WO2020008797A1 - Information processing system, information processing device, and information processing method - Google Patents

Information processing system, information processing device, and information processing method Download PDF

Info

Publication number
WO2020008797A1
WO2020008797A1 PCT/JP2019/022535 JP2019022535W WO2020008797A1 WO 2020008797 A1 WO2020008797 A1 WO 2020008797A1 JP 2019022535 W JP2019022535 W JP 2019022535W WO 2020008797 A1 WO2020008797 A1 WO 2020008797A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
execution unit
information processing
unique identifier
control
Prior art date
Application number
PCT/JP2019/022535
Other languages
French (fr)
Japanese (ja)
Inventor
洋介 小口
Original Assignee
日本電産サンキョー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電産サンキョー株式会社 filed Critical 日本電産サンキョー株式会社
Publication of WO2020008797A1 publication Critical patent/WO2020008797A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication

Definitions

  • the present invention relates to an information processing system, an information processing apparatus, and an information processing method, and more particularly, to an information processing system, an information processing apparatus, and an information processing method that execute processing by a plurality of processes.
  • Patent Literature 1 there is an information processing system in which devices such as a card reader are connected by a signal line such as RS-232C (serial) and processed by a plurality of processes.
  • the information processing system described in Patent Literature 1 is configured such that a process for performing communication control with respect to RS-232C is provided as a local server (local server application program) in an upper-level device (information processing device). I have.
  • a control process that controls a device without changing another application program (hereinafter simply referred to as an “app”) executed by a host device is performed. Interprocess communication can be performed.
  • the present invention has been made in view of such a situation, and an object of the present invention is to solve the above-described problem and to provide an information processing system that can be connected between processes in different sessions without using a shared memory. I do.
  • An information processing system is an information processing system including a higher-level device and a device that executes a process in accordance with an instruction from the higher-level device, wherein the higher-level device is connected to the device and performs control corresponding to a command. And a service execution unit that executes a service that performs monitoring, and a process execution unit that executes a process that performs various processes on the device via the service executed by the service execution unit. Generating a unique identifier at the time of execution of the process, outputting the unique identifier to the service, and inputting the unique identifier, and setting a communication pipe with the process corresponding to the unique identifier. The communication is performed by distinguishing the processes. With this configuration, it is possible to connect between processes in different sessions without using a shared memory.
  • the information processing system of the present invention includes a plurality of the processes, a control process for controlling the device, and a status monitoring process for monitoring a status of the device.
  • the monitoring process is executed by an account having a higher authority than the control process.
  • the service execution unit may include a control FIFO for storing an operation command issued from the control process, and a status notification for storing a status notification command issued from the status monitoring process. And the operation command stored in the control FIFO is transmitted to the device with priority over the status notification command stored in the status notification FIFO. With this configuration, the system can operate smoothly.
  • the information processing system is characterized in that the process execution unit receives an access from an external network for the status monitoring process and executes a process corresponding to the access.
  • the status can be grasped from a remote environment.
  • the information processing system is characterized in that the service and the process include a common identifier used in common, and the process execution unit outputs a unique identifier using the common identifier. With this configuration, security can be improved.
  • the information processing system according to the present invention is characterized in that the device includes a contactless card reader. With this configuration, a highly secure service can be provided.
  • An information processing apparatus is an information processing apparatus for instructing a device to execute a process, wherein the service execution unit is connected to the device and executes a service for performing control and monitoring corresponding to a command; A process that may be different from an account of the service via the service executed by the execution unit, the process execution unit performing the process of performing various processes on the device; and Generates a unique identifier at the time of execution of the process and outputs the unique identifier to the service.
  • the service execution unit inputs the unique identifier, and establishes a communication pipe with the process corresponding to the unique identifier. It is characterized in that the process is set and the process is distinguished for communication. With this configuration, it is possible to connect between processes in different sessions without using a shared memory.
  • An information processing method is an information processing method executed by an information processing apparatus that instructs a device to execute a process, and executes a service for connecting to the device and performing control and monitoring corresponding to a command.
  • the service and the account may be different, the process performing various processes on the device is executed, and a unique identifier is generated when the process is executed.
  • a unique identifier is generated and output to a service.
  • a communication pipe with a process corresponding to the unique identifier is set, and the process is distinguished and communicated.
  • FIG. 1 is a system configuration diagram of an information processing system according to an embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating an example of a functional configuration according to the embodiment of the present invention.
  • FIG. 3 is a flowchart of the service connection process according to the embodiment of the present invention.
  • FIG. 4 is a flowchart of a command execution process according to the embodiment of the present invention.
  • FIG. 5 is a conceptual diagram for explaining connection between processes and processing of a command according to the embodiment of the present invention.
  • FIGS. 6A and 6B are conceptual diagrams for explaining connection between processes in a conventional information processing system.
  • the information processing system X includes an ATM (Automated Teller Machine) having a card issuing function, a kiosk terminal, a ticket issuing system for transportation, a point card issuing system such as a convenience store, and a retailer.
  • ATM Automated Teller Machine
  • a member card issuance system, a gaming machine card issuance / payment system, an entrance / exit management system, and the like hereinafter simply abbreviated to "ATM or the like").
  • the information processing system X includes a host device 1, a card reader 2, and a server 3.
  • the host device 1 and the card reader 2 are connected by a USB (Universal Serial Bus) or the like.
  • the host device 1 and the server 3 are connected via a network 5.
  • the host device 1 is an information processing device for realizing each function such as ATM.
  • the host device 1 is, for example, a main device such as an ATM and includes a control arithmetic device such as a control PC (Personal Computer), a tablet terminal, and a mobile phone, and implements the function of the information processing system X.
  • the host device 1 is connected to the card reader 2 as a device to be controlled.
  • the host device 1 can also be connected to the network 5, various peripheral devices, and the like.
  • the card reader 2 is a device to be controlled by the host device 1 and is an example of a device that can read (read) or write (write) the card medium 4.
  • the card reader 2 is, for example, a contactless card reader.
  • the non-contact card reader can communicate with each other by holding the card medium 4 over an antenna. Therefore, the card reader 2 includes, for example, an NFC (Near Field Communication) RF (Radio Frequency) antenna, a control IC, an LED (Light Emitting Diode), a buzzer, and the like.
  • the card reader 2 can also incorporate a SAM (Secure Application Module) card used for encrypting and decrypting read / write of the card medium 4.
  • SAM Secure Application Module
  • the communication between the card reader 2 and the host device 1 is performed by, for example, a connected USB cable. With this communication, it is possible to transmit and receive information on the card medium 4, transmit and receive information on the SAM card, monitor the state of the card reader 2, and the like.
  • the server 3 is a PC server (Server) on a so-called “cloud”, a server on an intranet, or the like.
  • the server 3 can perform maintenance management of the card reader 2 via the host device 1. Therefore, the server 3 monitors the state of the card reader 2 as described later.
  • the card medium 4 is a non-contact type IC card in the present embodiment.
  • This card medium may include, for example, an electromagnetic induction antenna and an IC chip including a ROM (Read Only Memory) and an MPU (Micro Processing Unit).
  • the network 5 is a WAN (Wide Area Network) such as the Internet or a mobile phone network, or a LAN (Local Area Network) IP network.
  • WAN Wide Area Network
  • LAN Local Area Network
  • the host device 1 includes a control unit 10, a storage unit 20, an I / F unit 30, a display unit 40, and an input unit 50.
  • the control unit 10 is control arithmetic means including an MPU (Micro Processing Unit), a GPU (Graphics Processing Unit), a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), and the like.
  • MPU Micro Processing Unit
  • GPU Graphics Processing Unit
  • DSP Digital Signal Processor
  • ASIC Application Specific Integrated Circuit
  • the storage unit 20 is a non-temporary recording medium such as a ROM (Random Access Memory), a ROM including a flash memory (Flash Memory), a solid state drive (SSD), and a hard disk drive (HDD).
  • ROM Random Access Memory
  • Flash Memory Flash Memory
  • SSD solid state drive
  • HDD hard disk drive
  • the I / F unit 30 is a circuit such as a chipset (Chipset) for connecting to an external device, an I / O (Input ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ / Output), and an interface.
  • the I / F unit 30 includes, for example, a general-purpose serial interface such as USB for connecting to devices and peripheral devices, a parallel interface, a digital video interface, and the like.
  • the I / F unit 30 includes a network interface for connecting to the network 5.
  • the display unit 40 is a display such as an LCD (Liquid Crystal Display) panel or an organic EL panel.
  • the display unit 40 displays a screen such as an ATM.
  • the input unit 50 is a touch panel, various buttons, and the like. This touch panel may be formed integrally with the display unit 40.
  • the input unit 50 acquires information input by a user such as an ATM.
  • the input unit 50 can separately acquire information on a maintenance management instruction from the administrator.
  • the host device 1 of the information processing system X of the present embodiment includes a service execution unit 100 and a process execution unit 110 as a functional configuration for controlling and monitoring the card reader 2 and connecting to the server 3.
  • the service execution unit 100 connects to a device and executes a service for performing control and monitoring corresponding to a command. This service sends and receives communication with the actual card reader 2. In addition, in the present embodiment, the service execution unit 100 inputs a unique identifier, sets a communication pipe with a process corresponding to the unique identifier, and performs communication while distinguishing between the processes.
  • the service of this embodiment is, for example, a local server configured as a Windows (registered trademark) OS (Operating System) service. Therefore, the service execution unit 100 executes a service process using a system account, which is a special account for an OS service. As a result, the service is started and executed prior to the normal application when the OS is started. For this reason, it is possible to always access at an arbitrary timing from an application process started in an administrator or a guest account session.
  • a system account which is a special account for an OS service.
  • the service execution unit 100 executes the service S.
  • the service S is installed as a device driver of the card reader 2, for example, and includes a service application and communication middleware.
  • the service application provides an API (Application ⁇ Programming ⁇ Interface) as a service and performs communication with each process.
  • the communication middleware performs actual control with the card reader 2 corresponding to the API.
  • the process execution unit 110 executes a process for performing various processes on a device via a service executed by the service execution unit 100.
  • this process is plural, and includes a control process and a state monitoring process.
  • the control process is a process for controlling the device, for example, controlling the device via a transaction screen such as an ATM.
  • the status monitoring process monitors the status of the device via a status notification command or the like.
  • the process execution unit 110 executes the status monitoring process with an account having a higher authority than the control process.
  • the process execution unit 110 executes this status monitoring process with an administrator account.
  • the process execution unit 110 generates a unique identifier when the process is executed, and outputs the generated unique identifier to the service.
  • This unique identifier includes a common identifier used in common.
  • This common identifier includes a character string or the like that can be recognized as a process related to the card reader 2.
  • the process execution unit 110 outputs the above-described unique identifier using the common identifier.
  • the process execution unit 110 executes the control process P1, the control process P2, and the status monitoring process PW.
  • the control process P1 includes a contactless card control application and communication middleware.
  • the contactless card control application transmits a command to the service S via the communication middleware and obtains an execution result of the command, corresponding to a function such as an ATM. This command is for the card reader 2 to wait for reading / writing of the card medium 4, turning on the LED, controlling the buzzer, and the like.
  • the communication middleware transmits a command corresponding to the API for the service S, and receives data such as an execution result notification from the service.
  • the control process P2 includes a SAM card application and communication middleware.
  • the SAM card application transmits and receives SAM card communication commands and the like via communication middleware.
  • the process execution unit 110 executes the control process P1 and the control process P2 with a guest account which is a guest user account.
  • the status monitoring process PW includes a status monitoring application and communication middleware.
  • the status monitoring application connects to the service S via the communication middleware, and monitors the status of communication with the USB, the status of the card reader 2, and the like.
  • the status monitoring application can also monitor the status of peripheral devices connected to the host device 1.
  • the status monitoring application includes a communication function for connecting to the server 3.
  • the process execution unit 110 executes the status monitoring process PW with an administrator account.
  • control unit 10 functions as the service execution unit 100 and the process execution unit 110 by executing the control program stored in the storage unit 20.
  • each unit of the above-described higher-level device 1 is a hardware resource that executes the control program and the information processing method of the present invention. Note that a part or an arbitrary combination of the above-described functional configurations may be configured as hardware using an IC, a programmable logic, an FPGA (Field-Programmable Gate Array), or the like.
  • a service connection process and a command execution process according to the embodiment of the present invention will be described with reference to FIGS.
  • a service for connecting to a device and performing control and monitoring corresponding to the command is executed.
  • a process for executing various processes for the device which is a process that may have a different account from the service via the service to be executed, is executed.
  • a unique identifier is generated and output to the service.
  • the service inputs a unique identifier, sets a communication pipe with the process corresponding to the unique identifier, and performs communication while distinguishing between the processes.
  • the control unit 10 mainly executes a control program (not shown) stored in the storage unit 20 using hardware resources in cooperation with each unit.
  • the process execution unit 110 performs an identifier generation process.
  • the process execution unit 110 generates a unique identifier, for example, when starting execution or when connecting to a service, that is, when executing an application process.
  • this identifier is generated as a security identifier including a unique (unique) ID (Identification) that can distinguish each process.
  • a character string of several to several hundred characters including a common identifier that is a character string indicating the card reader 2 and a character string of an ID selected at random is set as a security identifier.
  • the security identifier includes, for example, a character string that distinguishes the control process from the status monitoring process. This security identifier can be set based on a value different from a GUID (Globally Unique Identifier) provided by the OS.
  • GUID Globally Unique Identifier
  • Step S102 the process execution unit 110 performs an identifier passing process.
  • the process execution unit 110 outputs and passes the security identifier to the service executed by the service execution unit 100 via the communication middleware.
  • Step S103 Next, the service execution unit 100 performs an inter-process communication pipe establishment process.
  • the service execution unit 100 inputs the transferred security identifier using an API of a COM interface provided by a service application of the service.
  • the service execution unit 100 sets (establishes) an inter-process communication pipe based on the ID included in the security identifier.
  • Step S104 the service execution unit 100 performs a communication pipe data transmission / reception process.
  • the service execution unit 100 starts transmitting and receiving data through the inter-process communication pipe.
  • the service execution unit 100 performs communication while distinguishing processes by a communication pipe corresponding to the security identifier.
  • commands and data can be transmitted and received between the process and the service, and between the control process and the state monitoring process, by inter-process communication.
  • Step S111 First, the process execution unit 110 performs an identifier command transmission process.
  • the process execution unit 110 executes a process of the application and transmits a command to the service. At this time, the process execution unit 110 transmits the command and the security identifier via the communication middleware.
  • Step S112 the service execution unit 100 performs an identifier pipe reply process.
  • the service execution unit 100 receives a command and a security identifier from a process by using the API of the COM interface of the service application and the communication middleware.
  • the command and the security identifier from the control process are received by the control command reception API.
  • Commands and security identifiers from the status monitoring process are received by the status monitoring command reception API.
  • the service execution unit 100 executes the processing of the command, transmits the command to the card reader 2 via the I / F unit 30 by the communication middleware, and receives a reply. After that, the service execution unit 100 transmits an execution result notification as reply data to the inter-process communication pipe of the identifier included in the command.
  • the service execution unit 100 since the service execution unit 100 establishes an inter-process communication pipe with a unique identifier for each process, the service execution unit 100 sends a notification of an execution result of executing a command received from a specific process to any process. Can be returned. Furthermore, when establishing communication between the process and the service, a unique identifier is generated. Therefore, even if a plurality of processes of the same application are activated, the service execution unit 100 determines which application should be communicated with. Thus, the execution result notification can be transmitted. With the above, the command execution processing according to the embodiment of the present invention ends.
  • connection between processes and processing of a command will be described with reference to FIG.
  • the connection between processes and the processing of a command will be described with reference to the specific example of FIG.
  • the service execution unit 100 separately executes the service S into a control thread and a state monitoring thread.
  • the command from each process is delivered by each API implemented by the COM interface provided by the service S.
  • a FIFO First-In First-Out Buffer
  • the control FIFO includes, for example, an IC deactivation command for the card medium 4, a SAM deactivation command for deactivating the SAM card of the card reader 2, a SAM communication command for performing communication with the SAM card, and activation of the SAM card.
  • a SAM activation command, an IC communication command, an IC activation command, etc. to be activated are stored.
  • the status notification FIFO stores a status notification command for notifying the card reader 2 of the status in order to mainly monitor the status of the card reader 2.
  • control command stored in the control FIFO is converted into a command to be transmitted to the card reader 2 by the control message conversion unit.
  • status notification command stored in the status notification FIFO is converted into a command transmitted to the card reader 2 by the status monitoring message converter.
  • an object for recording an exclusive right including a semaphore (mutex) or the like is prepared so that these commands are not transmitted at the same time, and the timing of the command is set by the transmission control unit, and the command is set via the I / F unit 30. And transmitted to the card reader 2.
  • the transmission control unit is controlled so that the operation command stored in the operation (control) FIFO is transmitted to the device with priority over the state notification command stored in the state (state notification) FIFO.
  • the command execution response (response) from the card reader is acquired by the transmission control unit via the I / F unit 30. Then, the control message conversion unit and the status monitoring message conversion unit transmit an execution result notification to the corresponding process via the inter-process communication pipe having an identifier unique to each process.
  • each process and the local server are, for example, a single unit such as an administrator account.
  • FIG. 6A shows an example in which a magnetic / IC card reader / writer control application process, a card issuing function control application process, and a local server process are executed as control processes.
  • a process for performing communication control as a local server for a single RS-232C communication cable
  • the local server a process for controlling a magnetic / IC card reader / writer, and a process for controlling a card issuing function are provided.
  • the plurality of processes can simultaneously control one device via the local server.
  • a process started in a session other than the session to which the local server belongs does not have the authority to access the local server beyond the session, and as a result, cannot be controlled by a plurality of processes.
  • FIG. 6B for example, there is a technical request that the control process be logged in with a guest account, executed in a session with user authority, and perform a transaction such as a card.
  • the device monitoring process and the local server are started with an administrator account, connection cannot be established through normal inter-process communication. At this time, a technique using a shared memory that can share information even in different sessions cannot be used for security.
  • the information processing system X is an information processing system including a higher-level device 1 and a card reader 2 that is an example of a device that executes a process according to an instruction from the higher-level device 1.
  • the host device 1 connects to the device and executes a service for performing control and monitoring corresponding to the command.
  • the host device 1 performs various processes on the device via the service executed by the service execution unit 100.
  • a process execution unit 110 that executes a process to be performed.
  • the process execution unit 110 generates a unique identifier when the process is executed, and outputs the generated identifier to a service.
  • the service execution unit 100 inputs the unique identifier, Set a communication pipe with the process corresponding to the unique identifier to distinguish and communicate between processes To.
  • a unique identifier is generated for each process, and a process-to-process communication pipe with the service is established to perform process-to-process communication, enabling connection between processes in different sessions without using a shared memory. It becomes. This makes it possible to control one device from a plurality of sessions. By executing each process with an account corresponding to each process, the security of the system can be improved, and the connection between each process having a different account and the service process can be ensured.
  • the host device 1 has a plurality of processes, including a control process for controlling a device and a status monitoring process for monitoring a status of the device.
  • the status monitoring process is executed by an account having a higher authority than the control process.
  • the control process and the status monitoring process are executed under different accounts, so that even if there is a device malfunction, there is no need to switch accounts and respond. .
  • the management cost can be reduced.
  • the status monitoring process is not hacked due to the vulnerability of the control process, and the security can be improved.
  • the service execution unit 100 stores a control FIFO that stores an operation command issued from a control process and a status notification command that is issued from a status monitoring process.
  • a status notification FIFO is transmitted, and the operation command stored in the control FIFO is transmitted to the device with priority over the status notification command stored in the status notification FIFO.
  • the host device 1 is characterized in that the process execution unit 110 receives an access from an external network and executes a process corresponding to the access with respect to the status monitoring process.
  • the status monitoring process can be accessed from the external server 3 that is constantly managed via the network 5 such as the Internet.
  • the state of the information processing system X can be grasped from the remote environment. For this reason, for example, even while the log or the like is being acquired, the operation of the ATM or the like can be continued with the guest account, and the operating rate of the ATM or the like can be improved and the cost can be reduced.
  • the status monitoring application acquires a warning to that effect based on the execution notification result of the status notification command, and notifies the server 3. Is also possible. This allows the administrator of the server 3 to notify the user of the forgetting to take it by remote control. As a result, security can be improved.
  • the status monitoring process remotely operable from the external network 5, for example, when a paper jam such as an ATM or a paper money jam occurs, a service person removes and checks the status, and as it is. The transaction using the card medium 4 can be continued. Thereby, inconvenience for the user can be reduced.
  • the host device 1 is characterized in that the service and the process include a common identifier used in common, and the process execution unit 110 outputs a unique identifier using the common identifier. .
  • the security can be further improved by using the common identifier.
  • An information processing system X is characterized in that an example of a device includes a card reader 2 that is a non-contact card reader. With this configuration, a highly secure service for the card medium 4 can be provided.
  • the information processing system X is applied to the card reader 2 that is a non-contact card reader as a control target.
  • the present invention can also be applied to a card reader for a contact type IC card and / or a magnetic card provided with a magnetic stripe, a printer for printing or engraving on the surface of a card medium, and the like.
  • the present invention is also applicable to a compound unit in which a plurality of devices are mounted as compound devices, such as a card issuing machine. As described above, it is possible to provide an information processing system that can be connected between processes in different sessions without using a shared memory in correspondence with various configurations.
  • the communication device may be configured to communicate with the device using various communication methods such as RS-232C, WiFi, and Bluetooth (registered trademark).
  • RS-232C radio access technology
  • WiFi wireless personal area network
  • Bluetooth registered trademark
  • the present invention can also be applied to a KIOSK terminal or the like.
  • the configuration can be applied to a flexible configuration.
  • the present invention is mainly applied to inter-process communication of Windows (registered trademark) OS, services, and the like.
  • the present invention can be similarly applied to inter-process communication in different sessions in an OS such as Linux (registered trademark), connection to a daemon (Daemon), and the like. With such a configuration, it can be applied to various OSs.
  • the security identifier is used as it is in the inter-process communication.
  • the identifier may be encrypted (hashed) using a public key included in the communication middleware, for example.
  • the service can be identified by decrypting the encrypted security identifier with a secret key included in the communication middleware in the service.
  • key data such as a common key can be used as the common identifier.
  • Reference Signs List 1 upper device 2 card reader 3 server 4 card medium 5 network 10 control unit 20 storage unit 30 I / F unit 40 display unit 50 input unit 100 service execution unit 110 process execution units P1, P2 control process PW status monitoring process S Service X, Z Information processing system

Abstract

Provided is an information processing system in which processes in different sessions are accessible to each other without using shared memory. A service execution unit 100 is connected to a device and executes a service for controlling and monitoring in correspondence to a command. A process execution unit 110 executes a process for performing various processes on the device through the service executed by the service execution unit 100. The process execution unit 110 generates a unique identifier upon execution of the process and outputs the identifier to the service. The service execution unit 100 receives the unique identifier, sets a pipe for communication with the process that corresponds to the unique identifier, and distinguishes the process and performs communication.

Description

情報処理システム、情報処理装置、及び情報処理方法Information processing system, information processing apparatus, and information processing method
 本発明は、情報処理システム、情報処理装置、及び情報処理方法に係り、特に複数のプロセスによる処理を実行する情報処理システム、情報処理装置、及び情報処理方法に関する。 The present invention relates to an information processing system, an information processing apparatus, and an information processing method, and more particularly, to an information processing system, an information processing apparatus, and an information processing method that execute processing by a plurality of processes.
 従来から、カードリーダ等のデバイスをRS-232C(シリアル)等の信号線で接続して、複数のプロセスにより処理する情報処理システムが存在する。
 たとえば、特許文献1に記載の情報処理システムは、上位装置(情報処理装置)において、RS-232Cに対して、通信制御を行うプロセスをローカルサーバ(ローカルサーバアプリケーションプログラム)として設けるように構成している。
 この特許文献1の情報処理システムでは、上位装置で実行される、他のアプリケーションプログラム(Application Program、以下、単に「アプリ」という。)を変更することなく、デバイスを制御する制御用プロセス間で、プロセス間通信を行うことができる。 2. Description of the Related Art Conventionally, there is an information processing system in which devices such as a card reader are connected by a signal line such as RS-232C (serial) and processed by a plurality of processes.
For example, the information processing system described in Patent Literature 1 is configured such that a process for performing communication control with respect to RS-232C is provided as a local server (local server application program) in an upper-level device (information processing device). I have.
In the information processing system of Patent Literature 1, a control process that controls a device without changing another application program (hereinafter simply referred to as an “app”) executed by a host device is performed. Interprocess communication can be performed.
特開2014-199484号公報JP 2014-199484 A
 ここで、セキュリティ上の観点から、ATMやKIOSK端末等の取引画面のプロセスをユーザ権限のアカウント(以下、「ユーザアカウント」という。)で実行し、カード等の取引を行わせたいという技術的な要求があった。一方、デバイス監視用のプロセスは管理者権限のアカウント(以下、「管理者アカウント」という。)で実行することが好適であった。
 しかしながら、特許文献1に記載されたようなローカルサーバは、通常、異なるアカウントで実行された場合、すなわちセッションが異なる場合、プロセス間通信による接続ができないという問題があった。このためにセッション間でデータを共有するための共有メモリを設定することは、セキュリティ上できなかった。 Here, from the viewpoint of security, there is a technical view that a process of a transaction screen of an ATM, a KIOSK terminal, or the like is executed by a user authority account (hereinafter, referred to as a “user account”), and a transaction of a card or the like is desired. There was a request. On the other hand, it is preferable to execute the device monitoring process using an account with administrator authority (hereinafter, referred to as “administrator account”).
However, the local server as described in Patent Literature 1 usually has a problem in that when executed under different accounts, that is, when sessions are different, connection by inter-process communication cannot be performed. For this reason, it was not possible to set a shared memory for sharing data between sessions in terms of security.
 本発明は、このような状況に鑑みてなされたものであり、上述の問題を解消し、共有メモリを介さずに、異なるセッションのプロセス間で接続可能な情報処理システムを提供することを目的とする。 The present invention has been made in view of such a situation, and an object of the present invention is to solve the above-described problem and to provide an information processing system that can be connected between processes in different sessions without using a shared memory. I do.
 本発明の情報処理システムは、上位装置と、該上位装置からの指示に従って処理を実行するデバイスとを含む情報処理システムであって、前記上位装置は、前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行するサービス実行部と、前記サービス実行部により実行される前記サービスを介して、前記デバイスに対する各種処理を行うプロセスを実行するプロセス実行部とを備え、前記プロセス実行部は、前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、前記サービス実行部は、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信することを特徴とする。
 このように構成することで、共有メモリを介さずに、異なるセッションのプロセス間で接続可能となる。 An information processing system according to the present invention is an information processing system including a higher-level device and a device that executes a process in accordance with an instruction from the higher-level device, wherein the higher-level device is connected to the device and performs control corresponding to a command. And a service execution unit that executes a service that performs monitoring, and a process execution unit that executes a process that performs various processes on the device via the service executed by the service execution unit. Generating a unique identifier at the time of execution of the process, outputting the unique identifier to the service, and inputting the unique identifier, and setting a communication pipe with the process corresponding to the unique identifier. The communication is performed by distinguishing the processes.
With this configuration, it is possible to connect between processes in different sessions without using a shared memory.
 本発明の情報処理システムは、前記プロセスは、複数であり、前記デバイスに対する制御を行う制御用プロセスと、前記デバイスの状態を監視する状態監視用プロセスとを含み、前記プロセス実行部は、前記状態監視用プロセスを、前記制御用プロセスよりも上位権限のアカウントで実行することを特徴とする。
 このように構成することで、デバイスの動作不具合等があった場合でも、アカウントを切り換えて対応等する必要がなくなる。 The information processing system of the present invention includes a plurality of the processes, a control process for controlling the device, and a status monitoring process for monitoring a status of the device. The monitoring process is executed by an account having a higher authority than the control process.
With this configuration, even when there is a malfunction of the device or the like, there is no need to switch accounts and take measures.
 本発明の情報処理システムは、前記サービス実行部は、前記制御用プロセスから発行される動作コマンドを格納する制御用FIFOと、前記状態監視用プロセスから発行される状態通知コマンドを格納する状態通知用FIFOとを含み、前記状態通知用FIFOに格納された前記状態通知コマンドより、前記制御用FIFOに格納された前記動作コマンドを優先して前記デバイスに送信することを特徴とする。
 このように構成することで、システムをスムーズに稼働できる。 In the information processing system according to the present invention, the service execution unit may include a control FIFO for storing an operation command issued from the control process, and a status notification for storing a status notification command issued from the status monitoring process. And the operation command stored in the control FIFO is transmitted to the device with priority over the status notification command stored in the status notification FIFO.
With this configuration, the system can operate smoothly.
 本発明の情報処理システムは、前記プロセス実行部は、前記状態監視用プロセスについて、外部ネットワークからのアクセスを受け付けて、前記アクセスに対応した処理を実行することを特徴とする。
 このように構成することで、遠隔環境から状態を把握することができる。 The information processing system according to the present invention is characterized in that the process execution unit receives an access from an external network for the status monitoring process and executes a process corresponding to the access.
With this configuration, the status can be grasped from a remote environment.
 本発明の情報処理システムは、前記サービス及び前記プロセスは、共通で使用される共通識別子を含み、前記プロセス実行部は、前記共通識別子を用いてユニークな識別子を出力することを特徴とする。
 このように構成することで、セキュリティ性を高めることができる。 The information processing system according to the present invention is characterized in that the service and the process include a common identifier used in common, and the process execution unit outputs a unique identifier using the common identifier.
With this configuration, security can be improved.
 本発明の情報処理システムは、前記デバイスは、非接触式カードリーダを含むことを特徴とする。
 このように構成することで、セキュリティ性の高いサービスを提供できる。 The information processing system according to the present invention is characterized in that the device includes a contactless card reader.
With this configuration, a highly secure service can be provided.
 本発明の情報処理装置は、デバイスに指示して処理を実行させる情報処理装置であって、前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行するサービス実行部と、前記サービス実行部により実行される前記サービスを介して、前記サービスとアカウントが異なっていてもよいプロセスであって、前記デバイスに対する各種処理を行う前記プロセスを実行するプロセス実行部とを備え、前記プロセス実行部は、前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、前記サービス実行部は、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信することを特徴とする。
 このように構成することで、共有メモリを介さずに、異なるセッションのプロセス間で接続可能となる。 An information processing apparatus according to the present invention is an information processing apparatus for instructing a device to execute a process, wherein the service execution unit is connected to the device and executes a service for performing control and monitoring corresponding to a command; A process that may be different from an account of the service via the service executed by the execution unit, the process execution unit performing the process of performing various processes on the device; and Generates a unique identifier at the time of execution of the process and outputs the unique identifier to the service.The service execution unit inputs the unique identifier, and establishes a communication pipe with the process corresponding to the unique identifier. It is characterized in that the process is set and the process is distinguished for communication.
With this configuration, it is possible to connect between processes in different sessions without using a shared memory.
 本発明の情報処理方法は、デバイスに指示して処理を実行させる情報処理装置により実行される情報処理方法であって、前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行し、実行される前記サービスを介して、前記サービスとアカウントが異なっていてもよいプロセスであって、前記デバイスに対する各種処理を行う前記プロセスを実行し、前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、前記サービスにより、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信することを特徴とする。
 このように構成することで、共有メモリを介さずに、異なるセッションのプロセス間で接続可能となる。 An information processing method according to the present invention is an information processing method executed by an information processing apparatus that instructs a device to execute a process, and executes a service for connecting to the device and performing control and monitoring corresponding to a command. Through the service to be executed, the service and the account may be different, the process performing various processes on the device is executed, and a unique identifier is generated when the process is executed. , Outputting to the service, inputting the unique identifier by the service, setting a communication pipe with the process corresponding to the unique identifier, and distinguishing and communicating the process. .
With this configuration, it is possible to connect between processes in different sessions without using a shared memory.
 本発明によれば、プロセスの実行時にユニークな識別子を生成して、サービスに出力し、サービスにおいて、当該ユニークな識別子に対応するプロセスとの通信用パイプを設定して、プロセスを区別して通信することで、共有メモリを介さずに、異なるセッションのプロセス間で接続可能な情報処理システムを提供することができる。 According to the present invention, when a process is executed, a unique identifier is generated and output to a service. In the service, a communication pipe with a process corresponding to the unique identifier is set, and the process is distinguished and communicated. This makes it possible to provide an information processing system that can be connected between processes in different sessions without using a shared memory.
図1は、本発明の実施の形態に係る情報処理システムのシステム構成図である。FIG. 1 is a system configuration diagram of an information processing system according to an embodiment of the present invention. 図2は、本発明の実施の形態に係る機能構成の一例を示すブロック図である。FIG. 2 is a block diagram illustrating an example of a functional configuration according to the embodiment of the present invention. 図3は、本発明の実施の形態に係るサービス接続処理のフローチャートである。FIG. 3 is a flowchart of the service connection process according to the embodiment of the present invention. 図4は、本発明の実施の形態に係るコマンド実行処理のフローチャートである。FIG. 4 is a flowchart of a command execution process according to the embodiment of the present invention. 図5は、本発明の実施の形態に係るプロセス間の接続及びコマンドの処理を説明するための概念図である。FIG. 5 is a conceptual diagram for explaining connection between processes and processing of a command according to the embodiment of the present invention. 図6(a)および図6(b)は、従来の情報処理システムにおけるプロセス間の接続について説明するための概念図である。FIGS. 6A and 6B are conceptual diagrams for explaining connection between processes in a conventional information processing system.
<実施の形態>
〔情報処理システムXのシステム構成〕
 図1を参照して、本発明の実施の形態に係る情報処理システムXの構成について説明する。情報処理システムXは、本実施形態においては、カード発行機能を備えたATM(Automated Teller Machine)、キオスク(Kiosk)端末、交通機関のチケット発行システム、コンビニエンスストア等のポイントカード発行システム、小売店のメンバーカード発行システム、遊技機のカード発行/支払システム、入退場管理システム等(以下、単に「ATM等」と省略して記載する。)である。 <Embodiment>
[System Configuration of Information Processing System X]
The configuration of the information processing system X according to the embodiment of the present invention will be described with reference to FIG. In this embodiment, the information processing system X includes an ATM (Automated Teller Machine) having a card issuing function, a kiosk terminal, a ticket issuing system for transportation, a point card issuing system such as a convenience store, and a retailer. A member card issuance system, a gaming machine card issuance / payment system, an entrance / exit management system, and the like (hereinafter simply abbreviated to "ATM or the like").
 情報処理システムXは、上位装置1、カードリーダ2、及びサーバ3を含んでいる。
 上位装置1とカードリーダ2とは、USB(Universal Serial Bus)等により接続されている。上位装置1とサーバ3とは、ネットワーク5を介して接続されている。 The information processing system X includes a host device 1, a card reader 2, and a server 3.
The host device 1 and the card reader 2 are connected by a USB (Universal Serial Bus) or the like. The host device 1 and the server 3 are connected via a network 5.
 上位装置1は、本実施形態においては、ATM等の各機能を実現するための情報処理装置である。具体的には、上位装置1は、例えば、ATM等の本体装置であり制御用のPC(Personal Computer)、タブレット端末、携帯電話等の制御演算装置を含み、情報処理システムXの機能を実現するためのアプリを実行する。本実施形態において、上位装置1は、制御対象のデバイスとしてカードリーダ2と接続される。これに加え、上位装置1は、ネットワーク5、各種の周辺機器等とも接続可能である。 In the present embodiment, the host device 1 is an information processing device for realizing each function such as ATM. Specifically, the host device 1 is, for example, a main device such as an ATM and includes a control arithmetic device such as a control PC (Personal Computer), a tablet terminal, and a mobile phone, and implements the function of the information processing system X. Run the app for: In the present embodiment, the host device 1 is connected to the card reader 2 as a device to be controlled. In addition, the host device 1 can also be connected to the network 5, various peripheral devices, and the like.
 カードリーダ2は、上位装置1の制御対象であり、カード媒体4を読み込み(リード)又は書き込み(ライト)可能なデバイスの一例である。本実施形態においては、カードリーダ2は、例えば、非接触式カードリーダである。この非接触式カードリーダは、カード媒体4をアンテナの箇所でかざすことにより、相互の通信が可能である。
 このため、カードリーダ2は、例えば、NFC(Near Field Communication)のRF(Radio Frequency)アンテナ、制御IC、LED(Light Emitting Diode)、ブザー等を含む。さらに、カードリーダ2は、カード媒体4のリードライトの暗号化、復号化等に用いるSAM(Secure Application Module)カードも内蔵可能である。本実施形態において、カードリーダ2と上位装置1との通信は、例えば、接続されているUSBケーブルにて行われる。この通信により、カード媒体4の情報の送受信、及びSAMカードの情報の送受信、カードリーダ2の状態の監視等が可能である。 The card reader 2 is a device to be controlled by the host device 1 and is an example of a device that can read (read) or write (write) the card medium 4. In the present embodiment, the card reader 2 is, for example, a contactless card reader. The non-contact card reader can communicate with each other by holding the card medium 4 over an antenna.
Therefore, the card reader 2 includes, for example, an NFC (Near Field Communication) RF (Radio Frequency) antenna, a control IC, an LED (Light Emitting Diode), a buzzer, and the like. Furthermore, the card reader 2 can also incorporate a SAM (Secure Application Module) card used for encrypting and decrypting read / write of the card medium 4. In the present embodiment, the communication between the card reader 2 and the host device 1 is performed by, for example, a connected USB cable. With this communication, it is possible to transmit and receive information on the card medium 4, transmit and receive information on the SAM card, monitor the state of the card reader 2, and the like.
 サーバ3は、いわゆる「クラウド」上のPCサーバ(Server)、イントラネット上のサーバ等である。サーバ3は、上位装置1を介してカードリーダ2の保守管理を行うことが可能である。このため、サーバ3は、後述するようにカードリーダ2の状態の監視を行う。 The server 3 is a PC server (Server) on a so-called “cloud”, a server on an intranet, or the like. The server 3 can perform maintenance management of the card reader 2 via the host device 1. Therefore, the server 3 monitors the state of the card reader 2 as described later.
 カード媒体4は、本実施形態においては、非接触型のICカードである。このカード媒体は、例えば、電磁誘導アンテナと、ROM(Read Only Memory)及びMPU(Micro Processing Unit)を含むICチップとを含んでいてもよい。 The card medium 4 is a non-contact type IC card in the present embodiment. This card medium may include, for example, an electromagnetic induction antenna and an IC chip including a ROM (Read Only Memory) and an MPU (Micro Processing Unit).
 ネットワーク5は、インターネットや携帯電話網等のWAN(Wide Area Network)、LAN(Local Area Network)のIPネットワーク等である。 The network 5 is a WAN (Wide Area Network) such as the Internet or a mobile phone network, or a LAN (Local Area Network) IP network.
 より具体的に説明すると、上位装置1は、制御部10、記憶部20、I/F部30、表示部40、及び入力部50を含んで構成される。 More specifically, the host device 1 includes a control unit 10, a storage unit 20, an I / F unit 30, a display unit 40, and an input unit 50.
 制御部10は、MPU(Micro Processing Unit)、GPU(Graphics Processing Unit)、DSP(Digital Signal Processor)、ASIC(Application Specific Integrated Circuit)等を含む制御演算手段である。 The control unit 10 is control arithmetic means including an MPU (Micro Processing Unit), a GPU (Graphics Processing Unit), a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), and the like.
 記憶部20は、RAM(Random Access Memory )、フラッシュメモリ(Flash Memory)等を含むROM、SSD(Solid State Drive)、HDD(Hard Disk Drive)等の一時的でない記録媒体である。 The storage unit 20 is a non-temporary recording medium such as a ROM (Random Access Memory), a ROM including a flash memory (Flash Memory), a solid state drive (SSD), and a hard disk drive (HDD).
 I/F部30は、外部の機器と接続するためのチップセット(Chipset)、I/O(Input / Output)等の回路及びインターフェイスである。I/F部30は、例えば、デバイスや周辺機器と接続するためのUSB等の汎用シリアルインターフェイス、パラレルインターフェイス、デジタルビデオインターフェイス等を含んでいる。加えて、I/F部30は、ネットワーク5に接続するためのネットワークインターフェイスも含んでいる。 The I / F unit 30 is a circuit such as a chipset (Chipset) for connecting to an external device, an I / O (Input イ ン タ ー フ ェ イ ス / Output), and an interface. The I / F unit 30 includes, for example, a general-purpose serial interface such as USB for connecting to devices and peripheral devices, a parallel interface, a digital video interface, and the like. In addition, the I / F unit 30 includes a network interface for connecting to the network 5.
 表示部40は、LCD(Liquid Crystal Display)パネルや有機ELパネル等のディスプレイである。表示部40には、ATM等の画面が表示される。これに加えて、本実施形態においては、表示部40に、別途、管理者用の管理画面を表示させることも可能である。 The display unit 40 is a display such as an LCD (Liquid Crystal Display) panel or an organic EL panel. The display unit 40 displays a screen such as an ATM. In addition, in the present embodiment, it is also possible to display a management screen for the administrator on the display unit 40 separately.
 入力部50は、タッチパネル及び各種ボタン等である。このタッチパネルは、表示部40と一体的に形成されていてもよい。
 入力部50は、ATM等のユーザにより入力された情報を取得する。これに加え、本実施形態においては、入力部50は、別途、管理者による保守管理の指示の情報を取得することも可能である。 The input unit 50 is a touch panel, various buttons, and the like. This touch panel may be formed integrally with the display unit 40.
The input unit 50 acquires information input by a user such as an ATM. In addition, in the present embodiment, the input unit 50 can separately acquire information on a maintenance management instruction from the administrator.
〔情報処理システムXの機能構成〕
 次に、図2により、情報処理システムXの機能構成について説明する。
 本実施形態の情報処理システムXの上位装置1は、カードリーダ2を制御及び監視し、サーバ3との接続を行うための機能構成として、サービス実行部100及びプロセス実行部110を備えている。 [Functional configuration of information processing system X]
Next, a functional configuration of the information processing system X will be described with reference to FIG.
The host device 1 of the information processing system X of the present embodiment includes a service execution unit 100 and a process execution unit 110 as a functional configuration for controlling and monitoring the card reader 2 and connecting to the server 3.
 サービス実行部100は、デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行する。このサービスは、実際のカードリーダ2との通信の送受信を行う。
 加えて、本実施形態においては、サービス実行部100は、ユニークな識別子を入力し、当該ユニークな識別子に対応するプロセスとの通信用パイプを設定して、プロセスを区別して通信する。 The service execution unit 100 connects to a device and executes a service for performing control and monitoring corresponding to a command. This service sends and receives communication with the actual card reader 2.
In addition, in the present embodiment, the service execution unit 100 inputs a unique identifier, sets a communication pipe with a process corresponding to the unique identifier, and performs communication while distinguishing between the processes.
 具体的には、本実施形態のサービスは、例えば、Windows(登録商標)OS(Operating System)のサービスとして構成されたローカルサーバである。このため、サービス実行部100は、OSのサービス用の特殊なアカウントであるシステムアカウントでサービスのプロセスを実行する。これにより、サービスは、OS起動時に通常のアプリよりも先行して起動され、実行される。このため、管理者やゲストアカウントのセッション等で起動されるアプリのプロセスから、任意のタイミングで常時アクセス可能となる。 {Specifically, the service of this embodiment is, for example, a local server configured as a Windows (registered trademark) OS (Operating System) service. Therefore, the service execution unit 100 executes a service process using a system account, which is a special account for an OS service. As a result, the service is started and executed prior to the normal application when the OS is started. For this reason, it is possible to always access at an arbitrary timing from an application process started in an administrator or a guest account session.
 図2の具体例によれば、サービス実行部100は、サービスSを実行する。このサービスSは、例えば、カードリーダ2のデバイスドライバとしてインストールされ、サービスアプリと、通信用ミドルウェアとを含んでいる。サービスアプリは、サービスとして、API(Application Programming Interface)を提供し、各プロセスとの間での通信を行う。通信用ミドルウェアは、APIに対応したカードリーダ2との実際の制御を行う。 According to the specific example of FIG. 2, the service execution unit 100 executes the service S. The service S is installed as a device driver of the card reader 2, for example, and includes a service application and communication middleware. The service application provides an API (Application \ Programming \ Interface) as a service and performs communication with each process. The communication middleware performs actual control with the card reader 2 corresponding to the API.
 プロセス実行部110は、サービス実行部100により実行されるサービスを介して、デバイスに対する各種処理を行うプロセスを実行する。本実施形態において、このプロセスは、複数であり、制御用プロセスと、状態監視用プロセスとを含む。制御用プロセスは、デバイスに対する制御を行い、例えば、ATM等の取引画面を介してデバイスを制御するプロセスである。状態監視用プロセスは、状態通知コマンド等を介して、デバイスの状態を監視する。ここで、プロセス実行部110は、状態監視用プロセスについては、制御用プロセスよりも上位権限のアカウントで実行する。本実施形態では、プロセス実行部110は、この状態監視用プロセスを、管理者アカウントで実行する。
 加えて、本実施形態においては、プロセス実行部110は、プロセスの実行時にユニークな識別子を生成して、サービスに出力する。このユニークな識別子は、共通で使用される共通識別子を含む。この共通識別子は、カードリーダ2に関連するプロセスであることを認識させ得る文字列等を含む。プロセス実行部110は、この共通識別子を用いて、上述のユニークな識別子を出力する。 The process execution unit 110 executes a process for performing various processes on a device via a service executed by the service execution unit 100. In the present embodiment, this process is plural, and includes a control process and a state monitoring process. The control process is a process for controlling the device, for example, controlling the device via a transaction screen such as an ATM. The status monitoring process monitors the status of the device via a status notification command or the like. Here, the process execution unit 110 executes the status monitoring process with an account having a higher authority than the control process. In the present embodiment, the process execution unit 110 executes this status monitoring process with an administrator account.
In addition, in the present embodiment, the process execution unit 110 generates a unique identifier when the process is executed, and outputs the generated unique identifier to the service. This unique identifier includes a common identifier used in common. This common identifier includes a character string or the like that can be recognized as a process related to the card reader 2. The process execution unit 110 outputs the above-described unique identifier using the common identifier.
 図2の具体例によれば、プロセス実行部110は、制御用プロセスP1、制御用プロセスP2、状態監視用プロセスPWをそれぞれ実行する。 According to the specific example of FIG. 2, the process execution unit 110 executes the control process P1, the control process P2, and the status monitoring process PW.
 制御用プロセスP1は、非接触カード制御用アプリと、通信用ミドルウェアとを含んでいる。非接触カード制御用アプリは、ATM等の機能に対応して、通信用ミドルウェアを介して、コマンドをサービスSに送信し、コマンドの実行結果を取得する。このコマンドは、カードリーダ2に対し、カード媒体4のリードライトの待機、LEDの点灯、ブザー制御等である。通信用ミドルウェアは、この上述のサービスS用のAPIに対応したコマンドを送信し、サービスから実行結果通知等のデータを受信する。 The control process P1 includes a contactless card control application and communication middleware. The contactless card control application transmits a command to the service S via the communication middleware and obtains an execution result of the command, corresponding to a function such as an ATM. This command is for the card reader 2 to wait for reading / writing of the card medium 4, turning on the LED, controlling the buzzer, and the like. The communication middleware transmits a command corresponding to the API for the service S, and receives data such as an execution result notification from the service.
 制御用プロセスP2は、SAMカードアプリと、通信用ミドルウェアとを含んでいる。SAMカードアプリは、SAMカード通信コマンド等について、通信用ミドルウェアを介して送受信する。
 ここで、プロセス実行部110は、制御用プロセスP1、制御用プロセスP2を、ゲスト用のユーザアカウントであるゲストアカウントにて実行する。 The control process P2 includes a SAM card application and communication middleware. The SAM card application transmits and receives SAM card communication commands and the like via communication middleware.
Here, the process execution unit 110 executes the control process P1 and the control process P2 with a guest account which is a guest user account.
 さらに、状態監視用プロセスPWは、状態監視用アプリと、通信用ミドルウェアとを含んでいる。状態監視用アプリは、通信用ミドルウェアを介してサービスSと接続し、USBとの通信状況、カードリーダ2の状態の監視等を行う。加えて、状態監視用アプリは、上位装置1に接続された周辺機器の状態も監視可能である。さらに、状態監視用アプリは、サーバ3と接続する通信機能を含んでいる。
 ここで、プロセス実行部110は、状態監視用プロセスPWについては、管理者アカウントで実行する。 Further, the status monitoring process PW includes a status monitoring application and communication middleware. The status monitoring application connects to the service S via the communication middleware, and monitors the status of communication with the USB, the status of the card reader 2, and the like. In addition, the status monitoring application can also monitor the status of peripheral devices connected to the host device 1. Further, the status monitoring application includes a communication function for connecting to the server 3.
Here, the process execution unit 110 executes the status monitoring process PW with an administrator account.
 ここで、制御部10は、記憶部20に格納された制御プログラムを実行することで、サービス実行部100及びプロセス実行部110として機能させられる。
 また、上述の上位装置1の各部は、本発明の制御プログラム及び情報処理方法を実行するハードウェア資源となる。
 なお、上述の機能構成の一部又は任意の組み合わせをICやプログラマブルロジックやFPGA(Field-Programmable Gate Array)等でハードウェア的に構成してもよい。 Here, the control unit 10 functions as the service execution unit 100 and the process execution unit 110 by executing the control program stored in the storage unit 20.
Also, each unit of the above-described higher-level device 1 is a hardware resource that executes the control program and the information processing method of the present invention.
Note that a part or an arbitrary combination of the above-described functional configurations may be configured as hardware using an IC, a programmable logic, an FPGA (Field-Programmable Gate Array), or the like.
〔サービス接続処理及びコマンド実行処理〕
 次に、図3~図5により、本発明の実施の形態に係るサービス接続処理及びコマンド実行処理について説明する。
 本実施形態のサービス接続処理及びコマンド実行処理では、デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行する。この上で、実行されるサービスを介して、サービスとアカウントが異なっていてもよいプロセスであって、デバイスに対する各種処理を行うプロセスを実行する。この際、プロセスの実行時にユニークな識別子を生成して、サービスに出力する。そして、サービスにより、ユニークな識別子を入力し、当該ユニークな識別子に対応するプロセスとの通信用パイプを設定して、プロセスを区別して通信する。
 本実施形態のこれらの処理は、主に制御部10が、記憶部20に記憶された制御プログラム(図示せず)を、各部と協働し、ハードウェア資源を用いて実行する。 [Service connection processing and command execution processing]
Next, a service connection process and a command execution process according to the embodiment of the present invention will be described with reference to FIGS.
In the service connection processing and the command execution processing according to the present embodiment, a service for connecting to a device and performing control and monitoring corresponding to the command is executed. Then, a process for executing various processes for the device, which is a process that may have a different account from the service via the service to be executed, is executed. At this time, when the process is executed, a unique identifier is generated and output to the service. Then, the service inputs a unique identifier, sets a communication pipe with the process corresponding to the unique identifier, and performs communication while distinguishing between the processes.
In the processing of the present embodiment, the control unit 10 mainly executes a control program (not shown) stored in the storage unit 20 using hardware resources in cooperation with each unit.
 まず、図3により、本実施形態のサービス接続処理をステップ毎に説明する。 First, the service connection process of the present embodiment will be described step by step with reference to FIG.
(ステップS101)
 プロセス実行部110が、識別子生成処理を行う。
 プロセス実行部110は、例えば、実行開始の際やサービスに接続する際、すなわちアプリのプロセスの実行時に、ユニークな識別子を生成する。本実施形態においては、この識別子は、各プロセスを区別可能となるユニークな(固有)ID(Identification)を含むセキュリティ識別子として生成される。具体的には、例えば、カードリーダ2を示す文字列である共通識別子と、ランダムに選択されたIDの文字列とを含む数文字~数百文字程度の文字列が、セキュリティ識別子として設定される。
 加えて、このセキュリティ識別子は、例えば、制御用プロセスと状態監視用プロセスとを区別する文字列を含んでいる。このセキュリティ識別子は、OSが提供するGUID(Globally Unique Identifier)とは異なる値を基に設定可能である。 (Step S101)
The process execution unit 110 performs an identifier generation process.
The process execution unit 110 generates a unique identifier, for example, when starting execution or when connecting to a service, that is, when executing an application process. In the present embodiment, this identifier is generated as a security identifier including a unique (unique) ID (Identification) that can distinguish each process. Specifically, for example, a character string of several to several hundred characters including a common identifier that is a character string indicating the card reader 2 and a character string of an ID selected at random is set as a security identifier. .
In addition, the security identifier includes, for example, a character string that distinguishes the control process from the status monitoring process. This security identifier can be set based on a value different from a GUID (Globally Unique Identifier) provided by the OS.
(ステップS102)
 次に、プロセス実行部110が、識別子引き渡し処理を行う。
 本実施形態においては、プロセス実行部110は、通信用ミドルウェアを介して、セキュリティ識別子を、サービス実行部100が実行するサービスに出力して引き渡す。 (Step S102)
Next, the process execution unit 110 performs an identifier passing process.
In the present embodiment, the process execution unit 110 outputs and passes the security identifier to the service executed by the service execution unit 100 via the communication middleware.
(ステップS103)
 次に、サービス実行部100が、プロセス間通信パイプ確立処理を行う。
 サービス実行部100は、サービスのサービスアプリにより提供されるCOMインターフェイスのAPIで、引き渡されたセキュリティ識別子を入力する。この際、サービス実行部100は、セキュリティ識別子に含まれるIDを基に、プロセス間通信用パイプを設定(確立)する。 (Step S103)
Next, the service execution unit 100 performs an inter-process communication pipe establishment process.
The service execution unit 100 inputs the transferred security identifier using an API of a COM interface provided by a service application of the service. At this time, the service execution unit 100 sets (establishes) an inter-process communication pipe based on the ID included in the security identifier.
(ステップS104)
 次に、サービス実行部100が、通信パイプデータ送受信処理を行う。
 サービス実行部100は、プロセス間通信パイプにてデータの送受信を開始する。サービス実行部100は、セキュリティ識別子に対応する通信用パイプにより、プロセスを区別して通信する。これにより、セッションが異なっていても、プロセス間通信により、プロセスとサービスとの間、制御用プロセスと状態監視用プロセスとの間でコマンド及びデータを送受信可能となる。
 以上により、本発明の実施の形態に係るサービス接続処理を終了する。 (Step S104)
Next, the service execution unit 100 performs a communication pipe data transmission / reception process.
The service execution unit 100 starts transmitting and receiving data through the inter-process communication pipe. The service execution unit 100 performs communication while distinguishing processes by a communication pipe corresponding to the security identifier. Thus, even if the sessions are different, commands and data can be transmitted and received between the process and the service, and between the control process and the state monitoring process, by inter-process communication.
With the above, the service connection processing according to the embodiment of the present invention ends.
 次に、図4により、本実施形態のコマンド実行処理をステップ毎に説明する。 Next, the command execution process of this embodiment will be described step by step with reference to FIG.
(ステップS111)
 まず、プロセス実行部110が、識別子コマンド送信処理を行う。
 プロセス実行部110は、アプリのプロセスを実行してサービスにコマンドを送信する。この際、プロセス実行部110は、コマンドとセキュリティ識別子とを、通信用ミドルウェアを介して送信する。 (Step S111)
First, the process execution unit 110 performs an identifier command transmission process.
The process execution unit 110 executes a process of the application and transmits a command to the service. At this time, the process execution unit 110 transmits the command and the security identifier via the communication middleware.
(ステップS112)
 次に、サービス実行部100が、識別子パイプ返答処理を行う。
 サービス実行部100は、サービスアプリ及び通信用ミドルウェアのCOMインターフェイスのAPIにより、プロセスからコマンド及びセキュリティ識別子を受信する。図5の例では、サービスSのサービスアプリ及び通信用ミドルウェアにおいて、制御用プロセスからのコマンド及びセキュリティ識別子は、制御用コマンド受付APIにて受信する。状態監視用プロセスからのコマンド及びセキュリティ識別子は、状態監視用コマンド受付APIにて受信する。 (Step S112)
Next, the service execution unit 100 performs an identifier pipe reply process.
The service execution unit 100 receives a command and a security identifier from a process by using the API of the COM interface of the service application and the communication middleware. In the example of FIG. 5, in the service application of the service S and the communication middleware, the command and the security identifier from the control process are received by the control command reception API. Commands and security identifiers from the status monitoring process are received by the status monitoring command reception API.
 サービス実行部100は、コマンドの処理を実行して、通信用ミドルウェアにより、I/F部30を介してカードリーダ2にコマンドを送信し、返答を受信する。
 その後、サービス実行部100は、コマンドに含まれる識別子のプロセス間通信用パイプに、返答データとして実行結果通知を送信する。 The service execution unit 100 executes the processing of the command, transmits the command to the card reader 2 via the I / F unit 30 by the communication middleware, and receives a reply.
After that, the service execution unit 100 transmits an execution result notification as reply data to the inter-process communication pipe of the identifier included in the command.
 このように、サービス実行部100は、各プロセスにユニークな識別子のプロセス間通信用パイプを確立しているため、特定のプロセスから受け取ったコマンドの処理を実行した実行結果通知を、どのプロセスに処理を返却するかを判断することができる。
 さらに、プロセスとサービスとの通信を確立させる際、ユニークな識別子を生成しているため、同じアプリのプロセスが複数起動されたとしても、サービス実行部100は、どのアプリと通信をすべきか判断して、実行結果通知を送信可能となる。
 以上により、本発明の実施の形態に係るコマンド実行処理を終了する。 As described above, since the service execution unit 100 establishes an inter-process communication pipe with a unique identifier for each process, the service execution unit 100 sends a notification of an execution result of executing a command received from a specific process to any process. Can be returned.
Furthermore, when establishing communication between the process and the service, a unique identifier is generated. Therefore, even if a plurality of processes of the same application are activated, the service execution unit 100 determines which application should be communicated with. Thus, the execution result notification can be transmitted.
With the above, the command execution processing according to the embodiment of the present invention ends.
〔プロセス間の接続及びコマンドの処理〕
 次に、図5により、本発明の実施の形態に係るプロセス間の接続及びコマンドの処理の具体例について説明する。
 図5の具体例により、プロセス間の接続及びコマンドの処理について説明する。
 本実施形態のサービス実行部100は、サービスSについて、制御用スレッドと、状態監視用スレッドとに分けて実行する。上述したように、各プロセスからのコマンドは、サービスSが提供するCOMインターフェイスで実装されている各APIにて引き渡される。 [Connection between processes and command processing]
Next, a specific example of connection between processes and processing of a command according to the embodiment of the present invention will be described with reference to FIG.
The connection between processes and the processing of a command will be described with reference to the specific example of FIG.
The service execution unit 100 according to the present embodiment separately executes the service S into a control thread and a state monitoring thread. As described above, the command from each process is delivered by each API implemented by the COM interface provided by the service S.
 この上で、このサービスSのスレッド毎にFIFO(First-In First Out Buffer)が記憶部20に確保され、コマンドが蓄積される。具体的には、制御用プロセスから発行される動作コマンドを格納する制御用FIFOと、状態監視用プロセスから発行される状態通知コマンドを格納する状態通知用FIFOとが確保される。
 制御用FIFOには、例えば、カード媒体4のIC非活性化コマンド、カードリーダ2のSAMカードを非活性化するSAM非活性化コマンド、SAMカードとの通信を行うSAM通信コマンド、SAMカードを活性化するSAM活性化コマンド、IC通信コマンド、IC活性化コマンド等を格納する。
 状態通知用FIFOには、主にカードリーダ2の状態監視を行うため、カードリーダ2に状態を通知させる状態通知コマンドが格納される。 Then, a FIFO (First-In First-Out Buffer) is secured in the storage unit 20 for each thread of the service S, and commands are accumulated. Specifically, a control FIFO for storing operation commands issued from the control process and a status notification FIFO for storing status notification commands issued from the status monitoring process are secured.
The control FIFO includes, for example, an IC deactivation command for the card medium 4, a SAM deactivation command for deactivating the SAM card of the card reader 2, a SAM communication command for performing communication with the SAM card, and activation of the SAM card. A SAM activation command, an IC communication command, an IC activation command, etc. to be activated are stored.
The status notification FIFO stores a status notification command for notifying the card reader 2 of the status in order to mainly monitor the status of the card reader 2.
 制御用FIFOに格納された制御用コマンドは、制御用電文変換部により、カードリーダ2へ送信されるコマンドに変換される。同様に、状態通知用FIFOに格納された状態通知コマンドは、状態監視用電文変換部により、カードリーダ2へ送信されるコマンドに変換される。 The control command stored in the control FIFO is converted into a command to be transmitted to the card reader 2 by the control message conversion unit. Similarly, the status notification command stored in the status notification FIFO is converted into a command transmitted to the card reader 2 by the status monitoring message converter.
 この上で、同時にこれらのコマンドが送信されないように、セマフォ(mutex)等を含む排他権記録用オブジェクトが用意され、送信制御部により、コマンドがタイミングを設定されて、I/F部30を介して、カードリーダ2に送信される。この際、送信制御部により、状態(状態通知用)FIFOに格納された状態通知コマンドより、動作(制御用)FIFOに格納された動作コマンドが、優先してデバイスに送信されるように制御される。 Then, an object for recording an exclusive right including a semaphore (mutex) or the like is prepared so that these commands are not transmitted at the same time, and the timing of the command is set by the transmission control unit, and the command is set via the I / F unit 30. And transmitted to the card reader 2. At this time, the transmission control unit is controlled so that the operation command stored in the operation (control) FIFO is transmitted to the device with priority over the state notification command stored in the state (state notification) FIFO. You.
 カードリーダからのコマンド実行のレスポンス(返答)は、I/F部30を介して、送信制御部により取得される。この上で、制御用電文変換部及び状態監視用電文変換部により、各プロセスにユニークな識別子のプロセス間通信用パイプを介して、対応するプロセスへ実行結果通知が送信される。 The command execution response (response) from the card reader is acquired by the transmission control unit via the I / F unit 30. Then, the control message conversion unit and the status monitoring message conversion unit transmit an execution result notification to the corresponding process via the inter-process communication pipe having an identifier unique to each process.
〔本実施形態の主な効果〕
 以上のように構成することで、以下のような効果を得ることができる。
 従来、特許文献1に記載されたような情報処理システムでは、異なるアカウントで実行された、すなわちセッションが異なる場合、プロセス間通信によるプロセス同士のパイプ等の接続ができなかった。
 具体的に、図6(a)および図6(b)を参照して説明すると、従来の情報処理システムZの上位装置では、各プロセスとローカルサーバとは、例えば、管理者アカウントのような単一のアカウントで実行されていた。図6(a)には、制御用プロセスとして、磁気・ICカードリーダライタ制御用アプリのプロセス、カード発行機能制御用アプリのプロセス、及びローカルサーバのプロセスが実行されている例を示す。すなわち、単一のRS-232C通信ケーブルに対して、通信制御を行うプロセスをローカルサーバとして設けることにより、このローカルサーバと、磁気・ICカードリーダライタ制御用プロセス、及びカード発行機能制御用プロセスとのプロセス間通信を行う構成となっている。複数のプロセスがローカルサーバと同一のセッション内にある場合、このローカルサーバを介して、複数のプロセスが同時に一つのデバイスに対して制御を行うことができる。 [Main effects of the present embodiment]
With the above configuration, the following effects can be obtained.
Conventionally, in an information processing system as described in Patent Literature 1, when executed under different accounts, that is, when sessions are different, it is not possible to connect pipes or the like between processes by inter-process communication.
More specifically, referring to FIGS. 6A and 6B, in the higher-level device of the conventional information processing system Z, each process and the local server are, for example, a single unit such as an administrator account. Was running under one account. FIG. 6A shows an example in which a magnetic / IC card reader / writer control application process, a card issuing function control application process, and a local server process are executed as control processes. That is, by providing a process for performing communication control as a local server for a single RS-232C communication cable, the local server, a process for controlling a magnetic / IC card reader / writer, and a process for controlling a card issuing function are provided. Is configured to perform inter-process communication. When a plurality of processes are in the same session as the local server, the plurality of processes can simultaneously control one device via the local server.
 しかしながら、ローカルサーバが属するセッション以外で起動されたプロセスは、ローカルサーバにセッションを超えてアクセスするための権限がなく、結果的に複数のプロセスから制御をすることができなかった。
 図6(b)によると、例えば、制御用プロセスがゲストアカウントでログインされ、ユーザ権限のセッションで実行され、カード等の取引を行いたいという技術的要求があった。しかしながら、デバイス監視用プロセス及びローカルサーバを管理者アカウントで起動すると、通常のプロセス間通信では接続不可能となっていた。この際、セッションが異なっても情報を共有可能な共有メモリを用いる手法については、セキュリティ上、用いることができなかった。 However, a process started in a session other than the session to which the local server belongs does not have the authority to access the local server beyond the session, and as a result, cannot be controlled by a plurality of processes.
According to FIG. 6B, for example, there is a technical request that the control process be logged in with a guest account, executed in a session with user authority, and perform a transaction such as a card. However, when the device monitoring process and the local server are started with an administrator account, connection cannot be established through normal inter-process communication. At this time, a technique using a shared memory that can share information even in different sessions cannot be used for security.
 これに対して、本発明の実施の形態に係る情報処理システムXは、上位装置1と、上位装置1からの指示に従って処理を実行するデバイスの一例であるカードリーダ2とを含む情報処理システムであって、上位装置1は、デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行するサービス実行部100と、サービス実行部100により実行されるサービスを介して、デバイスに対する各種処理を行うプロセスを実行するプロセス実行部110とを備え、プロセス実行部110は、プロセスの実行時にユニークな識別子を生成して、サービスに出力し、サービス実行部100は、ユニークな識別子を入力し、当該ユニークな識別子に対応するプロセスとの通信用パイプを設定して、プロセスを区別して通信することを特徴とする。
 このように構成し、プロセス毎にユニークな識別子を生成し、サービスとのプロセス間通信パイプを確立させてプロセス間通信を行うことで、共有メモリを介さずに、異なるセッションのプロセス間でも接続可能となる。これにより、複数のセッションから一つのデバイスを制御することが可能となる。各プロセスに対応したアカウントで各プロセスを実行することで、システムのセキュリティ性を向上できるとともにアカウントの異なる各プロセスとサービスのプロセスとの接続を確保できる。 On the other hand, the information processing system X according to the embodiment of the present invention is an information processing system including a higher-level device 1 and a card reader 2 that is an example of a device that executes a process according to an instruction from the higher-level device 1. The host device 1 connects to the device and executes a service for performing control and monitoring corresponding to the command. The host device 1 performs various processes on the device via the service executed by the service execution unit 100. And a process execution unit 110 that executes a process to be performed. The process execution unit 110 generates a unique identifier when the process is executed, and outputs the generated identifier to a service. The service execution unit 100 inputs the unique identifier, Set a communication pipe with the process corresponding to the unique identifier to distinguish and communicate between processes To.
With this configuration, a unique identifier is generated for each process, and a process-to-process communication pipe with the service is established to perform process-to-process communication, enabling connection between processes in different sessions without using a shared memory. It becomes. This makes it possible to control one device from a plurality of sessions. By executing each process with an account corresponding to each process, the security of the system can be improved, and the connection between each process having a different account and the service process can be ensured.
 さらに、アプリとサービスとの通信を確立させる際、その都度、ユニークな識別子を生成するため、同一プロセスが複数起動されたとしても、サービスが各プロセスを識別できる。これにより、サービスが、どのプロセスと通信をすべきか、容易に判断することができる。 Furthermore, when establishing communication between the application and the service, a unique identifier is generated each time, so that even if a plurality of the same processes are started, the service can identify each process. This makes it easy to determine which process the service should communicate with.
 本発明の実施の形態に係る上位装置1は、プロセスは、複数であり、デバイスに対する制御を行う制御用プロセスと、デバイスの状態を監視する状態監視用プロセスとを含み、プロセス実行部110は、状態監視用プロセスを、制御用プロセスよりも上位権限のアカウントで実行することを特徴とする。
 このように構成し、複数のプロセスについて、制御用プロセスと状態監視用プロセスとでは異なるアカウントで実行することで、デバイスの動作不具合等があった場合でも、アカウントを切り換えて対応等する必要がなくなる。すなわち、ATM等の不具合をユーザから通知された場合、ゲストアカウントのセッションをログアウトしてATM等の取引を停止し、管理者権限でデバイスの監視処理等を行うアプリを起動するという手順を行う必要がなくなる。これにより、管理コストを低減できる。
 また、状態監視用プロセスを、制御用プロセスよりも上位権限のアカウントで実行することで、制御用プロセスの脆弱性等により状態監視用プロセスをハッキング等されることがなくなり、セキュリティを向上させられる。 The host device 1 according to the embodiment of the present invention has a plurality of processes, including a control process for controlling a device and a status monitoring process for monitoring a status of the device. The status monitoring process is executed by an account having a higher authority than the control process.
With this configuration, for a plurality of processes, the control process and the status monitoring process are executed under different accounts, so that even if there is a device malfunction, there is no need to switch accounts and respond. . In other words, when the user is notified of a failure such as an ATM, it is necessary to log out of the guest account session, stop the transaction of the ATM, etc., and start an application for performing device monitoring processing or the like with administrator authority. Disappears. Thereby, the management cost can be reduced.
Further, by executing the status monitoring process with an account having a higher authority than the control process, the status monitoring process is not hacked due to the vulnerability of the control process, and the security can be improved.
 本発明の実施の形態に係る上位装置1は、サービス実行部100は、制御用プロセスから発行される動作コマンドを格納する制御用FIFOと、状態監視用プロセスから発行される状態通知コマンドを格納する状態通知用FIFOとを含み、状態通知用FIFOに格納された状態通知コマンドより、制御用FIFOに格納された動作コマンドを優先してデバイスに送信することを特徴とする。
 このように構成することで、情報処理システムXをスムーズに稼働できる。すなわち、制御を停滞させずに、状態監視を行うことが可能となる。また、状態監視の負担により、ATM等の取引が誤動作したり、セキュリティリスクが生じたりすることを防ぐことができる。 In the higher-level device 1 according to the embodiment of the present invention, the service execution unit 100 stores a control FIFO that stores an operation command issued from a control process and a status notification command that is issued from a status monitoring process. A status notification FIFO is transmitted, and the operation command stored in the control FIFO is transmitted to the device with priority over the status notification command stored in the status notification FIFO.
With this configuration, the information processing system X can operate smoothly. That is, it is possible to perform state monitoring without stopping control. Further, it is possible to prevent a transaction such as an ATM from malfunctioning or generating a security risk due to a burden of state monitoring.
 本発明の実施の形態に係る上位装置1は、プロセス実行部110は、状態監視用プロセスについて、外部ネットワークからのアクセスを受け付けて、アクセスに対応した処理を実行することを特徴とする。
 このように構成することで、状態監視用プロセスに対して、インターネット等のネットワーク5を介して常時管理している外部のサーバ3からアクセス可能となる。これにより、遠隔環境から情報処理システムXの状態を把握できる。
 このため、例えば、ログ等を取得している間にも、ゲストアカウントでATM等を稼働させ続けることができ、ATM等の稼働率を向上させてコストを低減できる。 The host device 1 according to the embodiment of the present invention is characterized in that the process execution unit 110 receives an access from an external network and executes a process corresponding to the access with respect to the status monitoring process.
With this configuration, the status monitoring process can be accessed from the external server 3 that is constantly managed via the network 5 such as the Internet. Thereby, the state of the information processing system X can be grasped from the remote environment.
For this reason, for example, even while the log or the like is being acquired, the operation of the ATM or the like can be continued with the guest account, and the operating rate of the ATM or the like can be improved and the cost can be reduced.
 また、ユーザがカードリーダ2に置かれたカード媒体4を取り忘れた場合に、状態通知コマンドの実行通知結果により、その旨の警告を状態監視用アプリが取得し、サーバ3に報知するといった構成も可能となる。これにより、サーバ3の管理者が、遠隔操作で、取り忘れの旨をユーザに報知することができる。結果として、セキュリティ性を向上させることができる。
 加えて、状態監視用プロセスに外部のネットワーク5から遠隔操作可能とすることで、例えば、ATM等の紙詰まり、紙幣の詰まり等が生じた場合、サービスパーソンが取り除いて状態を確認しつつ、そのままカード媒体4による取引を継続することができる。これにより、ユーザの不便を低減させることができる。 Further, when the user forgets to remove the card medium 4 placed on the card reader 2, the status monitoring application acquires a warning to that effect based on the execution notification result of the status notification command, and notifies the server 3. Is also possible. This allows the administrator of the server 3 to notify the user of the forgetting to take it by remote control. As a result, security can be improved.
In addition, by making the status monitoring process remotely operable from the external network 5, for example, when a paper jam such as an ATM or a paper money jam occurs, a service person removes and checks the status, and as it is. The transaction using the card medium 4 can be continued. Thereby, inconvenience for the user can be reduced.
 本発明の実施の形態に係る上位装置1は、サービス及びプロセスは、共通で使用される共通識別子を含み、プロセス実行部110は、共通識別子を用いてユニークな識別子を出力することを特徴とする。
 このように構成することで、共通識別子を用いてセキュリティ性をさらに高めることができる。 The host device 1 according to the embodiment of the present invention is characterized in that the service and the process include a common identifier used in common, and the process execution unit 110 outputs a unique identifier using the common identifier. .
With this configuration, the security can be further improved by using the common identifier.
 本発明の実施の形態に係る情報処理システムXは、デバイスの一例は、非接触式カードリーダであるカードリーダ2を含むことを特徴とする。
 このように構成することで、カード媒体4に関するセキュリティ性の高いサービスを提供できる。 An information processing system X according to an embodiment of the present invention is characterized in that an example of a device includes a card reader 2 that is a non-contact card reader.
With this configuration, a highly secure service for the card medium 4 can be provided.
〔他の実施の形態〕
 なお、上述の実施の形態においては、情報処理システムXの制御対象として、非接触カードリーダであるカードリーダ2へ適用する例について説明した。しかしながら、接触型のICカード及び/又は磁気ストライプを備えた磁気カードのカードリーダ、カード媒体の表面に印刷や刻印を行うプリンタ等についても適用可能である。加えて、カード発行機のように、複数のデバイスがコンパウンドデバイスとして実装されている複合ユニット等にも適用可能である。
 このように様々な構成に対応して、共有メモリを介さずに、異なるセッションのプロセス間で接続可能した情報処理システムを提供することが可能である。 [Other embodiments]
In the above-described embodiment, an example has been described in which the information processing system X is applied to the card reader 2 that is a non-contact card reader as a control target. However, the present invention can also be applied to a card reader for a contact type IC card and / or a magnetic card provided with a magnetic stripe, a printer for printing or engraving on the surface of a card medium, and the like. In addition, the present invention is also applicable to a compound unit in which a plurality of devices are mounted as compound devices, such as a card issuing machine.
As described above, it is possible to provide an information processing system that can be connected between processes in different sessions without using a shared memory in correspondence with various configurations.
 また、上述の実施の形態においては、カードリーダ2との通信方式がUSBである例について説明した。しかしながら、RS-232C、WiFi、Blutooth(登録商標)等、様々な通信方式でデバイスと通信するように構成してもよい。
 このように構成することで、任意の通信方式に対応したデバイスの制御を行う際に、共有メモリを介さずに、異なるセッションのプロセス間で接続可能とすることができる。 In the above-described embodiment, an example has been described in which the communication method with the card reader 2 is USB. However, the communication device may be configured to communicate with the device using various communication methods such as RS-232C, WiFi, and Bluetooth (registered trademark).
With this configuration, when controlling a device corresponding to an arbitrary communication method, it is possible to connect between processes in different sessions without using a shared memory.
 また、上述の実施の形態においては、主にATMの制御を行う例について説明しているものの、KIOSK端末等に適用することも可能である。
 このように構成することで、柔軟な構成に適用可能となる。 Further, in the above-described embodiment, an example in which ATM control is mainly performed has been described, but the present invention can also be applied to a KIOSK terminal or the like.
With this configuration, the configuration can be applied to a flexible configuration.
 また、上述の実施の形態においては、主にWindows(登録商標)OSのプロセス間通信、サービス等に適用する例について説明した。しかしながら、Linux(登録商標)等のOSにおけるセッションの異なるプロセス間通信、デーモン(Daemon)との接続等についても、同様に適用可能である。
 このように構成することで、様々なOSに対して適用可能となる。 Also, in the above-described embodiment, an example has been described in which the present invention is mainly applied to inter-process communication of Windows (registered trademark) OS, services, and the like. However, the present invention can be similarly applied to inter-process communication in different sessions in an OS such as Linux (registered trademark), connection to a daemon (Daemon), and the like.
With such a configuration, it can be applied to various OSs.
 また、上述の実施の形態においては、セキュリティ識別子をそのままプロセス間通信で用いる例について説明した。しかしながら、識別子を、例えば、通信用ミドルウェアに含まれる公開鍵で暗号化(ハッシュ化)して用いてもよい。この場合、この暗号化されたセキュリティ識別子を、サービスにおいて、通信用ミドルウェアに含まれる秘密鍵で復号化して、プロセスを識別することも可能である。
 加えて、共通識別子として、上述の実施形態で説明したカードリーダ2を示す文字列以外にも、共通鍵等の鍵データを用いることも可能である。
 このように構成することで、上位装置1に不正なプログラムがインストールされたり、ハッキングされたりしても、サービスを介したデバイスの制御を防ぐことができ、セキュリティ性を高めることができる。 Further, in the above-described embodiment, an example has been described in which the security identifier is used as it is in the inter-process communication. However, the identifier may be encrypted (hashed) using a public key included in the communication middleware, for example. In this case, the service can be identified by decrypting the encrypted security identifier with a secret key included in the communication middleware in the service.
In addition, other than the character string indicating the card reader 2 described in the above embodiment, key data such as a common key can be used as the common identifier.
With this configuration, even if an unauthorized program is installed or hacked in the host device 1, control of the device via the service can be prevented, and security can be improved.
 なお、上記実施の形態の構成及び動作は例であって、本発明の趣旨を逸脱しない範囲で適宜変更して実行することができることは言うまでもない。 It should be noted that the configuration and operation of the above embodiment are examples, and it is needless to say that the configuration and operation can be appropriately modified and executed without departing from the spirit of the present invention.
1 上位装置
2 カードリーダ
3 サーバ
4 カード媒体
5 ネットワーク
10 制御部
20 記憶部
30 I/F部
40 表示部
50 入力部
100 サービス実行部
110 プロセス実行部
P1、P2 制御用プロセス
PW 状態監視用プロセス
S サービス
X、Z 情報処理システム Reference Signs List 1 upper device 2 card reader 3 server 4 card medium 5 network 10 control unit 20 storage unit 30 I / F unit 40 display unit 50 input unit 100 service execution unit 110 process execution units P1, P2 control process PW status monitoring process S Service X, Z Information processing system

Claims (8)

  1.  上位装置と、該上位装置からの指示に従って処理を実行するデバイスとを含む情報処理システムであって、
     前記上位装置は、
     前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行するサービス実行部と、
     前記サービス実行部により実行される前記サービスを介して、前記デバイスに対する各種処理を行うプロセスを実行するプロセス実行部とを備え、
     前記プロセス実行部は、前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、
     前記サービス実行部は、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信する
     ことを特徴とする情報処理システム。     An information processing system including a higher-level device and a device that executes a process in accordance with an instruction from the higher-level device,
    The upper device,
    A service execution unit that connects to the device and executes a service for performing control and monitoring corresponding to a command;
    A process execution unit that executes a process of performing various processes on the device via the service executed by the service execution unit;
    The process execution unit generates a unique identifier when executing the process, and outputs the identifier to the service,
    The information processing system, wherein the service execution unit inputs the unique identifier, sets a communication pipe with the process corresponding to the unique identifier, and performs communication while distinguishing the process.
  2.  前記プロセスは、複数であり、前記デバイスに対する制御を行う制御用プロセスと、前記デバイスの状態を監視する状態監視用プロセスとを含み、
     前記プロセス実行部は、前記状態監視用プロセスを、前記制御用プロセスよりも上位権限のアカウントで実行する
     ことを特徴とする請求項1に記載の情報処理システム。     The process is a plurality, including a control process for controlling the device, and a status monitoring process for monitoring the status of the device,
    The information processing system according to claim 1, wherein the process execution unit executes the status monitoring process with an account having a higher authority than the control process.
  3.  前記サービス実行部は、
     前記制御用プロセスから発行される動作コマンドを格納する制御用FIFOと、
     前記状態監視用プロセスから発行される状態通知コマンドを格納する状態通知用FIFOとを含み、
     前記状態通知用FIFOに格納された前記状態通知コマンドより、前記制御用FIFOに格納された前記動作コマンドを優先して前記デバイスに送信する
     ことを特徴とする請求項2に記載の情報処理システム。     The service execution unit includes:
    A control FIFO for storing an operation command issued from the control process;
    A status notification FIFO that stores a status notification command issued from the status monitoring process,
    The information processing system according to claim 2, wherein the operation command stored in the control FIFO is transmitted to the device with priority over the status notification command stored in the status notification FIFO.
  4.  前記プロセス実行部は、前記状態監視用プロセスについて、外部ネットワークからのアクセスを受け付けて、前記アクセスに対応した処理を実行する
     ことを特徴とする請求項2又は3に記載の情報処理システム。     4. The information processing system according to claim 2, wherein the process execution unit receives an access from an external network for the status monitoring process and executes a process corresponding to the access. 5.
  5.  前記サービス及び前記プロセスは、共通で使用される共通識別子を含み、
     前記プロセス実行部は、前記共通識別子を用いてユニークな識別子を出力する
     ことを特徴とする請求項1乃至4のいずれか1項に記載の情報処理システム。     The service and the process include a common identifier used in common,
    The information processing system according to any one of claims 1 to 4, wherein the process execution unit outputs a unique identifier using the common identifier.
  6.  前記デバイスは、非接触式カードリーダを含む
     ことを特徴とする請求項1乃至5のいずれか1項に記載の情報処理システム。     The information processing system according to claim 1, wherein the device includes a contactless card reader.
  7.  デバイスに指示して処理を実行させる情報処理装置であって、
     前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行するサービス実行部と、
     前記サービス実行部により実行される前記サービスを介して、前記サービスとアカウントが異なっていてもよいプロセスであって、前記デバイスに対する各種処理を行う前記プロセスを実行するプロセス実行部とを備え、
     前記プロセス実行部は、前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、
     前記サービス実行部は、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信する
     ことを特徴とする情報処理装置。     An information processing apparatus for instructing a device to execute a process,
    A service execution unit that connects to the device and executes a service for performing control and monitoring corresponding to a command;
    Through the service executed by the service execution unit, the service and the account may be different processes, comprising a process execution unit that executes the process of performing various processes on the device,
    The process execution unit generates a unique identifier when executing the process, and outputs the identifier to the service,
    The information processing apparatus, wherein the service execution unit inputs the unique identifier, sets a communication pipe with the process corresponding to the unique identifier, and performs communication while distinguishing the process.
  8.  デバイスに指示して処理を実行させる情報処理装置により実行される情報処理方法であって、
     前記デバイスと接続し、コマンドに対応した制御及び監視を行うサービスを実行し、
     実行される前記サービスを介して、前記サービスとアカウントが異なっていてもよいプロセスであって、前記デバイスに対する各種処理を行う前記プロセスを実行し、
     前記プロセスの実行時にユニークな識別子を生成して、前記サービスに出力し、
     前記サービスにより、前記ユニークな識別子を入力し、当該ユニークな識別子に対応する前記プロセスとの通信用パイプを設定して、前記プロセスを区別して通信する
     ことを特徴とする情報処理方法。     An information processing method executed by an information processing apparatus that instructs a device to execute a process,
    Connect to the device, execute a service that performs control and monitoring corresponding to the command,
    Through the service to be executed, the service and the account may be different, the process of performing various processes on the device, executing the process,
    Generate a unique identifier when executing the process, output to the service,
    An information processing method comprising: inputting the unique identifier by the service; setting a communication pipe with the process corresponding to the unique identifier; and performing communication while distinguishing the process.
PCT/JP2019/022535 2018-07-04 2019-06-06 Information processing system, information processing device, and information processing method WO2020008797A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018-127720 2018-07-04
JP2018127720A JP2020009015A (en) 2018-07-04 2018-07-04 Information processing system, information processing unit, and information processing method

Publications (1)

Publication Number Publication Date
WO2020008797A1 true WO2020008797A1 (en) 2020-01-09

Family

ID=69059403

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/022535 WO2020008797A1 (en) 2018-07-04 2019-06-06 Information processing system, information processing device, and information processing method

Country Status (2)

Country Link
JP (1) JP2020009015A (en)
WO (1) WO2020008797A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012046302A1 (en) * 2010-10-05 2012-04-12 富士通株式会社 Multicore processor system, method of monitoring control, and monitoring control program
JP2014072973A (en) * 2012-09-28 2014-04-21 Denso Corp Control device of alternating current motor
JP2014199484A (en) * 2013-03-29 2014-10-23 日本電産サンキョー株式会社 Information processing system and information processing method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012046302A1 (en) * 2010-10-05 2012-04-12 富士通株式会社 Multicore processor system, method of monitoring control, and monitoring control program
JP2014072973A (en) * 2012-09-28 2014-04-21 Denso Corp Control device of alternating current motor
JP2014199484A (en) * 2013-03-29 2014-10-23 日本電産サンキョー株式会社 Information processing system and information processing method

Also Published As

Publication number Publication date
JP2020009015A (en) 2020-01-16

Similar Documents

Publication Publication Date Title
US10264433B2 (en) System and method for using an electronic lock with a smartphone
US10089028B2 (en) Remote secure drive discovery and access
JP4397883B2 (en) Information processing system, management server, and terminal
US8321657B2 (en) System and method for BIOS and controller communication
US9552246B2 (en) Out-of-band monitoring and managing of self-service terminals (SSTs)
CN101222340A (en) Method of power state control for a clientbladetm in a bladecentertm system
JP2007133666A (en) Information processing system and method of allocating information processor
JP2008090493A (en) Information processing system, terminal, information processor and management server
US20110185396A1 (en) Information-processing apparatus, information-processing method, and computer-readable storage medium
US10936324B2 (en) Proactive host device access monitoring and reporting system
TWI596545B (en) Multiple operating system equipment and notification devices, methods, computer program products
US10909516B2 (en) Basic input/output system (BIOS) credential management
EP3719688A1 (en) Operation authentication relay device, method, and program
JP2008171076A (en) Job execution device and its control method
WO2020008797A1 (en) Information processing system, information processing device, and information processing method
JP6444792B2 (en) Information processing apparatus and information processing method
US20200184116A1 (en) Computer lock system
KR101499667B1 (en) System and method for license management in virtual execution environment
JP2020004207A (en) Information processing device and information processing method
US10635840B2 (en) Banner notification in locked host monitor
KR101440419B1 (en) Monitoring system and method for electronic financial service
EP2916226A2 (en) Self-service terminal (SST) device driver
JP7305047B1 (en) Communication system, license management system, mobile terminal, communication method, communication program for mobile terminal and control device
US20230198761A1 (en) Secure communication channel for os access to management controller
US10846580B2 (en) IC chip support terminal, IC chip setting method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19830521

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19830521

Country of ref document: EP

Kind code of ref document: A1