JP6802473B2 - Information processing system, information processing system control method, and program - Google Patents

Description

The present invention relates to an information processing device, a control method of the information processing device, and a program, and in particular, a screen displayed on the display of the information processing device when a predetermined event is detected from an image captured by the photographing means. It relates to a mechanism that can reduce the security risk caused by managing the information obtained from.

In recent years, there has been increasing interest in telework in each company. Telework has issues such as prevention of access to confidential information by third parties and optimization of labor management, and these issues must be resolved in order to introduce them.
Currently, in order to solve these problems, a telework management support system using face recognition technology is being developed.

By using this system, it is possible to authenticate the identity of the teleworker who performs telework from the webcam image, detect the labor situation and security incidents such as spoofing and peeping by a third party, and notify the administrator.

When a security incident occurs, the administrator is notified, information such as files and browsers displayed on the teleworker's PC is acquired, linked with the security incident and stored in the server, and the administrator sends it to the server. Information such as stored files and browsers is audited from the administrator's PC.

Patent Document 1 discloses a mechanism for managing the labor of a teleworker by capturing the display screen of the teleworker's PC at a predetermined frequency and allowing the administrator to check it during the time when the teleworker is working. ing.

Japanese Unexamined Patent Publication No. 2012-256329

A security incident occurs in the information contained in the image obtained by capturing the display screen of the teleworker's PC as disclosed in Patent Document 1 and the information such as files and browsers displayed on the teleworker's PC. While it is important to save it on the server to identify what the teleworker was doing when doing so, information such as files and browsers often contains confidential information. From the viewpoint of security, there is a problem that it is not preferable to store the file on the server for a long period of time.

An object of the present invention is to provide a mechanism capable of appropriately managing trail data including a captured image acquired when a predetermined event is detected from the viewpoint of security .

The present invention is an information processing system including an information processing terminal having a display unit, and is a trail including a captured image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event. managing means for managing data, pre SL receives designation of the management division and to trail data managed, and registering means for registering the designated control area, according to the registered control classification, the said trail data It is characterized by including a deletion means for deleting the captured image and a notification means for notifying that the captured image has been deleted according to the management category in the trail data .

Further, the present invention is an information processing system including an information processing terminal having a display unit, and captures an image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event. a control method for an information processing system including a management means for managing a trail data comprising, registering the registration means, wherein the receiving the designation of the management division and to trail data managed, registering the designated management categories The process and the deletion step in which the deletion means deletes the captured image of the trail data according to the registered management category, and the notification means deletes the captured image in the trail data according to the management category. It is characterized by including a notification process for notifying .

Further, the present invention is an information processing system including an information processing terminal having a display unit, and captures an image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event. a program executable in an information processing system comprising management means for managing a trail data including, the information processing system, receives designation of the management division and to trail data of pre Symbol management, the designated management categories A registration means for registering, a deletion means for deleting the captured image of the trail data according to the registered management category, and a notification notifying that the captured image has been deleted according to the management category in the trail data. It is a program to function as a means .

According to the present invention, trail data including a captured image acquired by detecting a predetermined event can be appropriately managed from the viewpoint of security .

It is a system block diagram which shows an example of the structure of the telework management support system in this invention. It is a block diagram which shows the hardware configuration of the information processing apparatus applicable to the management server 101, the teleworker PC111, and the auditor PC121 shown in FIG. It is a figure which shows the flow of the whole processing in a telework management support system 100. It is a figure which shows the flow of a telework monitoring process. It is a figure which shows the flow of the camera communication error coping process. It is a figure which shows the flow of the camera communication error coping process. It is a figure which shows the flow of the fraudulent act coping process. It is a figure which shows an example of the screen of a dedicated application. It is a figure which shows an example of the screen which displayed the warning pop-up at the time of a camera communication error. It is a figure which shows an example of the audit screen displayed on the display on the CRT 211 of the auditor PC 121. It is a figure which shows an example of the audit screen displayed on the display on the CRT 211 of the auditor PC 121. It is a figure which shows an example of the user information table which stores the setting for each user in a telework management support system. It is a figure which shows the flow of the fraudulent act coping process. It is a figure which shows an example of the motion history screen. It is a figure which shows an example of the screen shot which performed the mask processing. It is a figure which shows an example of the screen shot which performed the mask processing. It is a figure which shows the flow of an audit process. It is a figure which shows the flow of the audit result rearranging process. It is a figure which shows the flow of the audit result deletion processing. It is a figure which shows an example of the audit screen displayed on the display on the CRT 211 of the auditor PC 121. It is a figure which shows an example of the audit screen displayed on the display on the CRT 211 of the auditor PC 121. It is a figure which shows an example of fraudulent trail data table stored in the external memory 212 of management server 101.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the embodiment described below shows an example when the present invention is specifically implemented, and is one of the specific embodiments of the configuration described in the claims.

FIG. 1 is a system configuration diagram showing an example of the configuration of a telework management support system to which the information security monitoring process of the present invention is applied.

The telework management support system 100 has a configuration in which one or more management servers 101, one or more database servers 102, one or more teleworker PCs 111, or one or more auditors PCs 121 are connected via the Internet 130. It has become.

The management server 101 is a server that centrally manages the teleworker's absence status, peeping by another person, or spoofing trail data as telework information, and is constructed on the network 104.

When the teleworker PC 111 and the auditor PC 121 are connected to the management server 101 by an authentication process using an account ID and a password, and the management server 101 receives telework information from the teleworker PC 111, the management server 101 Store in the database. When there is a request for acquisition of telework information from the auditor PC 121, the necessary telework information is retrieved from the database of the management server 101.

The teleworker PC 111 is a terminal that creates trail data that is the basis of telework information, exists on the home network 110, and the trail data is created by a dedicated application via the router 112, the Internet 130, and the router 103. It is transmitted to the management server 101.

The trail data in the present invention includes an image obtained by taking a picture with a webcam 210 described later at the time of event detection, a screenshot obtained by capturing a screen displayed on the CRT 211 of the teleworker PC 111, and a camera communication error. It is a screenshot obtained by capturing a screen sometimes displayed on the CRT 211 of the teleworker PC 111, or information on a running application.
Further, in the embodiment described below, the trail data is also referred to as fraudulent trail data.

The auditor PC 121 is a terminal for confirming telework information, exists on the in-house network 120, uses a web management console (operates on a web browser) to confirm telework information, and is a router 122 and the Internet. It connects to the management server 101 via the 130 and the router 103.

In the telework management support system 100, the teleworker PC 111 performs labor monitoring and information security monitoring by personal authentication processing, the management server 101 manages monitoring information, and the auditor PC 121 displays monitoring information.

The teleworker PC 111 uses a dedicated application to perform personal authentication processing using an image based on data obtained by taking a picture with a webcam 210. The dedicated application uses the account ID and password to establish a communication connection with the management server 101.

After establishing a connection with the management server 101, labor monitoring and information security monitoring of the teleworker are performed by personal authentication processing. During monitoring, leaving a seat, impersonating the person, looking into a third party, etc. are detected as events. When an event is detected or at a predetermined timing (for example, every 10 seconds), the teleworker PC 111 transmits the event trail data to the management server 101.

From here, the event detection process by the teleworker PC 111 will be described more specifically.

The teleworker PC 111 acquires data obtained by shooting with the webcam 210 as an image (hereinafter, referred to as a camera image). The timing of acquiring the camera image may be acquired at preset time intervals, or may be acquired as soon as the previous process is completed in the iterative process.

Further, the teleworker PC 111 stores information about the user managed by the system (for example, the user information storage table of FIG. 12 described later) including the face photo data necessary for face recognition in the external memory 212. In the present embodiment, the user information is stored on the management server 101, and when the system is started, the difference data of the user information is distributed from the management server 101 to the teleworker PC 111.

The teleworker PC111 recognizes a person's face in the camera image taken by the webcam 210, and is based on the face photograph data (authentication face image) stored in the external memory 212 of the teleworker PC111. Identify the person. These can be realized by using known face detection technology and face recognition technology.

Further, the teleworker PC 111 classifies the terminal front state according to the specified person. That is, the front state of the terminal is classified into "only the person" and "peeping" by using the face image for authentication.

The terminal front state is "only the person himself / herself" when only the teleworker himself / herself is shown in the camera image, the teleworker himself / herself and another user stored in the external memory 212 of the teleworker PC111 (hereinafter referred to as another user). If both are shown together, it is classified as "peeping", if only other users are shown, it is classified as "spoofing", and if no person is shown in the camera image, it is classified as "leaving".

Even if the event is detected by the teleworker PC111, the event does not necessarily occur. For example, even though the teleworker himself is shown in the camera image due to an erroneous detection by the teleworker PC111 or the like, " It is rarely judged as "impersonation".
Therefore, the auditor finally audits the trail data to determine whether it was really "spoofing".

Therefore, in this embodiment, the trail data is also referred to as fraudulent trail data, but it means that the trail data may be fraudulent such as "spoofing" or "peeping", and the auditor is said to be fraudulent. Only by auditing will it be confirmed as fraudulent trail data.

When the management server 101 receives the event trail data from the teleworker PC 111, it stores it in the fraudulent trail data table (FIG. 22 described later) stored in the external memory 212 of the management server 101 as telework information. Further, when the trail data is received, the management server 101 notifies the auditor PC 121 of the event detection.

On the auditor PC 121, the trail data of the teleworker event on the management server can be confirmed by using the web management console. The web management console can be used by accessing the dedicated URL from a web browser. On the web management console, you can check the time and image when the event was detected, as well as the running application and the file being queried.
This is the end of the description of FIG. 1, and then FIG. 2 will be described.

Hereinafter, the hardware configuration of the information processing device applicable to the management server 101, the teleworker PC 111, and the auditor PC 121 shown in FIG. 1 will be described with reference to FIG.

FIG. 2 is a block diagram showing a hardware configuration of an information processing device applicable to the management server 101, the teleworker PC 111, and the auditor PC 121 shown in FIG. Since each device has the same configuration, the same reference numerals will be used for description.

In FIG. 2, 201 is a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 212 is required to realize a function executed by a BIOS (Basic Input / Output System) or an operating system program (hereinafter, OS) which is a control program of the CPU 201, and each server or each PC. Various programs described later are stored.

Reference numeral 203 denotes a RAM, which functions as a main memory, a work area, and the like of the CPU 201. The CPU 201 realizes various operations by loading a program or the like necessary for executing the process from the ROM 202 or the external memory 212 into the RAM 203 and executing the loaded program.

Further, 205 is an input controller, which controls input from a keyboard (KB) 209, a webcam 210, a pointing device such as a mouse (not shown), or the like. Reference numeral 206 denotes a video controller, which controls the display on a display such as a CRT display (CRT) 211. Although it is described as CRT211 in FIG. 2, the display may be not only the CRT but also another display such as a liquid crystal display. These are used by the auditor as needed.

The 207 is a memory controller that can be used in an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA card slot that stores boot programs, various applications, font data, user files, edit files, various data, etc. Controls access to an external memory 212 such as a compact flash® memory connected via an adapter.

Reference numeral 208 denotes a communication I / F controller, which connects and communicates with an external device via a network (for example, network 104 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

Note that the CPU 201 enables display on the CRT 211 by, for example, executing an outline font expansion (rasterization) process in the display information area in the RAM 203. Further, the CPU 201 enables a user instruction with a mouse cursor or the like (not shown) on the CRT 211.

Various programs to be described later for realizing the present invention are recorded in the external memory 212, and are executed by the CPU 201 by being loaded into the RAM 203 as needed. Further, a setting file or the like used when executing the above program is also stored in the external memory 212, and detailed description of these will be described later.
Hereinafter, the overall flow of the telework management support system 100 will be described with reference to FIG.

The following processing is realized by the CPUs of the teleworker PC 111, the management server 101, and the auditor PC 121 reading and executing the program stored in each storage unit.

In step S301, the teleworker PC 111 executes the telework monitoring process according to the operation of the teleworker. The details of the process of step S301 will be described later with reference to FIG.

In step S302, the management server 101 receives the fraudulent trail data transmitted from the teleworker PC 111 and stores it in the fraudulent trail data table of FIG. 22 in the external memory 212 of the management server 101 (step S303).

Step S302 is an example of the acquisition means in the present invention for acquiring the detection result by the detection means for detecting the communication state between the information processing device communicating with the photographing means and the photographing means.

Further, step S302 is displayed on the display of the information processing apparatus on the condition that the detection result indicating that the communication between the information processing apparatus and the photographing means is disconnected by the acquisition means in the present invention is acquired. This is an example of a captured image acquisition means for acquiring a captured image of a screen.

Further, in step S302, when a predetermined event is detected from the image captured by the photographing means in the present invention, the information processing device communicating with the photographing means so as to be connectable is displayed on the display of the information processing device. This is an example of a management means for managing the captured image obtained by acquiring the captured image of the screen in association with the event.

Further, in step S302, the information processing device that communicates in a connectable manner with the photographing means by detecting a predetermined event from the image captured by the photographing means in the present invention is displayed on the display of the information processing device. This is an example of a management means for managing the captured image obtained by acquiring the captured image of the screen in association with the user information of the user who uses the information processing device.

Here, the fraudulent trail data table of FIG. 22 stored in the external memory 212 of the management server 101 will be described.

The fraudulent trail data table shown in FIG. 22 is a table in which fraudulent trail data transmitted from the teleworker PC 111 is managed, and fraudulent trail data ID 2201 for identifying each fraudulent trail data and a fraudulent state indicating the type of fraud. 2202, fraud occurrence date and time 2203 indicating the date and time when the fraud occurred, camera image path 2204 indicating the save destination of the image taken as the fraud trail, screenshot image path 2205 indicating the save destination of the screenshot captured as the fraud trail, Unauthorized user ID 2206, screenshot showing whether to retain screenshots when the auditor audits the fraudulent trail and determines that there is no problem 2207 for a certain period of time, screenshot retention period 2208, audit result 2209, audit date and time 2210 , Screenshot deletion date and time 2211. In the fraudulent state, a third party impersonates a teleworker, "spoofing", a third party "peeping", a "camera communication error" indicating that the communication between the webcam 210 and the teleworker PC111 is lost, and the teleworker is seated. "Leave a seat" or the like indicating that the camera has been removed is memorized.

The information stored in the screenshot retention period 2207 and the value stored in the screenshot retention period 2208 are shown in FIG. 12 Three-shot retention of the teleworker from which the fraudulent trail data in the user information storage table was acquired 1205. And the same values as the screenshot retention period 1206 are stored respectively.
This completes the description of FIG. 22, and returns to the description of FIG.

In step S304, the auditor PC 121 receives an audit request for fraudulent trail data from the auditor and transmits the audit request to the management server 101 (step S305).

In step S306, the auditor PC 121 receives the audit request from the auditor PC 121 and stores the fraud trail data included in the fraudulent trail data table of FIG. 22 stored in the external memory 212 of the management server 101 for the auditor PC 121. (Step S307).
Step S306 is an example of the request receiving means for receiving the start request of the audit process for the event managed by the management means in the present invention.
Further, step S306 is an example of the receiving means for receiving the acquisition request of the captured image in the present invention.

Step S307 is an example of the display control means in the present invention that controls to display the reception screen capable of accepting the input of the audit result for the event in which the request for starting the audit process is received by the request reception means.
Further, step S307 is an example of the transmission means in the present invention for transmitting the captured image acquired by the captured image acquisition means so that the auditor can audit it.

In step S308, the auditor PC 121 receives the input of the audit result for the fraudulent trail data transmitted from the management server 101 in step S307 from the auditor. The details of the process of step S308 will be described later with reference to FIG.

In step S309, the management server 101 receives the audit result transmitted from the auditor PC 121 and executes a process of organizing the audit result (step S310). The details of the process of step S310 will be described later with reference to FIG.
This is the end of the description of FIG.
Next, the details of the process of step S301 of FIG. 3 will be described with reference to FIG.
FIG. 4 is a diagram showing a flow of telework monitoring processing.

In step S401, the teleworker PC 111 determines whether the telework start instruction has been received from the user logged in to the dedicated application. If the teleworker PC111 receives the telework start instruction, the process shifts to step S402, and if the telework start instruction is not received, the teleworker PC111 waits until the telework start instruction is received.

In step S402, the teleworker PC 111 starts monitoring. Specifically, the teleworker PC 111 classifies the terminal front state by using the authentication face image of the record corresponding to the user ID that started the dedicated application and the captured camera image.
When the process of step S402 is performed, the screen of the dedicated application shown in FIG. 8 is displayed on the CRT 211 of the teleworker PC 111.
FIG. 8 is a diagram showing an example of a screen of a dedicated application.

An image taken by the webcam 210 is displayed in the display area 801.
In the state 802, information on the terminal front state classified by the teleworker PC 111 is displayed.
This completes the description of FIG. 8 and returns to the description of FIG.

In step S403, the teleworker PC111 determines whether fraudulent activity has occurred as a result of step S402. When it is determined that a fraudulent activity has occurred, the teleworker PC 111 shifts the process to step S404, and otherwise shifts the process to step S405.

In step S404, the teleworker PC 111 executes a coping process against fraudulent activity. The process of step S404 will be described later with reference to FIGS. 7 and 13.

In step S405, in the teleworker PC 111, a camera communication error occurs because the webcam 210 connected to the teleworker PC 111 by wire is disconnected from the teleworker PC 111 or the communication with the webcam 210 connected wirelessly is cut off. Determine if it has occurred. When it is determined that the camera communication error has occurred, the teleworker PC111 executes a coping process for the camera communication error in step S406 (step S406), and if not, shifts the process to step S410. Details of the process in step S406 will be described later with reference to FIGS. 5 and 6.

In step S407, the teleworker PC111 determines whether the request for acquisition of fraudulent trail data has been received from the teleworker. When the teleworker PC111 receives the fraudulent trail data acquisition request from the teleworker, the process proceeds to step S408, and the teleworker receives the fraudulent trail data acquisition request obtained by the processes of FIGS. 7 and 13 described later. If not, the process proceeds to step S410.
Step S407 is an example of the receiving means for receiving the acquisition request of the captured image in the present invention.

In step S408, the teleworker PC 111 displays the fraudulent trail data on the CRT 211 of the teleworker PC 111. More specifically, first, the movement history screen shown in FIG. 14 is displayed, and the selection of the movement time zone for confirming the details is accepted by mouse operation or the like.
Then, as the details of the movement of the time zone in which the selection is accepted, the fraudulent trail data in the time zone is displayed.

In step S408, when the acquisition request of the captured image received by the receiving means in the present invention is an acquisition request from a user who manages user information by the management means, the captured image processed by the processing means. This is an example of a display control means for controlling so as to display.

Here, the movement history screen shown in FIG. 14 will be described.
FIG. 14 is a diagram showing a movement history screen of a certain teleworker displayed on the teleworker PC 111 or the auditor PC 121.

In the area 1401, the movement history of the teleworker whose movement history is to be displayed is displayed on a daily basis in a timeline format. In the movement history, in addition to the attendance 1402 indicating the attendance time, items such as leaving the seat 1403, camera communication error 1404, spoofing 1405, and peeping 1406 are identifiablely displayed based on the fraudulent trail data table in FIG. Will be done.

The teleworker selects an item for which details are to be confirmed from the movement history by operating a mouse or the like, and a screen showing the details of the movement history is displayed on the teleworker PC 111 as shown in FIG. 10 described later.
This completes the description of FIG. 14, and returns to the description of FIG.

In step S409, the teleworker PC111 receives an operation from the teleworker. Specifically, it accepts input of comments on fraudulent trail data.

In step S410, the teleworker PC111 determines whether the teleworking end instruction has been received from the teleworker. If the teleworker PC111 has received the telework end instruction, it ends this process, and if not, proceeds to step S403. This is the end of the description of FIG.

Next, the camera communication error handling process in step S406 of FIG. 4 will be described with reference to FIG.

In step S501, the teleworker PC 111 determines whether or not it is set to take a screenshot. More specifically, referring to the screenshot save setting 1204 of the user who logged in to the dedicated application in the user information table of FIG. 12, if it is "True", it is determined that the setting is to take a screenshot. , If it is "False", it is determined that the setting for taking a screenshot is not set.

If the TV for teleworker is not set to take a screenshot, the process shifts to step S502, the user's screenshot save setting 1204 is changed to "True", and the setting is to take a screenshot. If there is, the process shifts to step S503.

Here, the user information table of FIG. 12 will be described.
FIG. 12 is a diagram showing an example of a user information table that stores settings for each user in the telework management support system. FIG. 12 The user information table is collectively managed by the external memory 212 of the management server 101, and when the teleworker starts a dedicated application on the teleworker PC111, the user information table is transmitted from the management server 101 to the teleworker PC111 and is transmitted to the teleworker PC111. It is stored in the external memory 212 of.

FIG. 12 The user information table shows a user ID 1201 for identifying a user, a user name 1202, a camera state 1203 showing the state of a webcam 210 connected to a teleworker PC 111, and whether to take and save a screenshot in the event of fraud. Screenshot save setting 1204 indicating whether or not, screenshot retention period 1206 (unit is day) indicating the retention period of the taken screenshot, until a warning is given if the teleworker continues teleworking without resolving the camera communication error. It consists of a warning issuance time 1207 (unit is minutes) indicating the time, a shooting interval 1208 (unit is minutes) when a camera communication error occurs, and a clock area detection setting 1209 indicating whether or not to detect the clock area from the screenshot. To. In addition to the user information table of FIG. 12, face photograph data necessary for face recognition of the user is also managed.
This completes the description of FIG. 12, and returns to the description of FIG.

In step S503, the teleworker PC111 takes a screenshot. That is, the screen displayed on the CRT211 is captured as an image. Hereinafter, the image obtained by capturing the screen displayed on the CRT 211 is referred to as a screenshot or a captured image.

Step S503 is displayed on the display of the information processing apparatus on the condition that the detection result indicating that the communication between the information processing apparatus and the photographing means is disconnected by the acquisition means in the present invention is acquired. This is an example of a captured image acquisition means for acquiring a captured image of a screen.

The screenshot obtained by the process of step S503 can be confirmed, for example, on the audit screen as shown in FIG.

Here, the audit screen shown in FIG. 10 will be described.
FIG. 10 is a diagram showing an example of an audit screen displayed on the CRT 211 of the auditor PC 121 for an auditor, and audits images and screenshots taken by the webcam 210 when fraud occurs through the audit screen. Confirm and enter the audit result.

The radio button 1001 is a radio button that accepts from the user the choice of displaying a screenshot in the display area 1002 and the list area 1006, or displaying an image taken by the webcam 210 in the display area 1002 and the list area 1006.

In the list area 1006, each image or screenshot when a fraudulent activity occurs is displayed in a list.
In the display area 1002, the one selected by the radio button 1001 is displayed.

When the auditor who confirmed the image or screenshot determines that there is no problem with the normal button 1003, for example, when it is determined that a fraudulent act called "spoofing" has been performed, but it is a detection error and it is actually the person himself / herself. When the normal button 1003 is pressed, information to that effect is managed by the management server 101.

When the auditor who confirmed the image or screenshot determines that the fraudulent button 1004 is a fraudulent act, the fraudulent button 1004 is pressed, and information to that effect is managed by the management server 101. ..
The cancel button 1005 is a button for canceling the audit.

In addition, in order to input the reason that the teleworker is not fraudulent with respect to the audit result, the normal button 1003, the fraudulent button 1004, and the cancel button 1005 in FIG. 10 are changed to the fields for inputting the comment for the fraudulent trail data. The displayed screen is displayed on the CRT 211 of the teleworker PC 111 in response to the acquisition request of the screen from the teleworker PC 111.

However, when displayed on the CRT 211 of the teleworker PC 111, the screenshot displayed in the display area 1002 is displayed in a state where the clock area is masked as shown in FIGS. 15 and 16 described later.
This completes the description of FIG. 10, and returns to the description of FIG.

In step S504, the teleworker PC 111 transmits the screenshot obtained by the process of step S503 to the management server 101 as fraudulent trail data.

In step S505, when the screenshot save setting 1204 is changed to "True" in step S502, the teleworker PC111 returns to "False" and ends this process.

In the embodiment of FIG. 5, the teleworker PC 111 takes a screenshot and transmits the taken screenshot to the management server 101. However, it is sufficient if the work being performed by the teleworker can be identified when a camera communication error occurs. Instead, the teleworker PC111 acquires the information of the running application that is pre-installed in the teleworker PC111 and is acquired by the software that functions to monitor and manage the running application and the program, and the step. It may be transmitted to the management server 101 in S504.

Next, another embodiment of the camera communication error handling process in step S406 of FIG. 4 will be described. The corresponding step numbers are shown for the same processing as in FIG. 5, and detailed description thereof will be omitted.

Since the processes of steps S601 to S604 are the same as the processes of steps S501 to S504, detailed description thereof will be omitted.

In step S605, the teleworker PC111 determines whether the camera communication error has been resolved. If the camera communication error is resolved, the teleworker PC 111 shifts the process to step S608, and if the camera communication error is not resolved, the process shifts to step S606.

In step S606, the teleworker PC 111 determines whether the elapsed time from the occurrence of the camera communication error has elapsed a predetermined warning time set in advance. When it is determined that the predetermined time of the warning has elapsed, the teleworker PC111 shifts the process to step S607, and when it is determined that the predetermined time of the warning has not passed, the process shifts to step S609.

In step S607, the teleworker PC 111 performs notification processing. Specifically, the warning pop-up 901 shown in FIG. 9 is displayed on the CRT 211 of the teleworker PC 111. FIG. 9 is a diagram showing an example of a screen in which a warning pop-up at the time of a camera communication error is displayed on the CRT 211 of the teleworker PC 111.
As another embodiment, as shown in FIG. 11, the notification may be given on the audit screen of the auditor PC 121 for the auditor.

Here, the audit screen of FIG. 11 will be described.
FIG. 11 is a diagram showing an example of an audit screen displayed on the CRT 211 of the auditor PC 121 for the auditor.
List screen 1101 A list of teleworkers to be audited by the auditor who logged in to the telework management support system is displayed.

In the state 1102, the current state of each teleworker (terminal front state) is displayed, and as shown in 1103, it is notified that there is a teleworker with a camera communication error, and the auditor should be dealt with. prompt. It should be noted that the characters of the camera communication error may be changed to the color of other characters, blinked, or otherwise displayed for identification to urge the auditor to take action.

This completes the description of FIG. 11 and returns to the description of FIG.
Since the process of step S608 is the same as the process of step S505, detailed description thereof will be omitted.

In step S609, the teleworker PC 111 determines whether a predetermined time for taking a preset second screenshot has elapsed. The teleworker PC 111 shifts the process to step S603 when the predetermined time for taking the screenshot has elapsed, and shifts the process to step S605 when the predetermined time for taking the screenshot has not elapsed.

The predetermined time in step S609 and the predetermined time in step S606 are set to be shorter than the predetermined time in step S609. For example, a screenshot is taken 5 minutes after the camera communication error occurs. Then, after another 5 minutes have passed, a screenshot is taken again, and after another 5 minutes have passed, a warning is given in the process of FIG.

As described above, by taking screenshots in steps S503 and S603 of FIG. 5, the auditor can confirm the work contents of the teleworker from the screenshots even if the camera is in a communication error state. It becomes possible, and by warning the teleworker as necessary, it is possible to reduce the possibility of fraudulent activity by the teleworker.
As another embodiment, when the process of step S603 is performed a plurality of times, the screenshot information acquired in each process is compared, and if there is a change, the teleworker is in a state of a camera communication error. May decide that he is continuing his business and warn him.
This is the end of the description of FIG.

Next, with reference to FIG. 7, the coping process for the fraudulent activity in step S404 of FIG. 4 will be described.
In step S701, the teleworker PC 111 refers to the screenshot save setting 1204 in the user information table of FIG. 12 and determines whether or not it is set to take a screenshot, similarly to step S501 of FIG.

If the teleworker PC111 is not set to take a screenshot, the process shifts to step S703, the image taken by the webcam 210 at the time of fraud occurs, and the setting is set to take a screenshot. If so, the process shifts to step S702 and a screenshot is taken.

In step S704, the teleworker PC 111 transmits the screenshot taken in step S702 and the image acquired in step S703 to the management server 101, and ends this process.
This is the end of the description of FIG.

Next, another embodiment of the coping process for the fraudulent activity in step S404 of FIG. 4 will be described with reference to FIG.

In the present embodiment, the monitoring process in step S402 is not always performed after the teleworker starts teleworking, but is performed at predetermined time intervals (for example, every 5 minutes). By doing so, it becomes possible to reduce the processing load of the teleworker PC 111.

In step S1301, the teleworker PC111 takes a screenshot.

In step S1302, in the teleworker PC111, the mask processing method preset in the dedicated application is to specify the clock area from the screenshot and mask the specified clock area, or to specify the time area. It is determined whether the method is to mask the predetermined areas at the four corners of the screenshot.

In step S1303, the teleworker PC 111 identifies a clock area indicating the time from the screenshot.

As a method of specifying the clock area, an OCR process is executed on the screenshot to specify the time, and the information of the object indicating the time is managed in advance by the teleworker PC111, and the object is similar to the object. There is a method of specifying a region having a degree equal to or higher than a predetermined value as a clock region.

In step S1304, the teleworker PC111 masks the clock area indicating the time specified in step S1303. The screenshot obtained by the mask processing in step S1304 is, for example, FIG.

In the screenshot shown in FIG. 15, the inside of the lower right frame 1501 is specified as a clock area and masked.

In the present embodiment, the mask processing is executed in step S1304, but it suffices if the time included in the screenshot is processed so that the user cannot recognize it, and the clock area can be mosaic processed or the clock area can be obtained from the image. You may cut it out and delete it.

In step S1305, the teleworker PC 111 masks the predetermined areas of the four corners of the screenshot, where the clock area is generally likely to be located. The screenshot obtained by the masking in step S1305 is, for example, FIG.

In the screenshot shown in FIG. 16, the inside of the four corner frames 1601 is masked as a clock area.

Step S1304 and step S1305 are examples of the processing means in the present invention for processing the time included in the captured image managed by the management means so that the user cannot recognize the time.

In step S1306, the teleworker PC 111 acquires an image taken by the webcam 210 when a fraudulent activity occurs.

In step S1307, the teleworker PC111 sends the unprocessed screenshot obtained in the process of step S1301, the screen shot processed in steps S1304 and S1305, and the image acquired in step S1306 as fraudulent trail data to the management server 101. Send and end this process.

When the process proceeds to step S408 after the processing for dealing with the fraudulent activity shown in FIG. 13 is completed, the clock area is masked for the screenshot of the fraudulent trail data displayed on the CRT211 of the teleworker PC111 in step S408. The screenshot is displayed.

This is because, in the embodiment shown in FIG. 13, the monitoring process in step S402 is not always performed after the teleworker starts teleworking, but is performed at predetermined time intervals (for example, every 5 minutes). This is because if the screenshot before the mask processing is displayed on the CRT 211 of the PC 111, the teleworker will be notified when the monitoring is being performed. Then, work in front of the teleworker PC111 only at the timing when the teleworker is monitored, and leave the seat at the time when the teleworker is not monitored, or show the screen displayed on the CRT211 of the teleworker PC111 to a third party. Even so, auditors could not be properly monitored.

Therefore, by displaying the masked screenshot on the teleworker PC 111, the possibility that the above action is performed is reduced.

Of course, by masking the clock area, the exact time cannot be known, but the teleworker can grasp the rough time on the movement history screen shown in FIG. 14 before displaying the movement history. It is unlikely that problems such as being unable to grasp the data and not being able to comment on fraudulent trail data will occur.

If the teleworker really wants to know the exact time when the screenshot was taken, the teleworker requests the auditor to take the screenshot before mask processing via the teleworker PC111, and the auditor makes a request. By approving the acquisition request via the auditor PC 121, the screenshot before the mask processing may be transmitted and displayed on the teleworker PC 111.

Although the process of FIG. 13 has been described above, as another embodiment, each process of steps S1302 to S1305 of FIG. 13 may be performed by the management server 101. In that case, when the teleworker PC111 finishes the process of step S1301, the process of step S1306 and subsequent steps is executed next. Then, the management server 101 that received the screenshot transmitted from the teleworker PC 111 in step S1307 executes each process from step S1302 to step S1305 in FIG. 13, and displays the screen before masking on the external memory 212 of the management server 101. Memorize the shot and the screenshot after masking. Then, when the screenshot acquisition request is received, it is determined whether the acquisition request is made from the teleworker PC 111 or the auditor PC 121, and if the request is made from the teleworker PC 111, the screenshot after mask processing is taken. If it is displayed from the auditor PC 121, the unmasked screenshot is displayed on the CRT 211 of the auditor PC 121.

Further, as another embodiment, only one of the process of step S1305 and the process of step S1303 may be executed without executing the process of step S1302.
This is the end of the description of FIG.

Next, the details of the audit process in step S308 of FIG. 3 will be described with reference to FIG.
In step S1701, the auditor PC 121 displays an audit screen for accepting the input of the audit result for the fraudulent trail data transmitted from the management server 101 in step S307 from the auditor.

The audit screen displayed on the auditor PC 121 in step S1701 is, for example, the audit screen shown in FIGS. 10 and 20.

2001 to 2006 in FIG. 20 are the same as 1001 to 1006 in FIG. 10, respectively. In the case of FIG. 20, since the radio button 2001 of the "camera image" is selected from the radio buttons 2001, the display area 2002 is displayed. Displays an image taken by the webcam 210.

In step S1702, the auditor PC 121 receives the audit result according to the mouse operation of the auditor or the like. The operation received from the auditor in step S1702 is, for example, an operation in which the normal button 1003 and the illegal button 1004 in FIG. 10, the normal button 2003 in FIG. 20, and the button of the illegal button 2004 are pressed.

When the process proceeds to step S1701 after the processing for dealing with the fraudulent activity shown in FIG. 13 is completed, the clock area is masked for the screenshot of the fraudulent trail data displayed on the CRT 211 of the teleworker PC 111 in step S408. A screenshot that has not been displayed is displayed.

In step S1703, the auditor PC 121 transmits the audit result received from the auditor in step S1702 to the management server 101 in association with the fraudulent trail data.
This is the end of the description of FIG.

Next, the details of the audit process in step S310 of FIG. 3 will be described with reference to FIG.
In step S1801, the management server 101 receives the audit result transmitted from the auditor PC 121 in step S1703 of FIG. 17, and stores the audit result in the audit result 2209 in the fraudulent trail data table of FIG. 22.

In step S1802, the management server 101 determines whether the audit result received in step S1801 is an audit result indicating that it is “normal”. The management server 101 shifts the process to step S1803 when the audit result indicates that it is “normal”, and ends this process if it is not the audit result indicating that it is “normal”.

In step S1803, the management server 101 determines whether the screenshot holding 2207 of the fraudulent trail data in the fraudulent trail data table for a certain period of time is “True” or “False”, and may be “True”. For example, this process is terminated, and if it is "False", the process proceeds to step S1804.

In step S1804, the management server 101 deletes the screenshot from the fraudulent trail data stored in step S303 of FIG. 3, and stores the deleted date and time in the screenshot deletion date and time 2211 in the fraudulent trail data table of FIG. This process ends.

Step S1803 and step S1804 are managed by the management means in association with the event according to the audit result of receiving the input via the reception screen controlled to be displayed by the display control means in the present invention. This is an example of a switching means for switching whether or not to delete the captured image.

In the process of FIG. 18, by deleting the screenshot when the audit result is normal, the screenshot that may contain confidential information even though the audit result is normal is the management server 101. It is possible to eliminate the unfavorable state of security that the information is stored forever.

When the audit screen of the fraudulent trail data is displayed after the screenshot is deleted, the information (2101) indicating that the screenshot has been deleted is displayed as shown in FIG.
This is the end of the description of FIG.

Next, with reference to FIG. 19, a process of deleting fraudulent trail data that has a normal audit result and has been held in the management server 101 for a certain period of time by setting will be described.
This process is executed periodically (for example, once a day) by batch processing or the like.

In step S1901, the management server 101 refers to the audit date and time 2210 and the screenshot retention period 2208 from the fraudulent trail data table of FIG. 22, and includes a screenshot whose screenshot retention period has elapsed from the audit date and time. Identify the fraudulent trail data for which the screenshot deletion date and time 2211 is not stored.

In step S1902, the management server 101 deletes the screenshot from the fraudulent trail data identified in step S1901, and ends this process.
This is the end of the description of FIG.

In the present embodiment, in step S702 of FIG. 7 and step S1301 of FIG. 13, the teleworker PC111 takes a screenshot, and the screenshot taken to the management server 101 is transmitted in step S704 and step S1307, respectively. However, except for the embodiment shown in FIG. 13, it suffices if the work performed by the teleworker can be identified when it is determined that a fraudulent activity has occurred, and the work is pre-installed on the teleworker PC 111 instead of the screenshot. The teleworker PC111 acquires information on the running application, file or program acquired by the software that functions to monitor and manage the running application, file or program, and steps S704 and S1307. It may be transmitted to the management server 101 respectively.

As described above, according to the present invention, the security risk caused by managing the information acquired from the screen displayed on the display of the information processing apparatus is reduced by detecting a predetermined event from the image taken by the photographing means. can do.

The present invention can be, for example, an embodiment as a system, an apparatus, a method, a program, a storage medium, or the like, and specifically, may be applied to a system composed of a plurality of devices, or 1 It may be applied to a device consisting of two devices.

The present invention includes a software program that realizes the functions of the above-described embodiments, which is directly or remotely supplied to the system or device. The present invention also includes cases where the computer of the system or device can also read and execute the supplied program code.

Therefore, in order to realize the functional processing of the present invention on a computer, the program code itself installed on the computer also realizes the present invention. That is, the present invention also includes a computer program itself for realizing the functional processing of the present invention.

In that case, as long as it has a program function, it may be in the form of an object code, a program executed by an interpreter, script data supplied to the OS, or the like.

Recording media for supplying programs include, for example, flexible disks, hard disks, optical disks, magneto-optical disks, MOs, CD-ROMs, CD-Rs, CD-RWs, and the like. There are also magnetic tapes, non-volatile memory cards, ROMs, DVDs (DVD-ROM, DVD-R) and the like.

In addition, as a program supply method, a browser of a client computer is used to connect to an Internet homepage. Then, the computer program itself of the present invention or a compressed file including the automatic installation function can be supplied from the homepage by downloading it to a recording medium such as a hard disk.

It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from different homepages. That is, the present invention also includes a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer.

In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and the key information for decrypting the encryption is downloaded from the homepage to the user who clears the predetermined conditions. Let me. Then, by using the downloaded key information, it is also possible to execute an encrypted program and install it on a computer.

Further, the function of the above-described embodiment is realized by the computer executing the read program. In addition, based on the instruction of the program, the OS or the like running on the computer performs a part or all of the actual processing, and the function of the above-described embodiment can be realized by the processing.

Further, the program read from the recording medium is written to the memory provided in the function expansion board inserted in the computer or the function expansion unit connected to the computer. After that, based on the instruction of the program, the function expansion board, the CPU provided in the function expansion unit, or the like performs a part or all of the actual processing, and the function of the above-described embodiment is also realized by the processing.

It should be noted that the above-described embodiments merely show examples of embodiment in carrying out the present invention, and the technical scope of the present invention should not be construed in a limited manner by these. That is, the present invention can be implemented in various forms without departing from the technical idea or its main features.

101 Management server 111 Teleworker PC
121 Auditor's PC

Claims (6)

An information processing system that includes an information processing terminal with a display unit.
A management means for managing trail data including a captured image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event, and a management means for managing the trail data .
Accepting designation of the management division and to trail data of pre Symbol management, and registration means for registering the designated management categories,
A deletion means for deleting the captured image of the trail data according to the registered management category, and
An information processing system including a notification means for notifying that the captured image has been deleted according to the management category in the trail data . A display control means for displaying and controlling the trail data is provided.
The information processing system according to claim 1, wherein the registration means receives and registers the designation of the management category according to the content of the display-controlled trail data. The information processing system according to claim 1 or 2 , wherein the management classification of the trail data is a classification indicating whether or not the usage state of the information processing terminal is normal. The information processing system according to any one of claims 1 to 3 , wherein the predetermined event is an event detected from an image taken in front of the information processing terminal. An information processing system including an information processing terminal having a display unit, which manages trail data including a captured image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event. A control method for an information processing system equipped with management means .
Registration means, a registration step of said relative managed trail data receives designation of the management division, and registers the specified management division,
A deletion step in which the deletion means deletes the captured image of the trail data according to the registered management category.
A control method for an information processing system , wherein the notification means includes a notification step for notifying that the captured image has been deleted in accordance with the management category in the trail data . An information processing system including an information processing terminal having a display unit, which manages trail data including a captured image of a screen displayed on the display unit of the information processing terminal acquired by detecting a predetermined event. A program that can be executed in an information processing system equipped with management means.
The information processing system,
Accepting designation of the management division and to trail data of pre Symbol management, and registration means for registering the designated management categories,
A deletion means for deleting the captured image of the trail data according to the registered management category, and
A program for functioning as a notification means for notifying that the captured image has been deleted according to the management category in the trail data .

Images