global Positioning System) or the like. The electronic device transmits an execution instruction signal for instructing a setting change including a password and position information of the electronic device to the portable terminal by short-range communication. The portable terminal includes an input unit, a storage unit, a short-range communication unit, and a control unit. The input unit receives the setting value file via the wireless network. The storage unit stores the setting value file received by the input unit. The near field communication unit receives the execution instruction signal by near field communication. When the execution instruction signal is received by the short-range communication unit, the control unit has a condition that the difference between the positions where the passwords match and the position information appears is equal to or less than a predetermined threshold in the execution instruction signal and the setting value file. It is determined whether it is satisfied. If the condition is satisfied, the control unit changes the setting value of the mobile terminal to the setting value registered in the setting value file stored in the storage unit. As a result of the above configuration, the portable terminal management system disclosed in Patent Document 1 further ensures unified management of the setting values of the portable terminal.

  In the portable terminal management system disclosed in Patent Document 1, the portable terminal needs to be present in the vicinity of the electronic device when the setting is changed. That is, the portable terminal management system of Patent Document 1 has a problem that setting changes of the portable terminal cannot be managed from a remote location.

  2. Description of the Related Art In recent years, MDM (Mobile Device Management) that manages a mobile terminal from a remote place has been introduced in a business using a large number of mobile terminals. By restricting functions and operations that are not necessary for normal work by the MDM (hereinafter referred to as “function restrictions”), the convenience and safety of the mobile terminal can be improved. The function restriction in the portable terminal is, for example, permission to use only a specific application, permission to use only a specific network registered in the white list, prohibition of use of a camera function or a microphone function, prohibition of connection to an external device, or the like.

  The MDM system includes an MDM server and a portable terminal (managed portable terminal) that is a management target connected to the MDM server via a network. For communication between the MDM server and the mobile terminal, communication means such as the Internet, an intranet, a telephone line, and SMS (Short Message Service) for mobile phones are used.

  When a failure occurs in the mobile terminal, it is necessary to acquire information (log etc.) necessary for failure analysis by connecting a failure analyzer to the mobile terminal. Note that logs that can be acquired via an OS (Operating System) may be acquired by a network using the MDM function. However, there are logs that cannot be acquired unless directly connected to the mobile terminal. Normally, in the MDM, connection of an external device to a mobile terminal is prohibited for security reasons. Therefore, a failure analyzer cannot be connected to the mobile terminal during normal operation.

There are mainly two methods for connecting a failure analyzer to a portable terminal.
(1) An administrator of the MDM server (hereinafter referred to as “administrator”) permits the external device connection to the mobile terminal by communicating from the MDM server to the management target mobile terminal.
(2) A person who performs maintenance work such as failure analysis (hereinafter referred to as “maintenance person”) performs a special operation on the managed mobile terminal, thereby permitting external device connection to the mobile terminal.

JP 2009-99128 A

  A problem in each method of connecting a failure analyzer to a portable terminal will be described.

  In the method (1), the maintenance person requests the administrator to change the setting for permitting or prohibiting the connection of the external device to the managed mobile terminal. In this case, there is a problem (1-1) that the convenience of the administrator is low. Alternatively, the maintenance person requests the administrator to permit the external device connection to the management target portable terminal by designating the time zone. In this case, there is a problem (1-2) that the safety of the terminal deteriorates beyond the time actually required for the work.

  In the method (2), the maintenance person permits an external device connection to the mobile terminal by performing a special operation (such as password input) on each mobile terminal. In particular, when there are a large number of mobile terminals subject to failure analysis, there is a problem (2-1) in that the convenience of maintenance personnel is low. In addition, there is a problem (2-2) that the safety is low because the maintenance person easily returns the portable terminal to the state where the external device connection is prohibited after the failure analysis work is completed. In addition, when the connection between the portable terminal and the MDM server is disconnected when the external device connection is permitted in the portable terminal, the operation history of the portable terminal cannot be left in the MDM server, and thus the safety is lowered. There is a problem (2-3).

  The present invention has been made in view of the above problems, and has as its main object to improve convenience and safety related to maintenance work in a management target apparatus.

  In one aspect of the present invention, an apparatus management system includes a maintenance portable terminal including a first short-range wireless communication unit that communicates with a communication terminal that can directly receive a wireless signal transmitted by the communication terminal, an external apparatus, and a wired connection. Or a device management server including first communication means capable of communicating by at least one of wireless, second communication means capable of communicating with the first communication means, and communication with the first short-range wireless communication means An apparatus management system comprising a management target apparatus including a second short-range wireless communication means capable, wherein the apparatus management server includes time zone information indicating a time zone scheduled for maintenance in the management target apparatus and a management target Maintenance maintenance information including authentication information for authenticating the maintenance permission in the apparatus by the first communication means to the management target apparatus, and the maintenance portable terminal A second control unit that transmits the portion 1 to the management target device by the first short-range wireless communication unit, wherein the management target device receives the maintenance reservation information from the device management server by the second communication unit; Authentication information received from the maintenance mobile terminal by the second short-range wireless communication means in the time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, and received from the maintenance mobile terminal A third part that relaxes restrictions on the maintenance function in the managed device when the second part of the information is the same as the second part of the authentication information included in the maintenance reservation information received from the device management server; Control means is further included.

  In one aspect of the present invention, the managed device includes a maintenance portable terminal including a first short-range wireless communication unit that communicates with a communication terminal that can directly receive a wireless signal transmitted by the communication terminal, an external device, and a wired device. Or a second communication means capable of communicating with the first communication means capable of communicating with the apparatus management server including the first communication means capable of communicating by at least one of the wireless and the first short-range wireless communication A management target device comprising a second short-range wireless communication unit capable of communicating with the control unit and a control unit, wherein the control unit includes time zone information indicating a time zone scheduled for maintenance in the management target device and management Maintenance reservation information including authentication information for authenticating maintenance permission in the target device is received from the device management server by the second communication means, and the time zone information included in the maintenance reservation information received from the device management server is used. The second part of the authentication information received from the maintenance portable terminal by the second short-range wireless communication means, and the second part of the authentication information received from the maintenance portable terminal and the device management When the second part of the authentication information included in the maintenance reservation information received from the server is the same, the restriction on the maintenance function in the management target device is relaxed.

  In one aspect of the present invention, the device management server includes a first communication unit capable of communicating with an external device by at least one of wired and wireless, and a time zone representing a time zone scheduled for maintenance in the management target device. Control means for transmitting maintenance reservation information including information and authentication information for authenticating permission of maintenance in the management target apparatus to the management target apparatus by the first communication means.

  In one aspect of the present invention, a method for controlling an apparatus management system includes a maintenance portable terminal including a first short-range wireless communication unit that communicates with a communication terminal capable of directly receiving a wireless signal transmitted by the own communication terminal; An apparatus management server including first communication means capable of communicating with the apparatus by at least one of wired or wireless, second communication means capable of communicating with the first communication means, and first short-range wireless communication A management method of a device management system comprising a management target device including a second short-range wireless communication unit capable of communicating with the device, wherein the device management server represents a time zone in which maintenance on the management target device is scheduled Maintenance reservation information including time zone information and authentication information for authenticating maintenance permission in the management target device is transmitted to the management target device by the first communication means, and the maintenance portable terminal receives the first authentication information. Is transmitted to the management target device by the first short-range wireless communication means, and the management target device receives the maintenance reservation information from the device management server by the second communication means, and adds the maintenance reservation information to the maintenance reservation information received from the device management server. Authentication information is received from the maintenance portable terminal by the second short-range wireless communication means in the time zone indicated by the included time zone information, the second part of the authentication information received from the maintenance portable terminal, and device management When the second part of the authentication information included in the maintenance reservation information received from the server is the same, the restriction on the maintenance function in the management target device is relaxed.

  In one aspect of the present invention, a control program of a management target device or a recording medium storing the control program is a first short-range wireless that communicates with a communication terminal that can directly receive a wireless signal transmitted by the communication terminal. It is possible to communicate with the first communication means capable of communicating with the maintenance portable terminal including the communication means and the device management server including the first communication means capable of communicating with the external device by at least one of wired or wireless. A time zone in which maintenance of the management target device is scheduled in a computer included in the management target device including the second communication unit and the second short range wireless communication unit capable of communicating with the first short range wireless communication unit Maintenance reservation information including time zone information indicating the maintenance information and authentication information for authenticating maintenance permission in the management target device is received from the device management server by the second communication means, and the device management server The first part of the authentication information is received from the maintenance mobile terminal by the second short-range wireless communication means and received from the maintenance mobile terminal in the time zone indicated by the time zone information included in the maintenance reservation information received from Control for relaxing the restriction on the maintenance function in the managed device when the second part of the authentication information is the same as the second part of the authentication information included in the maintenance reservation information received from the device management server Execute the process.

  According to the present invention, there is an effect that convenience and safety related to maintenance work in the management target device can be improved.

It is a block diagram which shows an example of a structure of the MDM system in the 1st Embodiment of this invention. It is a block diagram which shows an example of a structure of the MDM server in the 1st Embodiment of this invention. It is a block diagram which shows an example of a structure of the management object portable terminal in the 1st Embodiment of this invention. It is a block diagram which shows an example of a structure of the portable terminal for maintenance in the 1st Embodiment of this invention. It is a table | surface which illustrates notionally the structure of the maintenance reservation information in the 1st Embodiment of this invention. It is a flowchart which shows operation | movement of the MDM server in the 1st Embodiment of this invention. It is a flowchart which shows operation | movement of the management object portable terminal in the 1st Embodiment of this invention. It is a flowchart which shows operation | movement of the portable terminal for maintenance in the 1st Embodiment of this invention. It is a figure for demonstrating the modification of an MDM system in case the function restriction | limiting of a management object portable terminal is changed in steps according to the electromagnetic wave intensity of a beacon in the 1st Embodiment of this invention. It is a block diagram which shows an example of a structure of the apparatus management system in the 2nd Embodiment of this invention. It is a block diagram which shows an example of the hardware constitutions which can implement | achieve the management object apparatus, maintenance portable terminal, or apparatus management server in each embodiment of this invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In all the drawings, equivalent components are denoted by the same reference numerals, and description thereof will be omitted as appropriate.
(First embodiment)
A configuration in the present embodiment will be described.

  FIG. 1 is a block diagram showing an example of the configuration of the MDM system in the first embodiment of the present invention.

  An MDM system (apparatus management system) 700 according to the present embodiment includes an MDM server (apparatus management server) 100, a managed mobile terminal (managed apparatus) 200, a maintenance mobile terminal 300, a maintenance PC 400, and an MDM server. An administrator terminal 500. MDM server 100, managed mobile terminal 200, maintenance mobile terminal 300, and MDM server administrator terminal 500 are connected to network 600. The managed mobile terminal 200 and the maintenance mobile terminal 300 are connected by short-range wireless communication. The short-range wireless communication is, for example, a wireless LAN (Local Area Network). The managed mobile terminal 200 and the maintenance PC 400 are connected by a failure analysis interface.

  The MDM server 100 is a server that centrally manages information (terminal setting information and the like) related to the management target portable terminal 200 in the MDM system 700. The MDM server 100 is installed in a data center or the like.

  The managed mobile terminal 200 is one or more mobile terminals that are managed by the MDM system 700. The managed mobile terminal 200 is a terminal used for main business. The managed mobile terminal 200 is, for example, a terminal used for ordering goods at a retail store or production management at a factory. The managed mobile terminal 200 is mainly carried by an employee at work.

  The maintenance portable terminal 300 and the maintenance PC 400 are terminals carried by a maintenance person in order to investigate a failure or the like that has occurred in the management target portable terminal 200. The maintenance portable terminal 300 and the maintenance PC 400 may be a single device. The maintenance portable terminal 300 and the maintenance PC 400 may be managed by the MDM server 100 in the same manner as the management target portable terminal 200.

  The MDM server administrator terminal 500 is operated by an administrator who manages the MDM server 100. The MDM server administrator terminal 500 is a terminal for operating the MDM server 100. The MDM server administrator terminal 500 is used for registering maintenance reservation information (described later), for example. The MDM server administrator terminal 500 may be used to issue an instruction to the management target portable terminal 200, the maintenance portable terminal 300, or the maintenance PC 400 under the management of the MDM server 100. The maintenance reservation information in the MDM server 100 may be registered directly by an administrator using the MDM server administrator terminal 500, or may be registered via a WEB system in the MDM server 100 or the like.

  The network 600 may include, for example, the Internet, an intranet, a telephone line, and a mobile phone SMS.

  The management target portable terminal 200 is connected to the maintenance portable terminal 300 by short-range wireless communication. Short-range wireless communication is wireless communication that can communicate with a communication terminal that can directly receive a wireless signal transmitted by the communication terminal. Here, “direct reception of a radio signal” means that a radio signal transmitted by a certain communication terminal is received by another communication terminal without being relayed on the way. That is, a radio signal transmitted by a certain communication terminal may be reflected or diffracted on the way and received by another communication terminal. The short-range wireless communication is, for example, a wireless LAN. The maintenance mobile terminal 300 transmits a beacon to the management target mobile terminal 200 by short-range wireless communication. The beacon includes a beacon transmission one-time passphrase. The beacon is, for example, a wireless LAN beacon signal.

  The managed mobile terminal 200 is connected to the maintenance PC 400 through a failure analysis interface. The failure analysis interface is, for example, a serial port or a parallel port.

  FIG. 2 is a block diagram showing an example of the configuration of the MDM server in the first embodiment of the present invention.

  The MDM server 100 according to the present embodiment includes an overall control unit 110, a communication unit 120, a terminal management information control unit 130, a maintenance reservation information control unit 140, a one-time passphrase information generation unit 150, and a terminal command generation. Part 160.

  The overall control unit 110 is a CPU (Central Processing Unit) that controls the entire MDM server 100.

  The communication unit 120 communicates with the management target portable terminal 200 and the like via the network 600.

  The terminal management information control unit 130 manages terminal management information related to the management target mobile terminal 200.

  The maintenance reservation information control unit 140 manages maintenance reservation information input by the maintenance person or the administrator using the maintenance portable terminal 300 or the MDM server administrator terminal 500. The maintenance reservation information includes a beacon transmission one-time passphrase and a mutual authentication secret key (described later).

  The one-time passphrase information generation unit 150 generates a beacon transmission one-time passphrase and a mutual authentication secret key in association with specific maintenance reservation information.

  A random number generator (not shown) included in the one-time passphrase information generation unit 150 generates a one-time passphrase for beacon transmission and a secret key for mutual authentication in association with specific maintenance reservation information. The generated one-time passphrase for beacon transmission and the secret key for mutual authentication are given to the maintenance reservation information. The beacon transmission one-time passphrase assigned to the maintenance reservation information is used as data included in the beacon transmitted by the maintenance mobile terminal 300 and a passphrase used by the management target mobile terminal 200 for authentication. On the other hand, the mutual authentication private key is used for challenge-response authentication between the management-target portable terminal 200 and the maintenance portable terminal 300.

  The terminal command generation unit 160 generates a command for the management target portable terminal 200 based on the terminal management information managed by the terminal management information control unit 130 and the maintenance reservation information managed by the maintenance reservation information control unit 140. . The command includes a command for changing the function restriction on the management target portable terminal 200 based on the maintenance reservation information and the terminal management information.

  FIG. 3 is a block diagram illustrating an example of the configuration of the management target portable terminal according to the first embodiment of the present invention.

  The management target portable terminal 200 of this embodiment includes an overall control unit 210, a communication unit 220, a terminal setting control unit 230, a maintenance reservation information control unit 240, a short-range wireless communication unit 250, and a maintenance information control unit 260. A maintenance port 270, a timer 280, and an authentication processing unit 290.

  The overall control unit 210 is a CPU that controls the entire managed mobile terminal 200.

  The communication unit 220 communicates with the MDM server 100 and the like via the network 600.

  The terminal setting control unit 230 changes the setting related to the managed mobile terminal 200 based on the information related to the setting of the managed mobile terminal 200 included in the command transmitted by the MDM server 100. Changing the settings includes relaxing and strengthening functional restrictions. In addition, the terminal setting control unit 230 acquires setting information related to the management target portable terminal 200.

  The maintenance reservation information control unit 240 manages the maintenance reservation information received from the MDM server 100. In addition, the maintenance reservation information control unit 240 registers an event by specifying a time in the timer 280 based on the maintenance reservation start date and time and the maintenance reservation end date and time included in the maintenance reservation information. Note that the overall control unit 210 causes the short-range wireless communication unit 250 to wait for reception of a beacon at the maintenance reservation date and time designated in the maintenance reservation information, using an event in the timer 280 as a trigger.

  The short-range wireless communication unit 250 communicates with the maintenance portable terminal 300 by short-range wireless communication. The short-range wireless communication is, for example, a wireless LAN. When the beacon is received from the maintenance portable terminal 300 by the short-range wireless communication unit 250, the overall control unit 210 acquires a beacon transmission one-time passphrase included in the maintenance reservation information from the maintenance reservation information control unit 240. To do.

  The authentication processing unit 290 authenticates the one-time pass phrase included in the beacon and the acquired one-time pass phrase for beacon transmission. When mutual authentication between the management-target mobile terminal 200 and the maintenance mobile terminal 300 is necessary, the authentication processing unit 290, for example, performs a challenge based on the mutual authentication private key included in the maintenance reservation information. Perform response method authentication.

  The maintenance information control unit 260 manages failure-related data such as operation logs, failure data, and terminal setting information in the management target portable terminal 200. In addition, the maintenance information control unit 260 responds with failure related data in response to a request received via the maintenance port 270.

  The maintenance port 270 is a failure analysis interface (debug port) for transmitting a request and response for failure analysis data between the maintenance PC 400 and the managed mobile terminal 200.

  The timer 280 generates a registered event at the registered time.

  FIG. 4 is a block diagram showing an example of the configuration of the maintenance portable terminal according to the first embodiment of the present invention.

  The maintenance portable terminal 300 of this embodiment includes an overall control unit 310, a communication unit 320, a maintenance reservation information control unit 340, a short-range wireless communication unit 350, a timer 360, a data input unit 370, and an authentication process. Part 380 and maintenance reservation information generation part 390.

  The overall control unit 310 is a CPU that controls the entire maintenance portable terminal 300.

  The communication unit 320 communicates with the MDM server 100 and the like via the network 600.

  The maintenance reservation information control unit 340 manages the maintenance reservation information received from the MDM server 100. Also, the maintenance reservation information control unit 340 registers the event by designating the time in the timer 360 based on the maintenance reservation start date and time, the maintenance reservation end date and time, and the beacon transmission cycle included in the maintenance reservation information. The overall control unit 310 uses the event in the timer 360 as a trigger to cause the short-range wireless communication unit 350 to transmit a beacon at the maintenance reservation date and time designated in the maintenance reservation information.

  The short-range wireless communication unit 350 communicates with the management target portable terminal 200 through short-range wireless communication.

  The authentication processing unit 380 sets the beacon transmission one-time passphrase included in the maintenance reservation information as data included in the beacon. When mutual authentication between the management target portable terminal 200 and the maintenance portable terminal 300 is required, the authentication processing unit 380 includes the challenge request from the management target portable terminal 200 and the mutual information included in the maintenance reservation information. Authentication is performed by generating a response based on the authentication secret key.

  The data input unit 370 receives input data necessary for generating maintenance reservation information of the management target portable terminal 200 by the maintenance person.

  The maintenance reservation information generation unit 390 generates maintenance reservation information based on the input data input by the data input unit 370 and transmits the maintenance reservation information to the MDM server 100 by the communication unit 320.

  FIG. 5 is a table conceptually illustrating the configuration of the maintenance reservation information in the first exemplary embodiment of the present invention.

  The first term is an identifier (maintenance reservation identifier) of maintenance reservation information. Here, the maintenance reservation identifier is represented in hexadecimal notation of UUID (Universally Unique Identifier). The maintenance reservation identifier is generated by the MDM server 100.

  The second term is a maintenance reservation date and time. The maintenance reservation date / time includes a maintenance reservation start date / time and a maintenance reservation end date / time.

  The third term is a managed mobile terminal identifier (such as a serial number) that identifies the managed mobile terminal 200. When maintenance of a plurality of managed mobile terminals is performed using one maintenance mobile terminal in one maintenance reservation, the maintenance reservation information includes a plurality of managed mobile terminal identifiers.

  The fourth term is a maintenance portable terminal identifier (such as a serial number) for identifying the maintenance portable terminal 300.

  The fifth term is information (function restriction change information) indicating the function restriction change contents and conditions. In this example, the change contents of the function restriction can be changed according to the radio wave intensity of the received beacon. Therefore, the function restriction change information includes “restriction relaxation B” applied when the radio wave intensity is “B” or more and less than “A”, and “restriction relaxation A” applied when the radio wave intensity is “A” or more. The following two descriptions are included. Further, for each description, it is possible to define whether mutual authentication is necessary (“mutual authentication is necessary”) or not (“beacon only”). For this reason, it is possible to impose mutual authentication on function restriction changes that require strong security. What follows is a list of allowed functions.

  The sixth term is beacon transmission one-time passphrase information included in the beacon transmitted by the maintenance portable terminal 300. The beacon transmission one-time passphrase is also used by the management-target portable terminal 200 to verify the beacon transmission one-time passphrase included in the beacon. Here, the one-time passphrase for beacon transmission is represented in hexadecimal notation of UUID. The beacon transmission one-time passphrase is generated by the MDM server 100.

  The seventh term is information on a secret key for mutual authentication used for mutual authentication between the management target portable terminal 200 and the maintenance portable terminal 300 by a challenge response method. The mutual authentication private key is used, for example, as an AES (Advanced Encryption Standard) encryption key. Here, the secret key for mutual authentication is expressed in hexadecimal notation of UUID. The mutual authentication secret key is generated by the MDM server 100.

  The operation in this embodiment will be described.

  First, an operation in which the MDM server 100 transmits maintenance reservation information will be described (FIG. 6). Next, an operation in which the managed mobile terminal 200 changes the function restriction in the managed mobile terminal 200 based on the maintenance reservation information received in advance will be described (FIG. 7). Next, an operation in which the maintenance portable terminal 300 permits the function restriction change in the management target portable terminal 200 based on the maintenance reservation information received in advance will be described (FIG. 8).

  FIG. 6 is a flowchart showing the operation of the MDM server in the first exemplary embodiment of the present invention. Note that the flowchart shown in FIG. 6 and the following description are merely examples, and the processing order and the like may be changed, the processing may be returned, or the processing may be repeated according to the processing that is appropriately obtained.

  First, a premise operation of the operation for the MDM server 100 to transmit maintenance reservation information will be described.

  The data input unit 370 of the maintenance portable terminal 300 accepts the input of maintenance reservation information by the maintenance person in advance. The maintenance reservation information generation unit 390 of the maintenance mobile terminal 300 transmits the input maintenance reservation information to the MDM server 100. The items of maintenance reservation information input by the maintenance person are maintenance reservation date and time, managed mobile terminal identifier, maintenance mobile terminal identifier, and function restriction change information. However, the maintenance portable terminal identifier may be automatically determined by the data input unit 370 or the maintenance reservation information generation unit 390. The contents of other items of the maintenance reservation information are automatically generated by the MDM server 100. The maintenance reservation information generation unit 390 may transmit the generated maintenance reservation information to the MDM server 100 via the MDM server administrator terminal 500. Alternatively, the MDM server administrator terminal 500 may transmit maintenance reservation information input by the administrator to the MDM server 100.

  The MDM server 100 receives maintenance reservation information from the maintenance portable terminal 300 through the communication unit 120 (step S102).

  The maintenance reservation information control unit 140 generates a unique identifier (for example, UUID) as the maintenance reservation identifier of the received maintenance reservation information and assigns it to the maintenance reservation information (step S103).

  The MDM server 100 verifies the maintenance reservation information (step S104). Specifically, in step S104, the MDM server 100 verifies whether the managed mobile terminal identifier and the maintenance mobile terminal identifier included in the maintenance reservation information are managed by the terminal management information control unit 130. To do.

  If the verification fails (step S106: No), the MDM server 100 notifies the maintenance portable terminal 300 of an error and stops the processing (step S107).

  If the verification is successful (step S106: Yes), the MDM server 100 causes the one-time passphrase information generation unit 150 to generate a beacon transmission one-time passphrase and a mutual authentication secret key, thereby maintaining the maintenance reservation information. (Step S108). The secret key for mutual authentication is used as a key in the challenge response method.

  The MDM server 100 stores the maintenance reservation information to which the maintenance reservation identifier, the beacon transmission one-time passphrase, and the mutual authentication secret key are assigned by the maintenance reservation information control unit 140 (step S109).

  The MDM server 100 generates a command for transmitting the maintenance reservation information saved by the maintenance reservation information control unit 140 to the management target portable terminal 200 and the maintenance portable terminal 300 by using the terminal command generation unit 160 (step S111). ).

  The MDM server 100 transmits the generated command to the management target portable terminal 200 and the maintenance portable terminal 300 through the communication unit 120 (step S112). At that time, the MDM server 100 transmits maintenance reservation information (command) to the terminal specified by the management target portable terminal identifier or the maintenance portable terminal identifier included in the maintenance reservation information.

  When receiving the maintenance reservation information from the MDM server 100, the managed mobile terminal 200 and the maintenance mobile terminal 300 store the maintenance reservation information in the maintenance reservation information control unit 240 and the maintenance reservation information control unit 340, respectively. Then, the management target portable terminal 200 and the maintenance portable terminal 300 respectively set the date and time and the maintenance reservation identifier in the timer 280 and the timer 360 so that the timer operates at the maintenance reservation date and time.

  FIG. 7 is a chart showing a flow showing the operation of the management-target mobile terminal according to the first embodiment of the present invention. Note that the flowchart shown in FIG. 7 and the following description are merely examples, and the processing order and the like may be changed, the processing may be returned, or the processing may be repeated according to the processing that is appropriately obtained.

  When the preset maintenance reservation date / time comes, the timer 280 notifies the occurrence of the preset event (step S201).

  When the occurrence of an event associated with the maintenance reservation identifier is notified by the timer 280, the overall control unit 210 acquires maintenance reservation information having the maintenance reservation identifier from the maintenance reservation information control unit 240 (step S202).

  Next, the management-target portable terminal 200 starts to execute processing (steps S203 to S211) that is repeatedly executed during the maintenance reservation time according to the maintenance reservation date and time included in the maintenance reservation information (step S203).

  The overall control unit 210 causes the short-range wireless communication unit 250 to start receiving a beacon (step S204).

  When the beacon is received, the overall control unit 210 causes the authentication processing unit 290 to verify the passphrase included in the received beacon and the beacon transmission one-time passphrase included in the maintenance reservation information (step S205). . The authentication processing unit 290 determines whether or not the two pass phrases match. If a beacon is not received within a predetermined time (for example, 10 seconds) in step S204, it is considered that the verification has failed (steps S205, S206: No, S207).

  If the beacon verification result is unsuccessful (step S206: No), the overall control unit 210 inquires the terminal setting control unit 230 about the state of the function restriction, and if the function restriction is relaxed, the function restriction is performed. Is strengthened again (step S207). Thereby, when the maintenance portable terminal 300 that transmits a beacon goes out of the communication range of the management target portable terminal 200 or when an appropriate beacon cannot be received, the function restriction is strengthened again.

  If the verification result of the beacon is successful (step S206: Yes), the overall control unit 210 determines the radio wave intensity of the received beacon (step S208).

  The overall control unit 210 refers to the function restriction change information in the maintenance reservation information according to the received beacon radio wave intensity. When certain function restriction change information for each radio wave intensity requires strong security (step S208: A or higher), the managed mobile terminal 200 performs mutual authentication (step S209). In the present embodiment, it is assumed that the function restriction change information when the radio wave intensity is B or more and less than A requires normal security (beacon passphrase authentication). Further, it is assumed that the function restriction change information when the radio wave intensity is A or more further requires strong security (mutual authentication). When the radio wave intensity is less than B, it is not permitted to change the function restriction in the management target portable terminal 200.

  The mutual authentication is, for example, authentication by a challenge response method between the management target portable terminal 200 and the maintenance portable terminal 300. Specifically, first, the management target portable terminal 200 transmits a challenge message to the maintenance portable terminal 300. Next, the maintenance mobile terminal 300 transmits a response obtained by encrypting the received challenge message using the mutual authentication secret key included in the maintenance reservation information to the management target mobile terminal 200. Subsequently, the managed mobile terminal 200 receives the encrypted response from the maintenance mobile terminal 300 and decrypts the received encrypted response using the mutual authentication private key included in the maintenance reservation information. Whether the information obtained by the decryption and the challenge message are the same is verified.

  If the mutual authentication fails (step S209: No), the overall control unit 210 proceeds to the process of step S207. When the mutual authentication is successful (step S209: Yes), the overall control unit 210 causes the terminal setting control unit 230 to relax the function restriction (step S210). However, the overall control unit 210 does nothing if the function restriction is relaxed to the already requested conditions.

  When mutual authentication is unnecessary (step S208: B or more and less than A), the overall control unit 210 relaxes the function restriction (step S210-2). However, the overall control unit 210 does nothing if the function restriction is relaxed to the already requested conditions. In step S210 and step S210-2, the function restriction relaxation contents are different.

  If the radio wave intensity is less than B (step S208: less than B), the overall control unit 210 proceeds to the process of step S207.

  Step S211 represents the end of the iterative process from step S203. The overall control unit 210 repeats the processing from step S203 to S211 until the maintenance reservation date and time elapses.

  When the maintenance reservation date and time elapses, the overall control unit 210 stops receiving beacons in the short-range wireless communication unit 250 (step S212) and ends the process. However, when the function restriction in the management target mobile terminal 200 has been relaxed, the overall control unit 210 reinforces the function restriction again.

  FIG. 8 is a flowchart showing the operation of the maintenance portable terminal according to the first embodiment of the present invention. Note that the flowchart shown in FIG. 8 and the following description are examples, and the processing order and the like may be changed, the processing may be returned, or the processing may be repeated depending on the processing that is appropriately obtained.

  When the preset maintenance reservation date / time comes, the timer 360 notifies the occurrence of the preset event (step S301).

  When the occurrence of an event associated with the maintenance reservation identifier is notified by the timer 360, the overall control unit 310 acquires maintenance reservation information having the maintenance reservation identifier from the maintenance reservation information control unit 340 (step S302).

  Next, according to the maintenance reservation date and time included in the maintenance reservation information, the maintenance portable terminal 300 starts execution of processing (steps S303 to S307) repeatedly executed during the maintenance reservation date and time (step S303).

  Overall control unit 310 causes short-range wireless communication unit 350 to start periodic transmission of beacons (step S304). The beacon includes a beacon transmission one-time passphrase.

  The overall control unit 310 attempts to receive a challenge request from the managed mobile terminal 200 through the short-range wireless communication unit 350 (step S305). When the challenge request is received (step S305: Yes), the overall control unit 310 passes the mutual authentication secret key included in each of the received challenge request and maintenance reservation information to the authentication processing unit 380, and in step S306, Proceed to processing. When the challenge request has not been received (step S305: No), the overall control unit 310 proceeds to the process of step S307.

  The overall control unit 310 causes the authentication processing unit 380 to generate a response obtained by encrypting the challenge request using the mutual authentication secret key, and causes the short-range wireless communication unit 350 to transmit the generated response to the managed mobile terminal 200 ( Step S306).

  Step S307 represents the end of the iterative process from step S303. The overall control unit 310 repeats the processing from step S303 to S307 until the maintenance reservation date and time elapses.

  When the maintenance reservation date and time elapses, the overall control unit 310 causes the short-range wireless communication unit 350 to stop transmitting beacons (step S308) and ends the process.

  As described above, in the MDM system 700 of the present embodiment, the managed mobile terminal 200 first receives authentication information and information (time zone information) indicating the time zone scheduled for maintenance from the MDM server 100. Receive. And the management object portable terminal 200 tries to receive the authentication information by the short-range wireless communication in the time zone indicated by the received time zone information. Then, when the management target mobile terminal 200 can receive correct authentication information from the maintenance mobile terminal 300, the management target mobile terminal 200 relaxes restrictions on functions for maintenance in the management target mobile terminal 200. In other words, the restriction on the function for maintenance in the management target mobile terminal 200 is eased because the maintenance mobile terminal 300 scheduled to be used for maintenance is in a time zone when maintenance is scheduled. It is limited to the case where it exists around the management target portable terminal 200 scheduled to be maintained. Therefore, the MDM system 700 according to the present embodiment has an effect that the convenience and safety related to the maintenance work in the management target portable terminal 200 (management target apparatus) described in the effect column of the invention can be improved.

  Further, in the MDM system 700 of the present embodiment, the maintenance person does not need to request the MDM server administrator to change permission or prohibition of the external device connection to the managed mobile terminal 200 each time. Therefore, the above-described problem (1-1) does not occur.

  Further, in the MDM system 700 of the present embodiment, the function restriction of the management target mobile terminal 200 is released only when the maintenance mobile terminal 300 exists near the management target mobile terminal 200. Therefore, the occurrence of the problem (1-2) described above is suppressed.

  Further, in the MDM system 700 of the present embodiment, the function restriction of the managed mobile terminal 200 is relaxed by bringing the maintenance mobile terminal 300 closer to the managed mobile terminal 200. Therefore, the above-described problem (2-1) does not occur.

  Further, in the MDM system 700 of the present embodiment, when the maintenance portable terminal 300 is separated from the management target portable terminal 200, the function limitation of the management target portable terminal 200 is reinforced. Therefore, the above-described problem (2-2) does not occur.

  In the MDM system 700 of the present embodiment, the communication connection between the managed mobile terminal 200 and the MDM server 100 is not disconnected even when the function restriction of the managed mobile terminal 200 is relaxed. Therefore, when the MDM server 100 stores the operation history of the management target terminal, the above-described problem (2-3) does not occur.

  A modification in the present embodiment will be described.

  In this embodiment, an operation example in the case where the function restriction of the management target terminal is changed stepwise according to the radio wave intensity of the beacon will be described.

  FIG. 9 is a diagram for explaining a modification example of the MDM system in the case where the function restriction of the mobile terminal to be managed is changed in stages according to the radio wave intensity of the beacon in the first embodiment of the present invention. is there.

  As described above, the management-target mobile terminal 200 can change the function restriction in the management-target mobile terminal 200 (own device) in a stepwise manner in accordance with the radio wave intensity of the received beacon. It is assumed that the maintenance person always carries the maintenance portable terminal 300. At this time, the radio wave intensity A is determined so that the radio wave intensity of the beacon when the maintenance person exists in the maintenance workable range of the managed mobile terminal 200 is equal to or higher than the radio wave intensity A. In addition, the radio field strength B is determined so that the radio field strength of the beacon is equal to or higher than the radio field strength B when the maintenance person exists in a range where the screen of the management-target portable terminal 200 can be viewed.

  In the present modification, when the radio wave intensity of the received beacon is greater than or equal to B and less than A, the managed mobile terminal 200 is allowed to display the diagnosis result of the managed mobile terminal 200 and the diagnosis result is the managed mobile terminal 200. Shall be displayed. Further, in this modification, when the received beacon has a radio wave intensity of A or higher, the management target portable terminal 200 is allowed to have a maintenance function for the management target portable terminal 200 and the maintenance screen is managed. It is assumed that it is displayed on the target mobile terminal 200.

  As a result of the above-described configuration, in this modification, the diagnosis result is automatically displayed on the management target portable terminal 200 that exists in a range where the screen can be visually recognized by the maintenance person according to the movement of the maintenance person. Therefore, the maintenance person can identify the management target portable terminal whose diagnosis result is defective (“NG”). Therefore, in this modification, the management-target mobile terminals 200 that need failure analysis can be automatically narrowed down, so that convenience related to maintenance work can be improved.

Further, in this modification, when the maintenance person further approaches the maintenance work range of the management target portable terminal 200, the maintenance work screen is automatically displayed. Therefore, the maintenance person can immediately start the maintenance of the management target portable terminal 200. Therefore, in this modification, the convenience regarding the maintenance work can be further improved.
(Second Embodiment)
Next, the second embodiment of the present invention, which is the basis of the first embodiment of the present invention, will be described.

  FIG. 10 is a block diagram showing an example of the configuration of the device management system according to the second embodiment of the present invention.

  The apparatus management system 705 of this embodiment includes a maintenance portable terminal 305, a management target apparatus 205, and an apparatus management server 105.

  The maintenance portable terminal 305 is a terminal used for maintenance in the management target device 205. Here, the maintenance is an operation performed by putting the management target device 205 in a state other than the normal operation state. The maintenance includes connecting the management target device 205 to an external device, acquiring internal information of the management target device 205, changing settings of the management target device 205, and the like. The maintenance portable terminal 305 is a portable terminal, for example, a mobile phone, a smartphone, or a notebook PC. The maintenance portable terminal 305 includes a short-range wireless communication unit 355 and a control unit 315.

  The short-range wireless communication unit 355 communicates with other short-range wireless communication units using short-range wireless communication. Short-range wireless communication is wireless communication that can communicate with a communication terminal that can directly receive a wireless signal transmitted by the communication terminal. The near field communication is, for example, a wireless LAN, ZigBee (registered trademark), Bluetooth (registered trademark), IrDA (registered trademark), or near field radio communication.

  The control unit 315 transmits a predetermined part (part or all) of the authentication information by the short-range wireless communication unit 355. A predetermined portion of the authentication information transmitted by the control unit 315 is determined in advance. The authentication information is information for authenticating maintenance permission in the management target device 205. For example, the authentication information may include an identifier given to the maintenance portable terminal 305. When the short-range wireless communication is a wireless LAN, the identifier given to the maintenance portable terminal 305 is, for example, an identifier generated based on a random number, a BSSID (Basic Service Set Identifier), or a MAC (Media Access Control). An address may be included. When the short-range wireless communication is a wireless LAN, the predetermined part of the authentication information may be included in a wireless LAN beacon and transmitted, for example.

  The authentication information is preferably information that is difficult to guess for security reasons. Therefore, for example, the authentication information may be generated by the device management server 105 in a method that is difficult to guess (for example, randomly) and attached to the maintenance reservation information. In this case, the authentication information may include, for example, an identifier of maintenance reservation information, a passphrase, and a secret key used for challenge-response authentication. However, when the maintenance portable terminal 305 is not connected to the network 600, the authentication information generated by the device management server 105 needs to be transferred to the maintenance portable terminal 305 offline.

  The management target device 205 is a stationary or portable device, for example, an electronic device, a server, a PC, a mobile phone, a smartphone, or a notebook PC. The management target device 205 includes a communication unit 225, a short-range wireless communication unit 255, and a control unit 215.

  The communication unit 225 uses the network 600 to communicate with other communication units connected to the network 600. Communication terminals connected to the network 600 can communicate with each other even when the communication terminals are located in different remote locations. The network 600 is, for example, a LAN, a WAN (Wide Area Network), or a combination of a LAN and a WAN. The LAN may include a wireless LAN. The WAN may include a wireless WAN. The WAN is, for example, a mobile phone network or a wide area Ethernet (registered trademark).

  The short-range wireless communication unit 255 can communicate with the short-range wireless communication unit 355.

  The control unit 215 receives the maintenance reservation information by the communication unit 225. The maintenance reservation information includes authentication information and time zone information indicating a time zone in which maintenance is scheduled. In addition, the control unit 215 receives a predetermined part of the authentication information from the maintenance portable terminal 305 by the short-range wireless communication unit 255. In addition, the control unit 215 includes a predetermined part (part or all) of authentication information included in the maintenance reservation information received by the communication unit 225 and time zone information included in the maintenance reservation information received by the communication unit 225. It is checked whether or not the predetermined part of the authentication information received by the short-range wireless communication unit 255 is the same in the time zone indicated by. A predetermined part of the authentication information inspected by the control unit 215 is determined in advance. And when the predetermined part of both authentication information is the same, the control part 215 eases the restriction | limiting with respect to the function for the maintenance in the management object apparatus 205. FIG. The functions for maintenance are, for example, a function for receiving a command for outputting information necessary for maintenance in the management target device 205, and a function for receiving a command for changing settings necessary for maintenance in the management target device 205.

  The device management server 105 includes a communication unit 125 and a control unit 115.

  The communication unit 125 can communicate with the communication unit 225.

  The control unit 115 transmits the maintenance reservation information related to the maintenance portable terminal 305 to the management target device 205 by the communication unit 125 before the time zone when the maintenance is scheduled.

  As described above, in the device management system 705 of this embodiment, first, the management target device 205 receives authentication information and time zone information scheduled for maintenance from the device management server 105. Then, the management target device 205 attempts to receive the authentication information by short-range wireless communication in the time zone indicated by the received time zone information. Then, when the correct authentication information can be received from the maintenance portable terminal 305, the management target device 205 relaxes the restriction on the maintenance function in the management target device 205. That is, the restriction on the maintenance function in the management target device 205 is relaxed because the maintenance portable terminal 305 that is scheduled to be used for maintenance is maintained in the maintenance scheduled time zone. It is limited to the case where it exists around the management target device 205 that is scheduled to be executed. Therefore, the apparatus management system 705 of the present embodiment has the effect that “the convenience and safety regarding the maintenance work in the management target apparatus can be improved” described in the “Effect” column of the invention.

  The maintenance portable terminal 305 may further include a communication unit (not shown) that can communicate with the communication unit 125, and may be connected to the network 600. In this case, the apparatus management server 105 may transmit the maintenance reservation information to the maintenance portable terminal 305 through the communication unit 125. The maintenance mobile terminal 305 receives the maintenance reservation information from the apparatus management server 105 by the communication unit (not shown) of the maintenance mobile terminal 305. Then, the maintenance portable terminal 305 uses the short-range wireless communication unit 355 to transmit a predetermined part of the authentication information in the time zone indicated by the time zone information included in the maintenance reservation information received from the device management server 105. Send to. That is, the device management server 105 transmits the generated authentication information to the maintenance portable terminal 305 via the network 600. In this case, since the authentication information generated by the device management server 105 does not need to be transferred to the maintenance portable terminal 305 offline, the device management system 705 further improves convenience related to maintenance work in the management target device 205. There is an effect. In particular, when the authentication information is information that is generated by the device management server 105 and is difficult to guess, the device management system 705 has an effect of further improving the safety regarding maintenance work in the management target device 205.

  The short-range wireless communication unit 255 may have a function of measuring the strength of a wireless signal including received authentication information. Then, the control unit 215 relaxes restrictions on different functions according to the strength of the wireless signal including the received authentication information. For example, the managed device 205 relaxes restrictions on the function of accepting a command to output information when the strength of a wireless signal including received authentication information is less than a predetermined threshold. For example, when the strength of the wireless signal including the received authentication information is equal to or greater than a predetermined threshold, the management target device 205 further relaxes the restriction on the function of accepting a command to change the setting. In this case, there is an effect that the security level in the managed device 205 can be changed according to the distance between the managed device 205 and the maintenance portable terminal 305.

  FIG. 11 is a block diagram illustrating an example of a hardware configuration capable of realizing a management target device, a maintenance portable terminal, or a device management server in each embodiment of the present invention. Hereinafter, the hardware configuration of the management target device will be described as an example, but the same applies to the maintenance portable terminal and the device management server.

  The management target device 907 includes a storage device 902, a CPU (Central Processing Unit) 903, a keyboard 904, a monitor 905, and an I / O (Input / Output) device 908, which are connected via an internal bus 906. ing. The storage device 902 stores an operation program for the CPU 903 such as the control unit 215. The CPU 903 controls the entire management target device 907, executes an operation program stored in the storage device 902, and executes a program such as the communication control unit 825 and transmits / receives data via the I / O device 908. The internal configuration of the management target device 907 is an example. The management target device 907 may have a device configuration that connects a keyboard 904 and a monitor 905 as necessary.

  The management target device, maintenance portable terminal, or device management server in each embodiment of the present invention described above may be realized by a dedicated device, but the I / O device 908 performs hardware communication with the outside. Other than the above operation, it can also be realized by a computer (information processing apparatus). In each embodiment of the present invention, the I / O device 908 is, for example, a short-range wireless communication unit 250, 255, 350, 355, and a communication unit 120, 125, 220, 225, 320. In this case, the computer reads the software program stored in the storage device 902 to the CPU 903 and executes the read software program in the CPU 903. In the case of each of the embodiments described above, the software program can implement the functions of the respective units such as the management target device 205, the maintenance portable terminal 305, or the device management server 105 shown in FIG. It only needs to be described. However, it is assumed that these units include hardware as appropriate. In such a case, the software program (computer program) can be regarded as constituting the present invention. Furthermore, a computer-readable storage medium storing such a software program can also be understood as constituting the present invention.

  The present invention has been exemplarily described with the above-described embodiments and modifications thereof. However, the technical scope of the present invention is not limited to the scope described in the above-described embodiments and modifications thereof. It will be apparent to those skilled in the art that various modifications and improvements can be made to such embodiments. In such a case, new embodiments to which such changes or improvements are added can also be included in the technical scope of the present invention. This is apparent from the matters described in the claims.

  INDUSTRIAL APPLICABILITY The present invention can be used for the purpose of enhancing convenience and safety regarding maintenance work in an apparatus managed by a server on a network.

DESCRIPTION OF SYMBOLS 100 MDM server 110 Overall control part 120 Communication part 130 Terminal management information control part 140 Maintenance reservation information control part 150 One-time passphrase information generation part 160 Command generation part for terminals 200 Managed mobile terminal 210 Overall control part 220 Communication part 230 Terminal Setting control unit 240 Maintenance reservation information control unit 250 Short-range wireless communication unit 260 Maintenance information control unit 270 Maintenance port 280 Timer 290 Authentication processing unit 300 Maintenance portable terminal 310 Overall control unit 320 Communication unit 340 Maintenance reservation information control unit 350 Near Distance wireless communication unit 360 Timer 370 Data input unit 380 Authentication processing unit 390 Maintenance reservation information generation unit 400 PC for maintenance
500 MDM server administrator terminal 600 network 700 MDM system 105 device management server 115 control unit 125 communication unit 205 managed device 215 control unit 225 communication unit 255 short-range wireless communication unit 305 portable terminal for maintenance 315 control unit 355 short-range wireless communication Unit 705 Device management system 902 Storage device 903 CPU
904 Keyboard 905 Monitor 906 Internal bus 907 Managed device 908 I / O device

Claims (8)

A maintenance portable terminal including a first short-range wireless communication means for communicating with a communication terminal capable of directly receiving a wireless signal transmitted by the communication terminal;
A device management server including a first communication means capable of communicating with an external device by at least one of wired or wireless;
A device management system comprising: a second communication unit capable of communicating with the first communication unit; and a management target device including a second short range wireless communication unit capable of communicating with the first short range wireless communication unit. Because
The device management server receives maintenance reservation information including time zone information indicating a time zone scheduled for maintenance in the management target device and authentication information for authenticating permission of maintenance in the management target device. Further comprising first control means for transmitting to the managed device by communication means;
The maintenance portable terminal has second control means for transmitting a predetermined portion of authentication information for authenticating permission of maintenance in the management target apparatus to the management target apparatus by the first short-range wireless communication means. In addition,
The managed device is:
Receiving the maintenance reservation information from the device management server by the second communication means;
In the time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, the predetermined portion is received from the maintenance portable terminal by the second short-range wireless communication means,
Said predetermined portion received from the portable terminal for the maintenance, wherein when the predetermined portion of the credentials are the same contained in the maintenance reservation information received from the device management server, for maintenance of the managed devices An apparatus management system further comprising third control means for relaxing restrictions on functions. The device management server transmits the maintenance reservation information to the maintenance portable terminal by the first communication means,
The maintenance portable terminal is:
And further comprising third communication means capable of communicating with the first communication means,
Receiving the maintenance reservation information from the device management server by the third communication means;
In the time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, the predetermined portion of the authentication information included in the maintenance reservation information received from the device management server is the first The apparatus management system according to claim 1, wherein transmission is performed to the management target apparatus by one short-range wireless communication unit. The apparatus management system according to claim 1, wherein the predetermined part received from the maintenance portable terminal includes an identifier assigned in advance to the maintenance portable terminal. The said predetermined part of the said authentication information of the said maintenance reservation information received from the said apparatus management server contains the identifier or the passphrase provided to the said maintenance reservation information produced | generated by the said apparatus management server. The device management system described in 1. The second short-range wireless communication means has a function of measuring the strength of a wireless signal including the predetermined part received from the maintenance portable terminal,
The third control unit has functions different from each other according to the strength of the radio signal including the predetermined part received from the maintenance portable terminal as a restriction on the maintenance function in the management target device. The apparatus management system according to claim 2 or 3, wherein the restriction is relaxed. A maintenance portable terminal including a first short-range wireless communication means for communicating with a communication terminal capable of directly receiving a wireless signal transmitted by the communication terminal;
It is possible to communicate with an apparatus management server including a first communication means capable of communicating with an external apparatus by at least one of wired or wireless.
Second communication means capable of communicating with the first communication means;
Second short-range wireless communication means capable of communicating with the first short-range wireless communication means;
A management target device comprising a control means,
The control means includes
Maintenance management information including time zone information indicating a time zone scheduled for maintenance in the managed device and authentication information for authenticating maintenance permission in the managed device is managed by the second communication means. Received from the server,
In a time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, a predetermined portion of authentication information for authenticating maintenance permission in the management target device is set as the second nearby information. Received from the portable terminal for maintenance by distance wireless communication means,
Said predetermined portion received from the portable terminal for the maintenance, wherein when the predetermined portion of the credentials are the same contained in the maintenance reservation information received from the device management server, for maintenance of the managed devices A managed device that relaxes restrictions on functionality. A maintenance portable terminal including a first short-range wireless communication means for communicating with a communication terminal capable of directly receiving a wireless signal transmitted by the communication terminal;
A device management server including a first communication means capable of communicating with an external device by at least one of wired or wireless;
A device management system comprising: a second communication unit capable of communicating with the first communication unit; and a management target device including a second short range wireless communication unit capable of communicating with the first short range wireless communication unit. Control method,
The device management server receives maintenance reservation information including time zone information indicating a time zone scheduled for maintenance in the management target device and authentication information for authenticating permission of maintenance in the management target device. Transmitted to the managed device by communication means,
The maintenance portable terminal transmits a predetermined portion of authentication information for authenticating permission of maintenance in the management target device to the management target device by the first short-range wireless communication unit,
The managed device is:
Receiving the maintenance reservation information from the device management server by the second communication means;
In the time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, the predetermined portion is received from the maintenance portable terminal by the second short-range wireless communication means,
Said predetermined portion received from the portable terminal for the maintenance, wherein when the predetermined portion of the credentials are the same contained in the maintenance reservation information received from the device management server, for maintenance of the managed devices A method of controlling a device management system that relaxes restrictions on functions. A maintenance portable terminal including a first short-range wireless communication means for communicating with a communication terminal capable of directly receiving a wireless signal transmitted by the communication terminal;
It is possible to communicate with an apparatus management server including a first communication means capable of communicating with an external apparatus by at least one of wired or wireless.
Second communication means capable of communicating with the first communication means;
A computer included in a management target device including the second short-range wireless communication unit capable of communicating with the first short-range wireless communication unit;
Maintenance management information including time zone information indicating a time zone scheduled for maintenance in the managed device and authentication information for authenticating maintenance permission in the managed device is managed by the second communication means. Received from the server,
In a time zone indicated by the time zone information included in the maintenance reservation information received from the device management server, a predetermined portion of authentication information for authenticating maintenance permission in the management target device is set as the second nearby information. Received from the portable terminal for maintenance by distance wireless communication means,
Said predetermined portion received from the portable terminal for the maintenance, wherein when the predetermined portion of the credentials are the same contained in the maintenance reservation information received from the device management server, for maintenance of the managed devices A control program for a managed device that executes a control process that relaxes restrictions on functions.

Images