WO2015008780A1 - 機器管理システム、機器管理方法及びプログラム - Google Patents
機器管理システム、機器管理方法及びプログラム Download PDFInfo
- Publication number
- WO2015008780A1 WO2015008780A1 PCT/JP2014/068884 JP2014068884W WO2015008780A1 WO 2015008780 A1 WO2015008780 A1 WO 2015008780A1 JP 2014068884 W JP2014068884 W JP 2014068884W WO 2015008780 A1 WO2015008780 A1 WO 2015008780A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- user
- identification information
- management
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/40—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
Definitions
- the present invention is based on a Japanese patent application: Japanese Patent Application No. 2013-148350 (filed on July 17, 2013), and the entire description of the application is incorporated herein by reference.
- the present invention relates to a device management system, a device management method, and a program, and more particularly, to a device management system, a device management method, and a program for managing devices such as terminals connected to a network.
- it is possible to appropriately manage and control the management of the terminal connected to the network and the network access from the terminal without requiring the installation of management software for the terminal such as a server.
- a network such as a company (for example, an in-house LAN (Local Area Network)
- security measures for preventing unauthorized access from inside and outside the network are indispensable.
- An administrator of a corporate network needs to perform, for example, appropriate access control of a network and management of a terminal connected to the network.
- the management of terminals connected to the network is based on the identification of the terminal (for example, IP (Internet Protocol) address, MAC (Media Access Control) address, asset number, etc.) and installation location by the network administrator.
- IP Internet Protocol
- MAC Media Access Control
- Patent Document 1 is an unauthorized connection detection system for detecting unauthorized connection to a network by an unauthorized terminal device having no connection authority.
- a dedicated monitoring program is stored in a regular terminal authorized to connect to the network, and the monitoring program performs a predetermined operation when the terminal is connected to the network. It is described that it is configured to send predetermined information to a management server that manages the network and detects the connection of an unauthorized terminal that does not have connection authority to the network depending on the presence or content of the information. .
- Non-patent documents 1 and 2 are based on a technique called OpenFlow (see Non-patent documents 1 and 2).
- OpenFlow captures communication as an end-to-end flow and performs path control, failure recovery, load balancing, and optimization on a per-flow basis.
- the OpenFlow switch specified in Non-Patent Document 2 includes a secure channel for communication with the OpenFlow controller, and operates according to a flow table that is appropriately added or rewritten from the OpenFlow controller.
- the flow table defines, for each flow, a set of a match field (Match Fields) in which contents to be matched with the packet header are defined, flow statistical information (Counters), and an instruction (Instructions) that defines processing contents. (Refer to “5.2 Flow Table” in Non-Patent Document 2).
- the OpenFlow switch when it receives a packet, it searches the flow table for an entry having a match field that matches the header information of the received packet (see “5.3 Matching” in Non-Patent Document 2). If an entry that matches the received packet is found as a result of the search, the OpenFlow switch updates the flow statistical information (counter) and processes the processing (designated) in the instruction field of the entry for the received packet. Perform packet transmission, flooding, discard, etc. from the port. On the other hand, if no entry that matches the received packet is found as a result of the search, the OpenFlow switch requests the OpenFlow controller to set an entry, that is, determines the processing content of the received packet, via the secure channel. Send a request. The OpenFlow switch receives the flow entry corresponding to the request and updates the flow table. In this way, the OpenFlow switch performs packet transfer using the entry stored in the flow table as a processing rule.
- Patent Document 1 when a network administrator connects a terminal brought by an employee to a corporate network, the monitoring program stored in the terminal has the IP address and MAC address of the terminal. Management information such as an administrator is provided to the management server, and the network administrator can manage all terminals connected to the corporate network by referring to the management server. However, in this case, the network administrator must tell all the employees to store the management program in the terminal of each employee, which is difficult to manage.
- Patent Document 1 it is necessary for each employee to store a monitoring program in all terminals owned by the employee.
- the employee may hesitate to store a monitoring program for the BYOD he holds.
- There may be a company operating rule that stores a monitoring program for employees' BYOD in relation to the use of BYOD, but if possible, BYOD, a private terminal, should store a monitoring program for work. It is desirable to be able to use it freely.
- Non-Patent Documents 1 and 2 for example, when a packet coming to the OpenFlow switch is transmitted to the OpenFlow controller, the OpenFlow controller transmits the IP address, MAC address, and destination of the packet.
- the owner of the terminal that is the transmission source of the packet is not known. Therefore, the techniques disclosed in Patent Document 1 and Non-Patent Document 1 are not sufficient in terms of efficiently managing all terminals connected to the corporate network, and there is room for improvement.
- the object of the present invention is to connect to a network without introducing special software such as a monitoring program in a terminal in a centralized control network environment represented by OpenFlow described in Non-Patent Documents 1 and 2. It is an object to provide a device management system, a device management method, and a program that can manage terminals and the like.
- the identification information for uniquely identifying the terminal is transferred to the terminal management apparatus that manages the identification information, and the identification information of the terminal is disclosed to the user.
- a device management system including a terminal management device that registers a user of the terminal from a second terminal different from the terminal and stores the terminal and the user in association with each other. Provided.
- a transfer node that notifies identification information for uniquely identifying a terminal to a terminal management apparatus that manages the identification information, a user authentication apparatus for uniquely identifying a user, and the user
- a device management system including a terminal management device that specifies a user who uses a terminal and stores the terminal and the user in association with each other is provided by the authentication device.
- This method is associated with a specific machine called a terminal management apparatus that stores a terminal and a user in association with each other.
- the process of disclosing identification information uniquely identifying the terminal received from the forwarding node to the user, and the use of the terminal from the second terminal different from the terminal to the user A program for accepting registration of being a person and causing the computer to execute processing for associating and storing the terminal and the user is provided.
- This program can be recorded on a computer-readable (non-transient) storage medium. That is, the present invention can be embodied as a computer program product.
- the present invention in a centralized control type network environment, it is possible to manage a terminal connected to the network without introducing special software such as a monitoring program to the terminal.
- the transfer node that notifies the terminal management apparatus 310 and the identification information 700 that uniquely identifies the terminal 600 to the terminal management apparatus 310 that manages the identification information. 200 can be realized by a device management system.
- the terminal management apparatus 310 when receiving the notification of the identification information 700 from the forwarding node 200, discloses the identification information 700 of the terminal to the user. Then, the user is registered as a user of the terminal from a second terminal different from the terminal 600 (for example, the employee (user) terminal in FIG. 1), and the terminal 600 and the use are registered. Are stored in association with each other.
- FIG. 2 is a diagram illustrating a configuration of the device management system according to the first embodiment of this invention.
- a forwarding node 200 that forwards a packet based on the processing rule
- a communication control device 100 that registers the processing rule in the forwarding node 200
- a terminal management device 310 that notifies the communication control device 100 of a communication policy.
- a management website 320 for registering terminal owner information and the like in the terminal management device 310, an identification information storage device 400 for the terminal management device 310 to determine a communication policy, and a policy storage device 500, A configuration including is shown.
- the forwarding node 200 processes the received packet according to a processing rule that associates a matching rule that matches the received packet (see, for example, the matching rule in FIG. 17) with a processing rule that is applied to a packet that matches the matching rule. It is a switching device.
- a processing rule that associates a matching rule that matches the received packet (see, for example, the matching rule in FIG. 17) with a processing rule that is applied to a packet that matches the matching rule. It is a switching device.
- the OpenFlow switch of Non-Patent Document 2 that operates using the flow entry shown in FIG. 17 as a processing rule can also be used.
- a terminal 600 is connected to the forwarding node 200 in FIG.
- the terminal 600 can communicate with another transfer node (not shown) or a terminal (not shown) connected to the transfer node 200 via the transfer node 200.
- the terminal 600 is a computer typified by a server, a PC (personal computer), a smartphone, and the like, and each terminal has identification information 700 for uniquely identifying the terminal itself.
- the identification information is represented by, for example, a terminal name, a MAC address, an IP address, and a combination thereof.
- the identification information may be any information as long as the information can uniquely identify the terminal.
- the terminal 600 is described on the assumption that it is connected to the transfer node 200 via a wire.
- a mobile terminal represented by a tablet terminal or a smartphone and the transfer node 200 are connected wirelessly. It may be a form.
- FIG. 3 is a diagram showing an example of the identification information 700 that the terminal 600 has.
- the identification information 700 of the terminal 600 includes a pair of a terminal name, a MAC address, and an IP address.
- the identification information 700 of the terminal 600 has a terminal name “aaa”, a MAC address “aa: aa: aa: aa: aa: aa”, and an IP address “1.1.1. 1 ".
- the identification information of each terminal requires a MAC address, and the terminal name and the IP address may be empty.
- the terminal management device 310 registers the identification information storage device 400 that stores the identification information 700 held by the terminal 600, the policy storage device 500 that stores a communication policy corresponding to the user's affiliation, and the user's ownership of the terminal. Is connected to the management website 320 for this purpose.
- the terminal management device 310 receives the identification information 700 held by the terminal 600 from the forwarding node 200 via the communication control device 100.
- the terminal management device 310 Upon receiving the identification information 700, the terminal management device 310 refers to the identification information stored in the identification information storage device 400 and the communication policy stored in the policy storage device 500, and sends a terminal to the communication control device 100.
- Information for access control of the terminal 600 such as whether the 600 is accessible, is provided.
- the terminal management device 310 is configured to receive the identification information 700 of the terminal 600 via the communication control device 100 and record it in the identification information storage device 400.
- the management apparatus 310 may be configured to receive the identification information 700 of the terminal 600.
- the communication control device 100 may include the terminal management device 310.
- the identification information storage device 400 receives and records the identification information 700 of the terminal 600 transferred from the transfer node 200 via the communication control device 100 when the terminal 600 is connected to the transfer node 200.
- FIG. 4 is a diagram illustrating an example of an identification information table held by the identification information storage device 400.
- the identification information table in the example of FIG. 4 is a table that can store entries in which terminal names, user IDs, MAC addresses, IP addresses, connection transfer nodes, and connection ports are associated with each other.
- the first entry in the identification information table of FIG. 4 has a terminal name “aaa”, a MAC address “aa: aa: aa: aa: aa: aa”, and an IP address “1.1.1”.
- .1 indicates the presence of a terminal whose connection transfer node is“ switch1 ”and whose connection port is“ 1 ”.
- no value is set in the user ID field.
- the user ID is set when the user registers the ownership of the corresponding terminal via the management website 320 of the terminal management device 310.
- the forwarding node name of the forwarding node 200 is associated with the connection port number of the forwarding node. New entries are added.
- the communication control device 100 is a control device that controls the forwarding node 200 by setting processing rules.
- the communication control apparatus 100 sets a processing rule for the forwarding node 200 such that all packets for which access permission or denial is not explicitly specified are discarded. Thereby, for example, access from the terminal 600 newly connected to the forwarding node 200 to the management Web site 320 that discloses the identification information of the terminal 600 is prohibited.
- the open flow controller of a nonpatent literature 1 and 2 can be used.
- the communication control apparatus 100 according to the present embodiment can manage the name of the forwarding node and the connection port number of the forwarding node as a general OpenFlow mechanism.
- the identification information storage device 400 may be included as part of the terminal management device 310 or the communication control device 100.
- the policy storage device 500 stores a communication policy corresponding to the user's affiliation and the like.
- the policy storage device 500 stores access control information for users and terminals registered in advance by a network administrator (not shown). This access control information is used when the terminal management apparatus 310 determines the content of access control for the terminal and notifies the communication control apparatus 100 of it.
- FIG. 5 is an example of a communication policy stored in the policy storage device 500.
- a communication policy table capable of storing an entry in which a user ID, a terminal group ID, and an access right are associated is shown.
- a terminal group ID in which terminals are grouped for each group and communication policy information for which access authority is set are stored in association with each other.
- the user ID alice is permitted to access both the resource group IDs resource_group_0001 and resource_group_0002.
- the user ID is generally managed in a database or the like as employee information in a company or the like, and is registered in advance based on the employee information.
- FIG. 6 is an example of terminal group information stored in the policy storage device 500.
- the terminal group ID, terminal name, and terminal attribute of the terminals belonging to the resource group ID are associated with each other.
- the terminal management apparatus 310 connects to the forwarding node 200 with reference to the identification information, communication policy information, and terminal group information as described above.
- the terminal 600 determines the access control content of the terminal based on the access right of the terminal 600 and its owner, and notifies the communication control apparatus 100 of it.
- the terminal management device 310 stores the identification information 700 held by the terminal 600 in the identification information storage device 400.
- the terminal 600 connected to the forwarding node 200 is automatically posted as a terminal connection list.
- the user finds the terminal 600 to which the user himself / herself is connected from the terminal connection list, sets the owner to the user ID, and clicks the registration button to complete the process.
- a user accesses the management website 320, discovers his / her terminal 600 previously connected to the forwarding node 200 through the management website 320, and the ownership of the terminal 600 is the user (here, “alice for convenience of explanation”). ”) Is reflected in the management website 320 (see the user name field of the terminal name“ aaa ”in FIG. 7).
- the terminal name stored in the identification information table of the identification information storage device 400 of FIG. 4 is set.
- the terminal name of the terminal group information table defined in the communication policy table of the policy storage device 500 of FIG. 5 is set as the destination terminal name.
- the contents (allow / deny) obtained by referring to the communication policy table of the policy storage device 500 of FIG. 5 are set in the access right.
- the condition (option) information set in the terminal attribute of the terminal group information table of the policy storage device 500 in FIG. 6 is set.
- the source terminal name, the destination terminal name, and the access right are indispensable items, and the condition (option) is an item that can be arbitrarily given.
- the management Web site 320 since the management Web site 320 cannot be accessed from the terminal 600 connected to the forwarding node 200 (because the terminal 600 is going to be registered), the user uses another terminal other than the terminal 600 to manage the management Web site 320.
- the site 320 is accessed and the user of the terminal 600 is registered.
- access to the management website 320 can be accessed only from terminals that are already managed by the terminal management apparatus 310. This is because the forwarding node 200 is controlled by the communication control device 100 to discard a packet for which access permission or denial is not explicitly stated. With such a mechanism, it is possible to access the management Web site 320 only from a terminal registered in the network configured and managed by the terminal authentication system and refer to the list of identification information.
- the terminal management device 310 receives a communication policy creation or setting change from the administrator, a change of the terminal owner from the user, and the like, and notifies these results to the communication control device 100 (hereinafter, “ Also called “editing function”).
- the editing function is realized by, for example, an application program (hereinafter, also simply referred to as “application”) that realizes an editing function such as a communication policy, a user ID, and a terminal name. Administrators and users can freely create, modify, and delete communication policies, user IDs, terminal names, and the like at any time using the editing function.
- the terminal management device 310 records the updated information in the identification information storage device 400 and the policy storage device 500, creates terminal access control information based on the updated information, and notifies the communication control device 100 of it.
- the administrator and the user who use the terminal management of this embodiment can freely create, modify, and delete the communication policy, the user ID, the terminal name, and the like at any time.
- a communication policy management mechanism may be provided to the user as a Web-based system, or may be provided as an application that runs on an independent PC, or an application using a GUI (Graphical User Interface). Instead, CLI (Command Line Interface) may be provided, or any form may be employed.
- GUI Graphic User Interface
- the communication control apparatus 100 When the communication control apparatus 100 receives the information related to access control described above from the terminal management apparatus 310, first, the communication control apparatus 100 requests to set a processing rule for a packet from a terminal to which the access control information is applied (for example, Non-Patent Document 2). Processing rules for transmitting (Packet-In message) are created and set in the forwarding node 200. Further, when receiving a processing rule setting request according to the processing rule, the communication control apparatus 100 realizes the packet transfer path and the transfer path based on the packet information included in the processing rule setting request. A processing rule is created and set in a forwarding node on the packet forwarding path.
- a processing rule for transmitting Packet-In message
- FIG. 9 is a block diagram showing a detailed configuration of the communication control apparatus 100 of the present embodiment.
- the communication control apparatus 100 includes a node communication unit 11 that performs communication with the forwarding node 200, a control message processing unit 12, a processing rule management unit 13, a processing rule storage unit 14, and forwarding node management.
- a unit 15, a route / action calculation unit 16, a topology management unit 17, a terminal location management unit 18, a communication policy management unit 19, and a communication policy storage unit 20 are configured. Each of these operates as follows.
- the control message processing unit 12 analyzes the control message received from the forwarding node and delivers the control message information to the corresponding processing means in the communication control apparatus 100.
- the processing rule management unit 13 manages what processing rule is set for which forwarding node. Specifically, the processing rule created by the route / action calculation unit 16 is registered in the processing rule storage unit 14 and set in the forwarding node, and at the forwarding node by a processing rule deletion notification from the forwarding node, etc. The registered information in the processing rule storage unit 14 is updated in response to a change in the set processing rule.
- the forwarding node management unit 15 manages the capabilities (for example, the number and types of ports, the types of supported actions, etc.) of the forwarding nodes controlled by the communication control device 100.
- the route / action calculation unit 16 When receiving the communication policy from the communication policy management unit 19, the route / action calculation unit 16 first refers to the network topology held in the topology management unit 17 according to the communication policy, and processes the packet from the user. Create a processing rule to execute the rule setting request.
- the transfer node to which the processing rule is set may be all transfer nodes to which the user terminal may be connected, or transfer from the terminal location management unit 18 based on the transmission source information included in the communication policy.
- a node eg, forwarding node 200 in FIG. 1 may be selected.
- the route / action calculation unit 16 determines the transfer route of the packet and the transfer route based on the packet information included in the processing rule setting request. Create processing rules to be realized.
- the route / action calculation unit 16 determines the packet transfer route based on the location information of the communication terminal managed by the terminal location management unit 18 and the network topology information constructed by the topology management unit 17. Calculate Next, the route / action calculation unit 16 acquires the port information of the transfer node on the transfer route from the transfer node management unit 15 and sets the transfer node on the route to realize the calculated transfer route.
- a collation rule for specifying an action to be executed and a flow to which the action is applied is obtained.
- the collation rule can be created using the address of the transmission source terminal, the address of the destination terminal, conditions (option), etc. in the access control information of FIG. Therefore, in the case of the first entry of the access control information in FIG.
- the packet addressed from the source terminal name: aaaa to the destination terminal name: bbbb is forwarded from the port to which the next forwarding node on the route is connected.
- Each processing rule that defines an action is created. When setting the above processing rule, not only the packet that received the processing rule setting request, but also a processing rule that realizes packet transfer to other resources to which the terminal has access rights should be created. You may do it.
- the topology management unit 17 constructs network topology information based on the connection relation of the forwarding nodes 200 collected via the node communication unit 11.
- the terminal location management unit 18 manages information for specifying the location of the resource connected to the communication system.
- a resource name is used as information for identifying a resource
- the forwarding node identifier of the forwarding node to which the resource is connected and the information of its port are used as information for specifying the location of the resource.
- information provided from an apparatus having an authentication function (not shown) or the like may be used to identify the resource and its position.
- the communication policy management unit 19 When the communication policy management unit 19 receives information related to access control from the terminal management device 310, the communication policy management unit 19 stores the information in the communication policy storage unit 20 and transmits it to the route / action calculation unit 16.
- the communication control apparatus 100 as described above can also be realized by adding a processing rule (flow entry) creation function triggered by reception of the communication policy described above based on the OpenFlow controller of Non-Patent Documents 1 and 2. .
- Each unit (processing means) of the communication control apparatus 100 shown in FIG. 9 stores the above-described information in the computer constituting the communication control apparatus 100 using the hardware, and executes the above-described processes. It can also be realized by a program.
- 10 and 11 are sequence diagrams showing a series of operations (new terminal registration) of the present embodiment.
- a processing procedure when a terminal 600 owned by the user alice is newly connected to the forwarding node 200 and a packet is transmitted to the terminal bbbb owned by the user bob is shown.
- the terminal bbbb owned by the user bob is already connected to the forwarding node 200.
- identification information 700 held by terminal 600 stores forwarding node 200, communication control device 100, and terminal management device 310. Is transmitted to the identification information storage device 400 (S002 in FIG. 10).
- the identification information storage device 400 transmits the identification information of all terminals to the management Web site 320 and discloses it (S003 in FIG. 10). At this time, the management Web site 320 may acquire the identification information of all terminals from the identification information storage device 400.
- the user alice accesses the management website 320 using another registered terminal and registers alice with the owner of the terminal 600 (S004 in FIG. 10).
- the management website 320 determines the owner of the terminal 600 (S005 in FIG. 10), registers alice as the owner of the identification information of the terminal 600, and stores it in the identification information storage device 400 (S006 in FIG. 10).
- the management website 320 transmits identification information of all terminals to the terminal management apparatus 310 (S007 in FIG. 10).
- the management website 320 causes the policy storage device 500 to transmit all the held communication policies to the terminal management device 310 (S008 in FIG. 10).
- which of the process for transmitting all identification information to the terminal management apparatus 310 (S007 in FIG. 10) and the process for transmitting all communication policies to the terminal management apparatus 310 (S008 in FIG. 10) is executed first. Or may be processed simultaneously.
- the terminal management apparatus 310 receives all identification information and all communication policies from the management website 320, determines access control information for the terminal 600 owned by the user alice (S009 in FIG. 10), and sends the communication control apparatus 100 with the above-mentioned information. Access control information is transmitted (S010 in FIG. 10). For example, the terminal management apparatus 310 creates access control information as shown in FIG. 8 and transmits it to the communication control apparatus 100.
- the communication control apparatus 100 Based on the access control information received from the terminal management apparatus 310, the communication control apparatus 100 creates a processing rule for making a processing rule setting request for a packet transmitted and received by the terminal 600 (S011 in FIG. 10). The processing rule is transmitted to the forwarding node 200 (S012 in FIG. 10). The forwarding node 200 receives the processing rule from the communication control apparatus 100, sets the processing rule (S013 in FIG. 10), and ends a series of processing.
- FIG. 11 is a sequence diagram showing a series of operations (communication between terminals) of packet transfer processing.
- terminal 600 transmits a packet addressed to terminal name bbbb (S101 in FIG. 11).
- the packet transmitted from the terminal 600 reaches the forwarding node 200.
- the forwarding node 200 receives the packet transmitted from the terminal 600, determines forwarding of the packet according to the processing rule set by the communication control device 100 (S102 in FIG. 11), and forwards the packet (S103 in FIG. 11). .
- terminal 600 As described above, communication between terminal 600 and terminal name bbbb is possible. Although not shown in FIG. 11, if it is determined in S102 in FIG. 11 that the packet transfer is determined and the packet is discarded, the packet from the terminal 600 to the terminal name bbbb in the transfer node 200 is Discarded and communication is not established.
- the administrator registers the owner of the terminal newly connected to the network by the user without grasping all the terminals in advance. Then, appropriate communication control can be performed on this terminal according to predetermined access control information. As a result, it is possible to reduce the load of management work by a network administrator or the like.
- FIG. 12 is a diagram showing the configuration of the second exemplary embodiment of the present invention.
- the forwarding node 200 that forwards the packet based on the processing rule
- the communication control device 100 that registers the processing rule in the forwarding node 200
- the terminal management device 310 that notifies the communication control device 100 of the communication policy
- the terminal management device 310 On the other hand, the management website 320 for registering terminal owner information and the like, the identification information storage device 400 for the terminal management device 310 to determine the communication policy, and the policy storage device 500 are the first one described above.
- the configuration is the same as that of the embodiment.
- a user authentication device 800 is newly connected to the management website 320.
- the user authentication device 800 performs user authentication necessary for logging in to the management website 320.
- user authentication for example, a method for requesting input of an ID and a password can be employed. Thereby, it is possible to reduce the trouble of inputting the owner information of the user and further improve the certainty of the owner of the terminal.
- FIG. 13 is a sequence diagram showing a series of operations according to the second embodiment of the present invention.
- the user alice connects the terminal 600 to the forwarding node 200 (S201 in FIG. 13), and the identification information 700 held by the terminal 600 is stored in the identification information storage device 400 via the forwarding node 200, the communication control device 100, and the terminal management device 310.
- the operation up to the point of transmission (S202 in FIG. 13) is the same as in the first embodiment.
- the user accesses the user authentication device 800 and performs user authentication (S204 in FIG. 13).
- the user authentication device 800 When the authentication is successful, the user authentication device 800 notifies the management website 320 of the authentication success (S205 in FIG. 13), and the management website 320 assigns the user name when the user authentication is performed to the terminal owner. (S206 in FIG. 13).
- User authentication may be authentication using an ID and password, authentication using a card such as an employee ID card, or any other authentication method.
- the user authentication device 800 may be included in the management website 320 or the terminal management device 310.
- the management website 320 registers the user name “alice” as the owner of the identification information of the terminal 600 and stores it in the identification information storage device 400 (S207 in FIG. 13). In addition, the management website 320 transmits identification information of all terminals to the terminal management apparatus 310 (S208 in FIG. 13), and further causes the policy storage apparatus 500 to transmit all communication policies to the terminal management apparatus 310 (FIG. 13). 13 S209).
- the terminal management apparatus 310 receives all identification information and all communication policies from the management website 320, determines access control information for the terminal 600 owned by the user alice (S210 in FIG. 13), and sends the communication control apparatus 100 with the above-mentioned information.
- the determined access control information is transmitted (S211 in FIG. 13).
- the communication control device 100 receives the access control information from the terminal management device 310, creates a processing rule for making a processing rule setting request for a packet transmitted or received by the terminal 600 (S212 in FIG. 13), and The processing rule is transmitted to the forwarding node 200 (S213 in FIG. 13).
- the forwarding node 200 receives the processing rule from the communication control apparatus 100, sets the processing rule (S214 in FIG. 13), and ends a series of processing.
- the user authentication device 800 specifies the owner of the terminal by user authentication, thereby reducing the trouble of inputting the owner information by the user. It becomes possible to improve the certainty of the owner.
- FIG. 14 is a diagram showing the configuration of the third exemplary embodiment of the present invention.
- the forwarding node 200 that forwards the packet based on the processing rule
- the communication control device 100 that registers the processing rule in the forwarding node 200
- the terminal management device 310 that notifies the communication control device 100 of the communication policy
- the terminal management device 310 As described above, the management Web site 320 for registering terminal owner information and the like, the identification information storage device 400 for the terminal management device 310 to determine the communication policy, and the policy storage device 500 are described above.
- the configuration is the same as that of the first embodiment.
- the correspondence information storage device 900 is newly connected to the communication control device 100.
- the correspondence information storage device 900 is a device in which information associated with a terminal and a user ID that uses the terminal is stored in advance by a network administrator or the like. Thus, if the terminal exists in the correspondence information storage device 900, the user automatically connects the terminal to the network without having to perform user registration or the like through the management Web site 320 by the user himself / herself. be able to.
- FIG. 15 is a diagram illustrating an example of a correspondence relationship between a terminal and a user ID stored in the correspondence information storage device 900.
- the correspondence information table stored in the correspondence information storage device 900 includes a set of a terminal name and a user ID.
- a network administrator or the like registers information in which such terminal names and user IDs are associated in advance in the correspondence information storage device 900.
- the correspondence information table may include arbitrary information such as a MAC address, an IP address, a connection transfer node, a connection port, etc. in addition to the terminal name and the user ID.
- the correspondence information storage device 900 may be included in the communication control device 100 or may be included in the identification information storage device 400.
- FIG. 16 is a sequence diagram showing a series of operations according to the third embodiment of the present invention.
- the identification information 700 held by the terminal 600 is transmitted to the communication control apparatus 100 via the transfer node 200 (S302 in FIG. 16).
- the communication control device 100 After receiving the identification information 700, the communication control device 100 requests and receives correspondence information between the terminal name and the user ID from the correspondence information storage device 900 (S303 in FIG. 16), and determines the owner of the terminal 600. (S304 in FIG. 16).
- the communication control apparatus 100 checks whether or not the owner of the terminal of the identification information 700 exists in the correspondence information, and if it exists, requests the terminal management apparatus 310 for a communication policy regarding the terminal and the owner ( S305 in FIG.
- the terminal management apparatus 310 receives a communication policy request from the communication control apparatus 100, and receives all related communication policies from the policy storage apparatus 500 (S306 in FIG. 16). Further, the terminal management apparatus 310 determines access control information of the terminal and its owner based on the communication policy (S307 in FIG. 16), and notifies the communication control apparatus 100 of the result (S308 in FIG. 16). ).
- the communication control device 100 receives the access control information from the terminal management device 310, creates a processing rule for making a processing rule setting request for a packet transmitted and received by the terminal 600 (S309 in FIG. 16), and transfers the processing rule.
- the data is transmitted to the node 200 (S310 in FIG. 16).
- the forwarding node 200 receives the processing rule from the communication control apparatus 100, sets the processing rule (S311 in FIG. 16), and ends the series of processing.
- the owner control being determined by the communication control device 100 (S304 in FIG. 16)
- the owner if there is no owner corresponding to the terminal, the owner is not determined, and the user can access the first through the management website 320.
- the user waits for registration of the owner of the terminal.
- the processing after the user registers the owner of the terminal is the same as in the first embodiment.
- the correspondence information storage device 900 stores correspondence information between the terminal and the owner (user ID) in advance, and the terminal of the terminal after the communication control device 100 is connected to the terminal. By performing the determination, it is possible to reduce the trouble of inputting the owner information by the user and further improve the certainty of the owner of the terminal.
- the present invention is not limited to the above-described embodiments, and further modifications, substitutions, and adjustments are possible without departing from the basic technical idea of the present invention. Can be added.
- the relationship between the terminal and its user has been described for convenience, but this relationship may be, for example, a relationship between a server and a network device and its administrator.
- the relationship between the terminal and its user is mainly from the user's perspective, but the relationship between the server and the network device and its administrator is mainly from the administrator's perspective of the server and network. From either viewpoint, the configuration and operation described in each embodiment of the present invention are the same.
- the communication control device 100, the terminal management device 310, the management website 320, the identification information storage device 400, the policy storage device 500, the user authentication device 800, and the correspondence information storage device 900 has been described as being provided independently of each other, but a configuration in which these are appropriately integrated can also be employed.
- access control is performed by assigning a user ID to a terminal as shown in FIGS. 2 to 7, but access such as a terminal name or a MAC address assigned to each terminal is performed. It is also possible to perform access control using ID, terminal location information, and the like.
- a fourth embodiment including the user authentication device of the second embodiment and the correspondence information storage device of the third embodiment can be configured.
- the communication control device 100 performing the owner determination (S304 in FIG. 16)
- if there is no owner corresponding to the terminal user registration using the user authentication device is accepted.
- the terminal management device publishes identification information of all terminals notified from the forwarding node via a management website, and allows the user to register a user name representing the terminal user, A device management system that stores the terminal and the user name in a one-to-one correspondence.
- the terminal management device at least for the user, A transmission request for the identification information of the published terminal from the second terminal that has been associated with the user name and the terminal stored in the terminal management device; A device management system that permits registration of a user name for the disclosed terminal identification information.
- a device management system that permits registration of a user name for the disclosed terminal identification information.
- a forwarding node that notifies identification information for uniquely identifying a terminal to a terminal management apparatus that manages the identification information;
- a device management system comprising: a terminal management device that specifies a user who uses a terminal by the user authentication device and stores the terminal and the user in association with each other.
- the user authentication device performs authentication using a user ID and a password, and after successful authentication, notifies the terminal management device of the user ID as a user of the terminal.
- the terminal management device A device management system that stores users in association with each other.
- a correspondence information storage device that stores in advance correspondence information in which identification information for uniquely identifying a terminal and a user name of the terminal are associated with each other.
- the terminal management device receives the newly received identification information, checks whether or not the new identification information exists in the correspondence information stored in the correspondence information storage device, and the new identification information is stored in the correspondence information storage. If not stored in the apparatus, the identification information of the corresponding terminal is made public via the management website, and the user is registered with the user name indicating that the user is the terminal.
- a device management system that associates the user name with each other and stores it in the correspondence information storage device.
- the terminal management device publishes identification information that uniquely identifies a server or network device, and registers that it is an administrator of the server or network device, A device management system for storing a server or network device and the administrator in association with each other.
- Identification information that uniquely identifies the terminal
- the terminal management device publishes identification information that uniquely identifies a server or network device, and registers that it is an administrator of the server or network device, A device management system for storing a server or network device and the administrator in association with each other.
- node communication unit 12 control message processing unit 13 processing rule management unit 14 processing rule storage unit 15 transfer node management unit 16 route / action calculation unit 17 topology management unit 18 terminal location management unit 19 communication policy management unit 20 communication policy storage unit 100 Communication control device 200 Transfer node 310 Terminal management device 320 Management website 400 Identification information storage device 500 Policy storage device 600 Terminal 700 Identification information 800 User authentication device 900 Corresponding information storage device
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
本発明は、日本国特許出願:特願2013-148350号(2013年 7月17日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
本発明は、機器管理システム、機器管理方法及びプログラムに関し、特に、ネットワークに接続される端末等の機器の管理のための機器管理システム、機器管理方法及びプログラムに関する。特に、サーバなどの端末に対して、管理用ソフトウェアのインストールを必要とせずに、ネットワークに接続される端末の管理、および端末からのネットワークアクセスを適切に管理・制御することを可能にする。
続いて、本発明の第1の実施形態について詳細に説明する。図2は、本発明の第1の実施形態の機器管理システムの構成を示す図である。図2を参照すると、処理規則に基づいてパケットを転送する転送ノード200と、転送ノード200に処理規則を登録する通信制御装置100と、通信制御装置100に通信ポリシを通知する端末管理装置310と、端末管理装置310に対して端末の所有者情報等を登録するための管理Webサイト320と、端末管理装置310が通信ポリシを決定するための識別情報記憶装置400、およびポリシ記憶装置500と、を含んだ構成が示されている。
続いて、上記した第1の実施形態の端末認証システムに新たにユーザ認証装置を加えた本発明の第2の実施形態について説明する。図12は、本発明の第2の実施形態の構成を表した図である。処理規則に基づいてパケットを転送する転送ノード200と、転送ノード200に処理規則を登録する通信制御装置100と、通信制御装置100に通信ポリシを通知する端末管理装置310と、端末管理装置310に対して端末の所有者情報等を登録するための管理Webサイト320と、端末管理装置310が通信ポリシを決定するための識別情報記憶装置400と、ポリシ記憶装置500とは、上記した第1の実施形態の構成と同様である。第2の実施形態では、新たにユーザ認証装置800が管理Webサイト320に接続されている。
続いて、上記した第1の実施形態の端末認証システムに新たに対応情報記憶装置を加えた本発明の第3の実施形態について説明する。図14は、本発明の第3の実施形態の構成を表した図である。処理規則に基づいてパケットを転送する転送ノード200と、転送ノード200に処理規則を登録する通信制御装置100と、通信制御装置100に通信ポリシを通知する端末管理装置310と、端末管理装置310に対して端末の所有者情報等を登録するための管理Webサイト320と、端末管理装置310が通信ポリシを決定するための識別情報記憶装置400と、ポリシ記憶装置500とを備える点は、上記した第1の実施形態の構成と同様である。第3の実施形態では、新たに対応情報記憶装置900が通信制御装置100と接続されている。
[第1の形態]
(上記第1の視点による機器管理システム参照)
[第2の形態]
第1の形態の機器管理システムにおいて、
前記端末管理装置は、管理Webサイトを介して、前記転送ノードから通知されたすべての端末の識別情報を公開し、前記利用者に端末の利用者であることを表す利用者名を登録させ、前記端末と前記利用者名とを1対1で対応付けて記憶する機器管理システム。
[第3の形態]
第1又は第2の形態の機器管理システムにおいて、
前記端末管理装置は、少なくとも、利用者に対して、
前記端末管理装置が記憶している端末と、利用者名との対応付けが完了している前記第2の端末からの公開された端末の識別情報の送信要求と、
前記公開された端末の識別情報に対する利用者名の登録と、を許可する機器管理システム。
[第4の形態]
第1~第3のいずれか一の形態の機器管理システムにおいて、
さらに、
前記端末管理装置が記憶する利用者と端末との対応付けを示す情報と、前記利用者及び前記端末の少なくともいずれかに適用する通信ポリシとを用いて、パケットの処理規則を生成し、当該処理規則を前記転送ノードに登録する通信制御装置を含む機器管理システム。
[第5の形態]
端末を一意に識別する識別情報を、当該識別情報を管理する端末管理装置へ通知する転送ノードと、
利用者を一意に特定するためのユーザ認証装置と、
前記ユーザ認証装置によって、端末を利用する利用者を特定し、前記端末と前記利用者とを対応付けて記憶する端末管理装置と、を含む機器管理システム。
[第6の形態]
第5の形態の機器管理システムにおいて、
前記ユーザ認証装置は、ユーザID及びパスワードによる認証を行い、認証成功後、前記端末管理装置に対して、前記端末の利用者として当該ユーザIDを通知し、前記端末管理装置は、前記端末と当該利用者とを対応付けて記憶する機器管理システム。
[第7の形態]
第1~第6のいずれか一の形態の機器管理システムにおいて、
さらに、端末を一意に識別する識別情報とその端末の利用者名とを対応付けた対応情報をあらかじめ記憶する対応情報記憶装置を含み、
前記端末管理装置は、新規に受け取った識別情報を受け取り、前記新規識別情報が、前記対応情報記憶装置が記憶する対応情報に存在するか否かを確認し、前記新規識別情報が前記対応情報記憶装置に記憶されていない場合に、管理Webサイトを介して、該当する端末の識別情報を公開し、前記利用者に前記端末の利用者であることを表す利用者名を登録させ、前記端末と前記利用者名とを対応付けて前記対応情報記憶装置に記憶する機器管理システム。
[第8の形態]
第1~第7のいずれか一の形態の機器管理システムにおいて、
前記端末を一意に識別する識別情報に代えて、前記端末管理装置は、サーバ又はネットワーク機器を一意に識別する識別情報を公開し、前記サーバ又はネットワーク機器の管理者であることを登録させ、前記サーバ又はネットワーク機器と前記管理者とを対応付けて記憶する機器管理システム。
[第9の形態]
(上記第2の視点による機器管理方法参照)
[第10の形態]
(上記第3の視点による機器管理プログラム参照)
なお、上記した第9、第10の形態は、第1の形態と同様に、第2~第8の形態に展開することが可能である。
12 制御メッセージ処理部
13 処理規則管理部
14 処理規則記憶部
15 転送ノード管理部
16 経路・アクション計算部
17 トポロジ管理部
18 端末位置管理部
19 通信ポリシ管理部
20 通信ポリシ記憶部
100 通信制御装置
200 転送ノード
310 端末管理装置
320 管理Webサイト
400 識別情報記憶装置
500 ポリシ記憶装置
600 端末
700 識別情報
800 ユーザ認証装置
900 対応情報記憶装置
Claims (10)
- 端末を一意に識別する識別情報を、当該識別情報を管理する端末管理装置へ通知する転送ノードと、
前記端末の識別情報を利用者に公開し、前記利用者に対して前記端末とは別の第2の端末から、前記端末の利用者であることを登録させ、前記端末と前記利用者とを対応付けて記憶する端末管理装置と、
を含む機器管理システム。 - 前記端末管理装置は、管理Webサイトを介して、前記転送ノードから通知されたすべての端末の識別情報を公開し、前記利用者に端末の利用者であることを表す利用者名を登録させ、前記端末と前記利用者名とを1対1で対応付けて記憶すること、
を特徴とする請求項1の機器管理システム。 - 前記端末管理装置は、少なくとも、利用者に対して、
前記端末管理装置が記憶している端末と、利用者名との対応付けが完了している前記第2の端末からの公開された端末の識別情報の送信要求と、
前記公開された端末の識別情報に対する利用者名の登録と、を許可すること、
を特徴とする請求項1又は2の機器管理システム。 - さらに、
前記端末管理装置が記憶する利用者と端末との対応付けを示す情報と、前記利用者及び前記端末の少なくともいずれかに適用する通信ポリシとを用いて、パケットの処理規則を生成し、当該処理規則を前記転送ノードに登録する通信制御装置、
を含む請求項1から3のいずれか一の機器管理システム。 - さらに、利用者を一意に特定するためのユーザ認証装置を含み、
前記端末管理装置は、前記ユーザ認証装置によって、端末を利用する利用者を特定し、前記端末と前記利用者とを対応付けて記憶する請求項1から4のいずれか一の機器管理システム。 - 前記ユーザ認証装置は、ユーザID及びパスワードによる認証を行い、認証成功後、前記端末管理装置に対して、前記端末の利用者として当該ユーザIDを通知し、前記端末管理装置は、前記端末と当該利用者とを対応付けて記憶すること、
を特徴とする請求項5の機器管理システム。 - さらに、端末を一意に識別する識別情報とその端末の利用者名とを対応付けた対応情報をあらかじめ記憶する対応情報記憶装置を含み、
前記端末管理装置は、新規に受け取った識別情報を受け取り、前記新規識別情報が、前記対応情報記憶装置が記憶する対応情報に存在するか否かを確認し、前記新規識別情報が前記対応情報記憶装置に記憶されていない場合に、管理Webサイトを介して、該当する端末の識別情報を公開し、前記利用者に前記端末の利用者であることを表す利用者名を登録させ、前記端末と前記利用者名とを対応付けて前記対応情報記憶装置に記憶する請求項1から6いずれか一の機器管理システム。 - 前記端末を一意に識別する識別情報に代えて、前記端末管理装置は、サーバ又はネットワーク機器を一意に識別する識別情報を公開し、前記サーバ又はネットワーク機器の管理者であることを登録させ、前記サーバ又はネットワーク機器と前記管理者とを対応付けて記憶する請求項1から7のいずれか一の機器管理システム。
- 転送ノードから受信した端末を一意に識別する識別情報をユーザに公開するステップと、
前記ユーザに対して前記端末とは別の第2の端末から、前記端末の利用者であることの登録を受け付け、前記端末と前記ユーザとを対応付けて記憶するステップと、
を含む機器管理方法。 - 転送ノードから受信した端末を一意に識別する識別情報をユーザに公開する処理と、
前記ユーザに対して前記端末とは別の第2の端末から、前記端末の利用者であることの登録を受け付け、前記端末と前記ユーザとを対応付けて記憶する処理と、
をコンピュータに実行させるプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015527313A JP6424820B2 (ja) | 2013-07-17 | 2014-07-16 | 機器管理システム、機器管理方法及びプログラム |
US14/905,687 US10033734B2 (en) | 2013-07-17 | 2014-07-16 | Apparatus management system, apparatus management method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-148350 | 2013-07-17 | ||
JP2013148350 | 2013-07-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015008780A1 true WO2015008780A1 (ja) | 2015-01-22 |
Family
ID=52346228
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/068884 WO2015008780A1 (ja) | 2013-07-17 | 2014-07-16 | 機器管理システム、機器管理方法及びプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US10033734B2 (ja) |
JP (1) | JP6424820B2 (ja) |
WO (1) | WO2015008780A1 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016139908A (ja) * | 2015-01-27 | 2016-08-04 | 日本電気株式会社 | 通信システム、通信ノード、制御装置、通信制御方法、及び、プログラム |
WO2016198867A1 (en) | 2015-06-11 | 2016-12-15 | Punk Couplings Limited | Coupling assembly and application to driven coupling, robotic arm and dual drive |
JP2017045145A (ja) * | 2015-08-24 | 2017-03-02 | シャープ株式会社 | ユーザ端末、管理サーバ、情報管理システム、ユーザ端末の制御方法、及び管理サーバの制御方法 |
WO2017216529A1 (en) | 2016-06-14 | 2017-12-21 | Punk Couplings Limited | Lead screw nut |
JP2018061217A (ja) * | 2016-10-07 | 2018-04-12 | 株式会社リコー | 通信制御装置、通信制御プログラムおよび通信システム |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581018B (zh) * | 2013-07-26 | 2017-08-11 | 北京华为数字技术有限公司 | 报文发送方法、路由器以及业务交换器 |
US10057167B2 (en) * | 2014-04-09 | 2018-08-21 | Tallac Networks, Inc. | Identifying end-stations on private networks |
CN114172690B (zh) * | 2021-11-11 | 2023-12-26 | 新华三大数据技术有限公司 | 一种终端认证方法及装置 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012115058A1 (ja) * | 2011-02-21 | 2012-08-30 | 日本電気株式会社 | 通信システム、データベース、制御装置、通信方法およびプログラム |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0322880D0 (en) * | 2003-09-30 | 2003-10-29 | British Telecomm | Purchasing scheme |
CN1969264A (zh) * | 2004-06-10 | 2007-05-23 | 日本电气株式会社 | 信息终端、设定信息配发服务器、权利信息配发服务器、网络连接设定程序及方法 |
JP4002276B2 (ja) | 2005-01-06 | 2007-10-31 | 株式会社インテリジェントウェイブ | 不正接続検知システム |
US8032639B2 (en) * | 2006-05-23 | 2011-10-04 | Cisco Technology, Inc. | Apparatus and method for providing data session source device information |
US20080177878A1 (en) * | 2007-01-22 | 2008-07-24 | Jeffrey Scott Pierce | Multi-device communication method and system |
CN101627407B (zh) * | 2007-03-07 | 2013-08-21 | 日本电气株式会社 | 可达性实现服务器、管理系统、管理方法和实现程序 |
GB201010546D0 (en) * | 2010-06-23 | 2010-08-11 | Applied Neural Technologies Ltd | Method of indentity verification |
CA2803495A1 (en) * | 2010-07-06 | 2012-01-12 | General Instrument Corporation | Method and apparatus for cross drm domain registration |
-
2014
- 2014-07-16 JP JP2015527313A patent/JP6424820B2/ja active Active
- 2014-07-16 WO PCT/JP2014/068884 patent/WO2015008780A1/ja active Application Filing
- 2014-07-16 US US14/905,687 patent/US10033734B2/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012115058A1 (ja) * | 2011-02-21 | 2012-08-30 | 日本電気株式会社 | 通信システム、データベース、制御装置、通信方法およびプログラム |
Non-Patent Citations (2)
Title |
---|
CISCO: "Cisco ga Jitsugen suru BYOD (Bring Your Own Device", DEVICE SENTAKU NO JIYU TO IT NETWORK NO SECURITY, 18 May 2012 (2012-05-18) * |
KOJI HIRANAKA: "Shuyo Maker Kanzen Mora Koredake wa Yatte Okitai! Musen LAN Security Taisaku", PC MODE, vol. 10, no. 10, October 2005 (2005-10-01) * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016139908A (ja) * | 2015-01-27 | 2016-08-04 | 日本電気株式会社 | 通信システム、通信ノード、制御装置、通信制御方法、及び、プログラム |
WO2016198867A1 (en) | 2015-06-11 | 2016-12-15 | Punk Couplings Limited | Coupling assembly and application to driven coupling, robotic arm and dual drive |
JP2017045145A (ja) * | 2015-08-24 | 2017-03-02 | シャープ株式会社 | ユーザ端末、管理サーバ、情報管理システム、ユーザ端末の制御方法、及び管理サーバの制御方法 |
WO2017216529A1 (en) | 2016-06-14 | 2017-12-21 | Punk Couplings Limited | Lead screw nut |
CN109312839A (zh) * | 2016-06-14 | 2019-02-05 | 朋克联轴器有限公司 | 丝杠螺母 |
GB2565471A (en) * | 2016-06-14 | 2019-02-13 | Punk Couplings Ltd | Lead screw nut |
CN109312839B (zh) * | 2016-06-14 | 2021-09-28 | 朋克联轴器有限公司 | 丝杠螺母 |
GB2565471B (en) * | 2016-06-14 | 2021-11-03 | Punk Couplings Ltd | Lead screw nut |
JP2018061217A (ja) * | 2016-10-07 | 2018-04-12 | 株式会社リコー | 通信制御装置、通信制御プログラムおよび通信システム |
Also Published As
Publication number | Publication date |
---|---|
JP6424820B2 (ja) | 2018-11-21 |
US20160182510A1 (en) | 2016-06-23 |
US10033734B2 (en) | 2018-07-24 |
JPWO2015008780A1 (ja) | 2017-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6424820B2 (ja) | 機器管理システム、機器管理方法及びプログラム | |
JP5862577B2 (ja) | 通信システム、制御装置、ポリシ管理装置、通信方法およびプログラム | |
JP5811171B2 (ja) | 通信システム、データベース、制御装置、通信方法およびプログラム | |
JP6337947B2 (ja) | ネットワーク管理サービスシステム、制御装置、方法およびプログラム | |
JP5660202B2 (ja) | コンピュータシステム、コントローラ、及びネットワークアクセスポリシ制御方法 | |
JP5994851B2 (ja) | 転送装置の制御装置、転送装置の制御方法、通信システムおよびプログラム | |
EP2832058B1 (en) | Communication system, control apparatus, communication apparatus, communication control method, and program | |
JPWO2006095438A1 (ja) | アクセス制御方法、アクセス制御システムおよびパケット通信装置 | |
JP5925737B2 (ja) | 無線lanシステム | |
US20130275620A1 (en) | Communication system, control apparatus, communication method, and program | |
JP6330814B2 (ja) | 通信システム、制御指示装置、通信制御方法及びプログラム | |
WO2014061583A1 (ja) | 通信ノード、制御装置、通信システム、パケット処理方法及びプログラム | |
JP2011217174A (ja) | 通信システム、パケット転送方法、ネットワーク交換装置、及びプログラム | |
JP2015530763A (ja) | アクセス制御システム、アクセス制御方法及びプログラム | |
WO2015145976A1 (ja) | 通信システム、制御指示装置、制御実施装置、通信制御方法およびプログラムを記憶する記憶媒体 | |
US20210051076A1 (en) | A node, control system, communication control method and program | |
WO2015025817A1 (ja) | 通信端末、通信システム、通信方法およびプログラム | |
WO2015129727A1 (ja) | 通信端末、通信方法およびプログラム | |
JP2016046625A (ja) | 通信中継装置、情報処理方法、及び、プログラム | |
JP2014200017A (ja) | 中継装置、情報処理方法、及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14827013 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015527313 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14905687 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14827013 Country of ref document: EP Kind code of ref document: A1 |