JP6750299B2 - Information processing system - Google Patents

Description

The present invention relates to an information processing system.

2. Description of the Related Art A system for controlling and monitoring the operations of facilities, equipment, plants and the like in facilities such as factories and power plants has been known.

Further, a technique of dynamically setting the security level of a security function and the like is conventionally known (see, for example, Patent Documents 1 and 2).

JP, 2003-316650, A JP, 2011-151541, A

However, in the above-mentioned conventional technology, for example, the usage rate of a CPU (Central Processing Unit) and a memory increases due to execution of a security function, which affects the operation of facilities and equipment in a facility such as a factory or a power station, or a plant. There were cases.

That is, for example, as a result of an increase in the usage rate of the CPU and the memory due to the execution of the security function, there are cases where the operation control and operation monitoring of the equipment, equipment, plant, etc. cannot be performed sufficiently.

One embodiment of the present invention has been made in view of the above points, and it is an object of the present invention to reduce the effect of executing a security function.

In order to achieve the above object, one embodiment of the present invention is an information processing system including a first device and a second device connected to the first device via a network. For each security function that can be executed by the first device and the second device, a first storage unit that stores information regarding the execution condition of the security function and a terminal device connected to the information processing system are transmitted. In response to a security function execution request, an acquisition unit that acquires information about the execution condition of the security function corresponding to the execution request from the first storage unit, and information about the execution condition acquired by the acquisition unit. Based on the first determining means, it is determined by the first determining means whether to execute the security function in the first device, and the first determining means determines to execute the security function in the first device. In this case, there is provided an execution unit that causes the first device to execute the security function, and the execution unit is determined not to execute the security function by the first device by the first determination unit. In this case, the execution request of the security function is transmitted to the second device.

According to one embodiment of the present invention, the impact associated with performing security functions is reduced.

It is a figure which shows an example of the control system which concerns on 1st embodiment. It is a figure which shows an example of the hardware constitutions of the terminal device which concerns on 1st embodiment, a monitoring apparatus, and a control apparatus. It is a figure showing an example of functional composition of a control system concerning a first embodiment. It is a sequence diagram which shows an example of registration processing of the execution condition of the security function which concerns on 1st embodiment. It is a figure which shows an example of the setting screen of the execution condition of the security function which concerns on 1st embodiment. It is a figure which shows an example of the execution condition information which concerns on 1st embodiment. It is a sequence diagram which shows an example of the execution process of the security function which concerns on 1st embodiment. 6 is a flowchart illustrating an example of security function execution determination processing according to the first embodiment. It is a sequence diagram which shows an example of registration processing of the execution condition of the security function which concerns on 2nd embodiment. It is a figure which shows an example of the setting screen of the execution condition of the security function which concerns on 2nd embodiment. It is a figure which shows an example of the execution condition information which concerns on 2nd embodiment. It is a figure showing an example of functional composition of a control system concerning a third embodiment. It is a figure which shows an example of usage history information. It is a flow chart which shows an example of security function execution judgment processing concerning a third embodiment. It is a figure which shows an example of a functional structure of the control system which concerns on 4th embodiment. It is a figure which shows an example of the execution condition information which concerns on 4th embodiment. It is a flow chart which shows an example of execution judging processing of a security function concerning a fourth embodiment. It is a figure which shows an example of execution waiting information.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

[First embodiment]
<System configuration>
First, the system configuration of the control system 1 according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of a control system according to the first embodiment.

The control system 1 shown in FIG. 1 includes one or more terminal devices 10, one or more monitoring devices 20, and one or more control devices 30. The terminal device 10 and the monitoring device 20 are communicably connected via a network N1 such as a LAN (Local Area Network). The monitoring device 20 and the control device 30 are communicatively connected via a network N2 such as a LAN.

Furthermore, one or more conversion devices 40 are connected to the control device 30. In addition, one or more devices 50 are connected to the conversion device 40.

Here, the monitoring device 20, the control device 30, the conversion device 40, and the device 50 are included in the facility environment E1 which is a system environment in a facility such as a factory or a power plant. Therefore, the terminal device 10 and the facility environment E1 are communicably connected via the network N1. The facility environment E1 is not limited to the system environment in a factory or power plant, and may be the system environment in various facilities such as a water treatment facility and a waste treatment facility.

The terminal device 10 is a desktop PC, a notebook PC, a smartphone, a tablet terminal or the like used by the user. The user can connect to the facility environment E1 using the terminal device 10 and acquire various information.

For example, the user uses the terminal device 10 to connect to the monitoring device 20 included in the facility environment E1 and obtains various monitoring results (the operating state of the device 50, an alarm, etc.) provided by the monitoring device 20. be able to.

The monitoring device 20 collects operation logs and sensor information (information obtained by measuring the temperature and pressure of the device 50 with various sensors) of the control device 30 and the device 50 included in the facility environment E1, and the operation log. It is an information processing device that performs monitoring based on the sensor information and the like. Moreover, the monitoring device 20 provides the monitoring result to the terminal device 10 in response to a request from the terminal device 10.

The control device 30 is, for example, a PLC (Programmable Logic Controller) or the like, and is an information processing device that controls the device 50. The control device 30 controls the operation of the device 50, acquires an operation log and sensor information from the device 50, and sends the operation log and sensor information to the monitoring device 20.

The conversion device 40 is, for example, a module that performs A/D conversion or D/A conversion, and converts information between the control device 30 and the device 50. That is, the conversion device 40 converts various information output from the control device 30 into a format that can be input by the device 50, and also converts various information output from the device 50 into a format that can be input by the control device 30. To do. The conversion device 40 may be included in the control device 30.

The equipment 50 is, for example, power generation equipment such as a gas turbine or a steam turbine, substation/distribution equipment such as a transformer or a gas circuit breaker, manufacturing equipment in a factory or the like, and various equipment or plant controlled by the control device 30. Etc.

The control system 1 according to the present embodiment dynamically changes the execution body of security functions such as login authentication and access control when the user connects to the facility environment E1 using the terminal device 10.

That is, for example, when the user connects to the facility environment E1 using the terminal device 10 and logs in to the facility environment E1, the resource usage rate such as the CPU usage rate or the memory usage rate of the monitoring device 20 or the control device 30. The device (monitoring device 20 or control device 30) that performs login authentication is dynamically changed based on the above. Similarly, for example, when the user logs in the facility environment E1 using the terminal device 10 and then acquires the monitoring result provided by the monitoring device 20, based on the resource usage rates of the monitoring device 20 and the control device 30. , Dynamically change the device that controls access.

As described above, in the control system 1 according to the present embodiment, for example, the execution body of the security function is dynamically changed based on the CPU usage rate. Therefore, in the control system 1 according to the present embodiment, for example, because the CPU usage rate is increased by executing the security function (that is, a high load is generated in the CPU), monitoring and control of the device 50, etc. It is possible to prevent a situation in which

<Hardware configuration>
Next, the hardware configurations of the terminal device 10, the monitoring device 20, and the control device 30 according to the first embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of a hardware configuration of the terminal device, the monitoring device, and the control device according to the first embodiment. Since the terminal device 10, the monitoring device 20, and the control device 30 have the same hardware configuration, the hardware configuration of the terminal device 10 will be mainly described below.

The terminal device 10 includes an input device 11, a display device 12, an external I/F 13, a RAM (Random Access Memory) 14, a ROM (Read Only Memory) 15, a CPU 16, a communication I/F 17, and a storage device. 18 and. Further, each of these pieces of hardware is communicably connected by a bus B.

The input device 11 is, for example, a keyboard, a mouse, a touch panel, or the like, and is used by the user to input various operation signals. The display device 12 is, for example, a display and displays the processing result. In addition, the monitoring device 20 and the control device 30 may be in a form in which the input device 11 and the display device 12 are connected to the bus B and used when necessary.

The external I/F 13 is an interface with an external device. The external device includes a recording medium 13a and the like. Accordingly, the terminal device 10 can read and/or write the recording medium 13a via the external I/F 13. The recording medium 13a includes a flexible disk, a CD, a DVD, an SD memory card, a USB memory and the like. It should be noted that the recording medium 13a may store a program that realizes the present embodiment.

The RAM 14 is a non-volatile semiconductor memory that can retain programs and data even when the power is turned off. The ROM 15 stores data and programs such as BIOS (Basic Input/Output System), OS (Operating System) settings, network settings, etc., which are executed when the terminal device 10 is started up.

The CPU 16 is an arithmetic unit that realizes control and functions of the entire terminal device 10 by reading programs and data from the ROM 15 and the storage device 18 onto the RAM 14 and executing processing.

The communication I/F 17 is an interface for connecting the terminal device 10 to the network N1. Accordingly, the terminal device 10 can perform data communication via the communication I/F 17.

The storage device 18 is a non-volatile memory that stores programs and data, and is, for example, an HDD (Hard Disk Drive) or an SSD (solid state drive). The data stored in the storage device 18 includes a program that realizes the present embodiment, an OS that is basic software that controls the entire terminal device 10, and application software that provides various functions on the OS. The storage device 18 manages stored programs and data by a predetermined file system and/or DB (database).

The terminal device 10, the monitoring device 20, and the control device 30 according to the present embodiment have the hardware configuration shown in FIG.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the first embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a functional configuration of the control system according to the first embodiment.

The terminal device 10 includes an input reception unit 101, a display control unit 102, a registration request unit 103, and an execution request unit 104. Each of these functional units is realized by a process that causes the CPU 16 to execute one or more programs installed in the terminal device 10.

The input receiving unit 101 receives various input operations by the user. For example, the input receiving unit 101 receives a registration operation of a security function execution condition.

Further, for example, the input receiving unit 101 receives an execution operation for executing the security function.

The execution condition is a condition when the security function is executed in the monitoring device 20 and the control device 30 for each security function, and for example, "CPU usage rate is less than 20%" or "memory usage rate". Is less than 30%” or the like.

Further, the security function is a function relating to various types of security executed when the user connects to the facility environment E1 using the terminal device 10, and examples thereof include login authentication and access control.

The display control unit 102 displays various screens. For example, the display control unit 102 displays a screen for setting and registering the execution condition of the security function.

When the input accepting unit 101 accepts the registration operation, the registration requesting unit 103 transmits a registration request for execution conditions to the monitoring device 20.

When the input accepting unit 101 accepts an execution operation (for example, login operation) for executing the security function, the execution requesting unit 104 issues an execution request for the security function (for example, login authentication execution request) to the monitoring device 20. Send to.

The monitoring device 20 includes a registration processing unit 201, an execution determination processing unit 202, and a function execution unit 203. Each of these functional units is realized by a process that causes the CPU 16 to execute one or more programs installed in the monitoring device 20.

The monitoring device 20 also has an execution condition storage unit 204. The storage unit can be realized using the storage device 18. The storage unit may be realized by using, for example, a storage device connected to the monitoring device 20 via a network.

In response to the execution condition registration request, the registration processing unit 201 registers the execution condition based on the registration request in the monitoring device 20. That is, when the registration processing unit 201 receives the execution condition registration request, the registration processing unit 201 stores the execution condition information indicating the execution condition in the execution condition storage unit 204.

Further, when the execution condition information is stored in the execution condition storage unit 204, the registration processing unit 201 transmits the execution condition registration request to the control device 30. That is, the registration processing unit 201 transfers the execution condition registration request received from the terminal device 10 to the control device 30.

In response to the security function execution request, the execution determination processing unit 202 executes processing (security function execution determination processing) for determining whether or not to execute the security function in the monitoring device 20. Here, the execution determination processing unit 202 includes a condition acquisition unit 212 and a condition determination unit 222.

In response to the security function execution request, the condition acquisition unit 212 acquires the execution condition information of the security function related to the execution request from the execution condition storage unit 204. When the condition acquisition unit 212 acquires the execution condition information, the condition determination unit 222 determines whether or not the execution condition of the security function related to the execution request is satisfied based on the execution condition information.

Here, when the condition determination unit 222 determines that the execution condition of the security function is satisfied, the execution determination processing unit 202 determines that the monitoring device 20 executes the security function. On the other hand, when the condition determination unit 222 determines that the execution condition of the security function is not satisfied, the execution determination processing unit 202 determines that the monitoring device 20 does not execute the security function.

When the execution determination processing unit 202 determines that the security function is to be executed by the monitoring device 20, the function execution unit 203 executes the security function (for example, login authentication).

Further, when the execution determination processing unit 202 determines that the security function is not to be executed by the monitoring device 20, the function execution unit 203 transmits (transfers) an execution request for the security function to the control device 30.

The execution condition storage unit 204 stores the execution condition information stored by the registration processing unit 201. The details of the execution condition information will be described later.

The control device 30 includes a registration processing unit 301, an execution determination processing unit 302, and a function execution unit 303. Each of these functional units is realized by a process that causes the CPU 16 to execute one or more programs installed in the control device 30.

The control device 30 also includes an execution condition storage unit 304. The storage unit can be realized using the storage device 18. The storage unit may be realized using, for example, a storage device connected to the control device 30 via a network.

In response to the execution condition registration request, the registration processing unit 301 registers the execution condition based on the registration request in the control device 30. That is, when the registration processing unit 301 receives the execution condition registration request, the registration processing unit 301 stores the execution condition information indicating the execution condition in the execution condition storage unit 304.

In response to the security function execution request, the execution determination processing unit 302 executes processing (security function execution determination processing) for determining whether or not the security function is executed by the control device 30. Here, the execution determination processing unit 302 includes a condition acquisition unit 312 and a condition determination unit 322.

In response to the security function execution request, the condition acquisition unit 312 acquires the execution condition information of the security function related to the execution request from the execution condition storage unit 304. When the condition acquisition unit 312 acquires the execution condition information, the condition determination unit 322 determines whether or not the execution condition of the security function related to the execution request is satisfied based on the execution condition information.

Here, when the condition determination unit 322 determines that the execution condition of the security function is satisfied, the execution determination processing unit 302 determines that the control device 30 executes the security function. On the other hand, when the condition determination unit 322 determines that the execution condition of the security function is not satisfied, the execution determination processing unit 302 determines that the control device 30 does not execute the security function.

When the execution determination processing unit 302 determines that the control device 30 executes the security function, the function execution unit 303 executes the security function (for example, login authentication).

The execution condition storage unit 304 stores the execution condition information stored by the registration processing unit 301. The details of the execution condition information will be described later.

<Details of processing>
Next, details of the processing of the control system 1 according to the first embodiment will be described.

First, in the control system 1 according to the present embodiment, a process of registering the execution condition of the security function in the monitoring device 20 and the control device 30 will be described with reference to FIG. FIG. 4 is a sequence diagram showing an example of registration processing of execution conditions of the security function according to the first embodiment. In addition, hereinafter, in “registration”, execution condition information is newly added to the execution condition storage unit 204 and the execution condition storage unit 304, and “new registration” is stored in the execution condition storage unit 204 and the execution condition storage unit 304. "Update registration" for updating the executed condition information is included.

First, the input accepting unit 101 of the terminal device 10 accepts a registration operation of a security function execution condition by a user on the security function execution condition setting screen 1000 shown in FIG. 5 (step S401).

Here, the security function execution condition setting screen 1000 shown in FIG. 5 is displayed on the display device 12 or the like by the display control unit 102 of the terminal device 10, and the security function list 1100, execution condition list 1200, and registration are registered. Button 1300 is included.

The security function list 1100 is a list for selecting security functions for setting execution conditions, and includes security functions such as “login authentication” and “access control”. The execution condition list 1200 is a list for selecting execution conditions to be set for the security function selected in the security function list 1100. For example, “CPU usage rate is less than 20%” and “CPU usage rate is 30%”. Execution conditions such as "less than %" are included. The registration button 1300 is a display component for registering the security function and the execution condition selected in the security function list 1100 and the execution condition list 1200. Note that the execution condition may allow the user to arbitrarily input a value such as a CPU usage rate or a memory usage rate.

The user selects a desired security function and execution condition from the security function list 1100 and the execution condition list 1200 on the security function execution condition setting screen 1000, and presses a registration button 1300 to perform a registration operation. It can be carried out.

Hereinafter, as an example, it is assumed that the user selects “login authentication” and “CPU usage rate less than 30%” from the security function list 1100 and the execution condition list 1200, respectively, and presses the registration button 1300. ..

Next, when the input accepting unit 101 accepts the registration operation, the registration requesting unit 103 of the terminal device 10 transmits a registration request for execution conditions to the monitoring device 20 (step S402). The registration request includes the security function “login authentication” selected by the user and the execution condition “CPU usage rate less than 30%”.

Upon receiving the execution condition registration request, the registration processing unit 201 of the monitoring device 20 creates execution condition information indicating the security function “login authentication” and the execution condition “CPU usage rate less than 30%” included in the registration request. It is stored in the execution condition storage unit 204 (step S403).

Here, the execution condition information stored in the execution condition storage unit 204 is shown in FIG. As illustrated in FIG. 6A, in step S403, the registration processing unit 201 stores execution condition information that is the security function “login authentication” and the execution condition “CPU usage rate is less than 30%” in the execution condition storage unit 204. To be done.

As a result, the execution condition of the security function selected by the user is registered in the monitoring device 20. When the execution condition of the same security function is already registered in the monitoring device 20, the registration processing unit 201 overwrites the execution condition information indicating the already registered execution condition with the execution condition information created above. To do.

Note that, as shown in FIG. 6A, the execution condition storage unit 204 stores, for each security function, an execution condition for executing the security function in association with each other.

Next, when the registration processing unit 201 of the monitoring device 20 stores the execution condition information in the execution condition storage unit 204, the registration processing unit 201 transmits the execution condition registration request to the control device 30 (step S404). The registration request includes the security function "login authentication" and the execution condition "CPU usage rate less than 30%" selected by the user in step S401.

Upon receiving the execution condition registration request, the registration processing unit 301 of the control device 30 creates execution condition information indicating the security function “login authentication” and the execution condition “CPU usage rate less than 30%” included in the registration request. It is stored in the execution condition storage unit 304 (step S405).

Here, the execution condition information stored in the execution condition storage unit 304 is shown in FIG. As shown in FIG. 6B, in step S405, the registration processing unit 301 stores execution condition information that is the security function “login authentication” and the execution condition “CPU usage rate is less than 30%” in the execution condition storage unit 304. To be done.

As a result, the execution conditions for the security function selected by the user are registered in the control device 30. When the execution condition of the same security function is already registered in the monitoring device 20, the registration processing unit 301 overwrites the execution condition information indicating the already registered execution condition with the execution condition information created above. To do.

Subsequently, when the execution condition information is stored in the execution condition storage unit 304, the registration processing unit 301 of the control device 30 transmits a registration result indicating that the execution condition is registered to the monitoring device 20 (step S406).

Then, upon receiving the registration result from the control device 30, the registration processing unit 201 of the monitoring device 20 transmits the registration result to the terminal device 10 (step S407).

As described above, in the control system 1 according to the present embodiment, the execution condition of the security function set by the user is registered in the monitoring device 20 and the control device 30. That is, in the control system 1 according to the present embodiment, the user can use the terminal device 10 to appropriately register the execution conditions of the security function in the monitoring device 20 and the control device 30.

As a result, in the control system 1 according to the present embodiment, for example, when the control content of the control system 1, the configuration of the device 50, or the like is changed, the user can register an appropriate execution condition according to the changed content. become able to.

Next, in the control system 1 according to the present embodiment, a process of executing a security function in the monitoring device 20 or the control device 30. This will be described with reference to FIG. FIG. 7 is a sequence diagram illustrating an example of security function execution processing according to the first embodiment. In the following, a case of executing "login authentication" will be described as an example of the security function.

First, the input reception unit 101 of the terminal device 10 receives a login operation for logging in to the facility environment E1 (step S701).

That is, the user inputs the login ID and the login password on the predetermined login screen displayed by the display control unit 102 of the terminal device 10 and performs the login operation, which is an example of the operation of executing the security function. Then, the input reception unit 101 of the terminal device 10 receives the login operation.

Next, when the login operation is accepted by the input accepting unit 101, the execution requesting unit 104 of the terminal device 10 transmits an execution request for login authentication, which is an example of a security function, to the monitoring device 20 (step S702). The execution request includes the login ID and login password input by the user on the login screen.

Upon receiving the login authentication execution request, the execution determination processing unit 202 of the monitoring device 20 determines whether the login authentication is to be executed by the monitoring device 20 based on the execution condition information stored in the execution condition storage unit 204. The determination is made (step S703). That is, the execution determination processing unit 202 of the monitoring device 20 executes the security function execution determination processing. Details of the security function execution determination processing in this step will be described later.

In step S703, when the execution determination processing unit 202 determines that the login authentication is to be executed in the monitoring device 20, the function execution unit 203 of the monitoring device 20 executes login authentication (step S704). That is, the function execution unit 203 of the monitoring device 20 determines whether or not the login ID, the password, and the like included in the login authentication execution request match the preset login ID, the password, and the like, and logs in. Authenticate.

Then, the function execution unit 203 of the monitoring device 20 transmits the authentication result, which is an example of the execution result of the security function, to the terminal device 10 (step S704).

As described above, in the security function execution determination process of step S703, when it is determined that the security function is to be executed, the function execution unit 203 of the monitoring device 20 executes the security function related to the execution request.

On the other hand, in step S703, when the execution determination processing unit 202 determines that the login authentication is not executed by the monitoring device 20, the function execution unit 203 of the monitoring device 20 transmits a login authentication execution request to the control device 30 ( Step S706).

As described above, in the security function execution determination process of step S703, when it is determined that the security function is not executed, the monitoring device 20 transmits (transfers) a security function execution request to the control device 30.

Upon receiving the login authentication execution request, the execution determination processing unit 302 of the control device 30 determines whether the login authentication is to be executed by the control device 30 based on the execution condition information stored in the execution condition storage unit 304. The determination is made (step S707). That is, the execution determination processing unit 302 of the control device 30 executes the security function execution determination processing. Details of the security function execution determination processing in this step will be described later.

In step S707, when the execution determination processing unit 302 determines that the login authentication is to be executed by the control device 30, the function execution unit 303 of the control device 30 executes the login authentication (step S708). That is, the function execution unit 303 of the control device 30 determines whether or not the login ID, the password, and the like included in the login authentication execution request match the preset login ID, the password, and the like, and logs in. Authenticate.

Then, the function execution unit 303 of the control device 30 transmits the authentication result to the monitoring device 20 (step S709).

Upon receiving the authentication result, the function execution unit 303 of the monitoring device 20 transmits the authentication result to the terminal device 10 (step S710).

In this way, when the security function is not executed by the monitoring device 20 and when it is determined in the security function execution determination processing of step S707 that the security function is to be executed, the control device 30 executes the security function related to the execution request. To do.

On the other hand, in step S707, when the execution determination processing unit 302 determines that the login authentication is not executed by the control device 30, the function execution unit 303 of the control device 30 monitors the execution prohibition notification indicating that the login authentication cannot be executed. The data is transmitted to the device 20 (step S711).

Upon receiving the execution prohibition notification, the function execution unit 303 of the monitoring device 20 transmits the execution prohibition notification to the terminal device 10 (step S712).

In this way, when neither the monitoring device 20 nor the control device 30 executes the security function, the execution prohibition notification indicating that the security function cannot be executed is transmitted to the terminal device 10.

Although the control device 30 transmits the execution prohibition notification to the monitoring device 20 in step S711 described above, the present invention is not limited to this. When the execution determination processing unit 302 determines that the control device 30 does not execute the login authentication, the control device 30 may send a security function execution request to another control device 30, the monitoring device 20, or the like, for example. ..

As described above, in the control system 1 according to the present embodiment, in response to the security function execution request from the terminal device 10, the monitoring device 20 and the control device 30 make the execution determination based on the execution condition of the security function. To do.

Accordingly, for example, when the execution condition is “CPU usage rate is less than 30%” and the CPU usage rate of the monitoring device 20 is 30% or more, the security function is not executed in the monitoring device 20. The same applies to the control device 30.

Therefore, in the control system 1 according to the present embodiment, for example, the security function is executed in the monitoring device 20 and the control device 30 to increase the processing load of the CPU, and as a result, the operation monitoring and the operation control of the device 50 are affected. It is possible to prevent the situation of giving.

Next, details of the security function execution determination processing in steps S703 and S707 described above will be described with reference to FIG. FIG. 8 is a flowchart showing an example of security function execution determination processing according to the first embodiment.

Here, the execution determination processing of the security function in step S703 is executed by the execution determination processing unit 202 of the monitoring device 20. On the other hand, the execution determination processing of the security function in step S707 is executed by the execution determination processing unit 302 of the control device 30. Hereinafter, the security function execution determination process of step S703 will be mainly described.

The monitoring device 20, the execution determination processing unit 202, the condition acquisition unit 212, the condition determination unit 222, and the execution condition storage unit 204 are respectively the control device 30, the execution determination processing unit 302, the condition acquisition unit 312, and the condition determination unit 322. , And the execution condition storage unit 304, the same applies to the security function execution determination process in step S707.

First, the condition acquisition unit 212 of the execution determination processing unit 202 acquires the execution condition information of the relevant security function from the execution condition storage unit 204 (step S801). That is, the condition acquisition unit 212 acquires execution condition information whose security function is “login authentication” from the execution condition storage unit 204.

In the description below, it is assumed that the execution condition information that is the security function “login authentication” and the execution condition “CPU usage rate is less than 30%” is acquired.

Next, the condition determination unit 222 of the execution determination processing unit 202 determines whether or not the execution condition included in the execution condition information acquired by the condition acquisition unit 212 is satisfied (step S802). That is, the condition determination unit 222 determines whether or not the current usage rate of the CPU 16 of the monitoring device 20 is less than 30%.

When the condition determination unit 222 determines that the execution condition is satisfied in step S802, the execution determination processing unit 202 determines that the corresponding security function is executed by the monitoring device 20 (step S803). That is, the execution determination processing unit 202 determines that the login authentication is to be performed by the monitoring device 20.

When the condition determination unit 222 determines that the execution condition is not satisfied in step S802, the execution determination processing unit 202 determines that the security function is not executed by the monitoring device 20 (step S804). That is, the execution determination processing unit 202 determines that the login authentication is not executed by the monitoring device 20.

As described above, in the control system 1 according to the present embodiment, the monitoring device 20 and the control device 30 determine whether to execute the security function. Moreover, such execution determination is performed based on the execution condition indicating the condition of the resource usage rate such as the CPU usage rate and the memory usage rate of the monitoring device 20 and the control device 30.

Therefore, in the control system 1 according to this embodiment, for example, when the resource usage rate of the monitoring device 20 is high, execution of the security function can be switched to the control device 30. That is, in the control system 1 according to the present embodiment, for example, the execution body of the security function can be dynamically changed based on the resource usage rate of the monitoring device 20.

As a result, in the control system 1 according to the present embodiment, it is possible to prevent the situation in which the operation monitoring and operation control of the device 50 are affected as a result of the resource usage rate increasing due to the execution of the security function.

[Second embodiment]
Next, a second embodiment will be described. The second embodiment is different from the first embodiment in that the monitoring device 20 and the control device 30 can set different execution conditions for the same security function. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and a portion having the same functional configuration as the first embodiment and a portion performing the same processing will be described as The same reference numerals as in the first embodiment are given and the description thereof is omitted.

<Details of processing>
Hereinafter, the registration processing of the execution condition of the security function will be described with reference to FIG. FIG. 9 is a sequence diagram illustrating an example of registration processing of execution conditions of security functions according to the second embodiment.

First, the input acceptance unit 101 of the terminal device 10 accepts a registration operation of a security function execution condition by a user on the security function execution condition setting screen 2000 shown in FIG. 10 (step S901).

Here, the security function execution condition setting screen 2000 shown in FIG. 10 includes a security function list 2100, an execution condition (monitoring device) list 2200, an execution condition (control device) list 2300, and a registration button 2400. And are included.

The security function list 2100 is a list for selecting a security function for setting execution conditions.

The execution condition (monitoring device) list 2200 is a list for selecting an execution condition to be set for the security function selected in the security function list 2100 in the monitoring device 20. Similarly, the execution condition (control device) list 2300 is a list for selecting an execution condition to be set for the security function selected in the security function list 2100 in the control device 30. The registration button 2400 is a display component for registering the security function and the execution condition selected in the security function list 2100, the execution condition (monitoring device) list 2200, and the execution condition (control device) list 2300.

On the security function execution condition setting screen 2000, the user selects a desired security function and execution condition from the security function list 2100, the execution condition (monitoring device) list 2200, and the execution condition (control device) list 2300, respectively. A registration operation can be performed by selecting and pressing the registration button 2400.

In the following, as an example, the user selects “login authentication” and “CPU usage rate less than 20%” from the security function list 2100, the execution condition (monitoring device) list 2200, and the execution condition (control device) list 2300, respectively. , And “CPU usage rate less than 40%” are selected and the registration button 2400 is pressed.

Next, when the registration accepting unit 101 accepts the registration operation, the registration requesting unit 103 of the terminal device 10 transmits a registration request for the execution condition to the monitoring device 20 (step S902). In the registration request, the security function “login authentication” selected by the user, the execution condition of the monitoring device 20 “CPU usage rate is less than 20%”, and the execution condition of the control device 30 “CPU usage rate is less than 40%”. Is included.

When the registration processing unit 201 of the monitoring device 20 receives the execution condition registration request, the execution condition indicating the security function "login authentication" and the execution condition of the monitoring device 20 "CPU usage rate less than 20%" included in the registration request. Information is created and stored in the execution condition storage unit 204 (step S903).

Here, the execution condition information stored in the execution condition storage unit 204 is shown in FIG. As shown in FIG. 11A, in step S903, the registration processing unit 201 stores execution condition information that is the security function “login authentication” and the execution condition “CPU usage rate is less than 20%” in the execution condition storage unit 204. To be done.

Next, when the registration processing unit 201 of the monitoring device 20 stores the execution condition information in the execution condition storage unit 204, the registration processing unit 201 transmits an execution condition registration request to the control device 30 (step S904).

When the registration processing unit 301 of the control device 30 receives the execution condition registration request, the execution condition indicating the security function “login authentication” included in the registration request and the execution condition “CPU usage rate of less than 40%” of the control device 30. Information is created and stored in the execution condition storage unit 304 (step S905).

Here, the execution condition information stored in the execution condition storage unit 304 is shown in FIG. As shown in FIG. 10B, in step S905, the registration processing unit 301 stores execution condition information that is the security function “login authentication” and the execution condition “CPU usage rate is less than 40%” in the execution condition storage unit 304. To be done.

As described above, in the control system 1 according to the present embodiment, the monitoring device 20 and the control device 30 can register different execution conditions for the same security function. This allows the user to set appropriate execution conditions according to the RAM 14 and the CPU 16 included in the monitoring device 20 and the control device 30.

[Third embodiment]
Next, a third embodiment will be described. The third embodiment is different from the first embodiment in that it is determined whether or not the security function is executed based on the tendency of the resource usage rate. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and a portion having the same functional configuration as the first embodiment and a portion performing the same processing will be described as The same reference numerals as in the first embodiment are given and the description thereof is omitted.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the third embodiment will be described with reference to FIG. FIG. 12 is a diagram showing an example of the functional configuration of the control system according to the third embodiment.

The monitoring device 20 has an execution determination processing unit 202A. The monitoring device 20 also has a usage rate history storage unit 205. The storage unit can be realized using the storage device 18. The storage unit may be realized by using, for example, a storage device connected to the monitoring device 20 via a network.

The execution determination processing unit 202A has a usage rate acquisition unit 232, a tendency analysis unit 242, and a condition determination unit 222A. The usage rate acquisition unit 232 acquires the resource usage rate (for example, the CPU usage rate or the memory usage rate) of the monitoring device 20 and stores it in the usage rate history storage unit 205. The tendency analysis unit 242 analyzes the tendency of the resource usage rate stored in the usage rate history storage unit 205. The condition determination unit 222A determines whether or not the tendency of the resource usage rate analyzed by the tendency analysis unit 242 is a tendency of high usage rate (hereinafter, referred to as “high usage rate tendency”).

Here, when the condition determination unit 222A determines that the tendency of the resource usage rate is not the high usage rate tendency, the execution determination processing unit 202A determines that the monitoring device 20 executes the security function. On the other hand, the execution determination processing unit 202A determines not to execute the security function in the monitoring device 20 when the condition determination unit 222A determines that the resource usage rate tends to be the high usage rate.

The usage history storage unit 205 stores usage information, which is time-series information of resource usage. Here, the usage rate information stored in the usage rate history storage unit 205 is shown in FIG. As shown in FIG. 13A, the usage rate information stored in the usage rate history storage unit 205 indicates the resource usage rate (for example, CPU usage rate or memory usage rate) of the monitoring device 20 as the resource usage rate. It is information associated with the acquired acquisition time.

The control device 30 has an execution determination processing unit 202A. Further, the control device 30 has a usage rate history storage unit 305. The storage unit can be realized using the storage device 18. The storage unit may be realized using, for example, a storage device connected to the control device 30 via a network.

The execution determination processing unit 302A includes a usage rate acquisition unit 332, a tendency analysis unit 342, and a condition determination unit 322A. The usage rate acquisition unit 332 acquires the resource usage rate of the control device 30 (for example, the CPU usage rate or the memory usage rate) and stores it in the usage rate history storage unit 305. The tendency analysis unit 342 analyzes the tendency of the resource usage rate stored in the usage rate history storage unit 305. The condition determination unit 322A determines whether the tendency of the resource usage rate analyzed by the tendency analysis unit 342 is the high usage rate tendency.

Here, when the condition determination unit 322A determines that the tendency of the resource usage rate is not the high usage rate tendency, the execution determination processing unit 302A determines that the control device 30 executes the security function. On the other hand, when the condition determination unit 322A determines that the tendency of the resource usage rate is the high usage rate tendency, the execution determination processing unit 302A determines that the control device 30 does not execute the security function.

The usage rate history storage unit 305 stores usage rate information that is time-series information of resource usage rates. Here, the usage rate information stored in the usage rate history storage unit 305 is shown in FIG. As shown in FIG. 13B, the usage rate information stored in the usage rate history storage unit 305 indicates the resource usage rate (for example, the CPU usage rate or the memory usage rate) of the control device 30 as the resource usage rate. It is information associated with the acquired acquisition time.

<Details of processing>
Hereinafter, the security function execution determination process will be described with reference to FIG. FIG. 14 is a flowchart showing an example of security function execution determination processing according to the third embodiment.

Hereinafter, similar to the first embodiment, the security function execution determination process of step S703 will be mainly described.

As in the first embodiment, the monitoring device 20, the execution determination processing unit 202A, the condition acquisition unit 212, the condition determination unit 222A, the usage rate acquisition unit 232, the trend analysis unit 242, the execution condition storage unit 204, and the usage. The rate history storage unit 205 includes a control device 30, an execution determination processing unit 302A, a condition acquisition unit 312, a condition determination unit 322A, a usage rate acquisition unit 332, a trend analysis unit 342, an execution condition storage unit 304, and a usage rate history storage. By replacing it with the unit 305, it is similarly applied to the execution determination process of the security function in step S707.

The usage rate acquisition unit 232 of the execution determination processing unit 202A acquires the resource usage rate of the monitoring device 20. Then, the usage rate acquisition unit 232 creates usage rate information in which the acquired resource usage rate is associated with the acquisition time and stores it in the usage rate history storage unit 205 (step S1401).

As a result, the usage rate history storage unit 205 stores usage rate information indicating the history of resource usage rates acquired by the usage rate acquisition unit 232.

When the condition determination unit 222A determines that the execution condition is satisfied in step S802, the tendency analysis unit 242 analyzes the tendency of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205. (Step S1402).

The condition determination unit 222A of the execution determination processing unit 202A determines whether the tendency of the resource usage rate analyzed by the trend analysis unit 242 is the high usage rate tendency (step S1403).

Here, the tendency of the resource usage rate indicates that the condition determination section 222A indicates a high usage rate tendency when the analysis result analyzed by the trend analysis section 242 is, for example, as shown in the following (1) to (3). To be judged.

(1) An approximate expression that approximates (first-order approximation) the increase or decrease of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205 is derived, and the slope of the approximation expression is equal to or greater than a predetermined first threshold value. If it is.

For example, as shown in FIG. 13A, the resource usage rate included in the usage rate information increases every 5 minutes according to the acquisition time, such as “6%”, “12%”, and “18%”. In this case, the approximate expression is expressed as “y=1.2x”. Note that y is the resource usage rate and x is the time (minutes).

Therefore, at this time, if the slope “1.2” is equal to or larger than the first threshold value, the execution determination processing unit 202A determines that the tendency of the resource usage rate is the high usage rate tendency. As a result, the execution determination processing unit 202A can determine that the usage rate tends to be high when, for example, the resource usage rate increases rapidly.

(2) The resource usage rate of the monitoring device 20 acquired in step S1401 is equal to or greater than a predetermined second threshold, and the resource usage rate included in the usage rate information stored in the usage history storage unit 205 is increased or decreased. When the slope of the approximate expression that approximates is “positive”.

Accordingly, even if the resource usage rate acquired in step S1401 satisfies the execution condition, if the resource usage rate is equal to or higher than the second threshold and the resource usage rate is increasing, the execution determination process is performed. The unit 202A can determine that the usage rate tends to be high.

(3) The resource usage rate of the monitoring device 20 acquired in step S1401 is equal to or greater than a predetermined second threshold, and the resource usage rate included in the usage rate information stored in the usage history storage unit 205 increases or decreases. When the slope of the approximate expression approximating is equal to or larger than a predetermined first threshold.

As a result, when the resource usage rate acquired in step S1401 is equal to or higher than the second threshold and the resource usage rate is increased at a predetermined rate or higher, the execution determination processing unit 202A determines that the usage rate tends to be high. It can be determined that there is.

(4) A third threshold value for which the resource usage rate is predetermined within a predetermined time based on the slope of the approximate expression that approximates the increase or decrease of the resource usage rate included in the usage rate information stored in the usage rate history storage unit 205. When it is above.

That is, for example, when the approximate expression is “y=mx” and the predetermined time is “T” (minutes), “y=mT” is equal to or larger than the third threshold value. Accordingly, for example, when it is predicted that the threshold value will be equal to or higher than the third threshold value after a predetermined time has elapsed, the execution determination processing unit 202A can determine that the high usage rate tendency is present.

However, the analysis method by the tendency analysis unit 242 is not limited to the above, and various methods for analyzing the increasing tendency or the decreasing tendency of the resource usage rate may be used.

In addition, when the execution determination processing unit 202A does not determine that the analysis result by the tendency analysis unit 242 indicates the high usage rate tendency, for example, "steady tendency" indicating that the resource usage rate is neither increasing nor decreasing. May be determined. In addition, the execution determination processing unit 202A indicates, for example, “increase tendency” indicating that the resource usage rate is increasing although the usage rate is not high, “decreasing tendency” indicating that the resource usage rate is decreasing, and the like. You may judge.

If the condition determination unit 222A determines that the tendency of the resource usage rate is the high usage rate tendency, the process proceeds to step S803. On the other hand, when the condition determination unit 222A determines that the tendency of the resource usage rate is not the high usage rate tendency, the process proceeds to step S804.

As described above, in the control system 1 according to the present embodiment, even if the execution condition of the security function is satisfied, the security function is not executed when the resource usage rate tends to be high. can do.

As a result, in the control system 1 according to the present embodiment, for example, when control that tends to increase the CPU usage rate is being performed in process control or the like, execution of the security function can be prevented.

[Fourth Embodiment]
Next, a fourth embodiment will be described. The fourth embodiment is different from the first embodiment in that the resource usage rate of the security function waiting to be executed is predicted to determine whether or not to execute the security function. In the following description of the present embodiment, differences from the first embodiment will be mainly described, and a portion having the same functional configuration as the first embodiment and a portion performing the same processing will be described as The same reference numerals as in the first embodiment are given and the description thereof is omitted.

<Functional configuration>
Next, the functional configuration of the control system 1 according to the fourth embodiment will be described with reference to FIG. FIG. 15 is a diagram showing an example of a functional configuration of the control system according to the fourth embodiment.

The monitoring device 20 has an execution determination processing unit 202B. The execution determination processing unit 202B includes an execution waiting management unit 252, an expected usage rate calculation unit 262, and a condition determination unit 222B.

The monitoring device 20 also includes an execution condition storage unit 204A and an execution waiting storage unit 206. These storage units can be realized using the storage device 18. Note that these storage units may be realized by using, for example, a storage device connected to the monitoring device 20 via a network.

Upon receiving the security function execution request, the execution waiting management unit 252 stores the execution request in the execution waiting storage unit 206 as execution waiting information.

The expected usage rate calculation unit 262 calculates the expected usage rate of the resource (hereinafter, referred to as the expected usage rate of the resource based on the execution condition information stored in the execution condition storage unit 204A and the execution request of the security function stored in the execution waiting storage unit 206). , "Expected resource usage rate").

Does the condition determination unit 222B satisfy the execution condition of the security function related to the execution request, based on the execution condition information acquired by the condition acquisition unit 212 and the expected resource usage rate calculated by the expected usage rate calculation unit 262. Determine whether or not.

The execution condition storage unit 204A stores execution condition information. The details of the execution condition information will be described later.

The execution waiting storage unit 206 stores a security function execution request as execution waiting information. The details of the execution waiting information will be described later.

The control device 30 has an execution determination processing unit 302B. The execution determination processing unit 302B includes an execution waiting management unit 352, an expected usage rate calculation unit 362, and a condition determination unit 322B.

The control device 30 also includes an execution condition storage unit 304A and an execution waiting storage unit 306. These storage units can be realized using the storage device 18. Note that these storage units may be realized using, for example, a storage device connected to the control device 30 via a network.

Upon receiving the security function execution request, the execution waiting management unit 352 stores the execution request in the execution waiting storage unit 306 as execution waiting information.

The expected usage rate calculating unit 362 calculates the expected resource usage rate based on the execution condition information stored in the execution condition storage unit 304A and the security function execution request stored in the execution waiting storage unit 306. ..

Whether the condition determination unit 322B satisfies the execution condition of the security function related to the execution request, based on the execution condition information acquired by the condition acquisition unit 312 and the expected resource usage rate calculated by the expected usage rate calculation unit 362. Determine whether or not.

The execution condition storage unit 304A stores execution condition information. The details of the execution condition information will be described later.

The execution waiting storage unit 306 stores a security function execution request as execution waiting information. The details of the execution waiting information will be described later.

Here, the execution condition information stored in the execution condition storage unit 204A is shown in FIG. As shown in FIG. 16A, the execution condition information according to the present embodiment stores the resource usage rate per unit time for each security function.

For example, the resource usage rate of the security function “login authentication” per unit time is “CPU usage rate 1%”. Similarly, for example, the resource usage rate of the security function "access control" per unit time is "CPU usage rate 2%". The resource usage rate may be a memory usage rate or the like.

The resource usage rate per unit time included in the execution condition information may be preset by the user or the like for each security function, or may be set as an average of past performance values when the security function is executed in the past. ..

The execution condition information stored in the execution condition storage unit 304A is shown in FIG. As shown in FIG. 16B, the execution condition information according to the present embodiment stores the resource usage rate per unit time for each security function, as described above.

As described above, the execution condition information according to the present embodiment stores the resource usage rate per unit time for each security function. As a result, the monitoring device 20 and the control device 30 according to the present embodiment can calculate the expected resource usage rate of the security function waiting to be executed.

<Details of processing>
Hereinafter, the security function execution determination process will be described with reference to FIG. FIG. 17 is a flowchart illustrating an example of security function execution determination processing according to the fourth embodiment.

Hereinafter, similar to the first embodiment, the security function execution determination process of step S703 will be mainly described.

Note that, similarly to the first embodiment, the monitoring device 20, the execution determination processing unit 202B, the condition acquisition unit 212, the condition determination unit 222B, the execution waiting management unit 252, the expected usage rate calculation unit 262, the execution condition storage unit 204A, The execution wait storage unit 206 includes a control device 30, an execution determination processing unit 302B, a condition acquisition unit 312, a condition determination unit 322B, an execution wait management unit 352, an expected usage rate calculation unit 362, an execution condition storage unit 304A, and an execution. By replacing the term with the standby storage unit 306, the security function execution determination process in step S707 is similarly applied.

The execution waiting management unit 252 stores the received security function execution request (here, login authentication execution request) in the execution waiting storage unit 206 as execution waiting information (step S1701).

Here, the execution waiting information stored in the execution waiting storage unit 206 is shown in FIG. As shown in FIG. 18, the execution wait storage unit 206 stores a security function execution request as execution wait information. As described above, the monitoring device 20 stores the unexecuted execution request among the execution requests of the security functions received from the plurality of terminal devices 10 in the execution waiting storage unit 206 as the execution waiting information.

Next, the expected usage rate calculation unit 262 is waiting for execution based on the execution condition information stored in the execution condition storage unit 204A and the execution waiting information stored in the execution waiting storage unit 206. The expected resource usage rate of the security function is calculated (step S1702).

That is, for example, as shown in FIG. 18, two login authentication execution requests and one access control execution request are stored in the execution waiting storage unit 206 as execution waiting information. In this case, the expected usage rate calculation unit 262 stores the resource usage rate per unit time of the login authentication execution request (1%) and the resource usage rate per unit time of the access control execution request (2%) as the execution condition storage. It is acquired from the section 204A.

Then, the expected usage rate calculation unit 262 adds the current resource usage rate of the monitoring device 20 and the total resource usage rate per unit time of the security function waiting to be executed to obtain the expected resource usage rate. calculate. Specifically, when the current resource usage rate of the monitoring device 20 is 25(%), the expected usage rate calculation unit 262 calculates the total resource usage rate per unit time of the login authentication execution request (2×1%). ) And the resource usage rate (1×2%) per unit time of the access control execution request, the predicted resource usage rate is calculated as 25+2×1+1×2=29 (%).

Next, the condition determination unit 222B determines whether or not the predicted resource usage rate calculated by the predicted usage rate calculation unit 262 satisfies the execution condition included in the execution condition information acquired by the condition acquisition unit 212 in step S801. A determination is made (step S1703). That is, the condition determination unit 222B determines whether the expected usage rate of the resource is less than 30% which is the execution condition for login authentication.

When the condition determination unit 222B determines in step S1703 that the execution condition is satisfied, the monitoring device 20 executes the process of step S803. On the other hand, in step S1703, when the condition determination unit 222B determines that the execution condition is not satisfied, the monitoring device 20 executes the process of step S804.

Then, the execution waiting management unit 252 deletes the execution waiting information stored in the execution waiting storage unit 206 in step S1701 (step S1704).

As a result, in the control system 1 according to the present embodiment, for example, when a plurality of terminal devices 10 make a security function execution request and the expected resource usage rate is high, execution of a new security function is restricted. can do.

Although the embodiments of the present invention have been described above in detail, the present invention is not limited to such specific embodiments, and various modifications can be made within the scope of the gist of the present invention described in the claims. -Can be changed.

DESCRIPTION OF SYMBOLS 1 control system 10 terminal device 20 monitoring device 30 control device 40 conversion device 50 device 101 input reception unit 102 display control unit 103 registration request unit 104 execution request unit 201 registration processing unit 202 execution determination processing unit 203 function execution unit 204 execution condition storage Part 212 Condition acquisition part 222 Condition judgment part 301 Registration processing part 302 Execution judgment processing part 303 Function execution part 304 Execution condition storage part 312 Condition acquisition part 322 Condition judgment part

Claims (8)

An information processing system including a first device and a second device connected to the first device via a network,
The first device is
A first storage unit that stores, for each security function that can be executed by the first device and the second device, first execution condition information regarding execution conditions when the first device executes the security function. When,
Depending on the execution request of the transmitted security functions from the terminal device connected to the information processing system, acquiring the first execution condition information security function corresponding to the execution request from said first storage means First acquisition means for
Based on said first execution condition information acquired by the first acquisition unit, a first determination means for determining whether to execute the security function in the first device,
If it is determined to execute the security function in the first device by said first determining means to execute the security function in the first device, the said security function by the first determination means the A first execution means for transmitting an execution request for the security function to the second device when it is determined not to be executed by the first device;
Have
The second device is
Second storage means for storing, for each security function that can be executed by the first device and the second device, second execution condition information relating to execution conditions when the second device executes the security function. When,
Second acquisition means for acquiring, from the second storage means, the second execution condition information of the security function corresponding to the execution request, in response to the execution request of the security function transmitted from the first device; ,
Second determining means for determining whether or not to execute the security function in the second device based on the second execution condition information acquired by the second acquiring means;
When it is determined by the second determination means that the security function is executed by the second device, the security function is executed by the second device, and the security function is executed by the second determination means. Second execution means for transmitting a notification indicating that the security function cannot be executed to the first device when it is determined not to be executed by the second device;
Information processing system having . It said first execution condition information is Ri information der indicating a condition concerning resource usage of the first device,
The information processing system according to claim 1 , wherein the second execution condition information is information indicating a condition regarding a resource usage rate of the second device . The resource utilization of the first device, Ri said first instrumentation CPU utilization or the memory utilization der the location,
The information processing system according to claim 2, wherein the resource usage rate of the second device is a CPU usage rate or a memory usage rate of the second device . The first device is
Third storage means for storing information on a history of resource usage rates of the first device ;
If it is determined to execute the security function in the first device by said first determination means acquires information about the history of a resource usage of the first device from the third storage means, said first An analysis means for analyzing the tendency of the resource usage rate of the device 1 ;
Third determination means for determining whether or not the analysis result by the analysis means indicates that the tendency of the resource usage rate of the first device has a predetermined tendency;
Have
The first execution means is
The security function is executed by the first device when it is determined by the third determination means that the tendency of the resource usage rate of the first device does not indicate that it has a predetermined tendency. The information processing system according to 2 or 3. The first execution means is
When the third determination means determines that the tendency of the resource usage rate of the first device has a predetermined tendency, the execution request of the security function is transmitted to the second device. The information processing system according to claim 4. The information processing system according to claim 1, wherein the security function is a function related to login authentication or a function related to access control. The first device is
Fourth storage means for storing information relating to a security function execution request transmitted from the terminal device, the security function execution request being unexecuted;
Calculation means for calculating an expected resource usage rate when the unexecuted security function is executed, based on information about the execution request of the unexecuted security function;
Have
The first determination means,
Determining said expected resource utilization calculated by the calculation means, based on the first execution condition information, whether to execute the security function in the first device, according to claim 1 7. The information processing system according to any one of 1 to 6. The first storage means is
For each security function, the resource usage rate of the first device per unit time of the security function is stored,
The calculation means is
An expected resource when the unexecuted security function is executed based on the information about the execution request of the unexecuted security function and the resource usage rate of the first device per unit time of the security function. The information processing system according to claim 7, which calculates a usage rate.

Images