TW200834442A - Device managing device - Google Patents

Device managing device Download PDF

Info

Publication number
TW200834442A
TW200834442A TW096146840A TW96146840A TW200834442A TW 200834442 A TW200834442 A TW 200834442A TW 096146840 A TW096146840 A TW 096146840A TW 96146840 A TW96146840 A TW 96146840A TW 200834442 A TW200834442 A TW 200834442A
Authority
TW
Taiwan
Prior art keywords
device management
state
event
management
function
Prior art date
Application number
TW096146840A
Other languages
Chinese (zh)
Other versions
TWI357558B (en
Inventor
Hiroshi Fujimoto
Akira Kinno
Takashi Suzuki
Atsushi Takeshita
Original Assignee
Ntt Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ntt Docomo Inc filed Critical Ntt Docomo Inc
Publication of TW200834442A publication Critical patent/TW200834442A/en
Application granted granted Critical
Publication of TWI357558B publication Critical patent/TWI357558B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

It is possible to monitor and prevent an unauthorized use or trouble while device management cannot be performed properly. When the state for properly managing the device is recovered, the correct device state can be quickly restored. A device managing device (1000) includes: a device management execution unit (1400) which performs a predetermined management of a device (20) by executing device managing functions (2300) provided in the device (20); and an event detection unit (1100) which detects a particular device managing event. The device management execution unit (1400) decides the device management function (2300) to be executed in accordance with the detection result of the particular device managing event and the device state.

Description

200834442 九、發明說明 【發明所屬之技術領域】 本發明係有關於設備管理裝置,例如以電池驅動,以 無線和外部連接的設備(例如行動終端),對其進行所定 管理的設備管理裝置。 【先前技術】 先前,對於Smart-Phone或PDA或筆記型PC等具有 可攜性且可與網路連接的設備(例如行動終端),可讓管 理群組(企業的管理者等)掌握該當設備之狀態或設定等 ,而可對該當設備進行適切管理(設備管理)的裝置(亦 即設備管理裝置),係以「OMA Device Management ( DM )」的方式,而被「Open Mobile Alliance (OMA)」所 規定。 在OMA-DM中,藉由DM伺服器、和被導入至設備 的DM客戶端的通訊,就可實現上述的設備管理。 例如,.各DM客戶端是將設備上正在驅動中的韌體的 版本對DM伺服器進行通知,該當DM伺服器係基於上述 通知而發現持有版本較低韌體的設備,並將用來對該當設 備指示更新適切朝體的命令,向已被導入至該當設備的 DM客戶端進行通知。 隨著行動應用程式服務的適用範圍的擴展’設備本身 ,或圍繞設備周圍的環境的多樣性也日益增加。因此’要 追蹤設備的狀態或設定是有困難,上述設備管理所耗費之 -5- 200834442 成本會變得非常高昂。對於此種市場的需求,需要更爲有 彈性、且成本效益高的設備管理機制。 後述的非專利文獻1中,爲了降低DM伺服器的網路 運用成本,而規定了「DM排程」。 在所述的DM排程中係記載著,爲了使設備能在離線 (亦即和DM伺服器沒有會談(sessi〇n)之狀態下)能夠 進行設備管理之處理,DM伺服器係可將已被導入該當設 備之DM客戶端所能處理之設備管理機能的工作排程,事 前就通知給該當DM客戶端的此種架構·,並且針對該當架 構、該當架構中所含之組件的機能、該當組件間的介面、 管理物件的資料結構、執行排程處理之條件等,加以規定 〇 在所述架構下係構成爲,對各設備,設置排程器;該 當排程器係基於工作排程,來實現設備管理。BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a device management apparatus, such as a battery-driven, wirelessly and externally connected device (e.g., mobile terminal), which is managed by a device management device. [Prior Art] Previously, a portable device (such as a mobile terminal) that is portable and connectable to a network such as a smart phone or a PDA or a notebook PC allows a management group (a company administrator, etc.) to grasp the device. The device (that is, the device management device) that can appropriately manage the device (device management) is in the form of "OMA Device Management (DM)" and is "Open Mobile Alliance (OMA)". Stipulated. In OMA-DM, the above device management can be realized by communication between the DM server and the DM client that is imported into the device. For example, each DM client notifies the DM server of the version of the firmware being driven on the device, and the DM server finds the device holding the lower firmware based on the above notification, and will use The DM client that has been imported to the device is notified of the command indicating that the device is updated to be appropriate. With the expansion of the scope of application of mobile application services, the device itself, or the diversity surrounding the environment around the device, is also increasing. Therefore, it is difficult to track the status or settings of the equipment, and the cost of the above equipment management is very high. For the needs of such markets, a more flexible and cost-effective equipment management mechanism is needed. In Non-Patent Document 1 to be described later, "DM scheduling" is defined in order to reduce the network operation cost of the DM server. In the DM schedule, it is described that in order to enable the device to perform device management processing offline (that is, in a state of no communication with the DM server), the DM server system can The work schedule of the device management function that can be processed by the DM client that is imported into the device is notified to the DM client in advance, and for the architecture, the functions of the components included in the architecture, and the components The interface between the interface, the data structure of the management object, the conditions for performing the scheduling process, etc., are defined in the architecture, and the scheduler is set for each device; the scheduler is based on the work schedule. Implement device management.

(非專利文獻 1 ) OMA-AD-DM-Scheduling-Vl_0-200601 24-D 【發明內容】 如上述,若依據非專利文獻1,則即使DM伺服器和 DM客戶端之間沒有會談的狀態下,仍可藉由dΜ排程器 來進行設備管理。 可是在此其中,DM伺服器或dm客戶端的狀態發生 改變,而有上述的排程器無法偵測出進行設備管理之觸發 事件的狀況,或是無法隨應於該當事件之偵測結果來執行 -6 - 200834442 設備管理的狀況。 例如所述的狀況可想定有,設備電源切斷或網路品質 劣化或DM伺服器當機等發生之狀況。這類狀況發生時, 就無法適切處理工作排程,而有無法適切進行設備管理之 問題點。 因此,在所述狀況下,於各設備中即將無法適切進行 上述設備管理之前,必須要強制性地執行特別的設備管理 機能,以防止所述設備管理無法適切進行之期間,發生不 正當或不良的監視。 又,於各設備中,當復原成可適切進行所述設備管理 之狀況時(電源打開或網路品質變得良好或DM伺服器的 復原等),必須要儘速復原成原本該有的設備狀態。 於是,本發明係有鑑於上述課題而硏發,目的在於提 供一種設備管理裝置,除了可以防止在不能適切進行設備 管理之期間的不正當或不良監視,還可已復原成能夠適切 進行所述設備管理之狀況時,儘速地復原成原本應有的設 備狀態。 本發明之第1特徵,係一種設備管理裝置,其要旨爲 ,具備:設備管理執行部,係藉由執行被設在設備內之設 備管理機能,以進行對該設備之所定管理;和事件偵測部 ,偵測出特定之設備管理事件;前記設備管理執行部,係 隨應於前記特定之設備管理事件之偵測結果、和設備狀態 ,來決定所應執行之前記設備管理機能。 於本發明之第1特徴中,亦可爲,具備:狀態設定部 200834442 ,係隨應於前記特定之設備管理事件之偵測結果,來設定 前記設備狀態;和原則管理部,係從將前記設備管理機能 予以特定之複數設備管理原則之中,隨應於被前記狀態設 定部所設定之前記設備狀態、和前記特定之設備管理事件 之偵測結果,來設定應使用之設備管理原則;前記設備管 理執行部,係將被前記原則管理部所設定之前記應使用之 設備管理原則所特定出來的設備管理機能,決定成爲前記 應執行之設備管理機能。 若依據所述發明,則狀態設定部,係可隨應於設備管 理事件之偵測結果,來設定各種設備狀態;設備管理執行 部,係可隨應於所述之設備狀態,執行相應於各種設備管 理原則的設備管理。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於第1狀態之際,前記事件偵測部係偵測到第1設備管理 事件時,則前記狀態設定部係將該設備狀態維持成該第1 狀態不變;前記設備狀態是處於前記第1狀態之際,前記 事件偵測部係偵測到第2設備管理事件時,則前記狀態設 定部,係將該設備狀態設定成第2狀態,前記原則管理部 ,係將該第2狀態用的設備管理原則,設定作爲前記應使 用之設備管理原則。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第1狀態之際,前記事件偵測部係偵測到前記第2 設備管理事件時,則前記設備管理執行部係執行,被當作 前記應使用之設備管理原則而設定之前記第2狀態用的設 -8- 200834442 備管理原則所特定出來的第2設備管理機能。 若依據所述發明,則設備管理執行部係可執行,符合 於已被測知之設備狀態之遷移的設備管理原則所特定出的 設備管理機能。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於第1狀態之際,前記設備管理執行部係執行,被當作前 記應使用之設備管理原則而設定之前記第1狀態用的設備 管理原則所特定出來的第1設備管理機能;前記原則管理 部,係隨應於被前記第1狀態用的設備管理原則所特定出 來的第1設備管理機能,來決定應被前記第2狀態用的設 備管理原則所特定之前記第2設備管理機能。 若依據所述發明,則可進行考慮到設備狀態變化前所 被執行的設備管理機能及發生過設備狀態變化之雙方的有 彈性之設備管理。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第1狀態之際,只有在前記事件偵測部係偵測到前 記第2設備管理事件後,在一定時間內,未偵測到前記第 1設備管理事件的情況下,前記狀態設定部才將該設備狀 態設定成第2狀態。 若依據所述發明,則當已被測出之設備管理事件係爲 電池電力降低或網路斷線這類情況時,係可忽視於行動終 端等的設備上容易發生的暫時性電池電力降低或網路斷線 這類設備管理事件,可削減設備管理所費之成本。 於本發明之第1特徴中,亦可爲,前記第2設備管理 -9- 200834442 機能,係爲使前記設備中的特定機能變成不可使用之機能 〇 若依據所述發明,則例如,在設備管理機能的執行是 明顯受到限制的設備狀態下,藉由使特定機能變成不可使 用,就可防止不當行爲或不良情形等。 於本發明之第1特徵中,亦可爲,前記第1設備管理 機能,係爲於特定狀況下使其變成可使用或不可使用之機 能。 若依據所述發明,則例如,當第1設備管理機能係將 設備的特定機能,隨應於特定之狀況,而使其成爲可使用 或成爲不可使用的此種限制機能的情況下,會變成不可執 行設備管理機能的設備狀態,若無法測知上述特定狀況, 則該當第1設備管理機能預先就無法使用,可維持成進行 限制最嚴格之設備管理的狀態。 於本發明之第1特徴中,亦可爲,前記第2設備管理 機能,係爲保護前記設備中之特定資訊之機能。 若依據所述發明,則例如,在設備管理機能的執行是 明顯受到限制的設備狀態下,藉由保護特定資訊,就可防 止資訊從設備中外流。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第2狀態之際,前記事件偵測部係偵測到第3設備 管理事件時,則在前記設備管理執行部執行了,被當作前 記應使用之設備管理原則而設定之前記第2狀態用的設備 管理原則所特定出來的第3設備管理機能後,前記狀態設 -10- 200834442 定部,係將該設備狀態設定成前記第1狀態’前記原則管 理部,係將前記第1狀態用的設備管理原則,設定作爲前 記應使用之設備管理原則。 若依據所述發明,則因爲測知了第3設備管理事件而 將設備狀態予以復原之際,首先,執行依照此時點下所被 設定之設備管理原則的設備管理機能,然後才將設備狀態 設定成原本樣子,因爲如此構成,所以在設備狀態還原前 ,可執行用來復原設備狀態所需之特別的設備管理機能。 於本發明之第1特徴中,亦可爲,前記第3設備管理 機能,係爲使得,當前記設備狀態是處於前記第2狀態之 期間內曾經變成不可使用之前記設備上的特定機能,變成 可以使用之機能。 若依據所述發明,則因設備狀態改變而已變成不可使 用的該當設備管理機能,可使其再度成爲可以使用。 於本發明之第1特徴中,亦可爲,前記第3設備管理 機能,係爲復原前記設備中之特定資訊之機能。 若依據所述發明,則因設備狀態改變而變成不可存取 的特定資訊,可使其再度變成可存取。 於本發明之第1特徵中,亦可爲,事件積存部,係積 存著已被前記事件偵測部所偵測到的前記第1設備管理事 件;前記第2狀態,係爲無法藉由前記事件偵測部來偵測 出前記設備管理事件之狀態;前記第3設備管理機能係至 少含有,針對已被積存在前記事件積存部中之前記第1設 備管理事件的設備管理機能。 -11 - 200834442 於本發明之第1特徴中,亦可爲,事件積存部,係若 前記設備狀態是處於前記第2狀態時,則將已被前記事件 偵測部所偵測到的前記第1設備管理事件,加以積存;若 前記事件偵測部係偵測到前記第3設備管理事件,前記狀 態設定部係將前記設備狀態設定成第1狀態,前記原則管 理部係已將前記第1設備管理原則設定作爲前記應使用之 設備管理原則的情況下,則前記設備管理執行部,係隨應 於已積存在前記事件積存部中的前記第1設備管理事件, 來決定前記應執行之設備管理機能。 若依據所述發明,則當無法測出設備管理事件的這類 設備狀態之變化發生時,藉由參照被事件積存部所積存的 、於設備狀態是處於第2狀態之期間內所發生過的第1設 備管理事件,設備狀態復原成第1狀態之際所執行的設備 管理機能,係會執行隨應於所述期間所發生過之第1設備 管理事件的設備管理機能,因爲如此構成,所以所述期間 應被進行的設備管理機能係變成可以執行,可更正確地復 原設備狀態。 於本發明之第1特徴中,亦可爲,前記事件積存部, 係將複數之前記第1設備管理事件’總結地變更成其他第 1設備管理事件。 若依據所述發明,則由於設備狀態是處於第2狀態之 期間內所發生過的第1設備管理事件加以積存的事件積存 部,是理解了所積存的第1設備管理事件之意義,並將該 當第1設備管理事件之集合’轉換成具有相同意義的其他 -12- 200834442 第1設備管理事件,因爲如此構成,所以藉由將事件積存 部中所積存的第1設備管理事件予以總結,轉換成較少的 設備管理事件,就可刪減第1設備管理事件的積存成本, 以及設備狀態復原時的設備管理機能的執行成本。 於本發明之第1特徴中,亦可爲,若在前記設備狀態 是從前記第1狀態遷移成前記第2狀態之前的管理狀況, 和該設備狀態是從該第2狀態遷移成該第1狀態之前的管 理狀況之間發生變化時,則前記設備管理執行部,係執行 前記第3設備管理機能。 若依據所述發明,則在設備狀態是從第2狀態改變成 第1狀態之際,只有在第2狀態中發生管理狀況改變時, 可執行第3設備管理機能,可削減設備管理機能的執行成 本。 於本發明之第1特徴中,亦可爲,前記第1狀態,係 爲可進行對前記設備之前記所定管理之狀態;前記第2狀 態,係爲不可進行對前記設備之前記所定管理之狀態。 若依據所述發明,則於通常之設備管理是難以進行的 特殊設備狀態下,可設定特殊的設備管理原則,執行所述 設備狀態用的特殊之設備管理。 如以上說明,若依據本發明,則可提供一種設備管理 裝置,除了可以防止在不能適切進行設備管理之期間的不 正當或不良監視,還可已復原成能夠適切進行所述設備管 理之狀況時,儘速地復原成原本應有的設備狀態。 -13 - 200834442 【實施方式】 (本發明之第1實施形態所述之設備管理裝置的構成 ) 參照圖1至圖6,說明本發明之第丨實施形態所述之 設備管理裝置1000的構成。 本實施形態所述之設備管理裝置 i 000,係對於 Smart-Phone ^ pDA或筆記型pC等具有可攜性且可與網 路連接的設備(例如行動終端),可讓管理群組(企業的 管理者等)掌握該當設備之狀態或設定等,而可對該當設 備進行所定之管理(以下稱之爲設備管理)的裝置(亦即 設備管理裝置)。 具體而言,本實施形態所述之設備管理裝置1 000,係 偵測出設備管理事件2 1 0 0,並依照設備管理原則2 2 0 0, 來執行設備管理機能23 00。 此外,設備管理裝置1 000係被構成爲,當因設備的 狀態或設備周圍的狀況改變而無法適切進行設備管理的狀 況下,則會強制性地執行特別的設備管理機能,監視並防 止設備內的不當或不良情況,當從無法適切進行設備管理 的狀況還原成可適切進行設備管理之狀況時,就可復原成 原本應有的設備管理之狀態。 本實施形態中係參照圖1及圖2,說明企業管理部門 ,爲了將職員之設備20中的外部記錄媒體(mini SD卡等 )1 0 0之利用加以管理亦即進行所謂「設備管理」,而收 集從設備20向外部記錄媒體1 00的存取日誌的案例’隨 -14- 200834442 著網路300的中途切斷、或DM伺服器10當機等,而無 法適切進行所述設備管理時的情形。 此處,本實施形態中係假設使用Smart-Phone來作爲 設備。 ^ 參照圖1,說明上述設備管理被適切進行時的例子。 • 所述例子中,企業管理部門係爲了進行對設備20的設備 管理,而利用所擁有之DM伺服器10,進行從設備20對 φ 外部記錄媒體1 00存取之日誌的收集。 此處,職員所持有的設備20,係具備會依照來自DM 伺服器之指示的客戶端軟體(亦即DM代理器),利用設 備管理機能1 00,在每一定時間,或者進行特定業務等時 候,執行監視對外部記錄媒體1 00的存取並取得履歷(存 取曰誌)的監視機能(設備管理機能)3 2、以及透過網路 3 00 (蜂巢網線路或無線LAN等)來向〇]\4伺服器10報 告存取日誌的報告機能(設備管理機能)3 3。 # 接著’參照圖2,說明無法適切進行上述設備管理時 的例子。圖2中,作爲所述例子係圖示了,因DM伺服器 10的當機或網路3〇〇的切斷,而無法從設備20向DM伺 服器1 〇進行存取,無法適切地執行報告存取日誌之報告 ^ 機能(設備管理機能)3 3時的例子。 所述情況下,設備管理裝置1 000係藉由禁止(鎖住 )對外部記錄媒體1 0 0的存取,以防止不當處理或不良情 形。 具體而言,於設備20的內部,設備管理裝置1 000係 -15- 200834442 中斷了監視及收集存取日誌的監視機能(設備管理機能) 32、或報告存取日誌的報告機能(設備管理機能)33之執 行,然後執行將對外部記錄媒體1 00之存取予以鎖住的鎖 住機能(設備管理機能)343。 然後,在本實施形態中’從圖2所示之設備狀態而 DM伺服器1 〇恢復或網路3 0 〇恢復時,而成爲可以適切執 行存取日誌報告之報告機能(設備管理機能)3 3的情況下 ,就使其恢復成圖1所示的通常之設備管理狀態(進行對 外部記錄媒體之存取日誌的收集及報告之狀態)。 以下針對實現所述案例之設備管理裝置1 000的構成 加以說明。 如圖3所示,設備管理裝置1 000係具備:事件偵測 部1100、原則管理部1200、狀態設定部1 300、設備管理 執行部1 400。 事件偵測部11 〇 〇係被構成爲,會偵測出特定的設備 管理事件。 具體而言,事件偵測部11 〇〇係偵測到設備管理事件 2 1 0 0的發生,針對所測知的設備管理事件2 1 0 0是屬於第 1設備管理事件2 1 1 0,還是屬於第2設備管理事件2 1 20, 或是屬於第3設備管理事件2 1 3 0而加以決定,並隨著所 述之決定,對狀態設定部1 3 00或設備管理執行部1400傳 達已測知設備管理事件2 1 00之意旨。 此處,第1設備管理事件2 1 1 0,係爲將一般的設備管 理機能之啓動視爲契機的通常時之事件,係想定爲例如, -16- 200834442 對外部設備的存取、或來自非接觸1C卡(FeliCa等)的 訊號、來自計時器的通知等。 第2設備管理事件2 1 20,係爲將無法適切進行設備管 理之狀況的開始視爲契機的狀態變化時的事件,係想定爲 例如網路斷線、或DM伺服器的當機、設備的電源切斷等 〇 又,第3設備管理事件2 1 3 0,係爲將恢復成可適切進 行設備管理狀況視爲契機的狀復原時之事件,係想定爲例 如網路品質的良好化、或DM伺服器的恢復、設備的電源 打開等。 例如,事件偵測部1 1 0 0係利用各設備管理事件2 1 1 0 至2 1 3 0中所屬的設備管理事件之清單,就可決定所測知 的設備管理事件2 1 00是屬於第1乃至第3設備管理事件 2110乃至2130之哪一者。 圖4中係例示了第1設備管理事件2 110中所屬之設 備管理事件的清單(第1事件清單)之例子,圖5中係例 示了第2設備管理事件2120中所屬之設備管理事件的清 單(第2事件清單)之例子,圖6中係例示了第3設備管 理事件21 3 0中所屬之設備管理事件的清單(第3事件清 單)之例子。 例如,來自計時器的通知,或因向外部記錄媒體1 0 0 進行存取而來自外部記錄介面的岔斷,係被當成第1設備 管理事件來處理。 又,例如,網路斷線、或DM伺服器1 〇的當機,係 -17- 200834442 被當成第2設備管理事件2120來處理。 又,例如,網路的恢復、或DM伺服器10的復原, 係被當成第3設備管理事件2130來處理。 事件偵測部11 00,係藉由偵測來自網路介面的岔斷, ^ 就可測知網路斷線或網路的恢復。 _ 又,事件偵測部1 100,係藉由負責與DM伺服器1 〇 通訊的報告機能3 3所送來的通知,就可測知DM伺服器 φ 1 0是否當機。 又,事件偵測部1 1 00,係藉由來自事件偵測部! i 00 的通知,就可測知DM伺服器是否恢復。 如後述,當設備狀態是處於「第1狀態(可適切進行 設備管理之狀態)」時,事件偵測部1 1 00係若測知第1 設備管理事件2 1 1 0或第3設備管理事件2 1 3 0,則將其意 旨通知給設備管理執行部1 4 0 0 ;若測知第2設備管理事件 2 1 20,則將意旨通知給狀態設定部1 3 00。 • 又,同樣地,當設備狀態是處於「第2狀態(難以適 切進行設備管理之狀態)」時,事件偵測部1 1 〇〇係若測 知第1設備管理事件2 1 1 0或第2設備管理事件2 i 2〇,則 * 將其意旨通知給設備管理執行部1400;若測知第3設備管 ’ 理事件2130,則將意旨通知給狀態設定部1 3 00。 此處,「第1狀態」係爲可對設備20進行所定管理 (設備管理)之狀態;「第2狀態」係爲對設備2〇難以 進行設備管理之狀態。 狀態設定部1 300係被構成爲’隨應於事件偵測部 -18- 200834442 11 00所致之特定設備管理事件之偵測結果,來設定設備狀 態。 參照圖7,說明被狀態設定部〗300所設定的設備狀態 發生遷移時的樣子。 設備狀態是處於「第1狀態」之際,當事件偵測部 1 〇 〇測知了第1設備管理事件2 1 1 0或第3設備管理事件 2130的情況下,則狀態設定部1 3 00係將設備狀態維持成 「第1狀態」不變。 又,設備狀態是處於「第1狀態(通常時)」之際, 當事件偵測部1 1 00測知到第2設備管理事件2 1 20時,則 狀態設定部1 300係將設備狀態變更成「第2狀態(DM不 可時)」。 另一方面,設備狀態是處於「第2狀態」之際,當事 件偵測部110 0測知了第1設備管理事件2110或第2設備 管理事件2 1 20的情況下,則狀態設定部1 3 00係將設備狀 態維持成「第2狀態」不變。 又,設備狀態是處於「第2狀態」之際,當事件偵測 部11 00測知到第3設備管理事件2 1 3 0時,則狀態設定部 1 3 00係將設備狀態變更成「第1狀態」。 又,亦可構成爲,設備狀態是處於「第1狀態」之際 ,事件偵測部Π 〇〇測知到第2設備管理事件2 1 20後,只 有當一定時間內未偵測到第1設備管理事件2 1 1 0的情況 下,狀態設定部1 3 〇 〇係將設備狀態,設定成「第2狀態 -19- 200834442 原則管理部1 200係被構成爲,從將設備管理機能予 以特定之複數設備管理原則2200之中,隨應於被狀態設 定部1 3 0〇所設定之設備狀態、和事件偵測部1 1 〇〇所致之 特定設備管理事件之偵測結果,來設定應使用之設備管理 原則。 原則管理部1200,係將被選擇成爲應使用之設備管理 原則的設備管理原則,通知給設備管理執行部1 400。 當設備狀態是處於「第1狀態」時,原則管理部1200 ,係將第1設備管理原則22 1 0,設定(選擇)成爲應使用 之設備管理原則;當設備狀態是處於「第2狀態」時,原 則管理部1 200,係將第2設備管理原則2220,設定(選 擇)成爲應使用之設備管理原則。 例如,設備狀態是處於「第1狀態」之際,當事件偵 測部1 1 1 0測知到第2設備管理事件2 1 20時,則狀態設定 部1 1 3 0係將設備狀態設定成「第2狀態」;原則管理部 1 200,係將第2狀態用設備管理原則(第2設備管理原則 ),設定來作爲應使用之設備管理原則。 此處,設備管理原則2200,係爲用來特定出,於設備 管理執行部1 400上所應執行之設備管理機能的原則。 具體而言,第1設備管理原則2210係當偵測到第i 設備管理事件2110或第3設備管理事件2130時,就指示 其執行第1設備管理機能2310。 另一方面,第2設備管理原則2220係用來指示,當 偵測到第1設備管理事件2 11 0或第2設備管理事件2〗20 -20- 200834442 時就執行第2設備管理機能2320,當偵測到第3設備管理 事件2130時就執行第3設備管理機能23 30的原則。 此外,原則管理部1200係可構成爲從DM伺服器10 下載設備管理原則2200,也可構成爲從企業管理部門所發 配的智慧卡等拷貝出設備管理原則2200而加以取得,也 可構成爲去利用在設備20出貨時就預先保持的設備管理 原則2200。 設備管理執行部1400係被構成爲’藉由執行被設在 設備2 0內的設備管理機能2 3 〇 0 ’來進行對設備2 0的所定 管理(設備管理)。 具體而言,設備管理執行部1 400係被構成爲,隨著 事件偵測部1 1 〇 〇所致之特定的設備管理事件2 1 0 0的偵測 結果,和被狀態設定部1 300所設定的設備狀態’來決定 所應執行之設備管理機能2300 ° 詳言之,設備管理執行部1 4 0 0係被構成爲,將原則 管理部1 2 0 0所設定的「應使用之設備管理原則2 2 0 0」所 特定出的設備管理機能2 3 〇 〇 ’決定成爲應執彳了之設備管理 機能23 00。 此外,設備管理執行部1400係亦可被構成爲’隨應 於事件偵測部1100所致之特定的設備管理事件2100的偵 測結果,而將原則管理部1 200所設定的「應使用之設備 管理原則2200」所特定出的設備管理機能23 00,決定作 爲應執行之設備管理機能2300 ° 例如,設備管理執行部1 4 0 0係被構成爲’當設備狀 -21 - 200834442 態是處於「第2狀態」,且偵測到第1設備管理事件2 1 1 0 或第2設備管理事件2120時,則執行被第2設備管理原 則2220所特定出來的第2設備管理機能2320。 又,設備管理執行部1 400係被構成爲,當設備狀態 是處於「第2狀態」,且偵測到第3設備管理事件213 0 時,則執行被第2設備管理原則2220所特定出來的第3 設備管理機能2330。 在本實施形態中,設備管理執行部1 400的第1設備 管理機能23 1 0 (通常時),係藉由執行監視機能3 2以監 視對外部記錄媒體1 〇〇之存取及收集存取日誌,同時藉由 執行報告機能3 3以向DM伺服器1 0進行存取日誌的報告 〇 又,設備管理執行部1 400的第2設備管理機能23 20 (狀態變化時),係藉由執行鎖住機能31,以將對外部記 錄媒體1 〇〇之存取機能(特定機能)加以鎖住(使其成爲 不可使用)。 又,設備管理執行部1 400的第3設備管理機能23 3 0 (狀態復原時),係藉由執行鎖住機能3 1,以將對外部記 錄媒體1 00之存取機能的鎖定,加以解除(使得對外部記 錄媒體100之存取機能變成可使用)。 此外,不只是如本實施形態般地,設備管理執行部 1400執行鎖住機能31以將對外部記錄媒體100之存取機 能加以鎖住之案例,還可考慮爲了防止企業的機密文書外 流,而藉由執行第2設備管理機能(保護設備20中之特 -22-(Non-Patent Document 1) OMA-AD-DM-Scheduling-Vl_0-200601 24-D [Summary of the Invention] As described above, according to Non-Patent Document 1, even if there is no talk between the DM server and the DM client, Device management can still be performed by the dΜ scheduler. However, in this case, the state of the DM server or the dm client changes, and the scheduler described above cannot detect the status of the trigger event for device management, or cannot perform the detection result of the event. -6 - 200834442 Status of equipment management. For example, the situation described may be a situation in which the power of the device is cut off or the network quality is deteriorated or the DM server is down. When such a situation occurs, it is impossible to properly handle the work schedule, and there is a problem that the equipment management cannot be properly handled. Therefore, in the above situation, before the device management is not properly performed in each device, it is necessary to enforce a special device management function to prevent the device from being improperly handled during the period in which the device management cannot be properly performed. Surveillance. In addition, in each device, when the device management is properly performed (the power is turned on, the network quality is good, or the DM server is restored, etc.), it is necessary to restore the device as it is. status. Accordingly, the present invention has been made in view of the above problems, and an object of the invention is to provide a device management apparatus which can be prevented from being improperly or poorly monitored during the period in which device management cannot be properly performed, and can be restored to enable the device to be appropriately performed. In the case of management, the state of the equipment should be restored as soon as possible. A first aspect of the present invention is a device management device, comprising: a device management execution unit that performs a device management function provided in a device to perform management of the device; and event detection The measuring unit detects a specific device management event; the pre-recording device management execution unit determines the device management function to be performed before the execution of the specific device management event detection result and the device status. In the first aspect of the present invention, the state setting unit 200834442 may be provided to set the state of the pre-recording device in accordance with the detection result of the device management event specified in the foregoing; and the principle management unit is based on the pre-recording The device management function can be used to specify the device management principle to be used in the specific multi-device management principle, in accordance with the detection result of the device status and the device management event specified by the pre-recorded status setting unit. The equipment management execution unit determines the equipment management function that is specified in the equipment management principle that is set by the pre-recording principle management department. According to the invention, the state setting unit can set various device states according to the detection result of the device management event; the device management execution unit can perform corresponding to various states according to the device state Equipment management for equipment management principles. In the first aspect of the present invention, when the state of the pre-recording device is in the first state, when the pre-recording event detecting unit detects the first device management event, the pre-recording state setting unit sets the device status. When the state of the device is maintained in the first state, and the event detection unit detects the second device management event, the pre-recording state setting unit sets the device state to In the second state, the pre-recording principle management unit sets the device management principle for the second state as the device management principle to be used in the pre-recording. In the first aspect of the present invention, when the state of the pre-recording device is in the first state before the pre-recording event detecting unit detects the second device management event, the pre-recording device management execution unit executes It is the second device management function that is specified in the management principle of the second state. According to the invention, the device management execution unit is executable and conforms to the device management function specified by the device management principle of the device state transition that has been detected. In the first aspect of the present invention, the pre-recording device management execution unit executes when the state of the pre-recording device is in the first state, and is set as the first state before the device management principle to be used as the pre-recording. The first device management function specified by the device management principle; the pre-recording principle management department determines the first device management function specified by the device management principle for the first state of the pre-recording. The device management principle of the state is specified before the second device management function. According to the invention, it is possible to perform flexible device management in consideration of both the device management function performed before the device state change and the device state change. In the first aspect of the present invention, the pre-recording device state may be in the first state before, and only after the pre-recording event detecting unit detects the pre-recording second device management event, for a certain period of time, When the first device management event is detected, the pre-status setting unit sets the device state to the second state. According to the invention, when the device management event that has been detected is a situation in which the battery power is reduced or the network is disconnected, the temporary battery power reduction that is likely to occur on the device such as the mobile terminal or the like may be ignored. Device management events such as network disconnection can reduce the cost of equipment management. In the first aspect of the present invention, the function of the second device management -9-200834442 may be used to make the specific function in the predecessor device unusable, according to the invention, for example, in the device. In the state of the device where the execution of the management function is significantly restricted, by making the specific function unusable, it is possible to prevent inappropriate behavior or bad conditions. In the first aspect of the present invention, the first device management function may be used to make it usable or unusable under certain conditions. According to the invention, for example, when the first device management function can make the specific function of the device become a usable or unusable restriction function depending on a specific situation, it becomes If the device status of the device management function is not executable, if the specific condition cannot be detected, the first device management function cannot be used in advance, and the device management state in which the restriction is the most restrictive can be maintained. In the first aspect of the present invention, the second device management function may be used to protect the specific information in the predecessor device. According to the invention, for example, in a device state in which the execution of the device management function is significantly restricted, by protecting the specific information, it is possible to prevent the information from flowing out of the device. In the first aspect of the present invention, when the state of the pre-recording device is in the second state before the pre-recording event detecting unit detects the third device management event, the pre-recording device management executing unit may execute the third device management event. It is set as the device management principle to be used in the pre-recording, and the third device management function specified in the device management principle for the second state is set, and the pre-recorded state is set to -10- 200834442. In the first state of the predecessor, the pre-recording principle management department sets the device management principle for the first state of the predecessor, and sets the device management principle to be used as a pre-record. According to the invention, when the device state is restored by detecting the third device management event, first, the device management function according to the device management principle set at this time is executed, and then the device state is set. As it is, because of this configuration, special device management functions required to restore the state of the device can be performed before the device state is restored. In the first aspect of the present invention, the third device management function may be such that the current device state is in a state of being in the second state before the previous function becomes unusable, and becomes a specific function on the device. The function you can use. According to the invention, the device management function that has become unusable due to a change in the state of the device can be made available again. In the first aspect of the present invention, the third device management function may be used to restore the specific information in the pre-recording device. According to the invention, specific information that becomes inaccessible due to a change in the state of the device can be made accessible again. In the first aspect of the present invention, the event storage unit may store a pre-recorded first device management event detected by the pre-recorded event detecting unit; and the pre-recorded second state is not possible by the pre-recording The event detecting unit detects the status of the pre-recorded device management event; the pre-recorded third device management function includes at least the device management function for the first device management event that has been accumulated in the pre-recorded event storage unit. -11 - 200834442 In the first aspect of the present invention, the event accumulation unit may be a pre-recorded unit that has been detected by the pre-recorded event detecting unit if the state of the pre-recording device is in the second state of the pre-recording 1 device management event, to store; if the event detection department detects the third device management event, the pre-status setting unit sets the pre-recorded device state to the first state, and the pre-requisite management department has the first note. When the equipment management principle is set as the pre-recorded equipment management principle, the pre-recorded equipment management execution unit determines the equipment to be executed in advance according to the pre-recorded first equipment management event that has accumulated in the pre-recorded event storage unit. Management function. According to the invention, when a change in the state of the device in which the device management event cannot be detected occurs, it is referred to by the event storage unit that the device state is in the second state. The first device management event, the device management function executed when the device state is restored to the first state, performs the device management function corresponding to the first device management event that occurred during the period, and thus is configured as described above. The device management function that should be performed during the period becomes executable, and the device state can be restored more correctly. In the first aspect of the present invention, the pre-record event storage unit may change the first device management event 'before the plural number to another first device management event. According to the invention, the event storage unit that accumulates the first device management event that occurred during the second state is understood to understand the meaning of the accumulated first device management event, and When the set of the first device management events is converted into other -12-200834442 first device management events having the same meaning, since the first device management event accumulated in the event pool is summarized, the conversion is performed. In the case of fewer device management events, the cost of storing the first device management event and the execution cost of the device management function when the device state is restored can be deleted. In the first aspect of the present invention, the pre-recorded device state may be a management state before transitioning from the first state to the second state, and the device state may be transitioned from the second state to the first state. When there is a change between the management status before the status, the pre-recorded device management execution unit executes the third device management function. According to the invention, when the device state is changed from the second state to the first state, the third device management function can be executed only when the management state is changed in the second state, and the execution of the device management function can be reduced. cost. In the first aspect of the present invention, the first state may be a state in which the management of the preceding device is performed, and the second state is a state in which the management of the preceding device is not possible. . According to the invention, in the special equipment state where normal equipment management is difficult, special equipment management principles can be set, and special equipment management for the equipment state can be performed. As described above, according to the present invention, it is possible to provide a device management apparatus which can prevent the illegitimate or poor monitoring during the period in which the device management is not properly performed, and can be restored to a condition in which the device management can be appropriately performed. , as soon as possible to restore the original state of the equipment. [Embodiment] (Configuration of the device management device according to the first embodiment of the present invention) The configuration of the device management device 1000 according to the third embodiment of the present invention will be described with reference to Figs. 1 to 6 . The device management device i 000 according to the embodiment is a device (such as a mobile terminal) that is portable and can be connected to a network such as a Smart-Phone ^ pDA or a note-type pC, and can be managed by a group (enterprise) The manager (such as a device management device) that can perform the management of the device (hereinafter referred to as device management) by grasping the state, setting, and the like of the device. Specifically, the device management apparatus 1 000 of the present embodiment detects the device management event 2 1 0 0 and executes the device management function 23 00 according to the device management principle 2 2 0 0 . Further, the device management device 1000 is configured such that when the device management cannot be appropriately performed due to the state of the device or the situation around the device, special device management functions are forcibly executed, and the device is monitored and prevented. Improper or bad conditions can be restored to the original state of equipment management when the situation of unmanageable equipment management is restored to a condition that can be properly managed. In the present embodiment, the company management department performs the so-called "device management" in order to manage the use of the external recording medium (mini SD card, etc.) in the staff device 20, with reference to FIG. 1 and FIG. The case of collecting the access log from the device 20 to the external recording medium 100 is interrupted by the middle of the network 300, or the DM server 10 is down, and the device management cannot be performed properly. The situation. Here, in the present embodiment, it is assumed that a Smart-Phone is used as the device. ^ An example in which the above device management is appropriately performed will be described with reference to Fig. 1 . • In the above example, the enterprise management department uses the owned DM server 10 to perform collection of logs accessed by the device 20 for the φ external recording medium 100 in order to perform device management of the device 20. Here, the device 20 held by the employee is provided with a client software (that is, a DM agent) that instructs the DM server to use the device management function 100, at a certain time, or for a specific service or the like. At that time, the monitoring function of the external recording medium 100 is monitored, and the monitoring function (device management function) 3 of the history (access to the ambition) is acquired, and the network 303 (the cellular network line or the wireless LAN, etc.) is used. ] \4 The server 10 reports the reporting function of the access log (device management function) 3 3. # Next, an example in which the above device management cannot be performed properly will be described with reference to Fig. 2 . In FIG. 2, as an example, it is shown that the DM server 10 cannot be accessed from the device 20 to the DM server 1 due to the disconnection of the DM server 10 or the network, and cannot be properly executed. Report of access log report ^ Example of function (device management function) 3 3 o'clock. In this case, the device management apparatus 1000 prevents the improper processing or the bad situation by prohibiting (locking) access to the external recording medium 100. Specifically, within the device 20, the device management device 1 000 -15- 200834442 interrupts the monitoring function of monitoring and collecting the access log (device management function) 32, or reporting the reporting function of the access log (device management function) The execution of 33, and then the lock function (device management function) 343 that locks the access of the external recording medium 100 is executed. Then, in the present embodiment, when the DM server 1 is restored or the network 3 0 is restored from the device state shown in FIG. 2, the reporting function (device management function) 3 can be appropriately executed. In the case of 3, it is restored to the normal device management state shown in Fig. 1 (the state in which the access log to the external recording medium is collected and reported). The configuration of the device management apparatus 1000 for realizing the above case will be described below. As shown in Fig. 3, the device management device 1000 includes an event detecting unit 1100, a principle management unit 1200, a state setting unit 1300, and a device management executing unit 1400. The event detecting unit 11 is configured to detect a specific device management event. Specifically, the event detecting unit 11 detects that the device management event 2 1 0 0 is generated, and the device management event 2 1 0 0 belongs to the first device management event 2 1 1 0 for the detected device. It belongs to the second device management event 2 1 20, or is determined to belong to the third device management event 2 1 3 0, and the status setting unit 1 300 or the device management execution unit 1400 transmits the measured value as determined. Know the device management event 2 1 00. Here, the first device management event 2 1 1 0 is an ordinary event in which the activation of the general device management function is regarded as an opportunity, and is intended to be, for example, -16-200834442 access to an external device, or from Non-contact 1C card (FeliCa, etc.) signals, notifications from timers, etc. The second device management event 2 1 20 is an event when the state in which the start of the device management cannot be appropriately considered is changed, for example, a network disconnection, or a failure of the DM server or a device. In the event of a power-off, etc., the third device management event 2 1 3 0 is an event that is restored to an appropriate situation in which the device management status is considered as an opportunity, and is intended to be, for example, a good network quality, or Recovery of the DM server, powering of the device, etc. For example, the event detecting unit 1 1 0 0 determines that the detected device management event 2 1 00 belongs to the device by using a list of device management events to which the respective devices manage events 2 1 1 0 to 2 1 3 0 . 1 or even the third device management event 2110 or 2130. FIG. 4 illustrates an example of a list of device management events (first event list) to which the first device management event 2 110 belongs, and FIG. 5 illustrates a list of device management events to which the second device management event 2120 belongs. (Example of the second event list), an example of the list of device management events (third event list) to which the third device management event 21 3 0 belongs is illustrated in FIG. For example, a notification from a timer or a disconnection from an external recording interface due to access to the external recording medium 100 is handled as a first device management event. Also, for example, a network disconnection, or a crash of the DM server 1 ,, is handled as a second device management event 2120. Further, for example, recovery of the network or restoration of the DM server 10 is handled as the third device management event 2130. The event detecting unit 11 00 detects the disconnection of the network or the recovery of the network by detecting a disconnection from the network interface. Further, the event detecting unit 1 100 can detect whether or not the DM server φ 1 0 is down by a notification sent by the reporting function 3 3 in communication with the DM server 1 。. Moreover, the event detecting unit 1 00 is obtained from the event detecting unit! The notification of i 00 can be used to detect whether the DM server is restored. As will be described later, when the device state is in the "first state (the state in which the device management can be appropriately performed)", the event detecting unit 1 100 detects the first device management event 2 1 1 0 or the third device management event. 2 1 3 0, the device management execution unit 1400 is notified, and when the second device management event 2 1 20 is detected, the state setting unit 1 3 00 is notified. • Similarly, when the device status is in the “second state (it is difficult to properly manage the device)”, the event detecting unit 1 1 detects that the first device management event 2 1 1 0 or the first 2 Device management event 2 i 2〇, then * notify the device management execution unit 1400 of the intention, and if the third device management event 2130 is detected, the notification is notified to the status setting unit 1 300. Here, the "first state" is a state in which the device 20 can be managed (device management), and the "second state" is a state in which it is difficult to perform device management for the device 2. The state setting unit 1 300 is configured to set the device state in response to the detection result of the specific device management event caused by the event detecting unit -18-200834442 11 00. The state when the device state set by the state setting unit 300 is migrated will be described with reference to Fig. 7 . When the device state is in the "first state", when the event detecting unit 1 detects the first device management event 2 1 1 0 or the third device management event 2130, the state setting unit 1 3 00 The device state is maintained at "1st state". When the device state is in the "first state (normal time)", when the event detecting unit 1 100 detects the second device management event 2 1 20, the state setting unit 1 300 changes the device state. In the "second state (DM is not available)". On the other hand, when the device state is in the "second state", when the event detecting unit 110 detects the first device management event 2110 or the second device management event 2 1 20, the state setting unit 1 The 3 00 system maintains the device status in the "second state". When the device state is in the "second state", when the event detecting unit 11 00 detects the third device management event 2 1 3 0, the state setting unit 1 3 00 changes the device state to "the first". 1 state". In addition, when the device state is in the "first state", the event detecting unit 〇〇 detects that the second device management event 2 1 20 is detected, and only the first time is not detected within a certain period of time. In the case of the device management event 2 1 1 0, the state setting unit 1 3 sets the device state to "the second state -19 - 200834442. The principle management unit 1 200 is configured to specify the device management function. The plural device management principle 2200 is set in accordance with the device state set by the state setting unit 1 3 0〇 and the detection result of the specific device management event caused by the event detecting unit 1 1〇〇. The device management principle is used. The principle management unit 1200 notifies the device management execution unit 1 400 of the device management principle that is selected as the device management principle to be used. When the device status is in the "first state", principle management In the department 1200, the first device management principle 22 1 0 is set (selected) to be the device management principle to be used; when the device state is in the "second state", the principle management unit 1 200 is to perform the second device management. Principle 2220, setting (selection) becomes the device management principle to be used. For example, when the device state is in the "first state", when the event detecting unit 1 1 1 0 detects the second device management event 2 1 20, the state setting unit 1 1 3 0 sets the device state to The "second state"; the principle management unit 1 200 sets the second state device management principle (second device management principle) as the device management principle to be used. Here, the device management principle 2200 is a principle for specifying the device management function to be executed on the device management execution unit 1 400. Specifically, the first device management principle 2210 instructs it to execute the first device management function 2310 when the i-th device management event 2110 or the third device management event 2130 is detected. On the other hand, the second device management principle 2220 is used to indicate that the second device management function 2320 is executed when the first device management event 2 11 0 or the second device management event 2 _ 20 -20- 200834442 is detected, The principle of the third device management function 23 30 is executed when the third device management event 2130 is detected. Further, the principle management unit 1200 may be configured to download the device management principle 2200 from the DM server 10, or may be configured to copy the device management principle 2200 from a smart card or the like issued by the enterprise management department, or may be configured to The device management principle 2200 that is pre-held at the time of shipment of the device 20 is utilized. The device management execution unit 1400 is configured to perform the management (device management) of the device 20 by executing the device management function 2 3 〇 0 ' provided in the device 20. Specifically, the device management execution unit 1 400 is configured to detect the specific device management event 2 1 0 0 caused by the event detecting unit 1 1 ,, and the state setting unit 1 300 The device status of the device is set to determine the device management function to be executed. 2300 °. In detail, the device management execution unit 1400 is configured as the device management to be used by the principle management unit 1200. The device management function specified in principle 2 2 0 0" 2 3 〇〇 'Decision becomes the device management function that should be executed 23 00. In addition, the device management execution unit 1400 may be configured to 'should be used according to the detection result of the specific device management event 2100 caused by the event detecting unit 1100, and set by the principle management unit 1 200. The device management function specified by the device management principle 2200" is determined to be 2300 ° as the device management function to be executed. For example, the device management execution unit 1400 is configured as 'when the device type-21 - 200834442 is in the state In the "second state", when the first device management event 2 1 1 0 or the second device management event 2120 is detected, the second device management function 2320 specified by the second device management principle 2220 is executed. Further, the device management execution unit 1400 is configured to execute the second device management principle 2220 when the device state is in the "second state" and the third device management event 213 0 is detected. The third device management function 2330. In the present embodiment, the first device management function 23 1 0 (normal time) of the device management execution unit 1 400 monitors the access and collection access to the external recording medium 1 by executing the monitoring function 3 2 . The log also reports the access log to the DM server 10 by executing the reporting function 3, and the second device management function 23 20 (when the state changes) of the device management execution unit 1 400 is executed. The function 31 is locked to lock the access function (specific function) of the external recording medium 1 (making it unusable). Further, the third device management function 23 3 0 (when the state is restored) of the device management execution unit 1 400 is to unlock the access function of the external recording medium 100 by executing the lock function 3 1, (Enables access to the external recording medium 100 to become usable). Further, not only the case where the device management execution unit 1400 executes the lock function 31 to lock the access function of the external recording medium 100, but also to prevent the outflow of confidential documents of the company, is not only the present embodiment. By performing the second device management function (protecting the special device 22 in the device 20)

200834442 定資訊的機能)2320以將機密文書加密’藉由執行 備管理機能(將設備20中之特定資訊予以復原的 23 30以將加密過的機密文書予以解密的案例° 所述情況下,例如,第2設備管理機能2320 ,是將被事先附上表示這是機密文書之葸旨的旗標 全體(或者指定的部份),使用3DES或RSA等演 予以加密的機能。 此時,第3設備管理機能2330係爲,基於記 被加密之文書的清單,來將特定文書予以解密的機 又,第2設備管理機能2320係亦可爲,利用 統而將機密文書的存取屬性設成「拒絕」的機能( 定資訊之機能),而第3設備管理機能233 0係亦 存取屬性還原成「允許」的機能(將特定資訊予以 機能)。 所述情況下,在設備狀態變成「第2狀態」以 2設備管理機能2320就已經積存著機密文書的存取 因此將該當機密文書的存取屬性設成「拒絕」,第 管理機能係取得所積存之該當機密文書的適切之存 ,並將存取屬性加以還原。 此處,設備狀態是處於「第1狀態」之際,當 測部111 〇偵測到第1設備管理事件2 1 1 0或第3設 事件2130時,則設備管理執行部1400係執行,被 使用之設備管理原則而設定之第1狀態用設備管理 第1設備管理原則)22 1 0所特定出來的第1設備管 第3設 機能) 亦可爲 的文書 算法來 載著已 能。 檔案系 保護特 可爲將 復原之 前,第 屬性, 3設備 取屬性 事件偵 :備管理 :當成應 .原貝(I ( :理機能 -23- 200834442 23 10 〇 又,設備狀態是處於「第1狀態」之際’當事件偵測 部1 11 0測知到第2設備管理事件2 1 2 0時,則設備管理執 行部1 4 0 0係執行,被當成應使用之設備管理原則而設定 之第2狀態用設備管理原則(第2設備管理原則)2220所 特定出來的第2設備管理機能23 20。 (本發明之第1實施形態所述之設備管理裝置的動作 ) 參照圖8至圖11,說明本發明之第1實施形態所述之 設備管理裝置1000的動作。 第1,參照圖8,說明本實施形態所述之設備管理裝 置1 0 00的事件偵測部1100的動作。 如圖8所示,於步驟S1001中,事件偵測部1 1 〇〇,首 先讀取用來區分各設備管理事件2 1 00是屬於第1乃至第3 設備管理事件之何者的事件清單。 此處,在事件清單中係含有,列舉了第2設備管理事 件的第2事件清單,和列舉了第3設備管理事件的第3事 件清單。 於步驟S 1 002中,事件偵測部11〇〇係取得現在的設 備狀態。 於步驟S1003至S1005 (事件等待迴圈)中,事件偵 測部1 1 00係一直等待設備管理事件的來臨,直到設備管 理結束爲止。 -24- 200834442 事件偵測部111 〇,係一旦偵測到設備管理事件來臨, 則於步驟S 1 006中,檢查現在的設備狀態是否處於「第1 狀態」。 當判定爲現在的設備狀態是處於「第1狀態」時,事 件偵測部1 11 〇係於步驟s 1 0 11至S 1 0 1 3中,利用第2事 件清單,檢查在第2事件清單內是否存在已測知之設備管 理事件。 事件偵測部11 1 〇,係一旦判定設備管理事件是存在於 第2事件清單內,則於步驟S 1 0 1 4中,將設備管理事件已 來臨之事實通知給狀態設定部1 300,返回步驟S 1 005。 另一方面,事件偵測部1 1 1 0,係一旦判定設備管理事 件並不存在於第2事件清單內,則於步驟S 1 03 1中,將設 備管理事件已來臨之事實通知給設備管理執行部1 400,返 回步驟S 1 0 0 5。 另一方面,於步驟S 1 0 06中,當判定爲現在的設備狀 態並非處於「第1狀態」(亦即處於「第2狀態」)時, 則事件偵測部1 1 1 0係於步驟S 1 02 1至S 1 023中,利用第3 事件清單,檢查在第3事件清單內是否存在已測知之設備 管理事件。 事件偵測部11 1 0,係一旦判定設備管理事件是存在於 第3事件清單內,則於步驟S 1 024中,將設備管理事件已 來臨之事實通知給狀態設定部1 300,返回步驟S 1 005。 另一方面,事件偵測部1 1 1 〇,係一旦判定設備管理事 件並不存在於第3事件清單內,則於步驟S 1 0 3 1中,將設 -25- 200834442 備管理事件已來臨之事實通知給設備管理執行部14〇〇,返 回步驟S 1 0 0 5。 此處’事件偵測部1 1 1 〇係於事件等待迴圈中,偵測 到設備管理的結束時,則結束其處理。 此處,事件偵測邰1 1 1 0係亦可爲,於步驟s i 0 i 2中 ,偵測到第2設備管理事件時,若在一定時間內,有偵測 到第3設備管理事件,則進行步驟S1014之處理。 其結果爲’可使設備管理裝置1000全體的處理效率 變好。例如’當設備2 〇正在通過隧道內等時候,僅數秒 間發生網路品質劣化,然後網路品質立刻恢復良好的案例 下,則不要使設備狀態遷移至「第2狀態」,而是維持「 第1狀態」不變,處理上比較不冗長。 第2,參照圖9,說明本實施形態所述之設備管理裝 置1 000的狀態設定部13.00的動作。 如圖9所示,於步驟S1101中,狀態設定部13〇〇係 取得現在的設備狀態。此外,在初期狀態下,假設設備狀 態係爲「第1狀態」。 於步驟S1 102至S1 104 (輸入等待迴圈)中,狀態設 定部1 3 〇 0係等待來自事件偵測部11 〇 〇的通知。 狀態設定部係當偵測到來自事件偵測部11〇〇的 時候,則於步驟S1105中,檢查現在的設備狀態是否處於 「第1狀態」。 若現在的設備狀態是處於「第1狀態」,則於步驟 S1 106中,狀態設定部1300係將設備狀態設定成「第2狀 -26- 200834442 態」。 另一方面,若現在的設備狀態是處於「第2狀態」, 則於步驟S1107中,狀態設定部1 300係將設備狀態設定 成「第1狀態」。 於步驟S1 108中,狀態設定部1 300,係將於步驟 S1106或S1 107中所設定的設備狀態,通知給事件偵測部 11〇〇及原則管理部1 200後,返回步驟S1 104。 此處,狀態設定部1 3 00係於輸入等待迴圏中,偵測 到設備管理的結束時,則結束其動作。 第3,參照圖10,說明本實施形態所述之設備管理裝 置1 0 00的原則管理部1 200的動作。 如圖10所示,於步驟S1201至S 1 203 (原則變更迴 圈)中,原則管理部120 0係等待來自狀態設定部1 3 00的 通知。 原則管理部1 200係當偵測到來自狀態設定部1 300的 通知時,則於步驟S 1204中,讀取現在的設備狀態,於步 驟S 1 205中,檢查現在的設備狀態是否處於「第〗狀態」 〇 若現在的設備狀態是處於「第1狀態」,則原則管理 部120G係於步驟S 1 208中,選擇(設定)第1設備管理 原則來作爲應使用之設備管理原則。 另一方面,若設備狀態是處於「第2狀態」,則原則 管理部1200係於步驟S 1 206中,選擇(設定)第2設備 管理原則來作爲應使用之設備管理原則。 -27- 200834442 於步驟S 1 207中,原則管理部1 200係將步驟S1206 或S 1208中所選擇(設定)的設備管理原則,通知給設備 管理執行部1400後,返回步驟S 1 20 3。 此外,原則管理部1 200,係於原則變更迴圈中,偵測 到設備管理的結束時,則結束其處理。 第4,參照圖1 1,說明本實施形態所述之設備管理裝 置1000的設備管理執行部1400的動作。 如圖1 1所示,於步驟S 1 3 0 1中,設備管理執行部 1400係取得,被原則管理部1 200所選擇之設備管理原則 (亦即被原則管理部1 200當成應使用之設備管理原則而 設定的設備管理原則)。 此處,在設備管理原則中係有,通常時(亦即第1狀 態下)所應使用之第1設備管理原則22 1 0,和無法適切進 行設備管理之狀態時(亦即第2狀態下)所應使用之第2 設備管理原則。 在步驟S1301中’假設設備管理執行部140〇係取得 屬於初期狀態的第1設備管理原則22 1 0。 於步驟S13〇2至S 1 3 05 (事件等待迴圈)中,設備管 理執行部1 400係等待著來自原則管理部1200或事件偵測 部1 1 0 0的通知。 設備管理執行部14〇〇 ’係於步驟S1303中,若偵測 到來自原則管理部12〇〇的通知時,則於步驟S1311中, 依照所述通知’取得了該當的設備管理原則後,返回步驟 S1304 〇 -28- 200834442 設備管理執行部1 400,係於步驟S1 304中,偵測到 來自事件偵測部1100的通知時,則於步驟S 1 306中,隨 應於來自事件偵測部1 1 00的通知,選擇所應執行之設備 管理機能,並於步驟S 1 307中,在執行了已選擇之設備管 理機能後,返回至步驟S 1 3 05。 此外,設備管理執行部1 400,係於事件等待迴圈中, 偵測到設備管理的結束時,則結束其處理。 第5,參照圖1及圖2,說明本實施形態所述之設備 管理裝置1 G00的全體動作。此外,假設設備狀態的初期 狀態下係爲「第1狀態」。 於步驟A 1中,事件偵測部1 1 〇〇係若偵測到已到達預 先給予的時刻(來自計時器的通知),則理解到已發生第 1設備管理事件2 1 1 0之事實,對設備管理執行部1 400, 通知已測知第1設備管理事件之意旨。 於步驟A2中,設備管理執行部1 4 0 0係依照被原則管 理部1 200所預先設定的第1設備管理原則2210,作爲第 1設備管理機能23 1 0則是執行,每一定時間就監視對外部 記錄媒體1〇〇之存取而收集存取日誌的監視機能32,及向 DM伺服器1 〇報告存取日誌的報告機能3 3。 於步驟A3中,若一定時間已結束,則設備管理執行 部1 40 0係停止第1設備管理機能23 1 0 (監視機能32及報 告機能33)的執行。 於步驟A4中,事件偵測部1 1 00 —旦偵測到網路斷線 發生,則第2設備管理事件2 1 2 0便理解到已發生之事實 -29- 200834442 ,對狀態設定部1 300,通知已測知第2設備管理事件之意 於步驟A5中,狀態設定部1 3 00係將設備狀態,設定 成「第2狀態」,並將其意旨,通知給事件偵測部1100 及原則管理部1200。 於步驟A6中,原則管理部1200,係選擇第2設備管 理原則2220來當作應使用之設備管理原則,並將其意旨 通知給設備管理執行部1 400。 以降,每當事件偵測部11 00將已測知第1設備管理 事件2110及第2設備管理事件2120的意旨通知給設備管 理執行部1 400之際,設備管理執行部1400係依照第2設 備管理原則2220,作爲第2設備管理機能2320,是執行 鎖住對外部記錄媒體100之存取的鎖住機能31。 於步驟A7中,事件偵測部1 1 〇〇 —旦測知網路恢復, 則理解到已測知第3設備管理事件2 1 3 0,對狀態設定部 1 3 00及設備管理執行部14〇0,通知已測知第3設備管理 事件2 1 3 0之意旨。 此處,由於可以嘗試從設備20對網路進行存取,因 此可以測知蜂巢網線路或無線LAN的網路的恢復。 於步驟A8中,設備管理執行部丨4 00,係依照第2設 備管理原則2220,作爲第3設備管理機能2330,是執行 將對外部記錄媒體100之存取的鎖住加以解除的鎖住機能 31 〇 於步驟A9中,狀態設定部1 3 00係將設備狀態,設定 -30 - 200834442 成「第1狀態」,並將其意旨,通知給事件偵測部1100 及原則管理部1200。 於步驟A10中,原則管理部12〇0,係選擇(設定) 第1設備管理原則2210來當作應使用之設備管理原則, 並將其意旨通知給設備管理執行部1400。 以降,每當事件偵測部1 100將已測知第1設備管理 事件2 1 1 0及第3設備管理事件2 1 3 0的意旨通知給設備管 理執行部1 1 400之際,設備管理執行部1400係依照被設 定來作爲應使用之設備管理原則的第1設備管理原則,而 執行第1設備管理機能。 如上述,係被構成爲,設備狀態是處於「第2狀態」 之際,當事件偵測部1 1 00測知到第3設備管理事件2 1 3 0 時,則在設備管理執行部1 400實行了,被設定用來當成 應使用之設備管理原則的第2狀態用設備管理原則(第2 設備管理原則)2220所特定出之第3設備管理機能23 3 0 之後,狀態設定部1 3 00係將設備狀態設定成「第1狀態 」;原則管理部1 200,係將第1狀態用設備管理原則(第 1設備管理原則)22 1 0予以設定以用來作爲應使用之設備 管理原則。 (本發明之第1實施形態所述之設備管理裝置的作用 、效果) 若依據本發明之第1實施形態所述之設備管理裝置 1〇〇〇,則狀態設定部1 3 00係隨應於事件偵測部1100所致 -31 - 200834442 之設備管理事件2 1 00 (第1乃至第3設備管理事件2 1 1 0 乃至2 1 3 0 )的偵測結果,來設定各種的設備狀態(第1狀 態或第2狀態),設備管理執行部1 400係可隨應於所述 之設備狀態,來執行各種相應於設備管理原則2200的設 * 備管理(使用DM代理器的遠端監視)。 ^ 若依據本發明之第1實施形態所述之設備管理裝置 1000,則考慮到設備狀態(第1狀態或第2狀態)之改變 前所執行的設備管理機能23 00 (第1乃至第2設備管理機 能23 10乃至2330 )以及已發生改變之設備狀態(第1狀 態或第2狀態)之兩者,而進行有彈性的設備管理。 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則設備管理執行部1400係可執行,符合於已被測 知之設備狀態之遷移的設備管理原則2200所特定出的設 備管理機能2300 (第1乃至第2設備管理機能2310乃至 2330) ° • 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則當已被測出之設備管理事件2 1 00係爲電池電力 降低或網路斷線這類情況時,可忽視於行動終端等的設備 ¥ 20上容易發生的暫時性電池電力降低或網路斷線這類設備 • 管理事件2 1 00,可削減設備管理所費之成本。 若依據本發明之第1實施形態所述之設備管理裝置 1 0 0 0 ’則例如,在設備管理機能的執行是明顯受到限制的 設備狀態下,藉由保護特定的資訊(例如機密文書),就 可防止從設備20外流資訊。 -32- 200834442 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則因爲測知了第3設備管理事件2 1 3 0而使設備狀 態從第2狀態復原成第1狀態之際,首先,執行依照此時 點下所設定之第2設備管理原則.222 0的第3設備管理機 能23 3 0,然後才將設備狀態設定成原本樣子,因爲如此構 成,所以在設備狀態還原前,就可執行用來將設備狀態復 原成第1狀態所需之特別的設備管理機能(使對外部記錄 媒體100之存取變成可以使用之機能,或將機密文書予以 解密之機能等)。 若依據本發明之第1實施形態所述之設備管理裝置 1 〇〇〇,則因設備狀態改變而變成不可存取的特定資訊(例 如機密資訊),可使其再度變成可存取。 若依據本發明之第1實施形態所述之設備管理裝置 1 000 ’則於通常之設備管理是難以進行的特殊設備狀態( 第2狀態)下,可設定特殊的設備管理原則2300,執行所 述設備狀態用的特殊之設備管理。 若依據本發明之第1實施形態所述之設備管理裝置 1 000 ’則例如,在設備管理機能23 00的執行是明顯受到 限制的設備狀態(第2狀態)下,藉由使得特定的機能( 例如對外部記錄媒體的存取機能)變成可不使用,就可防 止不當行爲或不良情形等。 (第2實施形態所述之設備管理裝置) 參照圖1 2至圖1 7,說明本發明之第2實施形態所述 -33- 200834442 之設備菅理裝置1000。以下,關於本發明之第2實施形態 所述之設備管理裝置1 0 0 0 ’著眼於和上述第1實施形態所 述之設備管理裝置1 000的相異點來加以說明。 本實施形態所述之設備管理裝置1 000之構成,雖然 是和第1實施形態所述之設備管理裝置1 000的構成相同 ,但本實施形態係如圖1 2所示,在設備管理裝置1 〇〇〇外 的設備內部或設備外部,設有事件積存部2400,具有如此 特徵。 事件積存部2400係被構成爲,設備狀態是處於「第2 狀態」時’將事件偵測部1 100所測出的第1設備管理事 件2 1 1 0,加以積存。 事件積存部2400中所積存的第1設備管理事件2110 ,係在設備管理裝置1 000的設備狀態是從「第2狀態」 正確地復原成「第1狀態」之際,會被利用。 本實施形態中是想定爲,如圖1 3及圖1 4所示,設備 20是內建非接觸1C卡400,職員是利用非接觸10:卡400 ,來利用各辦公室系統的情形。 具體而言,本實施形態所述之非接觸1C卡400,係具 備:用來管理對辦公室之入退室的入退室機能4 1 0、和對 PC的登入機能420。 職員係藉由將非接觸1C卡400放到讀卡機400A (例 如FeliCa讀卡機)’以使入退室機能410及登入機能420 發揮作用。 亦即,職員係藉由把非接觸1C卡400放到辦公室入 -34- 200834442 口所準備的讀卡機400A,就可進入辦公室內,藉由把非 接觸1C卡400放到辦公室出口所準備的讀卡機4 00A,就 可從辦公室退室。 又,職員係藉由把非接觸1C卡400放到PC所具備的 讀卡機400A,就可對PC進行登入。 .然後,假設入退室機能410及登入機能420,係按照 以下的規則而彼此合作。 •依據職員進入辦公室之事實,使得對PC的登入機 能420變成有效(可使用)。 •當職員從辦公室退室時,則使得對PC的登入機能 420變成無效(不可使用)。 •只有當PC被准許在辦公室外使用的情況下,才會 讓職員從辦公室中退室以後,仍可經由伺服器來對PC的 登入機能420,設成有效。 •上述的非接觸1C卡的登入機能之有效化/無效化, 係經由DM伺服器1 〇來爲之。 此處,登入機能420,如上述,係可隨著使用者對辦 公室的入退室狀況(特定的狀況),而變成可使用或不可 使用,例如,負責決定是否可登入至PC,相當於第1設 備管理機能之角色。 參照圖1 3及圖1 4,說明將使用本實施形態所述之設 備管理裝置1 〇 0 0的設備管理(入退室管理及登入管理) 加以實現的系統。 具體而言,所述系統係具備··非接觸IC卡400的入 -35- 200834442 退室機能410、登入機能420、設備管理裝置1〇〇〇、將入 退室事件通知給DM伺服器1 0的事件通知機能3 4、伴隨 所述通知而使登入機能420變成有效化(可使用)或無效 化(不可使用)的DM伺服器10。 當職員對辦公室入室時,非接觸1C卡400被放在讀 卡機400A時,則設備管理裝置1 000係透過入退室機能 4 1 0而測知入室事件。 設備管理裝置1 000,係伴隨著入室事件的測知,而啓 動(執行)事件通知機能34,對DM伺服器10通知所測 知的入室事件。DM伺服器10係使登入機能420有效化, 使得辦公室內的對PC之登入,成爲可能。 又,當職員從辦公室退室時,非接觸1C卡400被放 在讀卡機400A時,則和入室時同樣地,對DM伺服器10 通知退室事件。 DM伺服器1 0,係判斷該當設備的使用者亦即職員, 是否有被許可在辦公室外利用P C,若有許可時,則使登 入機能4 1 0有效化。 上述的處理,若被正常執行,則除了正當的使用者以 外,在辦公室外應該是不能利用P C。可是,如上述,會 有無法適切進行設備管理的情形。 所述情形,例如假設爲圖14所示的狀況。所述例子 中,假設因爲設備的斷電等,導致DM代理器30本身無 法測知入退室事件。 一般而言,行動終端等之設備2 0中所具備的非接觸 -36- 200834442 1C卡400,係由於可以微弱的電力來動作,因此即使設備 20的電源是切斷的狀態下,非接觸1C卡400中所具備的 入退室機能410或登入機能420係爲可使用。 可是在此同時,此種狀態下,由於設備20上的軟體 亦即DM代理器30係無法動作,因此對DM伺服器10通 知入退室事件的事件測知機能34係爲無法動作。 因此,當使用者是進入辦公室之狀態下,將設備20 的電源予以切斷時,可能會導致登入機能4 2 0是保持在無 效化,使用者就從辦公室退室。 爲了防止此種狀況,例如,設備20的電源是藉由長 壓該當設備所具備的電源鈕而被切斷時,則設備管理裝置 1 〇〇〇,係測知所述的設備20之斷電事件,利用事件測知 機能34,將其意旨對DM伺服器10進行通知,藉由DM 伺服器1 〇而使登入機會g 420無效化。 其結果爲,即使當使用者是切斷設備20之電源,而 從辦公室退室時,也無法在登入機能420沒有被有效化的 情況下,在辦公室外利用PC。 此處並未考慮到,藉由拔下電池來切斷設備2 0之電 源的情形。雖然設備管理裝置1 〇〇〇要測知此種事件是有 困難,但是原本在沒有電池的狀態下,非接觸1C卡400 本身係不動作,因此入退室或登入本身都不可能,在辦公 室外不當使用PC的疑慮是不存在的。 然後,如上述,考慮登入機能420被強制性無效化而 切斷了設備20之電源後,設備20的電源再被打開時的情 -37- 200834442 形。 所述情形,無論使用者是在辦公室內或辦公室外,都 被許可使用PC的情況下,則必須要使登入機能420變成 有效。 又,若是不被許可在辦公室外使用PC的情況下,則 登入機能420必須要維持無效化才行。 如上述,爲了實現往正常狀態的復原,本實施形態中 係假定爲,在設備20的內部或設備20的外部,具備了事 件積存部24 0 0,係用來探知並積存在該當設備2 0電源切 斷期間所發生的入退室事件。 例如,入退室機能420,是可具備所述的事件積存部 24 00。如上述,即使在設備20電源切斷期間,非接觸1C 卡400及入退室機能420係爲可動作,因此事件積存部 2400若被入退室機能420所具備,則可將設備20電源切 斷期間所發生的入退室事件加以積存。 只不過,在本實施形態中,由於使用者究竟是處於入 室到辦公室或是從辦公室退室之哪種狀態下並非明朗,因 此事件積存部2400係爲,一旦積存了退室事件,則可將 其以前所積存的入室事件加以丟棄。 又’同樣地,事件積存部2400係爲,一旦積存了入 室事件’則可將其以前所積存的退室事件加以丟棄。 再者,當設備20的電源打開時,則設備管理裝置. 1 〇 〇 〇係測知該意旨,基於事件積存部2 4 0 0中所積存的入 退室事件,來執行事件通知機能34,就可使設備20復原 -38- 200834442 成正常狀態。 此處,圖1 5至圖1 7中係例示了,本實施形態所述之 事件偵測部1100所測出的第1乃至第3設備管理事件的 清單。 圖1 5中係例示了第1設備管理事件2 1 1 0中所屬之設 備管理事件的清單(第1事件清單)之例子,圖16中係 例示了第2設備管理事件2 120中所屬之設備管理事件的 清單(第2事件清單)之例子,圖17中係例示了第3設 備管理事件2130中所屬之設備管理事件的清單(第3事 件清單)之例子。 在本實施形態中,當第2事件清單當中「ID二0」的 設備管理事件(設備斷電)發生時,則狀態設定部1 3 00 係將設備狀態改變成「第2狀態」;當第3事件清單當中 「ID = 0」的設備管理事件(設備復電)發生時,則狀態 設定部1 3 〇0係將設備狀態復原成「第1狀態」。 此處,於本實施形態中,「第1狀態」係爲設備20 正常動作之狀態,「第2狀態」係爲設備20的電源切斷 狀態(無法被事件偵測部1 1 0 0偵測出設備管理事件2 1 0 0 之狀態)。 又,於本實施形態中,「第1設備管理事件2 1 1 0」係 爲入退室事件,「第2設備管理事件2120」係爲爲了切斷 電源而長壓電源鈕的事件,「第3設備管理事件2 1 3 0」係 爲設備的電源打開。 再者,在本實施形態中,「第1設備管理機能23 1 0」 -39- 200834442 係爲對DM伺服器10通知入退室事件,「第2設備 機能23 20」係爲對DM伺服器10通知設備20斷電, 3設備管理機能2330」係爲事件積存部2400中所積 入退室事件的的DM伺服器1 0之通知。 ^ 然後,「第1設備管理原則22 1 0」係規定,在設 * 測到入退室事件時,將其意旨通知給DM伺服器10; 2設備管理原則2220」係規定,將設備20的斷電要向 B 伺服器通知及將設備20斷電期間所積存的入退室事 向DM伺服器通知。 藉由進行如上述的置換,且設備管理裝置1000 第1實施形態同等地動作,就可實現本實施形態所述 統。 此處,本實施形態中,事件積存部2400係亦可 成爲,將複數的第1設備管理事件2110予以總結然 更成其他第1設備管理事件2 1 1 0。 # 例如,事件積存部2400係亦可被構成爲,若其 的第1設備管理事件21 10是積存著第1設備管理 2110係將「入室事件+退室事件+入室事件」時,則 ' 這些第1設備管理事件2 1 1 0,總結地積存成爲「入室 * j ° 若依據本發明之第2實施形態所述之設備管理 1 000,則例如,當第1設備管理機能2310係隨著特 狀況(使用者的辦公室入退室狀況),而會變成可使 成爲不可使用的此種限制機能(登入機能)的情況下 管理 「第 存的 備偵 「第 DM 件要 是和 之系 被構 後變 複數 事件 可將 事件 裝置 定的 用或 ,則 -40- 200834442 成爲無法執行第1設備管理機能23 10的設備狀態(第2 狀態);當無法測知上述之特定狀況(使用者的辦公室入 退室狀況)時,則將該當第1設備管理機能23 1 0 (登入機 能)預先設成不可使用’就可維持成進行最嚴格限制之設 備管理的狀態。 若依據本發明之第2實施形態所述之設備管理裝置 1 000,則設備狀態是處於第2狀態之期間內所發生過的第 1設備管理事件2 1 1 0加以積存的事件積存部2400,是理 解了所積存的第1設備管理事件2110之意義,並將該當 第1設備管理事件2110之集合(「入室事件+退室事件+ 入室事件」),轉換成具有相同意義的另一第1設備管理 事件2 1 1 0 (「入室事件」),因爲如此構成,所以藉由將 事件積存部2 4 0 0中所積存的第1設備管理事件2丨〗〇加以 總結,轉換成較少的第1設備管理事件2 1 1 0,就可刪減第 1設備管理事件2 1 1 0的積存成本,以及設備狀態復原時的 設備管理機能23 0 0的執行成本。 (第3實施形態所述之設備管理裝置) 參照圖1 8至圖20,說明本發明之第.3實施形態所述 之設備管理裝置1 000。以下,關於本發明之第3實施形態 所述之設備管理裝置1〇〇〇,著眼於和上述第1或第2實施 形態所述之設備管理裝置1 〇 〇 〇的相異點來加以說明。 本實施形態中,於第2實施形態中,「第2狀態」並 非設備20的斷電’而是考用DM伺服器1 0當機之狀態。 -41 -200834442 The function of the information) 2320 to encrypt the confidential document 'by the case of performing the standby management function (the case where the specific information in the device 20 is restored 23 30 to decrypt the encrypted confidential document) The second device management function 2320 is a function that encrypts all the flags (or designated parts) indicating that this is a confidential document, and uses 3DES or RSA to perform encryption. The device management function 2330 is a device that decrypts a specific document based on a list of encrypted documents, and the second device management function 2320 can also use the system to set the access attribute of the confidential document to " The function of "rejecting" (the function of information), and the function of the third device management function 233 0 also restores the attribute to "permitted" (the specific information is functional). In this case, the status of the device becomes " "2 status", the 2 device management function 2320 has already stored the access to the confidential document, so the access attribute of the confidential document is set to "reject", and the management function is acquired. The proper storage of the confidential document is preserved, and the access attribute is restored. Here, when the device state is in the "first state", the detecting unit 111 detects the first device management event 2 1 1 0 When the third event 2130 is set, the device management execution unit 1400 executes the first device management unit specified by the first state device (the first device management principle) 22 1 0 which is set by the device management principle to be used. 3 set the function) can also be used for the paper algorithm to carry. The file system protection special for the property will be restored before the first attribute, 3 device attribute event detection: standby management: when Cheng Ying. Original shell (I (: machine function -23- 200834442 23 10 〇 again, the device status is at "1st When the event detecting unit 1 11 0 detects the second device management event 2 1 2 0 0, the device management execution unit 1 400 executes, and is set as the device management principle to be used. The second device management function 23 20 specified by the device management principle (second device management principle) 2220 of the second state. (Operation of the device management device according to the first embodiment of the present invention) Referring to Figs. 8 to 11 The operation of the device management device 1000 according to the first embodiment of the present invention will be described. First, the operation of the event detecting unit 1100 of the device management device 100 according to the present embodiment will be described with reference to FIG. As shown in FIG. 8 , in step S1001, the event detecting unit 1 1 first reads a list of events for distinguishing between the device management events 2 1 00 and the first to third device management events. Included in the list of events, listed The second event list of the second device management event and the third event list in which the third device management event is listed. In step S1 002, the event detecting unit 11 obtains the current device state. In step S1003, In S1005 (event waiting loop), the event detecting unit 1 00 waits for the arrival of the device management event until the device management ends. -24- 200834442 The event detecting unit 111 一旦, once the device management event is detected When it is coming, in step S1 006, it is checked whether the current device state is in the "first state". When it is determined that the current device state is in the "first state", the event detecting unit 1 11 is in step s. 1 0 11 to S 1 0 1 3, using the second event list to check whether there is a detected device management event in the second event list. The event detecting unit 11 1 〇, once it is determined that the device management event is present in In the second event list, in step S1 0 1 4, the fact that the device management event has arrived is notified to the state setting unit 1 300, and the process returns to step S1 005. On the other hand, the event detecting unit 1 1 1 0 Once If the device management event does not exist in the second event list, in step S1031, the device management execution unit 1400 is notified of the fact that the device management event has arrived, and the process returns to step S1 0 0 5. On the other hand, in step S106, when it is determined that the current device state is not in the "first state" (that is, in the "second state"), the event detecting unit 1 1 1 0 is in step S1. From 02 1 to S 1 023, using the third event list, it is checked whether there is a detected device management event in the third event list. When it is determined that the device management event exists in the third event list, the event detecting unit 11 1 0 notifies the state setting unit 1 300 of the fact that the device management event has arrived in step S 1 024, and returns to step S. 1 005. On the other hand, the event detecting unit 1 1 1 〇, once it is determined that the device management event does not exist in the third event list, then in step S1 0 3 1 , a management event of -25-200834442 is set to come. The fact is notified to the device management execution unit 14 and returns to step S1 0 0 5 . Here, the event detecting unit 1 1 1 is in the event waiting loop, and when the end of the device management is detected, the processing ends. Here, the event detection 邰1 1 1 0 may also be, in the step si 0 i 2, when the second device management event is detected, if the third device management event is detected within a certain time, Then, the process of step S1014 is performed. As a result, the processing efficiency of the entire facility management apparatus 1000 can be improved. For example, when the device 2 is passing through the tunnel, and the network quality deteriorates in a few seconds, and then the network quality is immediately restored, do not move the device state to the "second state", but maintain " The first state is unchanged, and the processing is not too long. Secondly, the operation of the state setting unit 13.00 of the facility management device 1000 according to the present embodiment will be described with reference to Fig. 9 . As shown in Fig. 9, in step S1101, the state setting unit 13 obtains the current device state. In addition, in the initial state, it is assumed that the device status is "first state". In steps S1 102 to S1 104 (input wait loop), the status setting unit 1 3 〇 0 waits for a notification from the event detecting unit 11 〇 . When the state setting unit detects the event detecting unit 11A, the state setting unit checks whether the current device state is in the "first state" in step S1105. When the current device state is in the "first state", the state setting unit 1300 sets the device state to "the second state -26-200834442 state" in step S1106. On the other hand, if the current device state is in the "second state", the state setting unit 1 300 sets the device state to "first state" in step S1107. In step S1108, the state setting unit 1300 notifies the event detecting unit 11 and the principle management unit 1 200 of the device state set in step S1106 or S1 107, and returns to step S1 104. Here, the state setting unit 1 3 00 is in the input waiting for return, and when the end of the device management is detected, the operation is terminated. Thirdly, the operation of the principle management unit 1 200 of the facility management device 100 in the present embodiment will be described with reference to Fig. 10 . As shown in Fig. 10, in steps S1201 to S1 203 (principle change loop), the principle management unit 120 0 waits for notification from the state setting unit 1 300. When the principle management unit 1 200 detects the notification from the state setting unit 1 300, the current device status is read in step S1204, and in step S1 205, it is checked whether the current device status is "". 〗 〖If the current device status is in the "first state", the principle management unit 120G selects (sets) the first device management principle as the device management principle to be used in step S1 208. On the other hand, if the device status is in the "second state", the principle management unit 1200 selects (sets) the second device management principle as the device management principle to be used in step S1206. -27- 200834442 In step S1 207, the principle management unit 1200 notifies the device management execution unit 1400 of the device management principle selected (set) in step S1206 or S1208, and returns to step S1203. Further, the principle management unit 1 200 terminates the processing when it detects the end of the device management in the principle change loop. Fourth, the operation of the device management execution unit 1400 of the facility management device 1000 according to the present embodiment will be described with reference to Fig. 1 . As shown in FIG. 11 , in step S 1 3 0 1 , the device management execution unit 1400 acquires the device management principle selected by the principle management unit 1 200 (that is, the device to be used by the principle management unit 1 200). Equipment management principles set by management principles). Here, in the device management principle, the first device management principle 22 1 0 that should be used in the normal time (that is, in the first state), and the state in which the device management cannot be properly performed (that is, in the second state) ) The second equipment management principle that should be used. In step S1301, it is assumed that the device management execution unit 140 acquires the first device management principle 22 1 0 belonging to the initial state. In steps S13〇2 to S1 3 05 (event waiting loop), the device management execution unit 1400 waits for notification from the principle management unit 1200 or the event detecting unit 1100. When the device management execution unit 14 is in step S1303, if a notification from the principle management unit 12A is detected, then in step S1311, in accordance with the notification 'the device management principle is obtained, the device returns Step S1304 〇-28- 200834442 The device management execution unit 1 400, in step S1 304, detects the notification from the event detecting unit 1100, then in step S1 306, in response to the event detecting unit In the notification of 1 00, the device management function to be executed is selected, and in step S1 307, after the selected device management function is executed, the process returns to step S1 3 05. Further, the device management execution unit 1 400 is in the event waiting loop, and when the end of the device management is detected, the processing ends. Fifth, the overall operation of the facility management device 1 G00 according to the present embodiment will be described with reference to Figs. 1 and 2 . In addition, it is assumed that the initial state of the device state is "first state". In step A1, if the event detecting unit 1 1 detects that the pre-giving time (notification from the timer) has been reached, it understands that the first device management event 2 1 1 0 has occurred. The device management execution unit 1 400 notifies that the first device management event has been detected. In step A2, the device management execution unit 1400 is executed as the first device management function 23 1 0 in accordance with the first device management principle 2210 set in advance by the principle management unit 1 200, and is monitored every certain period of time. The monitoring function 32 for collecting the access log to the external recording medium 1 and the reporting function 3 for reporting the access log to the DM server 1 are. In step A3, if the predetermined time has elapsed, the device management execution unit 140 stops the execution of the first device management function 23 1 0 (monitoring function 32 and reporting function 33). In step A4, the event detecting unit 1 1 00 detects that the network disconnection occurs, and the second device management event 2 1 2 0 understands the fact that the occurrence has occurred -29-200834442, and the state setting unit 1 300, the notification that the second device management event has been detected is intended to be in step A5, and the state setting unit 1300 sets the device state to the "second state", and notifies the event detecting unit 1100 of the device state. Principle management unit 1200. In step A6, the principle management unit 1200 selects the second device management principle 2220 as the device management principle to be used, and notifies the device management execution unit 1 400 of the intention. In the event that the event detecting unit 11 00 notifies the device management execution unit 1 400 of the fact that the first device management event 2110 and the second device management event 2120 have been detected, the device management execution unit 1400 follows the second device. The management principle 2220, as the second device management function 2320, is a lock function 31 that performs locking access to the external recording medium 100. In step A7, the event detecting unit 1 1 detects that the network device is restored, and understands that the third device management event 2 1 3 0 is detected, and the state setting unit 1 300 and the device management executing unit 14 〇0, the notification has been detected that the third device management event 2 1 3 0 is intended. Here, since it is possible to attempt to access the network from the device 20, it is possible to detect the recovery of the network of the cellular network or the wireless LAN. In the step A8, the device management execution unit 丨4 00 is the third device management function 2330, which is a third device management function 2330, which is a lock function for releasing the lock for accessing the external recording medium 100. In step A9, the state setting unit 1 3 00 sets the device state, and sets -30 - 200834442 to "first state", and notifies the event detecting unit 1100 and the principle management unit 1200 of the intention. In step A10, the principle management unit 12〇0 selects (sets) the first device management principle 2210 as the device management principle to be used, and notifies the device management execution unit 1400 of the intention. In the event that the event detecting unit 1 100 notifies the device management execution unit 1 1 400 of the fact that the first device management event 2 1 1 0 and the third device management event 2 1 3 0 have been detected, the device management executes. The department 1400 executes the first device management function in accordance with the first device management principle set as the device management principle to be used. As described above, when the device state is in the "second state", when the event detecting unit 1 100 detects the third device management event 2 1 3 0, the device management execution unit 1 400 After the third device management function 23 3 0 specified in the device management principle (second device management principle) 2220 of the second state, which is set as the device management principle to be used, the state setting unit 1 3 00 is executed. The device state is set to the "first state"; the principle management unit 1 200 sets the first state device management principle (first device management principle) 22 1 0 as the device management principle to be used. (Operation and Effect of the Device Management Device According to the First Embodiment of the Present Invention) According to the device management device 1 according to the first embodiment of the present invention, the state setting unit 1 3 00 is adapted to Event detection unit 1100 causes the detection result of device management event 2 1 00 (1st to 3rd device management event 2 1 1 0 or even 2 1 3 0) caused by -31 - 200834442 to set various device states (first In the 1 state or the 2nd state, the device management execution unit 1400 can perform various device management (using remote monitoring using the DM agent) corresponding to the device management principle 2200 in accordance with the device state described. According to the device management device 1000 according to the first embodiment of the present invention, the device management function 23 00 (the first to the second device) executed before the change of the device state (the first state or the second state) is considered. The management function 23 10 or 2330) and the changed device state (the first state or the second state) perform flexible device management. According to the device management device 1000 according to the first embodiment of the present invention, the device management execution unit 1400 is executable, and the device management function specified by the device management principle 2200 conforming to the state of the device state that has been detected is detected. 2300 (1st to 2nd device management function 2310 or 2330) ° • According to the device management device 1 000 according to the first embodiment of the present invention, when the device management event 2 1 00 that has been detected is a battery In the case of power reduction or network disconnection, it is possible to neglect the temporary battery power reduction or network disconnection that is prone to occur on devices such as mobile terminals. • Management events 2 1 00 can reduce equipment management. The cost of the fee. According to the device management apparatus 1 0 0 0' according to the first embodiment of the present invention, for example, in the state of the device in which the execution of the device management function is significantly restricted, by protecting specific information (for example, confidential documents), It is possible to prevent the flow of information from the device 20 out. -32-200834442 According to the device management device 1000 according to the first embodiment of the present invention, the device state is restored from the second state to the first state by detecting the third device management event 2 1 3 0 0 First, the third device management function 23 3 0 according to the second device management principle 222 0 set at this time is executed, and then the device state is set to the original state. Because of this configuration, before the device state is restored The special device management function (the function of making access to the external recording medium 100 or the function of decrypting the confidential document, etc.) required to restore the device state to the first state can be performed. According to the device management apparatus 1 according to the first embodiment of the present invention, specific information (e.g., confidential information) that cannot be accessed due to a change in the state of the device can be made accessible again. According to the device management device 1 000' according to the first embodiment of the present invention, a special device management principle 2300 can be set in a special device state (second state) in which normal device management is difficult to perform, and the special device management principle 2300 can be executed. Special device management for device status. According to the device management apparatus 1 000 ′ according to the first embodiment of the present invention, for example, in a device state (second state) in which execution of the device management function 23 00 is significantly restricted, by making a specific function ( For example, the access function of the external recording medium becomes unnecessary, and it is possible to prevent inappropriate behavior or bad conditions. (Equipment management device according to the second embodiment) A device processing device 1000 according to a second embodiment of the present invention, which is described in the second embodiment of the present invention, will be described with reference to Figs. In the following, the device management device 1 0 0 0 ' described in the second embodiment of the present invention will be described with respect to differences from the device management device 1000 described in the first embodiment. The configuration of the facility management device 1000 according to the present embodiment is the same as the configuration of the facility management device 1000 according to the first embodiment. However, the present embodiment is as shown in FIG. An event storage unit 2400 is provided inside or outside the device, and has such a feature. The event storage unit 2400 is configured to store the first device management event 2 1 1 0 detected by the event detecting unit 1 100 when the device state is in the "second state". The first device management event 2110 stored in the event storage unit 2400 is used when the device state of the device management device 1000 is correctly restored from the "second state" to the "first state". In the present embodiment, it is assumed that, as shown in Figs. 13 and 14 , the device 20 is a built-in non-contact 1C card 400, and the staff member uses the non-contact 10: card 400 to utilize each office system. Specifically, the non-contact 1C card 400 according to the present embodiment is provided with a function of managing the entry and exit room function 4 1 0 for the entrance and exit room of the office and the login function 420 for the PC. The staff member functions by putting the non-contact 1C card 400 on the card reader 400A (e.g., FeliCa card reader) to enable the entrance and exit function 410 and the login function 420. That is, the staff member can enter the office by placing the contactless 1C card 400 in the office into the card reader 400A prepared at the mouth of -34-200834442, by placing the non-contact 1C card 400 at the office exit. The card reader 4 00A can be taken out of the office. Further, the staff member can log in to the PC by placing the non-contact 1C card 400 in the card reader 400A provided in the PC. Then, it is assumed that the entry and exit function 410 and the login function 420 cooperate with each other in accordance with the following rules. • The login function 420 to the PC becomes valid (available) based on the fact that the employee enters the office. • When the employee leaves the room from the office, the login function 420 to the PC becomes invalid (not available). • Only when the PC is allowed to be used outside the office, will the employee's login function 420 be valid via the server after the employee has left the room. • The above-mentioned non-contact 1C card login function is validated/invalidated by the DM server. Here, the login function 420, as described above, may become usable or unusable as the user enters or exits the office (specific conditions) of the office, for example, is responsible for deciding whether or not to log in to the PC, which is equivalent to the first The role of device management functions. Referring to Fig. 13 and Fig. 14, a system for realizing the device management (entry and exit room management and login management) using the device management device 1 〇 0 described in the present embodiment will be described. Specifically, the system includes a non-contact IC card 400, a -35-200834442 exiting function 410, a login function 420, and a device management device 1 to notify the DM server 10 of the entry and exit event. The event notification function 3 4 causes the login function 420 to become valid (usable) or invalidated (unusable) DM server 10 along with the notification. When the employee enters the office and the non-contact 1C card 400 is placed in the card reader 400A, the device management device 1000 detects the entry event through the entrance and exit function 410. The device management device 1 000 initiates (executes) the event notification function 34 to notify the DM server 10 of the detected event of the entrance, accompanied by the detection of the event. The DM server 10 enables the login function 420 to be activated, making it possible to log in to the PC in the office. Further, when the employee exits from the office and the non-contact 1C card 400 is placed in the card reader 400A, the DM server 10 is notified of the exit event as in the case of entering the room. The DM server 10 determines whether the user of the device, that is, the employee, is permitted to use the P C outside the office, and if there is permission, the login function is activated. If the above processing is performed normally, the P C should not be used outside the office except for the legitimate user. However, as described above, there is a case where device management cannot be performed properly. The situation is assumed to be, for example, the situation shown in FIG. In the example, it is assumed that the DM agent 30 itself cannot detect the event of entering or leaving the room due to power failure of the device or the like. In general, the non-contact-36-200834442 1C card 400 provided in the device 20 such as the mobile terminal is operated by weak power, so even if the power of the device 20 is turned off, the non-contact 1C The entrance/exit room function 410 or the login function 420 provided in the card 400 is usable. However, at the same time, in this state, since the DM agent 30, which is the software on the device 20, cannot be operated, the event detecting function 34 for notifying the DM server 10 of the entrance and exit event is inoperable. Therefore, when the user enters the office and the power of the device 20 is turned off, the login function may be kept ineffective and the user may leave the room from the office. In order to prevent such a situation, for example, when the power of the device 20 is cut off by long pressing the power button provided in the device, the device management device 1 detects that the device 20 is powered off. The event, using the event detection function 34, instructs the DM server 10 to invalidate the login opportunity g 420 by the DM server 1 . As a result, even when the user is disconnected from the office while the power of the device 20 is turned off, the PC cannot be used outside the office without the login function 420 being activated. The case where the power of the device 20 is cut off by unplugging the battery is not considered here. Although it is difficult for the device management device 1 to detect such an event, the non-contact 1C card 400 itself does not operate in the absence of a battery, so it is impossible to enter or leave the room or log in itself, outside the office. The misuse of using a PC does not exist. Then, as described above, considering that the login function 420 is forcibly invalidated and the power of the device 20 is turned off, the power of the device 20 is turned on again. In the case where the user is permitted to use the PC both in the office or outside the office, the login function 420 must be made effective. Further, if the PC is not permitted to be used outside the office, the login function 420 must be kept invalid. As described above, in order to realize the restoration to the normal state, in the present embodiment, it is assumed that the event storage unit 240 is provided inside the device 20 or outside the device 20, and is used to detect and accumulate the device 2 0. The entry and exit event that occurred during the power cut. For example, the entrance and exit function 420 may include the event storage unit 00 described above. As described above, even when the device 20 is powered off, the non-contact 1C card 400 and the entrance/exit function 420 are operable. Therefore, if the event storage unit 2400 is provided in the room-returning function 420, the device 20 can be powered off. The incidents of entering and leaving the room are accumulated. However, in this embodiment, since the user is in a state of being in the office or leaving the office, the event storage unit 2400 is configured to reset the event. The accumulated incidents are discarded. Further, in the same manner, the event storage unit 2400 is configured to discard the previously released event of the room when the event is accumulated. Furthermore, when the power of the device 20 is turned on, the device management device 1 detects the intention, and executes the event notification function 34 based on the entry and exit event accumulated in the event storage unit 2400. The device 20 can be restored to a normal state of -38-200834442. Here, FIG. 15 to FIG. 17 illustrate a list of the first to third device management events detected by the event detecting unit 1100 according to the present embodiment. FIG. 15 illustrates an example of a list of device management events (first event list) to which the first device management event 2 1 1 0 belongs, and FIG. 16 illustrates a device to which the second device management event 2 120 belongs. An example of a list of management events (second event list) is shown in FIG. 17 as an example of a list of device management events (third event list) to which the third device management event 2130 belongs. In the present embodiment, when the device management event (device power failure) of "ID 2" in the second event list occurs, the state setting unit 1 300 changes the device state to the "second state"; When the device management event (device reset) of "ID = 0" occurs in the event list, the state setting unit 1 3 〇 0 restores the device state to the "first state". Here, in the present embodiment, the "first state" is a state in which the device 20 is normally operated, and the "second state" is a power-off state of the device 20 (cannot be detected by the event detecting unit 1 1 0 0 0) Out device management event 2 1 0 0 status). Further, in the present embodiment, the "first device management event 2 1 1 0" is an entry and exit event, and the "second device management event 2120" is an event for pressing the power button to cut off the power supply, "3rd. Device Management Event 2 1 3 0" is the power to the device. Furthermore, in the present embodiment, the "first device management function 23 1 0" -39-200834442 notifies the DM server 10 of the entrance and exit event, and the "second device function 23 20" is the pair DM server 10. The notification device 20 is powered off, and the 3 device management function 2330" is a notification of the DM server 10 in which the exit event is accumulated in the event storage unit 2400. ^ Then, the "1st device management principle 22 1 0" stipulates that when the event of the entrance and exit is detected, the intention is notified to the DM server 10; 2 device management principle 2220 stipulates that the device 20 is broken. The power is notified to the B server and the DM server is notified of the entry and exit room accumulated during the power-off of the device 20. By performing the above-described replacement and the device management device 1000 operates in the same manner as in the first embodiment, the system of the present embodiment can be realized. Here, in the present embodiment, the event storage unit 2400 may summarize the plurality of first device management events 2110 into other first device management events 2 1 1 0. For example, the event storage unit 2400 may be configured such that when the first device management event 21 10 is stored in the first device management 2110 system, "incoming event + exit event + room entry event", then 1 device management event 2 1 1 0, the summary is accumulated as "input room * j ° According to the device management 1 000 according to the second embodiment of the present invention, for example, when the first device management function 2310 is in a special state (In the case of the user's office entrance and exit room status), it will become a non-useable restriction function (login function), and the management of the "pre-reservation" DM will be changed after the system is constructed. If the event can be used for the event device, then -40-200834442 becomes the device state (second state) in which the first device management function 23 10 cannot be executed; when the specific situation described above cannot be detected (the user's office entry and exit status) In the case where the first device management function 23 1 0 (login function) is set to be unusable in advance, it can be maintained in the state of the most severely restricted device management. In the device management device 1 000 according to the second embodiment, the event storage unit 2400 in which the device state is accumulated in the first device management event 2 1 1 0 that has occurred in the second state is understood. The accumulated first device manages the meaning of the event 2110, and converts the set of the first device management event 2110 ("entry event + exit event + entry event") into another first device management event 2 1 having the same meaning. Since 1 0 ("entry event"), since it is configured, the first device management event 2丨 stored in the event storage unit 2400 is summarized and converted into a smaller first device management event. 2 1 1 0, the storage cost of the first device management event 2 1 1 0 and the execution cost of the device management function 230 0 when the device state is restored can be deleted. (Equipment management device according to the third embodiment) A device management device 1000 according to the third embodiment of the present invention will be described with reference to Figs. 18 to 20 . In the following, the device management device 1 according to the third embodiment of the present invention will be described with respect to differences from the device management device 1 described in the first or second embodiment. In the second embodiment, in the second embodiment, the "second state" is not the power-off of the device 20, but the state in which the DM server 10 is down is used. -41 -

200834442 本實施形態與第2實施形態之間的相異部 備管理裝置1000是具備了,用來積存DM伺 中所發生的入退室事件的事件積存部1 1 1 0。 參照圖19,說明DM伺服器1 〇的當機: 作。 在DM伺服器10當機中,設備管理裝置 觸1C卡400雖然都正常動作,但由於DM伺月 ,所以即使發生了入退室事件,設備管理裝置 法藉由執行事件通知機能3 4,來將入退室事伯 伺服器1 〇。 所述情況下,由於職員(使用者)從辦公 無法使登入機能420變成不可使用,因此和第 之情形同樣地,雖然必須要在職員已經入室到 態下,仍必須使登入機能42 0變成不可使用, 室外不當使用PC,但是在DM伺服器10正處 況下,所述處理根本不可能進行。 因此,在DM伺服器10當機的時點,詔 1〇〇〇係啓動設備無效化機能35,使非接觸1C 無效化,就可使登入機能420無效化。 例如,藉由設備20的設定來禁止非接觸 利用,或是將對應的設備驅動程式從OS中冊 可使登入機能420無效化。 又,設備管理裝置1〇〇〇中的事件積存部 DM伺服器10當機中所發生的入退室事件加 份,係爲設 艮器10當機 .恢復時的動 1 000及非接 丨艮器1 〇當機 1 000仍無 =通知給DM 室退室時, 2實施形態 辦公室的狀 防止在辦公 ;於當機的狀 〔備管理裝置 卡400本身 1C卡400的 !除等等,就 111 〇,係將 丨以積存,若 -42- 200834442 D Μ伺服器1 〇恢復而變成可執行設備管理機能2 3 0 0之狀 態,則執行相關的設備管理機能2300,恢復回正常的設備 狀態。 此處,圖1 5至圖1 7中係例示了,本實施形態所述之 事件偵測部1 1 0 0所測出的第1乃至第3設備管理事件的 清單。 圖15中係例示了第1設備管理事件2110中所屬之設 備管理事件的清單(第1事件清單)之例子,圖16中係 例示了第2設備管理事件2120中所屬之設備管理事件的 清單(第2事件清單)之例子,圖17中係例示了第3設 備管理事件2 1 3 0中所屬之設備管理事件的清單(第3事 件清單)之例子。 在本實施形態中,當第2事件清單當中「ID = 1」的 設備管理事件(DM伺服器當機)發生時,則狀態設定部 1 3 00係將設備狀態改變成「第2狀態」;當第3事件清單 當中「ID= 1」的設備管理事件(DM伺服器恢復)發生時 ’則狀態設定部1 300係將設備狀態復原成「第1狀態」 〇 此處,於本實施形態中,「第1狀態」係爲設備20 正常動作之狀態,「第2狀態」係爲DM伺服器1 〇當機 之狀態。 又,於本實施形態中,「第1設備管理事件21 1 0」係 爲入退室事件,「第2設備管理事件2120」係爲將DM伺 服器1 0已當機之事實加以通知的事件,「第3設備管理 -43- 200834442 事件2130」係爲將DM伺服器10已經恢復之事實加以通 知之事件。 所述通知,係可藉由例如 SMS ( Short Message Service)的push機能來實現。 再者,「第1設備管理機能23 10」係爲對DM伺服器 10通知入退室事件,「第2設備管理機能2320」係爲對 DM伺服器10通知設備20斷電,「第3設備管理機能 2330」係爲事件積存部2400中所積存的入退室事件的的 DM伺服器10之通知。 如此,「第3設備管理機能23 3 0」係至少含有,針對 事件積存部2 4 0 0中所積存之入退室事件(第1設備管理 事件)的設備管理機能。 具體而言,「第3設備管理機能23 3 0」係含有,於「 第2狀態」下,將作爲第1設備管理事件而被積存在事件 積存部2400中的入退室事件,在恢復成「第1狀態」後 ,向DM伺服器進行通知(上傳)的此種「對第1設備管 理事件的設備管理機能」。 再者,在本實施形態中,「第1設備管理機能23 1 0」 係爲向DM伺服器1〇通知入退室事件,「第2設備管理 機能2320」係爲設備無效化機能35所致之非接觸1C卡 400的無效化,「第3設備管理機能2330」係爲事件通知 機能34所致之將事件積存部111〇中所積存的入退室事件 通知給DM伺服器1〇。 然後,「第1設備管理原則22 1 0」係規定,在設備偵 -44 - 200834442 測到入退室事件時,將其意旨通知給DM伺服器10; 「第 2設備管理原則2220」係規定,DM伺服器10當機中所被 積存在事件積存部1 1 1 0中的入退室事件要向DM伺服器 1 〇進行通知。 此處,設備無效化機能35係擔任,使得設備20上的 特定機能(登入機能420及入退室機能410)變成不可使 用的第2設備管理機能的角色。 又,設備無效化機能3 5係擔任,使得設備狀態是處 於「第2狀態」期間被變成不可使用的設備20上的特定 機能(登入機能420及入退室機能410)變成可以使用的 第3設備管理機能的角色。 接著,參照圖2〇,說明本實施形態所述之設備管理裝 置1 0 00的事件偵測部1 1 〇〇的動作。本實施形態中,事件 偵測部1 1 〇〇,係具備事件積存部1 1 1 〇來作爲子集合。 本實施形態中的事件偵測部Π 〇〇之動作,和圖8所 示第1實施形態中的事件偵測部11 00之動作的不同點, 係爲步驟S1423及S1426 。 於步驟S 1 423中,事件偵測部1100係當設備狀態是 處於「第2狀態」之期間,將被判定爲第3事件清單中未 記載之設備管理事件,積存在事件積存部1 1 1 0中。 又,於步驟S1426中,事件偵測部ι100係將已被積 存在事件積存部1 11 〇中的設備管理事件,對設備管理執 行部1 40 0進行通知’並當成第3設備管理機能而加以執 行0 -45- 200834442 其結果爲,事件偵測部1100係可將DM伺服器10當 機中所偵測到的不屬於第3設備管理事件2130中的設備 管理事件(亦即第1設備管理事件2110)的入退室事件, 積存在事件積存部1110中。 如上述,隨應於事件積存部1 1 1 0中所積存的設備管 理事件’使設備管理機能有效或無效化(亦即決定所應執 行之設備管理機能),就可將設備20復原成正確狀態。 此外,若連1筆設備管理事件2100都未被積存,則 只要單純地復原成設備狀態進入「第2狀態」之前的狀態 即可。 上述例子中,設備狀態變成「第2狀態」前,若登入 機能420爲有效,則只要將所述之登入機能420設成有效 即可。 如上述,在本實施形態中,若事件偵測部11 00係偵 測到事件偵測部1100,狀態設定部1 300係將設備狀態設 定成「第1狀態」,原則管理部1 20 0係將第1設備管理 原則2 1 1 0設定成爲應使用之設備管理原則時,則設備管 理執行部1400,係亦可被構成爲,隨應於事件積存部 2400中所積存的第1設備管理事件2110 (「入室事件+退 室事件+入室事件」),來決定所應執行之設備管理機能 23 00 ° 亦即,原則管理部1200,係隨應於被第1狀態用的設 備管理原則(第1設備管理原則2 1 1 0 )所特定出來的第1 設備管理機能23 1 0,來決定應被第2狀態用的設備管理原 -46- 200834442 則(第2設備管理原則2 1 20 )所特定出來的第2設備管理 機能。 又,說明事件積存部的另一實現方法。 以下,爲了將所述的事件積存部,和上述的事件積存 部1110加以區別,而稱作管理狀況積存部1120。 管理狀況積存部1120,係如上述,適當第1設備管理 事件2110只有2種類(入室或退室)時才爲有效。 管理狀況積存部1120係爲,其「第1管理狀況」是 儲存著,設備狀態從「第1狀態」即將變成「第2狀態」 之前的管理狀況;其「第2管理狀況」是儲存著,設備狀 態從「第2狀態」即將變成「第1狀態」之前的管理狀況 〇 然後,若在「第1管理狀況」和「第2管理狀況」之 間做變化時,則設備管理執行部1 400係執行第3設備管 理機能2330。 亦即’若「第丨管理狀況」是代表職員往辦公室內入 室狀態,「第2管理狀況」是代表職員往辦公室外退室狀 態,則只要使登入機能420無效化即可。 又’若「第1管理狀況」是代表職員往辦公室外退室 狀態’ 「第2管理狀況」是代表職員往辦公室內入室狀態 ’則只要使登入機能420有效化即可。 若依據本發明之第3實施形態所述之設備管理裝置 1〇〇〇 ’則當無法測出設備管理事件2100的這類設備狀態 之變化(從第1狀態變化成第2狀態)發生時,藉由參照 •47- 200834442 被事件積存部1110所積存的、於設備狀態是處於第2狀 態之期間內所發生過的第1設備管理事件2 1 1 0,設備狀態 復原成第1狀態之際所執行的設備管理機能2300,係會執 行隨應於所述期間所發生過之第1設備管理事件2 1 1 0 (入 退室事件)的設備管理機能23 00 (設成有效化或無效化) ,藉由如此構成,所以所述期間應被進行的設備管理機能 (登入機能)係變成可以執行,可更正確地復原設備狀態 〇 若依據本發明之第3實施形態所述之設備管理裝置 1 〇〇〇,則在設備狀態是從第2狀態改變成第1狀態之際, 只有在第2狀態中發生管理狀況改變時,才可執行第3設 備管理機能2330,可削減設備管理機能的執行成本。 以上雖然使用上市實施形態來詳細說明本發明,但對 當業者而言,本發明係並非受到本說明書中所說明之實施 形態所限定。本發明在不脫離申請專利範圍之記載所決定 的本發明之宗旨及範圍下,可以用修正或變更態樣的方式 來實施。因此,本說明書的記載係僅用來例示說明爲目的 ,並不具有對本發明做任何限制之意思。 此外,日本國專利申請案第2006-33 0610號(2006年 12月7日申請)的全部內容,是藉由參照而被包含在本案 說明書中。 [產業上利用之可能性] 如以上,若依據本發明所述之設備管理裝置,則除了 -48- 200834442 可以防止在不能適切進行設備管理之期間的不正當或不良 監視,還可在已復原成能夠適切進行所述設備管理之狀況 時,儘速地復原回原本應有的設備狀態。因此對於具備設 備(例如行動終端)的通訊系統等來說是有用的。 【圖式簡單說明】 [圖1]圖1係使用具備本發明之第1實施形態所述之 設備管理裝置之DM代理器的遠端監視的說明用圖。 [圖2]圖2係使用具備本發明之第1實施形態所述之 設備管理裝置之DM代理器的遠端監視的說明用圖。 [圖3]圖3係本發明之第1實施形態所述之設備管理 裝置的機能區塊圖。 [圖4]圖4係本發明之第1實施形態所述之設備管理 裝置上所用的第1設備管理事件之清單之一例圖。 [圖5]圖5係本發明之第1實施形態所述之設備管理 裝置上所用的第2設備管理事件之清單之一例圖。 [圖6]圖6係本發明之第i實施形態所述之設備管理 裝置上所用的第3設備管理事件之清單之一例圖。 [圖7]圖7係本發明之第!實施形態所述之設備管理 裝置中的狀態設定部所管理的設備狀態之遷移圖。 [圖8]圖8係本發明之第〗實施形態所述之設備管理 裝置中的事件偵測部之動作的流程圖。 [圖9]圖9係本發明之第1實施形態所述之設備管理 裝置中的狀態設定部之動作的流程圖。 -49- 200834442 [圖10]圖10係本發明之第1實施形態所述之設備管 理裝置中的原則管理部之動作的流程圖。 [圖11]圖11係本發明之第i實施形態所述之設備管 理裝置中的設備管理執行部之動作的流程圖。 [圖12]圖12係使用具備本發明之第2實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖13]圖13係使用具備本發明之第2實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖14]圖14係本發明之第2實施形態所述之設備管 理裝置的機能區塊圖。 [圖15]圖15係本發明之第2實施形態所述之設備管 理裝置上所用的第1設備管理事件之清單之一例圖。 [圖16]圖16係本發明之第3實施形態所述之設備管 理裝置上所用的第2設備管理事件之清單之一例圖。 [圖17]圖17係本發明之第4實施形態所述之設備管 理裝置上所用的第3設備管理事件之清單之一例圖。 [圖18]圖18係本發明之第3實施形態所述之設備管 理裝置的機能區塊圖。 [圖1 9]圖1 9係使用具備本發明之第3實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖20]圖20係本發明之第3實施形態所述之設備管 理裝置中的事件偵測部之動作的流程圖。 【主要元件符號說明】 -50- 200834442 10 : DM伺服器 20 :設備 30 : DM代理器 3 1:鎖住機能 32 :監視機能(設備管理機能) 3 3 :報告機能(設備管理機能) 34 :事件通知機能 3 5 :設備無效化機能 1〇〇 :外部記錄媒體 300 :網路 400 :非接觸1C卡 400A :讀卡機 4 1 0 :入退室機會g 420 :登入機能 1 000 :設備管理裝置 1 100 :事件偵測部 1 1 1 〇 :事件積存部 1 1 2 0 :管理狀況積存部 1 1 3 0 :狀態設定部 1 200 :原則管理部· 1 3 00 :狀態設定部 1 400 :設備管理執行部 2100 :設備管理事件 2 1 1 0 :第1設備管理事件 -51 - 200834442 2120 :第2設備管理事件 2 1 3 0 :第3設備管理事件 2200 :設備管理原則 設備管理原貝[J ) 設備管理原貝I]) 2210 :第1狀態用設備管理原則(第 2220 :第2狀態用設備管理原則(第 2300 :設備管理機能 23 10 :第1設備管理機能 2320 :第2設備管理機能 23 3 0 : Μ 3設備管理機能 2400 :事件積存部200834442 The dissimilar part management device 1000 between the present embodiment and the second embodiment is provided with an event storage unit 1 1 1 0 for accumulating an entrance and exit event occurring in the DM. Referring to Figure 19, the DM server 1 当 is described as: In the DM server 10, the device management device touches the 1C card 400, although it operates normally, but since the DM is on the moon, even if an entry/exit event occurs, the device management device method performs the event notification function 3 4 to Enter and leave the room server 1 〇. In this case, since the employee (user) cannot make the login function 420 unusable from the office, as in the case of the first case, although the staff member must have entered the room, the login function 42 0 must be made impossible. Use, the PC is improperly used outdoors, but in the case of the DM server 10, the processing is impossible at all. Therefore, when the DM server 10 is down, the device invalidating function 35 is activated, and the non-contact 1C is invalidated, so that the login function 420 can be invalidated. For example, the non-contact use is disabled by the setting of the device 20, or the corresponding device driver is copied from the OS to invalidate the login function 420. In addition, the event storage unit DM server 10 in the event storage unit DM server 10 occurs in the machine for the change of the entrance and exit room event, the device 10 is set to the machine. Recovery 1 000 and non-contact When the machine 1 is still not available to notify the DM room to exit the room, 2 the shape of the office is prevented from being in the office; in the case of the machine (the management device card 400 itself 1C card 400! 〇, the system will be stored in the state of the device management function 2300 if the -42-200834442 D server is restored, and the related device management function 2300 is executed to restore the normal device state. Here, FIG. 15 to FIG. 17 exemplifies a list of the first to third device management events detected by the event detecting unit 1 1 0 0 in the present embodiment. FIG. 15 illustrates an example of a list of device management events (first event list) to which the first device management event 2110 belongs, and FIG. 16 illustrates a list of device management events to which the second device management event 2120 belongs ( As an example of the second event list, FIG. 17 illustrates an example of a list of device management events (third event list) to which the third device management event 2 1 3 0 belongs. In the present embodiment, when the device management event (DM server is down) of "ID = 1" in the second event list occurs, the state setting unit 1300 changes the device state to the "second state"; When the device management event (DM server recovery) of "ID=1" occurs in the third event list, the state setting unit 1300 restores the device state to the "first state". Here, in the present embodiment, The "first state" is the state in which the device 20 is operating normally, and the "second state" is the state in which the DM server 1 is down. Further, in the present embodiment, the "first device management event 21 1 0" is an event of entering and leaving the room, and the "second device management event 2120" is an event for notifying that the DM server 10 has been down. "3rd Device Management-43-200834442 Event 2130" is an event to notify the fact that the DM server 10 has been restored. The notification can be implemented by a push function such as SMS (Short Message Service). In addition, the "first device management function 23 10" is to notify the DM server 10 of the entrance and exit event, and the "second device management function 2320" is to notify the DM server 10 that the device 20 is powered off, "the third device management" The function 2330" is a notification of the DM server 10 of the entry and exit event accumulated in the event pooling unit 2400. In this way, the "third device management function 23 3 0" includes at least the device management function for the entry and exit event (the first device management event) accumulated in the event storage unit 2400. Specifically, the "third device management function 23 3 0" is included, and in the "second state", the event of the entrance and exit that is accumulated in the event storage unit 2400 as the first device management event is restored to " After the "first state", the device management function for the first device management event is notified (uploaded) to the DM server. Furthermore, in the present embodiment, the "first device management function 23 1 0" is a notification to the DM server 1 to notify the entrance and exit room event, and the "second device management function 2320" is caused by the device invalidation function 35. In the invalidation of the non-contact 1C card 400, the "third device management function 2330" is an event notification function 34 that notifies the DM server 1 of the entry and exit event accumulated in the event storage unit 111. Then, the "1st device management principle 22 1 0" stipulates that when the device detection event is detected in the device detection -44 - 200834442, the intention is notified to the DM server 10; "2nd device management principle 2220" is defined. The entry/exit event accumulated in the event storage unit 1 1 1 0 in the DM server 10 is notified to the DM server 1 . Here, the device invalidation function 35 is used, so that the specific function (the login function 420 and the entry and exit function 410) on the device 20 becomes the role of the second device management function that cannot be used. In addition, the device invalidation function is used as the third device that can be used, such that the device state is the specific function (the login function 420 and the entry and exit function 410) that becomes unusable during the "second state" period. The role of management function. Next, the operation of the event detecting unit 1 1 设备 of the device management device 100 in the present embodiment will be described with reference to Fig. 2A. In the present embodiment, the event detecting unit 1 1 includes an event pooling unit 1 1 1 〇 as a subset. The operation of the event detecting unit in the present embodiment differs from the operation of the event detecting unit 11 in the first embodiment shown in Fig. 8 as steps S1423 and S1426. In step S1 423, the event detecting unit 1100 is determined to be a device management event not described in the third event list when the device state is in the "second state", and is accumulated in the event storage unit 1 1 1 0 in. Further, in step S1426, the event detecting unit ι100 notifies the device management execution unit 1400 to the device management event accumulated in the event storage unit 1 to perform the third device management function. The result is 0-45-200834442. The result is that the event detecting unit 1100 can detect the device management event that is not in the third device management event 2130 detected by the DM server 10 (that is, the first device management). The event of the event 2110) is accumulated in the event pool 1110. As described above, the device 20 can be restored to the correct state in accordance with the device management event 'accumulated in the event pool 1 1 1 0 0 to enable or disable the device management function (ie, determine the device management function to be executed). status. Further, if even one device management event 2100 is not accumulated, it is only necessary to simply restore the state before the device state enters the "second state". In the above example, before the device status changes to the "second state", if the login function 420 is valid, the login function 420 can be set to be valid. As described above, in the present embodiment, when the event detecting unit 11 00 detects the event detecting unit 1100, the state setting unit 1300 sets the device state to the "first state", and the principle management unit 1 200 When the first device management principle 2 1 1 0 is set as the device management principle to be used, the device management execution unit 1400 may be configured to comply with the first device management event accumulated in the event storage unit 2400. 2110 ("Entry event + quit room event + room entry event"), to determine the equipment management function to be performed 23 00 °, that is, the principle management department 1200, in accordance with the equipment management principle for the first state (1st The device management principle 2 1 1 0 ) specifies the first device management function 23 1 0, and determines the device management original -46-200834442 (the second device management principle 2 1 20 ) that should be used by the second state. The second device management function that came out. Further, another implementation method of the event accumulation unit will be described. Hereinafter, in order to distinguish the event pooling unit from the above-described event pooling unit 1110, it is referred to as a management status pooling unit 1120. As described above, the management status storage unit 1120 is effective only when the first device management event 2110 has only two types (into or out of the room). The management status storage unit 1120 is configured such that the "first management status" is stored, and the device status is changed from the "first state" to the "second state"; the "second management status" is stored. When the device status changes from the "second state" to the "first state", and then changes between the "first management status" and the "second management status", the device management execution unit 1 400 The third device management function 2330 is executed. That is, if the "third management status" is for the employee to enter the office, and the "second management status" is for the employee to go out of the office, the login function 420 may be invalidated. In addition, if the "first management status" is to return the office to the office, the "second management status" is to enter the office in the office, and the login function 420 can be activated. According to the device management device 1 of the third embodiment of the present invention, when it is not possible to detect a change in the device state of the device management event 2100 (change from the first state to the second state), By referring to the first device management event 2 1 1 0 that has been stored in the event storage unit 1110 and the device state is in the second state, the device state is restored to the first state by referring to the reference to 47-200834442. The executed device management function 2300 executes the device management function 23 00 (validated or invalidated) corresponding to the first device management event 2 1 1 0 (entry and exit event) that occurred during the said period. According to this configuration, the device management function (login function) to be performed in the period can be executed, and the device state can be restored more accurately. The device management device 1 according to the third embodiment of the present invention. In other words, when the device state is changed from the second state to the first state, the third device management function 2330 can be executed only when the management state change occurs in the second state, and the device can be reduced. Implementation of cost management function. The present invention has been described in detail above using the listed embodiments, but the present invention is not limited by the embodiments described in the specification. The present invention can be implemented in a modified or modified manner without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the description of the present specification is for illustrative purposes only and is not intended to limit the invention. In addition, the entire contents of Japanese Patent Application No. 2006-33 0610 (filed on Dec. 7, 2006) are hereby incorporated by reference. [Possibility of Industrial Use] As described above, according to the device management apparatus according to the present invention, in addition to -48-200834442, it is possible to prevent illegitimate or poor monitoring during the period in which the device management cannot be properly performed, and it is also restored. When it is possible to properly perform the management of the device, the state of the device that should have been restored should be restored as soon as possible. Therefore, it is useful for a communication system having a device such as a mobile terminal. [Brief Description of the Drawings] Fig. 1 is a diagram for explaining the remote monitoring using the DM agent having the device management device according to the first embodiment of the present invention. Fig. 2 is a diagram for explaining the remote monitoring using the DM agent including the device management device according to the first embodiment of the present invention. Fig. 3 is a functional block diagram of the device management device according to the first embodiment of the present invention. Fig. 4 is a view showing an example of a list of first device management events used in the device management device according to the first embodiment of the present invention. Fig. 5 is a view showing an example of a list of second device management events used in the device management device according to the first embodiment of the present invention. Fig. 6 is a view showing an example of a list of third device management events used in the device management apparatus according to the first embodiment of the present invention. [Fig. 7] Fig. 7 is the first embodiment of the present invention! A transition diagram of the device state managed by the state setting unit in the device management device according to the embodiment. Fig. 8 is a flow chart showing the operation of an event detecting unit in the device management apparatus according to the embodiment of the present invention. [Fig. 9] Fig. 9 is a flowchart showing the operation of a state setting unit in the device management device according to the first embodiment of the present invention. [Fig. 10] Fig. 10 is a flowchart showing the operation of the principle management unit in the equipment management device according to the first embodiment of the present invention. [Fig. 11] Fig. 11 is a flowchart showing the operation of the device management execution unit in the device management device according to the first embodiment of the present invention. [Fig. 12] Fig. 12 is a diagram for explaining the use of the DM agent of the device management device according to the second embodiment of the present invention. [Fig. 13] Fig. 13 is a diagram for explaining the use of the DM agent of the device management device according to the second embodiment of the present invention. Fig. 14 is a functional block diagram of the equipment management device according to the second embodiment of the present invention. Fig. 15 is a view showing an example of a list of first device management events used in the equipment management device according to the second embodiment of the present invention. Fig. 16 is a view showing an example of a list of second device management events used in the device management device according to the third embodiment of the present invention. Fig. 17 is a view showing an example of a list of third device management events used in the equipment management device according to the fourth embodiment of the present invention. Fig. 18 is a functional block diagram of a device management device according to a third embodiment of the present invention. [Fig. 19] Fig. 19 is a diagram for explaining the administration of the entrance and exit room of the DM agent including the equipment management device according to the third embodiment of the present invention. Fig. 20 is a flowchart showing the operation of an event detecting unit in the device management device according to the third embodiment of the present invention. [Main component symbol description] -50- 200834442 10 : DM server 20: Device 30: DM agent 3 1: Lock function 32: Monitor function (device management function) 3 3: Report function (device management function) 34 : Event notification function 3 5 : Device invalidation function 1 : External recording medium 300 : Network 400 : Contactless 1C card 400A : Card reader 4 1 0 : Entry and exit opportunity g 420 : Login function 1 000 : Device management device 1 100 : event detecting unit 1 1 1 〇: event storage unit 1 1 2 0 : management status storage unit 1 1 3 0 : status setting unit 1 200 : principle management unit 1 3 00 : status setting unit 1 400 : device Management Execution Department 2100: Device Management Event 2 1 1 0 : 1st Device Management Event - 51 - 200834442 2120 : 2nd Device Management Event 2 1 3 0 : 3rd Device Management Event 2200: Device Management Principle Device Management Original Shell [J ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) 23 3 0 : Μ 3 Device Management Function 2400: Event Storage

-52--52-

Claims (1)

200834442 十、申請專利範圍 1. 一種設備管理裝置,其特徵爲,具備: 設備管理執行部,係藉由執行被設在設備內之設備管 理機能,以進行對該設備之所定管理;和 事件偵測部,偵測出特定之設備管理事件; 前記設備管理執行部,係隨應於前記特定之設備管理 事件之偵測結果、和設備狀態,來決定所應執行之前記設 備管理機能。 2. 如申請專利範圍第1項所記載之設備管理裝置,其 中,具備: 狀態設定部,係隨應於前記特定之設備管理事件之偵 測結果,來設定前記設備狀態;和 原則管理部,係從將前記設備管理機能予以特定之複 數設備管理原則之中,隨應於被前記狀態設定部所設定之 前記設備狀態、和前記特定之設備管理事件之偵測結果, 來設定應使用之設備管理原則; 前記設備管理執行部,係將被前記原則管理部所設定 之前記應使用之設備管理原則所特定出來的設備管理機能 ,決定成爲前記應執行之設備管理機能。 3 .如申請專利範圍第2項所記載之設備管理裝置,其 中,前記設備狀態是處於第1狀態之際,前記事件偵測部 係偵測到第1設備管理事件時,則前記狀態設定部係將該 設備狀態維持成該第1狀態不變; 前記設備狀態是處於前記第1狀態之際,前記事件偵 -53- 200834442 測部係偵測到第2設備管理事件時,則前記狀態設定部, 係將該設備狀態設定成第2狀態,前記原則管理部,係將 該第2狀態用的設備管理原則,設定作爲前記應使用之設 備管理原則。 4.如申請專利範圍第3項所記載之設備管理裝置,其 中,前記設備狀態是處於前記第1狀態之際,前記事件偵 測部係偵測到前記第2設備管理事件時,則前記設備管理 執行部係執行,被當作前記應使用之設備管理原則而設定 之前記第2狀態用的設備管理原則所特定出來的第2設備 管理機能。 5 .如申請專利範圍第4項所記載之設備管理裝置,其 中,前記設備狀態是處於第1狀態之際,前記設備管理執 行部係執行,被當作前記應使用之設備管理原則而設定之 前記第1狀態用的設備管理原則所特定出來的第1設備管 理機能; 前記原則管理部,係隨應於被前記第1狀態用的設備 管理原則所特定出來的第1設備管理機能,來決定應被前 記第2狀態用的設備管理原則所特定之前記第2設備管理 機能。 6.如申請專利範圍第3項所記載之設備管理裝置,其 中,前記設備狀態是處於前記第1狀態之際,在前記事件 偵測部係偵測到前記第2設備管理事件後,只有在一定時 間內未偵測到前記第1設備管理事件的情況下,前記狀態 設定部才將該設備狀態設定成第2狀態。 -54- 200834442 7. 如申請專利範圍第4項所記載之設備管理裝置,其 中,前記第2設備管理機能,係爲使前記設備中的特定機 能變成不可使用之機能。 8. 如申請專利範圍第7項所記載之設備管理裝置,其 中,前記第1設備管理機能,係爲隨著特定狀況而使其變 成可使用或不可使用之機能。 9. 如申請專利範圍第4項所記載之設備管理裝置,其 中,前記第2設備管理機能,係爲保護前記設備中之特定 資訊之機能。 1 〇 .如申請專利範圍第4項所記載之設備管理裝置, 其中,前記設備狀態是處於前記第2狀態之際,前記事件 偵測部係偵測到第3設備管理事件時,則在前記設備管理 執行部執行了,被當作前記應使用之設備管理原則而設定 之前記第2狀態用的設備管理原則所特定出來的第3設備 管理機能後,前記狀態設定部,係將該設備狀態設定成前 記第1狀態,前記原則管理部,係將前記第1狀態用的設 備管理原則,設定作爲前記應使用之設備管理原則。 1 1 .如申請專利範圍第1 0項所記載之設備管理裝置, 其中,前記第3設備管理機能,係爲使得,當前記設備狀 態是處於前記第2狀態之期間內曾經變成不可使用之前記 設備上的特定機能,變成可以使用之機能。 1 2 .如申請專利範圍第1 0項所記載之設備管理裝置, 其中,前記第3設備管理機能,係爲復原前記設備中之特 定資訊之機能。 -55- 200834442 13.如申請專利範圍第10項所記載之設備管理裝置’ 其中, 事件積存部,係積存著已被前記事件偵測部所偵測到 的前記第1設備管理事件; 前記第2狀態,係爲無法藉由前記事件偵測部來偵測 出前記設備管理事件之狀態; 前記第3設備管理機能,係至少含有’針對已被積存 在前記事件積存部中之前記第1設備管理事件的設備管理 機能。 14·如申請專利範圍第1〇項所記載之設備管理裝置’ 其中, 事件積存部,係若前記設備狀態是處於前記第2狀態 時,則將已被前記事件偵測部所偵測到的前記第1設備管 理事件,加以積存; 若前記事件偵測部係偵測到前記第3設備管理事件’ 前記狀態設定部係將前記設備狀態設定成第1狀態’前記 原則管理部係已將前記第1設備管理原則設定作爲前記應 使用之設備管理原則的情況下,則前記設備管理執行部, 係隨應於已積存在前記事件積存部中的前記第1設備管理 事件,來決定前記應執行之設備管理機能。 1 5 ·如申請專利範圍第13項所記載之設備管理裝置, 其中,前記事件積存部,係將複數之前記第1設備管理事 件,總結地變更成其他第1設備管理事件。 1 6·如申請專利範圍第1 〇項所記載之設備管理裝置, -56- 200834442 其中,若在前記設備狀態是從前記第1狀態遷移成前 2狀態之前的管理狀況,和該設備狀態是從該第2狀 移成該第1狀態之前的管理狀況之間發生變化時,則 設備管理執行部,係執行前記第3設備管理機能。 17.如申請專利範圍第3項所記載之設備管理裝 其中,前記第1狀態,係爲可進行對前記設備之前記 管理之狀態;前記第2狀態,係爲不可進行對前記設 前記所定管理之狀態。 記第 態遷 前記 置, 所定 備之200834442 X. Patent application scope 1. A device management device, comprising: a device management execution unit, which performs management of a device managed by a device to perform predetermined management of the device; and event detection The measuring unit detects a specific device management event; the pre-recording device management execution unit determines the device management function to be performed before the execution of the specific device management event detection result and the device status. 2. The device management device according to the first aspect of the patent application, comprising: a state setting unit configured to set a state of the pre-recording device according to a detection result of a device management event specified in the foregoing; and a principle management unit, The device to be used is set in accordance with the multi-device management principle that specifies the device management function of the predecessor, in accordance with the detection result of the device status and the device management event specified by the pre-recorded status setting unit. Management Principles; The Pre-Record Equipment Management Execution Department determines the equipment management functions that are to be implemented in the pre-recorded equipment management functions that are specified by the Pre-Record Management Department. 3. The device management device according to the second aspect of the invention, wherein the pre-recording device detecting unit detects that the first device management event is detected, and the pre-recording state setting unit detects the first device management event. The state of the device is maintained to be the same as the first state; the state of the device is in the first state of the previous note, and the event is detected by the pre-recorded event detection-53-200834442 when the second device management event is detected. The device state is set to the second state, and the pre-recording principle management unit sets the device management principle for the second state as the device management principle to be used in the pre-recording. 4. The device management device according to claim 3, wherein the pre-recording device detects that the second device management event is detected, and the pre-recording device detects the pre-recording device management event. The management execution department is executed, and the second device management function specified by the device management principle for the second state is set as the device management principle to be used in the pre-recording. 5. The device management device according to the fourth aspect of the invention, wherein the pre-recording device state is in the first state, the pre-recording device management execution unit executes, and is set as the device management principle to be used in the pre-recording. The first device management function specified by the device management principle for the first state is described above. The pre-requisite management unit determines the first device management function specified by the device management principle for the first state. It is the second device management function before the device management principle to be used for the second state. 6. The device management device according to claim 3, wherein, when the state of the pre-recording device is in the first state of the pre-recording, after the pre-recording event detecting unit detects the pre-recording device management event, only When the first device management event is not detected within a certain period of time, the pre-recording state setting unit sets the device state to the second state. -54- 200834442 7. The device management device according to the fourth aspect of the patent application, wherein the second device management function is a function to make the specific function in the predecessor device unusable. 8. The device management device according to claim 7, wherein the first device management function is a function that is usable or unusable depending on a specific situation. 9. The device management device according to the fourth aspect of the patent application, wherein the second device management function is a function of protecting specific information in the predecessor device. 1. The device management device according to the fourth aspect of the patent application, wherein the pre-recording device state is in the second state before, and the pre-recording event detecting unit detects the third device management event, The device management execution unit executes the third device management function specified by the device management principle for the second state before the device management principle to be used as the pre-recording, and the pre-recording state setting unit is the device status. The first state is set to the front, and the pre-recording principle management unit sets the device management principle for the first state in the previous paragraph as the device management principle to be used in the pre-recording. 1 1. The device management device according to claim 10, wherein the third device management function is such that the current device state is incapable of being used before the second state. The specific functions on the device become functions that can be used. 1 2 . The device management device described in claim 10, wherein the third device management function is a function of restoring specific information in the pre-recorded device. -55- 200834442 13. The device management device described in claim 10, wherein the event storage unit stores a pre-recorded first device management event detected by the pre-recorded event detecting unit; 2 state, it is impossible to detect the state of the pre-recording device management event by the pre-recording event detecting unit; the pre-recording third device management function includes at least the first device that has been accumulated in the pre-recorded event storage unit. The device management function that manages events. 14. The device management device according to the first aspect of the patent application scope, wherein the event storage unit detects the state of the device that has been detected by the pre-recording event detecting unit if the state of the device is in the second state. The first device management event is pre-recorded and accumulated; if the event detection department detects the third device management event, the pre-report status setting unit sets the pre-recorded device status to the first state. When the first device management principle is set as the device management principle to be used in the pre-recording, the pre-recording device management execution unit determines that the pre-recording should be performed in accordance with the pre-recorded first device management event that has accumulated in the pre-recorded event storage unit. Equipment management function. In the device management device according to the thirteenth aspect of the invention, the pre-record event storage unit changes the first device management event to the other first device management event. 1 6 · The device management device as described in the first paragraph of the patent application, -56- 200834442 wherein, if the state of the pre-recorded device is the management state before the transition from the first state to the first state, and the device state is When the management status before the second state is changed to the first state, the device management execution unit executes the third device management function. 17. The device management device according to the third aspect of the patent application, wherein the first state is a state in which the pre-recording device can be managed, and the second state is in a state in which the pre-recording is not managed. State. Record the first move, record the -57--57-
TW096146840A 2006-12-07 2007-12-07 Device managing device TW200834442A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2006330610A JP2008146213A (en) 2006-12-07 2006-12-07 Device management device

Publications (2)

Publication Number Publication Date
TW200834442A true TW200834442A (en) 2008-08-16
TWI357558B TWI357558B (en) 2012-02-01

Family

ID=39492189

Family Applications (1)

Application Number Title Priority Date Filing Date
TW096146840A TW200834442A (en) 2006-12-07 2007-12-07 Device managing device

Country Status (5)

Country Link
JP (1) JP2008146213A (en)
KR (1) KR101033628B1 (en)
CN (1) CN101548272B (en)
TW (1) TW200834442A (en)
WO (1) WO2008069314A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724051B (en) * 2011-03-30 2017-10-03 中兴通讯股份有限公司 Communication means and communication equipment for low-cost user equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4120803B2 (en) * 2002-11-05 2008-07-16 三菱電機株式会社 User equipment capture system
US20040252197A1 (en) * 2003-05-05 2004-12-16 News Iq Inc. Mobile device management system
JP4523764B2 (en) * 2003-07-04 2010-08-11 グローリー株式会社 Game media rental system
JPWO2006064764A1 (en) * 2004-12-16 2008-06-12 株式会社セガ GAME DEVICE MANAGEMENT DEVICE HAVING PENALTY FUNCTION, GAME DEVICE, ITS OPERATION PROGRAM, AND PENALTY SETTING SERVER

Also Published As

Publication number Publication date
WO2008069314A1 (en) 2008-06-12
CN101548272B (en) 2012-07-04
JP2008146213A (en) 2008-06-26
CN101548272A (en) 2009-09-30
KR20090084926A (en) 2009-08-05
KR101033628B1 (en) 2011-05-11
TWI357558B (en) 2012-02-01

Similar Documents

Publication Publication Date Title
EP2409257B1 (en) Mitigations for potentially compromised electronic devices
JP5001380B2 (en) Apparatus and method for locating, tracking and / or recovering wireless communication devices
US8745747B2 (en) Data protecting device
CN103514386B (en) Permission control and management method of application program and electronic device
JP4127315B2 (en) Device management system
CN103782576A (en) Method and apparatus for detecting and dealing with a lost electronics device
WO2015007116A1 (en) Anti-theft method for data after loss of cell phone
TW201028883A (en) Secure platform management device
WO2014082399A1 (en) Method and system for management of mobile terminal
CN103577281A (en) Method and system for recovering data
TWI357558B (en)
JP4720959B2 (en) Device management system
US8037537B1 (en) System, method, and computer program product for conditionally securing data stored on a peripheral device coupled to a system, based on a state of the system
JP2006279572A (en) Mobile phone terminal system, mobile phone terminal unauthorized use prevention method, and mobile phone terminal unauthorized use prevention program
JP5255995B2 (en) Log information management apparatus and log information management method
US20070001827A1 (en) Remote asset management of computer systems
JP5140378B2 (en) Communication system, IC card access device and information processing terminal
US20050272410A1 (en) Monitoring system for use status of computer apparatus
JP2004207993A (en) Mobile communication terminal, remote reading method, and remote reading program
US8685110B2 (en) System and method for securing a computer system
KR101473661B1 (en) Method and apparatus for managing data of mobile device
WO2007147993A1 (en) Detection and reaction to viral propagations by ad-hoc network
JP2006203525A (en) Portable terminal operation controller, system and method for controlling portable terminal operation, and server device,
US20120254572A1 (en) Information terminal and security management method
JP2004021510A (en) System and apparatus for usb network automatic disconnection and restoration

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees