WO2017217476A1 - Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system - Google Patents

Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system Download PDF

Info

Publication number
WO2017217476A1
WO2017217476A1 PCT/JP2017/022026 JP2017022026W WO2017217476A1 WO 2017217476 A1 WO2017217476 A1 WO 2017217476A1 JP 2017022026 W JP2017022026 W JP 2017022026W WO 2017217476 A1 WO2017217476 A1 WO 2017217476A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
connection port
user terminal
remote monitoring
terminal device
Prior art date
Application number
PCT/JP2017/022026
Other languages
French (fr)
Japanese (ja)
Inventor
一裕 小澤
Original Assignee
株式会社エム・クレスト
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2017087977A external-priority patent/JP6380902B2/en
Application filed by 株式会社エム・クレスト filed Critical 株式会社エム・クレスト
Priority to KR1020197001388A priority Critical patent/KR102057295B1/en
Priority to CN201780050380.1A priority patent/CN109952561B/en
Priority to US16/310,716 priority patent/US20190373062A1/en
Priority to KR1020197036343A priority patent/KR20190139334A/en
Publication of WO2017217476A1 publication Critical patent/WO2017217476A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems

Definitions

  • the present invention relates to a remote monitoring system that monitors various terminals connected via the Internet or the like, and more particularly to a remote monitoring system that enables connection with various terminals to be monitored at an arbitrary timing.
  • IoT Internet of Things
  • the Internet of Things has attracted attention, including fields such as monitoring.
  • IoT is a mechanism in which a uniquely identifiable computer or device is connected to the Internet, and devices mutually control each other by exchanging information.
  • the device includes all things such as measuring devices such as various sensors, surveillance cameras, and devices for daily life such as air conditioners and cooking devices.
  • IoT for example, in an information processing system called Industrial Internet, devices and people can be connected, data can be acquired in real time, and actions based on this can be performed to improve device operation efficiency. The effect of reducing human waiting time is expected.
  • Patent Document 1 As a technique related to IoT, for example, techniques described in Patent Document 1 and Patent Document 2 have been proposed.
  • a workflow management device holds a transition condition from each stage to the next stage and stage information indicating the current stage of the workflow for a workflow that controls the operation of an IoT device over a plurality of stages.
  • stage information indicating the current stage of the workflow for a workflow that controls the operation of an IoT device over a plurality of stages.
  • the workflow management device determines that the workflow is the third stage after the first stage when the transition condition of the first stage is satisfied but the transition condition of the second stage is not satisfied.
  • the technique of updating stage information to show that it is also a 2nd stage is disclosed.
  • the stage is a temperature collection stage, an average temperature calculation stage, an energy accounting calculation stage, or the like.
  • Patent Document 2 also deploys a device configuration when a complete solution template is selected upon selection of a solution template for a specific automatic interaction device configuration between two or more IoT devices. To do. Otherwise, receive IoT device selection, access device functions in the IoT database of the selected IoT device, set up a network connection between the selected IoT devices, and simulate the device configuration in the IoT database Determine whether the device configuration is available. Techniques are disclosed for reconfiguring a device configuration to include an alternative IoT device if it is not available and deploying the device configuration if it is available. Here, the device configuration is to establish a communication connection between two or more IoT devices via a network.
  • Patent Document 1 only discloses a workflow management apparatus that controls the operation of an IoT device over a plurality of stages.
  • the IoT device transmits the status of the device to be monitored via the Internet service provider (ISP) to the cloud server via the Internet, and the cloud server holds the device to be monitored.
  • ISP Internet service provider
  • the cloud server holds the device to be monitored. From the viewpoint of application to a remote monitoring system that periodically (predetermined) transmission to a user terminal device of an operator or a business operator who undertakes maintenance of equipment to be monitored.
  • a plurality of terminals (IoT devices) connected to an Internet service provider (ISP) having one global IP address have different private IP addresses, respectively.
  • the number of events assigned by is increasing significantly. Therefore, if access to a plurality of terminals (IoT devices) is required from the user terminal device, the user terminal device can access the Internet service provider (ISP) via the Internet, but the Internet service provider ( The private IP addresses assigned to a plurality of terminals (IoT devices) connected to the ISP) are not acquired, and it is difficult to access the plurality of terminals (IoT devices) at a desired timing.
  • Patent Document 1 no consideration is given to dealing with such a situation.
  • Patent Document 2 although communication connection between two or more IoT devices can be established with each other, as described above, in the remote monitoring system, the user terminal device is temporarily connected to a plurality of terminals (IoT devices). When access is required, the user terminal device is accessible to the Internet service provider (ISP) via the Internet, but is assigned to a plurality of terminals (IoT devices) connected to the Internet service provider (ISP). It is difficult to access a plurality of terminals (IoT devices) at a desired timing without acquiring a private IP address. In Patent Document 2, no consideration is given to dealing with such a situation.
  • ISP Internet service provider
  • IoT devices Internet service provider
  • An object of the present invention is to provide a remote monitoring system terminal, a remote monitoring program, and remote monitoring that can be accessed from a user terminal device at a desired timing to a plurality of terminals connected to the Internet via an Internet service provider. To provide a system.
  • a remote monitoring system of the present invention is connected to the Internet via a plurality of terminals assigned with private IP addresses and connected to the Internet via an Internet service provider having a global IP address.
  • a cloud server and a user terminal device connected to the cloud server, wherein the cloud server assigns a first connection port to one terminal of the plurality of terminals, and the user terminal device includes a second connection port. The one terminal and the user terminal device communicate with each other via the first connection port, the second connection port, and the cloud server.
  • the cloud server randomly assigns the first connection port and the second connection port to the one terminal and the user terminal device, respectively.
  • another aspect of the remote monitoring system of the present invention is characterized in that the user terminal device transmits a connection request to one terminal of the plurality of terminals to the cloud server.
  • the cloud server assigns a different first connection port to the plurality of terminals for each connection request to one terminal among the plurality of terminals transmitted from the user terminal device.
  • a connection port assigning unit for assigning a different second connection port to the user terminal device.
  • the cloud server includes: the one terminal to which the first connection port is assigned; and the user terminal device to which the second connection port is assigned. It has a connection time management part which makes it possible to continue communication for a predetermined time.
  • the user terminal device has at least one IP address, one of the plurality of terminals to be connected, and a connection time to the cloud server. It is characterized by transmitting.
  • connection time management unit is configured to pass the first connection port and the second connection port when the connection time transmitted from the user terminal device has elapsed. The communication between one terminal and the user terminal device is cut off.
  • the plurality of terminals are connected to a measuring device and / or an imaging device by wire or wireless, respectively, and the target terminal or target device measured by the measuring device.
  • the measurement value and / or image data of the target terminal or target device imaged by the imaging device is transmitted to the cloud server via the Internet service provider and the Internet at a predetermined cycle.
  • the user terminal device transmits a connection request to a lower device connected to one terminal of the plurality of terminals to the cloud server,
  • the terminal receives the connection request from the cloud server, the terminal connects communication with the user terminal device to the lower-level device.
  • the user terminal device is a terminal selection screen for selecting one terminal of the plurality of terminals, and one terminal selected on the terminal selection screen.
  • the cloud server is connected to the lower-level device. The connection request is transmitted.
  • the remote monitoring system terminal of the present invention is connected to the Internet via an Internet service provider having a global IP address, and is a plurality of terminals assigned with private IP addresses.
  • the terminal is connected via a cloud server and the Internet.
  • a first connection port different from a second connection port assigned to the user terminal device by the cloud server is randomly assigned.
  • another aspect of the remote monitoring system terminal of the present invention is to continuously communicate with the user terminal device to which the second connection port has been assigned for a predetermined time via the first connection port. It is characterized by.
  • a tunneling connection that communicates with the user terminal device to which the second connection port is assigned via the first connection port has elapsed for a predetermined time. It is characterized by having a tunneling connection disconnection execution unit that sometimes disconnects.
  • the terminal when the terminal is connected to a lower level device and receives a connection request from the cloud server to the lower level device, the user terminal device and the terminal It is possible to communicate with a lower device.
  • the remote monitoring program of the present invention assigns a first connection port to one terminal among a plurality of terminals assigned a private IP address, which is connected to the Internet via an Internet service provider having a global IP address, Allocating a second connection port to a user terminal device connected to the cloud server connected to the Internet, and causing a processor to execute a function of randomly assigning the first connection port and the second connection port.
  • communication between one terminal assigned with the first connection port and a user terminal device assigned with the second connection port is continued for a predetermined time.
  • a remote monitoring system terminal which are accessible from a user terminal device to a plurality of terminals connected to the Internet via an Internet service provider at a desired timing. It becomes possible to provide.
  • FIG. 1 is an overall schematic configuration diagram of a remote monitoring system according to an embodiment of the present invention. It is a functional block diagram of the cloud server shown in FIG. It is a functional block diagram of the terminal shown in FIG. It is a functional block diagram of the user terminal device shown in FIG. It is a schematic sequence diagram of the remote monitoring system shown in FIG. It is a schematic sequence diagram of the remote monitoring system shown in FIG. It is a schematic sequence diagram of the remote monitoring system shown in FIG. It is a schematic sequence diagram of a remote monitoring system when a user (user) directs disconnection. It is a schematic sequence diagram of the remote monitoring system at the time of the cutting
  • a “remote monitoring system” is a system that monitors the state of a target terminal or target device and / or provides maintenance for the target terminal or target device or information related to maintenance.
  • Remote maintenance system remote maintenance system
  • remote monitoring system remote monitoring system
  • FIG. 1 is an overall schematic configuration diagram of a remote monitoring system according to an embodiment of the present invention.
  • the remote monitoring system 1 includes a user terminal device 3a that is a personal computer owned by a user (user) 3, a user terminal device 3b such as a smartphone (mobile phone) or a tablet, and a router 3c. , A cloud server 2, a remote monitoring system terminal 4 including a plurality of terminals 4 a to 4 c, the Internet 5, and an Internet service provider (ISP) 6.
  • ISP Internet service provider
  • the cloud server 2 is a server that is virtually constructed by connecting a plurality of servers, and FIG. 1 shows an example in which the cloud server 2 is constructed by connecting three servers.
  • the cloud server 2 only needs to be constructed by a plurality of servers, and is not limited to the three servers shown in FIG. 1, and the number of the servers is set as appropriate.
  • the user terminal device 3a and the user terminal device 3b are connected to the cloud server 2 via a router 3c or a general public line.
  • the user terminal device 3a, the user terminal device 3b, and the router 3c are connected to each other by, for example, Wi-Fi (registered trademark of Softbank BB Corp.) or a wired LAN (Local Area Network).
  • Wi-Fi registered trademark of Softbank BB Corp.
  • wired LAN Local Area Network
  • Various measured values hereinafter, unless otherwise specified, image data or various measured values are simply referred to as “various measured values”
  • ISP Internet service provider
  • the Internet service provider (ISP) 6 transmits various measurement values received from the terminal 4 including the plurality of terminals 4 a to 4 c to the cloud server 2 via the Internet 5. That is, in the remote monitoring system 1 shown in FIG. 1, various measured values are transmitted from the terminal 4 to the cloud server 2 via the Internet service provider (ISP) 6 and the Internet 5 in a predetermined cycle by IoT on the uplink.
  • ISP Internet service provider
  • the desired terminal 4 is sent from the user terminal device 3a or the user terminal device 3b to the cloud server 2 at a timing at which various measured values are transmitted from the terminal 4 at a predetermined cycle on the uplink or at a different timing.
  • An access request for access to (that is, a connection request to one of a plurality of terminals) is transmitted.
  • the cloud server 2 randomly assigns connection ports to the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4.
  • the tunneling 7 enables communication between the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4 via the Internet 5 and the Internet service provider (ISP) 6. To do.
  • ISP Internet service provider
  • the tunneling 7 connects the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4 via the cloud server 2 so that they can communicate with each other, for example, Since SSH (Secure Shell) connection is established, communication on all networks including an authentication part such as a password is encrypted, and it becomes possible to communicate safely.
  • SSH Secure Shell
  • a global IP address (Global Internet Protocol Address) is uniquely assigned to the Internet service provider (ISP) 6.
  • a plurality of terminals 4a, 4b, and 4c constituting the terminal 4 connected to the Internet service provider (ISP) 6 by wireless communication such as a 3G line are respectively connected to the private IP by the Internet service provider (ISP) 6.
  • An address (Private Internet Protocol Address) is assigned.
  • IP addresses include, for example, IPv4 which is a 32-bit numerical value or IPv6 which is a 128-bit numerical value.
  • IPv4 which is a 32-bit numerical value
  • IPv6 which is a 128-bit numerical value
  • private IP addresses assigned to the plurality of terminals 4a, 4b, and 4c constituting the terminal 4 for example, “10.0.0.0” to “10.255.255.255” ( Class A), “172.16.0.0” to “172.23.255.255” (class B), or “192.168.0.0” to “192.168.255.255” ( Any of class C) is used.
  • the Internet service provider (ISP) 6 includes a broadband router (not shown), and transmits various measured values from the plurality of terminals 4a, 4b, and 4c constituting the terminal 4 on the above-described uplink in a predetermined cycle on the Internet. 5, a network address translation (NAT) function that translates private IP addresses assigned to the terminals 4 a, 4 b, and 4 c into global IP addresses when transmitting to the cloud server 2 via the network server 5 is provided.
  • a broadband router (not shown) further has a network address port translation (NAPT) function for converting to a different port number for each private IP address.
  • NAPT network address port translation
  • FIG. 2 is a functional block diagram of the cloud server shown in FIG. 2, the cloud server 2 includes an input unit 201, a display unit 202, an input I / F 203, an output I / F 204, an identification information management unit 205, a relay unit 206, an access request reception unit 207, and a communication I / F 208.
  • the identification information management unit 205, the relay unit 206, the access request reception unit 207, the authentication unit 211, the connection port assignment unit 212, and the connection time management unit 213 include, for example, a ROM for storing various programs (not shown) and a calculation process This is realized by a memory such as a RAM that temporarily stores the data and a processor such as a CPU that reads and executes a program stored in the ROM.
  • the terminal identification information storage unit 209 stores a unique identifier made up of alphanumeric characters assigned to the plurality of terminals 4a, 4b, and 4c constituting the terminal 4, respectively.
  • the user terminal device storage unit 210 stores at least user information, connection authority, identification information, and the like of the user terminal device 3a and the user terminal device 3b that can be connected to the cloud server 2.
  • the identification information management unit 205 reads the identification information allocated to each of the terminals 4a to 4c with reference to the terminal identification information storage unit 209 and / or the user terminal device storage unit 210 as necessary via the internal bus 214. Moreover, the identification information of the user terminal device 3a and the user terminal device 3b is read. When the number of user terminal devices connectable to the cloud server 2 is increased, user information such as user terminal device identification information and a user name input via the input unit 201 and the input I / F 203 is displayed as an identification information management unit. 205 is updated and registered in the user terminal device storage unit 210 via the internal bus 214. Similarly, when a new terminal 4 is added, identification information of the terminal 4 input via the input unit 201 and the input I / F 203 is input to the identification information management unit 205 via the internal bus 214. Update registration is performed in the information storage unit 209.
  • the access request accepting unit 207 receives the information of the terminal 4 desired to be accessed, the desired connection time, and the IP address of the user terminal device 3a or the user terminal device 3b from the user terminal device 3a or the user terminal device 3b. Accepted via F208 and the internal bus 214. Further, the access request receiving unit 207 receives a tunneling connection release request from the user terminal device 3 a or the user terminal device 3 b via the communication I / F 208 and the internal bus 214.
  • the authentication unit 211 encrypts authentication information for enabling the terminal 4 to connect to the cloud server 2 (for example, SSH), and transmits it to the corresponding terminal 4 via the internal bus 214 and the communication I / F 208. Based on the authentication information from the terminal 4, whether tunneling is possible is determined.
  • the cloud server 2 for example, SSH
  • connection port assignment unit 212 For each access request, the connection port assignment unit 212 sets one of the two connection ports indicated by two numbers randomly selected from 10000 to 65535 as the first connection port and the other as the second connection port. Connection port. Then, the connection port assignment unit 212 assigns the first connection port to one of the terminals 4a to 4c constituting the terminal 4, and assigns the second connection port to the user terminal device 3a or the user terminal device 3b.
  • the relay unit 206 relays the maintenance / status grasping work request transmitted from the user terminal device 3a or the user terminal device 3b to the second connection port from the second connection port to the first connection port during tunneling. Then, the data is transmitted to one of the terminals 4a to 4c constituting the terminal 4. In addition, as a result of the maintenance / status grasping work request, various measured values transmitted from one of the terminals 4a to 4c constituting the terminal 4 to the first connection port are transmitted from the first connection port to the first connection port. 2 to the connection port, and various measurement values are transmitted to the user terminal device 3a or the user terminal device 3b. When the tunneling connection is established, the relay unit 206 changes the status of the tunneling connection from not connected to being connected.
  • the connection time management unit 213 has a tunneling connection time monitoring function. Specifically, the connection time management unit 213 starts a timer (not shown) at the start of tunneling, and forcibly terminates the tunneling connection when a predetermined time (for example, several minutes to several tens of minutes) has elapsed. Change the connection status from connected to not connected.
  • a predetermined time for example, several minutes to several tens of minutes
  • the cloud server 2 may further include a storage unit (not shown), and may be configured to store history information indicating which terminal 4 is accessed (tunnel connection) from which user terminal device.
  • the cloud server 2 periodically performs PING and TCP port monitoring with respect to the terminal 4, that is, transmits a PING packet to the terminal 4 or makes a TCP connection, and if the terminal 4 does not return a PING packet or the TCP connection is established.
  • FIG. 3 is a functional block diagram of the terminal 4 shown in FIG.
  • the functional block diagram of the terminal 4a is shown as an example, but the same applies to the other terminals 4b and 4c.
  • the terminal 4 a includes an access request monitoring unit 301, a tunneling request generation unit 302, an authentication information decryption unit 303, a measurement value acquisition unit 304, a communication I / F 305, a storage unit 306, and a tunneling connection disconnection request monitor.
  • the access request monitoring unit 301, the tunneling request generation unit 302, the authentication information decoding unit 303, the measurement value acquisition unit 304, the tunneling connection disconnection request monitoring unit 307, the tunneling connection disconnection execution unit 308, and the login authentication unit 309 are: For example, a ROM for storing various programs (not shown), a memory such as a RAM for temporarily storing operation process data, etc., and a processor such as a CPU for reading and executing a program stored in the ROM (that is, a remote monitoring program) It is realized by.
  • the access request monitoring unit 301 inquires of the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 whether or not there is an access request from the user terminal device 3a or the user terminal device 3b at a predetermined cycle. A reply from the server 2 is received and the access request is monitored.
  • ISP Internet service provider
  • the authentication information decrypting unit 303 receives and receives encrypted authentication information received from the cloud server 2 via the communication I / F 305. Decrypt the encrypted authentication information.
  • the authentication information decryption unit 303 transmits the decrypted authentication information to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
  • ISP Internet service provider
  • the tunneling request generation unit 302 generates a tunneling request when tunneling is necessary as a result of monitoring by the access request monitoring unit 301.
  • the tunneling request generation unit 302 transmits the generated tunneling request to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
  • ISP Internet service provider
  • the login authentication unit 309 transmits a request for the ID and password of the user terminal device that is tunnel-connected to the cloud server 2, and executes login authentication of the corresponding user terminal device based on the ID and password received from the cloud server 2. .
  • the measurement value acquisition unit 304 acquires various measurement values of the target terminal or target device measured by the measurement device 8 via the communication I / F 305 and stores them in a predetermined storage area of the storage unit 306 via the internal bus 310. Write.
  • the measurement value acquisition unit 304 transmits the above various measurement values on the uplink to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 at a predetermined cycle by IoT. . Further, the measurement value acquisition unit 304 receives a maintenance / status grasping work request from a user terminal device, which will be described in detail later, via the communication I / F 305 and stores the request in the storage unit 306 corresponding to the work request.
  • ISP Internet service provider
  • the various measurement values are read out and transmitted to the cloud server 2.
  • the measurement value acquisition unit 304 may read the various measurement values at a different timing and transmit them to the cloud server 2. Note that the measurement value acquisition unit 304 may perform a process such as noise removal on the acquired various measurement values.
  • the storage unit 306 stores various measurement values of the target terminal or target device measured by the measurement device 8 in association with the date and time.
  • the tunneling connection disconnection request monitoring unit 307 inquires the cloud server 2 about the presence of a tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6 and the Internet 5 at a predetermined cycle, and makes a tunneling connection. If there is a disconnection request, the fact is transferred to the tunneling connection disconnection execution unit 308 via the internal bus 310.
  • ISP Internet service provider
  • the tunneling connection disconnection execution unit 308 When the tunneling connection disconnection execution unit 308 receives information indicating that a tunneling connection disconnection request has been received from the tunneling connection disconnection request monitoring unit 307 via the internal bus 310, the tunneling connection disconnection information is immediately disconnected and information indicating that the tunneling connection disconnection execution unit 308 has been disconnected. Alternatively, the signal is transmitted to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5.
  • ISP Internet service provider
  • the tunneling connection disconnection execution unit 308 includes a timer (not shown), starts the timer to disconnect the tunneling connection when the connection time acquired from the cloud server 2 via the communication I / F 305 elapses, and activates the timer (connection time When the time elapses, the tunneling connection is disconnected, and information or a signal indicating the disconnection is transmitted to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5.
  • a timer not shown
  • FIG. 4 is a functional block diagram of the user terminal device shown in FIG.
  • the functional block diagram of the user terminal device 3a is shown as an example, but the same applies to the other user terminal devices 3b.
  • the user terminal device 3a includes an input unit 401, a display unit 402, an input I / F 403, an output I / F 404, a calculation unit 405, a communication I / F 406, a storage unit 407, and these components connected to each other.
  • An internal bus 409 is provided.
  • the user terminal device 3a includes a battery unit 408 that includes a power source and a battery.
  • the calculation unit 405 includes, for example, a ROM for storing various programs (not shown), a memory such as a RAM for temporarily storing calculation process data, and a CPU for reading and executing the programs stored in the ROM. Realized by a processor.
  • the input unit 401 includes, for example, a keyboard and a mouse.
  • the input unit 401 includes an access request to a desired terminal 4, an ID and a password that are input at the time of login for tunneling connection, and a request for maintenance / status grasping described later. Are input to the input I / F 403.
  • the input I / F 403 transmits input information such as the access request, ID and password, and maintenance / status grasping work request to the cloud server 2 via the internal bus 409, the communication I / F 406, and the router 3c. .
  • the output I / F 404 receives various measured values from one of the terminals 4a to 4c constituting the terminal 4 connected by tunneling in response to the maintenance / status grasping request, and the communication I / F 406. And the measurement values are output to the display unit 402 and displayed on the display screen.
  • the storage unit 407 includes at least its own IP address, parameters used for various calculations by the calculation unit 405, and a target terminal or target terminal of a target device that is acquired in response to the maintenance / status grasping work request. Stores various measurement values of the target device.
  • the calculation unit 405 has a function of reading a desired application program from a ROM (not shown) and executing it, and outputting the calculation result to the display unit 402 via the internal bus 409 and the output I / F 404.
  • FIG. 6 to 7 are schematic sequence diagrams of the remote monitoring system
  • FIG. 8 is a schematic sequence diagram of the remote monitoring system when a user (user) instructs disconnection
  • FIG. 9 is a disconnection by the timer function. It is a schematic sequence diagram of the remote monitoring system.
  • the access request monitoring unit 301 constituting the terminal 4b informs the cloud server 2 whether or not there is an access request to the desired terminal 4 at a predetermined cycle (whether tunneling is necessary). Inquiries are made via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S101).
  • the access request reception unit 207 constituting the cloud server 2 does not receive an access request from the user terminal device 3a
  • the access request reception unit 207 notifies the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 that there is no need for tunneling. Transmit (S102).
  • these processes are executed at a predetermined cycle, as also shown in S103 and S104.
  • the user terminal device 3a sends an access request to the terminal 4b to the cloud server 2 via the communication I / F 406 and the router 3c, including, for example, a predetermined connection time and the IP address of the user terminal device 3a itself that is the connection source. (S105).
  • the identification information management unit 205 accesses the user terminal device storage unit 210 and makes an access request.
  • the connection source is specified as the user terminal device 3a by the included IP address.
  • the identification information management unit 205 accesses the terminal identification information storage unit 209 and acquires the identification information of the terminal 4b that is the connection destination.
  • the connection port assignment unit 212 acquires two connection ports at random. If the acquired two connection ports (No. X, No. Y) are not in use, the connection port assignment unit 212 reserves the first connection port (No.
  • connection port allocation unit 212 arbitrarily selects one server (server address “Z”) from a plurality of servers constituting the cloud server 2 to which the user terminal device 3a is connected (S106).
  • the access request reception unit 207 configuring the cloud server 2 receives presence / absence of access request (whether tunneling is necessary) from the access request monitoring unit 301 configuring the terminal 4b (S107), and configures the cloud server 2
  • the connection port allocating unit 212 indicates that tunneling is necessary, the server address “Z” to be connected (hereinafter referred to as server Z), the first connection port (No. X), the predetermined connection time, and the encrypted Along with the authentication information, it is transmitted to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S108).
  • the authentication information decryption unit 303 constituting the terminal 4b decrypts the encrypted authentication information received from the cloud server 2. Further, the tunneling request generation unit 302 that configures the terminal 4b generates a tunneling request, and sends the generated tunneling request to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6, for example, by SSH. The information is transmitted to the server Z to be configured (S109).
  • ISP Internet service provider
  • the server Z transmits an authentication information transmission request to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S110).
  • the authentication information decryption unit 303 constituting the terminal 4b transmits the decrypted authentication information to the server Z via the communication I / F 305 and the Internet service provider (ISP) 6, for example, by SSH (S111).
  • the authentication unit 211 constituting the server Z determines whether tunneling is possible based on the received authentication information, and transmits a connection permission notification to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S112).
  • the tunneling request generation unit 302 constituting the terminal 4b communicates with the server Z to the first connection port (No. X). Transmits a request to transmit to itself via the Internet service provider (ISP) 6 and the Internet 5 (S113).
  • the access request receiving unit 207 constituting the server Z transmits a signal (Ack) indicating that the server Z has been acknowledged to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S114).
  • the tunneling connection disconnection execution unit 308 constituting the terminal 4b starts a timer (not shown) to disconnect after a predetermined connection time received by the connection port assignment unit 212 previously constituting the server Z (S115).
  • the relay unit 206 constituting the server Z activates a service that relays access to the second connection port (No. Y) from the user terminal device 3a to the first connection port (No. X).
  • the connection time management unit 213 constituting the server Z starts a timer (not shown) so as to be disconnected after a predetermined connection time (S116).
  • the relay unit 206 changes the status of the tunneling connection from not connected to being connected.
  • the connection port assignment unit 212 constituting the server Z transmits to the user terminal device 3a that the server to be connected is the server Z and the connection port is the second connection port (Y number) (S117).
  • the user terminal device 3a transmits a connection request to the second connection port (No. Y) to the server Z (S118).
  • the relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S119).
  • the relay unit 206 constituting the server Z transmits a connection request to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6 (S200).
  • the login authentication unit 309 constituting the terminal 4b transmits a request for the ID and password of the user terminal device 3a to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S201). .
  • the relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (Y No.) (S202). Then, the relay unit 206 transmits an ID / password transmission request to the user terminal device 3a (S203).
  • the input unit 401 constituting the user terminal device 3a inputs the ID and password necessary for login during tunneling connection. The data is transmitted to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406 (S204).
  • the relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S205).
  • the relay unit 206 constituting the server Z transmits the ID and password of the user terminal device 3a to the terminal 4b via the communication I / F 208, the Internet 5 and the Internet service provider (ISP) 6 (S206).
  • the login authentication unit 309 constituting the terminal 4b executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z, and indicates that it is OK (permission notification) to the Internet service provider (ISP) 6 And it transmits to the server Z via the Internet 5 (S207).
  • the relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (No. Y) (S208). And the relay part 206 transmits that the result of login authentication is OK (permission notification) to the user terminal device 3a (S209).
  • the input unit 401 configuring the user terminal device 3a requests a maintenance / status grasping operation request. Is transmitted to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406 (S210).
  • the relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S211).
  • the relay unit 206 constituting the server Z transmits a request for maintenance / status grasping work to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6 (S212).
  • the measurement value acquisition unit 304 When the measurement value acquisition unit 304 constituting the terminal 4 b receives a maintenance / status grasping operation request via the communication I / F 305, the measurement value acquisition unit 304 accesses the storage unit 306 via the internal bus 310 and stores the request in the storage unit 306.
  • the process execution results corresponding to the above various measurement values and work requests are read out and transmitted to the server Z via the Internet service provider (ISP) 6 and the Internet 5 as the maintenance / status grasping work request results (S213).
  • ISP Internet service provider
  • the relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (No. Y) (S214). And the relay part 206 transmits the process execution result according to the various measurement values and work request of an object terminal or an object apparatus to the user terminal device 3a as a request result of the maintenance / status grasping work (S215).
  • the tunneling connection disconnection request monitoring unit 307 constituting the terminal 4 b transmits to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 at a predetermined cycle.
  • An inquiry is made as to whether there is a tunneling connection disconnection request (S301).
  • the access request receiving unit 207 constituting the server Z indicates that there is no need for disconnection when the tunneling connection disconnection request is not received from the user terminal device 3a, and that the terminal 4b is connected via the Internet 5 and the Internet service provider (ISP) 6. (S302).
  • the user terminal device 3a When the operation is completed, the user terminal device 3a inputs a tunneling connection release request (tunneling connection disconnection request) through the input unit 401 and transmits it to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406. (S303).
  • the access request receiving unit 207 configuring the server Z transmits an acknowledgment (Ack) to the user terminal device 3a (S304). Then, the access request reception unit 207 changes the status of the tunneling connection from being connected to a disconnection request (S305).
  • the tunneling connection disconnection request monitoring unit 307 configuring the terminal 4b inquires of the server Z about the presence of a tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S306). At this time, since the status of the tunneling connection is changed from being connected to a disconnection request, the access request accepting unit 207 constituting the server Z sends the request to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6. A tunneling connection disconnection request is transmitted (S307).
  • the tunneling connection disconnection execution unit 308 Upon receiving the tunneling connection disconnection request from the tunneling connection disconnection request monitoring unit 307 via the internal bus 310, the tunneling connection disconnection execution unit 308 constituting the terminal 4b immediately disconnects the tunneling connection (ends connection) and is not illustrated. The timer is stopped (S308). Then, the tunneling connection disconnection execution unit 308 transmits information indicating that the timer has been stopped to the server Z via the Internet service provider (ISP) 6 and the Internet 5 (S309).
  • ISP Internet service provider
  • the relay unit 206 constituting the server Z terminates the relay service, the connection time management unit 213 stops the timer, and changes the status of the tunneling connection from the disconnection request to the unconnected (S310). Then, the connection time management unit 213 transmits an acknowledgment (Ack) to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S311). Thereafter, the connection port allocation unit 212 constituting the server Z cancels the reserved first connection port (No. X) and second connection port (No. Y) (S312).
  • the tunneling connection disconnection execution unit 308 constituting the terminal 4b activates a timer when a predetermined time, which is a connection time of the tunneling connection, has elapsed, and ends the tunneling connection (S401). .
  • the connection time management unit 213 configuring the server Z activates a timer when a predetermined time, which is a connection time for tunneling connection, has elapsed, and the relay unit 206 ends the relay service (S402).
  • the user terminal device 3a is forced to terminate the tunneling connection and cannot access the server Z (S403).
  • the tunneling connection disconnection execution unit 308 constituting the terminal 4b transmits a notification that the timer has been stopped to the server Z via the Internet service provider (ISP) 6 and the Internet 5 (S404).
  • the connection time management unit 213 configuring the server Z changes the status of the tunneling connection from being connected to not being connected (S405).
  • the connection time management unit 213 transmits an acknowledgment (Ack) to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S406).
  • the connection port allocation unit 212 constituting the server Z cancels the reserved first connection port (No. X) and second connection port (No. Y) (S407).
  • the tunneling connection is automatically disconnected by the trigger of the timer, so even if the forgetting to transmit the tunneling connection disconnection request occurs after the work is completed. It becomes possible to prevent forgetting to close the connection port.
  • FIG. 10 is a flowchart showing a processing flow of the cloud server 2 shown in FIG.
  • the access request receiving unit 207 determines whether there is an inquiry from the terminal 4b. That is, it is determined whether or not there is an inquiry about whether or not there is an access request (whether tunneling is necessary) from the terminal 4b. If there is no inquiry, step S2001 is repeated to enter a standby state. On the other hand, if there is an inquiry about whether there is an access request from the terminal 4b (whether tunneling is necessary), the process proceeds to step S2002.
  • step S2002 the access request receiving unit 207 determines whether or not there is an access request from the user terminal device 3a. As a result of the determination, if there is no access request from the user terminal device 3a, the process proceeds to step S2003 to indicate that there is no need for tunneling (tunneling not required), and to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6. Then, the process returns to step S2002. On the other hand, if there is an access request from the user terminal device 3a, the process proceeds to step S2004.
  • the identification information management unit 205 specifies the terminal 4b with reference to the terminal identification information storage unit 209 and specifies the user terminal device 3a with reference to the user terminal device storage unit 210. That is, the identification information management unit 205 accesses the user terminal device storage unit 210, and specifies that the connection source is the user terminal device 3a based on the identification information included in the access request. Also, the identification information management unit 205 accesses the terminal identification information storage unit 209 and acquires the identification information of the terminal 4b that is the connection destination.
  • step S2005 a first connection port to be assigned to the terminal 4b and a second connection port to be assigned to the user terminal device 3a are randomly obtained, and a server to be reserved and connected is selected.
  • the connection port assignment unit 212 acquires two connection ports at random. If the acquired two connection ports (No. X, No. Y) are not in use, the connection port assignment unit 212 reserves the first connection port (No. X) of the cloud server 2 to be assigned to the terminal 4b, and the user The second connection port (No. Y) of the cloud server 2 assigned to the terminal device 3a is reserved.
  • connection port assignment unit 212 arbitrarily selects one server (server address “Z”) from a plurality of servers constituting the cloud server 2 to which the user terminal device 3a is connected. Then, the connection port assignment unit 212 indicates that the tunneling is necessary, the server address “Z” (hereinafter referred to as server Z) to be connected, the first connection port (No. X), the predetermined connection time, the encryption The authentication information is transmitted to the terminal 4b via the Internet 5 and Internet service provider (ISP) 6.
  • server Z server address “Z”
  • server Z the server address “Z” (hereinafter referred to as server Z) to be connected
  • the first connection port (No. X) the predetermined connection time
  • ISP Internet service provider
  • step S2006 an authentication process for the terminal 4b is executed. Specifically, the authentication unit 211 performs authentication processing by determining whether or not tunneling is possible based on authentication information received from the terminal 4b.
  • step S2007 relay service activation & timer activation from the second connection port to the first connection port is executed. Specifically, the relay unit 206 activates a service that relays access to the second connection port (No. Y) from the user terminal device 3a to the first connection port (No. X).
  • the connection time management unit 213 starts a timer to disconnect after a predetermined connection time.
  • the relay unit 206 changes the status of the tunneling connection from not connected to being connected.
  • step S2008 relay is performed from the first connection port to the second connection port. Specifically, the relay unit 206 relays from the first connection port (No. X) to the second connection port (No. Y).
  • step S2009 the presence / absence of a maintenance / situation grasping work request is determined from the user terminal device 3a. If there is no maintenance / situation grasping work request, a standby state is entered in step S2009. On the other hand, if there is a maintenance / status grasping work request, the process proceeds to step S2010. Specifically, the access request reception unit 207 determines whether or not there is a maintenance / status grasping work request from the user terminal device 3a. Become. On the other hand, when the access request receiving unit 207 receives a maintenance / status grasping work request from the user terminal device 3a via the communication I / F 208, the process proceeds to step S2010.
  • step S2010 a maintenance / status grasping work request is transmitted to the terminal 4b.
  • the relay unit 206 relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. . Then, the relay unit 206 transmits a request for maintenance / status grasping work to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6.
  • ISP Internet service provider
  • step S2011 the result of the work request from the terminal 4b is relayed to the user terminal device 3a.
  • the relay unit 206 relays from the first connection port (No. X) to the second connection port (No. Y). Then, the relay unit 206 transmits, to the user terminal device 3a, processing results corresponding to various measurement values and work requests of the target terminal or target device as the maintenance / status grasping work request results received from the terminal 4b.
  • step S2012 it is determined whether or not there is a tunneling connection release request from the user terminal device 3a. If there is a tunneling connection release request, the process proceeds to step S2014, and if there is no tunneling connection release request, the process proceeds to step S2013. Specifically, the access request receiving unit 207 determines whether there is a tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a, and there is a tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a. If YES in step S2014, the process advances to step S2014. If there is no tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a, the process advances to step S2013.
  • step S2013 it is determined whether or not the timer activation / tunneling connection is completed. If the timer is not activated and the tunneling connection is not completed, the process returns to step S2012. On the other hand, when the timer is activated and the tunneling connection is terminated, the process proceeds to step S2015. Specifically, the connection time management unit 213 starts the timer, and the relay unit 206 continues the relay service without activating the timer before a predetermined time, which is the connection time of the tunneling connection, elapses. Return to S2012.
  • connection time management unit 213 activates the timer when a predetermined time, which is the connection time of the tunneling connection, has elapsed since the start of the timer, the relay unit 206 ends the relay service, and the process proceeds to step S2015.
  • step S2014 the status of the tunneling connection is changed from being connected to a disconnection request.
  • the access request reception unit 207 changes the status of the tunneling connection from being connected to a disconnection request.
  • a tunneling connection disconnection request is transmitted to the terminal 4b.
  • step S2015 it waits for the timer transmitted from the terminal 4b to be stopped.
  • step S2016 the status of the tunneling connection is changed from being connected or disconnected to not being connected.
  • the relay unit 206 ends the relay service, and the connection time management unit 213 stops the timer, and changes the status of the tunneling connection from being connected or disconnecting to being unconnected.
  • step S2017 the first connection port and the second connection port being reserved are released, and the process ends. Specifically, the connection port allocation unit 212 releases the reserved first connection port (X number) and second connection port (Y number), and ends the process.
  • FIG. 11 is a flowchart showing the processing flow of the terminal 4 shown in FIG.
  • the terminal 4b will be described as an example.
  • the access request monitoring unit 301 determines whether tunneling is necessary. That is, the access request monitoring unit 301 inquires of the cloud server 2 through the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 about the presence / absence of an access request (whether tunneling is necessary) at a predetermined cycle. If there is no access request as a result of the inquiry, step S4001 is repeated to enter a standby state. On the other hand, if there is a tunneling request, the process proceeds to step S4002.
  • ISP Internet service provider
  • a server address to be connected, a first connection port number, a connection time, and encrypted authentication information are acquired.
  • a server address “Z” (hereinafter referred to as a server Z) to be connected received from the cloud server 2 via the Internet 5, Internet service provider (ISP) 6, and communication I / F 305,
  • the server address “Z” (hereinafter referred to as server Z) to be connected and the first connection port (X number) Is acquired by the tunneling request generation unit 302 via the internal bus 310.
  • the predetermined connection time is acquired by the tunneling connection disconnection execution unit 308 via the internal bus 310.
  • the encrypted authentication information is acquired by the authentication information decryption unit 303 via the internal bus 310.
  • step S4003 the acquired authentication information is decrypted. Specifically, the authentication information decryption unit 303 decrypts the encrypted authentication information received from the cloud server 2.
  • a tunneling request is transmitted to the server Z to be connected.
  • the tunneling request generation unit 302 generates a tunneling request and configures the cloud server 2 with the generated tunneling request via the communication I / F 305 and the Internet service provider (ISP) 6 using, for example, SSH. Send to server Z.
  • ISP Internet service provider
  • step S4005 authentication information is transmitted to the server Z to be connected.
  • the authentication information decryption unit 303 transmits the decrypted authentication information to the server Z via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
  • ISP Internet service provider
  • step S4006 the server Z to be connected is requested to transmit the communication to the first connection port to itself.
  • the tunneling request generation unit 302 sends a request to the server Z to send communication to the first connection port (No. X) to itself via the Internet service provider (ISP) 6 and the Internet 5. Send.
  • ISP Internet service provider
  • step S4007 a timer is started to disconnect the tunneling connection when the acquired connection time has elapsed.
  • the tunneling connection disconnection execution unit 308 starts a timer (not shown) so as to disconnect after a predetermined connection time previously received from the server Z.
  • step S4008 the server Z is requested for the ID and password of the user terminal device 3a.
  • the login authentication unit 309 transmits a request for the ID and password of the user terminal device 3 a to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5.
  • ISP Internet service provider
  • step S4009 login authentication processing is executed. Specifically, the login authentication unit 309 executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z, and notifies the Internet service provider (ISP) 6 that it is OK (permission notification). And to the server Z via the Internet 5.
  • ISP Internet service provider
  • step S4010 a maintenance / status grasping work request is received.
  • the measured value acquisition unit 304 receives a maintenance / status grasping request from the user terminal device 3a via the communication I / F 305.
  • step S4011 the measurement value and maintenance information by the measurement device are read from the storage unit, and the result is transmitted to the server Z.
  • the measurement value acquisition unit 304 accesses the storage unit 306 via the internal bus 310, and displays processing results corresponding to various measurement values and work requests of the target terminal or target device stored in the storage unit 306. As a request result of the work of reading and maintenance / status grasping, it is transmitted to the server Z via the Internet service provider (ISP) 6 and the Internet 5.
  • ISP Internet service provider
  • step S4012 it is determined whether or not there is a tunneling connection release request from the user terminal device 3a. If there is a tunneling connection release request, the process proceeds to step S4014. If there is no tunneling connection release request, the process proceeds to step S4013. Specifically, the tunneling connection disconnection request monitoring unit 307 inquires of the server Z about the presence or absence of the tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5. As a result of the inquiry, if there is a tunneling connection disconnection request (tunneling connection release request), the process proceeds to step S4014. If there is no tunneling connection disconnection request (tunneling connection release request), the process proceeds to step S4013.
  • ISP Internet service provider
  • step S4013 it is determined whether or not the timer activation / tunneling connection is completed. If the timer is not activated and the tunneling connection is not completed, the process returns to step S4012.
  • the terminal 4b continuously communicates with the user terminal device 3a to which the second connection port is assigned via the first connection port for a predetermined time.
  • the process proceeds to step S4014. Specifically, the tunneling connection disconnection execution unit 308 continues the tunneling connection without activating the timer before elapse of a predetermined time, which is the connection time of the tunneling connection, after starting the timer, and returns to step S4012.
  • the tunneling connection disconnection execution unit 308 activates the timer when a predetermined time, which is the connection time of the tunneling connection, has elapsed since the start of the timer, and proceeds to step S4014.
  • step S4014 the tunneling connection disconnection execution unit 308 executes the tunneling connection disconnection and ends the process.
  • FIG. 12 is a flowchart showing a processing flow of the user terminal device shown in FIG.
  • the user terminal device 3a will be described as an example.
  • an access request to the terminal 4b is transmitted to the cloud server 2 (connection time and connection source information transmission).
  • the user terminal device 3a sends an access request to the terminal 4b to the communication I / F 406 and the router 3c including, for example, a predetermined connection time and the IP address of the user terminal device 3a that is the connection source.
  • the cloud server 2 connection time and connection source information transmission
  • step S3002 a server address to be connected and a second connection port number are acquired.
  • the cloud server 2 acquires that the server to be connected is the server Z and the connection port is the second connection port (Y number).
  • step S3003 a connection request is transmitted to the server Z to be connected through the second connection port.
  • the user terminal device 3a transmits a connection request to the second connection port (No. Y) to the server Z.
  • step S3004 an ID and password transmission request is received from the server to be connected.
  • the communication I / F 406 receives an ID and password transmission request from the server Z.
  • step S3005 the ID and password are transmitted to the server Z to be connected.
  • the input unit 401 inputs an ID and a password that are required at the time of login at the time of tunneling connection, and transmits them to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406.
  • step S3006 a login authentication result is received. Specifically, the communication I / F 406 receives from the server Z that the login authentication result is OK (permission notification).
  • step S3007 a maintenance / status grasping work request is transmitted.
  • the input unit 401 inputs a request for maintenance / status grasping work, and transmits the request to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406.
  • step S3008 the measurement value and maintenance information by the measuring device are received as a request result via the second connection port.
  • the communication I / F 406 receives processing results corresponding to various measurement values and work requests of the target terminal or target device from the server Z as a result of the maintenance / status grasping work request, and ends the process. To do.
  • various measurement values of the target terminal or target device and the processing results corresponding to the work request are displayed via the output I / F 404 as a request result of the received maintenance / status grasping work request. Displayed on the display screen of the unit 402. As a result, the user (user) 3 who is the owner of the user terminal device 3a can easily examine the necessity of maintenance and the contents of the maintenance for the target terminal or the target device.
  • various measurement values of the target terminal or target device by IoT are transmitted from the terminal 4 to the cloud server 2 via the Internet service provider (ISP) 6 and the Internet 5 at a predetermined cycle.
  • ISP Internet service provider
  • the terminal 4 constituted by the terminals 4a to 4c described above, a personal computer, a smartphone (mobile phone), a tablet or the like may be used.
  • a remote monitoring system in which a plurality of terminals connected to the Internet via an Internet service provider can be accessed from a user terminal device at a desired timing.
  • the present embodiment it is possible to grasp the necessity of maintenance for the target terminal or target device in a timely manner by tunneling connection between the user terminal device and one of the plurality of terminals. At the same time, it becomes possible to easily examine the contents of maintenance.
  • the configuration in which the user terminal device 3 and the terminal 4 can communicate with each other via the cloud server 2 has been described.
  • the user terminal device 3 and the lower connection port of the terminal 4 are connected.
  • the following processing is required.
  • the connection port of the terminal 4 is expressed as “lower connection port”.
  • a terminal selection screen G1 including a button for selecting a terminal 4 (4a to 4c) to be connected and a terminal to be connected is displayed. indicate. Then, when a terminal to be connected is selected by a button operation on the terminal selection screen G1, as shown in FIG. 13B, a connection destination (terminal 4 itself or its lower connection port) that becomes a connection candidate in the selected terminal 4 And a connection destination selection screen G2 including a button for selecting a connection destination. And it connects automatically to the connection destination selected by button operation in the connection destination selection screen G2.
  • connection destination selection screen G2 When the terminal itself is selected on the connection destination selection screen G2, the same operation as that described in the above-described embodiment is performed.
  • the display of the terminal selection screen G1 and the connection destination selection screen G2 on the display unit 402 of the user terminal device 3 is performed by accessing the cloud server 2 as a Web server by the browser software of the user terminal device 3. Is called.
  • the terminal 4b is selected on the terminal selection screen G1, and the measuring device is selected on the connection destination selection screen G2. Then, in S105 of FIG. 5, an access request to the terminal 4b is added to a predetermined connection time and the IP address of the user terminal device 3a itself, and information indicating the measurement device as a connection destination (for example, a lower connection port (number A) ) And a unique identification number assigned to the measuring device) and the like are transmitted to the cloud server 2.
  • a connection destination for example, a lower connection port (number A)
  • a unique identification number assigned to the measuring device and the like are transmitted to the cloud server 2.
  • the cloud server 2 reserves the first connection port (No. X) and the second connection port (No. Y) and selects the server Z to be connected. After that, when the cloud server 2 accepts the presence / absence of a tunneling request from the terminal 4b in S107, the server Z to be connected, the first connection port (No. X), a predetermined number in S108 indicate that tunneling is necessary.
  • the connection time, encrypted authentication information, and information indicating the measurement device are transmitted to the terminal 4b.
  • the information transmitted to the terminal 4b and the access request correspond to a connection request to the measuring device connected to the terminal 4b.
  • the process proceeds from S109 to S206, and the terminal 4b executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z. If the authentication is OK, the terminal 4b transfers the information from the server Z to the lower connection port (No. A) to which the measuring device is connected, and transmits the information from the lower connection port (No. A) to the server Z. After setting to forward to the first connection port (No. X), in S207, the fact that the authentication is OK (permission notice) is transmitted to the server Z.
  • the user terminal device 3a and the measuring device connected to the lower connection port (No. A) of the terminal 4b are communicably tunneled and the request of the user terminal device 3a is directly input to the measuring device.
  • the terminal 4b when the terminal 4b receives a connection request from the cloud server 2 to the measuring device connected to the terminal 4b, the terminal 4b uses the first connection port (No. X), the second connection port (No. Y), and the cloud server 2. Since the communication with the user terminal device 3a is connected (relayed) with the measurement device, the user terminal device 3a and the measurement device can directly communicate with each other.
  • the timing at which communication is transferred between the server Z and the lower connection port in the terminal 4b is not limited to immediately before S207, but may be, for example, the timing before or after S109. Unless determined, it may be determined appropriately according to the configuration. Further, in the above description, the connection destination is selected by operating the connection button displayed on the display unit 402. In addition to this, for example, a command character string including the selected connection destination is input. It is good also as a structure.
  • Connection port allocation unit 213 ... Connection time management unit 214 ... Internal bus 301 ... Access request monitoring unit 302 ... Tunneling request generation unit 303 ... Authentication information Decoding unit 304 ... Measurement value acquisition unit 305 ... Communication I / F 306 ... Storage unit 307 ... Tunneling connection disconnection request monitoring unit 308 ... Tunneling connection disconnection execution unit 309 ... Login authentication unit 310 ... Internal bus 401 ... Input unit 402 ... Display unit 403 ... Input I / F 404 ... Output I / F 405 ... Calculation unit 406 ... Communication I / F 407: Storage unit 408 ... Battery unit 409 ... Internal bus G1 ... Terminal selection screen G2 ... Connection destination selection screen

Abstract

[Problem] To provide a remote monitoring system that allows a user terminal device to access, at a desired timing, a plurality of terminals connected to the Internet through an Internet Server Provider. [Solution] A remote monitoring system 1 is equipped with: a plurality of terminals 4 connected to the Internet 5 via an Internet Server Provider 6 having a global IP address, each being assigned a private IP address; a cloud server 2 connected to the Internet 5; and user terminal devices (3a, 3b) connected to the cloud server 2. The cloud server 2 assigns a first connection port to one terminal from among the plurality of terminals 4 and assigns a second connection port to the user terminal devices (3a, 3b). The one terminal and the user terminal devices (3a, 3b) communicate via the first connection port, the second connection port, and the cloud server 2.

Description

遠隔監視システム用端末、遠隔監視用プログラム及び遠隔監視システムRemote monitoring system terminal, remote monitoring program, and remote monitoring system
 本発明は、インターネット等を介して接続される各種端末を監視する遠隔監視システムに係り、特に、任意のタイミングで監視対象である各種端末との接続を可能とする遠隔監視システムに関する。 The present invention relates to a remote monitoring system that monitors various terminals connected via the Internet or the like, and more particularly to a remote monitoring system that enables connection with various terminals to be monitored at an arbitrary timing.
 近年、IoT(Internet of Things:以下、IoTと称する)、モノのインターネットとも称される技術が、監視等の分野を含め注目を集めていている。IoTとは、一意に識別可能なコンピュータ或はデバイスなどがインターネットに接続され、デバイス同士が情報交換することにより相互に制御する仕組みである。ここで、デバイスとして、例えば、各種センサーなどの計測装置、監視カメラ、及び、空調機又調理装置等の日常生活用機器など、あらゆるモノが含まれる。 In recent years, technology called IoT (Internet of Things: hereinafter referred to as IoT) and the Internet of Things has attracted attention, including fields such as monitoring. IoT is a mechanism in which a uniquely identifiable computer or device is connected to the Internet, and devices mutually control each other by exchanging information. Here, the device includes all things such as measuring devices such as various sensors, surveillance cameras, and devices for daily life such as air conditioners and cooking devices.
 IoTは、例えば、インダストリアルインターネット(Industrial Internet)と称される情報処理システムでは、デバイスや人をつなぎ、リアルタイムでデータを取得し、これに基づくアクションを行うことで、デバイスの稼働効率を高められると共に、人の待ち時間を減少させるといった効果が期待されている。 In IoT, for example, in an information processing system called Industrial Internet, devices and people can be connected, data can be acquired in real time, and actions based on this can be performed to improve device operation efficiency. The effect of reducing human waiting time is expected.
 IoTに関する技術として、例えば、特許文献1及び特許文献2に記載される技術が提案されている。 As a technique related to IoT, for example, techniques described in Patent Document 1 and Patent Document 2 have been proposed.
 特許文献1では、ワークフロー管理装置が、IoT機器の動作を複数のステージに亘り制御するワークフローについて、各ステージから次のステージへの移行条件と、ワークフローの現在のステージを示すステージ情報を保持する。ステージ間に半順序関係があり、第1ステージと第2ステージが比較不可能でかつ、第3ステージが第1ステージの次に実行可能であるが、第3ステージが第2ステージとは比較不可能な場合には、ワークフロー管理装置は、第1ステージの移行条件が満たされた一方、第2ステージの移行条件が満たされていない場合に、ワークフローが第1ステージの次の第3ステージであり、かつ、第2ステージでもあることを示すようステージ情報を更新する技術が開示されている。ここでステージとは、温度収集ステージ、平均温度計算ステージ、又はエネルギー会計計算ステージなどである。 In Patent Document 1, a workflow management device holds a transition condition from each stage to the next stage and stage information indicating the current stage of the workflow for a workflow that controls the operation of an IoT device over a plurality of stages. There is a partial order relationship between the stages, the first stage and the second stage cannot be compared, and the third stage can be executed next to the first stage, but the third stage cannot be compared with the second stage. If possible, the workflow management device determines that the workflow is the third stage after the first stage when the transition condition of the first stage is satisfied but the transition condition of the second stage is not satisfied. And the technique of updating stage information to show that it is also a 2nd stage is disclosed. Here, the stage is a temperature collection stage, an average temperature calculation stage, an energy accounting calculation stage, or the like.
 また、特許文献2には、2つ以上のIoTデバイス間の特定の自動的な相互作用のデバイスコンフィギュレーションに関するソリューションテンプレートの選択を受け、完全なソリューションテンプレートが選択される場合、デバイスコンフィギュレーションを配備する。そうでない場合、IoTデバイスの選択を受け、選択されるIoTデバイスのIoTデータベース内のデバイス機能にアクセスし、選択されるIoTデバイス間にネットワークコネクションを設定し、IoTデータベース内でデバイスコンフィギュレーションをシミュレーションし、デバイスコンフィギュレーションが使用可能であるか否かを判定する。使用可能でない場合、代替的なIoTデバイスを含むようにデバイスコンフィギュレーションを再構成し、使用可能である場合、デバイスコンフィギュレーションを配備する技術が開示されている。ここでデバイスコンフィグレーションとは、ネットワークを介して相互に2つ以上のIoTデバイス間での通信接続を確立することである。 Patent Document 2 also deploys a device configuration when a complete solution template is selected upon selection of a solution template for a specific automatic interaction device configuration between two or more IoT devices. To do. Otherwise, receive IoT device selection, access device functions in the IoT database of the selected IoT device, set up a network connection between the selected IoT devices, and simulate the device configuration in the IoT database Determine whether the device configuration is available. Techniques are disclosed for reconfiguring a device configuration to include an alternative IoT device if it is not available and deploying the device configuration if it is available. Here, the device configuration is to establish a communication connection between two or more IoT devices via a network.
特開2015-204013号公報Japanese Patent Laying-Open No. 2015-204033 特開2016-45964号公報Japanese Unexamined Patent Publication No. 2016-45964
 しかしながら、特許文献1には、IoT機器の動作を複数のステージに亘り制御するワークフロー管理装置が開示されているにすぎない。すなわち、IoT機器が、監視対象である機器の状態を、インターネットサービスプロバイダ(Internet Service Provider:ISP)を経由し、インターネットを介してクラウドサーバへ送信し、クラウドサーバより、監視対象である機器の保有者或は監視対象である機器の保守を請け負う事業者のユーザ端末装置へ定期的(所定周期)に送信する遠隔監視システムへの適用の観点からは十分ではない。 However, Patent Document 1 only discloses a workflow management apparatus that controls the operation of an IoT device over a plurality of stages. In other words, the IoT device transmits the status of the device to be monitored via the Internet service provider (ISP) to the cloud server via the Internet, and the cloud server holds the device to be monitored. From the viewpoint of application to a remote monitoring system that periodically (predetermined) transmission to a user terminal device of an operator or a business operator who undertakes maintenance of equipment to be monitored.
 一般的にこのような遠隔監視システムでは、1つのグローバルIPアドレスを有するインターネットサービスプロバイダ(ISP)に接続される複数の端末(IoT機器)には、それぞれ異なるプライベートIPアドレスがインターネットサービスプロバイダ(ISP)により割り当てられる事象が顕著に増えてきている。従って、仮に、上記ユーザ端末装置より複数の端末(IoT機器)へアクセスが必要となった場合、ユーザ端末装置は、インターネットサービスプロバイダ(ISP)へインターネットを介してアクセス可能なものの、インターネットサービスプロバイダ(ISP)に接続される複数の端末(IoT機器)に割り当てられたプライベートIPアドレスを取得しておらず、所望のタイミングにて複数の端末(IoT機器)にアクセスすることは困難な状況にある。特許文献1では、このような状況への対応については何ら考慮されていない。 Generally, in such a remote monitoring system, a plurality of terminals (IoT devices) connected to an Internet service provider (ISP) having one global IP address have different private IP addresses, respectively. The number of events assigned by is increasing significantly. Therefore, if access to a plurality of terminals (IoT devices) is required from the user terminal device, the user terminal device can access the Internet service provider (ISP) via the Internet, but the Internet service provider ( The private IP addresses assigned to a plurality of terminals (IoT devices) connected to the ISP) are not acquired, and it is difficult to access the plurality of terminals (IoT devices) at a desired timing. In Patent Document 1, no consideration is given to dealing with such a situation.
 また、特許文献2では、相互に2つ以上のIoTデバイス間での通信接続を確立できるものの、上述のように、遠隔監視システムにおいて、仮に、上記ユーザ端末装置より複数の端末(IoT機器)へアクセスが必要となった場合、ユーザ端末装置は、インターネットサービスプロバイダ(ISP)へインターネットを介してアクセス可能なものの、インターネットサービスプロバイダ(ISP)に接続される複数の端末(IoT機器)に割り当てられたプライベートIPアドレスを取得しておらず、所望のタイミングにて複数の端末(IoT機器)にアクセスすることは困難な状況にある。特許文献2では、このような状況への対応については何ら考慮されていない。 Further, in Patent Document 2, although communication connection between two or more IoT devices can be established with each other, as described above, in the remote monitoring system, the user terminal device is temporarily connected to a plurality of terminals (IoT devices). When access is required, the user terminal device is accessible to the Internet service provider (ISP) via the Internet, but is assigned to a plurality of terminals (IoT devices) connected to the Internet service provider (ISP). It is difficult to access a plurality of terminals (IoT devices) at a desired timing without acquiring a private IP address. In Patent Document 2, no consideration is given to dealing with such a situation.
 そこで、本発明の目的は、インターネットサービスプロバイダを経由しインターネットへ接続される複数の端末に対し、ユーザ端末装置より所望のタイミングにてアクセス可能な遠隔監視システム用端末、遠隔監視用プログラム及び遠隔監視システムを提供することにある。 SUMMARY OF THE INVENTION An object of the present invention is to provide a remote monitoring system terminal, a remote monitoring program, and remote monitoring that can be accessed from a user terminal device at a desired timing to a plurality of terminals connected to the Internet via an Internet service provider. To provide a system.
 上記課題を解決するため、本発明の遠隔監視システムは、グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末と、前記インターネットに接続されるクラウドサーバと、前記クラウドサーバに接続されるユーザ端末装置と、を備え、前記クラウドサーバは、前記複数の端末のうち一の端末に第1の接続ポートを割り当てると共に、前記ユーザ端末装置に第2の接続ポートを割り当て、前記一の端末と前記ユーザ端末装置は、前記第1の接続ポート、前記第2の接続ポート及び前記クラウドサーバを介して通信することを特徴とする。 In order to solve the above problems, a remote monitoring system of the present invention is connected to the Internet via a plurality of terminals assigned with private IP addresses and connected to the Internet via an Internet service provider having a global IP address. A cloud server and a user terminal device connected to the cloud server, wherein the cloud server assigns a first connection port to one terminal of the plurality of terminals, and the user terminal device includes a second connection port. The one terminal and the user terminal device communicate with each other via the first connection port, the second connection port, and the cloud server.
 また、本発明の遠隔監視システムの他の態様は、前記クラウドサーバは、前記第1の接続ポート及び前記第2の接続ポートをそれぞれ、前記一の端末及びユーザ端末装置にランダムに割り当てることを特徴とする。 In another aspect of the remote monitoring system of the present invention, the cloud server randomly assigns the first connection port and the second connection port to the one terminal and the user terminal device, respectively. And
 また更に、本発明の遠隔監視システムの他の態様は、前記ユーザ端末装置は、前記クラウドサーバへ、前記複数の端末のうち一の端末への接続要求を送信することを特徴とする。 Still further, another aspect of the remote monitoring system of the present invention is characterized in that the user terminal device transmits a connection request to one terminal of the plurality of terminals to the cloud server.
 また、本発明の遠隔監視システムは、前記クラウドサーバは、前記ユーザ端末装置から送信される前記複数の端末のうち一の端末への接続要求毎に、異なる第1の接続ポートを前記複数の端末のうち一の端末に割り当てると共に、異なる第2の接続ポートを前記ユーザ端末装置に割り当てる接続ポート割当部を有することを特徴とする。 In the remote monitoring system of the present invention, the cloud server assigns a different first connection port to the plurality of terminals for each connection request to one terminal among the plurality of terminals transmitted from the user terminal device. And a connection port assigning unit for assigning a different second connection port to the user terminal device.
 また、本発明の遠隔監視システムの他の態様は、前記クラウドサーバは、前記第1の接続ポートが割り当てられた前記一の端末と、前記第2の接続ポートが割り当てられたユーザ端末装置との間での通信を、所定の時間継続可能とする接続時間管理部を有することを特徴とする。 According to another aspect of the remote monitoring system of the present invention, the cloud server includes: the one terminal to which the first connection port is assigned; and the user terminal device to which the second connection port is assigned. It has a connection time management part which makes it possible to continue communication for a predetermined time.
 また、本発明の遠隔監視システムの他の態様は、前記ユーザ端末装置は、前記クラウドサーバへ、少なくとも、自身のIPアドレス、接続したい前記複数の端末のうちいずれか一つの端末、及び接続時間を送信することを特徴とする。 In addition, according to another aspect of the remote monitoring system of the present invention, the user terminal device has at least one IP address, one of the plurality of terminals to be connected, and a connection time to the cloud server. It is characterized by transmitting.
 また、本発明の遠隔監視システムの他の態様は、前記接続時間管理部は、前記ユーザ端末装置より送信される接続時間経過時に、前記第1の接続ポート及び前記第2の接続ポートを介する前記一の端末と前記ユーザ端末装置との通信を切断することを特徴とする。 According to another aspect of the remote monitoring system of the present invention, the connection time management unit is configured to pass the first connection port and the second connection port when the connection time transmitted from the user terminal device has elapsed. The communication between one terminal and the user terminal device is cut off.
 また、本発明の遠隔監視システムの他の態様は、前記複数の端末は、有線又は無線にてそれぞれ計測装置及び/又は撮像装置に接続され、前記計測装置により計測された対象端末若しくは対象機器の計測値及び/又は前記撮像装置により撮像された対象端末若しくは対象機器の画像データを、所定の周期にて前記インターネットサービスプロバイダ及びインターネットを介して前記クラウドサーバへ送信することを特徴とする。 According to another aspect of the remote monitoring system of the present invention, the plurality of terminals are connected to a measuring device and / or an imaging device by wire or wireless, respectively, and the target terminal or target device measured by the measuring device. The measurement value and / or image data of the target terminal or target device imaged by the imaging device is transmitted to the cloud server via the Internet service provider and the Internet at a predetermined cycle.
 また、本発明の遠隔監視システムの他の態様は、前記ユーザ端末装置は、前記クラウドサーバに、前記複数の端末のうち一の端末に接続された下位装置への接続要求を送信し、前記一の端末は、前記クラウドサーバから前記接続要求を受信すると、前記ユーザ端末装置との通信を前記下位装置と接続することを特徴とする。 According to another aspect of the remote monitoring system of the present invention, the user terminal device transmits a connection request to a lower device connected to one terminal of the plurality of terminals to the cloud server, When the terminal receives the connection request from the cloud server, the terminal connects communication with the user terminal device to the lower-level device.
 また、本発明の遠隔監視システムの他の態様は、前記ユーザ端末装置は、前記複数の端末のうちの一の端末を選択するための端末選択画面および前記端末選択画面において選択された一の端末における接続先を選択するための接続先選択画面を表示し、前記接続先選択画面において当該一の端末に接続された下位装置が接続先として選択されたとき、前記クラウドサーバに、当該下位装置への接続要求を送信することを特徴とする。 According to another aspect of the remote monitoring system of the present invention, the user terminal device is a terminal selection screen for selecting one terminal of the plurality of terminals, and one terminal selected on the terminal selection screen. When a lower-level device connected to the one terminal is selected as a connection destination on the connection-destination selection screen, the cloud server is connected to the lower-level device. The connection request is transmitted.
 本発明の遠隔監視システム用端末は、グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末において、前記端末は、クラウドサーバと前記インターネットを介して接続可能とされ、前記クラウドサーバを介してユーザ端末装置と通信可能であって、前記クラウドサーバにより前記ユーザ端末装置に割り当てられる第2の接続ポートと異なる第1の接続ポートが割り当てられ、当該第1の接続ポートと前記第2の接続ポートを介して前記ユーザ端末装置と通信可能なことを特徴とする。 The remote monitoring system terminal of the present invention is connected to the Internet via an Internet service provider having a global IP address, and is a plurality of terminals assigned with private IP addresses. The terminal is connected via a cloud server and the Internet. A first connection port different from a second connection port assigned to the user terminal device by the cloud server and assigned to the user terminal device via the cloud server, It is possible to communicate with the user terminal device via the first connection port and the second connection port.
 また、本発明の遠隔監視システム用端末の他の態様は、前記クラウドサーバにより前記ユーザ端末装置に割り当てられる第2の接続ポートと異なる第1の接続ポートは、ランダムに割り当てられることを特徴とする。 In another aspect of the remote monitoring system terminal of the present invention, a first connection port different from a second connection port assigned to the user terminal device by the cloud server is randomly assigned. .
 また更に、本発明の遠隔監視システム用端末の他の態様は、前記第2の接続ポートが割り当てられた前記ユーザ端末装置と、前記第1の接続ポートを介して所定時間継続して通信することを特徴とする。 Still further, another aspect of the remote monitoring system terminal of the present invention is to continuously communicate with the user terminal device to which the second connection port has been assigned for a predetermined time via the first connection port. It is characterized by.
 また、本発明の遠隔監視システム用端末の他の態様は、前記第2の接続ポートが割り当てられた前記ユーザ端末装置と、前記第1の接続ポートを介して通信するトンネリング接続を、所定時間経過時に切断するトンネリング接続切断実行部を有することを特徴とする。 According to another aspect of the remote monitoring system terminal of the present invention, a tunneling connection that communicates with the user terminal device to which the second connection port is assigned via the first connection port has elapsed for a predetermined time. It is characterized by having a tunneling connection disconnection execution unit that sometimes disconnects.
 また、本発明の遠隔監視システム用端末の他の態様は、前記端末は、下位装置が接続されているとともに、前記クラウドサーバから前記下位装置への接続要求を受信すると、前記ユーザ端末装置と前記下位装置とを通信可能とすることを特徴とする。 Further, according to another aspect of the remote monitoring system terminal of the present invention, when the terminal is connected to a lower level device and receives a connection request from the cloud server to the lower level device, the user terminal device and the terminal It is possible to communicate with a lower device.
 本発明の遠隔監視用プログラムは、グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末のうち一の端末に第1の接続ポートを割り当て、前記インターネットに接続されるクラウドサーバに接続されるユーザ端末装置に第2の接続ポートを割り当て、前記第1の接続ポート及び前記第2の接続ポートをランダムに割り当てる機能を、プロセッサに実行させることを特徴とする。 The remote monitoring program of the present invention assigns a first connection port to one terminal among a plurality of terminals assigned a private IP address, which is connected to the Internet via an Internet service provider having a global IP address, Allocating a second connection port to a user terminal device connected to the cloud server connected to the Internet, and causing a processor to execute a function of randomly assigning the first connection port and the second connection port. Features.
 また、本発明の遠隔監視用プログラムの他の態様は、前記第1の接続ポートが割り当てられた一の端末と、前記第2の接続ポートが割り当てられたユーザ端末装置との通信を所定時間継続させる機能を、プロセッサに実行させることを特徴とする。 According to another aspect of the program for remote monitoring of the present invention, communication between one terminal assigned with the first connection port and a user terminal device assigned with the second connection port is continued for a predetermined time. A function to be executed by a processor.
 本発明によれば、インターネットサービスプロバイダを経由しインターネットへ接続される複数の端末に対し、ユーザ端末装置より所望のタイミングにてアクセス可能な遠隔監視システム用端末、遠隔監視用プログラム及び遠隔監視システムを提供することが可能となる。 According to the present invention, there are provided a remote monitoring system terminal, a remote monitoring program, and a remote monitoring system, which are accessible from a user terminal device to a plurality of terminals connected to the Internet via an Internet service provider at a desired timing. It becomes possible to provide.
 上記した以外の課題、構成及び効果は、以下の実施形態の説明により明らかにされる。 Issues, configurations, and effects other than those described above will be clarified by the following description of the embodiments.
本発明の一実施例に係る遠隔監視システムの全体概略構成図である。1 is an overall schematic configuration diagram of a remote monitoring system according to an embodiment of the present invention. 図1に示すクラウドサーバの機能ブロック図である。It is a functional block diagram of the cloud server shown in FIG. 図1に示す端末の機能ブロック図である。It is a functional block diagram of the terminal shown in FIG. 図1に示すユーザ端末装置の機能ブロック図である。It is a functional block diagram of the user terminal device shown in FIG. 図1に示す遠隔監視システムの概略シーケンス図である。It is a schematic sequence diagram of the remote monitoring system shown in FIG. 図1に示す遠隔監視システムの概略シーケンス図である。It is a schematic sequence diagram of the remote monitoring system shown in FIG. 図1に示す遠隔監視システムの概略シーケンス図である。It is a schematic sequence diagram of the remote monitoring system shown in FIG. 利用者(ユーザ)が切断を指示したときの遠隔監視システムの概略シーケンス図である。It is a schematic sequence diagram of a remote monitoring system when a user (user) directs disconnection. タイマー機能による切断時の遠隔監視システムの概略シーケンス図である。It is a schematic sequence diagram of the remote monitoring system at the time of the cutting | disconnection by a timer function. 図2に示すクラウドサーバの処理フローを示すフローチャートである。It is a flowchart which shows the processing flow of the cloud server shown in FIG. 図3に示す端末の処理フローを示すフローチャートである。It is a flowchart which shows the processing flow of the terminal shown in FIG. 図4に示すユーザ端末装置の処理フローを示すフローチャートである。It is a flowchart which shows the processing flow of the user terminal device shown in FIG. 図1に示す遠隔監視システムの変形例における画面の一例を示す図である。It is a figure which shows an example of the screen in the modification of the remote monitoring system shown in FIG.
 本明細書において、「遠隔監視システム」とは、対象端末又は対象機器の状態を監視すること及び/又は、対象端末若しくは対象機器に対する保守或は保守に関する情報を提供するシステムであり、狭義の「遠隔保守システム(リモート保守システム)」及び「遠隔監視システム」を含む。 In this specification, a “remote monitoring system” is a system that monitors the state of a target terminal or target device and / or provides maintenance for the target terminal or target device or information related to maintenance. Remote maintenance system (remote maintenance system) "and" remote monitoring system ".
 以下、図面を用いて本発明の実施例について説明する。
 図1は、本発明の一実施例に係る遠隔監視システムの全体概略構成図である。図1に示すように、遠隔監視システム1は、利用者(ユーザ)3が所有するパーソナルコンピュータであるユーザ端末装置3a、スマートフォン(携帯電話)或はタブレット等のユーザ端末装置3b、及びルーター3cと、クラウドサーバ2、複数の端末4a~4cを含む遠隔監視システム用の端末4、インターネット5、及び、インターネットサービスプロバイダ(Internet Service Provider:ISP)6から構成される。 Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is an overall schematic configuration diagram of a remote monitoring system according to an embodiment of the present invention. As shown in FIG. 1, the remote monitoring system 1 includes a user terminal device 3a that is a personal computer owned by a user (user) 3, a user terminal device 3b such as a smartphone (mobile phone) or a tablet, and a router 3c. , A cloud server 2, a remote monitoring system terminal 4 including a plurality of terminals 4 a to 4 c, the Internet 5, and an Internet service provider (ISP) 6.
 クラウドサーバ2は、複数のサーバが接続されて仮想的に構築されるサーバであり、図1では、3台のサーバが接続されクラウドサーバ2を構築する例を示している。クラウドサーバ2は、複数のサーバにより構築されるものであれば良く、図1に示す3台のサーバに限られるものではなく、その台数は適宜設定される。 The cloud server 2 is a server that is virtually constructed by connecting a plurality of servers, and FIG. 1 shows an example in which the cloud server 2 is constructed by connecting three servers. The cloud server 2 only needs to be constructed by a plurality of servers, and is not limited to the three servers shown in FIG. 1, and the number of the servers is set as appropriate.
 ユーザ端末装置3a及びユーザ端末装置3bは、ルーター3cや一般公衆回線を介してクラウドサーバ2に接続される。ユーザ端末装置3a及びユーザ端末装置3bとルーター3cとの間は、例えば、Wi-Fi(ソフトバンクBB株式会社の登録商標)又は、有線LAN(Local Area Network)等により通信接続されている。 The user terminal device 3a and the user terminal device 3b are connected to the cloud server 2 via a router 3c or a general public line. The user terminal device 3a, the user terminal device 3b, and the router 3c are connected to each other by, for example, Wi-Fi (registered trademark of Softbank BB Corp.) or a wired LAN (Local Area Network).
 詳細後述する複数の端末4a~4cを含む端末4は、それぞれ下位装置である図示しない撮像装置としてのカメラ又は計測装置と有線又は無線にて接続され、カメラにて撮像された画像データ又は計測装置にて計測された各種計測値(以下、特に断りの無い限り画像データ又は各種計測値を単に「各種計測値」という)を、例えば、3G回線等の無線通信にてインターネットサービスプロバイダ(ISP)6へ所定の周期にて送信する。 A terminal 4 including a plurality of terminals 4a to 4c, which will be described in detail later, is connected to a camera or a measuring device (not shown) which is a lower device, respectively, by wire or wirelessly, and image data or measuring device imaged by the camera Various measured values (hereinafter, unless otherwise specified, image data or various measured values are simply referred to as “various measured values”), for example, an Internet service provider (ISP) 6 by wireless communication such as a 3G line. At a predetermined cycle.
 インターネットサービスプロバイダ(ISP)6は、複数の端末4a~4cを含む端末4から受信される各種計測値を、インターネット5を介してクラウドサーバ2へ送信する。すなわち、図1に示す遠隔監視システム1では、IoTによる、端末4から所定の周期にてインターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ上り回線で、各種計測値を送信するシステム構成を一例として示している。 The Internet service provider (ISP) 6 transmits various measurement values received from the terminal 4 including the plurality of terminals 4 a to 4 c to the cloud server 2 via the Internet 5. That is, in the remote monitoring system 1 shown in FIG. 1, various measured values are transmitted from the terminal 4 to the cloud server 2 via the Internet service provider (ISP) 6 and the Internet 5 in a predetermined cycle by IoT on the uplink. The system configuration to be performed is shown as an example.
 また、この上り回線にて所定の周期で端末4から各種計測値が送信されるタイミング、又はこれとは別タイミングにて、ユーザ端末装置3a又はユーザ端末装置3bからクラウドサーバ2に所望の端末4へのアクセス要求(すなわち、複数の端末のうち一の端末への接続要求)を送信する。 Further, the desired terminal 4 is sent from the user terminal device 3a or the user terminal device 3b to the cloud server 2 at a timing at which various measured values are transmitted from the terminal 4 at a predetermined cycle on the uplink or at a different timing. An access request for access to (that is, a connection request to one of a plurality of terminals) is transmitted.
 クラウドサーバ2は、上記アクセス要求に対応して、ユーザ端末装置3a又はユーザ端末装置3bと、端末4を構成する端末4a~4cのうち一の端末とに、それぞれランダムに接続ポートを割り当てる。そして、トンネリング7により、ユーザ端末装置3a又はユーザ端末装置3bと、端末4を構成する端末4a~4cのうち一の端末とを、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して通信可能とする。 In response to the access request, the cloud server 2 randomly assigns connection ports to the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4. The tunneling 7 enables communication between the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4 via the Internet 5 and the Internet service provider (ISP) 6. To do.
 トンネリング7により、クラウドサーバ2を介して、ユーザ端末装置3a又はユーザ端末装置3bと、端末4を構成する端末4a~4cのうち一の端末とが通信可能に接続される場合、これらは、例えば、SSH(Secure Shell)接続されるため、パスワード等の認証部分を含む全てのネットワーク上の通信が暗号化され、安全に通信することが可能となる。 When the tunneling 7 connects the user terminal device 3a or the user terminal device 3b and one of the terminals 4a to 4c constituting the terminal 4 via the cloud server 2 so that they can communicate with each other, for example, Since SSH (Secure Shell) connection is established, communication on all networks including an authentication part such as a password is encrypted, and it becomes possible to communicate safely.
 また、インターネットサービスプロバイダ(ISP)6には、グローバルIPアドレス(Global Internet Protocol Address)が一意に割り振られている。3G回線等の無線通信にてインターネットサービスプロバイダ(ISP)6へ接続される端末4を構成する複数の端末4a、端末4b、及び端末4cには、インターネットサービスプロバイダ(ISP)6によって、それぞれプライベートIPアドレス(Private Internet Protocol Address)が割り付けられている。 In addition, a global IP address (Global Internet Protocol Address) is uniquely assigned to the Internet service provider (ISP) 6. A plurality of terminals 4a, 4b, and 4c constituting the terminal 4 connected to the Internet service provider (ISP) 6 by wireless communication such as a 3G line are respectively connected to the private IP by the Internet service provider (ISP) 6. An address (Private Internet Protocol Address) is assigned.
 これら、IPアドレスには、例えば、32bitの数値であるIPv4又は128bitの数値であるIPv6がある。また、端末4を構成する複数の端末4a、端末4b、及び端末4cのそれぞれに割り付けられるプライベートIPアドレスとして、例えば、“10.0.0.0”~“10.255.255.255”(クラスA)、“172.16.0.0”~“172.32.255.255”(クラスB)、若しくは、“192.168.0.0”~“192.168.255.255”(クラスC)の何れかかが用いられる。 These IP addresses include, for example, IPv4 which is a 32-bit numerical value or IPv6 which is a 128-bit numerical value. Also, as private IP addresses assigned to the plurality of terminals 4a, 4b, and 4c constituting the terminal 4, for example, “10.0.0.0” to “10.255.255.255” ( Class A), “172.16.0.0” to “172.23.255.255” (class B), or “192.168.0.0” to “192.168.255.255” ( Any of class C) is used.
 インターネットサービスプロバイダ(ISP)6は、図示しないブロードバンドルータを備えており、上述の上り回線にて所定の周期で端末4を構成する複数の端末4a、端末4b、及び端末4cから各種計測値をインターネット5を介してクラウドサーバ2に送信する際、端末4a、端末4b、及び端末4cに割り付けられたプライベートIPアドレスをグローバルIPアドレスに変換するネットワークアドレス変換(Network Address Translation:NAT)機能を有する。又は、図示しないブロードバンドルータは、更にプライベートIPアドレス毎に異なるポート番号に変換するネットワークアドレスポート変換(Network Address Port Translation:NAPT)機能を有する。 The Internet service provider (ISP) 6 includes a broadband router (not shown), and transmits various measured values from the plurality of terminals 4a, 4b, and 4c constituting the terminal 4 on the above-described uplink in a predetermined cycle on the Internet. 5, a network address translation (NAT) function that translates private IP addresses assigned to the terminals 4 a, 4 b, and 4 c into global IP addresses when transmitting to the cloud server 2 via the network server 5 is provided. Alternatively, a broadband router (not shown) further has a network address port translation (NAPT) function for converting to a different port number for each private IP address.
 (クラウドサーバ)
 図2は、図1に示すクラウドサーバの機能ブロック図である。図2に示すように、クラウドサーバ2は、入力部201、表示部202、入力I/F203、出力I/F204、識別情報管理部205、中継部206、アクセス要求受付部207、通信I/F208、端末識別情報格納部209、ユーザ端末装置格納部210、認証部211、接続ポート割当部212、接続時間管理部213、及びこれらを相互に接続する内部バス214を備える。ここで、識別情報管理部205、中継部206、アクセス要求受付部207、認証部211、接続ポート割当部212、及び接続時間管理部213は、例えば、図示しない各種プログラムを格納するROM及び演算過程のデータ等を一時的に格納するRAM等のメモリと、上記ROMに格納されるプログラムを読み出し実行するCPU等のプロセッサにより実現される。 (Cloud server)
FIG. 2 is a functional block diagram of the cloud server shown in FIG. 2, the cloud server 2 includes an input unit 201, a display unit 202, an input I / F 203, an output I / F 204, an identification information management unit 205, a relay unit 206, an access request reception unit 207, and a communication I / F 208. A terminal identification information storage unit 209, a user terminal device storage unit 210, an authentication unit 211, a connection port allocation unit 212, a connection time management unit 213, and an internal bus 214 that interconnects them. Here, the identification information management unit 205, the relay unit 206, the access request reception unit 207, the authentication unit 211, the connection port assignment unit 212, and the connection time management unit 213 include, for example, a ROM for storing various programs (not shown) and a calculation process This is realized by a memory such as a RAM that temporarily stores the data and a processor such as a CPU that reads and executes a program stored in the ROM.
 端末識別情報格納部209は、端末4を構成する複数の端末4a、端末4b、及び端末4cにそれぞれに割り付けられた英数文字からなる固有識別子を格納している。 The terminal identification information storage unit 209 stores a unique identifier made up of alphanumeric characters assigned to the plurality of terminals 4a, 4b, and 4c constituting the terminal 4, respectively.
 また、ユーザ端末装置格納部210は、クラウドサーバ2に接続可能なユーザ端末装置3a及びユーザ端末装置3bの、少なくとも、ユーザ情報、接続権限、及び識別情報等を格納している。 In addition, the user terminal device storage unit 210 stores at least user information, connection authority, identification information, and the like of the user terminal device 3a and the user terminal device 3b that can be connected to the cloud server 2.
 識別情報管理部205は、内部バス214を介して、必要に応じて端末識別情報格納部209及び/又はユーザ端末装置格納部210を参照し、各端末4a~4cに割り付けられた識別情報を読み出し、また、ユーザ端末装置3a及びユーザ端末装置3bの識別情報を読み出す。クラウドサーバ2に接続可能なユーザ端末装置が増設される場合、入力部201及び入力I/F203を介して入力されるユーザ端末装置の識別情報及びユーザ名などのユーザ情報等を、識別情報管理部205は、内部バス214を介して、ユーザ端末装置格納部210に更新登録する。同様に端末4についても新たに増設される場合、入力部201及び入力I/F203を介して入力される端末4の識別情報を、識別情報管理部205は、内部バス214を介して、端末識別情報格納部209に更新登録する。 The identification information management unit 205 reads the identification information allocated to each of the terminals 4a to 4c with reference to the terminal identification information storage unit 209 and / or the user terminal device storage unit 210 as necessary via the internal bus 214. Moreover, the identification information of the user terminal device 3a and the user terminal device 3b is read. When the number of user terminal devices connectable to the cloud server 2 is increased, user information such as user terminal device identification information and a user name input via the input unit 201 and the input I / F 203 is displayed as an identification information management unit. 205 is updated and registered in the user terminal device storage unit 210 via the internal bus 214. Similarly, when a new terminal 4 is added, identification information of the terminal 4 input via the input unit 201 and the input I / F 203 is input to the identification information management unit 205 via the internal bus 214. Update registration is performed in the information storage unit 209.
 アクセス要求受付部207は、ユーザ端末装置3a又はユーザ端末装置3bから、アクセスを希望する端末4の情報、接続希望時間、及びユーザ端末装置3a又はユーザ端末装置3b自身のIPアドレスを、通信I/F208及び内部バス214を介して受け付ける。また、アクセス要求受付部207は、ユーザ端末装置3a又はユーザ端末装置3bからトンネリング接続解除要求を、通信I/F208及び内部バス214を介して受け付ける。 The access request accepting unit 207 receives the information of the terminal 4 desired to be accessed, the desired connection time, and the IP address of the user terminal device 3a or the user terminal device 3b from the user terminal device 3a or the user terminal device 3b. Accepted via F208 and the internal bus 214. Further, the access request receiving unit 207 receives a tunneling connection release request from the user terminal device 3 a or the user terminal device 3 b via the communication I / F 208 and the internal bus 214.
 認証部211は、端末4をクラウドサーバ2へ接続を可能とするための認証情報を暗号化(例えば、SSH)し、内部バス214及び通信I/F208を介して対応する端末4へ送信し、当該端末4からの認証情報に基づきトンネリングの可否を判定する。 The authentication unit 211 encrypts authentication information for enabling the terminal 4 to connect to the cloud server 2 (for example, SSH), and transmits it to the corresponding terminal 4 via the internal bus 214 and the communication I / F 208. Based on the authentication information from the terminal 4, whether tunneling is possible is determined.
 接続ポート割当部212は、アクセス要求毎に、例えば、10000~65535の間でランダムに選択された2つの番号に示される2つの接続ポートのうち一方を第1の接続ポートとし、他方を第2の接続ポートとする。そして、接続ポート割当部212は、端末4を構成する端末4a~4cのうち一の端末へ第1の接続ポートを割り当て、ユーザ端末装置3a又はユーザ端末装置3bへ第2の接続ポートを割り当てる。 For each access request, the connection port assignment unit 212 sets one of the two connection ports indicated by two numbers randomly selected from 10000 to 65535 as the first connection port and the other as the second connection port. Connection port. Then, the connection port assignment unit 212 assigns the first connection port to one of the terminals 4a to 4c constituting the terminal 4, and assigns the second connection port to the user terminal device 3a or the user terminal device 3b.
 中継部206は、トンネリング時において、ユーザ端末装置3a又はユーザ端末装置3bから第2の接続ポートに送信された保守・状況把握の作業リクエストを、第2の接続ポートから第1の接続ポートへ中継し、端末4を構成する端末4a~4cのうち一の端末へ送信する。また、上記保守・状況把握の作業リクエストの結果として、端末4を構成する端末4a~4cのうち一の端末から第1の接続ポートに送信された各種計測値を、第1の接続ポートから第2の接続ポートへ中継し、ユーザ端末装置3a又はユーザ端末装置3bに各種計測値を送信する。中継部206は、トンネリング接続が確立すると、トンネリング接続のステータスを、未接続から接続中に変更する。 The relay unit 206 relays the maintenance / status grasping work request transmitted from the user terminal device 3a or the user terminal device 3b to the second connection port from the second connection port to the first connection port during tunneling. Then, the data is transmitted to one of the terminals 4a to 4c constituting the terminal 4. In addition, as a result of the maintenance / status grasping work request, various measured values transmitted from one of the terminals 4a to 4c constituting the terminal 4 to the first connection port are transmitted from the first connection port to the first connection port. 2 to the connection port, and various measurement values are transmitted to the user terminal device 3a or the user terminal device 3b. When the tunneling connection is established, the relay unit 206 changes the status of the tunneling connection from not connected to being connected.
 接続時間管理部213は、トンネリング接続時間の監視機能を有する。具体的には、接続時間管理部213は、トンネリング開始時にタイマー(図示せず)を起動し、所定時間(例えが、数分から数十分)経過した時点で、トンネリング接続を強制終了し、トンネリング接続のステータスを、接続中から未接続に変更する。 The connection time management unit 213 has a tunneling connection time monitoring function. Specifically, the connection time management unit 213 starts a timer (not shown) at the start of tunneling, and forcibly terminates the tunneling connection when a predetermined time (for example, several minutes to several tens of minutes) has elapsed. Change the connection status from connected to not connected.
 なお、クラウドサーバ2は、図示しない記憶部を更に備え、どのユーザ端末装置からどの端末4へ何時アクセス(トンネル接続)したかの履歴情報を格納するよう構成しても良い。また、クラウドサーバ2が、端末4に対し定期的にPINGやTCPポート監視、すなわち、端末4にPINGパケットを送信またはTCP接続をし、当該端末4よりPINGパケットの返信が無い場合やTCP接続ができない場合には、当該端末4が異常状態にあることをユーザ端末装置へメール等で通知する機能を備える構成としても良い。 Note that the cloud server 2 may further include a storage unit (not shown), and may be configured to store history information indicating which terminal 4 is accessed (tunnel connection) from which user terminal device. In addition, the cloud server 2 periodically performs PING and TCP port monitoring with respect to the terminal 4, that is, transmits a PING packet to the terminal 4 or makes a TCP connection, and if the terminal 4 does not return a PING packet or the TCP connection is established. When it is not possible, it is good also as a structure provided with the function to notify to a user terminal device by mail etc. that the said terminal 4 is in an abnormal state.
 (端末)
 図3は、図1に示す端末4の機能ブロック図である。図3では、一例として、端末4aの機能ブロック図を示しているが、他の端末4b及び端末4cも同様である。図3に示すように、端末4aは、アクセス要求監視部301、トンネリング要求生成部302、認証情報復号化部303、計測値取得部304、通信I/F305、記憶部306、トンネリング接続切断要求監視部307、トンネリング接続切断実行部308、ログイン認証部309、及びこれらを相互に接続する内部バス310を備える。ここで、アクセス要求監視部301、トンネリング要求生成部302、認証情報復号化部303、計測値取得部304、トンネリング接続切断要求監視部307、トンネリング接続切断実行部308、及びログイン認証部309は、例えば、図示しない各種プログラムを格納するROM及び演算過程のデータ等を一時的に格納するRAM等のメモリと、上記ROMに格納されるプログラム(すなわち遠隔監視用プログラム)を読み出し実行するCPU等のプロセッサにより実現される。 (Terminal)
FIG. 3 is a functional block diagram of the terminal 4 shown in FIG. In FIG. 3, the functional block diagram of the terminal 4a is shown as an example, but the same applies to the other terminals 4b and 4c. As illustrated in FIG. 3, the terminal 4 a includes an access request monitoring unit 301, a tunneling request generation unit 302, an authentication information decryption unit 303, a measurement value acquisition unit 304, a communication I / F 305, a storage unit 306, and a tunneling connection disconnection request monitor. A unit 307, a tunneling connection disconnection execution unit 308, a login authentication unit 309, and an internal bus 310 that interconnects them. Here, the access request monitoring unit 301, the tunneling request generation unit 302, the authentication information decoding unit 303, the measurement value acquisition unit 304, the tunneling connection disconnection request monitoring unit 307, the tunneling connection disconnection execution unit 308, and the login authentication unit 309 are: For example, a ROM for storing various programs (not shown), a memory such as a RAM for temporarily storing operation process data, etc., and a processor such as a CPU for reading and executing a program stored in the ROM (that is, a remote monitoring program) It is realized by.
 アクセス要求監視部301は、所定の周期でユーザ端末装置3a又はユーザ端末装置3bからのアクセス要求の有無を、通信I/F305及びインターネットサービスプロバイダ(ISP)6を介してクラウドサーバ2に問い合わせ、クラウドサーバ2からの返信を受信しアクセス要求を監視する。 The access request monitoring unit 301 inquires of the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 whether or not there is an access request from the user terminal device 3a or the user terminal device 3b at a predetermined cycle. A reply from the server 2 is received and the access request is monitored.
 認証情報復号化部303は、アクセス要求監視部301による監視の結果、トンネリングが必要な場合、クラウドサーバ2より通信I/F305を介して受信される暗号化された認証情報を受信し、受信した暗号化された認証情報を復号化する。認証情報復号化部303は、復号化した認証情報を、例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介してクラウドサーバ2へ送信する。 When the tunneling is necessary as a result of monitoring by the access request monitoring unit 301, the authentication information decrypting unit 303 receives and receives encrypted authentication information received from the cloud server 2 via the communication I / F 305. Decrypt the encrypted authentication information. The authentication information decryption unit 303 transmits the decrypted authentication information to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
 トンネリング要求生成部302は、アクセス要求監視部301による監視の結果、トンネリングが必要な場合、トンネリング要求を生成する。トンネリング要求生成部302は、生成したトンネリング要求を、例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介してクラウドサーバ2へ送信する。 The tunneling request generation unit 302 generates a tunneling request when tunneling is necessary as a result of monitoring by the access request monitoring unit 301. The tunneling request generation unit 302 transmits the generated tunneling request to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
 ログイン認証部309は、クラウドサーバ2へトンネリング接続されるユーザ端末装置のID、パスワードの要求を送信し、クラウドサーバ2より受信されるID、パスワードに基づき対応するユーザ端末装置のログイン認証を実行する。 The login authentication unit 309 transmits a request for the ID and password of the user terminal device that is tunnel-connected to the cloud server 2, and executes login authentication of the corresponding user terminal device based on the ID and password received from the cloud server 2. .
 計測値取得部304は、計測装置8により計測された対象端末若しくは対象機器の各種計測値を、通信I/F305を介して取得すると共に内部バス310を介して記憶部306の所定の記憶領域に書き込む。計測値取得部304は、IoTによる、所定の周期にて、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ上り回線で、上記各種計測値を送信する。また、計測値取得部304は、詳細後述するユーザ端末装置からの保守・状況把握の作業リクエストを、通信I/F305を介して受信し、当該作業リクエストに対応して記憶部306に格納される上記各種計測値を読み出してクラウドサーバ2へ送信する。計測値取得部304は、これとは別タイミングで上記各種計測値を読み出してクラウドサーバ2へ送信してもよい。なお、計測値取得部304が、取得された各種計測値に対し、ノイズ除去等の処理を施す構成としても良い。 The measurement value acquisition unit 304 acquires various measurement values of the target terminal or target device measured by the measurement device 8 via the communication I / F 305 and stores them in a predetermined storage area of the storage unit 306 via the internal bus 310. Write. The measurement value acquisition unit 304 transmits the above various measurement values on the uplink to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 at a predetermined cycle by IoT. . Further, the measurement value acquisition unit 304 receives a maintenance / status grasping work request from a user terminal device, which will be described in detail later, via the communication I / F 305 and stores the request in the storage unit 306 corresponding to the work request. The various measurement values are read out and transmitted to the cloud server 2. The measurement value acquisition unit 304 may read the various measurement values at a different timing and transmit them to the cloud server 2. Note that the measurement value acquisition unit 304 may perform a process such as noise removal on the acquired various measurement values.
 記憶部306は、計測装置8により計測された対象端末若しくは対象機器の各種計測値を、日付及び時刻と共に対応付けて格納している。 The storage unit 306 stores various measurement values of the target terminal or target device measured by the measurement device 8 in association with the date and time.
 トンネリング接続切断要求監視部307は、所定の周期にて、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ、トンネリング接続切断要求の有無を問い合わせ、トンネリング接続切断要求がある場合には、その旨を、内部バス310を介してトンネリング接続切断実行部308へ転送する。 The tunneling connection disconnection request monitoring unit 307 inquires the cloud server 2 about the presence of a tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6 and the Internet 5 at a predetermined cycle, and makes a tunneling connection. If there is a disconnection request, the fact is transferred to the tunneling connection disconnection execution unit 308 via the internal bus 310.
 トンネリング接続切断実行部308は、内部バス310を介してトンネリング接続切断要求監視部307からトンネリング接続切断要求があった旨の情報を受信すると、直ちに、トンネリング接続を切断し、切断したことを示す情報又は信号を、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ送信する。また、トンネリング接続切断実行部308は、図示しないタイマーを備え、クラウドサーバ2から通信I/F305を介して取得された接続時間経過時にトンネリング接続を切断するようタイマーを起動し、タイマー発動(接続時間経過時)により、トンネリング接続を切断し、切断したことを示す情報又は信号を、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ送信する。 When the tunneling connection disconnection execution unit 308 receives information indicating that a tunneling connection disconnection request has been received from the tunneling connection disconnection request monitoring unit 307 via the internal bus 310, the tunneling connection disconnection information is immediately disconnected and information indicating that the tunneling connection disconnection execution unit 308 has been disconnected. Alternatively, the signal is transmitted to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5. The tunneling connection disconnection execution unit 308 includes a timer (not shown), starts the timer to disconnect the tunneling connection when the connection time acquired from the cloud server 2 via the communication I / F 305 elapses, and activates the timer (connection time When the time elapses, the tunneling connection is disconnected, and information or a signal indicating the disconnection is transmitted to the cloud server 2 via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5.
 (ユーザ端末装置)
 図4は、図1に示すユーザ端末装置の機能ブロック図である。図4では、一例として、ユーザ端末装置3aの機能ブロック図を示しているが、他のユーザ端末装置3bについても同様である。図4に示すように、ユーザ端末装置3aは、入力部401、表示部402、入力I/F403、出力I/F404、演算部405、通信I/F406、記憶部407、及びこれらを相互に接続する内部バス409を備える。また、ユーザ端末装置3aは、電源及び電池からなるバッテリー部408を有する。ここで、演算部405は、例えば、図示しない各種プログラムを格納するROM及び演算過程のデータ等を一時的に格納するRAM等のメモリと、上記ROMに格納されるプログラムを読み出し実行するCPU等のプロセッサにより実現される。 (User terminal device)
FIG. 4 is a functional block diagram of the user terminal device shown in FIG. In FIG. 4, the functional block diagram of the user terminal device 3a is shown as an example, but the same applies to the other user terminal devices 3b. As shown in FIG. 4, the user terminal device 3a includes an input unit 401, a display unit 402, an input I / F 403, an output I / F 404, a calculation unit 405, a communication I / F 406, a storage unit 407, and these components connected to each other. An internal bus 409 is provided. The user terminal device 3a includes a battery unit 408 that includes a power source and a battery. Here, the calculation unit 405 includes, for example, a ROM for storing various programs (not shown), a memory such as a RAM for temporarily storing calculation process data, and a CPU for reading and executing the programs stored in the ROM. Realized by a processor.
 入力部401は、例えば、キーボード及びマウス等から構成され、所望の端末4へのアクセス要求、トンネリング接続の際のログイン時に入力するID及びパスワード、および、後述する保守・状況把握の作業のリクエスト等の入力情報を入力I/F403へ出力する。 The input unit 401 includes, for example, a keyboard and a mouse. The input unit 401 includes an access request to a desired terminal 4, an ID and a password that are input at the time of login for tunneling connection, and a request for maintenance / status grasping described later. Are input to the input I / F 403.
 入力I/F403は、上記アクセス要求、ID及びパスワード、および保守・状況把握の作業のリクエスト等の入力情報を、内部バス409、通信I/F406、及びルーター3cを介してクラウドサーバ2へ送信する。出力I/F404は、上記保守・状況把握の作業のリクエストに対応してトンネリング接続される端末4を構成する端末4a~4cのうちの一の端末からの各種計測値を、通信I/F406を介して取り込み、当該各種計測値を表示部402へ出力し、表示画面上に表示する。 The input I / F 403 transmits input information such as the access request, ID and password, and maintenance / status grasping work request to the cloud server 2 via the internal bus 409, the communication I / F 406, and the router 3c. . The output I / F 404 receives various measured values from one of the terminals 4a to 4c constituting the terminal 4 connected by tunneling in response to the maintenance / status grasping request, and the communication I / F 406. And the measurement values are output to the display unit 402 and displayed on the display screen.
 記憶部407は、少なくとも、自身のIPアドレス、演算部405による各種演算に用いられるパラメータ、及び、上記保守・状況把握の作業のリクエストに対応して取得される対象端末若しくは対象機器の対象端末若しくは対象機器の各種計測値を格納している。演算部405は、所望のアプリケーションプログラムをROM(図示せず)より読み出し実行し、演算結果を内部バス409及び出力I/F404を介して表示部402へ出力する機能を有する。 The storage unit 407 includes at least its own IP address, parameters used for various calculations by the calculation unit 405, and a target terminal or target terminal of a target device that is acquired in response to the maintenance / status grasping work request. Stores various measurement values of the target device. The calculation unit 405 has a function of reading a desired application program from a ROM (not shown) and executing it, and outputting the calculation result to the display unit 402 via the internal bus 409 and the output I / F 404.
 次に、遠隔監視システム1全体の動作について説明する。なお、以下では、一例としてユーザ端末装置3aと端末4bとが、トンネリング接続される場合を想定し説明する。図6~図7は、遠隔監視システムの概略シーケンス図であり、図8は、利用者(ユーザ)が切断を指示したときの遠隔監視システムの概略シーケンス図、図9は、タイマー機能による切断時の遠隔監視システムの概略シーケンス図である。 Next, the overall operation of the remote monitoring system 1 will be described. In the following description, it is assumed that the user terminal device 3a and the terminal 4b are connected by tunneling as an example. 6 to 7 are schematic sequence diagrams of the remote monitoring system, FIG. 8 is a schematic sequence diagram of the remote monitoring system when a user (user) instructs disconnection, and FIG. 9 is a disconnection by the timer function. It is a schematic sequence diagram of the remote monitoring system.
 先ず、図5に示すように、端末4bを構成するアクセス要求監視部301(図3)が、所定の周期で所望の端末4へのアクセス要求の有無(トンネリングが必要か)をクラウドサーバ2へ、通信I/F305及びインターネットサービスプロバイダ(ISP)6並びにインターネット5を介して問い合わせる(S101)。クラウドサーバ2を構成するアクセス要求受付部207は、ユーザ端末装置3aからアクセス要求を受け付けていない場合、トンネリングの必要がない旨、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへ送信する(S102)。図5に示すように、これらの処理は、S103及びS104にも示されるように、所定の周期で実行される。 First, as shown in FIG. 5, the access request monitoring unit 301 (FIG. 3) constituting the terminal 4b informs the cloud server 2 whether or not there is an access request to the desired terminal 4 at a predetermined cycle (whether tunneling is necessary). Inquiries are made via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S101). When the access request reception unit 207 constituting the cloud server 2 does not receive an access request from the user terminal device 3a, the access request reception unit 207 notifies the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 that there is no need for tunneling. Transmit (S102). As shown in FIG. 5, these processes are executed at a predetermined cycle, as also shown in S103 and S104.
 ユーザ端末装置3aが、端末4bへのアクセス要求を、例えば、所定の接続時間、接続元であるユーザ端末装置3a自身のIPアドレスを含めて、通信I/F406及びルーター3cを介してクラウドサーバ2へ送信する(S105)。 The user terminal device 3a sends an access request to the terminal 4b to the cloud server 2 via the communication I / F 406 and the router 3c, including, for example, a predetermined connection time and the IP address of the user terminal device 3a itself that is the connection source. (S105).
 クラウドサーバ2を構成するアクセス要求受付部207が、上記ユーザ端末装置3aから、端末4bへのアクセス要求を受け付けると、識別情報管理部205は、ユーザ端末装置格納部210へアクセスし、アクセス要求に含まれるIPアドレスにより接続元がユーザ端末装置3aであることを特定する。また、識別情報管理部205は、端末識別情報格納部209へアクセスし、接続先である端末4bの識別情報を取得する。続いて、接続ポート割当部212は、ランダムに2つの接続ポートを取得する。取得した2つの接続ポート(X番、Y番)が使用中でなければ、接続ポート割当部212は、端末4bに割り当てるクラウドサーバ2の第1の接続ポート(X番)を予約すると共に、ユーザ端末装置3aに割り当てるクラウドサーバ2の第2の接続ポート(Y番)を予約する。また、これに加え、接続ポート割当部212は、ユーザ端末装置3aが接続するクラウドサーバ2を構成する複数のサーバから任意に1つのサーバ(サーバアドレス“Z”)を選択する(S106)。 When the access request accepting unit 207 constituting the cloud server 2 accepts an access request to the terminal 4b from the user terminal device 3a, the identification information management unit 205 accesses the user terminal device storage unit 210 and makes an access request. The connection source is specified as the user terminal device 3a by the included IP address. Also, the identification information management unit 205 accesses the terminal identification information storage unit 209 and acquires the identification information of the terminal 4b that is the connection destination. Subsequently, the connection port assignment unit 212 acquires two connection ports at random. If the acquired two connection ports (No. X, No. Y) are not in use, the connection port assignment unit 212 reserves the first connection port (No. X) of the cloud server 2 to be assigned to the terminal 4b, and the user The second connection port (No. Y) of the cloud server 2 assigned to the terminal device 3a is reserved. In addition to this, the connection port allocation unit 212 arbitrarily selects one server (server address “Z”) from a plurality of servers constituting the cloud server 2 to which the user terminal device 3a is connected (S106).
 次に、クラウドサーバ2を構成するアクセス要求受付部207が、端末4bを構成するアクセス要求監視部301よりアクセス要求の有無(トンネリングが必要か)を受け付ける(S107)と、クラウドサーバ2を構成する接続ポート割当部212は、トンネリングが必要な旨を、接続すべきサーバアドレス“Z”(以下、サーバZと称する)、第1の接続ポート(X番)、所定の接続時間、暗号化された認証情報と共に、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して端末4bへ送信する(S108)。 Next, the access request reception unit 207 configuring the cloud server 2 receives presence / absence of access request (whether tunneling is necessary) from the access request monitoring unit 301 configuring the terminal 4b (S107), and configures the cloud server 2 The connection port allocating unit 212 indicates that tunneling is necessary, the server address “Z” to be connected (hereinafter referred to as server Z), the first connection port (No. X), the predetermined connection time, and the encrypted Along with the authentication information, it is transmitted to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S108).
 端末4bを構成する認証情報復号化部303は、クラウドサーバ2より受信した暗号化された認証情報を復号化する。また、端末4bを構成するトンネリング要求生成部302は、トンネリング要求を生成し、生成したトンネリング要求を、例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介して、クラウドサーバ2を構成するサーバZへ送信する(S109)。 The authentication information decryption unit 303 constituting the terminal 4b decrypts the encrypted authentication information received from the cloud server 2. Further, the tunneling request generation unit 302 that configures the terminal 4b generates a tunneling request, and sends the generated tunneling request to the cloud server 2 via the communication I / F 305 and the Internet service provider (ISP) 6, for example, by SSH. The information is transmitted to the server Z to be configured (S109).
 次に図6に示すように、サーバZは、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bに対し認証情報の送信要求を送信する(S110)。端末4bを構成する認証情報復号化部303は、復号化した認証情報を例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介してサーバZへ送信する(S111)。 Next, as shown in FIG. 6, the server Z transmits an authentication information transmission request to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S110). The authentication information decryption unit 303 constituting the terminal 4b transmits the decrypted authentication information to the server Z via the communication I / F 305 and the Internet service provider (ISP) 6, for example, by SSH (S111).
 サーバZを構成する認証部211は、受信した認証情報に基づき、トンネリングの可否を判定し、接続許可通知をインターネット5及びインターネットサービスプロバイダ(ISP)6を介して端末4bへ送信する(S112)。端末4bを構成するトンネリング要求生成部302は、通信I/F305及び内部バス310を介してサーバZからの接続許可通知を受信すると、サーバZへ、第1の接続ポート(X番)への通信は自身へ送信するよう要求を、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して送信する(S113)。 The authentication unit 211 constituting the server Z determines whether tunneling is possible based on the received authentication information, and transmits a connection permission notification to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S112). When receiving the connection permission notification from the server Z via the communication I / F 305 and the internal bus 310, the tunneling request generation unit 302 constituting the terminal 4b communicates with the server Z to the first connection port (No. X). Transmits a request to transmit to itself via the Internet service provider (ISP) 6 and the Internet 5 (S113).
 次に、サーバZを構成するアクセス要求受付部207は、了解した旨の信号(Ack)をインターネット5及びインターネットサービスプロバイダ(ISP)6を介して端末4bへ送信する(S114)。端末4bを構成するトンネリング接続切断実行部308は、先にサーバZを構成する接続ポート割当部212により受信した、所定の接続時間後に切断するようタイマー(図示せず)を起動する(S115)。また、サーバZを構成する中継部206は、ユーザ端末装置3aからの第2の接続ポート(Y番)へのアクセスを第1の接続ポート(X番)へ中継するサービスを起動する。また、サーバZを構成する接続時間管理部213は、所定の接続時間後に切断するようタイマー(図示せず)を起動する(S116)。中継部206は、トンネリング接続のステータスを、未接続から接続中に変更する。 Next, the access request receiving unit 207 constituting the server Z transmits a signal (Ack) indicating that the server Z has been acknowledged to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S114). The tunneling connection disconnection execution unit 308 constituting the terminal 4b starts a timer (not shown) to disconnect after a predetermined connection time received by the connection port assignment unit 212 previously constituting the server Z (S115). Further, the relay unit 206 constituting the server Z activates a service that relays access to the second connection port (No. Y) from the user terminal device 3a to the first connection port (No. X). Further, the connection time management unit 213 constituting the server Z starts a timer (not shown) so as to be disconnected after a predetermined connection time (S116). The relay unit 206 changes the status of the tunneling connection from not connected to being connected.
 サーバZを構成する接続ポート割当部212は、接続すべきサーバはサーバZであり、接続ポートは第2の接続ポート(Y番)である旨、ユーザ端末装置3aへ送信する(S117)。ユーザ端末装置3aは、サーバZへ第2の接続ポート(Y番)への接続要求を送信する(S118)。サーバZを構成する中継部206は、第2の接続ポート(Y番)から第1の接続ポート(X番)へ中継し、第1の接続ポート(X番)へのアクセスを端末4bへ流す(S119)。サーバZを構成する中継部206は、通信I/F208、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、接続要求を端末4bへ送信する(S200)。 The connection port assignment unit 212 constituting the server Z transmits to the user terminal device 3a that the server to be connected is the server Z and the connection port is the second connection port (Y number) (S117). The user terminal device 3a transmits a connection request to the second connection port (No. Y) to the server Z (S118). The relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S119). The relay unit 206 constituting the server Z transmits a connection request to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6 (S200).
 端末4bを構成するログイン認証部309は、ユーザ端末装置3aのID、パスワードの要求を、通信I/F305、インターネットサービスプロバイダ(ISP)6、及びインターネット5を介してサーバZへ送信する(S201)。 The login authentication unit 309 constituting the terminal 4b transmits a request for the ID and password of the user terminal device 3a to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S201). .
 次に図7に示すように、サーバZを構成する中継部206は、第1の接続ポート(X番)から第2の接続ポート(Y番)へ中継する(S202)。そして中継部206は、ユーザ端末装置3aに対しID、パスワードの送信要求を送信する(S203)。ユーザ端末装置3aを構成する通信I/F406がID、パスワードの送信要求を受信すると、ユーザ端末装置3aを構成する入力部401は、トンネリング接続の際のログイン時に必要となるID及びパスワードを入力し、入力I/F403、内部バス409及び通信I/F406を介してサーバZへ送信する(S204)。 Next, as shown in FIG. 7, the relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (Y No.) (S202). Then, the relay unit 206 transmits an ID / password transmission request to the user terminal device 3a (S203). When the communication I / F 406 constituting the user terminal device 3a receives the ID / password transmission request, the input unit 401 constituting the user terminal device 3a inputs the ID and password necessary for login during tunneling connection. The data is transmitted to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406 (S204).
 サーバZを構成する中継部206は、第2の接続ポート(Y番)から第1の接続ポート(X番)へ中継し、第1の接続ポート(X番)へのアクセスを端末4bへ流す(S205)。サーバZを構成する中継部206は、通信I/F208、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、ユーザ端末装置3aのID及びパスワードを端末4bへ送信する(S206)。端末4bを構成するログイン認証部309は、サーバZから送信されたユーザ端末装置3aのID及びパスワードに基づきログイン認証を実行し、OKである旨(許可通知)を、インターネットサービスプロバイダ(ISP)6及びインターネット5を介してサーバZへ送信する(S207)。 The relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S205). The relay unit 206 constituting the server Z transmits the ID and password of the user terminal device 3a to the terminal 4b via the communication I / F 208, the Internet 5 and the Internet service provider (ISP) 6 (S206). The login authentication unit 309 constituting the terminal 4b executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z, and indicates that it is OK (permission notification) to the Internet service provider (ISP) 6 And it transmits to the server Z via the Internet 5 (S207).
 サーバZを構成する中継部206は、第1の接続ポート(X番)から第2の接続ポート(Y番)へ中継する(S208)。そして中継部206は、ユーザ端末装置3aへログイン認証の結果がOKである旨(許可通知)を送信する(S209)。 The relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (No. Y) (S208). And the relay part 206 transmits that the result of login authentication is OK (permission notification) to the user terminal device 3a (S209).
 ユーザ端末装置3aを構成する通信I/F406が、ログイン認証の結果がOKである旨(許可通知)を受信すると、ユーザ端末装置3aを構成する入力部401は、保守・状況把握の作業のリクエストを入力し、入力I/F403、内部バス409及び通信I/F406を介してサーバZへ送信する(S210)。 When the communication I / F 406 configuring the user terminal device 3a receives that the login authentication result is OK (permission notification), the input unit 401 configuring the user terminal device 3a requests a maintenance / status grasping operation request. Is transmitted to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406 (S210).
 サーバZを構成する中継部206は、第2の接続ポート(Y番)から第1の接続ポート(X番)へ中継し、第1の接続ポート(X番)へのアクセスを端末4bへ流す(S211)。サーバZを構成する中継部206は、通信I/F208、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、保守・状況把握の作業のリクエストを端末4bへ送信する(S212)。 The relay unit 206 constituting the server Z relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. (S211). The relay unit 206 constituting the server Z transmits a request for maintenance / status grasping work to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6 (S212).
 端末4bを構成する計測値取得部304は、通信I/F305を介して保守・状況把握の作業のリクエストを受信すると、内部バス310を介して記憶部306へアクセスし、記憶部306に格納される上記各種計測値や作業リクエストに応じた処理実行結果を読み出し、保守・状況把握の作業のリクエスト結果として、インターネットサービスプロバイダ(ISP)6及びインターネット5を介してサーバZへ送信する(S213)。 When the measurement value acquisition unit 304 constituting the terminal 4 b receives a maintenance / status grasping operation request via the communication I / F 305, the measurement value acquisition unit 304 accesses the storage unit 306 via the internal bus 310 and stores the request in the storage unit 306. The process execution results corresponding to the above various measurement values and work requests are read out and transmitted to the server Z via the Internet service provider (ISP) 6 and the Internet 5 as the maintenance / status grasping work request results (S213).
 サーバZを構成する中継部206は、第1の接続ポート(X番)から第2の接続ポート(Y番)へ中継する(S214)。そして中継部206は、保守・状況把握の作業のリクエスト結果として、対象端末若しくは対象機器の各種計測値や作業リクエストに応じた処理実行結果をユーザ端末装置3aへ送信する(S215)。 The relay unit 206 constituting the server Z relays from the first connection port (No. X) to the second connection port (No. Y) (S214). And the relay part 206 transmits the process execution result according to the various measurement values and work request of an object terminal or an object apparatus to the user terminal device 3a as a request result of the maintenance / status grasping work (S215).
 次に、利用者(ユーザ)が切断を指示したときの遠隔監視システム1の概略シーケンスについて説明する。図8に示すように、端末4bを構成するトンネリング接続切断要求監視部307は、所定の周期にて、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、サーバZへ、トンネリング接続切断要求の有無を問い合わせる(S301)。サーバZを構成するアクセス要求受付部207は、ユーザ端末装置3aからトンネリング接続切断要求を受け付けていない場合、切断の必要がない旨、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへ送信する(S302)。 Next, an outline sequence of the remote monitoring system 1 when the user (user) instructs to disconnect will be described. As shown in FIG. 8, the tunneling connection disconnection request monitoring unit 307 constituting the terminal 4 b transmits to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 at a predetermined cycle. An inquiry is made as to whether there is a tunneling connection disconnection request (S301). The access request receiving unit 207 constituting the server Z indicates that there is no need for disconnection when the tunneling connection disconnection request is not received from the user terminal device 3a, and that the terminal 4b is connected via the Internet 5 and the Internet service provider (ISP) 6. (S302).
 ユーザ端末装置3aは作業が終了すると、入力部401により、トンネリング接続解除要求(トンネリング接続切断要求)を入力し、入力I/F403、内部バス409及び通信I/F406を介してサーバZへ送信する(S303)。サーバZを構成するアクセス要求受付部207は、トンネリング接続解除要求(トンネリング接続切断要求)を受け付けると、了解した旨(Ack)をユーザ端末装置3aへ送信する(S304)。そして、アクセス要求受付部207は、トンネリング接続のステータスを、接続中から切断要求に変更する(S305)。 When the operation is completed, the user terminal device 3a inputs a tunneling connection release request (tunneling connection disconnection request) through the input unit 401 and transmits it to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406. (S303). When receiving the tunneling connection release request (tunneling connection disconnection request), the access request receiving unit 207 configuring the server Z transmits an acknowledgment (Ack) to the user terminal device 3a (S304). Then, the access request reception unit 207 changes the status of the tunneling connection from being connected to a disconnection request (S305).
 端末4bを構成するトンネリング接続切断要求監視部307が、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、サーバZへ、トンネリング接続切断要求の有無を問い合わせる(S306)。サーバZを構成するアクセス要求受付部207は、このときトンネリング接続のステータスが、接続中から切断要求に変更されていることから、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへトンネリング接続切断要求を送信する(S307)。 The tunneling connection disconnection request monitoring unit 307 configuring the terminal 4b inquires of the server Z about the presence of a tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 (S306). At this time, since the status of the tunneling connection is changed from being connected to a disconnection request, the access request accepting unit 207 constituting the server Z sends the request to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6. A tunneling connection disconnection request is transmitted (S307).
 端末4bを構成するトンネリング接続切断実行部308は、内部バス310を介してトンネリング接続切断要求監視部307からトンネリング接続切断要求を受信すると、直ちに、トンネリング接続を切断(接続終了)すると共に、図示しないタイマーを停止する(S308)。そして、トンネリング接続切断実行部308は、タイマーを停止した旨をサーバZへインターネットサービスプロバイダ(ISP)6及びインターネット5を介して送信する(S309)。 Upon receiving the tunneling connection disconnection request from the tunneling connection disconnection request monitoring unit 307 via the internal bus 310, the tunneling connection disconnection execution unit 308 constituting the terminal 4b immediately disconnects the tunneling connection (ends connection) and is not illustrated. The timer is stopped (S308). Then, the tunneling connection disconnection execution unit 308 transmits information indicating that the timer has been stopped to the server Z via the Internet service provider (ISP) 6 and the Internet 5 (S309).
 サーバZを構成する、中継部206は中継サービスを終了し、接続時間管理部213はタイマーを停止し、トンネリング接続のステータスを切断要求から未接続に変更する(S310)。そして、接続時間管理部213は、了解した旨(Ack)を、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへ送信する(S311)。その後、サーバZを構成する接続ポート割当部212は、予約中の第1の接続ポート(X番)及び第2の接続ポート(Y番)を解除する(S312)。 The relay unit 206 constituting the server Z terminates the relay service, the connection time management unit 213 stops the timer, and changes the status of the tunneling connection from the disconnection request to the unconnected (S310). Then, the connection time management unit 213 transmits an acknowledgment (Ack) to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S311). Thereafter, the connection port allocation unit 212 constituting the server Z cancels the reserved first connection port (No. X) and second connection port (No. Y) (S312).
 次に、タイマー機能による切断時の遠隔監視システム1の概略シーケンスを説明する。図9に示すように、端末4bを構成するトンネリング接続切断実行部308は、トンネリング接続の接続時間である所定の時分を経過した時点で、タイマーを発動し、トンネリング接続を終了する(S401)。同様にサーバZを構成する接続時間管理部213は、トンネリング接続の接続時間である所定の時分を経過した時点でタイマーを発動し、中継部206は中継サービスを終了する(S402)。これにより、ユーザ端末装置3aは、トンネリング接続が強制終了され、サーバZへのアクセスができない状態となる(S403)。 Next, an outline sequence of the remote monitoring system 1 at the time of disconnection by the timer function will be described. As shown in FIG. 9, the tunneling connection disconnection execution unit 308 constituting the terminal 4b activates a timer when a predetermined time, which is a connection time of the tunneling connection, has elapsed, and ends the tunneling connection (S401). . Similarly, the connection time management unit 213 configuring the server Z activates a timer when a predetermined time, which is a connection time for tunneling connection, has elapsed, and the relay unit 206 ends the relay service (S402). As a result, the user terminal device 3a is forced to terminate the tunneling connection and cannot access the server Z (S403).
 端末4bを構成するトンネリング接続切断実行部308は、タイマーを停止した旨の通知を、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、サーバZへ送信する(S404)。サーバZを構成する接続時間管理部213は、トンネリング接続のステータスを、接続中から未接続に変更する(S405)。そして、接続時間管理部213は、了解した旨(Ack)を、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへ送信する(S406)。その後、サーバZを構成する接続ポート割当部212は、予約中の第1の接続ポート(X番)及び第2の接続ポート(Y番)を解除する(S407)。このように、設定時間(所定の接続時間)を経過するとタイマーの発動によりトンネリング接続が自動的に切断されるため、仮に、作業終了後にトンネリング接続切断要求の送信忘れが生じた場合であっても、接続ポートの閉じ忘れを防止することが可能となる。 The tunneling connection disconnection execution unit 308 constituting the terminal 4b transmits a notification that the timer has been stopped to the server Z via the Internet service provider (ISP) 6 and the Internet 5 (S404). The connection time management unit 213 configuring the server Z changes the status of the tunneling connection from being connected to not being connected (S405). Then, the connection time management unit 213 transmits an acknowledgment (Ack) to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6 (S406). After that, the connection port allocation unit 212 constituting the server Z cancels the reserved first connection port (No. X) and second connection port (No. Y) (S407). As described above, when the set time (predetermined connection time) elapses, the tunneling connection is automatically disconnected by the trigger of the timer, so even if the forgetting to transmit the tunneling connection disconnection request occurs after the work is completed. It becomes possible to prevent forgetting to close the connection port.
 (クラウドサーバの処理フロー)
 図10は、図2に示すクラウドサーバ2の処理フロー示すフローチャートである。図10に示すように、ステップS2001では、アクセス要求受付部207は、端末4bからの問い合わせの有無を判定する。すなわち、端末4bからアクセス要求の有無(トンネリングが必要か)の問い合わせが有ったか否かを判定し、問い合わせが無い場合には、ステップS2001を繰り返し待機状態となる。一方、端末4bからアクセス要求の有無(トンネリングが必要か)の問い合わせがあった場合には、ステップS2002へ進む。 (Processing flow of cloud server)
FIG. 10 is a flowchart showing a processing flow of the cloud server 2 shown in FIG. As shown in FIG. 10, in step S2001, the access request receiving unit 207 determines whether there is an inquiry from the terminal 4b. That is, it is determined whether or not there is an inquiry about whether or not there is an access request (whether tunneling is necessary) from the terminal 4b. If there is no inquiry, step S2001 is repeated to enter a standby state. On the other hand, if there is an inquiry about whether there is an access request from the terminal 4b (whether tunneling is necessary), the process proceeds to step S2002.
 ステップS2002では、アクセス要求受付部207は、ユーザ端末装置3aからのアクセス要求の有無を判定する。判定の結果、ユーザ端末装置3aからのアクセス要求が無い場合にはステップS2003へ進み、トンネリングの必要がない旨(トンネリング不要)、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、端末4bへ送信し、ステップS2002へ戻る。一方、ユーザ端末装置3aからのアクセス要求が有った場合には、ステップS2004へ進む。 In step S2002, the access request receiving unit 207 determines whether or not there is an access request from the user terminal device 3a. As a result of the determination, if there is no access request from the user terminal device 3a, the process proceeds to step S2003 to indicate that there is no need for tunneling (tunneling not required), and to the terminal 4b via the Internet 5 and the Internet service provider (ISP) 6. Then, the process returns to step S2002. On the other hand, if there is an access request from the user terminal device 3a, the process proceeds to step S2004.
 ステップS2004では、識別情報管理部205は、端末識別情報格納部209を参照し端末4bを特定すると共に、ユーザ端末装置格納部210を参照しユーザ端末装置3aを特定する。すなわち、識別情報管理部205は、ユーザ端末装置格納部210へアクセスし、アクセス要求に含まれる識別情報により接続元がユーザ端末装置3aであることを特定する。また、識別情報管理部205は、端末識別情報格納部209へアクセスし、接続先である端末4bの識別情報を取得する。 In step S2004, the identification information management unit 205 specifies the terminal 4b with reference to the terminal identification information storage unit 209 and specifies the user terminal device 3a with reference to the user terminal device storage unit 210. That is, the identification information management unit 205 accesses the user terminal device storage unit 210, and specifies that the connection source is the user terminal device 3a based on the identification information included in the access request. Also, the identification information management unit 205 accesses the terminal identification information storage unit 209 and acquires the identification information of the terminal 4b that is the connection destination.
 ステップS2005では、端末4bに割り当てる第1の接続ポート及びユーザ端末装置3aに割り当てる第2の接続ポートをランダムに取得し予約&接続するサーバを選択する。具体的には、接続ポート割当部212は、ランダムに2つの接続ポートを取得する。取得した2つの接続ポート(X番、Y番)が使用中でなければ、接続ポート割当部212は、端末4bに割り当てるクラウドサーバ2の第1の接続ポート(X番)を予約すると共に、ユーザ端末装置3aに割り当てるクラウドサーバ2の第2の接続ポート(Y番)を予約する。また、これに加え、接続ポート割当部212は、ユーザ端末装置3aが接続するクラウドサーバ2を構成する複数のサーバから任意に1つのサーバ(サーバアドレス“Z”)を選択する。そして、接続ポート割当部212は、トンネリングが必要な旨を、接続すべきサーバアドレス“Z”(以下、サーバZと称する)、第1の接続ポート(X番)、所定の接続時間、暗号化された認証情報と共に、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して端末4bへ送信する。 In step S2005, a first connection port to be assigned to the terminal 4b and a second connection port to be assigned to the user terminal device 3a are randomly obtained, and a server to be reserved and connected is selected. Specifically, the connection port assignment unit 212 acquires two connection ports at random. If the acquired two connection ports (No. X, No. Y) are not in use, the connection port assignment unit 212 reserves the first connection port (No. X) of the cloud server 2 to be assigned to the terminal 4b, and the user The second connection port (No. Y) of the cloud server 2 assigned to the terminal device 3a is reserved. In addition to this, the connection port assignment unit 212 arbitrarily selects one server (server address “Z”) from a plurality of servers constituting the cloud server 2 to which the user terminal device 3a is connected. Then, the connection port assignment unit 212 indicates that the tunneling is necessary, the server address “Z” (hereinafter referred to as server Z) to be connected, the first connection port (No. X), the predetermined connection time, the encryption The authentication information is transmitted to the terminal 4b via the Internet 5 and Internet service provider (ISP) 6.
 ステップS2006では、端末4bに対する認証処理を実行する。具体的には、認証部211は、端末4bから受信した認証情報に基づき、トンネリングの可否を判定することで認証処理を行う。ステップS2007では、第2の接続ポートから第1の接続ポートへの中継サービス起動&タイマー起動を実行する。具体的には、中継部206は、ユーザ端末装置3aからの第2の接続ポート(Y番)へのアクセスを第1の接続ポート(X番)へ中継するサービスを起動する。また、接続時間管理部213は、所定の接続時間後に切断するようタイマーを起動する。また、中継部206は、トンネリング接続のステータスを、未接続から接続中に変更する。 In step S2006, an authentication process for the terminal 4b is executed. Specifically, the authentication unit 211 performs authentication processing by determining whether or not tunneling is possible based on authentication information received from the terminal 4b. In step S2007, relay service activation & timer activation from the second connection port to the first connection port is executed. Specifically, the relay unit 206 activates a service that relays access to the second connection port (No. Y) from the user terminal device 3a to the first connection port (No. X). In addition, the connection time management unit 213 starts a timer to disconnect after a predetermined connection time. In addition, the relay unit 206 changes the status of the tunneling connection from not connected to being connected.
 ステップS2008では、第1の接続ポートから第2の接続ポートへ中継する。具体的には、中継部206は、第1の接続ポート(X番)から第2の接続ポート(Y番)へ中継する。 In step S2008, relay is performed from the first connection port to the second connection port. Specifically, the relay unit 206 relays from the first connection port (No. X) to the second connection port (No. Y).
 ステップS2009では、ユーザ端末装置3aから保守・状況把握の作業リクエストの有無を判定し、保守・状況把握の作業リクエストが無い場合には、ステップS2009にて待機状態となる。一方、保守・状況把握の作業リクエストが有った場合には、ステップS2010へ進む。具体的には、アクセス要求受付部207は、ユーザ端末装置3aから保守・状況把握の作業リクエストの有無を判定し、保守・状況把握の作業リクエストが無い場合には、ステップS2009にて待機状態となる。一方、アクセス要求受付部207が、ユーザ端末装置3aから保守・状況把握の作業リクエストを、通信I/F208を介して受信すると、ステップS2010へ進む。 In step S2009, the presence / absence of a maintenance / situation grasping work request is determined from the user terminal device 3a. If there is no maintenance / situation grasping work request, a standby state is entered in step S2009. On the other hand, if there is a maintenance / status grasping work request, the process proceeds to step S2010. Specifically, the access request reception unit 207 determines whether or not there is a maintenance / status grasping work request from the user terminal device 3a. Become. On the other hand, when the access request receiving unit 207 receives a maintenance / status grasping work request from the user terminal device 3a via the communication I / F 208, the process proceeds to step S2010.
 ステップS2010では、端末4bへ保守・状況把握の作業リクエストを送信する。具体的には、中継部206は、第2の接続ポート(Y番)から第1の接続ポート(X番)へ中継し、第1の接続ポート(X番)へのアクセスを端末4bへ流す。そして、中継部206は、通信I/F208、インターネット5及びインターネットサービスプロバイダ(ISP)6を介して、保守・状況把握の作業のリクエストを端末4bへ送信する。 In step S2010, a maintenance / status grasping work request is transmitted to the terminal 4b. Specifically, the relay unit 206 relays from the second connection port (No. Y) to the first connection port (No. X), and flows access to the first connection port (No. X) to the terminal 4b. . Then, the relay unit 206 transmits a request for maintenance / status grasping work to the terminal 4b via the communication I / F 208, the Internet 5, and the Internet service provider (ISP) 6.
 ステップS2011では、端末4bからの作業リクエストに対する結果をユーザ端末装置3aへ中継する。具体的には、中継部206は、第1の接続ポート(X番)から第2の接続ポート(Y番)へ中継する。そして中継部206は、端末4bから受信した、保守・状況把握の作業のリクエスト結果として、対象端末若しくは対象機器の各種計測値や作業リクエストに応じた処理結果をユーザ端末装置3aへ送信する。 In step S2011, the result of the work request from the terminal 4b is relayed to the user terminal device 3a. Specifically, the relay unit 206 relays from the first connection port (No. X) to the second connection port (No. Y). Then, the relay unit 206 transmits, to the user terminal device 3a, processing results corresponding to various measurement values and work requests of the target terminal or target device as the maintenance / status grasping work request results received from the terminal 4b.
 ステップS2012では、ユーザ端末装置3aからトンネリング接続解除要求の有無を判定し、トンネリング接続解除要求が有った場合にはステップS2014へ進み、トンネリング接続解除要求が無い場合にはステップS2013へ進む。具体的には、アクセス要求受付部207は、ユーザ端末装置3aからトンネリング接続解除要求(トンネリング接続切断要求)の有無を判定し、ユーザ端末装置3aからトンネリング接続解除要求(トンネリング接続切断要求)が有った場合にはステップS2014へ進み、ユーザ端末装置3aからトンネリング接続解除要求(トンネリング接続切断要求)が無い場合にはステップS2013へ進む。 In step S2012, it is determined whether or not there is a tunneling connection release request from the user terminal device 3a. If there is a tunneling connection release request, the process proceeds to step S2014, and if there is no tunneling connection release request, the process proceeds to step S2013. Specifically, the access request receiving unit 207 determines whether there is a tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a, and there is a tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a. If YES in step S2014, the process advances to step S2014. If there is no tunneling connection release request (tunneling connection disconnection request) from the user terminal device 3a, the process advances to step S2013.
 ステップS2013では、タイマー発動・トンネリング接続終了したか否かを判定し、タイマーが発動せず、トンネリング接続未終了の場合、ステップS2012へ戻る。一方、タイマーが発動し、トンネリング接続が終了した場合、ステップS2015へ進む。具体的には、接続時間管理部213は、タイマーを起動してからトンネリング接続の接続時間である所定時分を経過前ではタイマーを発動することなく、中継部206は中継サービスを継続し、ステップS2012へ戻る。一方、接続時間管理部213は、タイマーを起動してからトンネリング接続の接続時間である所定時分を経過した時点でタイマーを発動し、中継部206は中継サービスを終了し、ステップS2015へ進む。 In step S2013, it is determined whether or not the timer activation / tunneling connection is completed. If the timer is not activated and the tunneling connection is not completed, the process returns to step S2012. On the other hand, when the timer is activated and the tunneling connection is terminated, the process proceeds to step S2015. Specifically, the connection time management unit 213 starts the timer, and the relay unit 206 continues the relay service without activating the timer before a predetermined time, which is the connection time of the tunneling connection, elapses. Return to S2012. On the other hand, the connection time management unit 213 activates the timer when a predetermined time, which is the connection time of the tunneling connection, has elapsed since the start of the timer, the relay unit 206 ends the relay service, and the process proceeds to step S2015.
 ステップS2014では、トンネリング接続のステータスを、接続中から切断要求に変更する。具体的には、アクセス要求受付部207は、トンネリング接続のステータスを、接続中から切断要求に変更する。そして、端末4bからのトンネリング接続切断要求の有無を問い合わせに応じて、端末4bへトンネリング接続切断要求を送信する。 In step S2014, the status of the tunneling connection is changed from being connected to a disconnection request. Specifically, the access request reception unit 207 changes the status of the tunneling connection from being connected to a disconnection request. Then, in response to an inquiry as to whether there is a tunneling connection disconnection request from the terminal 4b, a tunneling connection disconnection request is transmitted to the terminal 4b.
 ステップS2015では、端末4bから送信されるタイマーを停止した旨を待つ。 In step S2015, it waits for the timer transmitted from the terminal 4b to be stopped.
 ステップS2016では、トンネリング接続のステータスを、接続中又は切断要求から未接続に変更する。具体的には、中継部206は中継サービスを終了し、接続時間管理部213は、タイマーを停止し、トンネリング接続のステータスを、接続中又は切断要求から未接続に変更する。 In step S2016, the status of the tunneling connection is changed from being connected or disconnected to not being connected. Specifically, the relay unit 206 ends the relay service, and the connection time management unit 213 stops the timer, and changes the status of the tunneling connection from being connected or disconnecting to being unconnected.
 ステップS2017では、予約中の第1の接続ポート及び第2の接続ポートを解除し、処理を終了する。具体的には、接続ポート割当部212は、予約中の第1の接続ポート(X番)及び第2の接続ポート(Y番)を解除し処理を終了する。 In step S2017, the first connection port and the second connection port being reserved are released, and the process ends. Specifically, the connection port allocation unit 212 releases the reserved first connection port (X number) and second connection port (Y number), and ends the process.
 (端末の処理フロー)
 図11は、図3に示す端末4の処理フローを示すフローチャートである。以下では、端末4bを一例として説明する。図11に示すように、ステップS4001では、アクセス要求監視部301は、トンネリングが必要か否か判定する。すなわち、アクセス要求監視部301は、所定の周期でアクセス要求の有無(トンネリングが必要か)をクラウドサーバ2へ、通信I/F305及びインターネットサービスプロバイダ(ISP)6並びにインターネット5を介して問い合わせる。問い合わせの結果、アクセス要求が無い場合には、ステップS4001を繰り返し待機状態となる。一方、トンネリング要求が有った場合には、ステップS4002へ進む。 (Terminal processing flow)
FIG. 11 is a flowchart showing the processing flow of the terminal 4 shown in FIG. Hereinafter, the terminal 4b will be described as an example. As shown in FIG. 11, in step S4001, the access request monitoring unit 301 determines whether tunneling is necessary. That is, the access request monitoring unit 301 inquires of the cloud server 2 through the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5 about the presence / absence of an access request (whether tunneling is necessary) at a predetermined cycle. If there is no access request as a result of the inquiry, step S4001 is repeated to enter a standby state. On the other hand, if there is a tunneling request, the process proceeds to step S4002.
 ステップS4002では、接続すべきサーバアドレス、第1の接続ポート番号、接続時間、及び暗号化された認証情報を取得する。具体的には、クラウドサーバ2より、インターネット5、インターネットサービスプロバイダ(ISP)6、及び通信I/F305を介して受信された、接続すべきサーバアドレス“Z”(以下、サーバZと称する)、第1の接続ポート(X番)、所定の接続時間、暗号化された認証情報のうち、接続すべきサーバアドレス“Z”(以下、サーバZと称する)及び第1の接続ポート(X番)は、トンネリング要求生成部302に内部バス310を介して取得される。また、所定の接続時間は、トンネリング接続切断実行部308に内部バス310を介して取得される。暗号化された認証情報は、認証情報復号化部303に内部バス310を介して取得される。 In step S4002, a server address to be connected, a first connection port number, a connection time, and encrypted authentication information are acquired. Specifically, a server address “Z” (hereinafter referred to as a server Z) to be connected received from the cloud server 2 via the Internet 5, Internet service provider (ISP) 6, and communication I / F 305, Of the first connection port (X number), the predetermined connection time, and the encrypted authentication information, the server address “Z” (hereinafter referred to as server Z) to be connected and the first connection port (X number) Is acquired by the tunneling request generation unit 302 via the internal bus 310. Further, the predetermined connection time is acquired by the tunneling connection disconnection execution unit 308 via the internal bus 310. The encrypted authentication information is acquired by the authentication information decryption unit 303 via the internal bus 310.
 ステップS4003では、取得した認証情報を復号化する。具体的には、認証情報復号化部303が、クラウドサーバ2より受信した暗号化された認証情報を復号化する。 In step S4003, the acquired authentication information is decrypted. Specifically, the authentication information decryption unit 303 decrypts the encrypted authentication information received from the cloud server 2.
 ステップS4004では、接続すべきサーバZへトンネリング要求を送信する。具体的には、トンネリング要求生成部302は、トンネリング要求を生成し、生成したトンネリング要求を、例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介して、クラウドサーバ2を構成するサーバZへ送信する。 In step S4004, a tunneling request is transmitted to the server Z to be connected. Specifically, the tunneling request generation unit 302 generates a tunneling request and configures the cloud server 2 with the generated tunneling request via the communication I / F 305 and the Internet service provider (ISP) 6 using, for example, SSH. Send to server Z.
 ステップS4005では、接続すべきサーバZへ認証情報を送信する。具体的には、認証情報復号化部303は、復号化した認証情報を例えば、SSHにより通信I/F305及びインターネットサービスプロバイダ(ISP)6を介してサーバZへ送信する。 In step S4005, authentication information is transmitted to the server Z to be connected. Specifically, the authentication information decryption unit 303 transmits the decrypted authentication information to the server Z via the communication I / F 305 and the Internet service provider (ISP) 6 by, for example, SSH.
 ステップS4006では、接続すべきサーバZへ、第1の接続ポートへの通信は自身へ送信するよう要求する。具体的には、トンネリング要求生成部302は、サーバZへ、第1の接続ポート(X番)への通信は自身へ送信するよう要求を、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して送信する。 In step S4006, the server Z to be connected is requested to transmit the communication to the first connection port to itself. Specifically, the tunneling request generation unit 302 sends a request to the server Z to send communication to the first connection port (No. X) to itself via the Internet service provider (ISP) 6 and the Internet 5. Send.
 ステップS4007では、取得した接続時間経過時にトンネリング接続を切断するようタイマーを起動する。具体的には、トンネリング接続切断実行部308は、先にサーバZより受信した、所定の接続時間後に切断するようタイマー(図示せず)を起動する。 In step S4007, a timer is started to disconnect the tunneling connection when the acquired connection time has elapsed. Specifically, the tunneling connection disconnection execution unit 308 starts a timer (not shown) so as to disconnect after a predetermined connection time previously received from the server Z.
 ステップS4008では、サーバZへユーザ端末装置3aのID及びパスワードを要求する。具体的には、ログイン認証部309は、ユーザ端末装置3aのID及びパスワードの要求を、通信I/F305、インターネットサービスプロバイダ(ISP)6、及びインターネット5を介してサーバZへ送信する。 In step S4008, the server Z is requested for the ID and password of the user terminal device 3a. Specifically, the login authentication unit 309 transmits a request for the ID and password of the user terminal device 3 a to the server Z via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5.
 ステップS4009では、ログイン認証処理を実行する。具体的には、ログイン認証部309は、サーバZから送信されたユーザ端末装置3aのID及びパスワードに基づきログイン認証を実行し、OKである旨(許可通知)を、インターネットサービスプロバイダ(ISP)6及びインターネット5を介してサーバZへ送信する。 In step S4009, login authentication processing is executed. Specifically, the login authentication unit 309 executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z, and notifies the Internet service provider (ISP) 6 that it is OK (permission notification). And to the server Z via the Internet 5.
 ステップS4010では、保守・状況把握の作業リクエストを受信する。具体的には、計測値取得部304は、通信I/F305を介してユーザ端末装置3aからの保守・状況把握の作業のリクエストを受信する。 In step S4010, a maintenance / status grasping work request is received. Specifically, the measured value acquisition unit 304 receives a maintenance / status grasping request from the user terminal device 3a via the communication I / F 305.
 ステップS4011では、記憶部より計測装置による計測値及び保守に関する情報を読み出し、結果をサーバZへ送信する。具体的には、計測値取得部304は、内部バス310を介して記憶部306へアクセスし、記憶部306に格納される対象端末若しくは対象機器の各種計測値や作業リクエストに応じた処理結果を読み出し、保守・状況把握の作業のリクエスト結果として、インターネットサービスプロバイダ(ISP)6及びインターネット5を介してサーバZへ送信する。 In step S4011, the measurement value and maintenance information by the measurement device are read from the storage unit, and the result is transmitted to the server Z. Specifically, the measurement value acquisition unit 304 accesses the storage unit 306 via the internal bus 310, and displays processing results corresponding to various measurement values and work requests of the target terminal or target device stored in the storage unit 306. As a request result of the work of reading and maintenance / status grasping, it is transmitted to the server Z via the Internet service provider (ISP) 6 and the Internet 5.
 ステップS4012では、ユーザ端末装置3aからトンネリング接続解除要求の有無を判定し、トンネリング接続解除要求が有った場合にはステップS4014へ進み、トンネリング接続解除要求が無い場合にはステップS4013へ進む。具体的には、トンネリング接続切断要求監視部307は、通信I/F305、インターネットサービスプロバイダ(ISP)6及びインターネット5を介して、サーバZへ、トンネリング接続切断要求の有無を問い合わせる。問い合わせの結果、トンネリング接続切断要求(トンネリング接続解除要求)が有った場合にはステップS4014へ進み、トンネリング接続切断要求(トンネリング接続解除要求)が無い場合にはステップS4013へ進む。 In step S4012, it is determined whether or not there is a tunneling connection release request from the user terminal device 3a. If there is a tunneling connection release request, the process proceeds to step S4014. If there is no tunneling connection release request, the process proceeds to step S4013. Specifically, the tunneling connection disconnection request monitoring unit 307 inquires of the server Z about the presence or absence of the tunneling connection disconnection request via the communication I / F 305, the Internet service provider (ISP) 6, and the Internet 5. As a result of the inquiry, if there is a tunneling connection disconnection request (tunneling connection release request), the process proceeds to step S4014. If there is no tunneling connection disconnection request (tunneling connection release request), the process proceeds to step S4013.
 ステップS4013では、タイマー発動・トンネリング接続終了したか否かを判定し、タイマーが発動せず、トンネリング接続未終了の場合、ステップS4012へ戻る。端末4bは、第2の接続ポートが割り当てられたユーザ端末装置3aと、第1の接続ポートを介して所定時間継続して通信する。一方、タイマーが発動し、トンネリング接続が終了した場合、ステップS4014へ進む。具体的には、トンネリング接続切断実行部308は、タイマーを起動してからトンネリング接続の接続時間である所定時分を経過前ではタイマーを発動することなく、トンネリング接続を継続しステップS4012へ戻る。一方、トンネリング接続切断実行部308は、タイマーを起動してからトンネリング接続の接続時間である所定時分を経過した時点でタイマーを発動し、ステップS4014へ進む。 In step S4013, it is determined whether or not the timer activation / tunneling connection is completed. If the timer is not activated and the tunneling connection is not completed, the process returns to step S4012. The terminal 4b continuously communicates with the user terminal device 3a to which the second connection port is assigned via the first connection port for a predetermined time. On the other hand, if the timer is activated and the tunneling connection is terminated, the process proceeds to step S4014. Specifically, the tunneling connection disconnection execution unit 308 continues the tunneling connection without activating the timer before elapse of a predetermined time, which is the connection time of the tunneling connection, after starting the timer, and returns to step S4012. On the other hand, the tunneling connection disconnection execution unit 308 activates the timer when a predetermined time, which is the connection time of the tunneling connection, has elapsed since the start of the timer, and proceeds to step S4014.
 ステップS4014では、トンネリング接続切断実行部308は、トンネリング接続切断を実行し処理を終了する。 In step S4014, the tunneling connection disconnection execution unit 308 executes the tunneling connection disconnection and ends the process.
 (ユーザ端末装置の処理フロー)
 図12は、図4に示すユーザ端末装置の処理フロー示すフローチャートである。以下では、ユーザ端末装置3aを一例として説明する。図12に示すように、ステップS3001では、クラウドサーバ2へ端末4bへのアクセス要求を送信する(接続時間及び接続元情報送信)。具体的には、ユーザ端末装置3aが、端末4bへのアクセス要求を、例えば、所定の接続時間、接続元であるユーザ端末装置3a自身のIPアドレスを含めて、通信I/F406及びルーター3cを介してクラウドサーバ2へ送信する。 (Processing flow of user terminal device)
FIG. 12 is a flowchart showing a processing flow of the user terminal device shown in FIG. Hereinafter, the user terminal device 3a will be described as an example. As shown in FIG. 12, in step S3001, an access request to the terminal 4b is transmitted to the cloud server 2 (connection time and connection source information transmission). Specifically, the user terminal device 3a sends an access request to the terminal 4b to the communication I / F 406 and the router 3c including, for example, a predetermined connection time and the IP address of the user terminal device 3a that is the connection source. To the cloud server 2.
 ステップS3002では、接続すべきサーバアドレス及び第2の接続ポート番号を取得する。具体的には、クラウドサーバ2より、接続すべきサーバはサーバZであり、接続ポートは第2の接続ポート(Y番)である旨取得する。 In step S3002, a server address to be connected and a second connection port number are acquired. Specifically, the cloud server 2 acquires that the server to be connected is the server Z and the connection port is the second connection port (Y number).
 ステップS3003では、接続すべきサーバZへ、第2の接続ポートを介して接続要求を送信する。具体的には、ユーザ端末装置3aは、サーバZへ第2の接続ポート(Y番)への接続要求を送信する。 In step S3003, a connection request is transmitted to the server Z to be connected through the second connection port. Specifically, the user terminal device 3a transmits a connection request to the second connection port (No. Y) to the server Z.
 ステップS3004では、接続すべきサーバよりID及びパスワードの送信要求を受信する。具体的には、通信I/F406が、サーバZよりID及びパスワードの送信要求を受信する。 In step S3004, an ID and password transmission request is received from the server to be connected. Specifically, the communication I / F 406 receives an ID and password transmission request from the server Z.
 ステップS3005では、接続すべきサーバZへ、ID及びパスワードを送信する。具体的には、入力部401は、トンネリング接続の際のログイン時に必要となるID及びパスワードを入力し、入力I/F403、内部バス409及び通信I/F406を介してサーバZへ送信する。 In step S3005, the ID and password are transmitted to the server Z to be connected. Specifically, the input unit 401 inputs an ID and a password that are required at the time of login at the time of tunneling connection, and transmits them to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406.
 ステップS3006では、ログイン認証結果を受信する。具体的には、通信I/F406が、サーバZより、ログイン認証の結果がOKである旨(許可通知)を受信する。 In step S3006, a login authentication result is received. Specifically, the communication I / F 406 receives from the server Z that the login authentication result is OK (permission notification).
 ステップS3007では、保守・状況把握の作業リクエストを送信する。具体的には、入力部401は、保守・状況把握の作業のリクエストを入力し、入力I/F403、内部バス409及び通信I/F406を介してサーバZへ送信する。 In step S3007, a maintenance / status grasping work request is transmitted. Specifically, the input unit 401 inputs a request for maintenance / status grasping work, and transmits the request to the server Z via the input I / F 403, the internal bus 409, and the communication I / F 406.
 ステップS3008では、第2の接続ポートを介して、計測装置による計測値及び保守に関する情報を、リクエスト結果として受信する。具体的には、通信I/F406が、サーバZより、保守・状況把握の作業のリクエスト結果として、対象端末若しくは対象機器の各種計測値や作業リクエストに応じた処理結果を受信し、処理を終了する。 In step S3008, the measurement value and maintenance information by the measuring device are received as a request result via the second connection port. Specifically, the communication I / F 406 receives processing results corresponding to various measurement values and work requests of the target terminal or target device from the server Z as a result of the maintenance / status grasping work request, and ends the process. To do.
 なお、図12では、図示しないが受信された保守・状況把握の作業のリクエスト結果としての対象端末若しくは対象機器の各種計測値や作業リクエストに応じた処理結果は、出力I/F404を介して表示部402の表示画面上に表示される。これにより、ユーザ端末装置3aの保有者である利用者(ユーザ)3は、対象端末若しくは対象機器に対する保守の必要性及び保守内容につき容易に検討することが可能となる。 In FIG. 12, although not shown, various measurement values of the target terminal or target device and the processing results corresponding to the work request are displayed via the output I / F 404 as a request result of the received maintenance / status grasping work request. Displayed on the display screen of the unit 402. As a result, the user (user) 3 who is the owner of the user terminal device 3a can easily examine the necessity of maintenance and the contents of the maintenance for the target terminal or the target device.
 なお、本実施例では、IoTによる、対象端末若しくは対象機器の各種計測値を、端末4から所定の周期でインターネットサービスプロバイダ(ISP)6及びインターネット5を介して、クラウドサーバ2へ送信する形態を一例として説明したが、これに限られるものではない。例えば上述の端末4a~4cにより構成される端末4に代えて、パーソナルコンピュータ、スマートフォン(携帯電話)或はタブレット等としても良い。 In this embodiment, various measurement values of the target terminal or target device by IoT are transmitted from the terminal 4 to the cloud server 2 via the Internet service provider (ISP) 6 and the Internet 5 at a predetermined cycle. Although described as an example, it is not limited to this. For example, instead of the terminal 4 constituted by the terminals 4a to 4c described above, a personal computer, a smartphone (mobile phone), a tablet or the like may be used.
 本実施例によれば、インターネットサービスプロバイダを経由しインターネットへ接続される複数の端末に対し、ユーザ端末装置より所望のタイミングにてアクセス可能な遠隔監視システムを提供することが可能となる。 According to the present embodiment, it is possible to provide a remote monitoring system in which a plurality of terminals connected to the Internet via an Internet service provider can be accessed from a user terminal device at a desired timing.
 また、本実施例によれば、ユーザ端末装置と複数の端末のうちの一の端末とを、トンネリング接続することにより、タイムリーに対象端末若しくは対象機器に対する保守の必要性を把握することが可能となると共に、保守内容につき容易に検討することが可能となる。 Further, according to the present embodiment, it is possible to grasp the necessity of maintenance for the target terminal or target device in a timely manner by tunneling connection between the user terminal device and one of the plurality of terminals. At the same time, it becomes possible to easily examine the contents of maintenance.
 また、トンネリング接続時において、一の端末及びユーザ端末装置にそれぞれランダムに割り当てられる第1及び第2の接続ポートの閉じ忘れを防止でき、セキュリティーを向上することも可能となる。 Also, at the time of tunneling connection, forgetting to close the first and second connection ports randomly assigned to one terminal and user terminal device can be prevented, and security can be improved.
 上述した実施例では、クラウドサーバ2を介してユーザ端末装置3と端末4とを通信可能にとする構成について説明したが、この構成においてユーザ端末装置3と端末4の下位接続ポートに接続された計測装置やカメラなどの下位装置とを通信可能にする場合には次のような処理が必要となる。なお、クラウドサーバ2の接続ポートと区別するため、端末4の接続ポートは「下位接続ポート」と表現している。 In the above-described embodiment, the configuration in which the user terminal device 3 and the terminal 4 can communicate with each other via the cloud server 2 has been described. In this configuration, the user terminal device 3 and the lower connection port of the terminal 4 are connected. In order to enable communication with lower-level devices such as measurement devices and cameras, the following processing is required. In order to distinguish from the connection port of the cloud server 2, the connection port of the terminal 4 is expressed as “lower connection port”.
 すなわち、ユーザ端末装置3、クラウドサーバ2および端末4の間で図5~図7のS101~S208の処理を実行してユーザ端末装置3と端末4とを通信可能に接続したのち、ユーザ端末装置3から端末4に対して所定のリクエストを入力することにより、当該リクエストを受け付けた端末4は、その下位接続ポートに接続された下位装置とユーザ端末装置3とを通信可能に接続(中継)する。しかしながら、ユーザ端末装置からのこのようなリクエストは、通常はコマンドライン入力で行うため、操作に不慣れな者にとって煩雑な作業である。 That is, after the processing of S101 to S208 in FIGS. 5 to 7 is executed among the user terminal device 3, the cloud server 2, and the terminal 4 to connect the user terminal device 3 and the terminal 4 so that they can communicate, the user terminal device 3. When a predetermined request is input from 3 to the terminal 4, the terminal 4 receiving the request connects (relays) the lower-level device connected to the lower-level connection port and the user terminal device 3 so that they can communicate with each other. . However, since such a request from the user terminal device is normally performed by command line input, it is a complicated operation for those who are not familiar with the operation.
 そこで、次に示すような構成を採用してもよい。ユーザ端末装置3の表示部402に、例えば、図13(a)に示すように、接続候補となる端末4(4a~4c)および接続する端末を選択するためのボタンを含む端末選択画面G1を表示する。そして、端末選択画面G1において接続する端末がボタン操作により選択されると、図13(b)に示すように、選択された端末4における接続候補となる接続先(端末4自身またはその下位接続ポートに接続された計測装置やカメラ等)および接続先を選択するためのボタンを含む接続先選択画面G2を表示する。そして、接続先選択画面G2においてボタン操作により選択された接続先に自動的に接続する。なお、接続先選択画面G2において、端末自身が選択されると、上述した実施例で示したものと同じ動作を行う。なお、一例として、ユーザ端末装置3の表示部402への端末選択画面G1および接続先選択画面G2の表示は、ユーザ端末装置3のブラウザソフトウェアによりWebサーバとしてのクラウドサーバ2にアクセスすることにより行われる。 Therefore, the following configuration may be adopted. On the display unit 402 of the user terminal device 3, for example, as shown in FIG. 13A, a terminal selection screen G1 including a button for selecting a terminal 4 (4a to 4c) to be connected and a terminal to be connected is displayed. indicate. Then, when a terminal to be connected is selected by a button operation on the terminal selection screen G1, as shown in FIG. 13B, a connection destination (terminal 4 itself or its lower connection port) that becomes a connection candidate in the selected terminal 4 And a connection destination selection screen G2 including a button for selecting a connection destination. And it connects automatically to the connection destination selected by button operation in the connection destination selection screen G2. When the terminal itself is selected on the connection destination selection screen G2, the same operation as that described in the above-described embodiment is performed. As an example, the display of the terminal selection screen G1 and the connection destination selection screen G2 on the display unit 402 of the user terminal device 3 is performed by accessing the cloud server 2 as a Web server by the browser software of the user terminal device 3. Is called.
 ここでは、端末4の下位接続ポート(A番)に接続された計測装置を接続先として自動的に接続する例について説明する。なお、自動的に接続する動作は、図5~図7に示すS101~S208の処理と多くの部分で共通しているので、これら処理との違いを中心に説明する。 Here, an example in which a measurement device connected to the lower connection port (No. A) of the terminal 4 is automatically connected as a connection destination will be described. The operation of automatically connecting is common to the processes of S101 to S208 shown in FIGS. 5 to 7 in many parts, and the difference from these processes will be mainly described.
 まず、端末選択画面G1において端末4bが選択され、接続先選択画面G2において計測装置が選択されたものとする。すると、図5のS105で、端末4bへのアクセス要求を、所定の接続時間およびユーザ端末装置3a自身のIPアドレスに加えて、接続先として計測装置を示す情報(例えば、下位接続ポート(A番)や計測装置に割り当てられた固有の識別番号など)を含めて、クラウドサーバ2に送信する。 First, it is assumed that the terminal 4b is selected on the terminal selection screen G1, and the measuring device is selected on the connection destination selection screen G2. Then, in S105 of FIG. 5, an access request to the terminal 4b is added to a predetermined connection time and the IP address of the user terminal device 3a itself, and information indicating the measurement device as a connection destination (for example, a lower connection port (number A) ) And a unique identification number assigned to the measuring device) and the like are transmitted to the cloud server 2.
 そして、クラウドサーバ2は、S106において、第1の接続ポート(X番)および第2の接続ポート(Y番)を予約するとともに、接続すべきサーバZを選択する。その後、クラウドサーバ2は、S107において、端末4bからのトンネリング要求の有無を受け付けると、S108において、トンネリングが必要な旨を、接続すべきサーバZ、第1の接続ポート(X番)、所定の接続時間、暗号化された認証情報、および計測装置を示す情報と共に端末4bへ送信する。この端末4bに送信する情報および上記アクセス要求は、端末4bに接続された計測装置への接続要求に相当する。 Then, in S106, the cloud server 2 reserves the first connection port (No. X) and the second connection port (No. Y) and selects the server Z to be connected. After that, when the cloud server 2 accepts the presence / absence of a tunneling request from the terminal 4b in S107, the server Z to be connected, the first connection port (No. X), a predetermined number in S108 indicate that tunneling is necessary. The connection time, encrypted authentication information, and information indicating the measurement device are transmitted to the terminal 4b. The information transmitted to the terminal 4b and the access request correspond to a connection request to the measuring device connected to the terminal 4b.
 その後、S109~S206まで処理が進み、端末4bは、サーバZから送信されたユーザ端末装置3aのID及びパスワードに基づきログイン認証を実行する。そして、端末4bは、認証がOKである場合、サーバZからの情報を計測装置が接続された下位接続ポート(A番)に転送しかつ下位接続ポート(A番)からの情報をサーバZの第1の接続ポート(X番)に転送するように設定したのち、S207において、認証がOKである旨(許可通知)を、サーバZへ送信する。 Thereafter, the process proceeds from S109 to S206, and the terminal 4b executes login authentication based on the ID and password of the user terminal device 3a transmitted from the server Z. If the authentication is OK, the terminal 4b transfers the information from the server Z to the lower connection port (No. A) to which the measuring device is connected, and transmits the information from the lower connection port (No. A) to the server Z. After setting to forward to the first connection port (No. X), in S207, the fact that the authentication is OK (permission notice) is transmitted to the server Z.
 これにより、ユーザ端末装置3aと端末4bの下位接続ポート(A番)に接続された計測装置とが通信可能にトンネリング接続され、ユーザ端末装置3aのリクエストが当該計測装置に直接入力される。 As a result, the user terminal device 3a and the measuring device connected to the lower connection port (No. A) of the terminal 4b are communicably tunneled and the request of the user terminal device 3a is directly input to the measuring device.
 つまり、端末4bは、クラウドサーバ2から端末4bに接続された計測装置への接続要求を受信すると、第1の接続ポート(X番)、第2の接続ポート(Y番)及びクラウドサーバ2を介したユーザ端末装置3aとの通信を計測装置と接続(中継)するので、ユーザ端末装置3aと計測装置とが直接通信可能となる。 That is, when the terminal 4b receives a connection request from the cloud server 2 to the measuring device connected to the terminal 4b, the terminal 4b uses the first connection port (No. X), the second connection port (No. Y), and the cloud server 2. Since the communication with the user terminal device 3a is connected (relayed) with the measurement device, the user terminal device 3a and the measurement device can directly communicate with each other.
 このように、ユーザ端末装置3aと端末4bの下位接続ポートに接続された計測装置等との間で直接通信したい場合に、ユーザ端末装置3aからのアクセス要求に接続先の下位装置を示す情報を含めて当該下位装置への接続要求をすることで、煩雑なリクエスト入力操作を行うことなく、自動的にユーザ端末装置3aと下位装置とを接続することができる。 In this way, when it is desired to directly communicate between the user terminal device 3a and the measurement device connected to the lower connection port of the terminal 4b, information indicating the lower device of the connection destination is included in the access request from the user terminal device 3a. In addition, by making a connection request to the lower-level device, it is possible to automatically connect the user terminal device 3a and the lower-level device without performing a complicated request input operation.
 なお、端末4bにおいて、サーバZと下位接続ポートとの間で通信を転送するようにするタイミングは、S207の直前に限らず、例えば、S109の前後のタイミングとするなど、本発明の目的に反しない限り、構成に応じて適宜決定してよい。また、上記では表示部402に表示された接続ボタンを操作することにより、接続先を選択するものであったが、これ以外にも、例えば、選択された接続先を含むコマンド文字列を入力する構成などとしてもよい。 Note that the timing at which communication is transferred between the server Z and the lower connection port in the terminal 4b is not limited to immediately before S207, but may be, for example, the timing before or after S109. Unless determined, it may be determined appropriately according to the configuration. Further, in the above description, the connection destination is selected by operating the connection button displayed on the display unit 402. In addition to this, for example, a command character string including the selected connection destination is input. It is good also as a structure.
 なお、本発明は上記した実施例に限定されるものではなく、様々な変形例が含まれる。例えば、上記した実施例は本発明を分かりやすく説明するために詳細に説明したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。 In addition, this invention is not limited to the above-mentioned Example, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described.
1…遠隔監視システム
2…クラウドサーバ
3…利用者(ユーザ)
3a…ユーザ端末装置a
3b…ユーザ端末装置b
3c…ルーター
4…端末
4a…端末a
4b…端末b
4c…端末c
5…インターネット
6…インターネットサービスプロバイダ(ISP)
7…トンネリング
8…計測装置
201…入力部
202…表示部
203…入力I/F
204…出力I/F
205…識別情報管理部
206…中継部
207…アクセス要求受付部
208…通信I/F
209…端末識別情報格納部
210…ユーザ端末装置格納部
211…認証部
212…接続ポート割当部
213…接続時間管理部
214…内部バス
301…アクセス要求監視部
302…トンネリング要求生成部
303…認証情報復号化部
304…計測値取得部
305…通信I/F
306…記憶部
307…トンネリング接続切断要求監視部
308…トンネリング接続切断実行部
309…ログイン認証部
310…内部バス
401…入力部
402…表示部
403…入力I/F
404…出力I/F
405…演算部
406…通信I/F
407…記憶部
408…バッテリー部
409…内部バス
G1…端末選択画面
G2…接続先選択画面 1 ... Remote monitoring system 2 ... Cloud server 3 ... User (user)
3a ... User terminal device a
3b User terminal device b
3c ... Router 4 ... Terminal 4a ... Terminal a
4b ... Terminal b
4c ... terminal c
5 ... Internet 6 ... Internet Service Provider (ISP)
7 ... Tunneling 8 ... Measuring device 201 ... Input unit 202 ... Display unit 203 ... Input I / F
204 ... Output I / F
205 ... Identification information management unit 206 ... Relay unit 207 ... Access request reception unit 208 ... Communication I / F
209 ... Terminal identification information storage unit 210 ... User terminal device storage unit 211 ... Authentication unit 212 ... Connection port allocation unit 213 ... Connection time management unit 214 ... Internal bus 301 ... Access request monitoring unit 302 ... Tunneling request generation unit 303 ... Authentication information Decoding unit 304 ... Measurement value acquisition unit 305 ... Communication I / F
306 ... Storage unit 307 ... Tunneling connection disconnection request monitoring unit 308 ... Tunneling connection disconnection execution unit 309 ... Login authentication unit 310 ... Internal bus 401 ... Input unit 402 ... Display unit 403 ... Input I / F
404 ... Output I / F
405 ... Calculation unit 406 ... Communication I / F
407: Storage unit 408 ... Battery unit 409 ... Internal bus G1 ... Terminal selection screen G2 ... Connection destination selection screen

Claims (17)

  1.  グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末と、
     前記インターネットに接続されるクラウドサーバと、
     前記クラウドサーバに接続されるユーザ端末装置と、を備え、
     前記クラウドサーバは、前記複数の端末のうち一の端末に第1の接続ポートを割り当てると共に、前記ユーザ端末装置に第2の接続ポートを割り当て、
     前記一の端末と前記ユーザ端末装置は、前記第1の接続ポート、前記第2の接続ポート及び前記クラウドサーバを介して通信することを特徴とする遠隔監視システム。     A plurality of terminals assigned private IP addresses, connected to the Internet via an Internet service provider having a global IP address;
    A cloud server connected to the Internet;
    A user terminal device connected to the cloud server,
    The cloud server assigns a first connection port to one terminal of the plurality of terminals, and assigns a second connection port to the user terminal device,
    The remote monitoring system, wherein the one terminal communicates with the user terminal device via the first connection port, the second connection port, and the cloud server.
  2.  請求項1に記載の遠隔監視システムにおいて、
     前記クラウドサーバは、前記第1の接続ポート及び前記第2の接続ポートをそれぞれ、前記一の端末及びユーザ端末装置にランダムに割り当てることを特徴とする遠隔監視システム。     The remote monitoring system according to claim 1,
    The cloud server randomly assigns the first connection port and the second connection port to the one terminal and the user terminal device, respectively.
  3.  請求項1又は請求項2に記載の遠隔監視システムにおいて、
     前記ユーザ端末装置は、前記クラウドサーバへ、前記複数の端末のうち一の端末への接続要求を送信することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 1 or 2,
    The remote monitoring system, wherein the user terminal device transmits a connection request to one of the plurality of terminals to the cloud server.
  4.  請求項3に記載の遠隔監視システムにおいて、
     前記クラウドサーバは、前記ユーザ端末装置から送信される前記複数の端末のうち一の端末への接続要求毎に、異なる第1の接続ポートを前記複数の端末のうち一の端末に割り当てると共に、異なる第2の接続ポートを前記ユーザ端末装置に割り当てる接続ポート割当部を有することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 3, wherein
    The cloud server assigns a different first connection port to one terminal among the plurality of terminals and is different for each connection request to one terminal among the plurality of terminals transmitted from the user terminal device. A remote monitoring system comprising: a connection port assignment unit for assigning a second connection port to the user terminal device.
  5.  請求項4に記載の遠隔監視システムにおいて、
     前記クラウドサーバは、前記第1の接続ポートが割り当てられた前記一の端末と、前記第2の接続ポートが割り当てられたユーザ端末装置との間での通信を、所定の時間継続可能とする接続時間管理部を有することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 4, wherein
    The cloud server is a connection that allows communication between the one terminal to which the first connection port is assigned and a user terminal device to which the second connection port is assigned to continue for a predetermined time. A remote monitoring system comprising a time management unit.
  6.  請求項5に記載の遠隔監視システムにおいて、
     前記ユーザ端末装置は、前記クラウドサーバへ、少なくとも、自身のIPアドレス、接続したい前記複数の端末のうちいずれか一つの端末、及び接続時間を送信することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 5, wherein
    The remote monitoring system, wherein the user terminal device transmits at least its own IP address, any one of the plurality of terminals to be connected, and a connection time to the cloud server.
  7.  請求項6に記載の遠隔監視システムにおいて、
     前記接続時間管理部は、前記ユーザ端末装置より送信される接続時間経過時に、前記第1の接続ポート及び前記第2の接続ポートを介する前記一の端末と前記ユーザ端末装置との通信を切断することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 6, wherein
    The connection time management unit disconnects communication between the one terminal and the user terminal device via the first connection port and the second connection port when a connection time transmitted from the user terminal device has elapsed. A remote monitoring system characterized by that.
  8.  請求項7に記載の遠隔監視システムにおいて、
     前記複数の端末は、有線又は無線にてそれぞれ計測装置及び/又は撮像装置に接続され、前記計測装置により計測された対象端末若しくは対象機器の計測値及び/又は前記撮像装置により撮像された対象端末若しくは対象機器の画像データを、所定の周期にて前記インターネットサービスプロバイダ及びインターネットを介して前記クラウドサーバへ送信することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 7,
    The plurality of terminals are connected to a measurement device and / or an imaging device respectively by wire or wirelessly, and the measurement value of the target terminal or target device measured by the measurement device and / or the target terminal imaged by the imaging device Alternatively, the remote monitoring system is characterized in that image data of a target device is transmitted to the cloud server via the Internet service provider and the Internet at a predetermined cycle.
  9.  請求項1又は請求項2に記載の遠隔監視システムにおいて、
     前記ユーザ端末装置は、前記クラウドサーバに、前記複数の端末のうち一の端末に接続された下位装置への接続要求を送信し、
     前記一の端末は、前記クラウドサーバから前記接続要求を受信すると、前記ユーザ端末装置との通信を前記下位装置と接続することを特徴とする遠隔監視システム。     The remote monitoring system according to claim 1 or 2,
    The user terminal device transmits a connection request to a lower device connected to one terminal among the plurality of terminals to the cloud server,
    When the one terminal receives the connection request from the cloud server, the one terminal connects communication with the user terminal device to the lower-level device.
  10.  前記ユーザ端末装置は、前記複数の端末のうちの一の端末を選択するための端末選択画面および前記端末選択画面において選択された一の端末における接続先を選択するための接続先選択画面を表示し、前記接続先選択画面において当該一の端末に接続された下位装置が接続先として選択されたとき、前記クラウドサーバに、当該下位装置への接続要求を送信することを特徴とする請求項9に記載の遠隔監視システム。 The user terminal device displays a terminal selection screen for selecting one terminal among the plurality of terminals and a connection destination selection screen for selecting a connection destination in one terminal selected on the terminal selection screen. 10. When a lower-level device connected to the one terminal is selected as a connection destination on the connection destination selection screen, a connection request to the lower-level device is transmitted to the cloud server. The remote monitoring system described in 1.
  11.  グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末において、
     前記端末は、クラウドサーバと前記インターネットを介して接続可能とされ、前記クラウドサーバを介してユーザ端末装置と通信可能であって、
     前記クラウドサーバにより前記ユーザ端末装置に割り当てられる第2の接続ポートと異なる第1の接続ポートが割り当てられ、当該第1の接続ポートと前記第2の接続ポートを介して前記ユーザ端末装置と通信可能なことを特徴とする遠隔監視システム用端末。     In a plurality of terminals assigned with private IP addresses connected to the Internet via an Internet service provider having a global IP address,
    The terminal can be connected to a cloud server via the Internet, can communicate with a user terminal device via the cloud server,
    A first connection port different from a second connection port assigned to the user terminal device by the cloud server is assigned, and communication with the user terminal device is possible via the first connection port and the second connection port. A terminal for a remote monitoring system characterized by this.
  12.  請求項11に記載の遠隔監視システム用端末において、
     前記クラウドサーバにより前記ユーザ端末装置に割り当てられる第2の接続ポートと異なる第1の接続ポートは、ランダムに割り当てられることを特徴とする遠隔監視システム用端末。     The remote monitoring system terminal according to claim 11,
    A remote connection terminal for a remote monitoring system, wherein a first connection port different from a second connection port assigned to the user terminal device by the cloud server is randomly assigned.
  13.  請求項12に記載の遠隔監視システム用端末において、
     前記第2の接続ポートが割り当てられた前記ユーザ端末装置と、前記第1の接続ポートを介して所定時間継続して通信することを特徴とする遠隔監視システム用端末。     The terminal for a remote monitoring system according to claim 12,
    A terminal for a remote monitoring system, which communicates continuously with the user terminal device to which the second connection port is assigned for a predetermined time via the first connection port.
  14.  請求項13に記載の遠隔監視システム用端末において、
     前記第2の接続ポートが割り当てられた前記ユーザ端末装置と、前記第1の接続ポートを介して通信するトンネリング接続を、所定時間経過時に切断するトンネリング接続切断実行部を有することを特徴とする遠隔監視システム用端末。     The terminal for a remote monitoring system according to claim 13,
    A remote control system comprising: a tunneling connection disconnection execution unit that disconnects a tunneling connection that communicates with the user terminal device to which the second connection port is assigned via the first connection port when a predetermined time elapses. Terminal for monitoring system.
  15.  請求項11又は請求項12に記載の遠隔監視システム用端末において、
     前記端末は、下位装置が接続されているとともに、前記クラウドサーバから前記下位装置への接続要求を受信すると、前記ユーザ端末装置と前記下位装置とを通信可能とすることを特徴とする遠隔監視システム用端末。     The remote monitoring system terminal according to claim 11 or 12,
    The terminal is connected to a lower level device, and when receiving a connection request from the cloud server to the lower level device, the user terminal device and the lower level device can communicate with each other. Terminal.
  16.  グローバルIPアドレスを有するインターネットサービスプロバイダを介してインターネットに接続される、プライベートIPアドレスが割り当てられた複数の端末のうち一の端末に第1の接続ポートを割り当て、
     前記インターネットに接続されるクラウドサーバに接続されるユーザ端末装置に第2の接続ポートを割り当て、
     前記第1の接続ポート及び前記第2の接続ポートをランダムに割り当てる機能を、プロセッサに実行させることを特徴とする遠隔監視用プログラム。     Assigning a first connection port to one of a plurality of terminals assigned with a private IP address connected to the Internet via an Internet service provider having a global IP address;
    Assigning a second connection port to a user terminal connected to the cloud server connected to the Internet;
    A remote monitoring program causing a processor to execute a function of randomly assigning the first connection port and the second connection port.
  17.  請求項16に記載の遠隔監視用プログラムにおいて、
     前記第1の接続ポートが割り当てられた一の端末と、前記第2の接続ポートが割り当てられたユーザ端末装置との通信を所定時間継続させる機能を、プロセッサに実行させることを特徴とする遠隔監視用プログラム。     The remote monitoring program according to claim 16, wherein
    Remote monitoring characterized by causing a processor to execute a function of continuing communication between the one terminal to which the first connection port is assigned and the user terminal device to which the second connection port is assigned for a predetermined time. Program.
PCT/JP2017/022026 2016-06-15 2017-06-14 Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system WO2017217476A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR1020197001388A KR102057295B1 (en) 2016-06-15 2017-06-14 Terminal for remote monitoring system, program for remote monitoring and remote monitoring system
CN201780050380.1A CN109952561B (en) 2016-06-15 2017-06-14 Terminal for remote monitoring system, method for remote monitoring, and remote monitoring system
US16/310,716 US20190373062A1 (en) 2016-06-15 2017-06-14 Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system
KR1020197036343A KR20190139334A (en) 2016-06-15 2017-06-14 Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2016118590 2016-06-15
JP2016-118590 2016-06-15
JP2017087977A JP6380902B2 (en) 2016-06-15 2017-04-27 Remote monitoring system terminal, remote monitoring program, and remote monitoring system
JP2017-087977 2017-04-27

Publications (1)

Publication Number Publication Date
WO2017217476A1 true WO2017217476A1 (en) 2017-12-21

Family

ID=60663534

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/022026 WO2017217476A1 (en) 2016-06-15 2017-06-14 Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system

Country Status (2)

Country Link
MY (1) MY177678A (en)
WO (1) WO2017217476A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005026856A (en) * 2003-06-30 2005-01-27 Phoenix Technologies Kk Remote access system
JP2007034713A (en) * 2005-07-27 2007-02-08 Nec Corp Remote monitoring system, remote monitoring method and analysis program
JP2009027652A (en) * 2007-07-23 2009-02-05 Nippon Telegr & Teleph Corp <Ntt> Connection control system, connection control method, connection control program, and relay device
JP2012155712A (en) * 2011-01-05 2012-08-16 Sb System Kk Remote maintenance management method and system for information processing apparatus and personal digital assistant and program used therefor
JP2015002376A (en) * 2013-06-13 2015-01-05 パナソニック株式会社 Management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005026856A (en) * 2003-06-30 2005-01-27 Phoenix Technologies Kk Remote access system
JP2007034713A (en) * 2005-07-27 2007-02-08 Nec Corp Remote monitoring system, remote monitoring method and analysis program
JP2009027652A (en) * 2007-07-23 2009-02-05 Nippon Telegr & Teleph Corp <Ntt> Connection control system, connection control method, connection control program, and relay device
JP2012155712A (en) * 2011-01-05 2012-08-16 Sb System Kk Remote maintenance management method and system for information processing apparatus and personal digital assistant and program used therefor
JP2015002376A (en) * 2013-06-13 2015-01-05 パナソニック株式会社 Management system

Also Published As

Publication number Publication date
MY177678A (en) 2020-09-23

Similar Documents

Publication Publication Date Title
JP6380902B2 (en) Remote monitoring system terminal, remote monitoring program, and remote monitoring system
JP5750935B2 (en) Information processing system, information processing apparatus, server apparatus, and program
CN109314708A (en) Network accessibility detection control
JP6996097B2 (en) Mediation equipment, information processing systems and programs
JP2006166028A (en) Vpn connection construction system
JP6407598B2 (en) Relay device, relay method, and relay program
WO2017217476A1 (en) Terminal for remote monitoring system, program for remote monitoring, and remote monitoring system
JP7209593B2 (en) Relay method, relay system, and relay program
CN109218382B (en) Remote communication control system and session management system
CN109218381B (en) Remote communication control system and session relay system
CN111066297B (en) Remote access control system
EP2372960A1 (en) Communication network system
CN110213346A (en) The transmission method and device of encryption information
CN103023763A (en) Communication relay apparatus, data processing system, and communication relay method
JP2019012930A (en) Remote communication control system, remote maintenance system, and remote maintenance program
JP2005208880A (en) Content provision system, content server, display terminal and content provision method
JP6546846B2 (en) Authentication server, access point and program
KR20190038713A (en) Method for preventing hacking of samrt home platform
JP2019012402A (en) Remote communication control system, session management system, and session management program
JP2011166312A (en) Virtual private network system, communication method and computer program
JP2017076832A (en) Proxy authentication device, proxy authentication method, and proxy authentication program
JP2019012403A (en) Remote communication control system, session management system, and session management program
JP2015167295A (en) System and method for vpn connection
JP2005242547A (en) Remote service execution method, remote client, and remote service server
JP2022059829A (en) Communication system, communication method, and communication program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17813371

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20197001388

Country of ref document: KR

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 17813371

Country of ref document: EP

Kind code of ref document: A1