WO2011122138A1 - シンクライアントシステム、シンクライアントシステムにおけるアクセス制御方法およびアクセス制御プログラム - Google Patents
シンクライアントシステム、シンクライアントシステムにおけるアクセス制御方法およびアクセス制御プログラム Download PDFInfo
- Publication number
- WO2011122138A1 WO2011122138A1 PCT/JP2011/053152 JP2011053152W WO2011122138A1 WO 2011122138 A1 WO2011122138 A1 WO 2011122138A1 JP 2011053152 W JP2011053152 W JP 2011053152W WO 2011122138 A1 WO2011122138 A1 WO 2011122138A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- terminal
- policy
- client terminal
- unit
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 15
- 238000000605 extraction Methods 0.000 claims abstract description 18
- 239000000284 extract Substances 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 abstract description 23
- 238000007726 management method Methods 0.000 description 38
- 230000006870 function Effects 0.000 description 8
- 238000013500 data storage Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000001965 increasing effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Definitions
- the present invention relates to a thin client system, an access control method in the thin client system, and an access control program.
- Patent Document 1 discloses a thin client system that controls the start / stop of a virtual machine that virtualizes the environment of a client terminal on a server according to the current position of the user.
- a virtual machine can be used as long as the client terminal and the virtual machine on the server can communicate with each other. Therefore, for example, when a notebook PC (Personal Computer) that can be carried outside the company is used as a client terminal, it is possible to display confidential information on the screen of the notebook PC in a public place such as an airport or a station. In such a case, there is a possibility that secret information may be leaked due to eavesdropping by shoulder hacking, for example. Moreover, there is a possibility that secret information may be leaked even when the notebook PC is stolen.
- a notebook PC Personal Computer
- the present invention has been made to solve the above-described problems, and an object thereof is to provide a thin client system, an access control method in the thin client system, and an access control program that can enhance security.
- the thin client system of the present invention associates terminal information including at least current position information and a user ID from a client terminal with the terminal information based on the terminal information received by the receiving unit and the receiving unit.
- An extracting unit for extracting policy information relating to a stored security policy; an allocating unit for allocating resources for virtualizing the environment of the client terminal based on the user ID received by the receiving unit; and the extracting unit And an access control unit that restricts access to the resource allocated by the allocation unit based on the policy information extracted in (1).
- the access control method in the thin client system includes a reception step of receiving terminal information including at least current position information and a user ID from a client terminal, and the terminal information based on the terminal information received in the reception step.
- An extraction step of extracting policy information related to a security policy stored in association with the client an allocation step of allocating resources for virtualizing the client terminal based on the user ID received in the reception step, And an access control step for restricting access to the resource allocated in the allocation step based on the policy information extracted in the extraction step.
- the access control program of the present invention causes a computer to execute each step included in the access control method.
- security in the thin client system can be increased.
- FIG. 1 It is a block diagram which shows the structure of the thin client system in embodiment. It is a figure which shows the data structure of a client terminal information table. It is a figure which shows the data structure of a policy management table. It is a figure which shows the data structure of a policy information table. It is a flowchart explaining the process sequence at the time of controlling access of a client terminal in a thin client system.
- FIG. 1 is a configuration diagram schematically showing a thin client system in the embodiment.
- the thin client system 1 includes a client terminal 10, a policy management device 20, and a server device 30.
- the thin client system 1 in the present embodiment includes, for example, the functions of a known thin client system described below.
- the client terminal 10 shown in FIG. 1 includes a communication unit 11 that transmits and receives data to and from other devices, and a position information acquisition unit 12.
- the communication unit 11 transmits the user ID and terminal information to the policy management apparatus 20.
- the user ID is information for identifying a user who operates the client terminal 10.
- the terminal information is information related to the client terminal 10 and is registered in advance in the memory. This terminal information includes, for example, IP address information, terminal type information, data storage availability information, and position information.
- the terminal type information is information for specifying the terminal type of the client terminal 10 and corresponds to information indicating a desktop PC or a notebook PC, for example.
- the data storage availability information is information indicating whether data can be stored in the client terminal 10.
- the position information is information indicating the position of the client terminal 10.
- the communication unit 11 receives virtual machine information related to the virtual machine assigned to the client terminal 10 from the server device 30.
- the communication unit 11 transmits an access request to the virtual machine to the server device 30 based on the virtual machine information.
- the location information acquisition unit 12 acquires location information included in the terminal information. Specifically, the position information acquisition unit 12 acquires, as position information, latitude / longitude information corresponding to the current position of the client terminal 10 determined by, for example, GPS (Global Positioning System). Based on the latitude / longitude information acquired as the position information and the latitude / longitude information indicating the position in the company, the position information acquisition unit 12 in this embodiment determines whether the client terminal is located in the company or outside the company. It is determined whether it is located, and information indicating where it is located is set in the position information of the terminal information transmitted to the policy management apparatus 20.
- GPS Global Positioning System
- the policy management device 20 includes a communication unit 21 that transmits / receives data to / from other devices, and a policy information extraction unit 22.
- the policy management apparatus 20 includes a client terminal information table 25, a policy management table 26, and a policy information table 27.
- the client terminal information table 25 has one record for each client terminal 10 (hereinafter referred to as “client terminal information record”).
- the client terminal information record includes, for example, a terminal ID item, a terminal name item, an IP address type item, a terminal type item, a data storage availability item, and a location information item as data items.
- the terminal ID item stores identification information that uniquely identifies the client terminal 10.
- the terminal name item stores the name of the client terminal 10.
- the IP address type item stores an IP address assigned to the client terminal 10. Depending on the contents of the IP address, it can be determined whether it is a private IP address or a global IP address.
- the terminal type item stores information for specifying the terminal type of the client terminal 10.
- the data storage availability item stores information indicating whether data can be stored in the client terminal 10.
- the location information item stores information indicating whether the client terminal 10 is located inside the company or outside the company.
- Each information stored in the IP address type item, the terminal type item, the data storage availability item, and the location information item included in the client terminal information record is registered in advance as terminal information of the client terminal 10.
- the data configuration of the policy management table 26 will be described with reference to FIG.
- the policy management table 26 has one record for each client terminal 10 (hereinafter referred to as “policy management record”).
- the policy management record has, for example, a terminal ID item and a policy ID item as data items.
- the terminal ID item stores identification information that uniquely identifies the client terminal 10.
- the policy ID item stores identification information that uniquely identifies policy information related to a security policy applied to a virtual machine.
- the data structure of the policy information table 27 will be described with reference to FIG.
- the policy information table 27 has one record for each policy information (hereinafter referred to as “policy information record”).
- the policy information record has, as data items, for example, a policy ID item, a policy name item, an inaccessible page item, an inaccessible application item, an inaccessible area item, a login available time item, a continuous available time item, and a user authority item. .
- the policy ID item stores identification information for uniquely identifying policy information.
- the policy name item stores the name of policy information.
- the inaccessible page item stores information for specifying a Web page whose access is restricted.
- the non-startable application item stores information for specifying an application whose start is restricted.
- the inaccessible area item stores information for specifying a drive, a folder, and a file whose access is restricted.
- the log-in time item stores information for specifying a log-in time zone.
- the continuous useable time item stores information for specifying the continuous useable time.
- the user authority item stores information for specifying authority to be given to the user, for example, administrator authority and general user authority.
- the communication unit 21 of the policy management device 20 shown in FIG. 1 receives the user ID and terminal information transmitted by the client terminal 10.
- the communication unit 21 transmits the user ID and policy information of the client terminal 10 to the server device 30.
- the policy information extraction unit 22 extracts policy information based on the terminal information received from the client terminal 10. This will be specifically described below. First, the policy information extraction unit 22 extracts a client terminal information record corresponding to the terminal information from the client terminal information table 25. Subsequently, the policy information extraction unit 22 extracts a policy management record corresponding to the terminal ID included in the client terminal information record from the policy management table 26. Subsequently, the policy information extraction unit 22 extracts policy information corresponding to the policy ID included in the policy management record from the policy information table 27.
- the server device 30 includes a communication unit 31 that transmits / receives data to / from other devices, a virtual machine allocation unit 32, and an access control unit 33.
- the communication unit 31 receives the user ID and policy information of the client terminal 10 transmitted by the policy management apparatus 20.
- the communication unit 31 transmits virtual machine information corresponding to the virtual machine assigned to the client terminal 10 to the client terminal 10.
- the virtual machine allocation unit 32 allocates resources for virtualizing the environment of the client terminal 10 based on the user ID of the client terminal 10 received from the policy management apparatus 20. Thereby, a virtual machine for each client terminal 10 is formed on the server device 30. Examples of resources include a memory area, OS, application software, and various data.
- the access control unit 33 controls access from the client terminal 10 by the virtual machine according to the policy information of the client terminal 10 received from the policy management apparatus 20.
- the policy ID of the policy information is “policy 2” shown in FIG. 4
- the client terminal 10 is prohibited from accessing the “confidential information posting page”
- the web browser and mail software are not activated
- Access to “System Drive” is prohibited
- login time is limited to “8: 30-17: 30”
- continuous use is limited to “2 hours”
- user authority is limited to “general user” authority .
- the policy management device 20 and the server device 30 are physically configured to include, for example, a CPU (Central Processing Unit), a storage device, and an input / output interface.
- the storage device include a ROM (Read Only Memory) and HDD (Hard Disk Drive) that store programs and data processed by the CPU, and a RAM (Random Access Memory) mainly used as various work areas for control processing. ) Etc. are included. These elements are connected to each other via a bus.
- the CPU executes a program stored in the ROM and processes a message received via the input / output interface and data expanded in the RAM, whereby each of the units in the policy management device 20 and the server device 30 described above is processed. Function can be realized.
- FIG. 5 is a flowchart for explaining a processing procedure when the access of the client terminal 10 is controlled in the thin client system 1.
- the user of the thin client system 1 inputs a user ID via the input device of the client terminal 10 (step S101).
- the location information acquisition unit 12 of the client terminal 10 acquires location information from the GPS, determines whether the location of the client terminal 10 is in the company or outside the company based on the acquired location information, The determination result is set in the position information of the terminal information read from the memory (step S102).
- the communication unit 11 of the client terminal 10 transmits the user ID input in step S101 and the terminal information in which the position information is set in step S102 to the policy management apparatus 20 (step S103).
- the communication unit 21 of the policy management apparatus 20 receives the user ID and the terminal information.
- the policy information extraction unit 22 of the policy management device 20 extracts the policy information based on the terminal information received from the client terminal 10 (step S104).
- the communication unit 21 of the policy management device 20 transmits the user ID received from the client terminal 10 and the policy information extracted in step S104 to the server device 30 (step S105). Thereby, the communication unit 31 of the server device 30 receives the user ID and the policy information.
- Step S106 the virtual machine allocation unit 32 of the server apparatus 30 allocates a virtual machine that virtualizes the environment of the client terminal 10 on the server apparatus 30.
- the communication unit 31 of the server device 30 transmits the virtual machine information of the client terminal 10 to the client terminal 10 (step S107). Thereby, the communication unit 11 of the client terminal 10 receives the virtual machine information.
- the communication unit 11 of the client terminal 10 transmits an access request to the virtual machine to the server device 30 based on the virtual machine information received from the server device 30 (step S108). Thereby, the communication unit 31 of the server device 30 receives the access request.
- the access control unit 33 of the server device 30 restricts access from the client terminal 10 by the virtual machine based on the policy information received from the policy management device 20 (step S109).
- a security policy that determines the processes that can be operated on the virtual machine is determined according to the usage status such as the location, time, and terminal type of the client terminal 10. Therefore, security in the thin client system can be enhanced.
- the policy management device 20 and the server device 30 are provided, but the present invention is not limited to this.
- each function of the policy management apparatus 20 may be added to the server apparatus 30 and the policy management apparatus 20 may be omitted.
- the functions of the policy management apparatus 20 and the server apparatus 30 may be appropriately distributed to a plurality of apparatuses, and the plurality of apparatus groups may function in the same manner as the policy management apparatus 20 and the server apparatus 30 described above.
- the policy management apparatus 20 includes the client terminal information table 25, the policy management table 26, and the policy information table 27, but is not limited thereto.
- the client terminal information table 25 and the policy management table 26 may be managed together as one table, or the client terminal information table 25, the policy management table 26, and the policy information table 27 may be combined into one table. May be managed. Further, the data structure of each table may be subdivided and managed by four or more tables.
- the IP address information, the terminal type information, the data storage availability information, and the position information are described as the terminal information used when determining the policy information.
- the present invention is not limited to this.
- at least position information may be included as terminal information used when determining policy information.
- the terminal information including at least the current position information and the user ID are stored in association with the terminal information.
- An extraction unit that extracts policy information related to a security policy, an allocation unit that allocates resources for virtualizing the environment of the client terminal based on the user ID received by the reception unit, and the extraction unit that extracts the policy information
- a thin client system comprising: an access control unit that restricts access to the resource allocated by the allocation unit based on policy information.
- the terminal information including at least the current position information and the user ID, and the terminal information received in the receiving step are stored in association with the terminal information.
- An extraction step for extracting policy information related to a security policy, an allocation step for allocating resources for virtualizing the client terminal based on the user ID received in the reception step, and the policy information extracted in the extraction step And an access control step of restricting access to the resource assigned in the assignment step, based on the access control method in a thin client system.
- Appendix 5 An access restriction program for causing a computer to execute each step described in Appendix 4.
- the thin client system, the access control method and the access control program in the thin client system according to the present invention are suitable for enhancing security.
- SYMBOLS 1 ... Thin client system, 10 ... Client terminal, 11 ... Communication part, 12 ... Location information acquisition part, 20 ... Policy management apparatus, 21 ... Communication part, 22 ... Policy information extraction part, 25 ... Client terminal information table, 26 ... Policy management table, 27 ... policy information table, 30 ... server device, 31 ... communication unit, 32 ... virtual machine allocation unit, 33 ... access control unit.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
なお、上述した実施形態は、単なる例示に過ぎず、実施形態に明示していない種々の変形や技術の適用を排除するものではない。すなわち、本発明は、その趣旨を逸脱しない範囲で様々な形態に変形して実施することができる。
Claims (5)
- 少なくとも現時点の位置情報を含む端末情報およびユーザIDをクライアント端末から受信する受信部と、
前記受信部で受信した前記端末情報に基づいて、当該端末情報に対応付けて記憶されているセキュリティポリシーに関するポリシー情報を抽出する抽出部と、
前記受信部で受信した前記ユーザIDに基づいて、前記クライアント端末の環境を仮想化するためのリソースを割り当てる割当部と、
前記抽出部で抽出した前記ポリシー情報に基づいて、前記割当部で割り当てた前記リソースへのアクセスを制限するアクセス制御部と、
を備えることを特徴とするシンクライアントシステム。 - 前記端末情報には、前記クライアント端末のシステムへのログイン可能な時間に関するログイン可能時間情報が含まれることを特徴とする請求項1記載のシンクライアントシステム。
- 前記端末情報には、前記クライアント端末の種別を識別する端末種別情報が含まれることを特徴とする請求項1または2記載のシンクライアントシステム。
- 少なくとも現時点の位置情報を含む端末情報およびユーザIDをクライアント端末から受信する受信ステップと、
前記受信ステップで受信した前記端末情報に基づいて、当該端末情報に対応付けて記憶されているセキュリティポリシーに関するポリシー情報を抽出する抽出ステップと、
前記受信ステップで受信した前記ユーザIDに基づいて、前記クライアント端末を仮想化するためのリソースを割り当てる割当ステップと、
前記抽出ステップで抽出した前記ポリシー情報に基づいて、前記割当ステップで割り当てた前記リソースへのアクセスを制限するアクセス制御ステップと、
を含むことを特徴とするシンクライアントシステムにおけるアクセス制御方法。 - 請求項4に記載の各ステップをコンピュータに実行させるためのアクセス制御プログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19201421.5A EP3623944B1 (en) | 2010-03-30 | 2011-02-15 | Thin client system, and access control method and access control program for thin client system |
JP2012508133A JP5488854B2 (ja) | 2010-03-30 | 2011-02-15 | シンクライアントシステム、シンクライアントシステムにおけるアクセス制御方法およびアクセス制御プログラム |
US13/578,784 US20130031602A1 (en) | 2010-03-30 | 2011-02-15 | Thin client system, and access control method and access control program for thin client system |
EP11762379.3A EP2555133A4 (en) | 2010-03-30 | 2011-02-15 | THIN CLIENT SERVER, ACCESS CONTROL METHOD, AND ACCESS CONTROL METHODS THEREIN |
CN2011800173306A CN102822841A (zh) | 2010-03-30 | 2011-02-15 | 瘦客户端系统及其访问控制方法和访问控制程序 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010-077235 | 2010-03-30 | ||
JP2010077235 | 2010-03-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011122138A1 true WO2011122138A1 (ja) | 2011-10-06 |
Family
ID=44711875
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/053152 WO2011122138A1 (ja) | 2010-03-30 | 2011-02-15 | シンクライアントシステム、シンクライアントシステムにおけるアクセス制御方法およびアクセス制御プログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US20130031602A1 (ja) |
EP (2) | EP2555133A4 (ja) |
JP (1) | JP5488854B2 (ja) |
CN (1) | CN102822841A (ja) |
WO (1) | WO2011122138A1 (ja) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013174944A (ja) * | 2012-02-23 | 2013-09-05 | Nec Corp | シンクライアントシステム、制御サーバ、端末、セキュリティ制御方法及びセキュリティ制御プログラム |
WO2013144767A1 (en) * | 2012-03-27 | 2013-10-03 | Zhang Yin Sheng | Computer with flexible operating system |
WO2013158054A3 (en) * | 2012-04-19 | 2013-12-27 | Netas Telekomunikasyon Anonim Sirketi | Access system independent of location/place |
JP2016095597A (ja) * | 2014-11-12 | 2016-05-26 | 富士通株式会社 | 配備制御プログラム、配備制御装置及び配備制御方法 |
JP2016224484A (ja) * | 2015-05-26 | 2016-12-28 | 富士通株式会社 | シンクライアントシステム、サーバ装置、ポリシー管理装置、制御方法及び制御プログラム |
US9680954B2 (en) | 2013-04-19 | 2017-06-13 | Electronics And Telecommunications Research Institute | System and method for providing virtual desktop service using cache server |
US9712605B2 (en) | 2014-01-15 | 2017-07-18 | Electronics And Telecommunications Research Institute | Method and system for providing server virtual machine for real-time virtual desktop service, and server device supporting the same |
WO2018008124A1 (ja) * | 2016-07-07 | 2018-01-11 | 株式会社日立製作所 | 計算機、計算機システム及びセキュリティの制御方法 |
WO2019026837A1 (ja) * | 2017-07-31 | 2019-02-07 | 日本電気株式会社 | 仮想化宅内通信設備、ポリシー管理サーバー及びサービス提供方法 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5606476B2 (ja) * | 2012-03-09 | 2014-10-15 | 株式会社東芝 | クライアント管理システム、クライアント管理方法及びプログラム |
EP2696303B1 (en) * | 2012-08-03 | 2017-05-10 | Alcatel Lucent | Mandatory access control (MAC) in virtual machines |
JP6318698B2 (ja) * | 2013-04-10 | 2018-05-09 | 株式会社リコー | セキュリティ管理システム、セキュリティ管理方法およびプログラム |
JP6304372B2 (ja) * | 2014-04-23 | 2018-04-04 | 株式会社リコー | 管理システム、記録媒体、及び管理方法 |
CN105162775A (zh) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | 虚拟机登陆方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008187338A (ja) | 2007-01-29 | 2008-08-14 | Hewlett-Packard Development Co Lp | 制御システムおよびその方法。 |
JP2008217604A (ja) * | 2007-03-06 | 2008-09-18 | Toshiba Tec Corp | 情報管理システム、情報管理システムにおける情報アクセス管理装置及び情報アクセス管理装置に用いられるコンピュータプログラム |
WO2008117500A1 (ja) * | 2007-03-27 | 2008-10-02 | Nec Corporation | 仮想マシン運用システム、仮想マシン運用方法およびプログラム |
JP2008242826A (ja) * | 2007-03-27 | 2008-10-09 | Hitachi Ltd | 情報処理システム、情報処理システムの制御方法及びプログラム |
JP2010077235A (ja) | 2008-09-25 | 2010-04-08 | Nippon Zeon Co Ltd | 導電性樹脂フィルム及びその製造方法 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7584261B1 (en) * | 2001-02-09 | 2009-09-01 | Microsoft Corporation | Distribution of binary executables and content from peer locations/machines |
US7765544B2 (en) * | 2004-12-17 | 2010-07-27 | Intel Corporation | Method, apparatus and system for improving security in a virtual machine host |
US20060200496A1 (en) * | 2005-02-22 | 2006-09-07 | Transparency Software, Inc. | Organization action incidents |
US7996834B2 (en) * | 2006-04-14 | 2011-08-09 | Microsoft Corporation | Virtual machine self-service restrictions |
US8234640B1 (en) * | 2006-10-17 | 2012-07-31 | Manageiq, Inc. | Compliance-based adaptations in managed virtual systems |
JP2008160709A (ja) * | 2006-12-26 | 2008-07-10 | Hitachi Ltd | 計算機システム |
FR2912233B1 (fr) * | 2007-02-01 | 2009-08-21 | Sagem Comm | Dispositif client leger et procede d'utilisation |
US8453142B2 (en) * | 2007-04-26 | 2013-05-28 | Hewlett-Packard Development Company, L.P. | Virtual machine control |
US8583831B2 (en) * | 2007-10-05 | 2013-11-12 | Samsung Electronics Co., Ltd. | Thin client discovery |
JP5047870B2 (ja) * | 2008-04-17 | 2012-10-10 | 株式会社日立製作所 | マスタ管理システム、マスタ管理方法、およびマスタ管理プログラム |
US8726364B2 (en) * | 2008-06-30 | 2014-05-13 | Intel Corporation | Authentication and access protection of computer boot modules in run-time environments |
-
2011
- 2011-02-15 CN CN2011800173306A patent/CN102822841A/zh active Pending
- 2011-02-15 US US13/578,784 patent/US20130031602A1/en not_active Abandoned
- 2011-02-15 EP EP11762379.3A patent/EP2555133A4/en not_active Ceased
- 2011-02-15 WO PCT/JP2011/053152 patent/WO2011122138A1/ja active Application Filing
- 2011-02-15 EP EP19201421.5A patent/EP3623944B1/en active Active
- 2011-02-15 JP JP2012508133A patent/JP5488854B2/ja active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008187338A (ja) | 2007-01-29 | 2008-08-14 | Hewlett-Packard Development Co Lp | 制御システムおよびその方法。 |
JP2008217604A (ja) * | 2007-03-06 | 2008-09-18 | Toshiba Tec Corp | 情報管理システム、情報管理システムにおける情報アクセス管理装置及び情報アクセス管理装置に用いられるコンピュータプログラム |
WO2008117500A1 (ja) * | 2007-03-27 | 2008-10-02 | Nec Corporation | 仮想マシン運用システム、仮想マシン運用方法およびプログラム |
JP2008242826A (ja) * | 2007-03-27 | 2008-10-09 | Hitachi Ltd | 情報処理システム、情報処理システムの制御方法及びプログラム |
JP2010077235A (ja) | 2008-09-25 | 2010-04-08 | Nippon Zeon Co Ltd | 導電性樹脂フィルム及びその製造方法 |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013174944A (ja) * | 2012-02-23 | 2013-09-05 | Nec Corp | シンクライアントシステム、制御サーバ、端末、セキュリティ制御方法及びセキュリティ制御プログラム |
WO2013144767A1 (en) * | 2012-03-27 | 2013-10-03 | Zhang Yin Sheng | Computer with flexible operating system |
WO2013158054A3 (en) * | 2012-04-19 | 2013-12-27 | Netas Telekomunikasyon Anonim Sirketi | Access system independent of location/place |
US9680954B2 (en) | 2013-04-19 | 2017-06-13 | Electronics And Telecommunications Research Institute | System and method for providing virtual desktop service using cache server |
US9712605B2 (en) | 2014-01-15 | 2017-07-18 | Electronics And Telecommunications Research Institute | Method and system for providing server virtual machine for real-time virtual desktop service, and server device supporting the same |
JP2016095597A (ja) * | 2014-11-12 | 2016-05-26 | 富士通株式会社 | 配備制御プログラム、配備制御装置及び配備制御方法 |
JP2016224484A (ja) * | 2015-05-26 | 2016-12-28 | 富士通株式会社 | シンクライアントシステム、サーバ装置、ポリシー管理装置、制御方法及び制御プログラム |
WO2018008124A1 (ja) * | 2016-07-07 | 2018-01-11 | 株式会社日立製作所 | 計算機、計算機システム及びセキュリティの制御方法 |
WO2019026837A1 (ja) * | 2017-07-31 | 2019-02-07 | 日本電気株式会社 | 仮想化宅内通信設備、ポリシー管理サーバー及びサービス提供方法 |
US11190452B2 (en) | 2017-07-31 | 2021-11-30 | Nec Corporation | Virtual customer premises equipment, policy management server and service providing method |
Also Published As
Publication number | Publication date |
---|---|
CN102822841A (zh) | 2012-12-12 |
EP3623944A1 (en) | 2020-03-18 |
EP2555133A1 (en) | 2013-02-06 |
EP3623944B1 (en) | 2023-08-09 |
EP2555133A4 (en) | 2016-10-26 |
US20130031602A1 (en) | 2013-01-31 |
JPWO2011122138A1 (ja) | 2013-07-08 |
JP5488854B2 (ja) | 2014-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5488854B2 (ja) | シンクライアントシステム、シンクライアントシステムにおけるアクセス制御方法およびアクセス制御プログラム | |
EP2842049B1 (en) | Secure administration of virtual machines | |
CN107196982B (zh) | 一种用户请求的处理方法和装置 | |
US8707457B2 (en) | Methods and systems for forcing an application to store data in a secure storage location | |
US9098325B2 (en) | Persistent volume at an offset of a virtual block device of a storage server | |
US9311509B2 (en) | Creation and delivery of encrypted virtual disks | |
US20120311575A1 (en) | System and method for enforcing policies for virtual machines | |
US9172724B1 (en) | Licensing and authentication with virtual desktop manager | |
US9703581B2 (en) | Managing unallocated server farms in a desktop virtualization system | |
US20140214922A1 (en) | Method of providing virtual machine and service gateway for real-time virtual desktop service | |
US20140029033A1 (en) | Data processing apparatus, data processing system, and computer-readable storage medium | |
WO2011086787A1 (ja) | 機密情報漏洩防止システム、機密情報漏洩防止方法及び機密情報漏洩防止プログラム | |
US8776057B2 (en) | System and method for providing evidence of the physical presence of virtual machines | |
EP4172818B1 (en) | Shared resource identification | |
CN104091102A (zh) | 一种基于安卓系统的多用户管理方法及其装置 | |
KR102175317B1 (ko) | 데스크톱 가상화 | |
KR101337208B1 (ko) | 휴대 단말의 어플리케이션 데이터 관리 방법 및 그 장치 | |
CN111158857A (zh) | 数据加密方法、装置、设备及存储介质 | |
US20180083984A1 (en) | Remote computing system providing malicious file detection and mitigation features for virtual machines | |
JP2013174944A (ja) | シンクライアントシステム、制御サーバ、端末、セキュリティ制御方法及びセキュリティ制御プログラム | |
WO2018008124A1 (ja) | 計算機、計算機システム及びセキュリティの制御方法 | |
CN112152918B (zh) | 客户端-服务器架构中匿名且一致的数据路由的系统和方法 | |
US20230231847A1 (en) | Systems and methods for providing secure access to a private multiaccess edge computing device via a multi-tenancy environment | |
CN118170493A (zh) | 云桌面系统及云桌面创建及预约、授权和预授权方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180017330.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11762379 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13578784 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012508133 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011762379 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |