TWI357558B - - Google Patents

Download PDF

Info

Publication number
TWI357558B
TWI357558B TW096146840A TW96146840A TWI357558B TW I357558 B TWI357558 B TW I357558B TW 096146840 A TW096146840 A TW 096146840A TW 96146840 A TW96146840 A TW 96146840A TW I357558 B TWI357558 B TW I357558B
Authority
TW
Taiwan
Prior art keywords
state
management
device management
event
function
Prior art date
Application number
TW096146840A
Other languages
Chinese (zh)
Other versions
TW200834442A (en
Inventor
Hiroshi Fujimoto
Akira Kinno
Takashi Suzuki
Atsushi Takeshita
Original Assignee
Ntt Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ntt Docomo Inc filed Critical Ntt Docomo Inc
Publication of TW200834442A publication Critical patent/TW200834442A/en
Application granted granted Critical
Publication of TWI357558B publication Critical patent/TWI357558B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Description

1357558 九、發明說明 【發明所屬之技術領域】 本發明係有關於設備管理裝置,例如以電池驅動,以 無線和外部連接的設備(例如行動終端),對其進行所定 管理的設備管理裝置。 【先前技術】 先前,對於Smart-Phone或PDA或筆記型PC等具有 可攜性且可與網路連接的設備(例如行動終端),可讓管 理群組(企業的管理者等)掌握該當設備之狀態或設定等 ,而可對該當設備進行適切管理(設備管理)的裝置(亦 即設備管理裝置),係以「OMA Device Management ( DM )」的方式,而被「Open Mobile Alliance (OMA)」所 規定。 在OMA-DM中,藉由DM伺服器、和被導入至設備 的DM客戶端的通訊,就可實現上述的設備管理。 例如,.各DM客戶端是將設備上正在驅動中的韌體的 版本對DM伺服器進行通知,該當DM伺服器係基於上述 通知而發現持有版本較低韌體的設備,並將用來對該當設 備指示更新適切韌體的命令,向已被導入至該當設備的 DM客戶端進行通知。 隨著行動應用程式服務的適用範圍的擴展,設備本身 ,或圍繞設備周圍的環境的多樣性也日益增加。因此,要 追蹤設備的狀態或設定是有困難,上述設備管理所耗費之 -5- 1357558 成本會變得非常高昂。對於此種市場的需求,需要更爲有 彈性、且成本效益高的設備管理機制。 後述的非專利文獻1中,爲了降低DM伺服器的網路 運用成本,而規定了「DM排程」。 在所述的DM排程中係記載著,爲了使設備能在離線 (亦即和DM伺服器沒有會談(session)之狀態下)能夠 進行設備管理之處理,DM伺服器係可將已被導入該當設 備之DM客戶端所能處理之設備管理機能的工作排程,事 前就通知給該當DM客戶端的此種架構;並且針對該當架 構、該當架構中所含之組件的機能、該當組件間的介面、 管理物件的資料結構、執行排程處理之條件等,加以規定 〇 在所述架構下係構成爲,對各設備,設置排程器;該 當排程器係基於工作排程,來實現設備管理。1357558 IX. Description of the Invention [Technical Field] The present invention relates to a device management apparatus, such as a battery-driven, wirelessly and externally connected device (e.g., mobile terminal), which is managed by a device. [Prior Art] Previously, a portable device (such as a mobile terminal) that is portable and connectable to a network such as a smart phone or a PDA or a notebook PC allows a management group (a company administrator, etc.) to grasp the device. The device (that is, the device management device) that can appropriately manage the device (device management) is in the form of "OMA Device Management (DM)" and is "Open Mobile Alliance (OMA)". Stipulated. In OMA-DM, the above device management can be realized by communication between the DM server and the DM client that is imported into the device. For example, each DM client notifies the DM server of the version of the firmware being driven on the device, and the DM server finds the device holding the lower firmware based on the above notification, and will use The DM client that has been imported to the device is notified of the command to update the appropriate firmware to the device. As the scope of application of mobile application services expands, the diversity of the device itself, or the environment surrounding the device, is also increasing. Therefore, it is difficult to track the status or settings of the equipment, and the cost of the above-mentioned equipment management -5 - 1357558 becomes very high. For the needs of such markets, a more flexible and cost-effective equipment management mechanism is needed. In Non-Patent Document 1 to be described later, "DM scheduling" is defined in order to reduce the network operation cost of the DM server. In the DM schedule described, in order to enable the device to perform device management processing offline (that is, in a state where there is no session with the DM server), the DM server system can be imported. The working schedule of the device management function that can be processed by the DM client of the device is notified to the DM client in advance; and for the architecture, the functions of the components included in the architecture, and the interface between the components. The data structure of the management object, the conditions for executing the scheduling process, etc., are specified, and the structure is configured to set a scheduler for each device; the scheduler is based on the work schedule to implement device management. .

(非專利文獻 1 ) OMA-AD-DM-Scheduling-Vl_0-20060 1 24-D 【發明內容】 如上述,若依據非專利文獻1,則即使DM伺服器和 DM客戶端之間沒有會談的狀態下,仍可藉由DM排程器 來進行設備管理。 可是在此其中,DM伺服器或DM客戶端的狀態發生 改變’而有上述的排程器無法偵測出進行設備管理之觸發 事件的狀況,或是無法隨應於該當事件之偵測結果來執行 -6- 1357558 設備管理的狀況。 例如所述的狀況可想定有,設備電源切斷或網路品質 劣化或DM伺服器當機等發生之狀況。這類狀況發生時, 就無法適切處理工作排程,而有無法適切進行設備管理之 問題點。 因此,在所述狀況下,於各設備中即將無法適切進行 上述設備管理之前,必須要強制性地執行特別的設備管理 機能,以防止所述設備管理無法適切進行之期間,發生不 正當或不良的監視。 又,於各設備中,當復原成可適切進行所述設備管理 之狀況時(電源打開或網路品質變得良好或DM伺服器的 復原等),必須要儘速復原成原本該有的設備狀態。 於是,本發明係有鑑於上述課題而硏發,目的在於提 供一種設備管理裝置,除了可以防止在不能適切進行設備 管理之期間的不正當或不良監視,還可已復原成能夠適切 進行所述設備管理之狀況時,儘速地復原成原本應有的設 備狀態。 本發明之第1特徴,係一種設備管理裝置,其要旨爲 ,具備:設備管理執行部,係藉由執行被設在設備內之設 備管理機能,以進行對該設備之所定管理;和事件偵測部 ,偵測出特定之設備管理事件;前記設備管理執行部,係 隨應於前記特定之設備管理事件之偵測結果、和設備狀態 ,來決定所應執行之前記設備管理機能。 於本發明之第1特徵中,亦可爲,具備:狀態設定部 丨1357558 ,係隨應於前記特定之設備管理事件之偵測結果,來設定 前記設備狀態;和原則管理部,係從將前記設備管理機能 予以特定之複數設備管理原則之中,隨應於被前記狀態設 定部所設定之前記設備狀態、和前記特定之設備管理事件 之偵測結果,來設定應使用之設備管理原則;前記設備管 理執行部,係將被前記原則管理部所設定之前記應使用之 設備管理原則所特定出來的設備管理機能,決定成爲前記 應執行之設備管理機能。 若依據所述發明,則狀態設定部,係可隨應於設備管 理事件之偵測結果,來設定各種設備狀態;設備管理執行 部,係可隨應於所述之設備狀態,執行相應於各種設備管 理原則的設備管理。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於第1狀態之際,前記事件偵測部係偵測到第1設備管理 事件時,則前記狀態設定部係將該設備狀態維持成該第1 狀態不變;前記設備狀態是處於前記第1狀態之際,前記 事件偵測部係偵測到第2設備管理事件時,則前記狀態設 定部,係將該設備狀態設定成第2狀態,前記原則管理部 ,係將該第2狀態用的設備管理原則,設定作爲前記應使 用之設備管理原則。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第1狀態之際,前記事件偵測部係偵測到前記第2 設備管理事件時,則前記設備管理執行部係執行,被當作 前記應使用之設備管理原則而設定之前記第2狀態用的設 -8- 1357558 備管理原則所特定出來的第2設備管理機能。 若依據所述發明,則設備管理執行部係可執行,符合 於已被測知之設備狀態之遷移的設備管理原則所特定出的 設備管理機能。 於本發明之第1特徴中,亦可爲’前記設備狀態是處 於第1狀態之際,前記設備管理執行部係執行,被當作前 記應使用之設備管理原則而設定之前記第1狀態用的設備 管理原則所特定出來的第1設備管理機能;前記原則管理 部,係隨應於被前記第1狀態用的設備管理原則所特定出 來的第1設備管理機能,來決定應被前記第2狀態用的設 備管理原則所特定之前記第2設備管理機能。 若依據所述發明,則可進行考慮到設備狀態變化前所 被執行的設備管理機能及發生過設備狀態變化之雙方的有 彈性之設備管理。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第1狀態之際,只有在前記事件偵測部係偵測到前 記第2設備管理事件後,在一定時間內,未偵測到前記第 1設備管理事件的情況下,前記狀態設定部才將該設備狀 態設定成第2狀態。 若依據所述發明,則當已被測出之設備管理事件係爲 電池電力降低或網路斷線這類情況時’係可忽視於行動終 端等的設備上容易發生的暫時性電池電力降低或網路斷線 這類設備管理事件,可削減設備管理所費之成本。 於本發明之第1特徴中,亦可爲,前記第2設備管理 -9- 1357558 機能,係爲使前記設備中的特定機能變成不可使用之機能 〇 若依據所述發明,則例如,在設備管理機能的執行是 明顯受到限制的設備狀態下,藉由使特定機能變成不可使 用,就可防止不當行爲或不良情形等。 於本發明之第1特徴中,亦可爲,前記第1設備管理 機能,係爲於特定狀況下使其變成可使用或不可使用之機 能。 若依據所述發明,則例如,當第1設備管理機能係將 設備的特定機能,隨應於特定之狀況,而使其成爲可使用 或成爲不可使用的此種限制機能的情況下,會變成不可執 行設備管理機能的設備狀態,若無法測知上述特定狀況, 則該當第1設備管理機能預先就無法使用,可維持成進行 限制最嚴格之設備管理的狀態。 於本發明之第1特徴中,亦可爲,前記第2設備管理 機能,係爲保護前記設備中之特定資訊之機能。 若依據所述發明,則例如,在設備管理機能的執行是 明顯受到限制的設備狀態下,藉由保護特定資訊,就可防 止資訊從設備中外流。 於本發明之第1特徴中,亦可爲,前記設備狀態是處 於前記第2狀態之際,前記事件偵測部係偵測到第3設備 管理事件時,則在前記設備管理執行部執行了,被當作前 記應使用之設備管理原則而設定之前記第2狀態用的設備 管理原則所特定出來的第3設備管理機能後,前記狀態設 -10- 1357558 定部,係將該設備狀態設定成前記第1狀態,前記原則管 理部,係將前記第1狀態用的設備管理原則,設定作爲前 記應使用之設備管理原則。 若依據所述發明,則因爲測知了第3設備管理事件而 將設備狀態予以復原之際,首先,執行依照此時點下所被 設定之設備管理原則的設備管理機能,然後才將設備狀態 設定成原本樣子,因爲如此構成,所以在設備狀態還原前 ,可執行用來復原設備狀態所需之特別的設備管理機能。 於本發明之第1特徴中,亦可爲,前記第3設備管理 機能,係爲使得,當前記設備狀態是處於前記第2狀態之 期間內曾經變成不可使用之前記設備上的特定機能,變成 可以使用之機能。 若依據所述發明,則因設備狀態改變而已變成不可使 用的該當設備管理機能,可使其再度成爲可以使用。 於本發明之第1特徴中,亦可爲,前記第3設備管理 機能,係爲復原前記設備中之特定資訊之機能。 若依據所述發明,則因設備狀態改變而變成不可存取 的特定資訊,可使其再度變成可存取。 於本發明之第1特徴中,亦可爲,事件積存部,係積 存著已被前記事件偵測部所偵測到的前記第1設備管理事 件;前記第2狀態,係爲無法藉由前記事件偵測部來偵測 出前記設備管理事件之狀態;前記第3設備管理機能係至 少含有,針對已被積存在前記事件積存部中之前記第1設 備管理事件的設備管理機能。 -11 - 1357558 於本發明之第1特徵中亦可爲’事件積存部,係若 前記設備狀態是處於前記第2狀態時’則將已被前記事件 偵測部所偵測到的前記第1設備管理事件,加以積存;若 前記事件偵測部係偵測到前記第3設備管理事件,前記狀 態設定部係將前記設備狀態設定成第1狀態,前記原則管 理部係已將前記第1設備管理原則設定作爲前記應使用之 設備管理原則的情況下,則前記設備管理執行部,係隨應 於已積存在前記事件積存部中的前記第1設備管理事件, 來決定前記應執行之設備管理機能。 若依據所述發明,則當無法測出設備管理事件的這類 設備狀態之變化發生時,藉由參照被事件積存部所積存的 、於設備狀態是處於第2狀態之期間內所發生過的第1設 備管理事件,設備狀態復原成第1狀態之際所執行的設備 管理機能,係會執行隨應於所述期間所發生過之第1設備 管理事件的設備管理機能,因爲如此構成,所以所述期間 應被進行的設備管理機能係變成可以執行,可更正確地復 原設備狀態。 於本發明之第1特徴中,亦可爲,前記事件積存部, 係將複數之前記第1設備管理事件,總結地變更成其他第 1設備管理事件。 若依據所述發明’則由於設備狀態是處於第2狀態之 期間內所發生過的第1設備管理事件加以積存的事件積存 部’是理解了所積存的第1設備管理事件之意義,並將該 當第1設備管理事件之集合,轉換成具有相同意義的其他 -12- 1357558 第1設備管理事件,因爲如此構成,所以藉由將事件積存 部中所積存的第1設備管理事件予以總結,轉換成較少的 設備管理事件,就可刪減第1設備管理事件的積存成本, 以及設備狀態復原時的設備管理機能的執行成本。 於本發明之第1特徴中,亦可爲,若在前記設備狀態 是從前記第1狀態遷移成前記第2狀態之前的管理狀況, 和該設備狀態是從該第2狀態遷移成該第1狀態之前的管 理狀況之間發生變化時,則前記設備管理執行部,係執行 前記第3設備管理機能。 若依據所述發明,則在設備狀態是從第2狀態改變成 第1狀態之際,只有在第2狀態中發生管理狀況改變時, 可執行第3設備管理機能,可削減設備管理機能的執行成 本。 於本發明之第1特徴中,亦可爲,前記第1狀態,係 爲可進行對前記設備之前記所定管理之狀態;前記第2狀 態,係爲不可進行對前記設備之前記所定管理之狀態。 若依據所述發明,則於通常之設備管理是難以進行的 特殊設備狀態下,可設定特殊的設備管理原則,執行所述 設備狀態用的特殊之設備管理。 如以上說明,若依據本發明,則可提供一種設備管理 裝置,除了可以防止在不能適切進行設備管理之期間的不 正當或不良監視,還可已復原成能夠適切進行所述設備管 理之狀況時,儘速地復原成原本應有的設備狀態。 1357558 【實施方式】 (本發明之第1實施形態所述之設備管理裝置的構成 ) 參照圖1至圖6,說明本發明之第1實施形態所述之 設備管理裝置1 000的構成。 本實施形態所述之設備管理裝置1000,係對於 Smart-Phone或PDA或筆記型PC等具有可攜性且可與網 路連接的設備(例如行動終端),可讓管理群組(企業的 管理者等)掌握該當設備之狀態或設定等,而可對該當設 備進行所定之管理(以下稱之爲設備管理)的裝置(亦即 設備管理裝置)。 具體而言,本實施形態所述之設備管理裝置1 〇〇〇,係 偵測出設備管理事件2100,並依照設備管理原則2200, 來執行設備管理機能2300。 此外,設備管理裝置1 0 00係被構成爲,當因設備的 狀態或設備周圍的狀況改變而無法適切進行設備管理的狀 況下,則會強制性地執行特別的設備管理機能,監視並防 止設備內的不當或不良情況,當從無法適切進行設備管理 的狀況還原成可適切進行設備管理之狀況時,就可復原成 原本應有的設備管理之狀態。 本實施形態中係參照圖1及圖2,說明企業管理部門 ’爲了將職員之設備20中的外部記錄媒體(mini SD卡等 )1 〇〇之利用加以管理亦即進行所謂「設備管理」,而收 集從設備20向外部記錄媒體1〇〇的存取日誌的案例,隨 -14- 1357558 - 著網路3 00的中途切斷、或DM伺服器10當機等,而無 法適切進行所述設備管理時的情形。 此處,本實施形態中係假設使用Smart-Phone來作爲 設備。 * 參照圖1,說明上述設備管理被適切進行時的例子。 - 所述例子中,企業管理部門係爲了進行對設備20的設備 管理,而利用所擁有之DM伺服器1 〇,進行從設備20對 φ 外部記錄媒體100存取之日誌的收集。 此處,職員所持有的設備20,係具備會依照來自DM 伺服器之指示的客戶端軟體(亦即DM代理器),利用設 備管理機能100,在每一定時間,或者進行特定業務等時 候’執行監視對外部記錄媒體100的存取並取得履歷(存 取日誌)的監視機能(設備管理機能)32、以及透過網路 3 00 (蜂巢網線路或無線LAN等)來向DM伺服器10報 告存取日誌的報告機能(設備管理機能)3 3。 # 接著,參照圖2’說明無法適切進行上述設備管理時 的例子。圖2中,作爲所述例子係圖示了,因D Μ伺服器 ‘ 10的當機或網路3 00的切斷,而無法從設備20向DM伺 : 服器1 0進行存取,無法適切地執行報告存取日誌之報告 . 機能(設備管理機能)3 3時的例子。 所述情況下’設備管理裝置1 0 〇 〇係藉由禁止(鎖住 )對外部iS錄媒體100的存取,以防止不當處理或不良情 形。 具體而Η,於設備20的內部,設備管理裝置1〇〇〇係 -15- 1357558 中斷了監視及收集存取日誌的監視機能(設備管理機能) 32、或報告存取日誌的報告機能(設備管理機能)33之執 行’然後執行將對外部記錄媒體1 00之存取予以鎖住的鎖 住機能(設備管理機能)3 43。 然後,在本實施形態中,從圖2所示之設備狀態而 DM伺服器】〇恢復或網路30〇恢復時,而成爲可以適切執 行存取日誌報告之報告機能(設備管理機能)33的情況下 ’就使其恢復成圖1所示的通常之設備管理狀態(進行對 外部記錄媒體之存取日誌的收集及報告之狀態)。 以下針對實現所述案例之設備管理裝置1 〇〇〇的構成 加以說明。 如圖3所示,設備管理裝置丨〇〇〇係具備:事件偵測 部11〇〇、原則管理部1 200、狀態設定部1 3 00、設備管理 執行部1 4 0 0。 事件偵測部1 1 0 0係被構成爲,會偵測出特定的設備 管理事件。 具體而言’事件偵測部i丨〇 〇係偵測到設備管理事件 2 100的發生’針對所測知的設備管理事件2 10〇是屬於第 1設備管理事件2110’還是屬於第2設備管理事件2120, 或是屬於第3設備管理事件2130而加以決定,並隨著所 述之決定,對狀態設定部13〇〇或設備管理執行部14〇〇傳 達已測知設備管理事件2100之意旨》 此處’第1設備管理事件2110,係爲將一般的設備管 理機能之啓動視爲契機的通常時之事件,係想定爲例如, -16 - 1357558 對外部設備的存取、或來自非接觸1C卡(FeliCa等)的 訊號、來自計時器的通知等。 第2設備管理事件2120,係爲將無法適切進行設備管 理之狀況的開始視爲契機的狀態變化時的事件’係想定爲 例如網路斷線、或DM伺服器的當機、設備的電源切斷等 〇 又,第3設備管理事件2130,係爲將恢復成可適切進 行設備管理狀況視爲契機的狀復原時之事件,係想定爲例 如網路品質的良好化、或DM伺服器的恢復、設備的電源 打開等。 例如,事件偵測部1 1 〇〇係利用各設備管理事件2 1 1 0 至2 1 3 0中所屬的設備管理事件之清單,就可決定所測知 的設備管理事件2100是屬於第1乃至第3設備管理事件 2110乃至2130之哪一者。 圖4中係例示了第1設備管理事件2110中所屬之設 備管理事件的清單(第1事件清單)之例子,圖5中係例 示了第2設備管理事件212〇中所屬之設備管理事件的清 單(第2事件清單)之例子,圖6中係例示了第3設備管 理事件213〇中所屬之設備管理事件的清單(第3事件清 單)之例子。 例如’來自計時器的通知,或因向外部記錄媒體100 進行存取而來自外部記錄介面的岔斷,係被當成第i設備 管理事件來處理。 又’例如’網路斷線、或DM伺服器1 〇的當機,係 -17- 1357558 • 被當成第2設備管理事件2120來處理。 又’例如’網路的恢復、或DM伺服器1〇的復原, 係被當成第3設備管理事件2130來處理。 事件偵測部1 1 0 0,係藉由偵測來自網路介面的岔斷, • 就可測知網路斷線或網路的恢復。 . 又,事件偵測部1100,係藉由負責與DM伺服器10 通訊的報告機能3 3所送來的通知,就可測知D Μ伺服器 φ 1〇是否當機。 又,事件偵測部1 1 〇 〇,係藉由來自事件偵測部1 1 〇 〇 的通知,就可測知DM伺服器是否恢復。 如後述,當設備狀態是處於「第1狀態(可適切進行 設備管理之狀態)」時,事件偵測部11 00係若測知第1 設備管理事件2110或第3設備管理事件2130,則將其意 旨通知給設備管理執行部1400;若測知第2設備管理事件 2120,則將意旨通知給狀態設定部1 3 00。 • 又,同樣地,當設備狀態是處於「第2狀態(難以適 切進行設備管理之狀態)」時,事件偵測部1 1 00係若測 知第1設備管理事件2110或第2設備管理事件2120’則 : 將其意旨通知給設備管理執行部1 400 :若測知第3設備管 . 理事件2130,則將意旨通知給狀態設定部1300。 此處,「第1狀態」係爲可對設備20進行所定管理 (設備管理)之狀態;「第2狀態」係爲對設備20難以 進行設備管理之狀態。 狀態設定部1 3 0 0係被構成爲’隨應於事件偵測部 -18- 1357558 11 〇 〇所致之特定設備管理事件之偵測結果,來設定 態。 參照圖7,說明被狀態設定部i 3 〇 〇所設定的設 發生遷移時的樣子》 設備狀態是處於「第1狀態」之際,當事件 100測知了第1設備管理事件2110或第3設備管 2 1 3 0的情況下’則狀態設定部1 3 〇 〇係將設備狀態 「第1狀態」不變。 又’設備狀態是處於「第1狀態(通常時)」 當事件偵測部1 1 00測知到第2設備管理事件2 1 20 狀態設定部1 3 00係將設備狀態變更成「第2狀態( 可時)j 。 另一方面,設備狀態是處於「第2狀態」之際 件偵測部1 1 〇〇測知了第1設備管理事件2 1 1 0或第 管理事件2 1 20的情況下,則狀態設定部1 3 00係將 態維持成「第2狀態」不變。 又,設備狀態是處於「第2狀態」之際,當事 部1100測知到第3設備管理事件2130時,則狀態 1 3 00係將設備狀態變更成「第1狀態」。 又,亦可構成爲’設備狀態是處於「第1狀態 ,事件偵測部1 1 〇〇測知到第2設備管理事件2 1 20 有當一定時間內未偵測到第1設備管理事件2 1 1 0 下,狀態設定部1 3 00係將設備狀態,設定成「第 設備狀 備狀態 偵測部 理事件 維持成 之際, 時,則 DM不 ,當事 2設備 設備狀 件偵測 設定部 」之際 後’只 的情況 2狀態 -19- 1357558 原則管理部1200係被構成爲,從將設備管理機能予 以特定之複數設備管理原則2200之中,隨應於被狀態設 定部1 3 0 0所設定之設備狀態、和事件偵測部1丨0 〇所致之 特定設備管理事件之偵測結果’來設定應使用之設備管理 原則。 原則管理部1200,係將被選擇成爲應使用之設備管理 原則的設備管理原則,通知給設備管理執行部1 400。 當設備狀態是處於「第1狀態」時,原則管理部1 2 0 0 ,係將第1設備管理原則2210,設定(選擇)成爲應使用 之設備管理原則;當設備狀態是處於「第2狀態」時,原 則管理部1200,係將第2設備管理原則2220,設定(選 擇)成爲應使用之設備管理原則。 例如,設備狀態是處於「第1狀態」之際,當事件偵 測部1 1 1 〇測知到第2設備管理事件2 1 20時,則狀態設定 部Π 3 0係將設備狀態設定成「第2狀態」;原則管理部 1 200,係將第2狀態用設備管理原則(第2設備管理原則 ),設定來作爲應使用之設備管理原則。 此處,設備管理原則2200,係爲用來特定出,於設備 管理執行部1 400上所應執行之設備管理機能的原則。 具體而言,第1設備管理原則221 0係當偵測到第1 設備管理事件2110或第3設備管理事件2130時,就指示 其執行第1設備管理機能2 3 1 0。 另一方面,第2設備管理原則2220係用來指示,當 偵測到第1設備管理事件2 1 1 0或第2設備管理事件2 1 2 0 -20- 1357558 時就執行第2設備管理機能23 20,當偵測到第3設備管理 事件2130時就執行第3設備管理機能2330的原則。 此外,原則管理部1 200係可構成爲從DM伺服器1 0 下載設備管理原則2200,也可構成爲從企業管理部門所發 配的智慧卡等拷貝出設備管理原則2200而加以取得,也 可構成爲去利用在設備20出貨時就預先保持的設備管理 原則2200。 設備管理執行部1400係被構成爲,藉由執行被設在 設備20內的設備管理機能23 00,來進行對設備20的所定 管理(設備管理)。 具體而言,設備管理執行部1400係被構成爲,隨著 事件偵測部1 1 〇〇所致之特定的設備管理事件2 1 00的偵測 結果,和被狀態設定部1 3 00所設定的設備狀態,來決定 所應執行之設備管理機能23 00。 詳言之,設備管理執行部14〇〇係被構成爲,將原則 管理部1 200所設定的「應使用之設備管理原則2200」所 特定出的設備管理機能2 3 00,決定成爲應執行之設備管理 機能2 3 0 0 » 此外,設備管理執行部1 400係亦可被構成爲,隨應 於事件偵測部1 1 〇〇所致之特定的設備管理事件2 1 00的偵 測結果,而將原則管理部1 200所設定的「應使用之設備 管理原則2200」所特定出的設備管理機能2300,決定作 爲應執行之設備管理機能23 00。 例如,設備管理執行部1400係被構成爲,當設備狀 -21 - 1357558 態是處於「第2狀態」,且偵測到第1設備管理事件 或第2設備管理事件2120時,則執行被第2設備管 則2220所特定出來的第2設備管理機能2320。 又,設備管理執行部1 400係被構成爲,當設備 是處於「第2狀態」,且偵測到第3設備管理事件 時,則執行被第2設備管理原則2220所特定出來的 設備管理機能2330。 在本實施形態中,設備管理執行部1 400的第1 管理機能23 1 0 (通常時),係藉由執行監視機能32 視對外部記錄媒體100之存取及收集存取曰誌,同時 執行報告機能3 3以向DM伺服器1 0進行存取日誌的 〇 又,設備管理執行部1 400的第2設備管理機能 (狀態變化時),係藉由執行鎖住機能3 1,以將對外 錄媒體1〇〇之存取機能(特定機能)加以鎖住(使其 不可使用)。 又,設備管理執行部1400的第3設備管理機能 (狀態復原時),係藉由執行鎖住機能3 1,以將對外 錄媒體1 00之存取機能的鎖定,加以解除(使得對外 錄媒體100之存取機能變成可使用)。 此外,不只是如本實施形態般地,設備管理執 1 400執行鎖住機能31以將對外部記錄媒體1〇〇之存 能加以鎖住之案例,還可考慮爲了防止企業的機密文 流,而藉由執行第2設備管理機能(保護設備20中 2 110 理原 狀態 2 130 第3 設備 以監 藉由 報告 2320 部記 成爲 2330 部記 部記 行部 取機 書外 之特 -22- 1357558 定資訊的機能)2320以將機密文書加密’藉由執行 備管理機能(將設備20中之特定資訊予以復原的 2 3 3 0以將加密過的機密文書予以解密的案例。 所述情況下,例如,第2設備管理機能23 20 ,是將被事先附上表示這是機密文書之意旨的旗標 全體(或者指定的部份),使用3DES或RSA等演 予以加密的機能。 此時,第3設備管理機能23 30係爲,基於記 被加密之文書的清單,來將特定文書予以解密的機 又,第2設備管理機能2 3 2 0係亦可爲’利用 統而將機密文書的存取屬性設成「拒絕」的機能( 定資訊之機能),而第3設備管理機能23 3 0係亦 存取屬性還原成「允許」的機能(將特定資訊予以 機能)。 所述情況下,在設備狀態變成「第2狀態」以 2設備管理機能2320就已經積存著機密文書的存取 因此將該當機密文書的存取屬性設成「拒絕」,第 管理機能係取得所積存之該當機密文書的適切之存 ,並將存取屬性加以還原。 此處,設備狀態是處於「第1狀態」之際,當 測部1 1 1 〇偵測到第1設備管理事件2 1 1 0或第3設 事件2130時,則設備管理執行部1400係執行,被 使用之設備管理原則而設定之第1狀態用設備管理 第1設備管理原則)22 1 0所特定出來的第1設備管 第3設 機能) 亦可爲 的文書 算法來 載著已 能。 檔案系 保護特 可爲將 復原之 前,第 屬性, 3設備 取屬性 事件偵 備管理 當成應 原貝IJ ( 理機能 -23- 1357558 2310° 又,設備狀態是處於「第1狀態」之際,當事件偵測 部1 1 1 〇測知到第2設備管理事件2 1 2 0時,則設備管理執 行部1 400係執行,被當成應使用之設備管理原則而設定 之第2狀態用設備管理原則(第2設備管理原則)2220所 特定出來的第2設備管理機能2320。 (本發明之第1實施形態所述之設備管理裝置的動作 ) 參照圖8至圖1 1,說明本發明之第1實施形態所述之 設備管理裝置1000的動作。 第1,參照圖8,說明本實施形態所述之設備管理裝 置1 000的事件偵測部1100的動作。 如圖8所示,於步驟s 1001中,事件偵測部1 100,首 先讀取用來區分各設備管理事件2100是屬於第1乃至第3 設備管理事件之何者的事件清單。 此處,在事件清單中係含有,列舉了第2設備管理事 件的第2事件清單,和列舉了第3設備管理事件的第3事 件清單。 於步驟S 1 002中,事件偵測部Π00係取得現在的設 備狀態。 於步驟S1003至S1005 (事件等待迴圈)中,事件偵 測部Π 〇〇係一直等待設備管理事件的來臨,直到設備管 理結束爲止。 -24- 1357558 事件偵測部11 1 ο,係一旦偵測到設備管理事件來臨, 則於步驟S 1 006中,檢查現在的設備狀態是否處於「第1 狀態」。 當判定爲現在的設備狀態是處於「第1狀態」時,事 件偵測部1 1 1 〇係於步驟S 1 0 1 1至S 1 0 1 3中,利用第2事 件清單,檢查在第2事件清單內是否存在已測知之設備管 理事件。 事件偵測部11 1 0,係一旦判定設備管理事件是存在於 第2事件清單內,則於步驟S1014中,將設備管理事件已 來臨之事實通知給狀態設定部1 3 0 0,返回步驟S 1 0 0 5。 另一方面,事件偵測部1 1 1 0,係一旦判定設備管理事 件並不存在於第2事件清單內,則於步驟S1031中,將設 備管理事件已來臨之事實通知給設備管理執行部1 400,返 回步驟S 1 005。 另一方面’於步驟S1006中,當判定爲現在的設備狀 態並非處於「第1狀態」(亦即處於「第2狀態」)時, 則事件偵測部1 1 1 0係於步驟S 1 0 2 1至S 1 0 2 3中,利用第3 事件清單,檢查在第3事件清單內是否存在已測知之設備 管理事件。 事件偵測部1 1 1 〇,係一旦判定設備管理事件是存在於 第3事件清單內,則於步驟s 1 024中,將設備管理事件已 來臨之事實通知給狀態設定部1 300,返回步驟S 1 005。 另一方面’事件偵測部1 1 1 0,係一旦判定設備管理事 件並不存在於第3事件清單內,則於步驟S1031中,將設 -25- 1357558 備管理事件已來臨之事實通知給設備管理執行部1400,返 回步驟S1005。 此處,事件偵測部π 1 〇係於事件等待迴圈中,偵測 到設備管理的結束時,則結束其處理。 此處,事件偵測部1 11 0係亦可爲,於步驟s 1 0 1 2中 ,偵測到第2設備管理事件時,若在一定時間內,有偵測 到第3設備管理事件,則進行步驟S1014之處理。 其結果爲’可使設備管理裝置1000全體的處理效率 變好。例如’當設備20正在通過隧道內等時候,僅數秒 間發生網路品質劣化,然後網路品質立刻恢復良好的案例 下,則不要使設備狀態遷移至「第2狀態」,而是維持「 第1狀態」不變,處理上比較不冗長。 第2,參照圖9 ’說明本實施形態所述之設備管理裝 置1 000的狀態設定部1 3 00的動作。 如圖9所示,於步驟S1 101中,狀態設定部1 300係 取得現在的設備狀態。此外,在初期狀態下,假設設備狀 態係爲「第1狀態」。 於步驟S1 102至S1 104 (輸入等待迴圈)中,狀態設 定部1 3 00係等待來自事件偵測部1 1 〇〇的通知。 狀態設定部1 3 0 0係當偵測到來自事件偵測部11 〇 〇的 時候,則於步驟S1105中,檢查現在的設備狀態是否處於 「第1狀態」。 若現在的設備狀態是處於「第1狀態」,則於步驟 S 1106中,狀態設定部1 300係將設備狀態設定成「第2狀 -26- 1357558 態」。 另一方面,若現在的設備狀態是處於「第2狀態」, 則於步驟S1 107中,狀態設定部1 3 00係將設備狀態設定 成「第1狀態」。 於步驟S 1 1 08中,狀態設定部1 3 00,係將於步驟 S1 10 6或S1 107中所設定的設備狀態,通知給事件偵測部 11〇〇及原則管理部1200後,返回步驟S1104。 此處,狀態設定部1 3 0 0係於輸入等待迴圈中,偵測 到設備管理的結束時,則結束其動作。 第3 ’參照圖1 〇,說明本實施形態所述之設備管理裝 置1〇〇〇的原則管理部1200的動作。 如圖10所示,於步驟S1201至S1203(原則變更迴 圈)中’原則管理部1 200係等待來自狀態設定部1 3 00的 通知。 原則管理部1 2 0 0係當偵測到來自狀態設定部1 3 0 〇的 通知時,則於步驟S 1 2〇4中,讀取現在的設備狀態,於步 驟S 1 2 05中,檢查現在的設備狀態是否處於「第丨狀態」 〇 若現在的設備狀態是處於「第1狀態」,則原則管理 部1200係於步驟Sl2〇8中,選擇(設定)第1設備管理 原則來作爲應使用之設備管理原則。 另一方面’若設備狀態是處於「第2狀態」,則原則 管理部1200係於步驟S12〇6中,選擇(設定)第2設備 管理原則來作爲應使用之設備管理原則。 -27- 1357558 於步驟Sl2〇7中,原則管理部1 200係將步驟S1206 或S 1 208中所選擇(設定)的設備管理原則,通知給設備 管理執行部1400後,返回步驟S1203。 此外’原則管理部1 2 0 〇,係於原則變更迴圈中,偵測 到設備管理的結束時,則結束其處理。 第4,參照圖1 1,說明本實施形態所述之設備管理裝 置1000的設備管理執行部1400的動作。 如圖11所示,於步驟S1301中,設備管理執行部 1 400係取得,被原則管理部1 200所選擇之設備管理原則 (亦即被原則管理部1 200當成應使用之設備管理原則而 設定的設備管理原則)。 此處,在設備管理原則中係有,通常時(亦即第1狀 態下)所應使用之第1設備管理原則22 1 0,和無法適切進 行設備管理之狀態時(亦即第2狀態下)所應使用之第2 設備管理原則。 在步驟S1301中,假設設備管理執行部1400係取得 屬於初期狀態的第1設備管理原則22 1 0。 於步驟S1302至S1305 (事件等待迴圏)中,設備管 理執行部1 400係等待著來自原則管理部1 200或事件偵測 部1 1 0 0的通知。 設備管理執行部1400,係於步驟S 1 3 03中,若偵測 到來自原則管理部1200的通知時,則於步驟S1311中, 依照所述通知,取得了該當的設備管理原則後,返回步驟 S 1 304 ° -28- 1357558 設備管理執行部1 400,係於步驟S丨3 〇4中,偵測到 來自事件偵測部11〇〇的通知時,則於步驟S1 306中,隨 應於來自事件偵測部Π 〇 〇的通知,選擇所應執行之設備 管理機能,並於步驟S1307中’在執行了已選擇之設備管 理機能後,返回至步驟S 1 305。 此外,設備管理執行部14〇〇,係於事件等待迴圈中, 偵測到設備管理的結束時,則結束其處理。 第5,參照圖1及圖2,說明本實施形態所述之設備 管理裝置1 000的全體動作。此外,假設設備狀態的初期 狀態下係爲「第1狀態」。 於步驟A 1中’事件偵測部1 1 〇〇係若偵測到已到達預 先給予的時刻(來自計時器的通知),則理解到已發生第 1設備管理事件2110之事實,對設備管理執行部14〇〇, 通知已測知第1設備管理事件之意旨。 於步驟A2中’設備管理執行部1400係依照被原則管 理部1200所預先設定的第1設備管理原則2210,作爲第 1設備管理機能2 3 1 0則是執行,每一定時間就監視對外部 記錄媒體1〇〇之存取而收集存取日誌的監視機能32,及向 DMf^]服器10報告存取日誌的報告機能33。 於步驟A3中’若一定時間已結束,則設備管理執行 部1 400係停止第1設備管理機能2310 (監視機能32及報 告機能3 3 )的執行。 於步驟A4中’事件偵測部1 1 〇〇 —旦偵測到網路斷線 發生,則第2設備管理事件212〇便理解到已發生之事實 -29- 1357558 ,對狀態設定部1 3 00,通知已測知第2設備管理事件之意 旨。 於步驟A5中,狀態設定部1 3 〇〇係將設備狀態,設定 成「第2狀態」’並將其意旨,通知給事件偵測部1100 及原則管理部1 200。 於步驟A6中’原則管理部1 200,係選擇第2設備管 理原則2220來當作應使用之設備管理原則,並將其意旨 通知給設備管理執行部1 400。 以降,每當事件偵測部1 100將已測知第1設備管理 事件2110及第2設備管理事件2120的意旨通知給設備管 理執行部1 400之際,設備管理執行部1400係依照第2設 備管理原則2220,作爲第2設備管理機能2320,是執行 鎖住對外部記錄媒體1 0 0之存取的鎖住機能3 1。 於步驟A7中,事件偵測部1 1 〇〇 一旦測知網路恢復, 則理解到已測知第3設備管理事件2 1 3 0,對狀態設定部 1 300及設備管理執行部1 400,通知已測知第3設備管理 事件2 1 3 0之意旨。 此處,由於可以嘗試從設備20對網路進行存取,因 此可以測知蜂巢網線路或無線LAN的網路的恢復。 於步驟A8中’設備管理執行部1400,係依照第2設 備管理原則2220,作爲第3設備管理機能2330,是執行 將對外部記錄媒體1 〇〇之存取的鎖住加以解除的鎖住機能 3 1® 於步驟A9中,狀態設定部1 3 00係將設備狀態,設定 -30- 1100 1357558 成「第1狀態」,並將其意旨,通知給事件偵測部 及原則管理部1200。 於步驟A10中,原則管理部1200,係選擇(設 第1設備管理原則2210來當作應使用之設備管理原 並將其意旨通知給設備管理執行部1400。 以降,每當事件偵測部1 1 00將已測知第1設備 事件2110及第3設備管理事件2130的意旨通知給設 理執行部1 1 400之際,設備管理執行部1 400係依照 定來作爲應使用之設備管理原則的第1設備管理原則 執行第1設備管理機能。 如上述,係被構成爲,設備狀態是處於「第2狀 之際,當事件偵測部1 1 00測知到第3設備管理事件 時,則在·設備管理執行部1 400實行了,被設定用來 應使用之設備管理原則的第2狀態用設備管理原則( 設備管理原則)2220所特定出之第3設備管理機能 之後,狀態設定部1 300係將設備狀態設定成「第1 j :原則管理部1 200,係將第1狀態用設備管理原則 1設備管理原則)22 1 0予以設定以用來作爲應使用之 管理原則。 (本發明之第1實施形態所述之設備管理裝置的 、效果) 若依據本發明之第1實施形態所述之設備管理 1 000,則狀態設定部1 300係隨應於事件偵測部1100 定) 則, 管理 備管 被設 ,而 態」 2130 當成 第2 23 3 0 狀態 (第 設備 作用 裝置 所致 -31 - 1357558 , 之設備管理事件2100(第1乃至第3設備管理事件2110 乃至2130)的偵測結果,來設定各種的設備狀態(第1狀 態或第2狀態),設備管理執行部14〇〇係可隨應於所述 之設備狀態,來執行各種相應於設備管理原則2200的設 一 備管理(使用DM代理器的遠端監視)。 . 若依據本發明之第1實施形態所述之設備管理裝置 1 0 00,則考慮到設備狀態(第1狀態或第2狀態)之改變 φ 前所執行的設備管理機能2300 (第1乃至第2設備管理機 能23 10乃至23 3 0 )以及已發生改變之設備狀態(第1狀 態或第2狀態)之兩者,而進行有彈性的設備管理。 若依據本發明之第1實施形態所述之設備管理裝置 1〇〇〇 ’則設備管理執行部1 400係可執行,符合於已被測 知之設備狀態之遷移的設備管理原則2200所特定出的設 備管理機能23〇0(第1乃至第2設備管理機能2310乃至 23 3 0 ) » φ 若依據本發明之第1實施形態所述之設備管理裝置 1000,則當已被測出之設備管理事件2100係爲電池電力 '降低或網路斷線這類情況時’可忽視於行動終端等的設備 *- 20上容易發生的暫時性電池電力降低或網路斷線這類設備 _ 管理事件2100,可削減設備管理所費之成本。 若依據本發明之第1實施形態所述之設備管理裝置 1 0 0 0,則例如’在設備管理機能的執行是明顯受到限制的 設備狀態下,藉由保護特定的資訊(例如機密文書),就 可防止從設備20外流資訊。 -32- 1357558 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則因爲測知了第3設備管理事件2 1 3 0而使設備狀 態從第2狀態復原成第1狀態之際,首先,執行依照此時 點下所設定之第2設備管理原則2220的第3設備管理機 能23 3 0,然後才將設備狀態設定成原本樣子,因爲如此構 成’所以在設備狀態還原前,就可執行用來將設備狀態復 原成第1狀態所需之特別的設備管理機能(使對外部記錄 媒體100之存取變成可以使用之機能,或將機密文書予以 解密之機能等)。 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則因設備狀態改變而變成不可存取的特定資訊(例 如機密資訊),可使其再度變成可存取。 若依據本發明之第1實施形態所述之設備管理裝置 1 000,則於通常之設備管理是難以進行的特殊設備狀態( 第2狀態)下,可設定特殊的設備管理原則2300,執行所 述設備狀態用的特殊之設備管理。 若依據本發明之第1實施形態所述之設備管理裝置 1000,則例如,在設備管理機能23 00的執行是明顯受到 限制的設備狀態(第2狀態)下,藉由使得特定的機能( 例如對外部記錄媒體的存取機能)變成可不使用,就可防 止不當行爲或不良情形等。 (第2實施形態所述之設備管理裝置) 參照圖1 2至圖1 7,說明本發明之第2實施形態所述 -33- 1357558 之設備管理裝置1 000 °以下,關於本發明之第2實施形態 所述之設備管理裝置1 000,著眼於和上述第丨實施形態所 述之設備管理裝置1 〇〇〇的相異點來加以說明。 本實施形態所述之設備管理裝置1〇〇〇之構成,雖然 是和第1實施形態所述之設備管理裝置1 000的構成相同 ,但本實施形態係如圖1 2所示,在設備管理裝置1 〇〇〇外 的設備內部或設備外部’設有事件積存部2400,具有如此 特徵。 事件積存部2400係被構成爲,設備狀態是處於「第2 狀態」時’將事件偵測部1 1 〇〇所測出的第1設備管理事 件2 1 1 0,加以積存。 事件積存部2 4 0 0中所積存的第!設備管理事件2 1 1 0 ’係在設備管理裝置1 000的設備狀態是從「第2狀態」 正確地復原成「第1狀態」之際,會被利用。 本實施形態中是想定爲,如圖1 3及圖1 4所示,設備 20是內建非接觸1C卡400,職員是利用非接觸1C卡400 ,來利用各辦公室系統的情形。 具體而言,本實施形態所述之非接觸1C卡400,係具 備:用來管理對辦公室之入退室的入退室機能410、和對 PC的登入機能420。 職員係藉由將非接觸1C卡400放到讀卡機400A (例 如FeliCa讀卡機),以使入退室機能410及登入機能42 0 發揮作用。 亦即,職員係藉由把非接觸1C卡400放到辦公室入 -34- 1357558 口所準備的讀卡機400A,就可進入辦公室內,藉由把非 接觸1C卡4 00放到辦公室出口所準備的讀卡機400A,就 可從辦公室退室。 又,職員係藉由把非接觸1C卡400放到PC所具備的 讀卡機400A,就可對PC進行登入。 然後,假設入退室機能4 1 0及登入機能420,係按照 以下的規則而彼此合作。 •依據職員進入辦公室之事實,使得對PC的登入機 能42 0變成有效(可使用)。 •當職員從辦公室退室時,則使得對PC的登入機能 420變成無效(不可使用)。 •只有當PC被准許在辦公室外使用的情況下,才會 讓職員從辦公室中退室以後,仍可經由伺服器來對PC的 登入機能420,設成有效。 •上述的非接觸1C卡的登入機能之有效化/無效化, 係經由DM伺服器1 0來爲之。 此處,登入機能420,如上述,係可隨著使用者對辦 公室的入退室狀況(特定的狀況),而變成可使用或不可 使用,例如,負責決定是否可登入至PC,相當於第1設 備管理機能之角色。 參照圖1 3及圖1 4,說明將使用本實施形態所述之設 備管理裝置10 00的設備管理(入退室管理及登入管理) 加以實現的系統。 具體而言,所述系統係具備:非接觸1C卡400的入 -35- 1357558 退室機能410、登入機能420、設備管理裝置1〇〇〇、將入 退室事件通知給DM伺服器1 0的事件通知機能34、伴隨 所述通知而使登入機能420變成有效化(可使用)或無效 化(不可使用)的DM伺服器10。 當職員對辦公室入室時,非接觸1C卡400被放在讀 卡機400A時,則設備管理裝置1 000係透過入退室機能 4 1 0而測知入室事件。 設備管理裝置1 〇〇〇,係伴隨著入室事件的測知,而啓 動(執行)事件通知機能3 4,對DM伺服器10通知所測 知的入室事件。DM伺服器1 0係使登入機能420有效化, 使得辦公室內的對PC之登入,成爲可能。 又,當職員從辦公室退室時,非接觸1C卡40 0被放 在讀卡機400A時,則和入室時同樣地,對DM伺服器10 通知退室事件。 DM伺服器1 0,係判斷該當設備的使用者亦即職員, 是否有被許可在辦公室外利用PC,若有許可時,則使登 入機能4 1 0有效化。 上述的處理,若被正常執行,則除了正當的使用者以 外,在辦公室外應該是不能利用PC。可是,如上述,會 有無法適切進行設備管理的情形。 所述情形,例如假設爲圖1 4所示的狀況。所述例子 中,假設因爲設備的斷電等,導致DM代理器30本身無 法測知入退室事件。 一般而言,行動終端等之設備20中所具備的非接觸 -36- 1357558 1C卡400,係由於可以微弱的電力來動作,因此即使設備 2〇的電源是切斷的狀態下,非接觸1C卡400中所具備的 入退室機能410或登入機能420係爲可使用。 可是在此同時,此種狀態下,由於設備20上的軟體 亦即DM代理器30係無法動作,因此對DM伺服器1 0通 知入退室事件的事件測知機能3 4係爲無法動作^ 因此,當使用者是進入辦公室之狀態下,將設備20 的電源予以切斷時,可能會導致登入機能420是保持在無 效化,使用者就從辦公室退室。 爲了防止此種狀況,例如,設備20的電源是藉由長 壓該當設備所具備的電源鈕而被切斷時,則設備管理裝置 1 〇〇〇,係測知所述的設備20之斷電事件,利用事件測知 機能34,將其意旨對DM伺服器10進行通知,藉由DM 伺服器10而使登入機能420無效化。 其結果爲,即使當使用者是切斷設備20之電源,而 從辦公室退室時,也無法在登入機能420沒有被有效化的 情況下,在辦公室外利用PC。 此處並未考慮到,藉由拔下電池來切斷設備20之電 源的情形。雖然設備管理裝置1 〇〇〇要測知此種事件是有 困難,但是原本在沒有電池的狀態下,非接觸1C卡400 本身係不動作,因此入退室或登入本身都不可能,在辦公 室外不當使用PC的疑慮是不存在的。 然後,如上述,考慮登入機能420被強制性無效化而 切斷了設備2 0之電源後,設備2 0的電源再被打開時的情 -37- 1357558 * 形。 所述情形,無論使用者是在辦公室內或辦公室外,都 被許可使用PC的情況下,則必須要使登入機能420變成 有效。 • 又,若是不被許可在辦公室外使用PC的情況下,則 • 登入機能420必須要維持無效化才行。 如上述’爲了實現往正常狀態的復原,本實施形態中 φ 係假定爲,在設備20的內部或設備20的外部,具備了事 件積存部2400,係用來探知並積存在該當設備20電源切 斷期間所發生的入退室事件。 例如’入退室機能420,是可具備所述的事件積存部 2400。如上述,即使在設備20電源切斷期間,非接觸1C 卡400及入退室機能420係爲可動作,因此事件積存部 2400若被入退室機能420所具備,則可將設備20電源切 斷期間所發生的入退室事件加以積存。 # 只不過,在本實施形態中,由於使用者究竟是處於入 室到辦公室或是從辦公室退室之哪種狀態下並非明朗,因 此事件積存部2400係爲,一旦積存了退室事件,則可將 ••其以前所積存的入室事件加以丟棄。 又’同樣地,事件積存部2400係爲,一旦積存了入 * 室事件,則可將其以前所積存的退室事件加以丟棄。 再者,當設備20的電源打開時,則設備管理裝置 1 000係測知該意旨,基於事件積存部2400中所積存的入 退室事件,來執行事件通知機能34,就可使設備20復原 •38- 1357558 • 成正常狀態。 此處,圖1 5至圖1 7中係例示了,本實施形態所述之 事件偵測部1 100所測出的第1乃至第3設備管理事件的 清單。 • 圖15中係例示了第1設備管理事件2110中所屬之設 . 備管理事件的清單(第_1事件清單)之例子,圖16中係 例示了第2設備管理事件21 2〇中所屬之設備管理事件的 φ 清單(第2事件清單)之例子,圖17中係例示了第3設 備管理事件213〇中所屬之設備管理事件的清單(第3事 件清單)之例子。 在本實施形態中,當第2事件清單當中「ID=0」的 設備管理事件(設備斷電)發生時,則狀態設定部1300 係將設備狀態改變成「第2狀態」;當第3事件清單當中 「ID = 0」的設備管理事件(設備復電)發生時,則狀態 設定部1300係將設備狀態復原成「第1狀態」。 φ 此處’於本實施形態中,「第1狀態」係爲設備20 正常動作之狀態,「第2狀態」係爲設備20的電源切斷 狀態(無法被事件偵測部1 1 0 0偵測出設備管理事件2 1 0 0 之狀態)。 又,於本實施形態中,「第1設備管理事件21 1 0」係 爲入退室事件,「第2設備管理事件2120」係爲爲了切斷 電源而長壓電源鈕的事件,「第3設備管理事件2130」係 爲設備的電源打開。 再者,在本實施形態中,「第1設備管理機能2310」 -39- 1357558 . 係爲對DM伺服器10通知入退室事件,「第2設備 機能2320」係爲對DM伺服器10通知設備20斷電, 3設備管理機能2 3 3 0」係爲事件積存部2400中所積 入退室事件的的DM伺服器10之通知。 , 然後,「第1設備管理原則22 1 0」係規定,在設 . 測到入退室事件時,將其意旨通知給DM伺服器1 〇 : 2設備管理原則2220」係規定,將設備20的斷電要向 φ 伺服器通知及將設備20斷電期間所積存的入退室事 向DM伺服器通知。 藉由進行如上述的置換,且設備管理裝置10 00 第1實施形態同等地動作,就可實現本實施形態所述 統。 此處,本實施形態中,事件積存部2400係亦可 成爲,將複數的第1設備管理事件2 1 1 0予以總結然 更成其他第1設備管理事件2110。 φ 例如,事件積存部2400係亦可被構成爲,若其 的第1設備管理事件2110是積存著第1設備管理 2 1 1 0係將「入室事件+退室事件+入室事件」時,則 ·. 這些第1設備管理事件2 1 1 0,總結地積存成爲「入室 J 0 若依據本發明之第2實施形態所述之設備管理 1 000,則例如,當第1設備管理機能2310係隨著特 狀況(使用者的辦公室入退室狀況),而會變成可使 成爲不可使用的此種限制機能(登入機能)的情況下 管理 「第 存的 備偵 「第 DM 件要 是和 之系 被構 後變 複數 事件 可將 事件 裝置 定的 用或 ,則 -40- 1357558 成爲無法執行第1設備管理機能23 10的設備狀態(第2 ^ Μ } 無法測知上述之特定狀況(使用者的辦公室入 退室狀況)時’則將該當第1設備管理機能2310(登入機 @ ) ® ^成不可使用,就可維持成進行最嚴格限制之設 備管理的狀態。 若依據本發明之第2實施形態所述之設備管理裝置 1 000 ’則設備狀態是處於第2狀態之期間內所發生過的第 1設備管理事件2110加以積存的事件積存部24 〇〇,是理 解了所積存的第1設備管理事件211〇之意義,並將該當 第1設備管理事件2110之集合(「入室事件+退室事件+ 入室事件」)’轉換成具有相同意義的另一第1設備管理 事件2 1 1 0 ( 「入室事件」),因爲如此構成,所以藉由將 事件積存部2400中所積存的第1設備管理事件211〇加以 總結’轉換成較少的第1設備管理事件211〇,就可刪減第 1設備管理事件2110的積存成本,以及設備狀態復原時的 設備管理機能2300的執行成本。 (第3實施形態所述之設備管理裝置) 參照圖1 8至圖20 ’說明本發明之第3實施形態所述 之設備管理裝置1〇〇〇。以下’關於本發明之第3實施形態 所述之設備管理裝置1000’著眼於和上述第1或第2實施 形態所述之設備管理裝置1 000的相異點來加以說明。 本實施形態中,於第2實施形態中,「第2狀態」並 邦設備2〇的斷電,而是考用DM伺服器1 〇當機之狀態。 -41 - 1357558 本實施形態與第2實施形態之間的相異部份,係爲設 備管理裝置1000是具備了,用來積存DM伺服器10當機 中所發生的入退室事件的事件積存部Π10。 參照圖19,說明DM伺服器10的當機及恢復時的動 作。 在DM伺服器10當機中,設備管理裝置1〇〇〇及非接 觸1C卡400雖然都正常動作,但由於DM伺服器10當機 ,所以即使發生了入退室事件,設備管理裝置1 000仍無 法藉由執行事件通知機能34,來將入退室事件通知給DM 伺服器1 〇。 所述情況下,由於職員(使用者)從辦公室退室時, 無法使登入機能420變成不可使用,因此和第2實施形態 之情形同樣地,雖然必須要在職員已經入室到辦公室的狀 態下,仍必須使登入機能420變成不可使用,防止在辦公 室外不當使用PC,但是在DM伺服器10正處於當機的狀 況下,所述處理根本不可能進行。 因此,在DM伺服器10當機的時點,設備管理裝置 1〇〇〇係啓動設備無效化機能35,使非接觸1C卡400本身 無效化,就可使登入機能420無效化。 例如,藉由設備20的設定來禁止非接觸1C卡400的 利用,或是將對應的設備驅動程式從OS中刪除等等,就 可使登入機能420無效化。 又,設備管理裝置1〇〇〇中的事件積存部1110,係將 DM伺服器10當機中所發生的入退室事件加以積存,若 -42- 1357558 DM伺服器l〇恢復而變成可執行設備管理機能2300之狀 態,則執行相關的設備管理機能2300,恢復回正常的設備 狀態。 此處,圖1 5至圖1 7中係例示了,本實施形態所述之 事件偵測部1 1 00所測出的第1乃至第3設備管理事件的 清單。 圖15中係例示了第1設備管理事件2110中所屬之設 備管理事件的清單(第i事件清單)之例子,圖16中係 例示了第2設備管理事件2120中所屬之設備管理事件的 清單(第2事件清單)之例子,圖17中係例示了第3設 備管理事件213〇中所屬之設備管理事件的清單(第3事 件清單)之例子。 在本實施形態中,當第2事件清單當中「ID = 1」的 設備管理事件(DM伺服器當機)發生時,則狀態設定部 1 3 00係將設備狀態改變成「第2狀態」;當第3事件清單 當中「ID =1」的設備管理事件(DM伺服器恢復)發生時 ’則狀態設定部1 3 00係將設備狀態復原成「第丨狀態」 〇 此處’於本實施形態中,「第1狀態」係爲設備2 0 正常動作之狀態,「第2狀態」係爲DM伺服器1 0當機 之狀態。 又,於本實施形態中,「第1設備管理事件2 1 1 0」係 爲入退室事件,「第2設備管理事件2120」係爲將DM伺 服器10已當機之事實加以通知的事件,「第3設備管理 -43- 1357558 事件2 1 3 Ο」係爲將DM伺服器1 〇已經恢復之事實加以通 知之事件。 所述通知,係可藉由例如 SMS (Short Message Service)的push機能來實現。 再者,「第1設備管理機能2310」係爲對DM伺服器 10通知入退室事件,「第2設備管理機能23 20」係爲對 DM伺服器10通知設備20斷電,「第3設備管理機能 2 3 3 0」係爲事件積存部2400中所積存的入退室事件的的 DM伺服器10之通知。 如此,「第3設備管理機能23 3 0」係至少含有,針對 事件積存部2400中所積存之入退室事件(第1設備管理 事件)的設備管理機能。 具體而言,「第3設備管理機能2330」係含有,於「 第2狀態」下,將作爲第1設備管理事件而被積存在事件 積存部2400中的入退室事件,在恢復成「第1狀態」後 ,向DM伺服器進行通知(上傳)的此種「對第1設備管 理事件的設備管理機能」。 再者,在本實施形態中,「第1設備管理機能23 1 0」 係爲向DM伺服器10通知入退室事件,「第2設備管理 機能23 20」係爲設備無效化機能35所致之非接觸1C卡 400的無效化,「第3設備管理機能2330」係爲事件通知 機能34所致之將事件積存部1110中所積存的入退室事件 通知給DM伺服器10。 然後,「第1設備管理原則221 0」係規定,在設備偵 -44 - 1357558 測到入退室事件時,將其意旨通知給DM伺服器1 Ο ; 「第 2設備管理原則2220」係規定,DM伺服器10當機中所被 積存在事件積存部1110中的入退室事件要向DM伺服器 1 〇進行通知。 此處,設備無效化機能35係擔任,使得設備20上的 特定機能(登入機能42 0及入退室機能410)變成不可使 用的第2設備管理機能的角色。 又,設備無效化機能3 5係擔任,使得設備狀態是處 於「第2狀態」期間被變成不可使用的設備20上的特定 機能(登入機能4 2 0及入退室機能410)變成可以使用的 第3設備管理機能的角色。 接著,參照圖20,說明本實施形態所述之設備管理裝 置1 000的事件偵測部1 1 00的動作。本實施形態中,事件 偵測部Π 〇〇,係具備事件積存部1 1 1 0來作爲子集合。 本實施形態中的事件偵測部1 1 0 0之動作,和圖8所 示第1實施形態中的事件偵測部1 1 00之動作的不同點, 係爲步驟S1423及S1426 。 於步驟S 1 423中,事件偵測部11〇〇係當設備狀態是 處於「第2狀態」之期間,將被判定爲第3事件清單中未 記載之設備管理事件,積存在事件積存部1110中。 又’於步驟S 1426中,事件偵測部1 1〇〇係將已被積 存在事件積存部1110中的設備管理事件,對設備管理執 行部1 400進行通知’並當成第3設備管理機能而加以執 行。 -45- 1357558 其結果爲,事件偵測部1 1 00係可將dm伺服器1 0當 機中所偵測到的不屬於第3設備管理事件2 ! 3 〇中的設備 管理事件(亦即第1設備管理事件2110)的入退室事件, 積存在事件積存部1110中。 如上述’隨應於事件積存部1110中所積存的設備管 理事件’使設備管理機能有效或無效化(亦即決定所應執 行之設備管理機能)’就可將設備20復原成正確狀態。 此外’若連1筆設備管理事件2100都未被積存,則 只要單純地復原成設備狀態進入「第2狀態」之前的狀態 即可。 上述例子中,設備狀態變成「第2狀態」前,若登入 機能420爲有效,則只要將所述之登入機能420設成有效 即可。 如上述’在本實施形態中,若事件偵測部1 1 00係偵 測到事件偵測部1 1 00,狀態設定部1 3 00係將設備狀態設 定成「第1狀態」,原則管理部1 200係將第1設備管理 原則2 1 1 0設定成爲應使用之設備管理原則時,則設備管 理執行部1 400,係亦可被構成爲,隨應於事件積存部 2400中所積存的第1設備管理事件2110(「入室事件+退 室事件+入室事件」),來決定所應執行之設備管理機能 2300 ° 亦即,原則管理部1 200,係隨應於被第1狀態用的設 備管理原則(第1設備管理原則2 1 1 0 )所特定出來的第1 設備管理機能2310,來決定應被第2狀態用的設備管理原 -46- 1357558 - 則(第2設備管理原則2120)所特定出來的第2設備管理 機能。 又,說明事件積存部的另一實現方法。 以下,爲了將所述的事件積存部,和上述的事件積存 - 部1 1 10加以區別,而稱作管理狀況積存部1 120。 . 管理狀況積存部1120,係如上述,適當第1設備管理 事件2110只有2種類(入室或退室)時才爲有效。 φ 管理狀況積存部11 2〇係爲,其「第1管理狀況」是 儲存著,設備狀態從「第1狀態」即將變成「第2狀態」 之前的管理狀況;其「第2管理狀況」是儲存著,設備狀 態從「第2狀態」即將變成「第1狀態」之前的管理狀況 〇 然後,若在「第1管理狀況」和「第2管理狀況」之 間做變化時’則設備管理執行部1 4 0 0係執行第3設備管 理機能23 3 0 〇 φ 亦即’若「第1管理狀況」是代表職員往辦公室內入 室狀態’ 「第2管理狀況」是代表職員往辦公室外退室狀 態’則只要使登入機能420無效化即可。 - 又’若「第1管理狀況」是代表職員往辦公室外退室 . 狀態’ 「第2管理狀況」是代表職員往辦公室內入室狀態 ’則只要使登入機能420有效化即可。 若依據本發明之第3實施形態所述之設備管理裝置 1 000 ’則當無法測出設備管理事件2 1 〇〇的這類設備狀態 之變化(從第1狀態變化成第2狀態)發生時,藉由參照 -47- 1357558 被事件積存部π 1 0所積存的、於設備狀態是處於第2狀 態之期間內所發生過的第1設備管理事件2 1 1 0,設備狀態 復原成第1狀態之際所執行的設備管理機能23 00,係會執 行隨應於所述期間所發生過之第1設備管理事件2 Π 0 (入 退室事件)的設備管理機能2300 (設成有效化或無效化) ,藉由如此構成,所以所述期間應被進行的設備管理機能 (登入機能)係變成可以執行,可更正確地復原設備狀態 e 若依據本發明之第3實施形態所述之設備管理裝置 1 000,則在設備狀態是從第2狀態改變成第1狀態之際, 只有在第2狀態中發生管理狀況改變時,才可執行第3設 備管理機能23 3 0,可削減設備管理機能的執行成本。 以上雖然使用上市實施形態來詳細說明本發明,但對 當業者而言’本發明係並非受到本說明書中所說明之實施 形態所限定。本發明在不脫離申請專利範圍之記載所決定 的本發明之宗旨及範圍下’可以用修正或變更態樣的方式 來實施。因此’本說明書的記載係僅用來例示說明爲目的 ,並不具有對本發明做任何限制之意思。 此外,日本國專利申請案第2006-330610號( 2006年 12月7日申請)的全部內容,是藉由參照而被包含在本案 說明書中。 [產業上利用之可能性] 如以上,若依據本發明所述之設備管理裝置,則除了 -48- 1357558 可以防止在不能適切進行設備管理之期間的不正當或不良 監視,還可在已復原成能夠適切進行所述設備管理之狀況 時,儘速地復原回原本應有的設備狀態。因此對於具備設 備(例如行動終端)的通訊系統等來說是有用的。 【圖式簡單說明】 [圖1 ]圖1係使用具備本發明之第1實施形態所述之 設備管理裝置之DM代理器的遠端監視的說明用圖。 [圖2]圖2係使用具備本發明之第1實施形態所述之 設備管理裝置之DM代理器的遠端監視的說明用圖。 [圖3]圖3係本發明之第1實施形態所述之設備管理 裝置的機能區塊圖。 [圖4]圖4係本發明之第1實施形態所述之設備管理 裝置上所用的第1設備管理事件之清單之一例圖。 [圖5 ]圖5係本發明之第1實施形態所述之設備管理 裝置上所用的第2設備管理事件之清單之一例圖。 [圖6]圖6係本發明之第1實施形態所述之設備管理 裝置上所用的第3設備管理事件之清單之一例圖。 [圖7]圖7係本發明之第1實施形態所述之設備管理 裝置中的狀態設定部所管理的設備狀態之遷移圖^ [圖8]圖8係本發明之第1實施形態所述之設備管理 裝置中的事件偵測部之動作的流程圖。 [圖9]圖9係本發明之第!實施形態所述之設備管理 裝置中的狀態設定部之動作的流程圖。 -49- Ϊ357558 [圖10]圖10係本發明之第i實施形態所述之設備管 理裝置中的原則管理部之動作的流程圖。 [圖11 ]圖11係本發明之第1實施形態所述之設備管 理裝置中的設備管理執行部之動作的流程圖。 [圖12]圖12係使用具備本發明之第2實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖1 3 ]圖1 3係使用具備本發明之第2實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖I4]圖14係本發明之第2實施形態所述之設備管 理裝置的.機能區塊圖。 [圖1 5 ]圖1 5係本發明之第2實施形態所述之設備管 理裝置上所用的第1設備管理事件之清單之一例圖。 [圖1 6]圖1 6係本發明之第3實施形態所述之設備管 理裝置上所用的第2設備管理事件之清單之一例圖。 [圖1 7]圖1 7係本發明之第4實施形態所述之設備管 理裝置上所用的第3設備管理事件之清單之一例圖。 [圖18]圖18係本發明之第3實施形態所述之設備管 理裝置的機能區塊圖。 [圖19]圖19係使用具備本發明之第3實施形態所述 之設備管理裝置之DM代理器的入退室管理的說明用圖。 [圖20]圖20係本發明之第3實施形態所述之設備管 理裝置中的事件偵測部之動作的流程圖。 【主要元件符號說明】 -50- 1357558 1 Ο : D Μ伺服器 2 Ο :設備 3 0 : D Μ代理器 3 1 :鎖住機能 3 2 :監視機能(設備管理機能) 3 3 :報告機能(設備管理機能) 34 :事件通知機能 3 5 :設備無效化機能 100 :外部記錄媒體 300 :網路 400 :非接觸1C卡 4 00 A :讀卡機 4 1 0 :入退室機能 420 :登入機能 1〇〇〇 :設備管理裝置 1 1 〇 〇 :事件偵測部 1 1 1 0 :事件積存部 1 1 2 0 :管理狀況積存部 1 1 3 0 :狀態設定部 1 200 :原則管理部 1 3 0 0 :狀態設定部 1 400 :設備管理執行部 2100:設備管理事件 2 1 1 0 :第1設備管理事件 -51 - 1357558 2120:第2設備管理事件 2 1 3 0 :第3設備管理事件 2200 :設備管理原則 22 1 0 :第1狀態用設備管理原則(第1設備管理原則) 2220 :第2狀態用設備管理原則(第2設備管理原貝IJ ) 23 00 :設備管理機能 2310 :第1設備管理機能 2320 :第2設備管理機能 23 3 0 :第3設備管理機能 2400 :事件積存部(Non-Patent Document 1) OMA-AD-DM-Scheduling-Vl_0-20060 1 24-D [Summary of the Invention] As described above, according to Non-Patent Document 1, even if there is no talk between the DM server and the DM client Under the DM scheduler, device management can still be performed. However, in this case, the status of the DM server or the DM client is changed, and the above scheduler cannot detect the status of the device management trigger event, or cannot perform the detection result of the event. -6- 1357558 Condition of device management. For example, the situation described may be a situation in which the power of the device is cut off or the network quality is deteriorated or the DM server is down. When such a situation occurs, it is impossible to properly handle the work schedule, and there is a problem that the equipment management cannot be properly handled. Therefore, in the above situation, before the device management is not properly performed in each device, it is necessary to enforce a special device management function to prevent the device from being improperly handled during the period in which the device management cannot be properly performed. Surveillance. In addition, in each device, when the device management is properly performed (the power is turned on, the network quality is good, or the DM server is restored, etc.), it is necessary to restore the device as it is. status. Accordingly, the present invention has been made in view of the above problems, and an object of the invention is to provide a device management apparatus which can be prevented from being improperly or poorly monitored during the period in which device management cannot be properly performed, and can be restored to enable the device to be appropriately performed. In the case of management, the state of the equipment should be restored as soon as possible. A first aspect of the present invention is a device management apparatus, comprising: a device management execution unit that performs a device management function provided in a device to perform management of the device; and event detection The measuring unit detects a specific device management event; the pre-recording device management execution unit determines the device management function to be performed before the execution of the specific device management event detection result and the device status. In the first aspect of the present invention, the state setting unit 丨1357558 may be provided to set the state of the pre-recording device according to the detection result of the device management event specified in the foregoing; and the principle management unit The pre-recording device management function can specify the device management principle to be used in the specific multi-device management principle, in accordance with the detection result of the device status set by the pre-recording status setting unit and the specific device management event. The pre-recorded equipment management execution department determines the equipment management function that is specified in the equipment management principle that is set by the pre-recording principle management department. According to the invention, the state setting unit can set various device states according to the detection result of the device management event; the device management execution unit can perform corresponding to various states according to the device state Equipment management for equipment management principles. In the first aspect of the present invention, when the state of the pre-recording device is in the first state, when the pre-recording event detecting unit detects the first device management event, the pre-recording state setting unit sets the device status. When the state of the device is maintained in the first state, and the event detection unit detects the second device management event, the pre-recording state setting unit sets the device state to In the second state, the pre-recording principle management unit sets the device management principle for the second state as the device management principle to be used in the pre-recording. In the first aspect of the present invention, when the state of the pre-recording device is in the first state before the pre-recording event detecting unit detects the second device management event, the pre-recording device management execution unit executes It is the second device management function that is specified in the management principle of the second-stage state. According to the invention, the device management execution unit is executable and conforms to the device management function specified by the device management principle of the device state transition that has been detected. In the first aspect of the present invention, the pre-recording device management execution unit executes when the pre-recorded device state is in the first state, and is set as the first state before the device management principle to be used as the pre-recording. The first device management function specified by the device management principle; the pre-recording principle management department determines the first device management function specified by the device management principle for the first state of the pre-recording. The device management principle of the state is specified before the second device management function. According to the invention, it is possible to perform flexible device management in consideration of both the device management function performed before the device state change and the device state change. In the first aspect of the present invention, the pre-recording device state may be in the first state before, and only after the pre-recording event detecting unit detects the pre-recording second device management event, for a certain period of time, When the first device management event is detected, the pre-status setting unit sets the device state to the second state. According to the invention, when the device management event that has been detected is a situation in which battery power is reduced or the network is disconnected, it is possible to ignore the temporary battery power reduction that is likely to occur on a device such as a mobile terminal or Device management events such as network disconnection can reduce the cost of equipment management. In the first aspect of the present invention, the second device management-9-1357558 function may be used to make the specific function in the predecessor device unusable, and according to the invention, for example, in the device In the state of the device where the execution of the management function is significantly restricted, by making the specific function unusable, it is possible to prevent inappropriate behavior or bad conditions. In the first aspect of the present invention, the first device management function may be a function that is usable or unusable under a specific condition. According to the invention, for example, when the first device management function can make the specific function of the device become a usable or unusable restriction function depending on a specific situation, it becomes If the device status of the device management function is not executable, if the specific condition cannot be detected, the first device management function cannot be used in advance, and the device management state in which the restriction is the most restrictive can be maintained. In the first aspect of the present invention, the second device management function may be used to protect the specific information in the predecessor device. According to the invention, for example, in a device state in which the execution of the device management function is significantly restricted, by protecting the specific information, it is possible to prevent the information from flowing out of the device. In the first aspect of the present invention, when the state of the pre-recording device is in the second state before the pre-recording event detecting unit detects the third device management event, the pre-recording device management executing unit may execute the third device management event. It is set as the device management principle to be used in the pre-recording, and the third device management function specified in the device management principle for the second state is set, and the pre-recorded state is set to -10- 1357558. In the first state of the pre-recording, the pre-requisite management department sets the equipment management principle for the first state in the pre-recording as the pre-recorded equipment management principle. According to the invention, when the device state is restored by detecting the third device management event, first, the device management function according to the device management principle set at this time is executed, and then the device state is set. As it is, because of this configuration, special device management functions required to restore the state of the device can be performed before the device state is restored. In the first aspect of the present invention, the third device management function may be such that the current device state is in a state of being in the second state before the previous function becomes unusable, and becomes a specific function on the device. The function you can use. According to the invention, the device management function that has become unusable due to a change in the state of the device can be made available again. In the first aspect of the present invention, the third device management function may be used to restore the specific information in the pre-recording device. According to the invention, specific information that becomes inaccessible due to a change in the state of the device can be made accessible again. In the first aspect of the present invention, the event storage unit may store a pre-recorded first device management event detected by the pre-recorded event detecting unit; and the second state may be preceded by the pre-recording The event detecting unit detects the status of the pre-recorded device management event; the pre-recorded third device management function includes at least the device management function for the first device management event that has been accumulated in the pre-recorded event storage unit. -11 - 1357558 In the first feature of the present invention, the event accumulation unit may be the event storage unit, and if the state of the device is in the second state, the first note is detected by the previous event detection unit. The device management event is accumulated; if the event detection department detects the third device management event, the pre-status setting unit sets the pre-recorded device state to the first state, and the pre-requisite management department has pre-recorded the first device. When the management principle is set as the pre-recorded device management principle, the pre-recorded device management execution unit determines the device management to be executed in advance according to the pre-recorded first device management event that has accumulated in the pre-recorded event storage unit. function. According to the invention, when a change in the state of the device in which the device management event cannot be detected occurs, it is referred to by the event storage unit that the device state is in the second state. The first device management event, the device management function executed when the device state is restored to the first state, performs the device management function corresponding to the first device management event that occurred during the period, and thus is configured as described above. The device management function that should be performed during the period becomes executable, and the device state can be restored more correctly. In the first aspect of the present invention, the pre-record event storage unit may change the first device management event to a plurality of first device management events. According to the invention, the event storage unit that accumulates the first device management event that occurred during the period in which the device state is in the second state understands the meaning of the accumulated first device management event, and The first device management event is converted into other -12-1357558 first device management events having the same meaning. Because of this configuration, the first device management event accumulated in the event pool is summarized and converted. In the case of fewer device management events, the cost of storing the first device management event and the execution cost of the device management function when the device state is restored can be deleted. In the first aspect of the present invention, the pre-recorded device state may be a management state before transitioning from the first state to the second state, and the device state may be transitioned from the second state to the first state. When there is a change between the management status before the status, the pre-recorded device management execution unit executes the third device management function. According to the invention, when the device state is changed from the second state to the first state, the third device management function can be executed only when the management state is changed in the second state, and the execution of the device management function can be reduced. cost. In the first aspect of the present invention, the first state may be a state in which the management of the preceding device is performed, and the second state is a state in which the management of the preceding device is not possible. . According to the invention, in the special equipment state where normal equipment management is difficult, special equipment management principles can be set, and special equipment management for the equipment state can be performed. As described above, according to the present invention, it is possible to provide a device management apparatus which can prevent the illegitimate or poor monitoring during the period in which the device management is not properly performed, and can be restored to a condition in which the device management can be appropriately performed. , as soon as possible to restore the original state of the equipment. [Embodiment] (Configuration of the device management device according to the first embodiment of the present invention) The configuration of the device management device 1000 according to the first embodiment of the present invention will be described with reference to Figs. 1 to 6 . The device management device 1000 according to the embodiment is a portable device (such as a mobile terminal) that is portable and can be connected to a network such as a smart phone or a PDA or a notebook PC, and can manage a group (enterprise management). The device (that is, the device management device) that can perform the predetermined management (hereinafter referred to as device management) of the device when the state or setting of the device is grasped. Specifically, the device management apparatus 1 according to the present embodiment detects the device management event 2100 and executes the device management function 2300 in accordance with the device management principle 2200. Further, the device management device 100 is configured to forcibly execute a special device management function to monitor and prevent the device when the device management cannot be appropriately performed due to the state of the device or the situation around the device. Improper or ill-conceived situations can be restored to the original state of equipment management when the situation of equipment management cannot be properly reduced to a condition that can be properly managed. In the present embodiment, the "management management unit" performs the so-called "equipment management" in order to manage the use of the external recording medium (mini SD card, etc.) in the staff device 20, with reference to FIG. 1 and FIG. The case of collecting the access log from the device 20 to the external recording medium 1 is inconsistent with the fact that -14-1357558 - the network 300 is cut off midway, or the DM server 10 is down. The situation when the device is managed. Here, in the present embodiment, it is assumed that a Smart-Phone is used as the device. * An example in which the above device management is appropriately performed will be described with reference to Fig. 1 . - In the above example, the enterprise management department collects the log of the access by the device 20 to the φ external recording medium 100 by using the owned DM server 1 in order to perform device management of the device 20. Here, the device 20 held by the employee is provided with a client software (ie, a DM agent) that instructs the DM server to use the device management function 100, at a certain time, or when a specific service is performed. 'Monitoring the monitoring function (device management function) 32 for monitoring the access to the external recording medium 100 and obtaining the history (access log), and reporting to the DM server 10 via the network 00 (the cellular network line or the wireless LAN) Reporting function of access log (device management function) 3 3. # Next, an example in which the above device management cannot be performed appropriately will be described with reference to Fig. 2'. In Fig. 2, as an example, it is shown that the D Μ server ' 10 is down or the network 00 is disconnected, and the device 20 cannot access the DM server 10 . Report the report access log appropriately.  Example of function (device management function) 3 3 o'clock. In this case, the device management device 10 is forbidden (locked) access to the external iS recording medium 100 to prevent improper handling or bad conditions. Specifically, within the device 20, the device management device 1-15-1357558 interrupts the monitoring function for monitoring and collecting access logs (device management function) 32, or reporting the reporting function of the access log (device The management function 33 executes 'and then performs a lock function (device management function) that locks the access of the external recording medium 100. Then, in the present embodiment, when the DM server is restored or the network 30 is restored from the device state shown in FIG. 2, it becomes a report function (device management function) 33 that can appropriately execute the access log report. In the case, it is restored to the normal device management state shown in Fig. 1 (the state of collecting and reporting the access log to the external recording medium). The configuration of the device management apparatus 1A that realizes the above case will be described below. As shown in Fig. 3, the device management apparatus includes an event detecting unit 11a, a principle management unit 1200, a state setting unit 1300, and a device management executing unit 1400. The event detecting unit 1 1 0 0 is configured to detect a specific device management event. Specifically, the 'event detecting unit i detects the occurrence of the device management event 2 100' for the detected device management event 2 10 〇 belongs to the first device management event 2110 ′ or belongs to the second device management. The event 2120 is determined by the third device management event 2130, and the status setting unit 13 or the device management execution unit 14 communicates the detected device management event 2100 as determined. Here, the '1st device management event 2110' is an ordinary event that considers the start of a general device management function as an opportunity, for example, -16 - 1357558 access to an external device, or from a contactless 1C Signals from cards (FeliCa, etc.), notifications from timers, etc. The second device management event 2120 is an event when the status of the situation in which the device management cannot be properly managed is changed as an event, and is determined to be, for example, a network disconnection, or a DM server, or a power cut of the device. In addition, the third device management event 2130 is an event in which recovery to an appropriate device management status is considered as an event, and is intended to be, for example, a good network quality or a recovery of the DM server. The power of the device is turned on. For example, the event detecting unit 1 1 determines that the device management event 2100 that is detected belongs to the first and even by using a list of device management events to which the respective devices manage events 2 1 1 0 to 2 1 3 0 . The third device manages which of the events 2110 and 2130. FIG. 4 illustrates an example of a list of device management events (first event list) to which the first device management event 2110 belongs, and FIG. 5 illustrates a list of device management events to which the second device management event 212 belongs. (Example of the second event list), an example of the list of device management events (third event list) to which the third device management event 213 is located is illustrated in FIG. For example, a notification from a timer or a disconnection from an external recording interface due to access to the external recording medium 100 is handled as an i-th device management event. Further, for example, the network disconnection or the DM server 1 当 is -17-1357558. It is treated as the second device management event 2120. Further, for example, the recovery of the network or the restoration of the DM server 1 is handled as the third device management event 2130. The event detection unit 1 1 0 0 detects the disconnection of the network or the recovery of the network by detecting a disconnection from the network interface. .  Further, the event detecting unit 1100 can detect whether or not the D Μ server φ 1 当 is down by a notification sent by the reporting function 3 3 in communication with the DM server 10. Further, the event detecting unit 1 1 〇 〇 can detect whether the DM server is restored by the notification from the event detecting unit 1 1 〇 。. As will be described later, when the device state is in the "first state (the state in which device management is appropriate)", the event detecting unit 11 00 detects the first device management event 2110 or the third device management event 2130. The intention is to notify the device management execution unit 1400; if the second device management event 2120 is detected, the notification is notified to the status setting unit 1300. • Similarly, when the device status is in the “second state (the state in which it is difficult to properly manage the device)”, the event detecting unit 1 100 detects the first device management event 2110 or the second device management event. 2120' Then: The device management execution unit 1400 is notified of the intention: if the third device management is detected.  The event 2130 is notified to the state setting unit 1300. Here, the "first state" is a state in which the device 20 can be managed (device management), and the "second state" is a state in which it is difficult for the device 20 to perform device management. The state setting unit 1 300 is configured to respond to the detection result of the specific device management event caused by the event detecting unit -18-1357558 11 〇 来. Referring to Fig. 7, when the status of the device set by the state setting unit i 3 〇〇 is described as "the first state", the event 100 detects the first device management event 2110 or the third. In the case of the equipment pipe 2 1 3 0, the state setting unit 1 3 does not change the device state "first state". Further, the device state is in the "first state (normal time)". The event detecting unit 1 100 detects the second device management event 2 1 20. The state setting unit 1 3 00 changes the device state to the "second state". On the other hand, when the device status is in the "second state", the device detecting unit 1 1 detects the first device management event 2 1 1 0 or the management event 2 1 20 Then, the state setting unit 1 3 00 maintains the state in the "second state". When the device state is in the "second state", when the event 1100 detects the third device management event 2130, the state 1 300 changes the device state to the "first state". In addition, the device status may be in the "first state, and the event detecting unit 1 1 detects that the second device management event 2 1 20 has not detected the first device management event 2 for a certain period of time. 1 1 0, the status setting unit 1 3 00 sets the device status to "When the device status detection status event is maintained, the DM does not, and the device 2 device detection settings are set. In the case of the "part 2" -19 - 1357558, the principle management unit 1200 is configured to comply with the state setting unit 1 3 0 from the plurality of device management principles 2200 that specify the device management function. Set the device management principle to be used by setting the device status of 0 and the detection result of the specific device management event caused by the event detection unit 1丨0〇. The principle management unit 1200 notifies the device management execution unit 1 400 of the device management principle selected to be the device management principle to be used. When the device status is in the "first state", the principle management unit 12000 uses the first device management principle 2210 to set (select) the device management principle to be used; when the device state is in the "second state" In the case of the principle management unit 1200, the second device management principle 2220 is set (selected) as the device management principle to be used. For example, when the device state is in the "first state", when the event detecting unit 1 1 1 detects the second device management event 2 1 20, the state setting unit Π 30 sets the device state to " In the second state, the principle management unit 1 200 sets the second state device management principle (second device management principle) as the device management principle to be used. Here, the device management principle 2200 is a principle for specifying the device management function to be executed on the device management execution unit 1 400. Specifically, the first device management principle 2210 instructs the first device management function 2 3 1 0 to be executed when the first device management event 2110 or the third device management event 2130 is detected. On the other hand, the second device management principle 2220 is used to indicate that the second device management function is executed when the first device management event 2 1 1 0 or the second device management event 2 1 2 0 -20 - 1357558 is detected. 23 20, the principle of the third device management function 2330 is executed when the third device management event 2130 is detected. Further, the principle management unit 1 200 may be configured to download the device management principle 2200 from the DM server 10, or may be configured to copy the device management principle 2200 from a smart card or the like issued by the enterprise management department, or may be configured. In order to utilize the device management principle 2200 that is pre-held when the device 20 is shipped. The device management execution unit 1400 is configured to perform the predetermined management (device management) of the device 20 by executing the device management function 23 00 provided in the device 20. Specifically, the device management execution unit 1400 is configured to detect the specific device management event 2 00 caused by the event detecting unit 1 1 和 and the state setting unit 1 300 The device status determines the device management function that should be performed 23 00. In detail, the device management execution unit 14 is configured to determine the device management function 2 3 00 specified by the "device management principle 2200 to be used" set by the principle management unit 1 200. Device Management Function 2 3 0 0 » In addition, the device management execution unit 1400 may be configured to respond to the detection result of the specific device management event 2 1 00 caused by the event detecting unit 1 1 ,, The device management function 2300 specified by the "Device Management Principle 2200 to be used" set by the principle management unit 1 200 is determined as the device management function 23 to be executed. For example, the device management execution unit 1400 is configured to execute the first device management event or the second device management event 2120 when the device state-21 - 1357558 state is in the "second state". 2 The device management device 2220 specifies the second device management function 2320. Further, the device management execution unit 1400 is configured to execute the device management function specified by the second device management principle 2220 when the device is in the "second state" and the third device management event is detected. 2330. In the present embodiment, the first management function 23 1 0 (normal time) of the device management execution unit 1 400 performs the access and collection access of the external recording medium 100 by executing the monitoring function 32, and simultaneously executes The report function 3 3 accesses the log to the DM server 10, and the second device management function of the device management execution unit 1 400 (when the state changes) is performed by executing the lock function 3 1, The access function (specific function) of the recorded media is locked (making it unusable). Further, the third device management function of the device management execution unit 1400 (when the state is restored) is performed by the lock function 31 to unlock the access function of the external recording medium 100 (so that the external recording medium is released). The access function of 100 becomes usable). Further, not only in the case of the present embodiment, the device management module 1 400 executes the lock function 31 to lock the storage of the external recording medium, and it is also considered to prevent the confidential stream of the enterprise. By performing the second device management function (protecting the device 20, 2, 110, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 5, 558, 558, The function of the information) 2320 is to encrypt the confidential document 'in the case of performing the backup management function (the 2 3 3 0 that restores the specific information in the device 20 to decrypt the encrypted confidential document.) For example, the second device management function 23 20 is a function that encrypts all the flags (or designated parts) indicating that this is a confidential document, and encrypts them using 3DES or RSA. 3 Device management function 23 30 is a machine that decrypts a specific document based on a list of documents to be encrypted, and the second device management function 2 3 2 0 can also use a confidential document for the use of the system. In the case where the attribute is set to "reject" (the function of the information), and the third device management function 23 3 0 also accesses the attribute to the "permitted" function (the specific information is functional). When the device status changes to the "second state", the device management function 2320 already stores the access to the confidential document. Therefore, the access attribute of the confidential document is set to "reject", and the management function acquires the accumulated confidential document. The appropriate storage and restore of the access attribute. Here, when the device status is in the "1st state", when the measuring unit 1 1 1 〇 detects the first device management event 2 1 1 0 or 3 When the event 2130 is set, the device management execution unit 1400 executes the first device management device, and the first device management device, which is set by the device management principle, uses the first device management principle. ) Can also be used for the algorithm of the paper to carry it. The file system protection feature can be used to restore the attribute, 3 device attribute event event management as the original IJ (computer function -23- 1357558 2310 °, and the device status is in the "1st state", when When the event detecting unit 1 1 1 detects that the second device management event 2 1 2 0 0, the device management execution unit 1 400 executes the second state device management principle set as the device management principle to be used. The second device management function 2320 specified in the second device management principle 2220. (Operation of the device management device according to the first embodiment of the present invention) The first aspect of the present invention will be described with reference to Figs. 8 to 1 . The operation of the device management device 1000 according to the embodiment. First, the operation of the event detecting unit 1100 of the device management device 1000 according to the present embodiment will be described with reference to Fig. 8. As shown in Fig. 8, in step s 1001. The event detecting unit 1 100 first reads an event list for distinguishing which device management event 2100 belongs to the first or third device management event. Here, the event list includes, and the second item is listed. Equipment tube The second event list of the event and the third event list listing the third device management event. In step S1 002, the event detecting unit Π00 obtains the current device state. In steps S1003 to S1005 (event waiting loop) The event detection unit 一直 has been waiting for the arrival of the device management event until the end of the device management. -24- 1357558 The event detection unit 11 1 ο, once the device management event is detected, the step is In S 1 006, it is checked whether the current device status is in the "1st state." When it is determined that the current device status is in the "1st state", the event detecting unit 1 1 1 is in the step S 1 0 1 1 In S1 0 1 3, it is checked whether there is a detected device management event in the second event list by using the second event list. The event detecting unit 11 1 0 determines that the device management event is present in the second event. In the list, in step S1014, the fact that the device management event has arrived is notified to the state setting unit 1300, and the process returns to step S1 0 0 5. On the other hand, the event detecting unit 1 1 1 0 Judging device management If the device does not exist in the second event list, the device management execution unit 1 400 is notified of the fact that the device management event has arrived in step S1031, and the process returns to step S1 005. On the other hand, in step S1006, When it is determined that the current device state is not in the "first state" (that is, in the "second state"), the event detecting unit 1 1 1 0 is in the steps S 1 0 2 1 to S 1 0 2 3 Using the third event list, check if there is a detected device management event in the third event list. The event detecting unit 1 1 1 通知, when it is determined that the device management event exists in the third event list, in step s 1 024, the fact that the device management event has arrived is notified to the state setting unit 1 300, and the process returns to the step S 1 005. On the other hand, the event detecting unit 1 1 1 0, when it is determined that the device management event does not exist in the third event list, in step S1031, the fact that the -25-1357558 standby management event has arrived is notified to The device management execution unit 1400 returns to step S1005. Here, the event detecting unit π 1 〇 is in the event waiting loop, and when the end of the device management is detected, the processing ends. Here, the event detecting unit 1 1 0 may be configured to detect the third device management event in a certain period of time when the second device management event is detected in the step s 1 0 1 2, Then, the process of step S1014 is performed. As a result, the processing efficiency of the entire facility management apparatus 1000 can be improved. For example, when the device 20 is passing through the tunnel, and the network quality deteriorates in a few seconds, and then the network quality is immediately restored, do not move the device state to the "second state", but maintain the " 1 state is unchanged, and processing is not too long. Secondly, the operation of the state setting unit 1 300 of the facility management device 1000 according to the present embodiment will be described with reference to Fig. 9'. As shown in Fig. 9, in step S1101, the state setting unit 1300 acquires the current device state. In addition, in the initial state, it is assumed that the device status is "first state". In steps S1 102 to S1 104 (input wait loop), the status setting unit 1 300 waits for notification from the event detecting unit 1 1 . When the state setting unit 1300 is detecting the event detecting unit 11 〇 , the state setting unit 1 1 checks whether the current device state is in the "first state" in step S1105. When the current device state is in the "first state", the state setting unit 1 300 sets the device state to "the second state -26 - 1357558 state" in step S1106. On the other hand, if the current device state is in the "second state", the state setting unit 1300 sets the device state to the "first state" in step S1107. In step S1 1 08, the state setting unit 1 3 00 notifies the event detecting unit 11 and the principle management unit 1200 of the device state set in step S1 106 or S1 107, and returns to the step. S1104. Here, the state setting unit 1300 is in the input waiting loop, and when the end of the device management is detected, the operation is terminated. Third, the operation of the principle management unit 1200 of the facility management device 1A according to the present embodiment will be described with reference to Fig. 1A. As shown in Fig. 10, in the steps S1201 to S1203 (principle change loop), the principle management unit 1 200 waits for the notification from the state setting unit 1 300. When the principle management unit 12000 detects the notification from the status setting unit 1 3 0 ,, the current device status is read in step S 1 2〇4, and in step S1 2 05, the check is performed. If the current device status is in the "first state", if the current device status is in the "first state", the principle management unit 1200 selects (sets) the first device management principle as the response in step S12. Equipment management principles used. On the other hand, if the device state is in the "second state", the principle management unit 1200 selects (sets) the second device management principle as the device management principle to be used in step S12〇6. -27- 1357558 In step S122, the principle management unit 1 200 notifies the device management execution unit 1400 of the device management principle selected (set) in step S1206 or S1 208, and returns to step S1203. In addition, the principle management unit 1 2 0 〇 is in the principle change loop, and when the end of the device management is detected, the processing ends. Fourth, the operation of the device management execution unit 1400 of the facility management device 1000 according to the present embodiment will be described with reference to Fig. 1 . As shown in FIG. 11, in step S1301, the device management execution unit 1400 acquires the device management principle selected by the principle management unit 1200 (that is, the principle management unit 1 200 sets the device management principle to be used. Equipment management principles). Here, in the device management principle, the first device management principle 22 1 0 that should be used in the normal time (that is, in the first state), and the state in which the device management cannot be properly performed (that is, in the second state) ) The second equipment management principle that should be used. In step S1301, it is assumed that the device management execution unit 1400 acquires the first device management principle 22 1 0 belonging to the initial state. In steps S1302 to S1305 (event waiting for return), the device management execution unit 1 400 waits for notification from the principle management unit 1 200 or the event detecting unit 1 1 0 0 . When the device management execution unit 1400 detects the notification from the principle management unit 1200 in step S13 3, the device management principle is obtained in accordance with the notification in step S1311, and then returns to the step. S 1 304 ° -28- 1357558 The device management execution unit 1 400, in step S丨3 〇4, detects the notification from the event detecting unit 11〇〇, then in step S1 306, in accordance with The notification from the event detecting unit selects the device management function to be executed, and returns to step S1 305 after performing the selected device management function in step S1307. Further, the device management execution unit 14 is in the event waiting loop, and when the end of the device management is detected, the processing ends. Fifth, the overall operation of the facility management device 1000 according to the present embodiment will be described with reference to Figs. 1 and 2 . In addition, it is assumed that the initial state of the device state is "first state". In step A1, the event detecting unit 1 1 detects that the pre-giving time (notification from the timer) has been reached, and understands that the fact that the first device management event 2110 has occurred, the device management The execution unit 14〇〇 notifies that the first device management event has been detected. In the step A2, the device management execution unit 1400 executes the first device management function 2210 in accordance with the first device management principle 2210 set in advance by the principle management unit 1200, and monitors the external record every certain period of time. The monitoring function 32 for collecting the access log and the reporting function 33 for reporting the access log to the DMf server 10 are accessed by the media. In step A3, if the predetermined time has elapsed, the device management execution unit 1 400 stops the execution of the first device management function 2310 (monitoring function 32 and reporting function 3 3). In step A4, the event detecting unit 1 1 detects that the network disconnection has occurred, and the second device management event 212 understands the fact that the occurrence has occurred -29-1357558, and the state setting unit 1 3 00, the notification has detected the meaning of the second device management event. In the step A5, the state setting unit 13 sets the device state to the "second state", and notifies the event detecting unit 1100 and the principle managing unit 1 200 of the device state. In the step A6, the principle management unit 1200 selects the second device management principle 2220 as the device management principle to be used, and notifies the device management execution unit 1 400 of the intention. In the event that the event detecting unit 1 100 notifies the device management execution unit 1 400 of the fact that the first device management event 2110 and the second device management event 2120 have been detected, the device management execution unit 1400 follows the second device. The management principle 2220, as the second device management function 2320, is a lock function 31 that performs locking access to the external recording medium 100. In step A7, the event detecting unit 1 1 detects that the third device management event 2 1 3 0 is detected, and the state setting unit 1 300 and the device management executing unit 1 400 are detected. The notification has been detected to the third device management event 2 1 3 0. Here, since it is possible to attempt to access the network from the device 20, it is possible to detect the recovery of the network of the cellular network or the wireless LAN. In the step A8, the device management execution unit 1400 functions as the third device management function 2330 in accordance with the second device management function 2320, and performs the locking function for releasing the lock for accessing the external recording medium 1 3 1® In the step A9, the state setting unit 1 3 00 sets the device state, -30 - 1100 1357558 to the "first state", and notifies the event detecting unit and the principle management unit 1200 of the intention. In step A10, the principle management unit 1200 selects (the first device management principle 2210 is used as the device management original to be used and notifies the device management execution unit 1400 of the device management. The event detection unit 1 When the notification of the first device event 2110 and the third device management event 2130 is notified to the setting execution unit 1 1 400, the device management execution unit 1 400 is determined as the device management principle to be used. The first device management principle executes the first device management function. As described above, when the device state is in the "second shape", when the event detecting unit 1 100 detects the third device management event, In the device management execution unit 1400, after the third device management function specified by the device management principle (device management principle) 2220 of the second state set for the device management principle to be used, the state setting unit 1 is executed. The 300 system sets the device status to "1st j: principle management unit 1 200, which sets the first state device management principle 1 device management principle) 22 1 0 to be used as a management principle to be used. According to the device management device according to the first embodiment of the present invention, the state setting unit 1300 is configured in accordance with the event detecting unit 1100 according to the device management 1 000 according to the first embodiment of the present invention. The management reserve is set, and the state 2130 is regarded as the 2 23 3 0 state (the device action device -31 - 1357558, the device management event 2100 (the 1st to the 3rd device management event 2110 or even 2130) As a result of the measurement, various device states (first state or second state) are set, and the device management execution unit 14 can perform various devices corresponding to the device management principle 2200 in accordance with the device state described. Management (using remote monitoring of the DM agent).  According to the device management device 1 00 according to the first embodiment of the present invention, the device management function 2300 (first to second) executed before the change φ of the device state (the first state or the second state) is considered. The device management function 23 10 or 23 3 0 ) and the changed device state (the first state or the second state) perform flexible device management. According to the device management apparatus 1 of the first embodiment of the present invention, the device management execution unit 1 is executable, and is compliant with the device management principle 2200 that is responsive to the migration of the detected device state. Device management function 23〇0 (1st to 2nd device management function 2310 or 23 3 0) » φ According to the device management device 1000 according to the first embodiment of the present invention, when the device management event has been detected The 2100 is a device that can reduce the battery power 'reduction or network disconnection'. It can be ignored in devices such as mobile terminals* 20, which are prone to temporary battery power reduction or network disconnection. _ Management event 2100, The cost of equipment management can be reduced. According to the device management apparatus 1 0 0 0 according to the first embodiment of the present invention, for example, in the state of the device in which the execution of the device management function is significantly restricted, by protecting specific information (for example, confidential documents), It is possible to prevent the flow of information from the device 20 out. -32- 1357558 According to the device management device 1000 according to the first embodiment of the present invention, the device state is restored from the second state to the first state by detecting the third device management event 2 1 3 0 0 First, the third device management function 23 3 0 according to the second device management principle 2220 set at this time is executed, and then the device state is set to the original state, because it is configured to be 'so before the device state is restored, A special device management function (a function of making access to the external recording medium 100 or a function of decrypting a confidential document, etc.) required to restore the device state to the first state can be performed. According to the device management apparatus 1 000 according to the first embodiment of the present invention, specific information (e.g., confidential information) that cannot be accessed due to a change in the state of the device can be made accessible again. According to the device management device 1000 according to the first embodiment of the present invention, a special device management principle 2300 can be set in a special device state (second state) in which normal device management is difficult to perform, and the special device management principle 2300 can be executed. Special device management for device status. According to the device management apparatus 1000 according to the first embodiment of the present invention, for example, in a device state (second state) in which execution of the device management function 23 00 is significantly restricted, by performing a specific function (for example, The access function to the external recording medium can be prevented from being used, and misconduct or bad conditions can be prevented. (Equipment management device according to the second embodiment) A device management device of -33-1357558 according to the second embodiment of the present invention is 1 000 or less, and the second aspect of the present invention will be described with reference to Figs. The device management device 1 000 according to the embodiment will be described with a focus on differences from the device management device 1 described in the above-described third embodiment. The configuration of the device management device 1 according to the present embodiment is the same as the configuration of the device management device 1000 according to the first embodiment. However, the present embodiment is as shown in FIG. The event storage unit 2400 is provided inside or outside the device 1 of the device 1 and has such a feature. The event storage unit 2400 is configured to accumulate the first device management event 2 1 1 0 detected by the event detecting unit 1 1 when the device state is in the "second state". The first accumulated in the event storage unit 2 4 0 0! The device management event 2 1 1 0 ' is used when the device state of the device management device 1 000 is correctly restored from the "second state" to the "first state". In the present embodiment, it is assumed that, as shown in Figs. 13 and 14 , the device 20 is a built-in non-contact 1C card 400, and the staff member uses the non-contact 1C card 400 to utilize each office system. Specifically, the non-contact 1C card 400 according to the present embodiment is provided with an entry and exit function 410 for managing the entrance and exit room of the office, and a login function 420 for the PC. The staff member uses the non-contact 1C card 400 to the card reader 400A (e.g., a FeliCa card reader) to enable the entry and exit function 410 and the login function 42 0 to function. That is, the staff member can enter the office by placing the contactless 1C card 400 in the office into the card reader 400A prepared at the mouth of -34-1357558, by placing the non-contact 1C card 400 at the office exit. The prepared card reader 400A can be taken out of the office. Further, the staff member can log in to the PC by placing the non-contact 1C card 400 in the card reader 400A provided in the PC. Then, assuming that the entry and exit function 4 1 0 and the login function 420 are in accordance with the following rules, they cooperate with each other. • Based on the fact that the employee enters the office, the login function of the PC becomes valid (usable). • When the employee leaves the room from the office, the login function 420 to the PC becomes invalid (not available). • Only when the PC is allowed to be used outside the office, will the employee's login function 420 be valid via the server after the employee has left the room. • The above-mentioned non-contact 1C card login function is validated/invalidated by the DM server 10. Here, the login function 420, as described above, may become usable or unusable as the user enters or exits the office (specific conditions) of the office, for example, is responsible for deciding whether or not to log in to the PC, which is equivalent to the first The role of device management functions. Referring to Fig. 13 and Fig. 14, a system for realizing the device management (enterprise management and login management) using the device management device 100 described in the present embodiment will be described. Specifically, the system includes an in-contact 1C card 400, an in-35-1357558 retiring function 410, a login function 420, a device management device 1A, and an event to notify the DM server 10 of the entry and exit event. The notification function 34 causes the login function 420 to become active (usable) or invalidated (unusable) DM server 10 along with the notification. When the employee enters the office and the non-contact 1C card 400 is placed in the card reader 400A, the device management device 1000 detects the entry event through the entrance and exit function 410. The device management device 1 initiates (executes) the event notification function 3 4 to notify the DM server 10 of the detected event of entering the room, along with the detection of the event. The DM server 10 enables the login function 420 to be activated, making it possible to log in to the PC in the office. Further, when the employee exits from the office and the non-contact 1C card 40 is placed in the card reader 400A, the DM server 10 is notified of the exit event as in the case of entering the room. The DM server 10 determines whether or not the user of the device, that is, the employee, is permitted to use the PC outside the office. If there is permission, the login function is activated. If the above processing is performed normally, the PC should not be used outside the office except for the legitimate user. However, as described above, there is a case where device management cannot be performed properly. The situation is assumed to be, for example, the situation shown in FIG. In the example, it is assumed that the DM agent 30 itself cannot detect the event of entering or leaving the room due to power failure of the device or the like. In general, the non-contact-36-1357558 1C card 400 provided in the device 20 such as the mobile terminal is operated by weak power, so even if the power of the device 2 is turned off, the non-contact 1C The entrance/exit room function 410 or the login function 420 provided in the card 400 is usable. However, at the same time, in this state, since the software on the device 20, that is, the DM agent 30, cannot be operated, the event detecting function for notifying the DM server 10 of the entrance and exit event is not operable. When the user enters the office and cuts off the power of the device 20, the login function 420 may remain invalidated, and the user may leave the room from the office. In order to prevent such a situation, for example, when the power of the device 20 is cut off by long pressing the power button provided in the device, the device management device 1 detects that the device 20 is powered off. The event is notified by the event detection function 34 to the DM server 10, and the login function 420 is invalidated by the DM server 10. As a result, even when the user is disconnected from the office while the power of the device 20 is turned off, the PC cannot be used outside the office without the login function 420 being activated. The case where the power of the device 20 is cut off by unplugging the battery is not considered here. Although it is difficult for the device management device 1 to detect such an event, the non-contact 1C card 400 itself does not operate in the absence of a battery, so it is impossible to enter or leave the room or log in itself, outside the office. The misuse of using a PC does not exist. Then, as described above, considering the fact that the login function 420 is forcibly invalidated and the power of the device 20 is turned off, the power of the device 20 is turned on again - 37-1357558 *. In the case where the user is permitted to use the PC both in the office or outside the office, the login function 420 must be made effective. • Also, if you are not allowed to use a PC outside the office, • The login function 420 must be kept invalid. As described above, in order to achieve the restoration to the normal state, in the present embodiment, φ is assumed to be provided inside the device 20 or outside the device 20, and is provided with an event storage unit 2400 for detecting and accumulating the power supply of the device 20. The incident of entering and leaving the room during the break. For example, the entrance and exit function 420 may include the event storage unit 2400 described above. As described above, even when the device 20 is powered off, the non-contact 1C card 400 and the entrance/exit function 420 are operable. Therefore, if the event storage unit 2400 is provided in the room-returning function 420, the device 20 can be powered off. The incidents of entering and leaving the room are accumulated. # However, in the present embodiment, since the user is in a state of entering the office or leaving the office, the event storage unit 2400 is configured to reset the event. • Discard the previously accumulated incidents. Further, in the same manner, the event storage unit 2400 is configured to discard the previously released event of the room when the event is accumulated. Furthermore, when the power of the device 20 is turned on, the device management device 1000 detects the intention, and executes the event notification function 34 based on the entry and exit event accumulated in the event storage unit 2400, so that the device 20 can be restored. 38- 1357558 • Normal status. Here, FIG. 15 to FIG. 17 illustrate a list of the first to third device management events detected by the event detecting unit 1100 according to the present embodiment. • The setting in the first device management event 2110 is illustrated in FIG.  An example of a list of management events (the _1 event list), and an example of the φ list (second event list) of the device management event to which the second device management event 21 2〇 belongs is illustrated in FIG. An example of a list of device management events (third event list) to which the third device management event 213 is located is exemplified. In the present embodiment, when the device management event (device power-off) of "ID=0" in the second event list occurs, the state setting unit 1300 changes the device state to the "second state"; when the third event When the device management event (device power-on) of "ID = 0" occurs in the list, the state setting unit 1300 restores the device state to the "first state". φ Here, in the present embodiment, the "first state" is a state in which the device 20 is normally operated, and the "second state" is a power-off state of the device 20 (cannot be detected by the event detecting unit 1 1 0 0) Measure the status of device management event 2 1 0 0). Further, in the present embodiment, the "first device management event 21 1 0" is an entry and exit event, and the "second device management event 2120" is an event for long-pressing the power button to cut off the power supply, and "the third device" Management Event 2130 is the power to the device. Furthermore, in the present embodiment, "the first device management function 2310" -39 - 1357558 .  The DM server 10 is notified of the entrance and exit event, and the "second device function 2320" is to notify the DM server 10 that the device 20 is powered off, and the device management function 2 3 3 0" is accumulated in the event storage unit 2400. Notification of the DM server 10 of the entry and exit event. Then, the "1st Equipment Management Principle 22 1 0" is a regulation.  When the event of entering or leaving the room is detected, the DM server 1 is notified of the intention: 2 Device Management Principle 2220 stipulates that the power failure of the device 20 is to be notified to the φ server and the accumulated time during the power-off of the device 20 Leave the room to notify the DM server. By performing the above-described replacement and the device management apparatus 100 00 operates in the same manner as in the first embodiment, the system of the present embodiment can be realized. Here, in the present embodiment, the event pooling unit 2400 may summarize the plurality of first device management events 2 1 1 0 into other first device management events 2110. φ For example, the event storage unit 2400 may be configured such that when the first device management event 2110 is stored in the first device management 2 1 1 0 system, the "entry event + exit event + room entry event" is performed. .  These first device management events 2 1 1 0 are summarized as "entry room J 0. According to the device management 1 000 according to the second embodiment of the present invention, for example, when the first device management function 2310 is In the case of the situation (the user's office entrance and exit room status), it becomes a restriction function (login function) that can be made unusable, and the "the remaining ISM" is managed. The multi-event event can be used for the event device, and -40-1357558 becomes the device state in which the first device management function 23 10 cannot be executed (2^ Μ } The specific situation described above cannot be detected (the user's office entrance and exit status) When the first device management function 2310 (login@@) is not available, it can be maintained in the state of the most severely restricted device management. The device according to the second embodiment of the present invention The management device 1 000 ′ is the event storage unit 24 that accumulates the first device management event 2110 that has occurred during the second state, and understands that the device is accumulated. The first device manages the meaning of the event 211, and converts the set of the first device management event 2110 ("entry event + exit event + entry event") into another first device management event 2 1 1 having the same meaning. Since 0 ("entry event") is configured as described above, the first device management event 211 积 accumulated in the event pooling unit 2400 can be summarized and converted into a smaller number of first device management events 211, which can be deleted. The storage cost of the first device management event 2110 and the execution cost of the device management function 2300 at the time of device state restoration are reduced. (Device management device according to the third embodiment) Referring to FIG. 18 to FIG. 3. The device management device 1 according to the third embodiment of the present invention, and the device management device 1000 according to the third embodiment of the present invention is focused on the device management device 1 according to the first or second embodiment. In the second embodiment, in the second embodiment, the "second state" is used to disconnect the power of the device 2, but the state of the DM server 1 is used. 4 1 - 1357558 The difference between the present embodiment and the second embodiment is that the device management device 1000 is provided with an event storage unit 10 for accumulating an entrance and exit event occurring in the DM server 10. Referring to Fig. 19, the operation of the DM server 10 and the operation at the time of recovery will be described. In the DM server 10, both the device management device 1 and the non-contact 1C card 400 operate normally, but the DM servo The device 10 is down, so even if an entry/exit event occurs, the device management device 1 cannot notify the DM server 1 of the entry and exit event by executing the event notification function 34. In this case, since the employee (user) cannot leave the login function 420 unusable when exiting from the office, as in the case of the second embodiment, it is necessary that the staff member has entered the office and is still in the office. The login function 420 must be rendered unusable to prevent improper use of the PC outside the office, but in the event that the DM server 10 is down, the process is simply not possible. Therefore, when the DM server 10 is down, the device management device 1 activates the device invalidation function 35, invalidating the non-contact 1C card 400 itself, and invalidating the login function 420. For example, the use of the non-contact 1C card 400 by the setting of the device 20, or the deletion of the corresponding device driver from the OS, etc., can invalidate the login function 420. Further, the event storage unit 1110 in the device management apparatus 1 stores the event of the entrance and exit that occurred in the DM server 10, and becomes an executable device if the -42-1357558 DM server is restored. When the status of the function 2300 is managed, the related device management function 2300 is executed to restore the normal device status. Here, FIG. 15 to FIG. 17 illustrate a list of the first to third device management events detected by the event detecting unit 1 100 described in the present embodiment. FIG. 15 illustrates an example of a list of device management events (i-th event list) to which the first device management event 2110 belongs, and FIG. 16 illustrates a list of device management events to which the second device management event 2120 belongs ( As an example of the second event list, FIG. 17 illustrates an example of a list of device management events (third event list) to which the third device management event 213 is located. In the present embodiment, when the device management event (DM server is down) of "ID = 1" in the second event list occurs, the state setting unit 1300 changes the device state to the "second state"; When the device management event (DM server recovery) of "ID=1" occurs in the third event list, the status setting unit 1 3 00 restores the device status to the "third state". Here, in this embodiment The "first state" is the state in which the device 20 is operating normally, and the "second state" is the state in which the DM server 10 is down. Further, in the present embodiment, the "first device management event 2 1 1 0" is an entry and exit event, and the "second device management event 2120" is an event for notifying that the DM server 10 has been down. "3rd Device Management - 43 - 1357558 Event 2 1 3 Ο" is an event to notify the fact that DM Server 1 has been restored. The notification can be implemented by a push function such as SMS (Short Message Service). In addition, the "first device management function 2310" is to notify the DM server 10 of the entrance and exit event, and the "second device management function 23 20" is to notify the DM server 10 that the device 20 is powered off, "the third device management" The function 2 3 3 0" is a notification of the DM server 10 of the entry and exit event accumulated in the event pooling unit 2400. In this way, the "third device management function 23 3 0" includes at least the device management function for the entry and exit event (the first device management event) accumulated in the event storage unit 2400. Specifically, the "third device management function 2330" is included in the "second state", and the event of the entrance and exit room accumulated in the event storage unit 2400 as the first device management event is restored to "first". After the status, the device management function for the first device management event is notified (uploaded) to the DM server. Furthermore, in the present embodiment, the "first device management function 23 1 0" is to notify the DM server 10 of the entrance and exit event, and the "second device management function 23 20" is caused by the device invalidation function 35. In the invalidation of the non-contact 1C card 400, the "third device management function 2330" notifies the DM server 10 of the entry and exit event accumulated in the event storage unit 1110 due to the event notification function 34. Then, the "1st device management principle 2120" is stipulated that when the device detects the event of the entry and exit, the device will notify the DM server 1 Ο; "2nd device management principle 2220" stipulates that The entry and exit event accumulated in the event pooling unit 1110 in the DM server 10 is notified to the DM server 1 . Here, the device invalidation function 35 is used, so that the specific function (the login function 42 0 and the entry and exit function 410) on the device 20 becomes the role of the second device management function that cannot be used. In addition, the device invalidation function is used, and the device function is the usable function (the login function 420 and the entry and exit function 410) that becomes unavailable in the "second state" period. 3 The role of device management functions. Next, the operation of the event detecting unit 1 100 of the device management device 1000 according to the present embodiment will be described with reference to Fig. 20 . In the present embodiment, the event detecting unit 具备 具备 includes the event pooling unit 1 1 1 0 as a subset. The operation of the event detecting unit 1100 in the present embodiment is different from the operation of the event detecting unit 1100 in the first embodiment shown in Fig. 8 as steps S1423 and S1426. In step S1 423, the event detecting unit 11 determines that the device management event, which is not described in the third event list, is accumulated in the event storage unit 1110 while the device state is in the "second state". in. Further, in step S 1426, the event detecting unit 1 1 notifies the device management execution unit 1 400 of the device management event accumulated in the event storage unit 1110, and functions as the third device management function. Implement it. -45- 1357558 As a result, the event detecting unit 1 1 00 can detect the device management event in the dm server 10 that is not in the third device management event 2 ! 3 ( (ie, The entry and exit event of the first device management event 2110) is accumulated in the event pooling unit 1110. The device 20 can be restored to the correct state by the above-mentioned "device management event accumulated in the event pooling portion 1110" to enable or disable the device management function (i.e., to determine the device management function to be performed). In addition, if only one device management event 2100 is not accumulated, it is only necessary to simply restore the state before the device state enters the "second state". In the above example, before the device status changes to the "second state", if the login function 420 is valid, the login function 420 can be set to be valid. As described above, in the present embodiment, when the event detecting unit 1 100 detects the event detecting unit 1 100, the state setting unit 1 300 sets the device state to the "first state", and the principle management unit When the 1200 system sets the first device management principle 2 1 1 0 to the device management principle to be used, the device management execution unit 1 400 may be configured to correspond to the first accumulated in the event storage unit 2400. 1 Device management event 2110 ("Entry event + quit room event + room entry event") to determine the device management function to be executed 2300 °, that is, the principle management unit 1 200, which is associated with the device management for the first state The first device management function 2310 specified by the principle (the first device management principle 2 1 1 0) determines the device management original -46-1357558 to be used in the second state (the second device management principle 2120). The specific second device management function. Further, another implementation method of the event accumulation unit will be described. Hereinafter, in order to distinguish the above-described event accumulation unit from the above-described event accumulation unit 1 1 10, it is referred to as a management status storage unit 1 120. .  As described above, the management status storage unit 1120 is effective only when the first device management event 2110 has only two types (into or out of the room). The φ management status storage unit 11 is a management status before the "first management status" is stored, and the device status is changed from the "first state" to the "second state"; the "second management status" is The management status before the "second state" is changed from the "second state" to the "first state", and then the device management is executed when the "first management status" and the "second management status" are changed. Department 1 400 performs the third device management function 23 3 0 〇 φ, that is, 'If the "first management status" is the status of the staff entering the office", the "second management status" is the status of the staff leaving the office. 'Just as long as the login function 420 is invalidated. - Also, if "the first management situation" is to go out of the office on behalf of the staff.  The status 'the second management status' is a state in which the employee enters the office in the office', and the login function 420 can be activated. According to the device management apparatus 1 000' according to the third embodiment of the present invention, when the change of the device state (the change from the first state to the second state) of the device management event 2 1 无法 cannot be detected occurs By referring to -47-1357558, the first device management event 2 1 1 0 that has been stored in the event storage unit π 1 0 and the device state is in the second state, the device state is restored to the first state. The device management function executed at the time of the status is 23 00, and the device management function 2300 (set to validate or invalidate) corresponding to the first device management event 2 Π 0 (entry and exit event) that occurred during the period is executed. According to this configuration, the device management function (login function) to be performed in the period can be executed, and the device state can be restored more accurately. According to the device management according to the third embodiment of the present invention. In the case of the device 1 000, when the device state is changed from the second state to the first state, the third device management function 23 3 0 can be executed only when the management state change occurs in the second state, and the device management device can be reduced. The cost of execution. The present invention has been described in detail above using the listed embodiments, but the present invention is not limited by the embodiments described in the specification. The present invention can be implemented in a modified or modified manner without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the description of the present specification is for illustrative purposes only and is not intended to limit the invention. In addition, the entire contents of Japanese Patent Application No. 2006-330610 (filed on Dec. 7, 2006) are hereby incorporated by reference. [Possibility of Industrial Applicability] As described above, according to the device management apparatus according to the present invention, in addition to -48-1357558, it is possible to prevent illegitimate or poor monitoring during the period in which the device management cannot be properly performed, and it is also restored. When it is possible to properly perform the management of the device, the state of the device that should have been restored should be restored as soon as possible. Therefore, it is useful for a communication system having a device such as a mobile terminal. [Brief Description of the Drawings] Fig. 1 is a diagram for explaining the remote monitoring using the DM agent including the device management device according to the first embodiment of the present invention. Fig. 2 is a diagram for explaining the remote monitoring using the DM agent including the device management device according to the first embodiment of the present invention. Fig. 3 is a functional block diagram of the device management device according to the first embodiment of the present invention. Fig. 4 is a view showing an example of a list of first device management events used in the device management device according to the first embodiment of the present invention. Fig. 5 is a view showing an example of a list of second device management events used in the device management device according to the first embodiment of the present invention. Fig. 6 is a view showing an example of a list of third device management events used in the device management device according to the first embodiment of the present invention. [Fig. 7] Fig. 7 is a transition diagram of a device state managed by a state setting unit in the device management device according to the first embodiment of the present invention. [Fig. 8] Fig. 8 is a first embodiment of the present invention. A flowchart of the operation of the event detecting unit in the device management device. [Fig. 9] Fig. 9 is the first embodiment of the present invention! A flowchart of the operation of the state setting unit in the device management device according to the embodiment. [Fig. 10] Fig. 10 is a flowchart showing the operation of the principle management unit in the equipment management device according to the first embodiment of the present invention. [Fig. 11] Fig. 11 is a flowchart showing the operation of the device management execution unit in the device management device according to the first embodiment of the present invention. [Fig. 12] Fig. 12 is a diagram for explaining the use of the DM agent of the device management device according to the second embodiment of the present invention. [Fig. 13] Fig. 1 is a diagram for explaining the administration of the entrance and exit room of the DM agent having the facility management device according to the second embodiment of the present invention. Figure 14 is a device management device according to a second embodiment of the present invention. Functional block diagram. Fig. 15 is a view showing an example of a list of first device management events used in the equipment management device according to the second embodiment of the present invention. Fig. 16 is a diagram showing an example of a list of second device management events used in the equipment management device according to the third embodiment of the present invention. Fig. 17 is a view showing an example of a list of third device management events used in the equipment management device according to the fourth embodiment of the present invention. Fig. 18 is a functional block diagram of a device management device according to a third embodiment of the present invention. [Fig. 19] Fig. 19 is a diagram for explaining the use of the DM agent of the device management device according to the third embodiment of the present invention. Fig. 20 is a flowchart showing the operation of an event detecting unit in the device management device according to the third embodiment of the present invention. [Main component symbol description] -50- 1357558 1 Ο : D ΜServer 2 Ο : Device 3 0 : D Μ Agent 3 1 : Lock function 3 2 : Monitor function (device management function) 3 3 : Report function ( Device management function) 34: Event notification function 3 5: Device invalidation function 100: External recording medium 300: Network 400: Non-contact 1C card 4 00 A: Card reader 4 1 0: Entry and exit function 420: Login function 1 〇〇〇: Device management device 1 1 : Event detection unit 1 1 1 0 : Event storage unit 1 1 2 0 : Management status storage unit 1 1 3 0 : Status setting unit 1 200 : Principle management unit 1 3 0 0: state setting unit 1400: device management execution unit 2100: device management event 2 1 1 0 : 1st device management event - 51 - 1357558 2120: 2nd device management event 2 1 3 0 : 3rd device management event 2200: Device management principle 22 1 0 : Device management principle for the first state (1st device management principle) 2220 : Device management principle for the second state (2nd device management original IJ) 23 00 : Device management function 2310: 1st device Management function 2320: 2nd device management function 23 3 0: 3rd device management function 2400: thing Reservoir

-52--52-

Claims (1)

1357558 - ^'丨0月β日修正本 • 第096146840號專利申請案中文申請專利範圍修正本 • 民國100年10月28曰修正 ,十、申請專利範圍 1.一種設備管理裝置,其特徵爲,具備: 設備管理執行部,係藉由執行被設在設備內之設備管 理機能,以進行對該設備之所定管理;和 事件偵測部,偵測出特定之設備管理事件;和 0 狀態設定部,係隨應於前記特定之設備管理事件之偵 測結果,來設定前記設備狀態;和 原則管理部,係從將前記設備管理機能予以特定之複 數設備管理原則之中,隨應於被前記狀態設定部所設定之 前記設備狀態、和前記特定之設備管理事件之偵測結果, 來設定應使用之設備管理原則; 前記設備管理執行部,係隨應於前記特定之設備管理 事件之偵測結果、和設備狀態,來決定所應執行之前記設 φ 備管理機能,並且將被前記原則管理部所設定之前記應使 用之設備管理原則所特定出來的設備管理機能,決定成爲 前記應執行之設備管理機能。 . 2.如申請專利範圍第1項所記載之設備管理裝置,其 中,前記設備狀態是處於第1狀態之際,前記事件偵測部 係偵測到第1設備管理事件時,則前記狀態設定部係將該 設備狀態維持成該第1狀態不變; 前記設備狀態是處於前記第1狀態之際,前記事件偵 測部係偵測到第2設備管理事件時,則前記狀態設定部, 1357558 係將該設備狀態設定成第2狀態,前記原則管理 該第2狀態用的設備管理原則,設定作爲前記應 備管理原則。 3.如申請專利範圍第2項所記載之設備管理 中,前記設備狀態是處於前記第1狀態之際,前 測部係偵測到前記第2設備管理事件時,則前記 執行部係執行,被當作前記應使用之設備管理原 之前記第2狀態用的設備管理原則所特定出來的 管理機能。 4 .如申請專利範圍第3項所記載之設備管理 中,前記設備狀態是處於第1狀態之際,前記設 行部係執行,被當作前記應使用之設備管理原則 前記第1狀態用的設備管理原則所特定出來的第 理機能; 前記原則管理部,係隨應於被前記第1狀態 管理原則所特定出來的第1設備管理機能,來決 記第2狀態用的設備管理原則所特定之前記第2 機能。 5. 如申請專利範圍第2項所記載之設備管理 中,前記設備狀態是處於前記第1狀態之際,在 偵測部係偵測到前記第2設備管理事件後,只有 間內未偵測到前記第1設備管理事件的情況下, 設定部才將該設備狀態設定成第2狀態。 6. 如申請專利範圍第3項所記載之設備管理 部,係將 使用之設 裝置,其 記事件偵 設備管理 則而設定 第2設備 裝置,其 備管理執 而設定之 1設備管 用的設備 定應被前 設備管理 裝置,其 前記事件 在一定時 前記狀態 裝置,其 1357558 中,前記第2設備管理機能,係爲使前記設備中的特定機 能變成不可使用之機能。 7.如申請專利範圍第6項所記載之設備管理裝置,其 中,前記第1設備管理機能,係爲隨著特定狀況而使其變 成可使用或不可使用之機能。 8 .如申請專利範圍第3項所記載之設備管理裝置,其 中,前記第2設備管理機能,係爲保護前記設備中之特定 0 資訊之機能。 9 .如申請專利範圍第3項所記載之設備管理裝置,其 中,前記設備狀態是處於前記第2狀態之際,前記事件偵 測部係偵測到第3設備管理事件時,則在前記設備管理執 行部執行了,被當作前記應使用之設備管理原則而設定之 前記第2狀態用的設備管理原則所特定出來的第3設備管 理機能後,前記狀態設定部,係將該設備狀態設定成前記 第1狀態,前記原則管理部,係將前記第1狀態用的設備 φ 管理原則,設定作爲前記應使用之設備管理原則。 1 0 .如申請專利範圍第9項所記載之設備管理裝置, 其中,前記第3設備管理機能,係爲使得,當前記設備狀 態是處於前記第2狀態之期間內曾經變成不可使用之前記 設備上的特定機能,變成可以使用之機能。 1 1 .如申請專利範圍第9項所記載之設備管理裝置, 其中,前記第3設備管理機能,係爲復原前記設備中之特 定資訊之機能。 1 2 .如申請專利範圍第9項所記載之設備管理裝置, -3- 1357558 其中, 事件積存部,係積存著已被前記事件偵測部所偵測到 的前記第1設備管理事件; 前記第2狀態,係爲無法藉由前記事件偵測部來偵測 出前記設備管理事件之狀態; 前記第3設備管理機能,係至少含有,針對已被積存 在前記事件積存部中之前記第1設備管理事件的設備管理 機能。 1 3 .如申請專利範圍第9項所記載之設備管理裝置, 其中, 事件積存部,係若前記設備狀態是處於前記第2狀態 時,則將已被前記事件偵測部所偵測到的前記第1設備管 理事件,加以積存; 若前記事件偵測部係偵測到前記第3設備管理事件, 前記狀態設定部係將前記設備狀態設定成第1狀態,前記 原則管理部係已將前記第1設備管理原則設定作爲前記應 使用之設備管理原則的情況下,則前記設備管理執行部, 係隨應於已積存在前記事件積存部中的前記第1設備管理 事件,來決定前記應執行之設備管理機能。 14.如申請專利範圍第12項所記載之設備管理裝置, 其中,前記事件積存部’係將複數之前記第1設備管理事 件,總結地變更成其他第1設備管理事件。 1 5 .如申請專利範圍第9項所記載之設備管理裝置, 其中,若在前記設備狀態是從前記第1狀態遷移成前記第 -4 - 1357558 2狀態之前的管理狀況,和該設備狀態是從該第 移成該第1狀態之前的管理狀況之間發生變化時 設備管理執行部,係執行前記第3設備管理機能 16.如申請專利範圍第2項所記載之設備管 其中,前記第1狀態,係爲可進行對前記設備之 管理之狀態;前記第2狀態,係爲不可進行對前 前記所定管理之狀態。 2狀態遷 ,則前記 〇 理裝置, 前記所定 記設備之1357558 - ^'丨0月β日修正本• 096146840 Patent Application Chinese Patent Application Amendment • The Republic of China 100 October 28曰 Amendment, X. Patent Application Scope 1. A device management device, characterized by It has: a device management execution department that performs management of the device by performing device management functions set in the device; and an event detection unit that detects a specific device management event; and a 0 state setting unit The status of the pre-recorded device is set in accordance with the detection result of the specific device management event described above; and the principle management department is in accordance with the multi-device management principle that specifies the pre-recording device management function, and is in accordance with the pre-recorded state. Set the device status and the detection result of the device management event specified in the setting unit to set the device management principle to be used. The device management execution unit is related to the detection result of the device management event specified in the previous note. And the status of the equipment, to determine the pre-execution of the φ reserve management function, and will be pre-recorded by the Department of Management Before setting the device management function specified by the device management principle to be used, it is decided to become the device management function that should be executed beforehand. 2. The device management device according to claim 1, wherein when the state of the pre-recording device is in the first state, when the pre-recording event detecting unit detects the first device management event, the pre-recording state setting The department maintains the state of the device in the first state; when the device state is in the first state, the pre-recording event detecting unit detects the second device management event, and the pre-recording state setting unit, 1357558 The device state is set to the second state, and the device management principle for the second state is managed by the pre-recording principle, and the management principle is set as the pre-recording. 3. In the equipment management described in the second paragraph of the patent application, when the state of the pre-recording device is in the first state of the pre-recording, when the pre-measurement unit detects the second device management event, the pre-executing department executes. The management function specified by the equipment management principle for the second state before the equipment management that was used as the pre-recording. 4. In the equipment management described in the third paragraph of the patent application, when the state of the pre-recorded device is in the first state, the pre-recording department is executed, and it is used as the pre-recording device management principle. The first function of the device management principle is based on the first device management function specified by the first state management principle, and is determined by the device management principle for the second state. Remember the second function before. 5. In the equipment management described in item 2 of the patent application scope, when the status of the pre-recording device is in the first state of the pre-recording, the detection unit detects that the second device management event is not detected. In the case of the first device management event, the setting unit sets the device state to the second state. 6. In the equipment management department described in the third paragraph of the patent application, the device to be used is set up, and the second equipment is set for the event detection equipment management, and the equipment for equipment management is set by the management and management. It should be used by the former device management device, and the pre-recorded event is recorded in the status device at a time. In 1357558, the second device management function is pre-recorded, so that the specific function in the pre-recording device becomes unusable. 7. The device management device according to claim 6, wherein the first device management function is a function that is usable or unusable depending on a specific situation. 8. The device management device according to claim 3, wherein the second device management function is a function of protecting the specific information in the pre-recorded device. 9. The device management device according to claim 3, wherein the pre-recording device state is in the second state before, and the pre-recording event detecting unit detects the third device management event, and the pre-recording device The management execution unit executes the third device management function specified by the device management principle for the second state before the device management principle to be used as the pre-recording, and the pre-status setting unit sets the device status. In the first state of the pre-recording, the pre-requisite management department sets the management principle of the equipment φ for the first state in the previous paragraph, and sets the equipment management principle to be used as a pre-record. 10. The device management device according to claim 9, wherein the third device management function is such that the current device state is in a pre-recorded second state and becomes an unusable device. The specific function on the other becomes a function that can be used. 1 1. The device management device according to claim 9, wherein the third device management function is a function of restoring specific information in the pre-recording device. 1 2 . The device management device described in claim 9 of the patent scope, -3- 1357558 wherein the event storage unit stores the first device management event detected by the pre-recorded event detecting unit; In the second state, the state of the pre-recording device management event cannot be detected by the pre-recording event detecting unit; the third device management function is included in the foregoing, and is included in the pre-recorded event storage unit. Device management functions for device management events. 1 . The device management device according to claim 9, wherein the event storage unit detects the state of the device that has been detected by the pre-recording event detecting unit if the state of the device is in the second state. The first device management event is pre-recorded and accumulated; if the event detection unit detects the third device management event, the pre-status setting unit sets the pre-recorded device state to the first state, and the pre-requisite management department has pre-recorded When the first device management principle is set as the device management principle to be used in the pre-recording, the pre-recording device management execution unit determines that the pre-recording should be performed in accordance with the pre-recorded first device management event that has accumulated in the pre-recorded event storage unit. Equipment management function. 14. The device management device according to claim 12, wherein the pre-record event storage unit changes the first device management event to a plurality of first device management events. The device management device according to the ninth aspect of the invention, wherein the state of the pre-recorded device is a management state before the transition from the first state to the first state of the first - 4,357,558, 2, and the device state is When the management status before the first state changes to the first state, the device management execution unit executes the third device management function 16. The device device described in the second item of the patent application is the first item. The state is a state in which the management of the pre-recording device can be performed; the second state in the pre-recording state is a state in which the management of the pre-recording is not possible. 2 state shift, then the pre-recording device, the pre-recorded device -5--5-
TW096146840A 2006-12-07 2007-12-07 Device managing device TW200834442A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2006330610A JP2008146213A (en) 2006-12-07 2006-12-07 Device management device

Publications (2)

Publication Number Publication Date
TW200834442A TW200834442A (en) 2008-08-16
TWI357558B true TWI357558B (en) 2012-02-01

Family

ID=39492189

Family Applications (1)

Application Number Title Priority Date Filing Date
TW096146840A TW200834442A (en) 2006-12-07 2007-12-07 Device managing device

Country Status (5)

Country Link
JP (1) JP2008146213A (en)
KR (1) KR101033628B1 (en)
CN (1) CN101548272B (en)
TW (1) TW200834442A (en)
WO (1) WO2008069314A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724051B (en) * 2011-03-30 2017-10-03 中兴通讯股份有限公司 Communication means and communication equipment for low-cost user equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4120803B2 (en) * 2002-11-05 2008-07-16 三菱電機株式会社 User equipment capture system
US20040252197A1 (en) * 2003-05-05 2004-12-16 News Iq Inc. Mobile device management system
JP4523764B2 (en) * 2003-07-04 2010-08-11 グローリー株式会社 Game media rental system
JPWO2006064764A1 (en) * 2004-12-16 2008-06-12 株式会社セガ GAME DEVICE MANAGEMENT DEVICE HAVING PENALTY FUNCTION, GAME DEVICE, ITS OPERATION PROGRAM, AND PENALTY SETTING SERVER

Also Published As

Publication number Publication date
WO2008069314A1 (en) 2008-06-12
CN101548272B (en) 2012-07-04
TW200834442A (en) 2008-08-16
JP2008146213A (en) 2008-06-26
CN101548272A (en) 2009-09-30
KR20090084926A (en) 2009-08-05
KR101033628B1 (en) 2011-05-11

Similar Documents

Publication Publication Date Title
CN103514386B (en) Permission control and management method of application program and electronic device
EP2409257B1 (en) Mitigations for potentially compromised electronic devices
US9164748B2 (en) Information backup method and apparatus
JP4127315B2 (en) Device management system
TWI439079B (en) System for remotely erasing data, method, server, and mobile device thereof, and computer program product
EP3236640B1 (en) Method and apparatus for detecting and dealing with a lost electronics device
US20110162076A1 (en) Data protecting device
US20090183266A1 (en) Method and a system for recovering a lost or stolen electronic device
BRPI0806772B1 (en) SYSTEM FOR REMOTE MONITORING OF A DEVICE, AND METHOD OF TRACKING A DEVICE
US20090025091A1 (en) Electronic apparatus and information processing apparatus
CN103037310A (en) Mobile terminal intelligent anti-theft method and mobile terminal
US8335869B2 (en) Information processing apparatus, managing method, computer-readable recording medium storing managing program therein, and portable data storage apparatus
WO2015007116A1 (en) Anti-theft method for data after loss of cell phone
WO2009157493A1 (en) Information processing system, server device, information device for personal use, and access managing method
TW201028883A (en) Secure platform management device
KR101459243B1 (en) Security Method of Computer using the Security Locker for USB Socket
CN103577281A (en) Method and system for recovering data
TWI357558B (en)
JP4720959B2 (en) Device management system
JP2006279572A (en) Mobile phone terminal system, mobile phone terminal unauthorized use prevention method, and mobile phone terminal unauthorized use prevention program
US8037537B1 (en) System, method, and computer program product for conditionally securing data stored on a peripheral device coupled to a system, based on a state of the system
JP2010170337A (en) Meter reading device management method, meter reading device management system, handy terminal, and meter reading device management server
JP2010140159A (en) Authentication device
JP2007179210A (en) Service-providing system, interactive display device, and service-providing method
KR101473661B1 (en) Method and apparatus for managing data of mobile device

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees