WO2015049825A1 - 端末認証登録システム、端末認証登録方法および記憶媒体 - Google Patents
端末認証登録システム、端末認証登録方法および記憶媒体 Download PDFInfo
- Publication number
- WO2015049825A1 WO2015049825A1 PCT/JP2014/004273 JP2014004273W WO2015049825A1 WO 2015049825 A1 WO2015049825 A1 WO 2015049825A1 JP 2014004273 W JP2014004273 W JP 2014004273W WO 2015049825 A1 WO2015049825 A1 WO 2015049825A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- information
- user
- connection
- white list
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Definitions
- the present invention relates to a terminal authentication registration system, a terminal authentication registration method, and a storage medium for authenticating and registering a terminal connected to a remote desktop (hereinafter also referred to as “authentication registration”).
- BYOD Back Your Own Device
- PC Personal Computer
- Patent Document 1 discloses a thin client system that performs authentication using an authentication device in a thin client terminal and a plurality of virtual PCs without modifying the authentication software.
- Patent Document 2 discloses a simultaneous authentication device for a user and a terminal device, which simultaneously realizes user authentication and terminal device authentication, with respect to a terminal device authentication technique by a host device.
- Remote desktop technology authenticates the connecting user when connecting to the PC from the terminal, but does not authenticate the connecting terminal.
- BYOD In order for a company to adopt BYOD, it is necessary to manage connected terminals due to security problems.
- Patent Document 1 and Patent Document 2 are techniques for authenticating a specific terminal connected to a host computer, and are not a technique for newly authenticating and registering an unknown terminal.
- the main object of the present invention is to enable user and terminal authentication registration in a remote desktop system without increasing the complexity, cost, and difficulty of use for the user.
- a terminal authentication registration system includes a connection destination computer that can authenticate a remote desktop connection of a user terminal, a terminal registration device that registers a remote desktop connection between the terminal and the connection destination computer,
- the connection destination computer refers to user information acquisition means for acquiring user information for identifying the user and authentication information indicating a user permitted to log in to the connection destination computer.
- User authentication means for determining whether or not to permit login of the user indicated by the user information, terminal information acquisition means for acquiring terminal information for identifying the terminal from the terminal, and remote desktop connection permitted A list of combinations of the user, the terminal and the connection destination computer is registered.
- the connection permission determination means for determining whether or not to permit remote desktop connection by the user indicated by the user information with the connection destination computer and the connection permission determination means determine that remote desktop connection is not permitted the user Based on the information, the terminal information, and the computer information for identifying the connection destination computer, the application information used for the application for registering the combination of the user, the terminal, and the connection destination computer with the white list is generated.
- Application information transmitting means for transmitting the application information to the terminal registration device, wherein the terminal registration device is a second whitelist storage means for storing the whitelist, the user to the whitelist, and the terminal And condition information storage means for storing condition information indicating conditions for determining whether or not a combination of the connection destination computer can be registered, application information reception means for receiving the application information from the connection destination computer, and the condition information Based on the application information received by the application information receiving means, it is determined whether or not to register the combination of the user, the terminal and the connection destination computer in the white list, and it is determined to register If the combination of the user, the terminal and the connection destination computer is registered in the white list, If the registration means for updating the white list and the registration means determine to register, the updated white list is transmitted to the connection destination computer, and if it is determined not to register, registration is permitted.
- the terminal registration device is a second whitelist storage means for storing the whitelist, the user to the whitelist, and the terminal And condition information storage means for storing condition information indicating conditions for determining
- connection destination computer An information indicating whether or not error information indicating that the error has not occurred is transmitted to the connection destination computer, and the connection destination computer receives the error information and the updated white list from the terminal registration device,
- the availability information receiving means for storing the updated white list in the first white list storage means, and the error information output means for outputting the error information received by the availability information receiving means, To do.
- a terminal authentication registration method includes a connection destination computer that can authenticate a remote desktop connection of a user terminal, a terminal registration device that registers a remote desktop connection between the terminal and the connection destination computer, and A terminal authentication registration method executed in a terminal authentication registration system including: a user information acquisition step in which the connection destination computer acquires user information for identifying the user; and login to the connection destination computer is permitted.
- the white list in which a list of combinations of the user, the terminal, and the connection destination computer that are permitted to connect to the remote desktop is referred to, and the terminal indicated by the terminal information, the connection destination computer, And determining whether to permit remote desktop connection by the user indicated by the user information, and determining that remote desktop connection is not permitted in the connection permission determination step, the user information and the terminal information And an application information generating step for generating application information to be used for an application for registering a combination of the user, the terminal and the connection destination computer with the white list based on the computer information for identifying the connection destination computer And the above application information generation step
- the application information transmitting step of transmitting the application information to the terminal registration device is executed, and the terminal registration device receives the application information from the connection destination computer, and the white list Reference is made to condition information indicating conditions for determining whether or not a combination of the user, the terminal, and the connection destination computer can be registered, and the user, the terminal, and the like, based on the application information received in the application information receiving step.
- connection destination computer It is determined whether or not the combination with the connection destination computer is registered in the white list, and if it is determined to be registered, the combination of the user, the terminal, and the connection destination computer is registered in the white list.
- the registration step for updating the white list and the registration step determine that registration is to be performed.
- the updated white list is transmitted to the connection destination computer, and if it is determined not to be registered, error information indicating that registration is not permitted is transmitted to the connection destination computer.
- the connection destination computer receives the error information and the updated white list from the terminal registration device, and stores the updated white list.
- An error information output step of outputting the error information received in the reception step.
- a storage medium provides a user information acquisition means for acquiring user information for identifying a computer, authentication information indicating a user permitted to log in, and the user information indicated by the user information.
- User authentication means for determining whether or not to permit login
- terminal information acquisition means for acquiring terminal information for identifying the terminal from the terminal of the user, the user who is permitted to connect to a remote desktop, the terminal, and the terminal
- a white list storage unit that stores a white list that is a list of combinations with a connection destination computer, and when the user authentication unit determines to permit login of a user indicated by the user information, the white list is referred to
- the user information indicated by the terminal indicated by the terminal information and the connection destination computer of the terminal indicates Connection permission determination means for determining whether or not to permit remote desktop connection by the user, and when the connection permission determination means determines that remote desktop connection is not permitted, the user information, the terminal information and the remote desktop connection are permitted.
- Generating means condition information storage means for storing condition information indicating conditions for determining whether or not a combination of the user, the terminal and the connection destination computer can be registered in the white list, and referring to the condition information, the application Based on the information, the user, the terminal, and the connected computer Whether or not to register the combination of the user, the terminal, and the connected computer are registered in the white list, and the white list is updated.
- the registration unit When the registration unit determines that the registration unit does not register, the registration unit functions as an error information generation unit that generates error information indicating that registration is not permitted, and an error information output unit that outputs the error information. It is a computer-readable storage medium having a program recorded therein.
- the terminal authentication device obtains user information that can identify a user, and is identified by the user information based on authentication information representing a user who is permitted to log in to the device.
- Authentication means for determining whether or not to permit login terminal information acquisition means for acquiring terminal information that can identify the terminal from a terminal that executes remote desktop connection to the own apparatus, and remote desktop connection
- connection possibility determination means for determining whether or not to permit remote desktop connection by the user indicated by the user information between the terminal and the own apparatus, and the connection permission determination means determines that the remote desktop connection is not permitted.
- Application information to be used for an application for registering a combination of the user, the terminal, and the own device with the white list based on the user information, the terminal information, and the computer information that can identify the own device.
- Application information generating means for generating and transmitting the generated application information to a terminal registration device for registering a remote desktop connection between the terminal and the device itself.
- the information processing apparatus acquires user information that can identify a user, and the user information is based on authentication information that represents a user who is permitted to log in to the own apparatus.
- User authentication for determining whether or not to allow login of the user identified by the user is performed terminal information that can identify the terminal is acquired from a terminal that performs remote desktop connection to the own device, and the user
- a white list that is a list of combinations of the user who is permitted to connect to the remote desktop, the terminal, and a connection destination computer to which the terminal is connected to the remote desktop Referring to the list, the user indicated by the user information between the terminal indicated by the terminal information and the own device is indicated.
- the storage medium obtains user information capable of identifying a user in a computer functioning as a terminal authentication device, and based on authentication information representing a user who is permitted to log in to the device.
- a user authentication process for determining whether or not to permit login of a user identified by the user information, and a terminal for acquiring terminal information that can identify the terminal from a terminal that performs remote desktop connection to the own apparatus In the information acquisition process and the user authentication process, when it is determined that the login of the user indicated by the user information is permitted, the user who is permitted to connect to the remote desktop, the terminal, and the connection destination computer to which the terminal connects to the remote desktop Refer to a white list that is a list of combinations of When it is determined that remote desktop connection is not permitted in the connection permission determination process for determining whether to permit remote desktop connection by the user indicated by the user information and the connection permission determination process Based on the user information, the terminal information, and the computer information capable of identifying the own device, the application information used for the application for registering the combination of the
- authentication registration of users and terminals in a remote desktop system can be performed without increasing the complexity, cost, and difficulty of use for the user.
- FIG. 1 is a diagram showing a configuration example of a terminal authentication registration system according to the first embodiment of the present invention.
- the terminal authentication registration system 100 includes a user terminal 1, a remote PC 2, and a terminal registration device 3.
- the terminal 1 is a terminal that allows a user to make a remote desktop connection (hereinafter referred to as “RD (Remote Desktop) connection”) with a connection destination computer.
- RD Remote Desktop
- the remote PC 2 and the terminal registration device 3 are connected by a communication network (hereinafter simply referred to as “network”).
- the connection destination computer of the terminal 1 is a remote PC 2.
- the remote PC 2 includes an input unit 21, a user authentication unit 22, a storage unit 23, a terminal information reception unit 24, a connection availability determination unit 25, an RD connection unit 26, an application information generation unit 27, an application information transmission unit 28, and an availability information reception unit. 29.
- the user When operating directly from the PC console instead of remote desktop connection, the user inputs user information for identifying the user to the input unit 21 and logs in to the remote PC 2.
- the input unit 21 of the remote PC 2 accepts input of user information and sends it to the user authentication unit 22.
- the storage unit 23 stores authentication information indicating users who are permitted to log in to the remote PC 2. Such authentication information may be information capable of identifying a user who is permitted to log in to the remote PC 2.
- the user authentication unit 22 When the user authentication unit 22 receives the user information, the user authentication unit 22 refers to the authentication information stored in the storage unit 23 and determines (determines) whether or not to allow the user to log in as indicated by the user information. When the user authentication unit 22 permits the user to log in, the user authentication unit 22 sends user information to the connection possibility determination unit 25.
- the terminal 1 includes an input unit 11, a terminal information transmission unit 12, a storage unit 13, an RD connection unit 14, and a display unit 15.
- the user inputs an operation for transmitting terminal information for identifying the terminal 1 to the input unit 11 in order to connect the terminal 1 and the remote PC 2 to the remote desktop.
- the operation of transmitting terminal information for identifying the terminal 1 is, for example, an operation of starting a remote desktop function included in the terminal 1.
- the input unit 11 of the terminal 1 When the input unit 11 of the terminal 1 receives an operation of transmitting terminal information, the input unit 11 sends an instruction to transmit terminal information to the terminal information transmitting unit 12.
- the terminal information transmission unit 12 When the terminal information transmission unit 12 receives an instruction to transmit terminal information, the terminal information transmission unit 12 calls the terminal information from the storage unit 13 and transmits the terminal information to the remote PC 2.
- the terminal information includes at least terminal identification information for identifying the terminal 1, and includes terminal type information indicating the type of the terminal 1, software information indicating the type and version of software installed in the terminal 1, and the like.
- the storage unit 23 stores a white list that is a list storing combinations of users, terminals, and connection destination computers that are permitted to be connected to RD. That is, in the white list, combinations in which RD connection is permitted, a terminal, and a connection destination computer are associated are registered as a list. Note that the data storage format for realizing the whitelist is not limited to the list structure, and an appropriate storage format may be adopted as appropriate.
- the connectability determining unit 25 refers to the white list stored in the storage unit 23, and the user terminal 1 and the remote PC 2 It is determined whether to permit RD connection.
- the input unit 11 of the terminal 1 accepts input of user information, and the terminal information transmission unit 12 transmits the user information to the remote PC 2.
- the connection determination unit 25 of the remote PC 2 receives user information from the terminal 1, sends the user information to the user authentication unit 22, and receives a user login permission determination result.
- the connection availability determination unit 25 determines that the RD connection between the user terminal 1 and the remote PC 2 is permitted, and the RD connection of the terminal 1 is determined.
- the license key is sent to the RD connection unit 26.
- the RD connection unit 26 When the RD connection unit 26 receives the RD connection license key of the terminal 1, the RD connection unit 26 executes the RD connection with the RD connection unit 14 of the terminal 1.
- connection availability determination unit 25 determines that the combination of the user, the terminal 1, and the remote PC 2 does not permit RD connection, and generates application information. User information and terminal information are sent to the unit 27.
- the storage unit 23 stores computer information for identifying the remote PC 2.
- the application information generation unit 27 Based on the user information and terminal information received from the connectability determination unit 25 and the computer information stored in the storage unit 23, the application information generation unit 27 converts the combination of the user, the terminal 1, and the remote PC 2 into a white list. Application information used for the application to be registered is generated. The application information generation unit 27 sends the generated application information to the application information transmission unit 28. The generation of application information may be instructed by the user to the application information generation unit 27 via the input unit 21.
- the application information transmitting unit 28 transmits the application information to the terminal registration device 3.
- the terminal registration device 3 includes an application information receiving unit 31, a registration unit 32, a storage unit 33, and an availability information transmitting unit 34.
- the storage unit 33 includes a white list and condition information indicating conditions for determining (determining) whether or not to register a combination of the user, the terminal 1, and the connection destination computer (registration availability) with respect to the white list.
- the condition information may be, for example, information that enables registration of up to n terminals 1 for one user, or information that specifies the type and version of installed security software. Further, the condition information may be information indicating that registration is not possible when high-risk software such as file sharing software is included. In addition, the condition information may be information that specifies a terminal type for which registration is permitted. Further, the condition information may be information that makes it impossible to register when it is determined that there is an error in the registered information when the application information is received by a combination of the already registered user, the terminal 1, and the remote PC 2. The condition information may be information other than those exemplified above.
- the registration unit 32 When the registration unit 32 receives the application information, the registration unit 32 refers to the condition information stored in the storage unit 33 and determines whether or not to register in the white list.
- the registration unit 32 may receive an input from the system administrator, and the system administrator may browse the application information and input whether or not to register in the white list.
- the registration unit 32 When it is determined to be registered in the white list, the registration unit 32 registers the combination of the user, the terminal 1, and the remote PC 2 indicated by the application information in the white list stored in the storage unit 33. Further, the registration unit 32 sends the updated white list to the availability information transmission unit 34. At this time, the registration unit 32 may send the difference data of the white list in order to reduce the processing speed and load.
- the registration unit 32 When it is determined not to be registered in the white list, the registration unit 32 generates error information indicating that registration is not possible, and sends the generated error information to the permission information transmission unit 34.
- the availability information transmission unit 34 transmits the white list (difference data) and error information received from the registration unit 32 to the remote PC 2.
- the availability information receiving unit 29 of the remote PC 2 updates the white list stored in the storage unit 23 based on this.
- the availability information receiving unit 29 transmits the error information to the terminal 1.
- the display unit 15 of the terminal 1 displays the received error information and notifies the user that the terminal 1 cannot be registered.
- the output of the error information is not limited to the screen display, but may be an audio output, or may be recorded as log information in the storage unit 13.
- the display part which displays error information may be provided in remote PC2 like the display part 15a shown with a broken line in FIG.
- the white list may be stored in either the terminal registration device 3 or the remote PC 2.
- the remote PC 2 virtually stores the white list by accessing the terminal registration device 3 and referring to the white list.
- the terminal registration device 3 accesses the remote PC 2 and refers to the white list, thereby virtually storing the white list. In the latter case, updating of the white list by the remote PC 2 is prohibited, and only the terminal registration device 3 can edit the white list.
- connection determination unit 25 of the remote PC 2 determines that, for a user who cannot log in, the combination of the user, the terminal 1 and the remote PC 2 does not permit RD connection, and the user of the user who cannot log in to the application information generation unit 27 Information and terminal information may be sent.
- the application information generation unit 27 includes the user information and the terminal information received from the connection availability determination unit 25 and the computer information stored in the storage unit 23, so that the login disabled user, the terminal 1, and the remote PC 2 Generate deletion application information to be used for the application to delete the combination from the white list.
- the application information transmission unit 28 transmits the deletion application information to the terminal registration device 3.
- the application information receiving unit 31 in the terminal registration device 3 receives the deletion application information from the remote PC 2.
- the registration unit 32 deletes the combination of the user, the terminal 1, and the remote PC 2 indicated by the deletion application information from the white list.
- the availability information transmitter 34 transmits the updated white list (difference data) to the remote PC 2.
- FIG. 2 is a diagram showing an example of the configuration of the white list according to the first embodiment.
- the white list includes “user information” for identifying the user, “terminal identification information” for identifying the terminal 1, “connection destination computer name” for identifying the connection destination computer connected to the terminal 1, and the terminal 1.
- a “permission flag” indicating connection permission and blocking of the RD connection with the remote PC 2 of the connection destination, a “terminal type” indicating the type of the terminal 1, and an “RD license key” indicating a license key for the RD connection of the terminal 1. Consists of.
- “User information” is, for example, a user ID (Identifier).
- “Terminal identification information” is, for example, a terminal individual identification number.
- the “connection destination computer name” is, for example, the name of the remote PC 2.
- the “terminal type” is, for example, console, iOS (registered trademark), Android (registered trademark), or the like. For example, if the “terminal type” is a console, the “permission flag” may always be connection permission.
- the registration unit 32 of the terminal registration device 3 determines to register in the white list
- the registration unit 32 inputs each item of the white list based on the user information, the terminal information, and the computer information included in the application information.
- the registration unit 32 newly assigns an “RD license key” when adding to the white list.
- the “RD license key” does not need to be changed.
- the white list includes “user information”, “terminal identification information”, “connection destination computer name”, “permission flag”, “terminal type”, and “RD license key”. , “Permission flag”, “terminal type”, and “RD license key” may not be included in the white list.
- the connection permission / non-permission determination unit 25 sends information permitting the RD connection of the terminal 1 to the RD connection unit 26, and the RD connection unit 26 executes the RD connection.
- FIG. 3 is a flowchart showing an example of the operation of the authentication application process according to the first embodiment.
- the authentication application process in the flowchart of FIG. 3 starts when the user connects to the remote PC 2.
- step S11 If the terminal information receiving unit 24 of the remote PC 2 does not receive terminal information from the terminal 1 (step S11; NO), the terminal information receiving unit 24 repeats step S11 and waits for reception of terminal information.
- step S ⁇ b> 11; YES When terminal information is received from the terminal 1 (step S ⁇ b> 11; YES), the terminal information receiving unit 24 sends the terminal information to the connectability determining unit 25.
- the connectability determination unit 25 When receiving the user information and the terminal information, the connectability determination unit 25 refers to the white list stored in the storage unit 23, and the RD connection by the user indicated by the user information between the terminal 1 indicated by the terminal information and the remote PC 2 Whether to permit or not is determined (step S12). When the RD connection is permitted (step S12; YES), the connection availability determination unit 25 sends the RD connection license key of the terminal 1 to the RD connection unit 26.
- the RD connection unit 26 When the RD connection unit 26 receives the license key for the RD connection of the terminal 1, the RD connection unit 26 performs the RD connection with the RD connection unit 14 of the terminal 1 (step S13), and the process proceeds to step S20.
- connection availability determination unit 25 sends user information and terminal information to the application information generation unit 27.
- the application information generation unit 27 generates application information for applying for registration in the white list of the terminal 1 based on the user information and terminal information received from the connection determination unit 25 and the computer information stored in the storage unit 23. (Step S14). The application information generation unit 27 sends the generated application information to the application information transmission unit 28.
- the application information transmitting unit 28 Upon receiving the application information, the application information transmitting unit 28 transmits the application information to the terminal registration device 3 (step S15).
- the availability information receiving unit 29 updates the white list stored in the storage unit 23 based on this (step S17).
- the availability information receiving unit 29 receives error information from the terminal registration device 3 (step S18), and sends error information to the terminal 1. Transmit (step S19).
- the display unit 15 of the terminal 1 displays the received error information.
- step S20 If the remote PC 2 is not turned off and the user is not logged out (step S20; NO), the terminal information receiving unit 24 continues the process from step S11. Then, the above-described steps S11 to S20 are repeatedly executed. When the remote PC 2 is turned off and the connection ends (step S20; YES), each component of the remote PC 2 ends the process.
- FIG. 4 is a flowchart showing an example of the operation of the registration process according to the first embodiment.
- the registration process of the flowchart of FIG. 4 starts when the terminal registration device 3 is activated.
- step S21 If the application information receiving unit 31 of the terminal registration device 3 does not receive the application information from the remote PC 2 (step S21; NO), it repeats step S21 and waits for reception of the application information.
- step S21 When application information is received from the terminal 1 (step S ⁇ b> 21; YES), the application information receiving unit 31 sends the application information to the registration unit 32.
- the registration unit 32 Upon receiving the application information, the registration unit 32 refers to the condition information stored in the storage unit 33, and determines whether or not to register the combination of the user, the terminal 1, and the remote PC 2 indicated by the application information in the white list ( Step S22).
- the registration unit 32 If it is determined not to be registered in the white list (step S22; NO), the registration unit 32 generates error information indicating that registration is not possible, and sends the generated error information to the permission information transmission unit 34.
- the availability information transmitting unit 34 transmits error information to the remote PC 2 (step S23).
- the registration unit 32 updates the white list by registering the combination of the user indicated by the application information, the terminal 1, and the remote PC 2 in the white list (step S22). S24). Further, the registration unit 32 sends the updated white list to the availability information transmission unit 34. The availability information transmitting unit 34 transmits the updated white list to the remote PC 2 (step S25).
- step S26 If the terminal registration device 3 is not turned off (step S26; NO), the process returns to step S21, and steps S21 to S26 are repeated.
- step S26; YES the process is terminated.
- the terminal authentication registration system 100 in the above embodiment can perform user and terminal authentication registration in a remote desktop system without increasing system complexity, cost, and difficulty of use for the user.
- the terminal 1 is connected to the remote PC 2 and terminal information is transmitted.
- the terminal authentication registration system 100 is not limited to this, and uses the mail function of the terminal 1, You may employ
- the remote PC 2 receives this mail and acquires terminal information. This eliminates the need to connect the unknown terminal 1 to the in-house system before giving permission to use the unknown terminal 1 in the in-house system, thus improving safety.
- the terminal authentication device 500 includes a user authentication unit 501, a terminal information acquisition unit 502, a first storage unit 503, a connection availability determination unit 504, and an application information generation unit 505. Note that these constituent elements constituting the terminal authentication device 500 according to the present embodiment may be communicably connected via an arbitrary communication line or the like. Hereinafter, these components will be described.
- the user authentication unit 501 acquires user information that can identify the user, and permits the login of the user identified by the user information based on the authentication information indicating the user who is permitted to log in to the terminal authentication device 500. Decide whether or not.
- the user authentication unit 501 may be the same as the user authentication unit 22 in the first embodiment.
- the terminal information acquisition unit 502 acquires terminal information that can identify the terminal from an (arbitrary) terminal that performs remote desktop connection to the terminal authentication device 500.
- the terminal information acquisition unit 502 may be the same as the terminal information reception unit 24 in the first embodiment, for example.
- the first storage unit 503 stores a white list that is a list storing combinations of the user, the terminal, and a connection destination computer to which the terminal is connected to the remote desktop, to which remote desktop connection is permitted.
- the connection destination computer to which the terminal is connected by remote desktop may be the terminal authentication device 500.
- the first storage unit 503 may store the authentication information.
- the first storage unit 503 may be the same as the storage unit 23 in the first embodiment.
- connection possibility determination unit 504 refers to the white list when the user authentication unit 501 determines to permit login of the user indicated by the user information. Based on the content of the referenced white list, the connection possibility determination unit 504 determines whether to permit remote desktop connection by the user indicated by the user information between the terminal indicated by the terminal information and the terminal authentication device 500. Determine whether.
- the connection possibility determination unit 504 may be the same as the connection possibility determination unit 25 in the first embodiment.
- the application information generation unit 505 executes the following process when the connection determination unit 504 determines that remote desktop connection is not permitted. In other words, the application information generation unit 505 registers the combination of the user, the terminal, and the own device in the white list based on the user information, the terminal information, and computer information that can identify the terminal authentication device 500. Generate application information to be used for the application.
- the application information generation unit 505 transmits the generated application information to a terminal registration device that registers remote desktop connection between the terminal and the terminal authentication device 500.
- the application information generation unit 505 may function as the application information generation unit 27 and the application information transmission unit 28 in the first embodiment.
- the terminal authentication apparatus 500 in the present embodiment configured as described above can perform user and terminal authentication registration in the remote desktop system without increasing system complexity, cost, and difficulty of use for the user.
- FIG. 6 is a block diagram illustrating an example of a hardware configuration capable of realizing the terminal registration device and the connection destination computer according to each embodiment of the present invention.
- hardware capable of realizing the remote PC 2, the terminal registration device 3, and the terminal authentication device 500 includes a control unit 61, a main storage unit 62, an external storage unit 63, an operation unit 64, and a display unit 65.
- the input / output unit 66 and the transmission / reception unit 67 are provided.
- the main storage unit 62, the external storage unit 63, the operation unit 64, the display unit 65, the input / output unit 66, and the transmission / reception unit 67 are all communicably connected to the control unit 61 via the internal bus 60.
- the control unit 61 is composed of a CPU (Central Processing Unit) and the like, and in accordance with a control program 69 stored in the external storage unit 63, the user authentication unit 22, the connectability determination unit 25, the RD connection unit 26, the application of the remote PC 2 Each process in the information generation unit 27 and the availability information reception unit 29 and the registration unit 32 of the terminal registration device 3 is executed.
- a control program 69 stored in the external storage unit 63, the user authentication unit 22, the connectability determination unit 25, the RD connection unit 26, the application of the remote PC 2
- the control unit 61 includes a CPU (Central Processing Unit) and the like, and in accordance with a control program 69 stored in the external storage unit 63, the user authentication unit 501 of the terminal authentication device 500, the connection availability determination unit 504, and Each process in the application information generation unit 505 may be executed.
- a CPU Central Processing Unit
- the main storage unit 62 is composed of a RAM (Random-Access Memory) or the like, loads a control program 69 stored in the external storage unit 63, and is used as a work area of the control unit 61.
- RAM Random-Access Memory
- the external storage unit 63 includes a nonvolatile memory such as a flash memory, a hard disk, a DVD-RAM (Digital Versatile Disc Random-Access Memory), and a DVD-RW (Digital Versatile Disc Rewriteable).
- the external storage unit 63 stores in advance a program for causing the control unit 61 to perform processing of the remote PC 2, the terminal registration device 3, or the terminal authentication device 500.
- the external storage unit 63 also supplies data stored in the program to the control unit 61 in accordance with an instruction from the control unit 61, and stores the data supplied from the control unit 61.
- the storage unit 23 of the remote PC 2, the first storage unit 503 of the terminal authentication device 500, and the storage unit 33 of the terminal registration device 3 are configured by an external storage unit 63.
- the operation unit 64 includes a pointing device such as a keyboard and a mouse, and an interface device that connects the keyboard and the pointing device to the internal bus 60.
- a pointing device such as a keyboard and a mouse
- an interface device that connects the keyboard and the pointing device to the internal bus 60.
- the display unit 65 is configured by a CRT (Cathode Ray Tube) or an LCD (Liquid Crystal Display) or the like, and displays an operation screen when the user directly inputs information to the remote PC 2 or the terminal registration device 3.
- the display unit 65 functions as the display unit.
- the input / output unit 66 includes a serial interface or a parallel interface. If another device is attached to the remote PC 2 or the terminal registration device 3, the input / output unit 66 is connected to the other device.
- the transmission / reception unit 67 includes a network termination device or a wireless communication device connected to the network, and a serial interface or a LAN (Local Area Network) interface connected thereto.
- the transmission / reception unit 67 functions as the terminal information receiving unit 24, the application information transmitting unit 28 and the availability information receiving unit 29 of the remote PC 2, and the application information receiving unit 31 and the availability information transmitting unit 34 of the terminal registration device 3.
- the transmission / reception unit 67 may function as the terminal information acquisition unit 502 and the application information generation unit 505 in the terminal authentication device 500.
- Each process in the information reception unit 29, the application information reception unit 31, the registration unit 32, the storage unit 33, and the availability information transmission unit 34 of the terminal registration device 3 is performed by the control program 69, the control unit 61, the main storage unit 62, and the external storage.
- the processing is executed by using the unit 63, the operation unit 64, the display unit 65, the input / output unit 66, the transmission / reception unit 67, and the like as resources.
- the processing of the user authentication unit 501, terminal information acquisition unit 502, application information generation unit 505, connection possibility determination unit 504 is performed by the control program 69, the control unit 61,
- the processing is executed by using the storage unit 62, the external storage unit 63, the operation unit 64, the display unit 65, the input / output unit 66, the transmission / reception unit 67, and the like as resources.
- the central part that performs control processing including the control unit 61, the main storage unit 62, the external storage unit 63, the internal bus 60, and the like can be realized by using a normal computer system without using a dedicated system.
- a computer program for executing the above operation is stored and distributed on a computer-readable recording medium (flexible disk, CD-ROM, DVD-ROM, etc.), and the computer program is installed in the computer.
- a terminal authentication registration system that executes the above-described processing may be configured.
- the terminal authentication registration system may be configured by storing the computer program in a storage device included in a server device on a communication network such as the Internet and downloading the computer program by a normal computer system. .
- the function of the terminal authentication registration system is realized by sharing an OS (Operating System) and an application program, or by cooperation between the OS and the application program, only the application program part is stored in a recording medium (storage medium) or You may store in a memory
- storage device when the function of the terminal authentication registration system is realized by sharing an OS (Operating System) and an application program, or by cooperation between the OS and the application program, only the application program part is stored in a recording medium (storage medium) or You may store in a memory
- OS Operating System
- the computer program may be posted on a bulletin board (BBS: Bulletin Board System) on a communication network, and the computer program distributed via the network.
- BSS Bulletin Board System
- the computer program may be started and executed in the same manner as other application programs under the control of the OS, so that the above-described processing may be executed.
- the present invention is applicable to a system that provides a remote desktop connection.
- Terminal 2 Remote PC DESCRIPTION OF SYMBOLS 3 Terminal registration apparatus 11
- Input part 12 Terminal information transmission part 13
- Storage part 14 RD connection part 15 Display part 21
- Input part 22 User authentication part 23
- Storage part 24 Terminal information reception part 25
- Connection availability determination part 26 RD connection part 27
- production Unit 28
- application information transmission unit 29 availability information reception unit 31
- application information reception unit 32 registration unit 33 storage unit 34 availability information transmission unit 60 internal bus 61 control unit 62 main storage unit 63 external storage unit 64 operation unit 65 display unit 66 input / output Unit 67 Transmission / reception unit 69
- Control program 100 Terminal authentication registration system 500
- Terminal authentication device 501 User authentication unit 502 Terminal information acquisition unit 503 First storage unit 504 Connection availability determination unit 505
- Application information generation unit 100
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
以下、本発明を実施する第1の実施形態について図面を参照して詳細に説明する。なお図中、同一または相当部分には同じ符号を付す。
以下、本発明の第2の実施形態に係る端末認証装置500ついて、図5を参照して説明する。
図6は、本発明の各実施形態に係る端末登録装置および接続先コンピュータを実現可能なハードウェア構成の一例を示すブロック図である。リモートPC2、端末登録装置3、及び、端末認証装置500を実現可能なハードウェアは、図6に示すように、制御部61、主記憶部62、外部記憶部63、操作部64、表示部65、入出力部66および送受信部67を備える。主記憶部62、外部記憶部63、操作部64、表示部65、入出力部66および送受信部67はいずれも内部バス60を介して制御部61に通信可能に接続されている。
2 リモートPC
3 端末登録装置
11 入力部
12 端末情報送信部
13 記憶部
14 RD接続部
15 表示部
21 入力部
22 ユーザ認証部
23 記憶部
24 端末情報受信部
25 接続可否判定部
26 RD接続部
27 申請情報生成部
28 申請情報送信部
29 可否情報受信部
31 申請情報受信部
32 登録部
33 記憶部
34 可否情報送信部
60 内部バス
61 制御部
62 主記憶部
63 外部記憶部
64 操作部
65 表示部
66 入出力部
67 送受信部
69 制御プログラム
100 端末認証登録システム
500 端末認証装置
501 ユーザ認証部
502 端末情報取得部
503 第1の記憶部
504 接続可否判定部
505 申請情報生成部
Claims (12)
- ユーザの端末のリモートデスクトップ接続を認証可能な接続先コンピュータと、前記端末と前記接続先コンピュータとのリモートデスクトップ接続を登録する端末登録装置とを含む端末認証登録システムであって、
前記接続先コンピュータは、
前記ユーザを識別するユーザ情報を取得するユーザ情報取得手段と、
前記接続先コンピュータへのログインを許可するユーザを示す認証情報を参照し、前記ユーザ情報が示すユーザのログインを許可するか否かを判定するユーザ認証手段と、
前記端末を識別する端末情報を、前記端末から取得する端末情報取得手段と、
リモートデスクトップ接続が許可された前記ユーザと前記端末と前記接続先コンピュータとの組み合わせのリストが登録されたホワイトリストを記憶する第1ホワイトリスト記憶手段と、
前記ユーザ認証手段が、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、前記ホワイトリストを参照し、前記端末情報が示す前記端末と前記接続先コンピュータとの前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定する接続可否判定手段と、
前記接続可否判定手段がリモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報と前記接続先コンピュータを識別するコンピュータ情報とに基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに対して登録する申請に利用する申請情報を生成する申請情報生成手段と、
前記申請情報生成手段が生成した前記申請情報を前記端末登録装置に送信する申請情報送信手段と、
を備え、
前記端末登録装置は、
前記ホワイトリストを記憶する第2ホワイトリスト記憶手段と、
前記ホワイトリストへの前記ユーザと前記端末と前記接続先コンピュータとの組み合わせの登録の可否を判定する条件を示す条件情報を記憶する条件情報記憶手段と、
前記接続先コンピュータから前記申請情報を受信する申請情報受信手段と、
前記条件情報を参照し、前記申請情報受信手段が受信した前記申請情報に基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを、前記ホワイトリストに登録するか否かを判定し、登録すると判定した場合、前記ホワイトリストに前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを登録することにより、前記ホワイトリストを更新する登録手段と、
前記登録手段が、登録すると判定した場合、前記更新された前記ホワイトリストを前記接続先コンピュータに送信し、登録しないと判定した場合、登録が許可されなかったことを示すエラー情報を前記接続先コンピュータに送信する可否情報送信手段と、
を備え、
前記接続先コンピュータは、
前記端末登録装置から前記エラー情報および前記更新された前記ホワイトリストを受信し、前記更新された前記ホワイトリストを前記第1ホワイトリスト記憶手段に記憶する可否情報受信手段と、
前記可否情報受信手段が受信した前記エラー情報を出力するエラー情報出力手段と、
を備えることを特徴とする端末認証登録システム。 - 前記端末情報取得手段は、前記端末から所定のメールアドレスに送信された前記端末情報を受信することを特徴とする請求項1に記載の端末認証登録システム。
- ユーザの端末のリモートデスクトップ接続を認証可能な接続先コンピュータと、前記端末と前記接続先コンピュータとのリモートデスクトップ接続を登録する端末登録装置とを含む端末認証登録システムにおいて実行される端末認証登録方法であって、
前記接続先コンピュータが、
前記ユーザを識別するユーザ情報を取得するユーザ情報取得ステップと、
前記接続先コンピュータへのログインを許可するユーザを示す認証情報を参照し、前記ユーザ情報が示すユーザのログインを許可するか否かを判定するユーザ認証ステップと、
前記端末を識別する端末情報を前記端末から取得する端末情報取得ステップと、
前記ユーザ認証ステップで、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、リモートデスクトップ接続が許可された前記ユーザと前記端末と前記接続先コンピュータとの組み合わせのリストが登録されたホワイトリストを参照し、前記端末情報が示す前記端末と前記接続先コンピュータとの前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定する接続可否判定ステップと、
前記接続可否判定ステップでリモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報と前記接続先コンピュータを識別するコンピュータ情報とに基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに対して登録する申請に利用する申請情報を生成する申請情報生成ステップと、
前記申請情報生成ステップで生成した前記申請情報を前記端末登録装置に送信する申請情報送信ステップと、を実行し、
前記端末登録装置が、
前記接続先コンピュータから前記申請情報を受信する申請情報受信ステップと、
前記ホワイトリストへの前記ユーザと前記端末と前記接続先コンピュータとの組み合わせの登録の可否を判定する条件を示す条件情報を参照し、前記申請情報受信ステップで受信した前記申請情報に基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを、前記ホワイトリストに登録するか否かを判定し、登録すると判定した場合、前記ホワイトリストに前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを登録することにより、前記ホワイトリストを更新する登録ステップと、
前記登録ステップで、登録すると判定した場合、前記更新された前記ホワイトリストを前記接続先コンピュータに送信し、登録しないと判定した場合、登録が許可されなかったことを示すエラー情報を前記接続先コンピュータに送信する可否情報送信ステップと、を実行し、
前記接続先コンピュータが、
前記端末登録装置から前記エラー情報および前記更新された前記ホワイトリストを受信し、前記更新された前記ホワイトリストを記憶する可否情報受信ステップと、
前記可否情報受信ステップで受信した前記エラー情報を出力するエラー情報出力ステップと、
を実行することを特徴とする、端末認証登録方法。 - 上記端末情報取得ステップにおいては、上記端末から所定のメールアドレスに送信された上記端末情報を受信することを特徴とする請求項3に記載の端末認証登録方法。
- コンピュータを
ユーザを識別するユーザ情報を取得するユーザ情報取得手段、
ログインを許可するユーザを示す認証情報を参照し、前記ユーザ情報が示すユーザのログインを許可するか否かを判定するユーザ認証手段、
前記ユーザの端末から前記端末を識別する端末情報を取得する端末情報取得手段、
リモートデスクトップ接続が許可された前記ユーザと前記端末と前記端末の接続先コンピュータとの組み合わせのリストであるホワイトリストを記憶するホワイトリスト記憶手段、
前記ユーザ認証手段が、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、前記ホワイトリストを参照し、前記端末情報が示す前記端末と前記端末の接続先コンピュータとの前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定する接続可否判定手段、
前記接続可否判定手段がリモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報とリモートデスクトップ接続を許可しなかった前記接続先コンピュータを識別するコンピュータ情報とに基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに対して登録する申請に利用する申請情報を生成する申請情報生成手段、
前記ホワイトリストへの前記ユーザと前記端末と前記接続先コンピュータとの組み合わせの登録の可否を判定する条件を示す条件情報を記憶する条件情報記憶手段、
前記条件情報を参照し、前記申請情報に基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに登録するか否かを判定し、登録すると判定した場合、前記ホワイトリストに前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを登録し、前記ホワイトリストを更新する登録手段、
前記登録手段が、登録しないと判定した場合、登録が許可されなかったことを示すエラー情報を生成するエラー情報生成手段、
前記エラー情報を出力するエラー情報出力手段、
として機能させることを特徴とするプログラムを記録したコンピュータ読み取り可能な記憶媒体。 - ユーザを識別可能なユーザ情報を取得し、自装置へのログインを許可するユーザを表す認証情報に基づいて、前記ユーザ情報により識別されるユーザのログインを許可するか否かを判定するユーザ認証手段と、
自装置に対してリモートデスクトップ接続を実行する端末から、当該端末を識別可能な端末情報を取得する端末情報取得手段と、
リモートデスクトップ接続が許可された、前記ユーザと前記端末と前記端末がリモートデスクトップ接続する接続先コンピュータとの組み合わせのリストであるホワイトリストを記憶する第1の記憶手段と、
前記ユーザ認証手段が、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、前記ホワイトリストを参照し、前記端末情報が示す前記端末と自装置との間の、前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定する接続可否判定手段と、
前記接続可否判定手段がリモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報と自装置を識別可能なコンピュータ情報とに基づいて、前記ユーザと前記端末と自装置との組み合わせを前記ホワイトリストに対して登録する申請に利用する申請情報を生成し、当該生成した前記申請情報を、前記端末と自装置とのリモートデスクトップ接続の登録を行う端末登録装置に送信する申請情報生成手段と、
を備える、端末認証装置。 - 前記端末登録装置から、前記端末と自装置とのリモートデスクトップ接続の登録が許可されなかったことを表すエラー情報、及び、前記端末と自装置とのリモートデスクトップ接続の登録が許可された場合の、リモートデスクトップ接続が許可された前記ユーザと前記端末と前記端末がリモートデスクトップ接続する接続先コンピュータとの組み合わせのリスト、を受信可能であり、当該リストを受信した場合には、当該リストを前記第1の記憶手段に記憶する可否情報受信手段と、
前記可否情報受信手段が受信した前記エラー情報を出力するエラー情報出力手段と、
を更に備える、請求項6に記載の端末認証装置。 - 前記端末登録装置が前記ホワイトリストを記憶する場合において、
前記可否情報受信手段は、前記端末と自装置とのリモートデスクトップ接続の登録が許可された場合に前記端末登録装置において更新された前記ホワイトリストの差分を前記端末登録装置から受信し、当該差分を前記第1の記憶手段に記憶する、
請求項7に記載の端末認証装置。 - ユーザの端末と請求項6または請求項7のいずれかに記載した端末認証装置である接続先コンピュータとの間のリモートデスクトップ接続を登録する端末登録装置であって、
リモートデスクトップ接続が許可された前記ユーザと前記端末と前記接続先コンピュータとの組み合わせのリストであるホワイトリストを記憶する第2の記憶手段と、
前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを、前記ホワイトリストに対して登録するか否かを判定する条件を示す条件情報を記憶する条件情報記憶手段と、
前記接続先コンピュータから、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに対して登録する申請に利用する申請情報を受信する申請情報受信手段と、
前記条件情報を参照し、前記申請情報受信手段が受信した前記申請情報に基づいて、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを、前記ホワイトリストに登録するか否かを判定し、登録すると判定した場合、前記ホワイトリストに前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを登録し、前記ホワイトリストを更新する登録手段と、
前記登録手段が、登録すると判定した場合、前記更新された前記ホワイトリストを前記接続先コンピュータに送信し、登録しないと判定した場合、登録が許可されなかったことを示すエラー情報を前記接続先コンピュータに送信する可否情報送信手段と、
を備える、端末登録装置。 - 前記可否情報送信手段は、前記登録手段が、前記ユーザと前記端末と前記接続先コンピュータとの組み合わせを前記ホワイトリストに登録すると判定した場合、前記登録手段による更新前後の前記ホワイトリストの差分を、前記接続先コンピュータに送信する、
請求項9に記載の端末登録装置。 - 情報処理装置が、
ユーザを識別可能なユーザ情報を取得し、自装置へのログインを許可するユーザを表す認証情報に基づいて、前記ユーザ情報により識別されるユーザのログインを許可するか否かを判定するユーザ認証を実行し、
自装置に対してリモートデスクトップ接続を実行する端末から、当該端末を識別可能な端末情報を取得し、
前記ユーザ認証において、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、リモートデスクトップ接続が許可された前記ユーザと前記端末と前記端末がリモートデスクトップ接続する接続先コンピュータとの組み合わせのリストであるホワイトリストを参照し、前記端末情報が示す前記端末と自装置との間の、前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定し、
前記判定において、リモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報と自装置を識別可能なコンピュータ情報とに基づいて、前記ユーザと前記端末と自装置との組み合わせをホワイトリストに対して登録する申請に利用する申請情報を生成し、当該生成した前記申請情報を、前記端末と自装置とのリモートデスクトップ接続の登録を行う端末登録装置に送信する、
端末認証方法。 - 端末認証装置として機能するコンピュータに、
ユーザを識別可能なユーザ情報を取得し、自装置へのログインを許可するユーザを表す認証情報に基づいて、前記ユーザ情報により識別されるユーザのログインを許可するか否かを判定するユーザ認証処理と、
自装置に対してリモートデスクトップ接続を実行する端末から、当該端末を識別可能な端末情報を取得する端末情報取得処理と、
前記ユーザ認証処理において、前記ユーザ情報が示すユーザのログインを許可すると判定した場合に、リモートデスクトップ接続が許可された前記ユーザと前記端末と前記端末がリモートデスクトップ接続する接続先コンピュータとの組み合わせのリストであるホワイトリストを参照し、前記端末情報が示す前記端末と自装置との間の、前記ユーザ情報が示すユーザによるリモートデスクトップ接続を許可するか否かを判定する接続可否判定処理と、
前記接続可否判定処理において、リモートデスクトップ接続を許可しないと判定した場合、前記ユーザ情報と前記端末情報と自装置を識別可能なコンピュータ情報とに基づいて、前記ユーザと前記端末と自装置との組み合わせをホワイトリストに対して登録する申請に利用する申請情報を生成し、当該生成した前記申請情報を、前記端末と自装置とのリモートデスクトップ接続の登録を行う端末登録装置に送信する申請情報生成処理と、
を実行させる、コンピュータ・プログラムを記録したコンピュータ読み取り可能な記憶媒体。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/026,807 US20160241535A1 (en) | 2013-10-03 | 2014-08-21 | Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium |
CN201480054490.1A CN105593866B (zh) | 2013-10-03 | 2014-08-21 | 终端认证和登记系统、终端认证和登记方法以及存储介质 |
JP2015540367A JP6018316B2 (ja) | 2013-10-03 | 2014-08-21 | 端末認証登録システム、端末認証登録方法およびプログラム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013208410 | 2013-10-03 | ||
JP2013-208410 | 2013-10-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015049825A1 true WO2015049825A1 (ja) | 2015-04-09 |
Family
ID=52778432
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/004273 WO2015049825A1 (ja) | 2013-10-03 | 2014-08-21 | 端末認証登録システム、端末認証登録方法および記憶媒体 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20160241535A1 (ja) |
JP (1) | JP6018316B2 (ja) |
CN (1) | CN105593866B (ja) |
TW (1) | TWI575398B (ja) |
WO (1) | WO2015049825A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3217624A1 (en) | 2016-03-08 | 2017-09-13 | Fujitsu Limited | Information processing method, program, information processing apparatus, and system |
JP2020057141A (ja) * | 2018-10-01 | 2020-04-09 | Necプラットフォームズ株式会社 | 情報処理装置、情報処理方法およびプログラム |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7239974B2 (ja) * | 2018-12-27 | 2023-03-15 | ベーステクノロジー株式会社 | 端末認証管理システムおよびその方法、およびそのプログラム |
WO2020213044A1 (ja) * | 2019-04-15 | 2020-10-22 | 三菱電機株式会社 | 操作管理システムおよびプログラマブル表示器 |
CN112398789A (zh) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | 远程登录的控制方法及装置、系统、存储介质、电子装置 |
CN112398787B (zh) * | 2019-08-15 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | 邮箱登录验证的方法、装置、计算机设备及存储介质 |
CN111131150A (zh) * | 2019-11-14 | 2020-05-08 | 珠海许继芝电网自动化有限公司 | 基于泛在电力物联网的终端自注册方法和装置 |
CN111107545B (zh) * | 2019-12-25 | 2022-11-15 | 博泰车联网科技(上海)股份有限公司 | 一种基于nfc的账号同步方法、介质及终端 |
CN111131287B (zh) * | 2019-12-30 | 2022-06-17 | 深圳市创维软件有限公司 | 开启设备远程服务的方法、服务器及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006018347A (ja) * | 2004-06-30 | 2006-01-19 | Hitachi Ltd | 負荷分散型リモートデスクトップ環境構築システム |
JP2009277024A (ja) * | 2008-05-15 | 2009-11-26 | Hitachi Ltd | 接続制御方法、通信システムおよび端末 |
JP2011227810A (ja) * | 2010-04-22 | 2011-11-10 | Nomura Research Institute Ltd | リモートデスクトップシステムおよび携帯通信端末 |
JP2013183203A (ja) * | 2012-02-29 | 2013-09-12 | Nippon Telegr & Teleph Corp <Ntt> | 制御サーバ、制御方法及び制御プログラム |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090150399A1 (en) * | 2007-12-06 | 2009-06-11 | Patel Paritosh D | Method of Improving Remote Desktop Performance |
TW201117590A (en) * | 2009-11-10 | 2011-05-16 | Aten Int Co Ltd | Method and system of desktop broadcasting |
-
2014
- 2014-08-21 WO PCT/JP2014/004273 patent/WO2015049825A1/ja active Application Filing
- 2014-08-21 CN CN201480054490.1A patent/CN105593866B/zh active Active
- 2014-08-21 US US15/026,807 patent/US20160241535A1/en not_active Abandoned
- 2014-08-21 JP JP2015540367A patent/JP6018316B2/ja active Active
- 2014-09-30 TW TW103133975A patent/TWI575398B/zh active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006018347A (ja) * | 2004-06-30 | 2006-01-19 | Hitachi Ltd | 負荷分散型リモートデスクトップ環境構築システム |
JP2009277024A (ja) * | 2008-05-15 | 2009-11-26 | Hitachi Ltd | 接続制御方法、通信システムおよび端末 |
JP2011227810A (ja) * | 2010-04-22 | 2011-11-10 | Nomura Research Institute Ltd | リモートデスクトップシステムおよび携帯通信端末 |
JP2013183203A (ja) * | 2012-02-29 | 2013-09-12 | Nippon Telegr & Teleph Corp <Ntt> | 制御サーバ、制御方法及び制御プログラム |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3217624A1 (en) | 2016-03-08 | 2017-09-13 | Fujitsu Limited | Information processing method, program, information processing apparatus, and system |
US10291621B2 (en) | 2016-03-08 | 2019-05-14 | Fujitsu Limited | System, information processing apparatus, and storage medium |
JP2020057141A (ja) * | 2018-10-01 | 2020-04-09 | Necプラットフォームズ株式会社 | 情報処理装置、情報処理方法およびプログラム |
Also Published As
Publication number | Publication date |
---|---|
JPWO2015049825A1 (ja) | 2017-03-09 |
US20160241535A1 (en) | 2016-08-18 |
CN105593866A (zh) | 2016-05-18 |
TWI575398B (zh) | 2017-03-21 |
CN105593866B (zh) | 2018-11-23 |
TW201516729A (zh) | 2015-05-01 |
JP6018316B2 (ja) | 2016-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6018316B2 (ja) | 端末認証登録システム、端末認証登録方法およびプログラム | |
US20210144213A1 (en) | Application Customization | |
US11381610B2 (en) | Systems and methods for establishing a channel between multiple devices | |
US9288213B2 (en) | System and service providing apparatus | |
US10277578B2 (en) | Securing network activity managed by operating systems | |
US11757937B2 (en) | Enabling webapp security through containerization | |
US20160350148A1 (en) | Thin client system, server device, policy management device, control method, and non-transitory computer readable recording medium | |
WO2015171578A1 (en) | Task coordination in distributed systems | |
US9210159B2 (en) | Information processing system, information processing device, and authentication method | |
US11323528B2 (en) | Systems and methods for push notification service for SAAS applications | |
US11544415B2 (en) | Context-aware obfuscation and unobfuscation of sensitive content | |
US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
US10069814B2 (en) | Single sign on across multiple devices using a unique machine identification | |
US11722481B2 (en) | Multiple identity provider authentication system | |
WO2016155266A1 (zh) | 虚拟桌面的数据共享方法和装置 | |
JP2022506774A (ja) | プレフィックスキャッシュを介して待ち時間マスキングを行うためのシステムおよび方法 | |
WO2014079489A1 (en) | Methods and systems for managing access to a location indicated by a link in a remote access system | |
US11630682B2 (en) | Remoting user credential information to a remote browser | |
US11316854B2 (en) | Reverse authentication in a virtual desktop infrastructure environment | |
JP2021521574A (ja) | ヘルパを介したクライアントデバイスの匿名セッションへの接続 | |
US11483221B2 (en) | Launcher application with connectivity detection for shared mobile devices | |
JP2016018218A (ja) | 連携するクラウドサービスの権限と添付可否確認 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14851338 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015540367 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15026807 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14851338 Country of ref document: EP Kind code of ref document: A1 |