WO2010007990A1 - Device management system - Google Patents

Device management system Download PDF

Info

Publication number
WO2010007990A1
WO2010007990A1 PCT/JP2009/062742 JP2009062742W WO2010007990A1 WO 2010007990 A1 WO2010007990 A1 WO 2010007990A1 JP 2009062742 W JP2009062742 W JP 2009062742W WO 2010007990 A1 WO2010007990 A1 WO 2010007990A1
Authority
WO
WIPO (PCT)
Prior art keywords
operation history
history
computers
terminal devices
monitoring server
Prior art date
Application number
PCT/JP2009/062742
Other languages
French (fr)
Japanese (ja)
Inventor
康文 豊島
河合一裕
Original Assignee
株式会社日本ルシーダ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日本ルシーダ filed Critical 株式会社日本ルシーダ
Publication of WO2010007990A1 publication Critical patent/WO2010007990A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Definitions

  • the present invention relates to a device management system including a plurality of terminal devices and a device monitoring server that monitors the terminal devices in time series.
  • a network security system in which a network user detects an unauthorized intruder into a server via the Internet, notifies the Internet service provider of this, and reversely detects an unauthorized intruder in cooperation with the service provider (patent) Reference 1).
  • This system identifies a monitoring terminal that detects and notifies unauthorized access using the Internet, and identifies an access source of the unauthorized access detected in response to the notification from the monitoring terminal. And a center terminal that notifies the user.
  • a device management system that includes a plurality of terminal devices and a monitoring server that is connected to a network formed by the terminal devices and monitors the terminal devices in a time series, and that prevents unauthorized actions of the terminal devices in the network.
  • the monitoring server includes an operation prohibiting unit that prohibits execution of non-permitted operations other than those permitted for the terminal devices, and a permitted operation history storage unit that stores a permitted operation history when the terminal device executes a permitted operation. And a non-permitted operation history storage unit that stores a non-permitted operation history when these terminal devices execute a non-permitted operation, and a history output unit that outputs a permitted operation history and a non-permitted operation history.
  • the network security system disclosed in Patent Document 1 detects unauthorized access to the server on the user side by the monitoring terminal analyzing the log, and notifies the center terminal of the unauthorized access detection together with the stored log.
  • the center terminal identifies an unauthorized access server from the notified log information, and notifies the user monitoring terminal of the access source server information.
  • the operation status of the permitted operation and the operation status of the non-permitted operation in each terminal device cannot be grasped, it is difficult to prevent fraudulent acts such as data tampering and data destruction by the network user.
  • the device management system disclosed in Patent Document 2 can grasp the operation status of the permitted operation and the operation status of the non-permitted operation in each terminal device.
  • Each terminal device is installed with an operation history acquisition application that causes the monitoring server to acquire an operation history in the terminal device.
  • the operation history acquisition application since the operation history acquisition application is registered in the visible startup registry, the operation history acquisition application can be prevented from being activated in the terminal device. Specifically, by displaying a startup check box for the operation history acquisition application on the display and unchecking the check box, the operation history acquisition application can be prevented from starting when the terminal device is started. If the operation history acquisition application is not started, each operation history in the terminal device cannot be acquired by the monitoring server, and an illegal act of a network user using the terminal device cannot be prevented.
  • An object of the present invention is to provide a device management system in which each operation history in a terminal device can be monitored by a monitoring server, and illegal actions by network users can be surely prevented.
  • the premise of the present invention for solving the above-described problem is that the device includes a plurality of terminal devices used by a user, and a monitoring server connected to a network formed from the terminal devices and monitoring the terminal devices in time series. It is a device management system.
  • the terminal device is installed with a user level operation history acquisition application that causes the monitoring server to acquire a user level operation history when the terminal device executes an operation that can be executed at the user level.
  • the level operation history acquisition application is registered in an invisible startup registry in the terminal device.
  • a system level operation history acquisition application that causes a monitoring server to acquire a system level operation history when the terminal device executes an operation that can be executed at the system level is installed in the terminal device.
  • the acquisition application is registered in a task that is difficult to see in the terminal device.
  • operations that can be performed at the user level include use operations within the operation permission time of those terminal devices in the network, use operations outside the operation permission time of these terminal devices in the network, and other than the network Use operation of these terminal devices in the external environment of the user, the user level operation history is a use operation history within the operation permission time of those terminal devices in the network, and a use operation history outside the operation permission time of these terminal devices in the network And a use operation history of those terminal devices in an external environment other than the network.
  • operations that can be performed at the user level include use operations of permitted applications of the terminal devices, installation operations of various applications of the terminal devices, and uninstallation operations of the various applications of the terminal devices.
  • the user-level operation history is the usage operation history of the permitted applications of these terminal devices, the installation operation history of various applications of these terminal devices, and the uninstall operation history of various applications of these terminal devices.
  • operations that can be executed at the system level are start / end operations of these terminal devices, printing operations in these terminal devices, and operations for accessing files used in these terminal devices.
  • the system level operation history is the start / end operation history of the terminal devices, the print operation history of the terminal devices, and the access operation history of the files used in the terminal devices.
  • the system level operation history includes a print operation history in a terminal device in which data printing is prohibited among those terminal devices, and a terminal device in which data take-out among these terminal devices is prohibited. These are the data take-out operation history and the activation operation history of the movement prohibited application in those terminal devices.
  • a user-level operation history acquisition application that causes a monitoring server to acquire a user-level operation history when a terminal device executes an operation that can be executed at the user level is invisible in the terminal device. Therefore, the activation check box for the operation history acquisition application cannot be unchecked, and the user level operation history acquisition application cannot be activated when each terminal device is activated. Therefore, the monitoring server can reliably acquire an operation history of operations that can be executed at the user level from each terminal device.
  • the operation history is centrally managed by the monitoring server, and the user level operation history of each terminal device can be collated and monitored in the server. Therefore, it is possible to reliably prevent an illegal act such as data falsification or data destruction by a network user.
  • a device management system in which a system level operation history acquisition application that causes a monitoring server to acquire a system level operation history when a terminal device executes an operation that can be executed at the system level is registered in a task that is difficult to see in the terminal device is It becomes difficult to clear the check box of the acquisition application activation check box, and the system level operation history acquisition application cannot be deactivated when each terminal device is activated. Therefore, the monitoring server can reliably acquire an operation history of operations that can be executed at the system level from each terminal device.
  • the operation history is centrally managed by the monitoring server, and the server can collate and monitor the system level operation history of each terminal device. Therefore, it is possible to reliably prevent an illegal act such as data falsification or data destruction by a network user.
  • the operation content history within the operation permission time of those terminal devices in the network As the user level operation history, the operation content history within the operation permission time of those terminal devices in the network, the operation content history outside the operation permission time of these terminal devices in the network, the operation content history of these terminal devices in the external environment other than the network
  • the monitoring server since the monitoring server acquires the operation history within the operation permission time or outside the operation permission time of each terminal device in time series, the operation history within the operation permission time or outside the operation permission time is stored in the monitoring server. Centrally managed, it is possible to grasp the operation status within the operation permission time of the terminal device and outside the operation permission time via the monitoring server.
  • the monitoring server acquires the operation history of the terminal device in the external environment other than the network in time series, the operation history in the external environment is centrally managed in the monitoring server, and the operation of the external environment of the terminal device is performed via the monitoring server.
  • the situation can be grasped.
  • This system can identify not only the use of the terminal device within the operation permission time but also the terminal device used outside the operation permission time or in the external environment, and unauthorized use of important data and confidential data by network users. Unauthorized acts such as take-out, falsification, and destruction can be reliably controlled.
  • the device management system including the usage operation history of permitted applications of these terminal devices, the installation operation history of various applications of these terminal devices, and the uninstall operation history of various applications of these terminal devices as the user level operation history Since the usage operation history of the permitted application of each terminal device is acquired in time series, the usage operation history of the permitted application is centrally managed in the monitoring server, and the usage operation status of the permitted application of the terminal device is grasped via the monitoring server. And can limit the unlimited use of the application. In the system, since the monitoring server acquires the installation operation history and uninstallation operation history of various applications of the terminal device in time series, the installation operation history and uninstallation operation history are centrally managed in the monitoring server, and the terminal is connected via the monitoring server. It is possible to grasp the installation operation status and uninstallation operation status of the device. Since this system can identify a terminal device that has performed various application installation operations and various application uninstallation operations, it can regulate unnecessary application installation actions by network users. Unauthorized uninstallation of applications can be restricted.
  • the device management system including the start / end operation history of each terminal device, the printing operation history in each terminal device, and the access operation history to the file used in each terminal device is Since the start / end operation history of the terminal device is acquired in time series, the start / end operation history of the terminal device is centrally managed in the monitoring server, and the start / end operation status of the terminal device can be grasped via the monitoring server. In the system, since the monitoring server acquires the printing operation history of each terminal device in time series, the printing operation history of the terminal device is centrally managed in the monitoring server, and the printing operation status of the terminal device is grasped via the monitoring server. Can do. Since this system can grasp the terminal device that performed the printing action using the printing action history, it regulates unauthorized actions such as unauthorized printing or taking-out of important data and confidential data by network users. be able to.
  • the monitoring server acquires the access operation history to the file of each terminal device in time series
  • the access operation history to the file of the terminal device is centrally managed in the monitoring server, and the terminal device It is possible to grasp the status of file access operations. Since the system can grasp the terminal device that has accessed the file using the file access operation history, it is possible to regulate illegal acts such as unauthorized removal, falsification, and destruction of a predetermined file by a network user.
  • the monitoring server since the monitoring server acquires the printing operation history in the terminal device not permitted to print data in time series, the printing operation history in the terminal device is centrally managed in the monitoring server, and the monitoring server Through this, it is possible to grasp the printing operation status in the terminal device that is not permitted to print data. Since this system can grasp the terminal device that is not allowed to print data using the printing operation history, it regulates unauthorized acts such as unauthorized printing of a predetermined file or unauthorized removal by a network user. be able to.
  • the monitoring server obtains the data take-out operation history in the terminal device not permitted to take out data in time series
  • the data take-out operation history in the terminal device is centrally managed in the monitor server, and the data take-out operation is performed via the monitor server. It is possible to grasp the data take-out operation status in the unauthorized terminal device. Since the system can grasp the terminal device that is not allowed to take out data using the data take-out operation history, it regulates unauthorized actions such as unauthorized browsing of the specified data and unauthorized take-out by network users can do.
  • the monitoring server acquires the activation operation history of the prohibited operation application in the terminal device in time series
  • the activation operation history of the prohibited operation application in the terminal device is centrally managed in the monitoring server, and the terminal is connected via the monitoring server. It is possible to grasp the activation operation status of the movable prohibition application in the apparatus. Since the system can grasp the terminal device that has performed the activation operation of the movement prohibited application using the movement operation history of the movement prohibited application, it is possible to suppress the access action to the movement prohibited application in each terminal device.
  • the block diagram of the apparatus management system shown as an example.
  • FIG. 6 is a diagram illustrating an example of a printing operation history.
  • FIG. 6 is a diagram illustrating an example of a printing operation history.
  • history The figure which shows an example of a taking-out action log
  • FIG. 1 is a configuration diagram of a device management system 10 shown as an example.
  • the equipment management system 10 includes a plurality of business computers 11A, 11B, and 11C (terminal devices) used by employees (users) for company work, a management computer 12 managed and stored by an in-house manager, and monitoring.
  • the server 13 and the hub 14 connecting them are formed.
  • the computers 11A, 11B, 11C, and 12 and the server 13 are connected to each other through a high-speed broadband line via a hub 14 to form an in-house network 15.
  • the monitoring server 13 monitors various operation states of the business computers 11A, 11B, and 11C logged into the network 15 in time series while the system 10 is in operation, and reports these operation states to the management computer 12.
  • the business computers 11A, 11B, and 11C, the management computer 12, and the monitoring server 13 can be connected to the Internet and have an e-mail transmission / reception function. Further, the computers 11A, 11B, 11C, and 12 and the server 13 can access a predetermined Web site and log in to that site, and can access a predetermined external network and log in to that network.
  • a DNS server and a homepage for setting a correspondence between a host name and an IP address assigned to the host name are disclosed.
  • Web server database server that provides functions to read and write various data by accepting requests from other business computers and other servers, mail server for sending and receiving e-mails, created text and images
  • a server group such as a document server that stores all the data such as.
  • the system 10 can be used for all networks such as a local area network and a wide area network.
  • all existing network connection methods such as a bus network, a star network, a peer-to-peer network, and a ring network can be supported.
  • the business computers 11A, 11B, and 11C and the management computer 12 are connected to input devices such as a keyboard and a mouse, and output devices such as displays 16 and 17 and printers 18 and 19 via an interface (wired or wireless). Yes.
  • input devices such as a keyboard and a mouse
  • output devices such as displays 16 and 17 and printers 18 and 19 via an interface (wired or wireless).
  • existing removable disks such as memory sticks, IC recorders, PDAs, and mobile phones can be detachably connected to the computers 11A, 11B, 11C, and 12, and the computers 11A, 11B, 11C, and 12 Various data can be exchanged between them.
  • User level operation history acquisition that causes the monitoring server 13 to acquire user level operation history when the computers 11A, 11B, and 11C execute operations that can be executed at the user level is stored in the memory of each business computer 11A, 11B, and 11C.
  • An application (agent application) is installed.
  • the business computers 11A, 11B, and 11C start a user level operation history acquisition application stored in the memory based on control by the operating system, and output the user level operation history to the monitoring server 13 according to the application.
  • the user level operation history acquisition application is registered in the invisible startup registry of the business computers 11A, 11B, and 11C. Therefore, the user level operation history acquisition application cannot be displayed on the display 16 in the business computers 11A, 11B, and 11C (invisible), and the contents of the user level operation history acquisition application cannot be confirmed (viewed).
  • the activation check box of the user level operation history acquisition application cannot be displayed on the display 16. Therefore, by removing the check box, the computers 11A, 11B, and 11C It is not possible to prevent the user level operation history acquisition application from being activated at the time of activation.
  • the operations that can be performed at the user level include use operations within the operation permission time of the business computers 11A, 11B, and 11C in the network 15, use operations outside the operation permission time of the computers 11A, 11B, and 11C in the network 15, Use operation of the computers 11A, 11B, and 11C in an external environment other than the network 15, use operation of permitted applications of the computers 11A, 11B, and 11C, installation operation of various applications of the computers 11A, 11B, and 11C, the computers 11A, There is an uninstall operation for various applications of 11B and 11C.
  • the user level operation history includes the use operation history within the operation permission time of the business computers 11A, 11B, and 11C in the network 15, the use operation history outside the operation permission time of the computers 11A, 11B, and 11C in the network 15, the network Use operation history of the computers 11A, 11B, and 11C in an external environment other than 15, use operation history of permitted applications of the computers 11A, 11B, and 11C, installation operation history of various applications of the computers 11A, 11B, and 11C, and the computers There is an uninstall operation history of various applications 11A, 11B, and 11C.
  • System level operation history acquisition that causes the monitoring server 13 to acquire a system level operation history when the computers 11A, 11B, and 11C execute operations that can be executed at the system level is stored in the memory of each business computer 11A, 11B, and 11C.
  • An application (agent application) is installed.
  • the business computers 11A, 11B, and 11C start a system level operation history acquisition application stored in the memory based on the control by the operating system, and output the system level operation history to the monitoring server 13 according to the application.
  • the system level operation history acquisition application is registered in a task that is difficult to see on the business computers 11A, 11B, and 11C. Therefore, it is difficult to display the system level operation history acquisition application on the display 16 in these business computers 11A, 11B, and 11C (it is difficult to see), and it is possible to confirm (view) the contents of the system level operation history acquisition application. difficult.
  • the operations that can be performed at the system level include start / end operations of the business computers 11A, 11B, and 11C, printing operations on the computers 11A, 11B, and 11C, and access to files used on the computers 11A, 11B, and 11C. There is an operation.
  • the system level operation history includes start / end operation histories of the computers 11A, 11B, and 11C, print operation histories in the computers 11A, 11B, and 11C, access operation histories to files used in the computers 11A, 11B, and 11C, Of these computers 11A, 11B, and 11C, the printing operation history in the computers 11A, 11B, and 11C in which data printing is prohibited, and in the computers 11A, 11B, and 11C in which data take-out among these computers 11A, 11B, and 11C is prohibited There are data take-out operation histories and activation operation histories of the movable prohibited applications in the computers 11A, 11B, and 11C.
  • the monitoring server 13 is a computer having a central processing unit and a memory, and is equipped with a large-capacity hard disk.
  • the monitoring server 13 is installed with a user level operation history acquisition application (agent application) and a system level operation history acquisition application (agent application). Based on the control by the operating system, the monitoring server 13 activates those applications stored in the instruction file in the memory, and executes each means described later according to the applications.
  • FIG. 2 is a diagram of a display screen of the authentication procedure displayed on the business computers 11A, 11B, 11C and the displays 16, 17 of the management computer 12.
  • the monitoring server 13 authenticates the computers 11A, 11B, 11C, and 12 when the business computers 11A, 11B, and 11C and the management computer 12 are activated.
  • the computers 11A, 11B, 11C, and 12 are logged into the network 15, and it is determined whether or not the computers 11A, 11B, 11C, and 12 can be used in the network 15.
  • the authentication method performed by the monitoring server 13 is password authentication, fingerprint authentication, voiceprint authentication, retina authentication, and IC card authentication can also be performed in addition to password authentication.
  • As the password authentication a one-time password can be adopted.
  • a user name input area and a password input area are displayed on the displays 16 and 17. Employees and managers enter user names and passwords in these input areas.
  • the monitoring server 13 compares the input user name and password with those stored in the memory, and determines whether the user name and password are correct or incorrect. If the user name and password are correct and the authentication result is valid, the monitoring server logs the computers 11A, 11B, 11C, and 12 into the network 15. If the user name or password is incorrect and the authentication result is impossible, the monitoring server 13 prohibits the login of the computers 11A, 11B, 11C, and 12 to the network 15 and displays a login failure message as the computers 11A, 11B, and 11C. , 12 are displayed on the displays 16 and 17. In this system 10, the monitoring server 13 authenticates the computers 11A, 11B, 11C, and 12 when the business computers 11A, 11B, and 11C and the management computer 12 are started up. , 11B, 11C, and 12 cannot be logged into the network 15, so that unauthorized entry into the network 15 due to falsification of authentication information or diversion of authentication information can be prevented.
  • 3 and 4 are diagrams showing examples of start / end operation histories, use operation histories within the operation permission time, and use operation histories of permitted applications, and show weekly use histories of the business computers 11A, 11B, and 11C. . 3 and 4, the display of specific names and numerical values of each item is omitted.
  • the monitoring server 13 monitors the activation and termination of the business computers 11A, 11B, and 11C within the operation permission time in time series. The monitoring server 13 determines whether the use of the business computers 11A, 11B, and 11C is within the operation permission time or outside the operation permission time by the timer function, and when the computers 11A, 11B, and 11C are activated within the operation permission time, Judged to be used within the operation permission time.
  • the monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.), the computer The activation date / time of 11A, 11B, 11C is stored in the hard disk (activation operation history acquisition means).
  • the identification numbers computer names, IP addresses, MAC addresses, etc.
  • the end dates and times of the computers 11A, 11B, and 11C are stored on the hard disk. (End operation history acquisition means).
  • the monitoring server 13 monitors the usage operation status of the business computers 11A, 11B, and 11C logged into the network 15 and the usage operation status of the permitted application in time series.
  • the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the installed application is activated and the business computers 11A, 11B, and 11C use the application
  • use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the monitoring server 13 acquires the usage operation history and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation history acquisition unit).
  • the monitoring server 13 When there is a request to output these histories from the management computer 12, the monitoring server 13 displays the start / end operation history and use operation history stored in the hard disk on the display 17 of the management computer 12, and these histories are displayed on the management computer 12. 12 is output from the printer 19 connected to 12 (operation history output means).
  • the monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
  • FIG. 3 shows the use operation history data within the operation permitted time, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, the work address in the work group / domain display area.
  • the initial startup time is displayed in the initial startup time display area
  • the final end time is displayed in the final end time display area
  • the number of operations of the business computers 11A, 11B, and 11C is displayed in the operation count display area.
  • FIG. 4 shows the details of the operation history within the operation permission time as operation month / day in the month / day display area, business computer name in the computer name display area, work group / domain / IP address display in the work group / domain display area.
  • the IP address is displayed in the area, and the MAC address is displayed in the MAC address display area.
  • the power ON / OFF display area has a power ON / OFF record
  • the user name display area has a user name (the name of an employee who manages the business computers 11A, 11B, and 11C)
  • the start date / time display area has a start date / time (application use start) Date / time), end date / time in the end date / time display area (application use end date / time), operation time in the operation time display area (application usage time), application name (used application name), operation window name in the application name display area
  • the operation window name (the operation window name of the application used) is displayed in the area.
  • the manager in charge can output the use operation history shown in FIGS.
  • the manager in charge uses the monitoring server 13 in the computers 11A, 11B, and 11C.
  • the startup / end status and the login status to the network 15 can be grasped, and the login status to the network 15 of each computer 11A, 11B, 11C can be monitored.
  • the monitoring server 13 collects the use operation history and the use operation history of the application within the operation permission time of the business computers 11A, 11B, and 11C in time series, the manager in charge uses the monitoring server 13.
  • FIGS. 5 and 6 are diagrams showing examples of the use operation history outside the operation permission time and the use operation history outside the operation permission time of the permitted application, and show the weekly use history of the business computers 11A, 11B, and 11C.
  • the monitoring server 13 monitors the usage operation status of the business computers 11A, 11B, and 11C logged into the network 15 outside the operation permission time and the use operation status outside the operation permission time of the permitted application in time series.
  • the monitoring server 13 determines whether the use of the business computers 11A, 11B, and 11C is within the operation permission time or outside the operation permission time by the timer function, and the computers 11A, 11B, and 11C are activated after the operation permission time has elapsed. Then, it is determined that it is used outside the operation permission time.
  • the monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.), the computer The start date and time of 11A, 11B, and 11C are stored in the hard disk.
  • the authentication procedure when the computers 11A, 11B, and 11C log in to the network 15 is the same as that when the computers 11A, 11B, and 11C are activated within the operation permission time.
  • the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the monitoring server 13 acquires the usage operation history outside the operation permission time and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation History acquisition means).
  • the monitoring server 13 When there is a request to output these histories from the management computer 12, the monitoring server 13 displays the use operation history stored outside the operation permission time stored in the hard disk on the display 17 of the management computer 12, and these histories are displayed on the management computer 12. Is output from the printer 19 connected to the (operation history output means).
  • the monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
  • FIG. 5 shows the operation history data outside the operation permission time, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, the work address in the work group / domain display area.
  • the user name is displayed in the group / domain, user name display area, and the usage count is displayed in the usage count display area.
  • FIG. 6 shows the operation history outside the operation permission time as the operation date in the month / day display area, the computer name in the computer name display area, and the work group / domain / IP address in the work group / domain display area.
  • the IP address is displayed in the area, and the MAC address is displayed in the MAC address display area.
  • the user name (employee name managing the computers 11A, 11B, and 11C) is displayed in the user name display area, the start date and time (application use start date and time) in the start date and time display area, and the end date and time (application date and time in the end date and time display area). End date / time), operation time in the operation time display area (application usage time), application name in the application name display area (application name used), operation window name in the operation window name display area (operation window name of the application used) ) Is displayed.
  • the manager in charge can output the use operation history shown in FIGS.
  • the manager in charge uses the monitoring server 13.
  • the monitoring server 13 collects the use operation history and the use operation history of the application outside the operation permission time of the business computers 11A, 11B, and 11C in time series
  • the manager in charge uses the monitoring server 13.
  • the use of the computers 11A, 11B, and 11C outside the operation permission time can be restricted.
  • FIGS. 7 and 8 are diagrams showing examples of use operation histories of the computers 11A, 11B, and 11C in an external environment other than the network 15, and show weekly external use histories of the business computers 11A, 11B, and 11C.
  • the monitoring server 13 monitors the usage operation status in the external environment other than the network 15 of the business computers 11A, 11B, and 11C and the usage operation status of the permitted application in time series.
  • the business computers 11A, 11B, and 11C output identification numbers (computer names, IP addresses, MAC addresses, etc.) that identify them to the monitoring server 13 at regular time intervals (3-minute intervals, 5-minute intervals, etc.).
  • the monitoring server 13 determines that the computers 11A, 11B, and 11C have left the network 15 when the identification numbers output from the computers 11A, 11B, and 11C at an equal interval are interrupted even once, and the computers 11A, 11B, and 11C When the identification number is output again at a predetermined time interval from 11C, it is determined that the computers 11A, 11B, and 11C are connected to the network 15 again, and it is determined that the computers 11A, 11B, and 11C are used in the external environment. .
  • the identification number (computer name, IP address, MAC address, etc.) of the computers 11A, 11B, and 11C, and the computers 11A, 11B, and 11C Store the date and time of use in the external environment on the hard disk.
  • the authentication procedure when the computers 11A, 11B, and 11C log in to the network 15 is the same as that when the computers 11A, 11B, and 11C are activated within the operation permission time.
  • the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the monitoring server 13 acquires the usage operation history in the external environment and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation history acquisition). means).
  • the monitoring server 13 When there is a request to output the history from the management computer 12, the monitoring server 13 displays the use operation history in the external environment stored in the hard disk on the display 17 of the management computer 12 and connects the history to the management computer 12. Output from the printer 19 (operation history output means).
  • the monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
  • FIG. 7 shows the operation history data of the external environment as a period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, and the work group / domain display area in the work group / domain display area.
  • the user name employee name managing the computers 11A, 11B, and 11C used in the external environment
  • the use count in the external environment is displayed in the use count display area.
  • FIG. 7 shows the details of the operation history in the external environment as the operation date in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area.
  • the MAC address is displayed in the IP address / MAC address display area.
  • the external use start time is displayed in the external use start time display area
  • the external use end time is displayed in the external use end time display area
  • the user name is displayed in the user name display area
  • the application use start time is displayed in the application use start time display area
  • the application use end time is displayed.
  • Application use end time in the display area, application operation time in the application operation display area, application name in the application name display area (application name used for external use), operation window name in the operation window name display area (external use) The name of the operation window of the application used at the time is displayed.
  • the manager in charge can output the use operation history shown in FIGS.
  • the manager of the management uses the monitoring server 13. It is possible to grasp the external usage status and application usage status of each of the business computers 11A, 11B, and 11C, and specify the computers 11A, 11B, and 11C used in the external environment.
  • the system 10 can monitor the use of the computers 11A, 11B, and 11C in the external environment and the use of applications, and can regulate the use of the computers 11A, 11B, and 11C in the external environment. Unauthorized actions such as unauthorized removal of data, alteration of data, and destruction of data can be regulated.
  • FIG. 9 is a diagram showing an example of an application installation operation history
  • FIG. 10 is a diagram showing the contents of the installed application.
  • the display of specific names, numerical values, and the like of each item is omitted.
  • the monitoring server 13 monitors application installation on the business computers 11A, 11B, and 11C in time series. When various applications are installed in the business computers 11A, 11B, and 11C, the monitoring server 13 acquires the installation history from the computers 11A, 11B, and 11C, and stores the acquired installation history in the hard disk (installation history acquisition unit) ).
  • the monitoring server 13 When the monitoring server 13 receives an installation history output request from the management computer 12, the monitoring server 13 displays the installation history stored in the hard disk on the display 17 of the management computer 12, and the installation history is displayed on the printer 19 connected to the management computer 12. (Installation history output means).
  • the monitoring server 13 can output the installation history by dividing it into a predetermined period such as daily, weekly, or monthly.
  • the installation history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is specified, as shown in FIG. 9, the business computers 11A, 11B,
  • the installation history data of the application in 11C is displayed on the display 17.
  • a computer name (computer name on which an application is installed) is displayed in the computer name display area
  • a date (installation date and time) is displayed in the date display area
  • an application name (installed application name) is displayed in the application name display area.
  • the management computer 12 can request the monitoring server 13 to output the contents of the application installed in the computers 11A, 11B, and 11C.
  • the monitoring server 13 displays the contents of the application on the display 17 of the management computer 12 and outputs the contents of the application from the printer 17 connected to the computer 12.
  • Installed application content output means When the application name is highlighted on the screen of FIG. 9 and the content display is clicked, the contents of the installed application are displayed in the application content display area together with the computer name and application name, as shown in FIG.
  • the contents of the application are an outline of applications such as document creation software, spreadsheet software, translation software, database construction software, communication software, and security software.
  • FIG. 11 is a diagram showing an example of an application uninstall operation history
  • FIG. 12 is a diagram showing the contents of the uninstalled application.
  • the monitoring server 13 monitors the uninstall of applications from the business computers 11A, 11B, and 11C in time series. When various applications are uninstalled from the business computers 11A, 11B, and 11C, the monitoring server 13 acquires the uninstall history from the computers 11A, 11B, and 11C, and stores the acquired uninstall history in the hard disk (uninstallation). Installation history acquisition means).
  • the monitoring server 13 When there is a request to output the uninstall history from the management computer 12, the monitoring server 13 displays the uninstall history stored in the hard disk on the display 17 of the management computer 12, and the uninstall history is connected to the management computer 12. Output from the printer 19 (uninstallation history output means).
  • the monitoring server 13 can output the uninstallation history in a predetermined period such as daily, weekly, or monthly.
  • the uninstall history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is specified, as shown in FIG. 11, the business computers 11A and 11B , 11C, the application uninstall history data is displayed on the display 17.
  • the computer name (computer name from which the application was uninstalled) is displayed in the computer name display area
  • the date (uninstallation date / time) is displayed in the date display area
  • the application name (uninstalled application name) is displayed in the application name display area. ing.
  • the management computer 12 can request the monitoring server 13 to output the contents of the application uninstalled from the computers 11A, 11B, and 11C.
  • the monitoring server 13 displays the contents of the application on the display 17 of the management computer 12 and outputs the contents of the application from the printer 17 connected to the computer 12.
  • Uninstall application contents output means When the application name is highlighted and the content display is clicked on the screen of FIG. 11, the contents of the uninstalled application are displayed in the application content display area together with the computer name and application name, as shown in FIG.
  • the contents of the application are an outline of applications such as document creation software, spreadsheet software, translation software, database construction software, communication software, and security software.
  • FIGS. 13 and 14 are diagrams showing an example of the printing operation history, and show the weekly printing operation history of the computers 11A, 11B, and 11C. In FIGS. 13 and 14, the display of specific names and numerical values of each item is omitted.
  • the monitoring server 13 monitors the printing operation status of the business computers 11A, 11B, and 11C logged into the network 15 in time series. When the computer 11A, 11B, or 11C prints predetermined data via the printer 18, the monitoring server 13 identifies the computer 11A, 11B, or 11C (computer name, IP address, MAC address, etc.), the computer 11A, The printing operation dates and times of 11B and 11C are stored in the hard disk.
  • the print operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the monitoring server 13 acquires the print operation histories output from the computers 11A, 11B, and 11C in time series, and stores the acquired print operation histories in the hard disk (operation history acquisition unit).
  • the monitoring server 13 displays the print operation history stored in the hard disk on the display 17 of the management computer 12, and the print operation history is connected to the management computer 12.
  • Output from the printer 19 (operation history output means).
  • the monitoring server 13 can divide and output each printing operation history by a predetermined period such as daily, weekly, or monthly.
  • FIG. 13 shows, as print operation history data, the period specified in the period display area, the computer name for business (the name of the computer that performed the print operation) in the computer name display area, the MAC address in the MAC address display area, and the work group / domain.
  • the work area / domain is displayed in the display area
  • the user name is displayed in the user name display area (the name of the employee who manages the computers 11A, 11B, and 11C that performed the printing operation)
  • the total number of print pages is displayed in the print total page count display area
  • the print count display area Shows the number of prints.
  • FIG. 14 shows the details of the print operation history as the month and day of the print operation in the month and day display area, the computer name in the computer name display area, the workgroup / domain in the workgroup / domain display area, and the IP address display area.
  • the MAC address is displayed in the IP address / MAC address display area.
  • the employee name is displayed in the user name display area, the print date and time in the print date display area, the document name in the document name display area, the number of print pages in the print page number display area, and the printer name in the printer name display area.
  • the manager in charge can output the usage history shown in FIGS.
  • the manager in charge uses the monitoring server 13 to perform the printing operations in the business computers 11A, 11B, and 11C.
  • the situation can be grasped. Since this system 10 can monitor printing operations in the computers 11A, 11B, and 11C and can regulate unlimited printing operations in the computers 11A, 11B, and 11C, it can restrict unauthorized printing of data by employees. Can do.
  • the monitoring server 13 monitors the file access status of the business computers 11A, 11B, and 11C logged into the network 15 in time series.
  • the monitoring server 13 identifies the computer 11A, 11B, or 11C identification number (computer name, IP address, MAC address, etc.), and the computer 11A, 11B, or 11C file. Store the access date and time on the hard disk.
  • the file access history is output from the computers 11A, 11B, and 11C to the monitoring server 13.
  • the monitoring server 13 acquires the file access history output from the computers 11A, 11B, and 11C in time series, and stores the acquired file access history in the hard disk (operation history acquisition means).
  • the monitoring server 13 displays the file access history stored in the hard disk on the display 17 of the management computer 12, and the file access history is connected to the management computer 12.
  • Output from the printer 19 (operation history output means).
  • the monitoring server 13 can divide and output each file access history by a predetermined period such as daily, weekly, or monthly.
  • FIG. 15 shows the file access history data as a period specified in the period display area, the computer name display area for the business computer (the name of the computer that performed the file access), the MAC address display area for the MAC address, and the workgroup / domain.
  • the work area / domain is displayed in the display area, the user name (the name of the employee who manages the computers 11A, 11B, and 11C that performed file access) is displayed in the user name display area, and the access count is displayed in the access count display area.
  • the details of the file access history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG.
  • the details of the file access history the date of file access is displayed in the month / day display area
  • the computer name is displayed in the computer name display area
  • the work group / domain is displayed in the work group / domain display area
  • the IP address display area is displayed.
  • the MAC address is displayed in the IP address / MAC address display area.
  • the employee name in the user name display area, the access date and time in the access date and time display area, the operation content in the operation content display area (copy, cut, write, delete, create holder, rename, etc.), and the file name in the file name display area The file name before change is displayed in the file name display area before change.
  • the person in charge of management can output the file access history shown in FIGS.
  • the person in charge of management uses the monitoring server 13 to access the files of the business computers 11A, 11B, and 11C.
  • the situation can be grasped. Since the system 10 can monitor the access status of files in the computers 11A, 11B, and 11C and can regulate unlimited use of files, it can regulate unauthorized use of files by employees.
  • FIGS. 17 and 18 are diagrams showing an example of the printing action history, showing the weekly printing action history of the business computers 11A, 11B, and 11C.
  • the monitoring server 13 monitors in time series the printing actions in the computers that are prohibited from printing among the business computers 11A, 11B, and 11C.
  • the monitoring server 13 identifies the computers 11A, 11B, and 11C (computer name, IP address, MAC address, etc.), computer
  • the printing action dates of 11A, 11B, and 11C are stored in the hard disk.
  • the method of prohibiting data printing on a specific computer can also be used to specify the drive installed in the computer and print the data stored in that drive. There is a way to ban.
  • the monitoring server 13 stores the printing action history in the computers 11A, 11B, and 11C. To the monitoring server 13. The monitoring server 13 acquires the printing action histories output from the computers 11A, 11B, and 11C in time series, and stores the acquired printing action histories in the hard disk (operation history acquisition unit). When there is a print action history output request from the management computer 12, the monitoring server displays the print action history stored in the hard disk on the display 17 of the management computer 12, and the print action history is connected to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can divide and output each printing activity history by a predetermined period such as daily, weekly, monthly or the like.
  • FIG. 17 shows the print activity history data as a period specified in the period display area, the computer name (computer name on which the printing act was performed) in the computer name display area, the work group / domain, user in the work group / domain display area.
  • the name display area displays the user name (the name of the employee who manages the computers 11A, 11B, and 11C that performed the printing action), and the printing action count display area displays the printing action count.
  • the details of the printing activity history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG.
  • FIG. 18 as the details of the printing activity history, the month and date of the printing activity in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area
  • the MAC address is displayed in the IP address / MAC address display area.
  • the employee name in the user name display area, the date and time of printing in the printing action date and time display area, the document name (name of the document to be printed) in the document name display area, and the printer name (the printing action was performed in the printer name display area) Printer name) is displayed.
  • the manager in charge can output the printing action history shown in FIGS.
  • the monitoring server 13 collects the printing activity histories in the computers 11 ⁇ / b> A, 11 ⁇ / b> B, and 11 ⁇ / b> C in time series, and each business computer 11 ⁇ / b> A, 11 ⁇ / b> B for which the manager responsible uses the monitoring server 13 to prohibit the printing activity. , 11C printing action status can be grasped.
  • This system 10 can monitor the status of printing actions on computers 11A, 11B, and 11C where printing actions are prohibited, and regulates illegal actions such as unauthorized removal of data, falsification of data, and destruction of data. Can do.
  • FIGS. 19 and 20 are diagrams illustrating an example of a take-out action history, and show weekly take-out action histories of the business computers 11A, 11B, and 11C.
  • the monitoring server 13 monitors in time series the take-out action in the computer for which data take-out is prohibited among the business computers 11A, 11B, and 11C.
  • the monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.) when the computer 11A, 11B, 11C is prohibited from taking out data.
  • the date and time when the computers 11A, 11B, and 11C are taken out is stored in the hard disk.
  • a method for prohibiting data export in a specific computer is a method for prohibiting copying of data stored in a drive mounted on the computer (drive Prohibiting copying to the drive mounted on the computer.
  • the monitoring server 13 takes out data stored in the computers 11A, 11B, and 11C that are prohibited from taking out data (data search, data copy, data cut, data paste, data write in the computers 11A, 11B, and 11C). ), When a copy action is performed on a copy-prohibited drive, or when a write action is performed on a write-protected drive, the carry-out action history is output from the computers 11A, 11B, and 11C to the monitoring server 13. .
  • the monitoring server 13 acquires the take-out action history output from the computers 11A, 11B, and 11C in time series, and stores the acquired take-out action history in the hard disk (operation history acquisition means).
  • the monitoring server 13 When there is a request to output a take-out action history from the management computer 12, the monitoring server 13 displays the take-out action history stored in the hard disk on the display 17 of the management computer 12, and the take-out action history is connected to the management computer 12. Output from the printer 19 (operation history output means).
  • the monitoring server 13 can output each take-out action history in a predetermined period such as daily, weekly, or monthly.
  • FIG. 19 shows, as a take-out action history, a computer name (computer name where the take-out action was performed) in the computer name display area, a work group / domain, and a user name in the work group / domain display area for the period specified in the period display area.
  • the display area displays the user name (the name of the employee who manages the computers 11A, 11B, and 11C where the take-out action was performed), and the take-out action count display area.
  • FIG. 20 shows the details of the take-out action history as the date of the take-out action in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the work group / domain in the IP address display area.
  • the MAC address is displayed in the IP address / MAC address display area.
  • the employee name in the user name display area, the date and time of the take-out action in the display area of the take-out action, the contents of the take-out operation in the display area of the take-out operation (data search, copy, cut, paste, write, etc.), and take out in the file name display area The file name where the action was performed and the file name before the change (the file name before being changed by the take-out action) are displayed in the file name display area before the change.
  • the manager in charge can output the carry-out action history shown in FIGS.
  • each business computer 11 ⁇ / b> A, 11B and 11C can be grasped.
  • the system 10 can monitor the status of the computer 11A, 11B, 11C where the act of taking out is prohibited, and regulates illegal acts such as unauthorized data take-out, data tampering, and data destruction by employees. Can do.
  • FIGS. 21 and 22 are diagrams showing an example of the access history of the prohibited application, and show weekly access histories of the business computers 11A, 11B, and 11C.
  • the monitoring server 13 monitors the act of accessing the operation prohibited application of the business computers 11A, 11B, and 11C logged into the network 15 in time series.
  • the movement prohibition application is stored in the hard disk of the monitoring server 13 in a state of being divided for each business computer 11A, 11B, 11C.
  • the monitoring server 13 identifies the computers 11A, 11B, and 11C (computer names, IP addresses, MAC addresses, etc.), computers 11A, 11B, and 11C.
  • the access act date and time is stored on the hard disk.
  • the monitoring server 13 determines whether the application corresponds to a movable prohibited application stored in the hard disk. When the monitoring server 13 determines that the application falls under the prohibition of movement, the monitoring server 13 acquires the access history of the movement prohibition application in the computers 11A, 11B, and 11C in time series, and stores the acquired access history in the hard disk (operation history). Acquisition means). When there is a request to output the access history of the prohibited application from the management computer 12, the monitoring server 13 displays the access history stored in the hard disk on the display 17 of the management computer 12 and connects the access history to the management computer 12. Output from the printer 17 (operation history output means). The monitoring server 13 can output each access history in a predetermined period such as daily, weekly, or monthly.
  • access history data for the designated period is obtained. It is displayed on the display 17.
  • the computer name (the computer name that accessed the immobile application) is displayed in the computer name display area, the work group / domain, and the user name are displayed in the work group / domain display area.
  • the user name (name of the employee who manages the computers 11A, 11B, and 11C that accessed the prohibited application) is displayed in the area, and the number of accesses (number of accesses to the prohibited application) is displayed in the access count display area.
  • FIG. 21 shows the details of the access history, the date of access in the month / day display area, the name of the business computer in the computer name display area, the workgroup / domain in the workgroup / domain display area, and the IP address in the IP address display area.
  • the MAC address is displayed in the MAC address display area 61.
  • the employee name is displayed in the user name display area
  • the access date and time is displayed in the access date and time display area
  • the application name is displayed in the application name display area.
  • the manager in charge can output the access history shown in FIGS.
  • the manager in charge uses the monitoring server 13 to computer 11 ⁇ / b> A, 11 ⁇ / b> B, 11 ⁇ / b> C. It is possible to grasp the access status to the movable prohibited application.
  • the system 10 can monitor the access status of the movable prohibited application in the computers 11A, 11B, and 11C, and can suppress an access action to the application.
  • a user level operation history acquisition application that causes the monitoring server 13 to acquire a user level operation history when the business computers 11A, 11B, and 11C execute operations that can be executed at the user level is the business computer 11A, Since it is registered in the invisible startup registry in 11B and 11C, the activation check box of the operation history acquisition application cannot be unchecked, and the user level operation history acquisition application is activated when each business computer 11A, 11B, and 11C is activated. Cannot be disabled. Therefore, the monitoring server 13 can reliably acquire an operation history of operations that can be executed at the user level from each of the business computers 11A, 11B, and 11C.
  • the device management system 10 has a system level operation history acquisition application for causing the monitoring server 13 to acquire a system level operation history when the business computers 11A, 11B, and 11C execute operations that can be executed at the system level. Since it is registered in the task that is difficult to see in 11B and 11C, it is difficult to uncheck the activation check box of the operation history acquisition application, and the system level operation history acquisition application is activated when each business computer 11A, 11B, and 11C is activated. Cannot be disabled. Therefore, the monitoring server 13 can reliably acquire an operation history of operations that can be executed at the system level from each of the business computers 11A, 11B, and 11C.

Abstract

Provided is a device management system capable of allowing a monitoring server to monitor each operation history in business computers to reliably prevent a dishonest act by an employee. The device management system is formed from a plurality of business computers (10A, 10B, 10C) used by employees, a management computer (12) managed and maintained by the administrator in a company, and a monitoring server (13) for monitoring the terminal device business computers (10A, 10B, 10C) in chronological order.  A user level operation history acquiring application that allows the monitoring server (13) to acquire the user level operation history of when the computers (10A, 10B, 10C) execute an operation executable at a user level is installed in the business computers (10A, 10B, 10C).  The user level operation history acquiring application is registered in invisible start-up registries in the computers (10A, 10B, 10C).

Description

機器管理システムEquipment management system
 本発明は、複数の端末装置とそれら端末装置を時系列に監視する機器監視サーバとを備えた機器管理システムに関する。 The present invention relates to a device management system including a plurality of terminal devices and a device monitoring server that monitors the terminal devices in time series.
 ネットワークの利用者がインターネットを介してサーバへの不正進入者を検出し、それをインターネットサービスプロバイダに通知するとともに、サービスプロバイダと連携して不正進入者の逆探知を行うネットワークセキュリティーシステムがある(特許文献1参照)。このシステムは、インターネットを利用した不正アクセスを検出してそれを通知する監視端末と、監視端末からの通知を受けて検出された不正アクセスのアクセス元を特定し、特定したアクセス元の情報をネットワークのユーザに通知するセンター端末とから形成されている。 There is a network security system in which a network user detects an unauthorized intruder into a server via the Internet, notifies the Internet service provider of this, and reversely detects an unauthorized intruder in cooperation with the service provider (patent) Reference 1). This system identifies a monitoring terminal that detects and notifies unauthorized access using the Internet, and identifies an access source of the unauthorized access detected in response to the notification from the monitoring terminal. And a center terminal that notifies the user.
 また、複数の端末装置と、それら端末装置から形成されたネットワークに接続されてそれら端末装置を時系列に監視する監視サーバとから構成され、ネットワーク内における端末装置の不正行為を防ぐ機器管理システムがある(特許文献2参照)。監視サーバは、それら端末装置に許可された操作以外の不許可操作の実行を禁止する操作禁止手段と、許可された操作を端末装置が実行した場合の許可操作履歴を記憶する許可操作履歴記憶手段と、それら端末装置が不許可操作を実行した場合の不許可操作履歴を記憶する不許可操作履歴記憶手段と、許可操作履歴および不許可操作履歴を出力する履歴出力手段とを有する。 In addition, a device management system that includes a plurality of terminal devices and a monitoring server that is connected to a network formed by the terminal devices and monitors the terminal devices in a time series, and that prevents unauthorized actions of the terminal devices in the network. Yes (see Patent Document 2). The monitoring server includes an operation prohibiting unit that prohibits execution of non-permitted operations other than those permitted for the terminal devices, and a permitted operation history storage unit that stores a permitted operation history when the terminal device executes a permitted operation. And a non-permitted operation history storage unit that stores a non-permitted operation history when these terminal devices execute a non-permitted operation, and a history output unit that outputs a permitted operation history and a non-permitted operation history.
特開2005-128919号公報JP 2005-128919 A 特開2007-241513号公報JP 2007-241513 A
 前記特許文献1に開示のネットワークセキュリティーシステムは、監視端末がログを解析することでユーザ側のサーバに対する不正アクセスを検出し、記憶したログとともに不正アクセスの検出をセンター端末に通知する。センター端末は、通知されたログの情報によって不正アクセスのアクセス元のサーバを特定し、アクセス元のサーバの情報をユーザの監視端末に通知する。このネットワークセキュリティーシステムは、ネットワークのユーザが不正アクセスのアクセス元のサーバを特定する必要はなく、その分だけユーザの手間や労力が軽減される。しかし、各端末装置における許可操作の操作状況や不許可操作の操作状況を把握することができないから、ネットワークのユーザによるデータの改竄やデータの破壊等の不正行為を防ぐことが難しい。 The network security system disclosed in Patent Document 1 detects unauthorized access to the server on the user side by the monitoring terminal analyzing the log, and notifies the center terminal of the unauthorized access detection together with the stored log. The center terminal identifies an unauthorized access server from the notified log information, and notifies the user monitoring terminal of the access source server information. In this network security system, it is not necessary for a network user to specify an access source server for unauthorized access, and the labor and labor of the user are reduced accordingly. However, since the operation status of the permitted operation and the operation status of the non-permitted operation in each terminal device cannot be grasped, it is difficult to prevent fraudulent acts such as data tampering and data destruction by the network user.
 前記特許文献2に開示の機器管理システムは、各端末装置における許可操作の操作状況や不許可操作の操作状況を把握することができる。各端末装置には、それら端末装置おける操作履歴を監視サーバに取得させる操作履歴取得アプリケーションがインストールされている。なお、このシステムでは、操作履歴取得アプリケーションが可視のスタートアップレジストリに登録されているから、端末装置においてその操作履歴取得アプリケーションを起動させなくすることが可能である。具体的には、操作履歴取得アプリケーションの起動チェックボックスをディスプレイに表示させ、そのチェックボックスのチェックを外すことで、端末装置起動時に操作履歴取得アプリケーションを起動させなくすることができる。操作履歴取得アプリケーションが起動しないと、端末装置における各操作履歴を監視サーバが取得することができず、端末装置を利用したネットワークユーザの不正行為を防ぐことができない。 The device management system disclosed in Patent Document 2 can grasp the operation status of the permitted operation and the operation status of the non-permitted operation in each terminal device. Each terminal device is installed with an operation history acquisition application that causes the monitoring server to acquire an operation history in the terminal device. In this system, since the operation history acquisition application is registered in the visible startup registry, the operation history acquisition application can be prevented from being activated in the terminal device. Specifically, by displaying a startup check box for the operation history acquisition application on the display and unchecking the check box, the operation history acquisition application can be prevented from starting when the terminal device is started. If the operation history acquisition application is not started, each operation history in the terminal device cannot be acquired by the monitoring server, and an illegal act of a network user using the terminal device cannot be prevented.
 本発明の目的は、端末装置における各操作履歴を監視サーバに監視させることができ、ネットワークのユーザによる不正行為を確実に防ぐことができる機器管理システムを提供することにある。 An object of the present invention is to provide a device management system in which each operation history in a terminal device can be monitored by a monitoring server, and illegal actions by network users can be surely prevented.
 前記課題を解決するための本発明の前提は、ユーザが使用する複数の端末装置と、それら端末装置から形成されたネットワークに接続されてそれら端末装置を時系列に監視する監視サーバとを備えた機器管理システムである。 The premise of the present invention for solving the above-described problem is that the device includes a plurality of terminal devices used by a user, and a monitoring server connected to a network formed from the terminal devices and monitoring the terminal devices in time series. It is a device management system.
 前記前提における本発明の特徴として、端末装置にはユーザレベルにおいて実行可能な操作をその端末装置が実行した場合のユーザレベル操作履歴を監視サーバに取得させるユーザレベル操作履歴取得アプリケーションがインストールされ、ユーザレベル操作履歴取得アプリケーションが端末装置において不可視のスタートアップレジストリに登録されていることにある。 As a feature of the present invention based on the premise, the terminal device is installed with a user level operation history acquisition application that causes the monitoring server to acquire a user level operation history when the terminal device executes an operation that can be executed at the user level. The level operation history acquisition application is registered in an invisible startup registry in the terminal device.
 本発明の一例として、端末装置にはシステムレベルにおいて実行可能な操作をその端末装置が実行した場合のシステムレベル操作履歴を監視サーバに取得させるシステムレベル操作履歴取得アプリケーションがインストールされ、システムレベル操作履歴取得アプリケーションが端末装置において可視困難なタスクに登録されている。 As an example of the present invention, a system level operation history acquisition application that causes a monitoring server to acquire a system level operation history when the terminal device executes an operation that can be executed at the system level is installed in the terminal device. The acquisition application is registered in a task that is difficult to see in the terminal device.
 本発明の他の一例としては、ユーザレベルにおいて実行可能な操作が、ネットワークにおけるそれら端末装置の操作許可時間内の使用操作と、ネットワークにおけるそれら端末装置の操作許可時間外の使用操作と、ネットワーク以外の外部環境におけるそれら端末装置の使用操作とであり、ユーザレベル操作履歴が、ネットワークにおけるそれら端末装置の操作許可時間内の使用操作履歴と、ネットワークにおけるそれら端末装置の操作許可時間外の使用操作履歴と、ネットワーク以外の外部環境におけるそれら端末装置の使用操作履歴とである。 As another example of the present invention, operations that can be performed at the user level include use operations within the operation permission time of those terminal devices in the network, use operations outside the operation permission time of these terminal devices in the network, and other than the network Use operation of these terminal devices in the external environment of the user, the user level operation history is a use operation history within the operation permission time of those terminal devices in the network, and a use operation history outside the operation permission time of these terminal devices in the network And a use operation history of those terminal devices in an external environment other than the network.
 本発明の他の一例としては、ユーザレベルにおいて実行可能な操作が、それら端末装置の許可アプリケーションの使用操作と、それら端末装置の各種アプリケーションのインストール操作と、それら端末装置の各種アプリケーションのアンインストール操作とであり、ユーザレベル操作履歴が、それら端末装置の許可アプリケーションの使用操作履歴と、それら端末装置の各種アプリケーションのインストール操作履歴と、それら端末装置の各種アプリケーションのアンインストール操作履歴とである。 As another example of the present invention, operations that can be performed at the user level include use operations of permitted applications of the terminal devices, installation operations of various applications of the terminal devices, and uninstallation operations of the various applications of the terminal devices. The user-level operation history is the usage operation history of the permitted applications of these terminal devices, the installation operation history of various applications of these terminal devices, and the uninstall operation history of various applications of these terminal devices.
 本発明の他の一例としては、システムレベルにおいて実行可能な操作が、それら端末装置の起動・終了操作と、それら端末装置における印刷操作と、それら端末装置において使用するファイルへのアクセス操作とであり、システムレベル操作履歴が、それら端末装置の起動・終了操作履歴と、それら端末装置における印刷操作履歴と、それら端末装置において使用するファイルへのアクセス操作履歴とである。 As another example of the present invention, operations that can be executed at the system level are start / end operations of these terminal devices, printing operations in these terminal devices, and operations for accessing files used in these terminal devices. The system level operation history is the start / end operation history of the terminal devices, the print operation history of the terminal devices, and the access operation history of the files used in the terminal devices.
 本発明の他の一例としては、システムレベル操作履歴が、それら端末装置のうちのデータ印刷が禁止された端末装置における印刷操作履歴と、それら端末装置のうちのデータ持ち出しが禁止された端末装置におけるデータ持ち出し操作履歴と、それら端末装置における可動禁止アプリケーションの起動操作履歴とである。 As another example of the present invention, the system level operation history includes a print operation history in a terminal device in which data printing is prohibited among those terminal devices, and a terminal device in which data take-out among these terminal devices is prohibited. These are the data take-out operation history and the activation operation history of the movement prohibited application in those terminal devices.
 本発明に係る機器管理システムによれば、ユーザレベルにおいて実行可能な操作を端末装置が実行した場合のユーザレベル操作履歴を監視サーバに取得させるユーザレベル操作履歴取得アプリケーションが端末装置において不可視のスタートアップレジストリに登録されているから、操作履歴取得アプリケーションの起動チェックボックスのチェックを外すことができず、各端末装置の起動時にユーザレベル操作履歴取得アプリケーションを起動させなくすることはできない。ゆえに、監視サーバは、ユーザレベルにおいて実行可能な操作の操作履歴を各端末装置から確実に取得することができる。このシステムは、ユーザレベルにおいて実行可能な操作を各端末装置が実行した場合、その操作履歴が監視サーバにおいて一元管理され、サーバにおいて各端末装置のユーザレベルの操作履歴を照合かつ監視することができるから、ネットワークのユーザによるデータの改竄やデータの破壊等の不正行為を確実に防ぐことができる。 According to the device management system of the present invention, a user-level operation history acquisition application that causes a monitoring server to acquire a user-level operation history when a terminal device executes an operation that can be executed at the user level is invisible in the terminal device. Therefore, the activation check box for the operation history acquisition application cannot be unchecked, and the user level operation history acquisition application cannot be activated when each terminal device is activated. Therefore, the monitoring server can reliably acquire an operation history of operations that can be executed at the user level from each terminal device. In this system, when each terminal device executes an operation that can be executed at the user level, the operation history is centrally managed by the monitoring server, and the user level operation history of each terminal device can be collated and monitored in the server. Therefore, it is possible to reliably prevent an illegal act such as data falsification or data destruction by a network user.
 システムレベルにおいて実行可能な操作を端末装置が実行した場合のシステムレベル操作履歴を監視サーバに取得させるシステムレベル操作履歴取得アプリケーションが端末装置において可視困難なタスクに登録された機器管理システムは、操作履歴取得アプリケーションの起動チェックボックスのチェックを外すことが困難となり、各端末装置の起動時にシステムレベル操作履歴取得アプリケーションを起動させなくすることはできない。ゆえに、監視サーバは、システムレベルにおいて実行可能な操作の操作履歴を各端末装置から確実に取得することができる。このシステムは、システムレベルにおいて実行可能な操作を各端末装置が実行した場合、その操作履歴が監視サーバにおいて一元管理され、サーバにおいて各端末装置のシステムレベルの操作履歴を照合かつ監視することができるから、ネットワークのユーザによるデータの改竄やデータの破壊等の不正行為を確実に防ぐことができる。 A device management system in which a system level operation history acquisition application that causes a monitoring server to acquire a system level operation history when a terminal device executes an operation that can be executed at the system level is registered in a task that is difficult to see in the terminal device is It becomes difficult to clear the check box of the acquisition application activation check box, and the system level operation history acquisition application cannot be deactivated when each terminal device is activated. Therefore, the monitoring server can reliably acquire an operation history of operations that can be executed at the system level from each terminal device. In this system, when each terminal device executes an operation that can be executed at the system level, the operation history is centrally managed by the monitoring server, and the server can collate and monitor the system level operation history of each terminal device. Therefore, it is possible to reliably prevent an illegal act such as data falsification or data destruction by a network user.
 ユーザレベル操作履歴として、ネットワークにおけるそれら端末装置の操作許可時間内の操作内容履歴、ネットワークにおけるそれら端末装置の操作許可時間外の操作内容履歴、ネットワーク以外の外部環境におけるそれら端末装置の操作内容履歴が含まれる機器管理システムは、監視サーバが各端末装置の操作許可時間内や操作許可時間外における操作履歴を時系列に取得するから、操作許可時間内や操作許可時間外における操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置の操作許可時間内や操作許可時間外の操作状況を把握することができる。システムは、監視サーバがネットワーク以外の外部環境における端末装置の操作履歴を時系列に取得するから、外部環境における操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置の外部環境の操作状況を把握することができる。このシステムは、操作許可時間内の端末装置の使用のみならず、操作許可時間外や外部環境において使用された端末装置を特定することができ、ネットワークのユーザによる重要データや秘密保持データ等の無断持ち出しや改竄、破壊等の不正行為を確実に規制することができる。 As the user level operation history, the operation content history within the operation permission time of those terminal devices in the network, the operation content history outside the operation permission time of these terminal devices in the network, the operation content history of these terminal devices in the external environment other than the network In the included device management system, since the monitoring server acquires the operation history within the operation permission time or outside the operation permission time of each terminal device in time series, the operation history within the operation permission time or outside the operation permission time is stored in the monitoring server. Centrally managed, it is possible to grasp the operation status within the operation permission time of the terminal device and outside the operation permission time via the monitoring server. Since the monitoring server acquires the operation history of the terminal device in the external environment other than the network in time series, the operation history in the external environment is centrally managed in the monitoring server, and the operation of the external environment of the terminal device is performed via the monitoring server. The situation can be grasped. This system can identify not only the use of the terminal device within the operation permission time but also the terminal device used outside the operation permission time or in the external environment, and unauthorized use of important data and confidential data by network users. Unauthorized acts such as take-out, falsification, and destruction can be reliably controlled.
 ユーザレベル操作履歴として、それら端末装置の許可アプリケーションの使用操作履歴、それら端末装置の各種アプリケーションのインストール操作履歴、それら端末装置の各種アプリケーションのアンインストール操作履歴が含まれる機器管理システムは、監視サーバが各端末装置の許可アプリケーションの使用操作履歴を時系列に取得するから、許可アプリケーションの使用操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置の許可アプリケーションの使用操作状況を把握することができ、アプリケーションの無制限の使用を規制することができる。システムは、監視サーバが端末装置の各種アプリケーションのインストール操作履歴やアンインストール操作履歴を時系列に取得するから、インストール操作履歴やアンインストール操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置のインストール操作状況やアンインストール操作状況を把握することができる。このシステムは、各種アプリケーションのインストール操作、各種アプリケーションのアンインストール操作を行った端末装置を特定することができるから、ネットワークのユーザによる不要なアプリケーションのインストール行為を規制することができ、ネットワークのユーザによるアプリケーションの無許可アンインストール行為を規制することができる。 The device management system including the usage operation history of permitted applications of these terminal devices, the installation operation history of various applications of these terminal devices, and the uninstall operation history of various applications of these terminal devices as the user level operation history Since the usage operation history of the permitted application of each terminal device is acquired in time series, the usage operation history of the permitted application is centrally managed in the monitoring server, and the usage operation status of the permitted application of the terminal device is grasped via the monitoring server. And can limit the unlimited use of the application. In the system, since the monitoring server acquires the installation operation history and uninstallation operation history of various applications of the terminal device in time series, the installation operation history and uninstallation operation history are centrally managed in the monitoring server, and the terminal is connected via the monitoring server. It is possible to grasp the installation operation status and uninstallation operation status of the device. Since this system can identify a terminal device that has performed various application installation operations and various application uninstallation operations, it can regulate unnecessary application installation actions by network users. Unauthorized uninstallation of applications can be restricted.
 システムレベル操作履歴として、各端末装置の起動・終了操作履歴、各端末装置における印刷操作履歴、各端末装置において使用するファイルへのアクセス操作履歴が含まれる機器管理システムは、監視サーバが各端末装置の起動・終了操作履歴を時系列に取得するから、端末装置の起動・終了操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置の起動・終了操作状況を把握することができる。システムは、監視サーバが各端末装置の印刷操作履歴を時系列に取得するから、端末装置の印刷操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置の印刷操作状況を把握することができる。このシステムは、印刷行為履歴を利用して印刷行為を行った端末装置を把握することができるから、ネットワークのユーザによる重要データや秘密保持データ等の無断印刷や無断持ち出し等の不正行為を規制することができる。 As the system level operation history, the device management system including the start / end operation history of each terminal device, the printing operation history in each terminal device, and the access operation history to the file used in each terminal device is Since the start / end operation history of the terminal device is acquired in time series, the start / end operation history of the terminal device is centrally managed in the monitoring server, and the start / end operation status of the terminal device can be grasped via the monitoring server. In the system, since the monitoring server acquires the printing operation history of each terminal device in time series, the printing operation history of the terminal device is centrally managed in the monitoring server, and the printing operation status of the terminal device is grasped via the monitoring server. Can do. Since this system can grasp the terminal device that performed the printing action using the printing action history, it regulates unauthorized actions such as unauthorized printing or taking-out of important data and confidential data by network users. be able to.
 このシステムは、監視サーバが各端末装置のファイルへのアクセス操作履歴を時系列に取得するから、端末装置のファイルへのアクセス操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置のファイルへのアクセス操作状況を把握することができる。システムは、ファイルアクセス操作履歴を利用してファイルアクセスを行った端末装置を把握することができるから、ネットワークのユーザによる所定ファイルの無断持ち出しや改竄、破壊等の不正行為を規制することができる。 In this system, since the monitoring server acquires the access operation history to the file of each terminal device in time series, the access operation history to the file of the terminal device is centrally managed in the monitoring server, and the terminal device It is possible to grasp the status of file access operations. Since the system can grasp the terminal device that has accessed the file using the file access operation history, it is possible to regulate illegal acts such as unauthorized removal, falsification, and destruction of a predetermined file by a network user.
 システムレベル操作履歴として、端末装置のうちのデータ印刷が禁止された端末装置における印刷操作履歴、端末装置のうちのデータ持ち出しが禁止された端末装置におけるデータ持ち出し操作履歴、端末装置における不許可アプリケーションの起動操作履歴が含まれる機器管理システムは、監視サーバがデータ印刷不許可の端末装置における印刷操作履歴を時系列に取得するから、その端末装置における印刷操作履歴が監視サーバにおいて一元管理され、監視サーバを介してデータ印刷不許可の端末装置における印刷操作状況を把握することができる。このシステムは、印刷操作履歴を利用して印刷操作を行ったデータ印刷不許可の端末装置を把握することができるから、ネットワークのユーザによる所定ファイルの無断印刷や無断持ち出し等の不正行為を規制することができる。 As the system level operation history, the printing operation history in the terminal device where data printing is prohibited among the terminal devices, the data carrying-out operation history in the terminal device where data taking-out is prohibited in the terminal device, the non-permitted application in the terminal device In the device management system including the activation operation history, since the monitoring server acquires the printing operation history in the terminal device not permitted to print data in time series, the printing operation history in the terminal device is centrally managed in the monitoring server, and the monitoring server Through this, it is possible to grasp the printing operation status in the terminal device that is not permitted to print data. Since this system can grasp the terminal device that is not allowed to print data using the printing operation history, it regulates unauthorized acts such as unauthorized printing of a predetermined file or unauthorized removal by a network user. be able to.
 このシステムは、監視サーバがデータ持ち出し不許可の端末装置におけるデータ持ち出し操作履歴を時系列に取得するから、その端末装置におけるデータ持ち出し操作履歴が監視サーバにおいて一元管理され、監視サーバを介してデータ持ち出し不許可の端末装置におけるデータ持ち出し操作状況を把握することができる。システムは、データ持ち出し操作履歴を利用してデータ持ち出し操作を行ったデータ持ち出し不許可の端末装置を把握することができるから、ネットワークのユーザによる所定データの無断閲覧や無断持ち出し等の不正行為を規制することができる。 In this system, since the monitoring server obtains the data take-out operation history in the terminal device not permitted to take out data in time series, the data take-out operation history in the terminal device is centrally managed in the monitor server, and the data take-out operation is performed via the monitor server. It is possible to grasp the data take-out operation status in the unauthorized terminal device. Since the system can grasp the terminal device that is not allowed to take out data using the data take-out operation history, it regulates unauthorized actions such as unauthorized browsing of the specified data and unauthorized take-out by network users can do.
 このシステムは、監視サーバが端末装置における可動禁止アプリケーションの起動操作履歴を時系列に取得するから、その端末装置における可動禁止アプリケーションの起動操作履歴が監視サーバにおいて一元管理され、監視サーバを介して端末装置における可動禁止アプリケーションの起動操作状況を把握することができる。システムは、可動禁止アプリケーションの起動操作履歴を利用して可動禁止アプリケーションの起動操作を行った端末装置を把握することができるから、各端末装置における可動禁止アプリケーションに対するアクセス行為を抑止することができる。 In this system, since the monitoring server acquires the activation operation history of the prohibited operation application in the terminal device in time series, the activation operation history of the prohibited operation application in the terminal device is centrally managed in the monitoring server, and the terminal is connected via the monitoring server. It is possible to grasp the activation operation status of the movable prohibition application in the apparatus. Since the system can grasp the terminal device that has performed the activation operation of the movement prohibited application using the movement operation history of the movement prohibited application, it is possible to suppress the access action to the movement prohibited application in each terminal device.
一例として示す機器管理システムの構成図。The block diagram of the apparatus management system shown as an example. コンピュータのディスプレイに表示される認証手続の表示画面の図。The figure of the display screen of the authentication procedure displayed on the display of a computer. 起動・終了操作履歴、操作許可時間内の使用操作履歴、許可アプリケーションの使用操作履歴の一例を示す図。The figure which shows an example of start / end operation history, use operation history within operation permission time, use operation history of permission application. 起動・終了操作履歴、操作許可時間内の使用操作履歴、許可アプリケーションの使用操作履歴の一例を示す図。The figure which shows an example of start / end operation history, use operation history within operation permission time, use operation history of permission application. 操作許可時間外の使用操作履歴、許可アプリケーションの操作許可時間外の使用操作履歴の一例を示す図。The figure which shows an example of the use operation log | history outside operation permission time, and the use operation log | history outside operation permission time of a permission application. 操作許可時間外の使用操作履歴、許可アプリケーションの操作許可時間外の使用操作履歴の一例を示す図。The figure which shows an example of the use operation log | history outside operation permission time, and the use operation log | history outside operation permission time of a permission application. ネットワーク以外の外部環境におけるそれらコンピュータの使用操作履歴の一例を示す図。The figure which shows an example of the use operation log | history of those computers in external environments other than a network. ネットワーク以外の外部環境におけるそれらコンピュータの使用操作履歴の一例を示す図。The figure which shows an example of the use operation log | history of those computers in external environments other than a network. アプリケーションのインストール操作履歴の一例を示す図。The figure which shows an example of the installation operation log | history of an application. インストールされたアプリケーションの内容を示す図。The figure which shows the content of the installed application. アプリケーションのアンインストール操作履歴の一例を示す図。The figure which shows an example of the uninstallation operation log | history of an application. アンインストールされたアプリケーションの内容を示す図。The figure which shows the content of the uninstalled application. 印刷操作履歴の一例を示す図。FIG. 6 is a diagram illustrating an example of a printing operation history. 印刷操作履歴の一例を示す図。FIG. 6 is a diagram illustrating an example of a printing operation history. ファイルアクセス履歴の一例を示す図。The figure which shows an example of a file access history. ファイルアクセス履歴の一例を示す図。The figure which shows an example of a file access history. 印刷行為履歴の一例を示す図。The figure which shows an example of a printing action log | history. 印刷行為履歴の一例を示す図。The figure which shows an example of a printing action log | history. 持ち出し行為履歴の一例を示す図。The figure which shows an example of a taking-out action log | history. 持ち出し行為履歴の一例を示す図。The figure which shows an example of a taking-out action log | history. 可動禁止アプリケーションのアクセス履歴の一例を示す図。The figure which shows an example of the access history of a movement prohibition application. 可動禁止アプリケーションのアクセス履歴の一例を示す図。The figure which shows an example of the access history of a movement prohibition application.
 添付の図面を参照し、本発明に係る機器管理システムの詳細を説明すると、以下のとおりである。図1は、一例として示す機器管理システム10の構成図である。この機器管理システム10は、社員(ユーザ)が会社の業務に使用する複数の業務用コンピュータ11A,11B,11C(端末装置)と、社内の管理責任者が管理保管する管理用コンピュータ12と、監視サーバ13と、それらを接続するハブ14とから形成されている。コンピュータ11A,11B,11C,12やサーバ13は、ハブ14の介在下に高速広帯域回線によって互いに連結され、社内におけるネットワーク15を形成している。 Details of the device management system according to the present invention will be described below with reference to the accompanying drawings. FIG. 1 is a configuration diagram of a device management system 10 shown as an example. The equipment management system 10 includes a plurality of business computers 11A, 11B, and 11C (terminal devices) used by employees (users) for company work, a management computer 12 managed and stored by an in-house manager, and monitoring. The server 13 and the hub 14 connecting them are formed. The computers 11A, 11B, 11C, and 12 and the server 13 are connected to each other through a high-speed broadband line via a hub 14 to form an in-house network 15.
 監視サーバ13は、システム10の稼働中、ネットワーク15にログインした業務用コンピュータ11A,11B,11Cの各種操作状況を時系列に監視し、それら操作状況を管理用コンピュータ12に報告する。それら業務用コンピュータ11A,11B,11Cや管理用コンピュータ12、監視サーバ13は、インターネットに接続可能であり、電子メールの送受信機能を有する。また、それらコンピュータ11A,11B,11C,12やサーバ13は、所定のWebサイトにアクセスしてそのサイトにログインすることができ、所定の外部ネットワークにアクセスしてそのネットワークにログインすることができる。 The monitoring server 13 monitors various operation states of the business computers 11A, 11B, and 11C logged into the network 15 in time series while the system 10 is in operation, and reports these operation states to the management computer 12. The business computers 11A, 11B, and 11C, the management computer 12, and the monitoring server 13 can be connected to the Internet and have an e-mail transmission / reception function. Further, the computers 11A, 11B, 11C, and 12 and the server 13 can access a predetermined Web site and log in to that site, and can access a predetermined external network and log in to that network.
 コンピュータ11A,11B,11C,12やサーバ13から形成されたネットワーク15には、図示はしていないが、ホスト名とそのホスト名に割り当てるIPアドレスとの対応付けを設定するDNSサーバ、ホームページを公開するために必要なWebサーバ、他の業務用コンピュータや他のサーバからの要求を受け付けて各種データを読み書きする機能を提供するデータベースサーバ、電子メールの送受信用のメールサーバ、作成された文章や画像等のデータをすべて保存してそれらのデータを検索可能にするドキュメントサーバ等のサーバ群が接続されている。なお、このシステム10は、ローカル・エリア・ネットワークやワイド・エリア・ネットワーク等のすべてのネットワークに利用することができる。また、バス型ネットワークやスター型ネットワーク、ピア・ツー・ピア型ネットワーク、リング型ネットワーク等の既存のネットワーク結合方法のすべてに対応することができる。 In the network 15 formed from the computers 11A, 11B, 11C, 12 and the server 13, although not shown, a DNS server and a homepage for setting a correspondence between a host name and an IP address assigned to the host name are disclosed. Web server, database server that provides functions to read and write various data by accepting requests from other business computers and other servers, mail server for sending and receiving e-mails, created text and images Are connected to a server group such as a document server that stores all the data such as. The system 10 can be used for all networks such as a local area network and a wide area network. In addition, all existing network connection methods such as a bus network, a star network, a peer-to-peer network, and a ring network can be supported.
 業務用コンピュータ11A,11B,11Cや管理用コンピュータ12には、キーボードやマウス等の入力装置、ディスプレイ16,17やプリンタ18,19等の出力装置がインターフェイス(有線または無線)を介して接続されている。それらコンピュータ11A,11B,11C,12にはメモリスティックやICレコーダ、PDA、携帯電話等の既存のリムーバブルディスクを着脱可能に接続することができ、コンピュータ11A,11B,11C,12とそれらリムーバブルディスクとの間で各種データを交換することができる。 The business computers 11A, 11B, and 11C and the management computer 12 are connected to input devices such as a keyboard and a mouse, and output devices such as displays 16 and 17 and printers 18 and 19 via an interface (wired or wireless). Yes. Existing removable disks such as memory sticks, IC recorders, PDAs, and mobile phones can be detachably connected to the computers 11A, 11B, 11C, and 12, and the computers 11A, 11B, 11C, and 12 Various data can be exchanged between them.
 各業務用コンピュータ11A,11B,11Cのメモリには、ユーザレベルにおいて実行可能な操作をそれらコンピュータ11A,11B,11Cが実行した場合のユーザレベル操作履歴を監視サーバ13に取得させるユーザレベル操作履歴取得アプリケーション(エージェントアプリケーション)がインストールされている。業務用コンピュータ11A,11B,11Cは、オペレーティングシステムによる制御に基づいて、メモリに格納されたユーザレベル操作履歴取得アプリケーションを起動し、そのアプリケーションに従ってユーザレベル操作履歴を監視サーバ13に出力する。 User level operation history acquisition that causes the monitoring server 13 to acquire user level operation history when the computers 11A, 11B, and 11C execute operations that can be executed at the user level is stored in the memory of each business computer 11A, 11B, and 11C. An application (agent application) is installed. The business computers 11A, 11B, and 11C start a user level operation history acquisition application stored in the memory based on control by the operating system, and output the user level operation history to the monitoring server 13 according to the application.
 ユーザレベル操作履歴取得アプリケーションは、業務用コンピュータ11A,11B,11Cの可視不能なスタートアップレジストリに登録されている。ゆえに、それら業務用コンピュータ11A,11B,11Cにおいてユーザレベル操作履歴取得アプリケーションをディスプレイ16に表示させることはできず(不可視)、ユーザレベル操作履歴取得アプリケーションの内容を確認(視認)することはできない。それら業務用コンピュータ11A,11B,11Cでは、ユーザレベル操作履歴取得アプリケーションの起動チェックボックスをディスプレイ16に表示させることはできず、したがって、そのチェックボックスのチェックを外すことで、コンピュータ11A,11B,11Cの起動時にユーザレベル操作履歴取得アプリケーションを起動させなくすることはできない。 The user level operation history acquisition application is registered in the invisible startup registry of the business computers 11A, 11B, and 11C. Therefore, the user level operation history acquisition application cannot be displayed on the display 16 in the business computers 11A, 11B, and 11C (invisible), and the contents of the user level operation history acquisition application cannot be confirmed (viewed). In these business computers 11A, 11B, and 11C, the activation check box of the user level operation history acquisition application cannot be displayed on the display 16. Therefore, by removing the check box, the computers 11A, 11B, and 11C It is not possible to prevent the user level operation history acquisition application from being activated at the time of activation.
 ユーザレベルにおいて実行可能な操作には、ネットワーク15におけるそれら業務用コンピュータ11A,11B,11Cの操作許可時間内の使用操作、ネットワーク15におけるそれらコンピュータ11A,11B,11Cの操作許可時間外の使用操作、ネットワーク15以外の外部環境におけるそれらコンピュータ11A,11B,11Cの使用操作、それらコンピュータ11A,11B,11Cの許可アプリケーションの使用操作、それらコンピュータ11A,11B,11Cの各種アプリケーションのインストール操作、それらコンピュータ11A,11B,11Cの各種アプリケーションのアンインストール操作がある。 The operations that can be performed at the user level include use operations within the operation permission time of the business computers 11A, 11B, and 11C in the network 15, use operations outside the operation permission time of the computers 11A, 11B, and 11C in the network 15, Use operation of the computers 11A, 11B, and 11C in an external environment other than the network 15, use operation of permitted applications of the computers 11A, 11B, and 11C, installation operation of various applications of the computers 11A, 11B, and 11C, the computers 11A, There is an uninstall operation for various applications of 11B and 11C.
 ユーザレベル操作履歴には、ネットワーク15におけるそれら業務用コンピュータ11A,11B,11Cの操作許可時間内の使用操作履歴、ネットワーク15におけるそれらコンピュータ11A,11B,11Cの操作許可時間外の使用操作履歴、ネットワーク15以外の外部環境におけるそれらコンピュータ11A,11B,11Cの使用操作履歴、それらコンピュータ11A,11B,11Cの許可アプリケーションの使用操作履歴、それらコンピュータ11A,11B,11Cの各種アプリケーションのインストール操作履歴、それらコンピュータ11A,11B,11Cの各種アプリケーションのアンインストール操作履歴がある。 The user level operation history includes the use operation history within the operation permission time of the business computers 11A, 11B, and 11C in the network 15, the use operation history outside the operation permission time of the computers 11A, 11B, and 11C in the network 15, the network Use operation history of the computers 11A, 11B, and 11C in an external environment other than 15, use operation history of permitted applications of the computers 11A, 11B, and 11C, installation operation history of various applications of the computers 11A, 11B, and 11C, and the computers There is an uninstall operation history of various applications 11A, 11B, and 11C.
 各業務用コンピュータ11A,11B,11Cのメモリには、システムレベルにおいて実行可能な操作をそれらコンピュータ11A,11B,11Cが実行した場合のシステムレベル操作履歴を監視サーバ13に取得させるシステムレベル操作履歴取得アプリケーション(エージェントアプリケーション)がインストールされている。業務用コンピュータ11A,11B,11Cは、オペレーティングシステムによる制御に基づいて、メモリに格納されたシステムレベル操作履歴取得アプリケーションを起動し、アプリケーションに従ってシステムレベル操作履歴を監視サーバ13に出力する。 System level operation history acquisition that causes the monitoring server 13 to acquire a system level operation history when the computers 11A, 11B, and 11C execute operations that can be executed at the system level is stored in the memory of each business computer 11A, 11B, and 11C. An application (agent application) is installed. The business computers 11A, 11B, and 11C start a system level operation history acquisition application stored in the memory based on the control by the operating system, and output the system level operation history to the monitoring server 13 according to the application.
 システムレベル操作履歴取得アプリケーションは、業務用コンピュータ11A,11B,11Cの可視困難なタスクに登録されている。ゆえに、それら業務用コンピュータ11A,11B,11Cにおいてシステムレベル操作履歴取得アプリケーションをディスプレイ16に表示させることは困難であり(可視困難)、システムレベル操作履歴取得アプリケーションの内容を確認(視認)することが難しい。それら業務用コンピュータ11A,11B,11Cでは、システムレベル操作履歴取得アプリケーションの起動チェックボックスをディスプレイ16に表示させることが困難であり、したがって、そのチェックボックスのチェックを外すことで、コンピュータ11A,11B,11Cの起動時にシステムレベル操作履歴取得アプリケーションを起動させなくすることはできない。 The system level operation history acquisition application is registered in a task that is difficult to see on the business computers 11A, 11B, and 11C. Therefore, it is difficult to display the system level operation history acquisition application on the display 16 in these business computers 11A, 11B, and 11C (it is difficult to see), and it is possible to confirm (view) the contents of the system level operation history acquisition application. difficult. In these business computers 11A, 11B, and 11C, it is difficult to display the startup check box of the system level operation history acquisition application on the display 16. Therefore, by unchecking the check box, the computers 11A, 11B, The system level operation history acquisition application cannot be disabled when 11C is started.
 システムレベルにおいて実行可能な操作には、それら業務用コンピュータ11A,11B,11Cの起動・終了操作、それらコンピュータ11A,11B,11Cにおける印刷操作、それらコンピュータ11A,11B,11Cにおいて使用するファイルへのアクセス操作がある。システムレベル操作履歴には、それらコンピュータ11A,11B,11Cの起動・終了操作履歴、それらコンピュータ11A,11B,11Cにおける印刷操作履歴、それらコンピュータ11A,11B,11Cにおいて使用するファイルへのアクセス操作履歴、それらコンピュータ11A,11B,11Cのうちのデータ印刷が禁止されたコンピュータ11A,11B,11Cにおける印刷操作履歴、それらコンピュータ11A,11B,11Cのうちのデータ持ち出しが禁止されたコンピュータ11A,11B,11Cにおけるデータ持ち出し操作履歴、それらコンピュータ11A,11B,11Cにおける可動禁止アプリケーションの起動操作履歴がある。 The operations that can be performed at the system level include start / end operations of the business computers 11A, 11B, and 11C, printing operations on the computers 11A, 11B, and 11C, and access to files used on the computers 11A, 11B, and 11C. There is an operation. The system level operation history includes start / end operation histories of the computers 11A, 11B, and 11C, print operation histories in the computers 11A, 11B, and 11C, access operation histories to files used in the computers 11A, 11B, and 11C, Of these computers 11A, 11B, and 11C, the printing operation history in the computers 11A, 11B, and 11C in which data printing is prohibited, and in the computers 11A, 11B, and 11C in which data take-out among these computers 11A, 11B, and 11C is prohibited There are data take-out operation histories and activation operation histories of the movable prohibited applications in the computers 11A, 11B, and 11C.
 監視サーバ13は、中央処理部とメモリとを有するコンピュータであり、大容量ハードディスクが搭載されている。監視サーバ13には、ユーザレベル操作履歴取得アプリケーション(エージェントアプリケーション)とシステムレベル操作履歴取得アプリケーション(エージェントアプリケーション)とがインストールされている。監視サーバ13は、オペレーティングシステムによる制御に基づいて、メモリの命令ファイルに格納されたそれらアプリケーションを起動し、アプリケーションに従って後記する各手段を実行する。 The monitoring server 13 is a computer having a central processing unit and a memory, and is equipped with a large-capacity hard disk. The monitoring server 13 is installed with a user level operation history acquisition application (agent application) and a system level operation history acquisition application (agent application). Based on the control by the operating system, the monitoring server 13 activates those applications stored in the instruction file in the memory, and executes each means described later according to the applications.
 図2は、業務用コンピュータ11A,11B,11Cや管理用コンピュータ12のディスプレイ16,17に表示される認証手続の表示画面の図である。監視サーバ13は、業務用コンピュータ11A,11B,11Cや管理用コンピュータ12の起動時におけるそれらコンピュータ11A,11B,11C,12の認証を行う。認証では、それらコンピュータ11A,11B,11C,12をこのネットワーク15にログインさせ、ネットワーク15においてコンピュータ11A,11B,11C,12を使用可能にするか否かを判断する。監視サーバ13が行う認証方式は、パスワード認証であるが、パスワード認証の他に、指紋認証や声紋認証、網膜認証、ICカード認証を行うこともできる。なお、パスワード認証としては、ワンタイムパスワードを採用することもできる。それらコンピュータ11A,11B,11C,12を起動させると、ディスプレイ16,17には、図2に示すように、ユーザ名の入力エリアとパスワードの入力エリアとが表示される。社員や管理責任者は、それら入力エリアにユーザ名とパスワードとを入力する。 FIG. 2 is a diagram of a display screen of the authentication procedure displayed on the business computers 11A, 11B, 11C and the displays 16, 17 of the management computer 12. The monitoring server 13 authenticates the computers 11A, 11B, 11C, and 12 when the business computers 11A, 11B, and 11C and the management computer 12 are activated. In the authentication, the computers 11A, 11B, 11C, and 12 are logged into the network 15, and it is determined whether or not the computers 11A, 11B, 11C, and 12 can be used in the network 15. Although the authentication method performed by the monitoring server 13 is password authentication, fingerprint authentication, voiceprint authentication, retina authentication, and IC card authentication can also be performed in addition to password authentication. As the password authentication, a one-time password can be adopted. When the computers 11A, 11B, 11C, and 12 are started up, as shown in FIG. 2, a user name input area and a password input area are displayed on the displays 16 and 17. Employees and managers enter user names and passwords in these input areas.
 監視サーバ13は、入力されたユーザ名およびパスワードをメモリに格納されたそれらと比較し、ユーザ名およびパスワードの正誤を判断する。ユーザ名およびパスワードが正しく認証結果が可である場合、監視サーバは、それらコンピュータ11A,11B,11C,12をネットワーク15にログインさせる。ユーザ名やパスワードが誤っていて認証結果が不可である場合、監視サーバ13は、それらコンピュータ11A,11B,11C,12のネットワーク15へのログインを禁止し、ログイン不可メッセージをコンピュータ11A,11B,11C,12のディスプレイ16,17に表示させる。このシステム10は、監視サーバ13が業務用コンピータ11A,11B,11Cや管理用コンピュータ12の起動時においてそれらコンピュータ11A,11B,11C,12の認証を行い、認証情報が正しくない場合、それらコンピュータ11A,11B,11C,12のネットワーク15へのログインを不可とするから、認証情報の改竄や認証情報の流用によるネットワーク15への不正進入を防ぐことができる。 The monitoring server 13 compares the input user name and password with those stored in the memory, and determines whether the user name and password are correct or incorrect. If the user name and password are correct and the authentication result is valid, the monitoring server logs the computers 11A, 11B, 11C, and 12 into the network 15. If the user name or password is incorrect and the authentication result is impossible, the monitoring server 13 prohibits the login of the computers 11A, 11B, 11C, and 12 to the network 15 and displays a login failure message as the computers 11A, 11B, and 11C. , 12 are displayed on the displays 16 and 17. In this system 10, the monitoring server 13 authenticates the computers 11A, 11B, 11C, and 12 when the business computers 11A, 11B, and 11C and the management computer 12 are started up. , 11B, 11C, and 12 cannot be logged into the network 15, so that unauthorized entry into the network 15 due to falsification of authentication information or diversion of authentication information can be prevented.
 図3,4は、起動・終了操作履歴、操作許可時間内の使用操作履歴、許可アプリケーションの使用操作履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間の使用履歴を示す。なお、図3,4では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、操作許可時間内における業務用コンピュータ11A,11B,11Cの起動および終了を時系列に監視する。監視サーバ13は、そのタイマ機能によって業務用コンピュータ11A,11B,11Cの使用が操作許可時間内かまたは操作許可時間外かを判断し、操作許可時間内にコンピュータ11A,11B,11Cが起動すると、操作許可時間内の使用と判断する。監視サーバ13は、業務用コンピュータ11A,11B,11Cが操作許可時間内にその電源をONにすると、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、そのコンピュータ11A,11B,11Cの起動日時をハードディスクに格納する(起動操作履歴取得手段)。また、コンピュータ11A,11B,11Cがその電源をOFFにすると、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、そのコンピュータ11A,11B,11Cの終了日時をハードディスクに格納する(終了操作履歴取得手段)。 3 and 4 are diagrams showing examples of start / end operation histories, use operation histories within the operation permission time, and use operation histories of permitted applications, and show weekly use histories of the business computers 11A, 11B, and 11C. . 3 and 4, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the activation and termination of the business computers 11A, 11B, and 11C within the operation permission time in time series. The monitoring server 13 determines whether the use of the business computers 11A, 11B, and 11C is within the operation permission time or outside the operation permission time by the timer function, and when the computers 11A, 11B, and 11C are activated within the operation permission time, Judged to be used within the operation permission time. When the business computer 11A, 11B, 11C is turned on within the operation permission time, the monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.), the computer The activation date / time of 11A, 11B, 11C is stored in the hard disk (activation operation history acquisition means). When the computers 11A, 11B, and 11C are turned off, the identification numbers (computer names, IP addresses, MAC addresses, etc.) of the computers 11A, 11B, and 11C, and the end dates and times of the computers 11A, 11B, and 11C are stored on the hard disk. (End operation history acquisition means).
 監視サーバ13は、ネットワーク15にログインした業務用コンピュータ11A,11B,11Cの使用操作状況や許可アプリケーションの使用操作状況を時系列に監視する。業務用コンピュータ11A,11B,11Cが使用されると、その使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。また、インストールされたアプリケーションを起動し、業務用コンピュータ11A,11B,11Cがそのアプリケーションを使用すると、そのアプリケーションの使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された使用操作履歴とアプリケーションの使用操作履歴とを時系列に取得し、取得したそれら使用操作履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12からそれら履歴の出力要求があると、ハードディスクに格納した起動・終了操作履歴や使用操作履歴を管理用コンピュータ12のディスプレイ17に表示させ、それら履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 The monitoring server 13 monitors the usage operation status of the business computers 11A, 11B, and 11C logged into the network 15 and the usage operation status of the permitted application in time series. When the business computers 11A, 11B, and 11C are used, the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13. When the installed application is activated and the business computers 11A, 11B, and 11C use the application, use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13. The monitoring server 13 acquires the usage operation history and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation history acquisition unit). When there is a request to output these histories from the management computer 12, the monitoring server 13 displays the start / end operation history and use operation history stored in the hard disk on the display 17 of the management computer 12, and these histories are displayed on the management computer 12. 12 is output from the printer 19 connected to 12 (operation history output means). The monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から操作許可時間内の操作履歴表示を選択するとともに、期間を指定すると、図3に示すように、操作許可時間内の指定した期間における各操作履歴データがディスプレイ17に表示される。図3には、操作許可時間内の使用操作履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアに業務用コンピュータ名、MACアドレス表示エリアにMACアドレス、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、初起動時間表示エリアに初起動時間、最終終了時間表示エリアに最終終了時間、操作回数表示エリアに業務用コンピュータ11A,11B,11Cの操作回数が表示されている。 When the operation history display within the operation permission time is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is specified, the operation permission is shown as shown in FIG. Each operation history data in a specified period of time is displayed on the display 17. FIG. 3 shows the use operation history data within the operation permitted time, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, the work address in the work group / domain display area. In the group / domain, the initial startup time is displayed in the initial startup time display area, the final end time is displayed in the final end time display area, and the number of operations of the business computers 11A, 11B, and 11C is displayed in the operation count display area.
 図3の画面において下線部分に表示されるコンピュータ名を選択すると、図4に示すように、選択したコンピュータの操作許可時間内の使用操作履歴の詳細がディスプレイ17に表示される。図4には、操作許可時間内の操作履歴の詳細として、月日表示エリアに操作月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、電源ON/OFF表示エリアに電源ON/OFF記録、ユーザ名表示エリアにユーザ名(業務用コンピュータ11A,11B,11Cを管理する社員名)、開始日時表示エリアに開始日時(アプリケーションの使用開始日時)、終了日時表示エリアに終了日時(アプリケーションの使用終了日時)、操作時間表示エリアに操作時間(アプリケーションの使用時間)、アプリケーション名表示エリアにアプリケーション名(使用したアプリケーション名)、操作ウインドウ名表示エリアに操作ウインドウ名(使用したアプリケーションの操作ウインドウ名)が表示されている。管理責任者は、図3,4の使用操作履歴をプリンタ19から出力することができる。 3. When the computer name displayed in the underlined portion on the screen of FIG. 3 is selected, the details of the use operation history within the operation permission time of the selected computer are displayed on the display 17 as shown in FIG. FIG. 4 shows the details of the operation history within the operation permission time as operation month / day in the month / day display area, business computer name in the computer name display area, work group / domain / IP address display in the work group / domain display area. The IP address is displayed in the area, and the MAC address is displayed in the MAC address display area. In addition, the power ON / OFF display area has a power ON / OFF record, the user name display area has a user name (the name of an employee who manages the business computers 11A, 11B, and 11C), and the start date / time display area has a start date / time (application use start) Date / time), end date / time in the end date / time display area (application use end date / time), operation time in the operation time display area (application usage time), application name (used application name), operation window name in the application name display area The operation window name (the operation window name of the application used) is displayed in the area. The manager in charge can output the use operation history shown in FIGS.
 このシステム10は、監視サーバ13が業務用コンピュータ11A,11B,11Cの起動・終了操作履歴を時系列に収集するから、管理責任者が監視サーバ13を利用してそのコンピュータ11A,11B,11Cにおける起動・終了状況やネットワーク15へのログイン状況を把握することができ、各コンピュータ11A,11B,11Cのネットワーク15へのログイン状況を監視することができる。このシステム10は、監視サーバ13が業務用コンピュータ11A,11B,11Cの操作許可時間内における使用操作履歴やアプリケーションの使用操作履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して各業務用コンピュータ11A,11B,11Cにおける操作許可時間内の使用状況やアプリケーションの使用状況を把握することができ、コンピュータ11A,11B,11Cの操作許可時間内の使用やアプリケーションの使用を監視することができるとともに、アプリケーションの無制限の使用を規制することができる。 In this system 10, since the monitoring server 13 collects the start / end operation histories of the business computers 11A, 11B, and 11C in time series, the manager in charge uses the monitoring server 13 in the computers 11A, 11B, and 11C. The startup / end status and the login status to the network 15 can be grasped, and the login status to the network 15 of each computer 11A, 11B, 11C can be monitored. In this system 10, since the monitoring server 13 collects the use operation history and the use operation history of the application within the operation permission time of the business computers 11A, 11B, and 11C in time series, the manager in charge uses the monitoring server 13. Thus, it is possible to grasp the usage status within the operation permission time and the usage status of the application in each of the business computers 11A, 11B, 11C, and monitor the use within the operation permission time and the use of the application of the computers 11A, 11B, 11C. As well as restricting unlimited use of the application.
 図5,6は、操作許可時間外の使用操作履歴、許可アプリケーションの操作許可時間外の使用操作履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間の使用履歴を示す。なお、図5,6では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、操作許可時間外にネットワーク15にログインした業務用コンピュータ11A,11B,11Cの使用操作状況や許可アプリケーションの操作許可時間外における使用操作状況を時系列に監視する。監視サーバ13は、そのタイマ機能によって業務用コンピュータ11A,11B,11Cの使用が操作許可時間内かまたは操作許可時間外かを判断し、操作許可時間を経過した後にコンピュータ11A,11B,11Cが起動すると、操作許可時間外の使用と判断する。監視サーバ13は、業務用コンピュータ11A,11B,11Cが操作許可時間外にその電源をONにすると、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、そのコンピュータ11A,11B,11Cの起動日時をハードディスクに格納する。なお、コンピュータ11A,11B,11Cのネットワーク15へのログイン時における認証手続は、操作許可時間内におけるコンピュータ11A,11B,11Cの起動時のそれと同一である。 FIGS. 5 and 6 are diagrams showing examples of the use operation history outside the operation permission time and the use operation history outside the operation permission time of the permitted application, and show the weekly use history of the business computers 11A, 11B, and 11C. In FIGS. 5 and 6, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the usage operation status of the business computers 11A, 11B, and 11C logged into the network 15 outside the operation permission time and the use operation status outside the operation permission time of the permitted application in time series. The monitoring server 13 determines whether the use of the business computers 11A, 11B, and 11C is within the operation permission time or outside the operation permission time by the timer function, and the computers 11A, 11B, and 11C are activated after the operation permission time has elapsed. Then, it is determined that it is used outside the operation permission time. When the business computer 11A, 11B, 11C is turned on outside the operation permission time, the monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.), the computer The start date and time of 11A, 11B, and 11C are stored in the hard disk. The authentication procedure when the computers 11A, 11B, and 11C log in to the network 15 is the same as that when the computers 11A, 11B, and 11C are activated within the operation permission time.
 操作許可時間外において業務用コンピュータ11A,11B,11Cが使用されると、その使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。また、インストールされたアプリケーションを起動し、操作許可時間外に業務用コンピュータ11A,11B,11Cがそのアプリケーションを使用すると、そのアプリケーションの使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された操作許可時間外の使用操作履歴とアプリケーションの使用操作履歴とを時系列に取得し、取得したそれら使用操作履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12からそれら履歴の出力要求があると、ハードディスクに格納した操作許可時間外における使用操作履歴を管理用コンピュータ12のディスプレイ17に表示させ、それら履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When the business computers 11A, 11B, and 11C are used outside the operation permission time, the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13. When the installed application is activated and the business computers 11A, 11B, and 11C use the application outside the operation permission time, the use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13. The The monitoring server 13 acquires the usage operation history outside the operation permission time and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation History acquisition means). When there is a request to output these histories from the management computer 12, the monitoring server 13 displays the use operation history stored outside the operation permission time stored in the hard disk on the display 17 of the management computer 12, and these histories are displayed on the management computer 12. Is output from the printer 19 connected to the (operation history output means). The monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ13のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から操作許可時間外の操作履歴表示を選択するとともに、期間を指定すると、図5に示すように、操作許可時間外の指定した期間における各操作履歴データがディスプレイ17に表示されている。図5には、操作許可時間外の使用操作履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアに業務用コンピュータ名、MACアドレス表示エリアにMACアドレス、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名、使用回数表示エリアに操作許可時間外における使用回数が表示されている。 When the operation history display outside the operation permission time is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 13 and the period is designated, as shown in FIG. Each operation history data in a specified period outside the time is displayed on the display 17. FIG. 5 shows the operation history data outside the operation permission time, the period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, the work address in the work group / domain display area. The user name is displayed in the group / domain, user name display area, and the usage count is displayed in the usage count display area.
 図5の画面において下線部分に表示されるコンピュータ名を選択すると、図6に示すように、選択したコンピュータ11A,11B,11Cの操作許可時間外の使用操作履歴の詳細がディスプレイ17に表示される。図6には、操作許可時間外の操作履歴の詳細として、月日表示エリアに操作月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示される。さらに、ユーザ名表示エリアにユーザ名(業務用コンピュータ11A,11B,11Cを管理する社員名)、開始日時表示エリアに開始日時(アプリケーションの使用開始日時)、終了日時表示エリアに終了日時(アプリケーションの使用終了日時)、操作時間表示エリアに操作時間(アプリケーションの使用時間)、アプリケーション名表示エリアにアプリケーション名(使用したアプリケーション名)、操作ウインドウ名表示エリアに操作ウインドウ名(使用したアプリケーションの操作ウインドウ名)が表示されている。管理責任者は、図5,6の使用操作履歴をプリンタ19から出力することができる。 When the computer name displayed in the underlined portion on the screen of FIG. 5 is selected, as shown in FIG. 6, details of the use operation history outside the operation permission time of the selected computers 11A, 11B, and 11C are displayed on the display 17. . FIG. 6 shows the operation history outside the operation permission time as the operation date in the month / day display area, the computer name in the computer name display area, and the work group / domain / IP address in the work group / domain display area. The IP address is displayed in the area, and the MAC address is displayed in the MAC address display area. Furthermore, the user name (employee name managing the computers 11A, 11B, and 11C) is displayed in the user name display area, the start date and time (application use start date and time) in the start date and time display area, and the end date and time (application date and time in the end date and time display area). End date / time), operation time in the operation time display area (application usage time), application name in the application name display area (application name used), operation window name in the operation window name display area (operation window name of the application used) ) Is displayed. The manager in charge can output the use operation history shown in FIGS.
 このシステム10は、監視サーバ13が業務用コンピュータ11A,11B,11Cの操作許可時間外における使用操作履歴やアプリケーションの使用操作履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して各業務用コンピュータ11A,11B,11Cにおける操作許可時間外の使用状況やアプリケーションの使用状況を把握することができ、コンピュータ11A,11B,11Cの操作許可時間外の使用やアプリケーションの使用を監視することができるとともに、操作許可時間外のコンピュータ11A,11B,11Cの使用を規制することができる。 In this system 10, since the monitoring server 13 collects the use operation history and the use operation history of the application outside the operation permission time of the business computers 11A, 11B, and 11C in time series, the manager in charge uses the monitoring server 13. Thus, it is possible to grasp the usage status outside the operation permission time and the usage status of the application in each of the business computers 11A, 11B, and 11C, and monitor the usage outside the operation permission time and the use of the application of the computers 11A, 11B, and 11C. In addition, the use of the computers 11A, 11B, and 11C outside the operation permission time can be restricted.
 図7,8は、ネットワーク15以外の外部環境におけるそれらコンピュータ11A,11B,11Cの使用操作履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間の外部使用履歴を示す。なお、図7,8では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、業務用コンピュータ11A,11B,11Cのネットワーク15以外の外部環境での使用操作状況や許可アプリケーションの使用操作状況を時系列に監視する。業務用コンピュータ11A,11B,11Cは、それを特定する識別番号(コンピュータ名、IPアドレス、MACアドレス等)を一定の時間間隔(3分間隔や5分間隔等)で監視サーバ13に出力する。監視サーバ13は、コンピュータ11A,11B,11Cから等間隔で出力された識別番号が1回でも中断すると、そのコンピュータ11A,11B,11Cがネットワーク15から離脱したと判断し、そのコンピュータ11A,11B,11Cから一定の時間間隔で再び識別番号が出力されると、そのコンピュータ11A,11B,11Cが再びネットワーク15に接続されたと判断し、そのコンピュータ11A,11B,11Cが外部環境で使用されたと判断する。 FIGS. 7 and 8 are diagrams showing examples of use operation histories of the computers 11A, 11B, and 11C in an external environment other than the network 15, and show weekly external use histories of the business computers 11A, 11B, and 11C. In FIGS. 7 and 8, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the usage operation status in the external environment other than the network 15 of the business computers 11A, 11B, and 11C and the usage operation status of the permitted application in time series. The business computers 11A, 11B, and 11C output identification numbers (computer names, IP addresses, MAC addresses, etc.) that identify them to the monitoring server 13 at regular time intervals (3-minute intervals, 5-minute intervals, etc.). The monitoring server 13 determines that the computers 11A, 11B, and 11C have left the network 15 when the identification numbers output from the computers 11A, 11B, and 11C at an equal interval are interrupted even once, and the computers 11A, 11B, and 11C When the identification number is output again at a predetermined time interval from 11C, it is determined that the computers 11A, 11B, and 11C are connected to the network 15 again, and it is determined that the computers 11A, 11B, and 11C are used in the external environment. .
 監視サーバ13は、コンピュータ11A,11B,11Cが外部環境で使用されたと判断すると、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、そのコンピュータ11A,11B,11Cの外部環境での使用日時をハードディスクに格納する。なお、コンピュータ11A,11B,11Cのネットワーク15へのログイン時における認証手続は、操作許可時間内におけるコンピュータ11A,11B,11Cの起動時のそれと同一である。 When the monitoring server 13 determines that the computers 11A, 11B, and 11C are used in the external environment, the identification number (computer name, IP address, MAC address, etc.) of the computers 11A, 11B, and 11C, and the computers 11A, 11B, and 11C Store the date and time of use in the external environment on the hard disk. The authentication procedure when the computers 11A, 11B, and 11C log in to the network 15 is the same as that when the computers 11A, 11B, and 11C are activated within the operation permission time.
 外部環境において業務用コンピュータ11A,11B,11Cが使用されると、その使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。また、インストールされたアプリケーションを起動し、外部環境において業務用コンピュータ11A,11B,11Cがそのアプリケーションを使用すると、そのアプリケーションの使用操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された外部環境における使用操作履歴とアプリケーションの使用操作履歴とを時系列に取得し、取得したそれら使用操作履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12からそれら履歴の出力要求があると、ハードディスクに格納した外部環境における使用操作履歴を管理用コンピュータ12のディスプレイ17に表示させ、それら履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When the business computers 11A, 11B, and 11C are used in the external environment, the use operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13. When the installed application is activated and the business computers 11A, 11B, and 11C use the application in the external environment, the use operation history of the application is output from the computers 11A, 11B, and 11C to the monitoring server 13. The monitoring server 13 acquires the usage operation history in the external environment and the usage operation history of the application output from the computers 11A, 11B, and 11C in time series, and stores the acquired usage operation history in the hard disk (operation history acquisition). means). When there is a request to output the history from the management computer 12, the monitoring server 13 displays the use operation history in the external environment stored in the hard disk on the display 17 of the management computer 12 and connects the history to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can divide and output each history into a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から外部の操作履歴表示を選択するとともに、期間を指定すると、図7に示すように、外部環境における指定した期間の各操作履歴データがディスプレイ17に表示される。図7には、外部環境の使用操作履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアに業務用コンピュータ名、MACアドレス表示エリアにMACアドレス、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(外部環境で使用されたコンピュータ11A,11B,11Cを管理する社員名)、使用回数表示エリアに外部環境における使用回数が表示されている。 When an external operation history display is selected from a report item on a report display screen (not shown) displayed on the display 17 of the management computer 12 and a period is specified, as shown in FIG. Each operation history data for the period is displayed on the display 17. FIG. 7 shows the operation history data of the external environment as a period specified in the period display area, the computer name in the computer name display area, the MAC address in the MAC address display area, and the work group / domain display area in the work group / domain display area. The user name (employee name managing the computers 11A, 11B, and 11C used in the external environment) is displayed in the domain / user name display area, and the use count in the external environment is displayed in the use count display area.
 図7の画面において下線部分に表示されるコンピュータ名を選択すると、図8に示すように、選択したコンピュータ11A,11B,11Cの外部環境における使用操作履歴の詳細がディスプレイ17に表示される。図7には、外部環境における操作履歴の詳細として、月日表示エリアに操作月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、外部使用開始時刻表示エリアに外部使用開始時刻、外部使用終了時刻表示エリアに外部使用終了時刻、ユーザ名表示エリアにユーザ名、アプリケーション使用開始時刻表示エリアにアプリケーション使用開始時刻、アプリケーション使用終了時刻表示エリアにアプリケーション使用終了時刻、アプリケーション操作時間表示エリアにアプリケーション操作時間、アプリケーション名表示エリアにアプリケーション名(外部使用の際に使用されたアプリケーション名)、操作ウインドウ名表示エリアに操作ウインドウ名(外部使用の際に使用されたアプリケーションの操作ウインドウ名)が表示されている。管理責任者は、図7,8の使用操作履歴をプリンタ19から出力することができる。 When the computer name displayed in the underlined portion in the screen of FIG. 7 is selected, the details of the usage operation history in the external environment of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG. FIG. 7 shows the details of the operation history in the external environment as the operation date in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area. The MAC address is displayed in the IP address / MAC address display area. Furthermore, the external use start time is displayed in the external use start time display area, the external use end time is displayed in the external use end time display area, the user name is displayed in the user name display area, the application use start time is displayed in the application use start time display area, and the application use end time is displayed. Application use end time in the display area, application operation time in the application operation display area, application name in the application name display area (application name used for external use), operation window name in the operation window name display area (external use) The name of the operation window of the application used at the time is displayed. The manager in charge can output the use operation history shown in FIGS.
 このシステム10は、監視サーバ13が業務用コンピュータ11A,11B,11Cのネットワーク15以外の外部環境における使用操作履歴やアプリケーションの使用操作履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して各業務用コンピュータ11A,11B,11Cにおける外部での使用状況やアプリケーションの使用状況を把握することができ、外部環境において使用されたコンピュータ11A,11B,11Cを特定することができる。このシステム10は、コンピュータ11A,11B,11Cの外部環境での使用やアプリケーションの使用を監視することができ、外部環境でのコンピュータ11A,11B,11Cの使用を規制することができるから、社員によるデータの無断持ち出しやデータの改竄、データの破壊等の不正行為を規制することができる。 In this system 10, since the monitoring server 13 collects the use operation history and the use operation history of the application in the external environment other than the network 15 of the business computers 11A, 11B, and 11C in time series, the manager of the management uses the monitoring server 13. It is possible to grasp the external usage status and application usage status of each of the business computers 11A, 11B, and 11C, and specify the computers 11A, 11B, and 11C used in the external environment. The system 10 can monitor the use of the computers 11A, 11B, and 11C in the external environment and the use of applications, and can regulate the use of the computers 11A, 11B, and 11C in the external environment. Unauthorized actions such as unauthorized removal of data, alteration of data, and destruction of data can be regulated.
 図9は、アプリケーションのインストール操作履歴の一例を示す図であり、図10は、インストールされたアプリケーションの内容を示す図である。図9,10では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、業務用コンピュータ11A,11B,11Cへのアプリケーションのインストールを時系列に監視する。監視サーバ13は、各種アプリケーションが業務用コンピュータ11A,11B,11Cにインストールされた場合、そのインストール履歴をコンピュータ11A,11B,11Cから取得し、取得したインストール履歴をハードディスクに格納する(インストール履歴取得手段)。監視サーバ13は、管理用コンピュータ12からインストール履歴の出力要求があると、ハードディスクに格納したインストール履歴を管理用コンピュータ12のディスプレイ17に表示させ、インストール履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(インストール履歴出力手段)。監視サーバ13は、インストール履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 FIG. 9 is a diagram showing an example of an application installation operation history, and FIG. 10 is a diagram showing the contents of the installed application. In FIGS. 9 and 10, the display of specific names, numerical values, and the like of each item is omitted. The monitoring server 13 monitors application installation on the business computers 11A, 11B, and 11C in time series. When various applications are installed in the business computers 11A, 11B, and 11C, the monitoring server 13 acquires the installation history from the computers 11A, 11B, and 11C, and stores the acquired installation history in the hard disk (installation history acquisition unit) ). When the monitoring server 13 receives an installation history output request from the management computer 12, the monitoring server 13 displays the installation history stored in the hard disk on the display 17 of the management computer 12, and the installation history is displayed on the printer 19 connected to the management computer 12. (Installation history output means). The monitoring server 13 can output the installation history by dividing it into a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目からインストール履歴表示を選択するとともに、期間を指定すると、図9に示すように、業務用コンピュータ11A,11B,11Cにおけるアプリケーションのインストール履歴データがディスプレイ17に表示される。図9には、コンピュータ名表示エリアにコンピュータ名(アプリケーションをインストールしたコンピュータ名)、日付表示エリアに日付(インストール日時)、アプリケーション名表示エリアにアプリケーション名(インストールしたアプリケーション名)が表示されている。 When the installation history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is specified, as shown in FIG. 9, the business computers 11A, 11B, The installation history data of the application in 11C is displayed on the display 17. In FIG. 9, a computer name (computer name on which an application is installed) is displayed in the computer name display area, a date (installation date and time) is displayed in the date display area, and an application name (installed application name) is displayed in the application name display area.
 管理用コンピュータ12は、コンピュータ11A,11B,11Cにインストールされたアプリケーション内容の出力を監視サーバ13に要求することができる。インストールされたアプリケーションの内容の出力要求があると、監視サーバ13は、そのアプリケーションの内容を管理用コンピュータ12のディスプレイ17に表示させ、そのアプリケーションの内容をコンピュータ12に接続されたプリンタ17から出力させる(インストールアプリケーション内容出力手段)。図9の画面においてアプリケーション名を反転させて内容表示をクリックすると、図10に示すように、コンピュータ名やアプリケーション名とともに、インストールされたアプリケーションの内容がアプリケーション内容表示エリアに表示される。アプリケーションの内容は、文書作成ソフト、表計算ソフト、翻訳ソフト、データベース構築ソフト、通信ソフト、セキュリティーソフト等のアプリケーションの概要である。このシステム10は、管理責任者が監視サーバ13を利用してコンピュータ11A,11B,11Cにおけるアプリケーションのインストール状況を把握することができるから、社員による不要なアプリケーションのインストール行為を規制することができる。 The management computer 12 can request the monitoring server 13 to output the contents of the application installed in the computers 11A, 11B, and 11C. When there is an output request for the contents of the installed application, the monitoring server 13 displays the contents of the application on the display 17 of the management computer 12 and outputs the contents of the application from the printer 17 connected to the computer 12. (Installed application content output means). When the application name is highlighted on the screen of FIG. 9 and the content display is clicked, the contents of the installed application are displayed in the application content display area together with the computer name and application name, as shown in FIG. The contents of the application are an outline of applications such as document creation software, spreadsheet software, translation software, database construction software, communication software, and security software. In this system 10, since the person in charge of management can grasp the installation status of applications in the computers 11 </ b> A, 11 </ b> B, and 11 </ b> C using the monitoring server 13, it is possible to regulate unnecessary application installation actions by employees.
 図11は、アプリケーションのアンインストール操作履歴の一例を示す図であり、図12は、アンインストールされたアプリケーションの内容を示す図である。図11,12では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、業務用コンピュータ11A,11B,11Cからのアプリケーションのアンインストールを時系列に監視する。監視サーバ13は、各種アプリケーションが業務用コンピュータ11A,11B,11Cからアンインストールされた場合、そのアンインストール履歴をコンピュータ11A,11B,11Cから取得し、取得したアンインストール履歴をハードディスクに格納する(アンインストール履歴取得手段)。監視サーバ13は、管理用コンピュータ12からアンインストール履歴の出力要求があると、ハードディスクに格納したアンインストール履歴を管理用コンピュータ12のディスプレイ17に表示させ、アンインストール履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(アンインストール履歴出力手段)。監視サーバ13は、アンインストール履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 FIG. 11 is a diagram showing an example of an application uninstall operation history, and FIG. 12 is a diagram showing the contents of the uninstalled application. In FIGS. 11 and 12, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the uninstall of applications from the business computers 11A, 11B, and 11C in time series. When various applications are uninstalled from the business computers 11A, 11B, and 11C, the monitoring server 13 acquires the uninstall history from the computers 11A, 11B, and 11C, and stores the acquired uninstall history in the hard disk (uninstallation). Installation history acquisition means). When there is a request to output the uninstall history from the management computer 12, the monitoring server 13 displays the uninstall history stored in the hard disk on the display 17 of the management computer 12, and the uninstall history is connected to the management computer 12. Output from the printer 19 (uninstallation history output means). The monitoring server 13 can output the uninstallation history in a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目からアンインストール履歴表示を選択するとともに、期間を指定すると、図11に示すように、業務用コンピュータ11A,11B,11Cにおけるアプリケーションのアンインストール履歴データがディスプレイ17に表示される。図11には、コンピュータ名表示エリアにコンピュータ名(アプリケーションをアンインストールしたコンピュータ名)、日付表示エリアに日付(アンインストール日時)、アプリケーション名表示エリアにアプリケーション名(アンインストールしたアプリケーション名)が表示されている。 When the uninstall history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is specified, as shown in FIG. 11, the business computers 11A and 11B , 11C, the application uninstall history data is displayed on the display 17. In FIG. 11, the computer name (computer name from which the application was uninstalled) is displayed in the computer name display area, the date (uninstallation date / time) is displayed in the date display area, and the application name (uninstalled application name) is displayed in the application name display area. ing.
 管理用コンピュータ12は、コンピュータ11A,11B,11Cからアンインストールされたアプリケーション内容の出力を監視サーバ13に要求することができる。アンインストールされたアプリケーションの内容の出力要求があると、監視サーバ13は、そのアプリケーションの内容を管理用コンピュータ12のディスプレイ17に表示させ、そのアプリケーションの内容をコンピュータ12に接続されたプリンタ17から出力させる(アンインストールアプリケーション内容出力手段)。図11の画面においてアプリケーション名を反転させて内容表示をクリックすると、図12に示すように、コンピュータ名やアプリケーション名とともに、アンインストールされたアプリケーションの内容がアプリケーション内容表示エリアに表示される。アプリケーションの内容は、文書作成ソフト、表計算ソフト、翻訳ソフト、データベース構築ソフト、通信ソフト、セキュリティーソフト等のアプリケーションの概要である。このシステム10は、管理責任者が監視サーバ13を利用してコンピュータ11A,11B,11Cにおけるアプリケーションのアンインストール状況を把握することができるから、社員によるアプリケーションの無許可アンインストール行為を規制することができる。 The management computer 12 can request the monitoring server 13 to output the contents of the application uninstalled from the computers 11A, 11B, and 11C. When there is a request to output the contents of the uninstalled application, the monitoring server 13 displays the contents of the application on the display 17 of the management computer 12 and outputs the contents of the application from the printer 17 connected to the computer 12. (Uninstall application contents output means) When the application name is highlighted and the content display is clicked on the screen of FIG. 11, the contents of the uninstalled application are displayed in the application content display area together with the computer name and application name, as shown in FIG. The contents of the application are an outline of applications such as document creation software, spreadsheet software, translation software, database construction software, communication software, and security software. In this system 10, since the person in charge of management can grasp the uninstallation status of applications in the computers 11 </ b> A, 11 </ b> B, and 11 </ b> C using the monitoring server 13, it is possible to restrict unauthorized uninstallation of applications by employees. it can.
 図13,14は、印刷操作履歴の一例を示す図であり、コンピュータ11A,11B,11Cの週間の印刷操作履歴を示す。なお、図13,14では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、ネットワーク15にログインした業務用コンピュータ11A,11B,11Cの印刷操作状況を時系列に監視する。監視サーバ13は、コンピュータ11A,11B,11Cがプリンタ18を介して所定のデータを印刷した場合、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、コンピュータ11A,11B,11Cの印刷操作日時をハードディスクに格納する。 13 and 14 are diagrams showing an example of the printing operation history, and show the weekly printing operation history of the computers 11A, 11B, and 11C. In FIGS. 13 and 14, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the printing operation status of the business computers 11A, 11B, and 11C logged into the network 15 in time series. When the computer 11A, 11B, or 11C prints predetermined data via the printer 18, the monitoring server 13 identifies the computer 11A, 11B, or 11C (computer name, IP address, MAC address, etc.), the computer 11A, The printing operation dates and times of 11B and 11C are stored in the hard disk.
 業務用コンピュータ11A,11B,11Cがプリンタ18によって所定のデータを印刷すると、その印刷操作履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された印刷操作履歴を時系列に取得し、取得したそれら印刷操作履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12から印刷操作履歴の出力要求があると、ハードディスクに格納した印刷操作履歴を管理用コンピュータ12のディスプレイ17に表示させ、印刷操作履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各印刷操作履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When the business computers 11A, 11B, and 11C print predetermined data by the printer 18, the print operation history is output from the computers 11A, 11B, and 11C to the monitoring server 13. The monitoring server 13 acquires the print operation histories output from the computers 11A, 11B, and 11C in time series, and stores the acquired print operation histories in the hard disk (operation history acquisition unit). When there is a print operation history output request from the management computer 12, the monitoring server 13 displays the print operation history stored in the hard disk on the display 17 of the management computer 12, and the print operation history is connected to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can divide and output each printing operation history by a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から印刷操作履歴表示を選択するとともに、期間を指定すると、図13に示すように、指定した期間の印刷操作履歴データがディスプレイ17に表示される。図13には、印刷操作履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアに業務用コンピュータ名(印刷操作を行ったコンピュータ名)、MACアドレス表示エリアにMACアドレス、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(印刷操作を行ったコンピュータ11A,11B,11Cを管理する社員名)、プリント総ページ数表示エリアにプリント総ページ数、プリント回数表示エリアにプリント回数が表示されている。 When printing operation history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and a period is designated, as shown in FIG. 13, the printing operation for the designated period is performed. History data is displayed on the display 17. FIG. 13 shows, as print operation history data, the period specified in the period display area, the computer name for business (the name of the computer that performed the print operation) in the computer name display area, the MAC address in the MAC address display area, and the work group / domain. The work area / domain is displayed in the display area, the user name is displayed in the user name display area (the name of the employee who manages the computers 11A, 11B, and 11C that performed the printing operation), the total number of print pages is displayed in the print total page count display area, and the print count display area. Shows the number of prints.
 図13の画面において下線部分に表示されるコンピュータ名を選択すると、図14に示すように、選択したコンピュータ11A,11B,11Cの印刷操作履歴の詳細がディスプレイ17に表示される。図14には、印刷操作履歴の詳細として、月日表示エリアに印刷操作の月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、ユーザ名表示エリアに社員名、印刷日時表示エリアに印刷日時、ドキュメント名表示エリアにドキュメント名、プリントページ数表示エリアにプリントページ数、プリンタ名表示エリアにプリンタ名が表示されている。管理責任者は、図13,14の使用履歴をプリンタ19から出力することができる。 When the computer name displayed in the underlined portion on the screen of FIG. 13 is selected, the details of the printing operation history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG. FIG. 14 shows the details of the print operation history as the month and day of the print operation in the month and day display area, the computer name in the computer name display area, the workgroup / domain in the workgroup / domain display area, and the IP address display area. The MAC address is displayed in the IP address / MAC address display area. Further, the employee name is displayed in the user name display area, the print date and time in the print date display area, the document name in the document name display area, the number of print pages in the print page number display area, and the printer name in the printer name display area. The manager in charge can output the usage history shown in FIGS.
 このシステム10は、監視サーバ13がコンピュータ11A,11B,11Cにおける印刷操作履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して各業務用コンピュータ11A,11B,11Cにおける印刷操作状況を把握することができる。このシステム10は、コンピュータ11A,11B,11Cにおける印刷操作を監視することができ、コンピュータ11A,11B,11Cにおける無制限の印刷操作を規制することができるから、社員によるデータの不正印刷を規制することができる。 In this system 10, since the monitoring server 13 collects the printing operation histories in the computers 11A, 11B, and 11C in time series, the manager in charge uses the monitoring server 13 to perform the printing operations in the business computers 11A, 11B, and 11C. The situation can be grasped. Since this system 10 can monitor printing operations in the computers 11A, 11B, and 11C and can regulate unlimited printing operations in the computers 11A, 11B, and 11C, it can restrict unauthorized printing of data by employees. Can do.
 図15,16は、ファイルアクセス履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間のファイルアクセス履歴を示す。なお、図15,16では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、ネットワーク15にログインした業務用コンピュータ11A,11B,11Cのファイルアクセス状況を時系列に監視する。監視サーバ13は、コンピュータ11A,11B,11Cが所定のファイルにアクセスした場合、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、コンピュータ11A,11B,11Cのファイルアクセス日時をハードディスクに格納する。 15 and 16 are diagrams showing an example of the file access history, and show the weekly file access history of the business computers 11A, 11B, and 11C. In FIGS. 15 and 16, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors the file access status of the business computers 11A, 11B, and 11C logged into the network 15 in time series. When the computer 11A, 11B, or 11C accesses a predetermined file, the monitoring server 13 identifies the computer 11A, 11B, or 11C identification number (computer name, IP address, MAC address, etc.), and the computer 11A, 11B, or 11C file. Store the access date and time on the hard disk.
 業務用コンピュータ11A,11B,11Cが所定のファイルにアクセスすると、そのファイルアクセス履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力されたファイルアクセス履歴を時系列に取得し、取得したそれらファイルアクセス履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12からファイルアクセス履歴の出力要求があると、ハードディスクに格納したファイルアクセス履歴を管理用コンピュータ12のディスプレイ17に表示させ、ファイルアクセス履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各ファイルアクセス履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When the business computers 11A, 11B, and 11C access a predetermined file, the file access history is output from the computers 11A, 11B, and 11C to the monitoring server 13. The monitoring server 13 acquires the file access history output from the computers 11A, 11B, and 11C in time series, and stores the acquired file access history in the hard disk (operation history acquisition means). When there is a file access history output request from the management computer 12, the monitoring server 13 displays the file access history stored in the hard disk on the display 17 of the management computer 12, and the file access history is connected to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can divide and output each file access history by a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目からファイルアクセス履歴表示を選択するとともに、期間を指定すると、図15に示すように、指定した期間のファイルアクセス履歴データがディスプレイ17に表示される。図15には、ファイルアクセス履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアに業務用コンピュータ名(ファイルアクセスを行ったコンピュータ名)、MACアドレス表示エリアにMACアドレス、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(ファイルアクセスを行ったコンピュータ11A,11B,11Cを管理する社員名)、アクセス回数表示エリアにアクセス回数が表示されている。 When file access history display is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and a period is designated, as shown in FIG. 15, file access for the designated period is performed. History data is displayed on the display 17. FIG. 15 shows the file access history data as a period specified in the period display area, the computer name display area for the business computer (the name of the computer that performed the file access), the MAC address display area for the MAC address, and the workgroup / domain. The work area / domain is displayed in the display area, the user name (the name of the employee who manages the computers 11A, 11B, and 11C that performed file access) is displayed in the user name display area, and the access count is displayed in the access count display area.
 図15の画面において下線部分に表示されるコンピュータ名を選択すると、図16に示すように、選択したコンピュータ11A,11B,11Cのファイルアクセス履歴の詳細がディスプレイ17に表示される。図16には、ファイルアクセス履歴の詳細として、月日表示エリアにファイルアクセスの月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、ユーザ名表示エリアに社員名、アクセス日時表示エリアにアクセス日時、操作内容表示エリアに操作内容(コピー、切り取り、書き込み、削除、ホルダの作成、名前変更等)、ファイル名表示エリアにファイル名、変更前ファイル名表示エリアに変更前ファイル名が表示されている。管理責任者は、図15,16のファイルアクセス履歴をプリンタ19から出力することができる。 15 is selected, the details of the file access history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG. In FIG. 16, as the details of the file access history, the date of file access is displayed in the month / day display area, the computer name is displayed in the computer name display area, the work group / domain is displayed in the work group / domain display area, and the IP address display area is displayed. The MAC address is displayed in the IP address / MAC address display area. Furthermore, the employee name in the user name display area, the access date and time in the access date and time display area, the operation content in the operation content display area (copy, cut, write, delete, create holder, rename, etc.), and the file name in the file name display area The file name before change is displayed in the file name display area before change. The person in charge of management can output the file access history shown in FIGS.
 このシステム10は、監視サーバ13がコンピュータ11A,11B,11Cにおけるファイルアクセス履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して各業務用コンピュータ11A,11B,11Cのファイルアクセス状況を把握することができる。このシステム10は、コンピュータ11A,11B,11Cにおけるファイルのアクセス状況を監視することができ、ファイルの無制限の使用を規制することができるから、社員によるファイルの不正使用を規制することができる。 In this system 10, since the monitoring server 13 collects file access histories in the computers 11A, 11B, and 11C in time series, the person in charge of management uses the monitoring server 13 to access the files of the business computers 11A, 11B, and 11C. The situation can be grasped. Since the system 10 can monitor the access status of files in the computers 11A, 11B, and 11C and can regulate unlimited use of files, it can regulate unauthorized use of files by employees.
 図17,18は、印刷行為履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間の印刷行為履歴を示す。なお、図17,18では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、業務用コンピュータ11A,11B,11Cのうちの印刷が禁止されたコンピュータにおける印刷行為を時系列に監視する。監視サーバ13は、印刷が禁止されたコンピュータ11A,11B,11Cが所定のデータを印刷しようとした場合、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、コンピュータ11A,11B,11Cの印刷行為日時をハードディスクに格納する。特定のコンピュータにおいてデータの印刷を禁止する方法は、コンピュータを指定してそのコンピュータにおけるデータの印刷を禁止する方法の他、コンピュータに搭載されたドライブを指定してそのドライブに格納されたデータのプリントを禁止する方法がある。 FIGS. 17 and 18 are diagrams showing an example of the printing action history, showing the weekly printing action history of the business computers 11A, 11B, and 11C. In FIGS. 17 and 18, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors in time series the printing actions in the computers that are prohibited from printing among the business computers 11A, 11B, and 11C. When the computers 11A, 11B, and 11C, which are prohibited from printing, attempt to print predetermined data, the monitoring server 13 identifies the computers 11A, 11B, and 11C (computer name, IP address, MAC address, etc.), computer The printing action dates of 11A, 11B, and 11C are stored in the hard disk. In addition to the method of prohibiting data printing on a computer by specifying a computer, the method of prohibiting data printing on a specific computer can also be used to specify the drive installed in the computer and print the data stored in that drive. There is a way to ban.
 監視サーバ13は、印刷が禁止されたコンピュータ11A,11B,11Cにおける印刷行為が行われた場合、印刷禁止ドライブに対して印刷行為が行われた場合、その印刷行為履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された印刷行為履歴を時系列に取得し、取得したそれら印刷行為履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバは、管理用コンピュータ12から印刷行為履歴の出力要求があると、ハードディスクに格納した印刷行為履歴を管理用コンピュータ12のディスプレイ17に表示させ、印刷行為履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各印刷行為履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When a printing action is performed on the computers 11A, 11B, and 11C, which are prohibited from printing, or when a printing action is performed on the print-prohibited drive, the monitoring server 13 stores the printing action history in the computers 11A, 11B, and 11C. To the monitoring server 13. The monitoring server 13 acquires the printing action histories output from the computers 11A, 11B, and 11C in time series, and stores the acquired printing action histories in the hard disk (operation history acquisition unit). When there is a print action history output request from the management computer 12, the monitoring server displays the print action history stored in the hard disk on the display 17 of the management computer 12, and the print action history is connected to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can divide and output each printing activity history by a predetermined period such as daily, weekly, monthly or the like.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から印刷行為履歴を選択するとともに、期間を指定すると、図17に示すように、指定した期間の印刷行為履歴データがディスプレイ17に表示される。図17には、印刷行為履歴データとして、期間表示エリアに指定した期間、コンピュータ名表示エリアにコンピュータ名(印刷行為が行われたコンピュータ名)、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(印刷行為が行われたコンピュータ11A,11B,11Cを管理する社員名)、印刷行為回数表示エリアに印刷行為回数が表示されている。 When the printing action history is selected from the report items on the report display screen (not shown) displayed on the display 17 of the management computer 12 and the period is designated, as shown in FIG. 17, the printing action history for the designated period is displayed. Data is displayed on the display 17. FIG. 17 shows the print activity history data as a period specified in the period display area, the computer name (computer name on which the printing act was performed) in the computer name display area, the work group / domain, user in the work group / domain display area. The name display area displays the user name (the name of the employee who manages the computers 11A, 11B, and 11C that performed the printing action), and the printing action count display area displays the printing action count.
 図17の画面において下線部分に表示されるコンピュータ名を選択すると、図18に示すように、選択したコンピュータ11A,11B,11Cの印刷行為履歴の詳細がディスプレイ17に表示される。図18には、印刷行為履歴の詳細として、月日表示エリアに印刷行為の月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、ユーザ名表示エリアに社員名、印刷行為日時表示エリアに印刷行為日時、ドキュメント名表示エリアにドキュメント名(印刷しようとしたドキュメント名)、プリンタ名表示エリアにプリンタ名(印刷行為が行われたプリンタ名)が表示されている。管理責任者は、図17,18の印刷行為履歴をプリンタ19から出力することができる。 When the computer name displayed in the underlined portion on the screen of FIG. 17 is selected, the details of the printing activity history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG. In FIG. 18, as the details of the printing activity history, the month and date of the printing activity in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the IP address display area The MAC address is displayed in the IP address / MAC address display area. Furthermore, the employee name in the user name display area, the date and time of printing in the printing action date and time display area, the document name (name of the document to be printed) in the document name display area, and the printer name (the printing action was performed in the printer name display area) Printer name) is displayed. The manager in charge can output the printing action history shown in FIGS.
 このシステム10は、監視サーバ13がコンピュータ11A,11B,11Cにおける印刷行為履歴を時系列に収集し、管理責任者が監視サーバ13を利用して印刷行為が禁止された各業務用コンピュータ11A,11B,11Cの印刷行為状況を把握することができる。このシステム10は、印刷行為が禁止されたコンピュータ11A,11B,11Cにおける印刷行為状況を監視することができ、社員によるデータの無断持ち出しやデータの改竄、データの破壊等の不正行為を規制することができる。 In this system 10, the monitoring server 13 collects the printing activity histories in the computers 11 </ b> A, 11 </ b> B, and 11 </ b> C in time series, and each business computer 11 </ b> A, 11 </ b> B for which the manager responsible uses the monitoring server 13 to prohibit the printing activity. , 11C printing action status can be grasped. This system 10 can monitor the status of printing actions on computers 11A, 11B, and 11C where printing actions are prohibited, and regulates illegal actions such as unauthorized removal of data, falsification of data, and destruction of data. Can do.
 図19,20は、持ち出し行為履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間の持ち出し行為履歴を示す。なお、図19,20では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、業務用コンピュータ11A,11B,11Cのうちのデータの持ち出しが禁止されたコンピュータにおける持ち出し行為を時系列に監視する。監視サーバ13は、データの持ち出しが禁止されたコンピュータ11A,11B,11Cにおいてデータの持ち出し行為が行われた場合、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、コンピュータ11A,11B,11Cの持ち出し行為日時をハードディスクに格納する。特定のコンピュータにおいてデータの持ち出しを禁止する方法は、コンピュータを指定してそのコンピュータからのデータ持ち出しを禁止する方法の他、コンピュータに搭載されたドライブに格納されたデータのコピーを禁止する方法(ドライブに対するコピー行為の禁止)、コンピュータに搭載されたドライブへの書き込みを禁止する方法ある。 19 and 20 are diagrams illustrating an example of a take-out action history, and show weekly take-out action histories of the business computers 11A, 11B, and 11C. In FIGS. 19 and 20, the display of specific names and numerical values of each item is omitted. The monitoring server 13 monitors in time series the take-out action in the computer for which data take-out is prohibited among the business computers 11A, 11B, and 11C. The monitoring server 13 identifies the computer 11A, 11B, 11C identification number (computer name, IP address, MAC address, etc.) when the computer 11A, 11B, 11C is prohibited from taking out data. The date and time when the computers 11A, 11B, and 11C are taken out is stored in the hard disk. In addition to a method for prohibiting data export from a specified computer, a method for prohibiting data export in a specific computer is a method for prohibiting copying of data stored in a drive mounted on the computer (drive Prohibiting copying to the drive mounted on the computer.
 監視サーバ13は、データの持ち出しが禁止されたコンピュータ11A,11B,11Cに格納されたデータの持ち出し行為(そのコンピュータ11A,11B,11Cにおけるデータ検索やデータコピー、データ切り取り、データ貼り付け、データ書き込み)が行われた場合、コピー禁止ドライブに対するコピー行為が行われた場合、書き込み禁止ドライブに対する書き込み行為が行われた場合、その持ち出し行為履歴がコンピュータ11A,11B,11Cから監視サーバ13に出力される。監視サーバ13は、コンピュータ11A,11B,11Cから出力された持ち出し行為履歴を時系列に取得し、取得したそれら持ち出し行為履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12から持ち出し行為履歴の出力要求があると、ハードディスクに格納した持ち出し行為履歴を管理用コンピュータ12のディスプレイ17に表示させ、持ち出し行為履歴を管理用コンピュータ12に接続されたプリンタ19から出力させる(操作履歴出力手段)。監視サーバ13は、各持ち出し行為履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 The monitoring server 13 takes out data stored in the computers 11A, 11B, and 11C that are prohibited from taking out data (data search, data copy, data cut, data paste, data write in the computers 11A, 11B, and 11C). ), When a copy action is performed on a copy-prohibited drive, or when a write action is performed on a write-protected drive, the carry-out action history is output from the computers 11A, 11B, and 11C to the monitoring server 13. . The monitoring server 13 acquires the take-out action history output from the computers 11A, 11B, and 11C in time series, and stores the acquired take-out action history in the hard disk (operation history acquisition means). When there is a request to output a take-out action history from the management computer 12, the monitoring server 13 displays the take-out action history stored in the hard disk on the display 17 of the management computer 12, and the take-out action history is connected to the management computer 12. Output from the printer 19 (operation history output means). The monitoring server 13 can output each take-out action history in a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目から持ち出し行為履歴を選択するとともに、期間を指定すると、図19に示すように、指定した期間の持ち出し行為履歴データがディスプレイ17に表示される。図19には、持ち出し行為履歴として、期間表示エリアに指定した期間、コンピュータ名表示エリアにコンピュータ名(持ち出し行為が行われたコンピュータ名)、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(持ち出し行為が行われたコンピュータ11A,11B,11Cを管理する社員名)、持ち出し行為回数表示エリアに持ち出し行為回数が表示されている。 When a take-out action history is selected from a report item on a report display screen (not shown) displayed on the display 17 of the management computer 12 and a period is designated, as shown in FIG. 19, a take-out action history for the designated period is shown. Data is displayed on the display 17. FIG. 19 shows, as a take-out action history, a computer name (computer name where the take-out action was performed) in the computer name display area, a work group / domain, and a user name in the work group / domain display area for the period specified in the period display area. The display area displays the user name (the name of the employee who manages the computers 11A, 11B, and 11C where the take-out action was performed), and the take-out action count display area.
 図19の画面において下線部分に表示されるコンピュータ名を選択すると、図20に示すように、選択したコンピュータ11A,11B,11Cの持ち出し行為履歴の詳細がディスプレイ17に表示される。図20には、持ち出し行為履歴の詳細として、月日表示エリアに持ち出し行為の月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリアにMACアドレスが表示されている。さらに、ユーザ名表示エリアに社員名、持ち出し行為日時表示エリアに持ち出し行為日時、持ち出し操作内容表示エリアに持ち出し操作内容(データ検索、コピー、切り取り、貼り付け、書き込み等)、ファイル名表示エリアに持ち出し行為が行われたファイル名、変更前ファイル名表示エリアに変更前ファイル名(持ち出し行為によって変更される以前のファイル名)が表示されている。管理責任者は、図19,20の持ち出し行為履歴をプリンタ17から出力することができる。 When the computer name displayed in the underlined portion in the screen of FIG. 19 is selected, the details of the carry-out action history of the selected computers 11A, 11B, and 11C are displayed on the display 17, as shown in FIG. FIG. 20 shows the details of the take-out action history as the date of the take-out action in the month / day display area, the computer name in the computer name display area, the work group / domain in the work group / domain display area, and the work group / domain in the IP address display area. The MAC address is displayed in the IP address / MAC address display area. In addition, the employee name in the user name display area, the date and time of the take-out action in the display area of the take-out action, the contents of the take-out operation in the display area of the take-out operation (data search, copy, cut, paste, write, etc.), and take out in the file name display area The file name where the action was performed and the file name before the change (the file name before being changed by the take-out action) are displayed in the file name display area before the change. The manager in charge can output the carry-out action history shown in FIGS.
 このシステム10は、監視サーバ13がコンピュータ11A,11B,11Cにおける持ち出し行為履歴を時系列に収集するから、管理責任者が監視サーバ13を利用して持ち出し行為が禁止された各業務用コンピュータ11A,11B,11Cの持ち出し行為状況を把握することができる。このシステム10は、持ち出し行為が禁止されたコンピュータ11A,11B,11Cにおける持ち出し行為状況を監視することができ、社員によるデータの無断持ち出しやデータの改竄、データの破壊等の不正行為を規制することができる。 In this system 10, since the monitoring server 13 collects the carry-out action history in the computers 11 </ b> A, 11 </ b> B, 11 </ b> C in time series, each business computer 11 </ b> A, 11B and 11C can be grasped. The system 10 can monitor the status of the computer 11A, 11B, 11C where the act of taking out is prohibited, and regulates illegal acts such as unauthorized data take-out, data tampering, and data destruction by employees. Can do.
 図21,22は、可動禁止アプリケーションのアクセス履歴の一例を示す図であり、業務用コンピュータ11A,11B,11Cの週間のアクセス履歴を示す。なお、図21,22では、各項目の具体的な名称や数値等の表示を省略している。監視サーバ13は、ネットワーク15にログインした業務用コンピュータ11A,11B,11Cの可動禁止アプリケーションへのアクセス行為を時系列に監視する。可動禁止アプリケーションは、各業務用コンピュータ11A,11B,11C毎に区分された状態で監視サーバ13のハードディスクに格納されている。監視サーバ13は、業務用コンピュータ11A,11B,11Cが可動禁止アプリケーションにアクセスした場合、そのコンピュータ11A,11B,11Cの識別番号(コンピュータ名、IPアドレス、MACアドレス等)、コンピュータ11A,11B,11Cのアクセス行為日時をハードディスクに格納する。 FIGS. 21 and 22 are diagrams showing an example of the access history of the prohibited application, and show weekly access histories of the business computers 11A, 11B, and 11C. In FIGS. 21 and 22, the display of specific names, numerical values, and the like of each item is omitted. The monitoring server 13 monitors the act of accessing the operation prohibited application of the business computers 11A, 11B, and 11C logged into the network 15 in time series. The movement prohibition application is stored in the hard disk of the monitoring server 13 in a state of being divided for each business computer 11A, 11B, 11C. When the business computers 11A, 11B, and 11C access the prohibited application, the monitoring server 13 identifies the computers 11A, 11B, and 11C (computer names, IP addresses, MAC addresses, etc.), computers 11A, 11B, and 11C. The access act date and time is stored on the hard disk.
 監視サーバ13は、業務用コンピュータ11A,11B,11Cが所定のアプリケーションを起動しようとした場合、そのアプリケーションがハードディスクに格納された可動禁止アプリケーションに該当するかを判断する。監視サーバ13は、そのアプリケーションが可動禁止のそれに該当すると判断すると、コンピュータ11A,11B,11Cにおける可動禁止アプリケーションのアクセス履歴を時系列に取得し、取得したそれらアクセス履歴をハードディスクに格納する(操作履歴取得手段)。監視サーバ13は、管理用コンピュータ12から可動禁止アプリケーションのアクセス履歴の出力要求があると、ハードディスクに格納したアクセス履歴を管理用コンピュータ12のディスプレイ17に表示させ、アクセス履歴を管理用コンピュータ12に接続されたプリンタ17から出力させる(操作履歴出力手段)。監視サーバ13は、各アクセス履歴を日単位や週単位、月単位等の所定の期間に区分して出力することができる。 When the business computers 11A, 11B, and 11C try to start a predetermined application, the monitoring server 13 determines whether the application corresponds to a movable prohibited application stored in the hard disk. When the monitoring server 13 determines that the application falls under the prohibition of movement, the monitoring server 13 acquires the access history of the movement prohibition application in the computers 11A, 11B, and 11C in time series, and stores the acquired access history in the hard disk (operation history). Acquisition means). When there is a request to output the access history of the prohibited application from the management computer 12, the monitoring server 13 displays the access history stored in the hard disk on the display 17 of the management computer 12 and connects the access history to the management computer 12. Output from the printer 17 (operation history output means). The monitoring server 13 can output each access history in a predetermined period such as daily, weekly, or monthly.
 管理用コンピュータ12のディスプレイ17に表示されたレポート表示画面(図示せず)のレポート項目からアクセス履歴を選択するとともに、期間を指定すると、図21に示すように、指定した期間のアクセス履歴データがディスプレイ17に表示される。図21には、アクセス履歴として、期間表示エリアに指定した期間、コンピュータ名表示エリアにコンピュータ名(可動禁止アプリケーションにアクセスしたコンピュータ名)、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、ユーザ名表示エリアにユーザ名(可動禁止アプリケーションにアクセスしたコンピュータ11A,11B,11Cを管理する社員名)、アクセス回数表示エリアにアクセス回数(可動禁止アプリケーションへのアクセス回数)が表示されている。 When an access history is selected from a report item on a report display screen (not shown) displayed on the display 17 of the management computer 12 and a period is designated, as shown in FIG. 21, access history data for the designated period is obtained. It is displayed on the display 17. In FIG. 21, as the access history, the computer name (the computer name that accessed the immobile application) is displayed in the computer name display area, the work group / domain, and the user name are displayed in the work group / domain display area. The user name (name of the employee who manages the computers 11A, 11B, and 11C that accessed the prohibited application) is displayed in the area, and the number of accesses (number of accesses to the prohibited application) is displayed in the access count display area.
 図21の画面において下線部分に表示されるコンピュータ名を選択すると、図22に示すように、選択したコンピュータ11A,11B,11Cのアクセス履歴の詳細がディスプレイに表示される。図22には、アクセス履歴の詳細として、月日表示エリアにアクセスの月日、コンピュータ名表示エリアに業務用コンピュータ名、ワークグループ/ドメイン表示エリアにワークグループ/ドメイン、IPアドレス表示エリアにIPアドレス、MACアドレス表示エリア61にMACアドレスが表示されている。さらに、ユーザ名表示エリアに社員名、アクセス日時表示エリアにアクセス日時(可動禁止アプリケーションへのアクセス日時)、アプリケーション名表示エリアにアプリケーション名(アクセスした可動禁止アプリケーション名)が表示されている。管理責任者は、図21,22のアクセス履歴をプリンタ17から出力することができる。 21. When the computer name displayed in the underlined portion on the screen of FIG. 21 is selected, the details of the access history of the selected computers 11A, 11B, and 11C are displayed on the display as shown in FIG. FIG. 22 shows the details of the access history, the date of access in the month / day display area, the name of the business computer in the computer name display area, the workgroup / domain in the workgroup / domain display area, and the IP address in the IP address display area. The MAC address is displayed in the MAC address display area 61. Furthermore, the employee name is displayed in the user name display area, the access date and time (access date and time to the immobilized application) is displayed in the access date and time display area, and the application name (accessed improper application name) is displayed in the application name display area. The manager in charge can output the access history shown in FIGS.
 このシステム10は、監視サーバ13が業務用コンピュータ11A,11B,11Cの可動禁止アプリケーションへのアクセス履歴を時系列に収集するから、管理責任者が監視サーバ13を利用してコンピュータ11A,11B,11Cにおける可動禁止アプリケーションへのアクセス状況を把握することができる。このシステム10は、コンピュータ11A,11B,11Cにおける可動禁止アプリケーションのアクセス状況を監視することができるとともに、そのアプリケーションに対するアクセス行為を抑止することができる。 In this system 10, since the monitoring server 13 collects access history of the business computers 11 </ b> A, 11 </ b> B, and 11 </ b> C to the prohibited applications, the manager in charge uses the monitoring server 13 to computer 11 </ b> A, 11 </ b> B, 11 </ b> C. It is possible to grasp the access status to the movable prohibited application. The system 10 can monitor the access status of the movable prohibited application in the computers 11A, 11B, and 11C, and can suppress an access action to the application.
 機器管理システム10は、ユーザレベルにおいて実行可能な操作を業務用コンピュータ11A,11B,11Cが実行した場合のユーザレベル操作履歴を監視サーバ13に取得させるユーザレベル操作履歴取得アプリケーションが業務用コンピュータ11A,11B,11Cにおいて不可視のスタートアップレジストリに登録されているから、操作履歴取得アプリケーションの起動チェックボックスのチェックを外すことができず、各業務用コンピュータ11A,11B,11Cの起動時にユーザレベル操作履歴取得アプリケーションを起動させなくすることはできない。ゆえに、監視サーバ13は、ユーザレベルにおいて実行可能な操作の操作履歴を各業務用コンピュータ11A,11B,11Cから確実に取得することができる。このシステム10は、ユーザレベルにおいて実行可能な操作を各業務用コンピュータ11A,11B,11Cが実行した場合、その操作履歴が監視サーバ13において一元管理され、サーバ13において各業務用コンピュータ11A,11B,11Cのユーザレベルの操作履歴を照合かつ監視することができるから、社員によるデータの改竄やデータの破壊等の不正行為を確実に防ぐことができる。 In the device management system 10, a user level operation history acquisition application that causes the monitoring server 13 to acquire a user level operation history when the business computers 11A, 11B, and 11C execute operations that can be executed at the user level is the business computer 11A, Since it is registered in the invisible startup registry in 11B and 11C, the activation check box of the operation history acquisition application cannot be unchecked, and the user level operation history acquisition application is activated when each business computer 11A, 11B, and 11C is activated. Cannot be disabled. Therefore, the monitoring server 13 can reliably acquire an operation history of operations that can be executed at the user level from each of the business computers 11A, 11B, and 11C. In this system 10, when each business computer 11 A, 11 B, 11 C executes an operation that can be performed at the user level, the operation history is centrally managed by the monitoring server 13, and each business computer 11 A, 11 B, Since the user-level operation history of 11C can be collated and monitored, it is possible to reliably prevent unauthorized actions such as data falsification and data destruction by employees.
 機器管理システム10は、システムレベルにおいて実行可能な操作を業務用コンピュータ11A,11B,11Cが実行した場合のシステムレベル操作履歴を監視サーバ13に取得させるシステムレベル操作履歴取得アプリケーションが業務用コンピュータ11A,11B,11Cにおいて可視困難なタスクに登録されているから、操作履歴取得アプリケーションの起動チェックボックスのチェックを外すことが困難となり、各業務用コンピュータ11A,11B,11Cの起動時にシステムレベル操作履歴取得アプリケーションを起動させなくすることはできない。ゆえに、監視サーバ13は、システムレベルにおいて実行可能な操作の操作履歴を各業務用コンピュータ11A,11B,11Cから確実に取得することができる。このシステム10は、システムレベルにおいて実行可能な操作を各業務用コンピュータ11A,11B,11Cが実行した場合、その操作履歴が監視サーバ13において一元管理され、サーバ13において各業務用コンピュータ11A,11B,11Cのシステムレベルの操作履歴を照合かつ監視することができるから、社員によるデータの改竄やデータの破壊等の不正行為を確実に防ぐことができる。 The device management system 10 has a system level operation history acquisition application for causing the monitoring server 13 to acquire a system level operation history when the business computers 11A, 11B, and 11C execute operations that can be executed at the system level. Since it is registered in the task that is difficult to see in 11B and 11C, it is difficult to uncheck the activation check box of the operation history acquisition application, and the system level operation history acquisition application is activated when each business computer 11A, 11B, and 11C is activated. Cannot be disabled. Therefore, the monitoring server 13 can reliably acquire an operation history of operations that can be executed at the system level from each of the business computers 11A, 11B, and 11C. In this system 10, when each business computer 11 A, 11 B, 11 C executes an operation that can be executed at the system level, the operation history is centrally managed by the monitoring server 13, and each business computer 11 A, 11 B, 11 Since the system level operation history of 11C can be collated and monitored, it is possible to reliably prevent unauthorized actions such as data falsification and data destruction by employees.
 10   機器管理システム
 11A  業務用コンピュータ
 11B  業務用コンピュータ
 11C  業務用コンピュータ
 12   管理用コンピュータ
 13   機器監視サーバ
 14   ハブ
 16   ディスプレイ
 17   ディスプレイ
 18   プリンタ
 19   プリンタ DESCRIPTION OF SYMBOLS 10 Device management system 11A Business computer 11B Business computer 11C Business computer 12 Management computer 13 Device monitoring server 14 Hub 16 Display 17 Display 18 Printer 19 Printer

Claims (6)

  1.  ユーザが使用する複数の端末装置と、それら端末装置から形成されたネットワークに接続されてそれら端末装置を時系列に監視する監視サーバとを備えた機器管理システムにおいて、
     前記端末装置には、ユーザレベルにおいて実行可能な操作を該端末装置が実行した場合のユーザレベル操作履歴を前記監視サーバに取得させるユーザレベル操作履歴取得アプリケーションがインストールされ、前記ユーザレベル操作履歴取得アプリケーションが、前記端末装置において不可視のスタートアップレジストリに登録されていることを特徴とする機器管理システム。     In a device management system comprising a plurality of terminal devices used by a user and a monitoring server connected to a network formed from these terminal devices and monitoring these terminal devices in time series,
    The terminal device is installed with a user level operation history acquisition application that causes the monitoring server to acquire a user level operation history when the terminal device executes an operation that can be executed at the user level. Is registered in an invisible startup registry in the terminal device.
  2.  前記端末装置には、システムレベルにおいて実行可能な操作を該端末装置が実行した場合のシステムレベル操作履歴を前記監視サーバに取得させるシステムレベル操作履歴取得アプリケーションがインストールされ、前記システムレベル操作履歴取得アプリケーションが、前記端末装置において可視困難なタスクに登録されている請求項1記載の機器管理システム。 The terminal device is installed with a system level operation history acquisition application that causes the monitoring server to acquire a system level operation history when the terminal device executes an operation that can be executed at the system level, and the system level operation history acquisition application Is registered in a task that is difficult to see in the terminal device.
  3.  前記ユーザレベルにおいて実行可能な操作が、前記ネットワークにおけるそれら端末装置の操作許可時間内の使用操作と、前記ネットワークにおけるそれら端末装置の操作許可時間外の使用操作と、前記ネットワーク以外の外部環境におけるそれら端末装置の使用操作とであり、前記ユーザレベル操作履歴が、前記ネットワークにおけるそれら端末装置の操作許可時間内の使用操作履歴と、前記ネットワークにおけるそれら端末装置の操作許可時間外の使用操作履歴と、前記ネットワーク以外の外部環境におけるそれら端末装置の使用操作履歴とである請求項1または請求項2に記載の機器管理システム。 The operations that can be performed at the user level include use operations within the operation permission time of the terminal devices in the network, use operations outside the operation permission time of the terminal devices in the network, and those in an external environment other than the network. And the user level operation history is a use operation history within the operation permission time of the terminal devices in the network, a use operation history outside the operation permission time of the terminal devices in the network, and The device management system according to claim 1 or 2, which is a use operation history of those terminal devices in an external environment other than the network.
  4.  前記ユーザレベルにおいて実行可能な操作が、それら端末装置の許可アプリケーションの使用操作と、それら端末装置の各種アプリケーションのインストール操作と、それら端末装置の各種アプリケーションのアンインストール操作とであり、前記ユーザレベル操作履歴が、それら端末装置の許可アプリケーションの使用操作履歴と、それら端末装置の各種アプリケーションのインストール操作履歴と、それら端末装置の各種アプリケーションのアンインストール操作履歴とである請求項1ないし請求項3いずれかに記載の機器管理システム。 The operations that can be executed at the user level are the use operation of the permitted applications of the terminal devices, the installation operation of the various applications of the terminal devices, and the uninstall operation of the various applications of the terminal devices. The history is a usage operation history of permitted applications of the terminal devices, an installation operation history of various applications of the terminal devices, and an uninstall operation history of various applications of the terminal devices. The device management system described in 1.
  5.  前記システムレベルにおいて実行可能な操作が、それら端末装置の起動・終了操作と、それら端末装置における印刷操作と、それら端末装置において使用するファイルへのアクセス操作とであり、前記システムレベル操作履歴が、それら端末装置の起動・終了操作履歴と、それら端末装置における印刷操作履歴と、それら端末装置において使用するファイルへのアクセス操作履歴とである請求項2ないし請求項4いずれかに記載の機器管理システム。 Operations that can be executed at the system level are start / end operations of the terminal devices, printing operations at the terminal devices, and access operations to files used at the terminal devices, and the system level operation history is: The device management system according to any one of claims 2 to 4, which is a start / end operation history of the terminal devices, a print operation history of the terminal devices, and an access operation history of a file used in the terminal devices. .
  6.  前記システムレベル操作履歴が、それら端末装置のうちのデータ印刷が禁止された端末装置における印刷操作履歴と、それら端末装置のうちのデータ持ち出しが禁止された端末装置におけるデータ持ち出し操作履歴と、それら端末装置における可動禁止アプリケーションの起動操作履歴とである請求項2ないし請求項5いずれかに記載の機器管理システム。
          The system level operation history includes a print operation history in a terminal device in which data printing is prohibited among the terminal devices, a data take-out operation history in a terminal device in which data take-out is prohibited, and the terminals. The device management system according to claim 2, wherein the device operation system is a start operation history of a movable prohibition application in the apparatus.
PCT/JP2009/062742 2008-07-15 2009-07-14 Device management system WO2010007990A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-183460 2008-07-15
JP2008183460A JP2010026557A (en) 2008-07-15 2008-07-15 Equipment management system

Publications (1)

Publication Number Publication Date
WO2010007990A1 true WO2010007990A1 (en) 2010-01-21

Family

ID=41550392

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/062742 WO2010007990A1 (en) 2008-07-15 2009-07-14 Device management system

Country Status (2)

Country Link
JP (1) JP2010026557A (en)
WO (1) WO2010007990A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017191403A (en) * 2016-04-12 2017-10-19 東芝テック株式会社 Information processor and program

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104902432B (en) * 2015-06-04 2019-02-15 北京京东尚科信息技术有限公司 The method and apparatus for generating the log of mobile terminal application operating
JP6834703B2 (en) * 2017-03-31 2021-02-24 コニカミノルタ株式会社 Business use file management system, business use file management method, and programs

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000354036A (en) * 1999-06-11 2000-12-19 Hitachi Ltd Protection method for operation history file
JP2003006185A (en) * 2001-06-20 2003-01-10 Nec Corp Access management system and browser program
JP2007241513A (en) * 2006-03-07 2007-09-20 Japan Lucida Co Ltd Equipment monitoring device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000354036A (en) * 1999-06-11 2000-12-19 Hitachi Ltd Protection method for operation history file
JP2003006185A (en) * 2001-06-20 2003-01-10 Nec Corp Access management system and browser program
JP2007241513A (en) * 2006-03-07 2007-09-20 Japan Lucida Co Ltd Equipment monitoring device

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
"Chuken·Chusho Kigyo Muke Security Appliance Seihin 'Lucida SecurOffice' no Hanbai o Kaishi", 3 June 2008 (2008-06-03), Retrieved from the Internet <URL:http://www.oki.com/jp/press/2008/06/z08028.html> [retrieved on 20090814] *
"Secure Office - when you need to know what your employees are doing on Your time.", 18 December 2007 (2007-12-18), Retrieved from the Internet <URL:http://web.archive.org/web/20071218121406/http://www.blazingtools.com/secureoffice.html> *
"The Wind of Blessing, Registry no Key ga Hihyoji naru Fuguai", 27 August 2005 (2005-08-27), Retrieved from the Internet <URL:http://twobcherry.seesaa.net/article/6292526.html> [retrieved on 20090814] *
"Windows Registry Editor Utility String Concealment Weakness", 6 February 2006 (2006-02-06), Retrieved from the Internet <URL:http://secunia.com/advisories/16560> [retrieved on 20090814] *
KEIICHI YAMACHIKA: "Hono no Master Series Dai 4 Dan Registry no Tatsujin", WINDOWS SERVER WORLD, vol. 9, no. 11, 1 November 2004 (2004-11-01), pages 168 - 171 *
NISSHO ERE ET AL.: "Chusho Kibo Kigyo Muke Joho Roei Taisaku-yo Security Appliance o Hanbai Kaishi", 5 June 2008 (2008-06-05), Retrieved from the Internet <URL:http://www.nissho-ele.co.jp/press/goods/2008/0806lucida.html> [retrieved on 20090814] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017191403A (en) * 2016-04-12 2017-10-19 東芝テック株式会社 Information processor and program

Also Published As

Publication number Publication date
JP2010026557A (en) 2010-02-04

Similar Documents

Publication Publication Date Title
EP2000940A1 (en) Equipment monitoring device
CA2553648C (en) Adaptive transparent encryption
US7814021B2 (en) Managed distribution of digital assets
EP1590735A2 (en) Digital asset usage accountability via event journaling
EP1839180A2 (en) Application instrumentation and monitoring
US20110119371A1 (en) Device data management system
RU2647643C1 (en) System for establishing a confidentiality mark in an electronic document, accounting and control of work with confidential electronic documents
JP4044126B1 (en) Information leakage prevention device, information leakage prevention program, information leakage prevention recording medium, and information leakage prevention system
US20110093587A1 (en) Device data management system
JP4850159B2 (en) External device management system
WO2010007990A1 (en) Device management system
Silowash et al. Insider threat control: Understanding data loss prevention (DLP) and detection by correlating events from multiple sources
JP4873422B2 (en) Information processing system, information processing apparatus, control method thereof, and program
JP4896656B2 (en) Security management system
US8788723B1 (en) System and apparatus for controlling use of mass storage devices
WO2010084905A1 (en) Terminal apparatus monitoring system
JP2008250872A (en) Management system, management server and management program
JP2006302041A (en) Information management device, information management method, and information management program
JP2009003547A (en) Equipment monitoring device
JP5004572B2 (en) Login management system and login management method
JP2009140472A (en) Management system and management program
JP2009003548A (en) Equipment management system
US20040268211A1 (en) Systems and methods for analyzing and reporting electronic content
Simmel et al. Securing Desktop Workstations
JP5377706B2 (en) Login management system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09797915

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09797915

Country of ref document: EP

Kind code of ref document: A1