WO2022009611A1 - Information processing device, program, and control method of information processing device - Google Patents

Information processing device, program, and control method of information processing device Download PDF

Info

Publication number
WO2022009611A1
WO2022009611A1 PCT/JP2021/022430 JP2021022430W WO2022009611A1 WO 2022009611 A1 WO2022009611 A1 WO 2022009611A1 JP 2021022430 W JP2021022430 W JP 2021022430W WO 2022009611 A1 WO2022009611 A1 WO 2022009611A1
Authority
WO
WIPO (PCT)
Prior art keywords
image
router
determined
information processing
image data
Prior art date
Application number
PCT/JP2021/022430
Other languages
French (fr)
Japanese (ja)
Inventor
勝 山本
文誠 山添
雅之 川井
一徳 砂子
和也 後藤
昌平 末永
Original Assignee
株式会社Jsol
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Jsol filed Critical 株式会社Jsol
Priority to JP2021534123A priority Critical patent/JP7077504B1/en
Priority to JP2021171471A priority patent/JP2022016441A/en
Publication of WO2022009611A1 publication Critical patent/WO2022009611A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Definitions

  • This disclosure relates to technology that suppresses the risk of information leakage.
  • the presence or absence of peeping by another person is determined by detecting the face image, and when it is determined that the peeping is by another person, the peeping countermeasure processing (viewing angle control) is performed.
  • the peeping countermeasure processing viewing angle control
  • Those that perform filtering (turning on the filter, etc.) are disclosed (see, for example, Patent Document 1).
  • Patent Document 2 describes information by transmitting image information and audio information taken by a camera provided in an information terminal to a server and analyzing the image information and audio information by the server. What determines the degree of leakage risk is disclosed (see, for example, Patent Document 2).
  • This disclosure was made in view of the above circumstances, and aims to provide technology that can suppress the risk of information leakage.
  • the information processing apparatus of the present disclosure includes a display unit that displays an image according to a user's operation, and can transmit and receive information via a network by connecting to a router.
  • the information processing apparatus is provided with a determination means for determining whether or not a predetermined event has occurred, and a control means for executing a predetermined process when it is determined that the predetermined event has occurred. To suppress the risk of information leakage.
  • control means executes a process of outputting a predetermined image signal or a process of limiting the output of the image signal. Suppress the risk of information leakage.
  • control means suppresses the risk of information leakage by executing a process of notifying the administrator terminal when it is determined that the predetermined event has occurred.
  • the control means when it is determined that the predetermined event has occurred, the control means suppresses the risk of information leakage by executing a process of recording the log of the information processing terminal.
  • the information processing apparatus of the present disclosure includes a photographing means for photographing the user, the predetermined event is that the photographed image includes a photographing device image, and the determination means is said.
  • the image corresponding to the operation of the user is not displayed. The risk of information leakage due to the image displayed on the information processing device being captured by the imaging device is suppressed.
  • the determination means determines whether or not the captured device image has a size larger than the size set for each photographing device.
  • the image of the photographing device is determined by determining that the image of the photographing device includes the image of the photographing device. If the size is smaller than the set size, it is difficult to take an image displayed on the information processing apparatus. Therefore, the risk of information leakage is suppressed and the work efficiency of the user is not reduced.
  • the determination means when the captured image includes the captured device image, the determination means has a locus of the captured device image included in the captured image captured a predetermined number of times within a set locus range.
  • the image of the photographing device is obtained by determining that the image of the photographing device includes the image of the photographing device.
  • the control means when it is determined that the predetermined event has occurred, the control means is displayed on the information processing apparatus by changing the first image to the second image and displaying the image. It suppresses the risk of information leakage due to the image being taken by the photographing device.
  • the predetermined event is that the router is connected to an unacceptable router whose use is not permitted
  • the determination means is whether or not the router is an acceptable router whose use is permitted.
  • the control means outputs an image signal to the outside
  • the control means includes a process of limiting the external output of the image signal. , Suppress the risk of information leakage due to the information processing device being connected to an unacceptable router.
  • control means is unacceptable by releasing the restriction on the external output of the image signal when a predetermined condition is satisfied in a state where the external output of the image signal is restricted. Even when connected to a router, for example, when the administrator or the like determines that there is no risk of information leakage, it is possible to remove the restriction on the external output of the image signal.
  • the program of the present disclosure is a program to be executed by an information processing apparatus having a display unit that displays an image according to a user's operation and capable of transmitting and receiving information via a network by connecting to a router.
  • Information processing by functioning as a determination means for determining whether or not a predetermined event has occurred and a control means for executing a predetermined process when it is determined that the predetermined event has occurred. Suppress the risk of information leakage in the device.
  • the control method of the information processing apparatus of the present disclosure includes a display unit that displays an image according to a user's operation, and controls an information processing apparatus capable of transmitting and receiving information via a network by connecting to a router.
  • a determination step for determining whether or not a predetermined event has occurred and a control step for executing a predetermined process when it is determined that the predetermined event has occurred. , Suppress the risk of information leakage in information processing equipment.
  • FIG. 3 is a block diagram showing a hardware configuration applicable to the employee terminal 100, the VDI server 200, and the management server 300 shown in FIG. 1. It is a block diagram which shows the functional structure of the employee terminal 100 and management server 300 shown in FIG. It is a figure which shows the example of the shooting determination. It is a figure which shows the example of the use allowable router determination. It is a flowchart which shows the example of the process in the employee terminal 100, the VDI server 200, and the management server. It is a flowchart which shows the example of the router authentication processing in the employee terminal 100. It is a flowchart which shows the example of the photographing detection processing in the employee terminal 100.
  • the information leakage risk suppression technology of the present disclosure uses a camera equipped or connected to an information processing device such as a personal computer to capture an image of a camera owned by a third party or a photographing device such as a mobile terminal with a camera as a predetermined event. By detecting it, a predetermined process is executed.
  • This predetermined process includes a process of outputting a predetermined image signal or a process of limiting the output of the image signal, a process of notifying the administrator terminal, a process of recording a log of the information processing terminal, and the like. ..
  • the information leakage risk suppression technology of the present disclosure is to execute a predetermined process when the information processing apparatus is connected to a router other than the pre-registered allowable use router as a predetermined event.
  • FIG. 1 is an overall system configuration diagram according to an embodiment of the present disclosure.
  • the overall system 10 according to the embodiment of the present disclosure is composed of a plurality of employee terminals 100, a VDI server 200, a management server 300, and a plurality of wireless routers A401 to EF404, which are information processing devices.
  • One of the employee terminals 100 can be an administrator terminal.
  • Employee 1 terminal 100a, employee 2 terminal 100b, and employee 3 terminal 100c which are employee terminals used by employees working in the company, are connected to the wireless router A401 installed in the company and are connected to the company network (for example, LAN). ) Is connected to the VDI server 200 and the management server 300.
  • the employee 4 terminal 100d which is an employee terminal used by an employee who works outside the company 1 (for example, at home), is connected to the wireless router AB402 installed at home, and is managed by the VDI server 200 via the Internet 500. Connected to the server 300.
  • the employee 5 terminal 100e which is an employee terminal used by an employee who has a meeting in an outside company 2 (for example, a conference room of another company), is connected to a wireless router CD403 installed in the other company and is connected to a VDI via the Internet 500. It is connected to the server 200 and the management server 300.
  • the employee 6 terminal 100f which is an employee terminal used by an employee who works in an external 3 (for example, a shared office), is connected to a wireless router EF404 installed in the shared office and is a VDI server via the Internet 500. It is connected to 200 and the management server 300.
  • the employee terminal 100 operates as a client that communicates with the VDI server 200 and the management server 300, respectively.
  • the employee terminal 100 may be a notebook type personal computer, a desktop type personal computer, or a tablet computer. Further, the employee terminal 100 may be a thin client terminal.
  • the management server 300 has a function of authenticating whether the employee terminal 100 is legitimate and a function of transmitting information such as various data and various programs to the employee terminal 100 as needed. Further, the management server 300 has a function of managing business hours based on the operating time of the employee terminal 100 of each employee, a function of transmitting update information to the employee terminal 100, and a function of generating a one-time password to the employee terminal. It has a function of transmitting to 100. Further, the management server 300 may notify the administrator terminal when the user of the employee terminal 100 is an unspecified user or when the user receives the photographing device specific information taken by the photographing device. good.
  • the VDI server 200 functions as a server configured to provide a virtual desktop environment to the employee terminal 100 using a virtual desktop infrastructure (VDI).
  • VDI virtual desktop infrastructure
  • the VDI server 200 receives various operation information on the employee terminal 100 and displays the image information on the screen of the employee terminal 100 and the image information corresponding to the updated part of the screen. To send. By displaying the screen corresponding to this image information on the employee terminal 100, the virtual desktop environment executed on the VDI server 200 can be used in the same manner as the desktop environment operating on the employee terminal 100. can. The status of work using the virtual desktop environment may be recorded. In particular, after detecting a predetermined event, the log of the employee terminal 100 may be stored.
  • the VDI server 200 is not an essential configuration in the overall system configuration according to the embodiment of the present disclosure.
  • a remote desktop environment is used by remotely connecting to a terminal inside the company (for example, an employee terminal 100 used for work in the company) from an external employee terminal 100. You may do so.
  • FIG. 2 is a block diagram showing a hardware configuration applicable to the employee terminal 100, the VDI server 200, and the management server 300 shown in FIG.
  • the CPU 701 performs integrated control of each device connected to the system bus 720.
  • the ROM 702 and the storage device 704 store a basic input / output system (BIOS) and an operating system (OS), which are control programs of the CPU 701.
  • the ROM 702 and the storage device 704 store various programs and the like necessary for functioning as the employee terminal 100 in the case of the employee terminal 100, and are necessary for functioning as the VDI server 200 in the case of the VDI server 200.
  • Various programs and the like are stored, and in the case of the management server 300, various programs and the like necessary for functioning as the management server 300 are stored.
  • the log of the employee terminal 100 after detecting a predetermined event is stored in the storage device 704.
  • the RAM 703 functions as the main memory, work area, etc. of the CPU 701.
  • the CPU 701 reads a program or the like necessary for executing various processes from the ROM 702 or the storage device 704 into the RAM 703, and executes the read program or the like to realize various operations.
  • the communication I / F (communication interface) 705 communicates with an external device via a network (LAN or Internet), and executes communication control processing (for example, communication using TCP / IP) on the network. ..
  • the camera (shooting means) 706 is provided, for example, above the surface on which the display (display unit) 711 is provided, and shoots an image on the operator side looking at the display 711. Further, the camera 706 is equipped with a wide-angle lens, and can capture images of the operator and the surroundings of the operator.
  • the position where the camera 706 is provided may be any position as long as the operator and the image around the operator can be photographed.
  • the speaker 707 outputs various sounds, and the microphone 708 inputs the operator's voice and surrounding sounds.
  • the input device 709 is a keyboard, a mouse, or the like.
  • the graphic board 710 outputs a video signal, and a display 711 is connected to it. Further, the graphic board 710 has a video output I / F (video output interface) 712 such as an HDMI (registered trademark) terminal and an analog RGB output terminal, and is a video device connected to the video output I / F 712. Output a video signal to (display, projector, etc.).
  • a video output I / F (video output interface) 712 such as an HDMI (registered trademark) terminal and an analog RGB output terminal
  • FIG. 3 is a block diagram showing a functional configuration of the employee terminal 100 and the management server 300 shown in FIG.
  • the image input unit (shooting means) 101 transmits the image data taken by the camera 706 to the user authentication unit 102 and the shooting determination unit 104. Since the image input unit is set to transmit 10 image data per second, for example, the frame rate is 10 fps.
  • the face image data and the face image data are associated with the user ID (user identifier) of each user (employee) who is permitted to use the employee terminal 100.
  • User face image data including feature amount data showing features is stored.
  • the user determination unit (determination means) 102 specifies the face image data included in the image data received from the image input unit 101. Then, the specified face image data is collated with the user face image data stored in the user face image data storage unit 103, and the degree of matching in the user face image data is at least a predetermined level (for example, 80%). It is determined whether or not there is data that is. When it is determined that the user face image data contains data having a degree of matching of a predetermined level or higher, the face image data included in the image data received from the image input unit 101 can be used by the employee terminal 100.
  • a predetermined level for example, 80%
  • the user determination unit 102 transmits the user determination result information to the leakage prevention control unit 109 at any time, that is, since the frame rate of the image input unit 101 is 10 fps, about 10 times per second.
  • the user determination unit 102 transmits the user unspecified information indicating that the face image data cannot be specified to the leakage prevention control unit 109. ..
  • the user determination unit 102 may be an AI model based on AI (artificial intelligence) utilizing machine learning or the like. Then, in this case, for example, the AI model of the user determination unit 102 may be updated by the AI model transmitted from the management server 300 to the employee terminal 100.
  • the image data storage unit 105 for shooting determination contains a plurality of camera image data corresponding to each shape of a plurality of cameras as a shooting device, and a plurality of camera-equipped mobile terminal images corresponding to each shape of a plurality of camera-equipped mobile terminals.
  • a plurality of image data of a plurality of photographing devices including data and the like are stored. Since the image data of the imaging device stored in the image data storage unit 105 for imaging determination gives priority to the detection speed by the imaging determination unit 104, the contour image data indicating the characteristics of the contour of the camera or the portable terminal with a camera is simplified. Image data.
  • the imaging determination unit (determination means) 104 reads the imaging device determination image data stored in the imaging determination image data storage unit 105, and the image data received from the image input unit 101 matches the imaging device determination image data. Determine if there is an image. When it is determined that there is data having a degree of matching with the image data for determining the photographing device at a predetermined level (for example, 60%) or more, the image data received from the image input unit 101 includes the image data of the photographing device. It is determined that it is.
  • the photographing determination unit 104 determines that the image data of the photographing device is included, the image data for the next time or later received from the image input unit 101 also matches the same image data for determining the photographing device as the previous time. Determine if there is an image. By executing such a determination a predetermined number of times (for example, a total of three times), the imaging determination unit 104 determines whether or not the same imaging device image data exists in each image data. Further, when the same image pickup device image data exists in each image data, it is determined whether or not the locus of the image pickup device image data is within the set range.
  • the photographing device it was determined that the same image data of the imaging device exists in each image data, and that the locus of the image data of the imaging device is within the set range (for example, a region 1.2 times the size of the image data of the imaging device). In this case, it is determined that the screen of the employee terminal 100 may be photographed by the photographing device. When it is determined that the screen of the employee terminal 100 may be photographed by the photographing device, the photographing device specific information is transmitted to the leakage prevention control unit 109. If the locus of the image data of the photographing device exceeds the set range, it is determined that the photographing device does not intend to photograph the screen of the employee terminal 100 because the photographing device is moving.
  • the set range for example, a region 1.2 times the size of the image data of the imaging device.
  • the photographing determination unit 104 determines that the image data received from the image input unit 101 after the transmission of the photographing device specific information does not include an image matching the image data for determining the photographing device (the image data of the photographing device does not exist). If so, the image pickup device unspecified information is transmitted to the leakage prevention control unit 109. If the size of the image data of the photographing device included in the image data received from the image input unit 101 is smaller than the size (set number of pixels) set for each photographing device, the photographing determination unit 104 sets the employee terminal 100. Since it is difficult to shoot the screen of the camera, it is not determined that the image data of the shooting device is included.
  • the photographing determination unit 104 may be an AI model based on AI (artificial intelligence) utilizing machine learning or the like. Then, in this case, for example, the AI model of the shooting determination unit 104 may be updated by the AI model transmitted from the management server 300 to the employee terminal 100.
  • AI artificial intelligence
  • the allowable use router data storage unit 107 stores the SSID (service set identifier) of the wireless router (allowable use router) to which the connection of the employee terminal 100 is permitted as the allowable use router data.
  • SSID service set identifier
  • the router determination unit (determination means) 106 determines whether or not the SSID of the wireless router to which the employee terminal 100 is connected corresponds to the SSID of the allowable use router stored in the allowable use router data storage unit 107. When it is determined that the SSID of the wireless router to which the employee terminal 100 is connected corresponds to the SSID of the allowable use router, the permission router connection information including the SSID of the allowable use router and the user ID is transmitted to the leakage prevention control unit 109. ..
  • the leakage prevention of the unauthorized router connection information including the SSID of the unauthorized router and the user ID is prevented. It is transmitted to the control unit 109.
  • the leak prevention control unit (control means) 109 When the leak prevention control unit (control means) 109 receives the user unspecified information from the user determination unit 102 and receives the image pickup device specific information from the image pickup determination unit 104 as a predetermined event, the leak prevention control unit (control means) 109 is predetermined.
  • a predetermined process such as a process of outputting an image signal or a process of limiting the output of an image signal, a process of notifying an administrator terminal, and a process of recording a log of an information processing terminal is executed.
  • the leakage prevention control unit 109 changes the image signal to the display 711 from the current image signal (first image) to a screen saver image signal (second image) and outputs the image signal.
  • the leak prevention control unit 109 may notify the administrator terminal in the background when a predetermined event occurs. At this time, the leakage prevention control unit 109 may notify the administrator terminal without changing the information on the screen. Further, when the photographing device specific information is received, the photographing detection information including the user ID is transmitted to the operating time management unit 301.
  • the leakage prevention control unit 109 receives the usage permission router connection information or the usage permission router connection information from the router determination unit 106, the leakage prevention control unit 109 transmits the operation information to the operation time management unit 301. Then, the SSID included in the licensed router connection information or the licensed router connection information is stored as the connection destination router information. If the newly received SSID of the licensed router connection information or the SSID included in the disallowed router connection information is different from the SSID of the connection destination router information stored, the newly received licensed router connection information or , The SSID included in the unauthorized router connection information is stored as new connection destination router information.
  • the leakage prevention control unit 109 when the leakage prevention control unit 109 receives the unusable router connection information from the router determination unit 106, the leakage prevention control unit 109 invalidates the video output I / F (external output) 712 in the video output unit 108 (stops the output of the video signal). do.
  • the one-time password transmitted from the password input unit 110 after the video output I / F 712 in the video output unit 108 was invalidated matched the one-time password received from the password generation unit 309 described later. In this case, the video output I / F 712 in the video output unit 108 is enabled (the output of the video signal is allowed).
  • the leakage prevention control unit 109 When the leakage prevention control unit 109 receives the unusable router connection information from the router determination unit 106, it outputs another image signal so as to change the image signal to the display 711 from the current image signal to the screen saver image signal. You may do it. A pop-up image may be output. Further, the administrator terminal may be notified via the management server 300. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
  • the operating time management unit 301 manages the operating time of the employee terminal 100 based on the operation information, the shooting detection information, the cancellation information, etc. received from the leak prevention control unit 109.
  • the operating time management unit 301 stores the operating time of the employee terminal 100 in the operating time storage unit 302.
  • the user face image data update unit 303 determines whether or not the user face image data registered in the user face image data registration unit 304 has been updated and determines that the user face image data has been updated
  • the user face image data update unit 303 determines whether or not the user face image data has been updated.
  • the updated user face image data (new user face image data) is transmitted to the leakage prevention control unit 109.
  • the leakage prevention control unit 109 receives new user face image data from the user face image data update unit 303, the leak prevention control unit 109 uses the user face image data stored in the user face image data storage unit 103 as the new user face. Update to image data.
  • the shooting determination data update unit 305 determines whether or not the shooting device determination image data registered in the shooting determination image data registration unit 306 has been updated, and determines that the shooting device determination image data has been updated.
  • the updated image data for determining the photographing device (new image data for determining the photographing device) is transmitted to the leakage prevention control unit 109.
  • the leakage prevention control unit 109 receives new image data for image determination for image capture from the image data update unit 305 for image determination, the leak prevention control unit 109 uses the image data for image image determination for image capture stored in the image data storage unit 105 for image determination as a new image device. Update to the image data for judgment.
  • the permissible use router update unit 307 determines whether or not the permissible use router data registered in the permissible use router registration unit 308 has been updated, and if it is determined that the permissible use router data has been updated, the updated permissible use router has been updated.
  • Data new usage allowable router data
  • the leakage prevention control unit 109 receives new use-allowed router data from the use-allowed router update unit 307, the leak-prevention control unit 109 updates the use-allowed router data stored in the use-allowed router data storage unit 107 with new use-allowed router data.
  • the password generation unit 309 When the password generation unit 309 receives a one-time password generation request from an external terminal (for example, an employee terminal 100 used by an administrator (superior) or the like), the password generation unit 309 generates a one-time password and generates the one-time password. Is transmitted to the leakage prevention control unit 109 and the external terminal.
  • the leak prevention control unit 109 matches the one-time password received from the password generation unit 309 with the one-time password received from the password input unit 110 (for example, the one-time password transmitted from the administrator or the like and input by the user). Judge whether or not. When the one-time passwords match, the leakage prevention control unit 109 stores the SSID of the unusable router as the SSID of the router for which temporary use is permitted (temporary use permitted router).
  • FIG. 4 is a diagram showing an example of shooting determination.
  • FIG. 4A shows an example in which it is determined that the screen of the employee terminal 100 may be imaged by the photographing device.
  • the camera-equipped portable terminal image G01 (or camera image G02) is larger than the size set for each photographing device around the user image, and the camera-equipped portable terminal image G01 (or camera) is used.
  • the locus of the image G02 is within the set range
  • it is determined that the screen of the employee terminal 100 may be imaged by the photographing device.
  • the screen saver image is displayed.
  • Another image may be superimposed and displayed on the current image as in the pop-up image.
  • Image (video) output may be blocked.
  • the administrator terminal may be notified or the log of the target employee terminal 100 may be recorded. Further, for example, when a predetermined release process or the like is performed, the normal state is set.
  • FIG. 4B shows an example in which it is determined that there is no possibility that the screen of the employee terminal 100 is imaged by the photographing device.
  • the camera-equipped mobile terminal image G01 or camera image G02
  • the shooting device determines. It is determined that there is no possibility that the screen of the employee terminal 100 will be imaged.
  • FIG. 5 is a diagram showing an example of determination of an allowable router.
  • FIG. 5A shows an example when connecting to a wireless router registered in the allowable use router data.
  • the wireless router to which the employee terminal 100 is connected is the wireless router A401 registered in the allowable use router data
  • the video output to the outside is enabled (ON).
  • FIG. 5B shows an example when connecting to a wireless router that is not registered in the allowable router data.
  • the wireless router to which the employee terminal 100 is connected is the wireless router AB402 which is not registered in the allowable router data
  • the video output to the outside is invalidated (OFF).
  • OFF the video output to the outside
  • a one-time word is input, and when the input one-time password is authenticated, the video output to the outside is enabled.
  • another image may be displayed instead of the current image, or another image may be displayed overlaid on the current image.
  • the administrator terminal may be notified or the log of the target employee terminal 100 may be recorded. In this case as well, the display of another image may be terminated by inputting the one-time password.
  • FIG. 6 is a flowchart showing an example of processing in the employee terminal 100, the VDI server 200, and the management server.
  • the login process is executed on the employee terminal 100 (S101).
  • the user is photographed, and the user's face image authentication is executed by collating the face image data specified from the photographed image data with the user's face image data.
  • the employee terminal 100 is connected to the wireless router in S103 (router connection at login).
  • VDI server 200 when the employee terminal 100 is connected to the VDI server 200, user authentication (user authentication) is executed in the VDI server 200.
  • the VDI server 200 selects the virtual desktop environment of the authenticated user and transmits screen data corresponding to the virtual desktop environment to the employee terminal 100.
  • the input data input by the input device 709 of the employee terminal 100 is transmitted to the VDI server 200, and the VDI server 200 receiving the input data transmits the screen data corresponding to the input data.
  • the screen data transmitted from the VDI server 200 is updated and displayed.
  • the management server 300 starts measuring the operating time of the employee terminal 100.
  • the management server 300 has updated data (updated user face image data, updated photographing device determination image data, updated usable allowable router data)
  • the management server 300 transmits the updated data to the employee terminal 100.
  • the employee terminal 100 receives the update data, the employee terminal 100 executes the update process of the corresponding data.
  • the employee terminal 100 determines whether or not the connected wireless router is a new wireless router. Further, it is determined whether or not the one-time password (OTP) is received from the management server 300 (S105). Here, it is determined whether or not the wireless router is a new one by determining whether or not the SSID is the same as the SSID of the connection destination router information stored in the leakage prevention control unit 109. If the connection destination router information is not stored in the leakage prevention control unit 109, it is determined that the wireless router is a new one. If it is determined that the connected wireless router is a new wireless router or has received the one-time password from the management server 300, the process proceeds to S106. On the other hand, if it is determined that the connected wireless router is not a new wireless router or the one-time password has not been received from the management server 300, the process proceeds to S107.
  • OTP one-time password
  • the router determination process is executed (S106).
  • FIG. 7 is a flowchart showing an example of router authentication processing in the employee terminal 100.
  • the router determination process first, it is determined whether or not the wireless router is permitted to be used (S1061). If it is determined that the wireless router is permitted to be used, the process proceeds to S1062. On the other hand, if it is determined that the wireless router is not permitted to be used, the process proceeds to S1063.
  • connection destination router information is stored (S1062).
  • the video output is invalidated (OFF) (S1063).
  • connection destination router information is stored (S1064).
  • the one-time password is authenticated (S1066).
  • the one-time password transmitted from the management server 300 has been received (see FIG. 6), and the one-time password has been received by the user. Is already entered, the one-time password received from the management server 300 and the one-time password entered by the user are authenticated.
  • the video output is enabled (ON) (S1068), and then the router determination process is terminated.
  • the leakage prevention control unit 109 has described an example in which the output of the image signal is restricted and the restriction is released by the password when the router is not a licensed router. However, when a predetermined event occurs. , A predetermined image signal may be output, and the restriction may be lifted with a password. Further, if the leak prevention control unit 109 is not a licensed router, the administrator terminal may be notified and the log of the target employee terminal 100 may be recorded.
  • FIG. 8 is a flowchart showing an example of shooting detection processing in the employee terminal 100.
  • the shot image data is confirmed (S1071).
  • the process proceeds to S1073. On the other hand, if it is determined that the captured image data does not include the captured image data, the process proceeds to S1081.
  • the captured image data includes the capture device image data
  • whether or not the size (number of pixels) of the image (shooting device image data) is equal to or larger than the size (set size) set for each photographing device. (S1073). If it is determined that the size of the image data of the photographing device is equal to or larger than the size set for each photographing device, the process proceeds to S1074. On the other hand, if it is determined that the size of the image data of the photographing device is not larger than the size set for each photographing device, the process proceeds to S1081.
  • the locus range is set (S1075).
  • a region having a size 1.2 times the size of the image data of the photographing apparatus is set in the locus range.
  • the shooting detection information is transmitted to the management server 300 (S1080).
  • the shooting determination process ends.
  • the management server 300 receives the above-mentioned shooting detection information, the management server 300 suspends the measurement of the operating time. Then, when a predetermined release process or the like is performed, the measurement of the paused operating time is restarted (see FIG. 6).
  • the shooting detection information it is possible to notify the administrator terminal that a predetermined event of leakage has occurred.
  • the log of the target employee terminal 100 may be stored in the storage device 704.
  • the imaging device is determined.
  • the image data exceeds the set locus range, it is determined whether or not the DC value is 1 or more (S1081). If it is determined that the DC value is 1 or more, the process proceeds to S1082. On the other hand, when it is determined that the DC value is not 1 or more (0), the shooting determination process is terminated.
  • the DC value is set to 0 (reset). Further, the setting of the locus range is cleared (S1082). When the DC value is set to 0 and the locus range setting is cleared, the shooting determination process ends.
  • the logout process is executed (S109).
  • the logout information is transmitted from the employee terminal 100 to the VDI server 200.
  • the VDI server 200 deselects the virtual desktop environment of the user of the employee terminal 100.
  • the logout information is also transmitted from the employee terminal 100 to the management server 300.
  • the management server 300 that has received the logout information ends the measurement of the operating time of the employee terminal 100.
  • the information acquisition device is not limited to the above-described embodiments, and various within the scope of the gist of the present disclosure described in the claims. Can be transformed and changed.
  • the leakage prevention control unit 109 when the leakage prevention control unit 109 receives the user unspecified information from the user determination unit 102 and receives the image pickup device specific information from the image pickup determination unit 104, the leak prevention control unit 109 is displayed on the display 711.
  • the image signal was changed from the current image signal to the screen saver image signal and output.
  • an image signal other than the screen saver image signal may be changed and output.
  • another image signal such as a pop-up image may be superimposed and displayed on the display 711. Further, the output of the image signal may be stopped. Further, the video output I / F 712 in the video output unit 108 may be invalidated.
  • the leak prevention control unit 109 notifies the administrator terminal via the server 300 when the user unspecified information is received from the user determination unit 102 and when the photographing device specific information is received from the photographing determination unit 104. You may do so. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
  • the leakage prevention control unit 109 invalidates the video output I / F 712 in the video output unit 108 when the unusable router connection information is received from the router determination unit 106.
  • the present invention is not limited to this, and another image signal may be output so as to change the image signal to the display 711 from the current image signal to the screen saver image signal.
  • the leak prevention control unit 109 may notify the administrator terminal via the management server 300. Further, another image signal such as a pop-up image may be superimposed and displayed. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
  • the management server 300 is provided with a password generation unit 309, and when a one-time password generation request is received from an external terminal, the one-time password is generated and the generated one-time password is controlled to prevent leakage. It was supposed to be transmitted to the unit 109.
  • the present invention is not limited to this, and the password generation unit 309 may not be provided in the management server 300. In this case, it is conceivable to send the one-time password generated (or created by the administrator) on the external terminal to the employee terminal 100. Alternatively, the administrator terminal may perform a process of releasing the restriction on the external output of the image signal to the administrator server 300.
  • connection form of the employee terminal 100, the VDI server 200, and the management server 300 is a wireless connection or a wired connection, but the connection form may be a wireless connection, and the connection form may be a wireless connection. It may be a wired connection.
  • connection destination is specified from the SSID of the wireless router.
  • the connection destination may be specified by the host name or the device identifier (for example, MAC address, BD address, etc.). Further, it may be determined whether or not to allow the connection destination from the combination of the unique code (for example, a password or the like) and the identifier.
  • the DC value when it is determined that the DC value is 3 or more, it is detected as shooting by a shooting device (see S1078).
  • the present invention is not limited to this, and the DC value may be a value of 3 or more. Further, the DC value may be variable. Further, the frame rate of the image data to be used for the shooting determination may be variable.

Abstract

Provided is a technology capable of suppressing a risk of information leakage. An employee's terminal 100 of the present disclosure executes prescribed processes, when an imaging determination unit 104 determines that imaging device image data is included and a router determination unit 106 determines that an SSID of a wireless router of a connection destination does not correspond to an SSID of an allowed router. The prescribed processes include: a process for outputting a prescribed image signal; a process for limiting an output of the image signal; a process for notifying a manager's terminal; and a process for recording a log of the employee's terminal.

Description

情報処理装置、プログラム、及び、情報処理装置の制御方法Information processing equipment, programs, and control methods for information processing equipment
 本開示は、情報漏洩リスクを抑制する技術に関するものである。 This disclosure relates to technology that suppresses the risk of information leakage.
 近年、社員の働く場所は社内だけではなく、シェアオフィス、会議室、電車内、ホテル、カフェ等と、社員の働く場所は遍在化する傾向にある。また、昨今、テレワークを推奨する会社も増加しており、社員が自宅で働く機会も増加傾向にある。 In recent years, the places where employees work are not limited to the company, but the places where employees work tend to be ubiquitous, such as shared offices, conference rooms, trains, hotels, cafes, etc. In addition, the number of companies that recommend telework is increasing recently, and the opportunities for employees to work from home are also increasing.
 このように、社員の働く場所が遍在化していくことにより、社員が使用するパーソナルコンピュータやモバイル端末等の情報処理装置に表示される画像情報(電子メール、機密文書、図面等)の情報漏洩リスクは、ますます高まっていく。 In this way, as the places where employees work become ubiquitous, information leakage of image information (e-mail, confidential documents, drawings, etc.) displayed on information processing devices such as personal computers and mobile terminals used by employees The risks are increasing.
 このような情報漏洩リスクに対応する技術として、顔画像を検出することにより他者による覗き見の有無を判断し、他者による覗き見であると判断した場合、覗き見対策処理(視野角制御フィルタをオンする等)を行うものが開示されている(例えば、特許文献1参照)。 As a technology to deal with such an information leakage risk, the presence or absence of peeping by another person is determined by detecting the face image, and when it is determined that the peeping is by another person, the peeping countermeasure processing (viewing angle control) is performed. Those that perform filtering (turning on the filter, etc.) are disclosed (see, for example, Patent Document 1).
 また、情報漏洩リスクに対応する技術として、特許文献2には、情報端末が備えるカメラにより撮影した画像情報や音声情報をサーバに送信し、サーバにより画像情報や音声情報を分析することによって、情報漏洩リスク度を決定するものが開示されている(例えば、特許文献2参照)。 Further, as a technique for dealing with the risk of information leakage, Patent Document 2 describes information by transmitting image information and audio information taken by a camera provided in an information terminal to a server and analyzing the image information and audio information by the server. What determines the degree of leakage risk is disclosed (see, for example, Patent Document 2).
特開2010-128778号公報Japanese Unexamined Patent Publication No. 2010-128778 特開2019-117483号公報Japanese Unexamined Patent Publication No. 2019-117483
 しかしながら、これらの特許文献に開示された技術では、情報処理装置に表示された画像情報が第三者に覗き見されることによる情報漏洩リスクを抑制することは可能であるが、第三者による覗き見以外には対応できないという課題があった。 However, with the technology disclosed in these patent documents, it is possible to suppress the risk of information leakage due to the image information displayed on the information processing device being snooped by a third party, but the third party There was a problem that it could not be dealt with other than peeping.
 本開示は、上記事情に鑑みてなされたものであり、情報漏洩リスクを抑止することが可能な技術を提供することを目的とする。 This disclosure was made in view of the above circumstances, and aims to provide technology that can suppress the risk of information leakage.
 上記目的を達成するために、本開示の情報処理装置は、使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置であって、所定の事象が生じているか否かを判定する判定手段と、前記所定の事象が発生していると判定した場合、所定の処理を実行する制御手段と、を備えることによって、情報漏洩リスクを抑止する。 In order to achieve the above object, the information processing apparatus of the present disclosure includes a display unit that displays an image according to a user's operation, and can transmit and receive information via a network by connecting to a router. The information processing apparatus is provided with a determination means for determining whether or not a predetermined event has occurred, and a control means for executing a predetermined process when it is determined that the predetermined event has occurred. To suppress the risk of information leakage.
 本開示の情報処理装置において、前記制御手段は、前記所定の事象が発生していると判定した場合、所定の画像信号を出力する処理又は画像信号の出力を制限する処理を実行することによって、情報漏洩リスクを抑止する。 In the information processing apparatus of the present disclosure, when it is determined that the predetermined event has occurred, the control means executes a process of outputting a predetermined image signal or a process of limiting the output of the image signal. Suppress the risk of information leakage.
 本開示の情報処理装置において、前記制御手段は、前記所定の事象が発生していると判定した場合、管理者端末に通知する処理を実行することによって、情報漏洩リスクを抑止する。 In the information processing apparatus of the present disclosure, the control means suppresses the risk of information leakage by executing a process of notifying the administrator terminal when it is determined that the predetermined event has occurred.
 本開示の情報処理装置において、前記制御手段は、前記所定の事象が発生していると判定した場合、前記情報処理端末のログを記録する処理を実行することによって、情報漏洩リスクを抑止する。 In the information processing apparatus of the present disclosure, when it is determined that the predetermined event has occurred, the control means suppresses the risk of information leakage by executing a process of recording the log of the information processing terminal.
 本開示の情報処理装置において、前記使用者を撮影する撮影手段を備え、前記所定の事象は、前記撮影された撮影画像に撮影装置画像が含まれていることであり、前記判定手段は、前記撮影画像に撮影装置画像が含まれているか否かを判定し、前記撮影画像に前記撮影装置画像が含まれていると判定した場合、前記使用者の操作に応じた画像を表示しないことによって、情報処理装置に表示される画像が撮影装置により撮影されることによる情報漏洩リスクを抑止する。 The information processing apparatus of the present disclosure includes a photographing means for photographing the user, the predetermined event is that the photographed image includes a photographing device image, and the determination means is said. When it is determined whether or not the captured image includes the photographing device image and it is determined that the captured image includes the photographing device image, the image corresponding to the operation of the user is not displayed. The risk of information leakage due to the image displayed on the information processing device being captured by the imaging device is suppressed.
 本開示の情報処理装置において、前記判定手段は、前記撮影画像に前記撮影装置画像が含まれている場合、前記撮影装置画像が撮影装置毎に設定したサイズよりも大きいサイズであるか否かを判定し、前記撮影装置画像が前記撮影装置毎に設定したサイズよりも大きいサイズであると判定した場合、前記撮影画像に前記撮影装置画像が含まれていると判定することによって、撮影装置画像が設定サイズよりも小さいサイズである場合は、情報処理装置に表示される画像を撮影することは困難であるため、情報漏洩リスクを抑止しつつ、使用者の作業効率が低下しないようにする。 In the information processing apparatus of the present disclosure, when the captured image includes the captured device image, the determination means determines whether or not the captured device image has a size larger than the size set for each photographing device. When it is determined that the size of the image of the photographing device is larger than the size set for each image of the photographing device, the image of the photographing device is determined by determining that the image of the photographing device includes the image of the photographing device. If the size is smaller than the set size, it is difficult to take an image displayed on the information processing apparatus. Therefore, the risk of information leakage is suppressed and the work efficiency of the user is not reduced.
 本開示の情報処理装置において、前記判定手段は、前記撮影画像に前記撮影装置画像が含まれている場合、所定回数撮影された撮影画像に含まれる前記撮影装置画像の軌跡が設定軌跡範囲内であるか否かを判定し、前記撮影装置画像の軌跡が前記設定軌跡範囲内であると判定した場合、前記撮影画像に前記撮影装置画像が含まれていると判定することによって、撮影装置画像が移動している場合は、情報処理装置に表示される画像を撮影する意図はないため、情報漏洩リスクを抑止しつつ、使用者の作業効率が低下しないようにする。 In the information processing apparatus of the present disclosure, when the captured image includes the captured device image, the determination means has a locus of the captured device image included in the captured image captured a predetermined number of times within a set locus range. When it is determined whether or not the image is present and the locus of the image of the photographing device is within the set locus range, the image of the photographing device is obtained by determining that the image of the photographing device includes the image of the photographing device. When moving, there is no intention of taking an image displayed on the information processing device, so the risk of information leakage is suppressed and the work efficiency of the user is not reduced.
 本開示の情報処理装置において、前記制御手段は、前記所定の事象が発生していると判定した場合、第1画像を第2画像に変更して表示することによって、情報処理装置に表示される画像が撮影装置により撮影されることによる情報漏洩リスクを抑止する。 In the information processing apparatus of the present disclosure, when it is determined that the predetermined event has occurred, the control means is displayed on the information processing apparatus by changing the first image to the second image and displaying the image. It suppresses the risk of information leakage due to the image being taken by the photographing device.
 本開示の情報処理装置において、前記所定の事象は、使用が許容されていない非許容ルータに接続されたことであり、前記判定手段は、ルータが、使用が許容された許容ルータであるか否かを判定し、前記制御手段は、前記許容ルータであると判定した場合、画像信号を外部出力し、前記許容ルータではないと判定した場合、画像信号の外部出力を制限する処理を含むことによって、情報処理装置が非許容ルータに接続されたことによる情報漏洩リスクを抑止する。 In the information processing apparatus of the present disclosure, the predetermined event is that the router is connected to an unacceptable router whose use is not permitted, and the determination means is whether or not the router is an acceptable router whose use is permitted. When it is determined that the control means is the permissible router, the control means outputs an image signal to the outside, and when it is determined that the control means is not the permissible router, the control means includes a process of limiting the external output of the image signal. , Suppress the risk of information leakage due to the information processing device being connected to an unacceptable router.
 本開示の情報処理装置において、前記制御手段は、前記画像信号の外部出力を制限している状態において、所定条件が成立した場合、前記画像信号の外部出力の制限を解除することによって、非許容ルータに接続された場合であっても、例えば、管理者等が情報漏洩リスクはないと判断したときは、画像信号の外部出力の制限を解除することが可能である。 In the information processing apparatus of the present disclosure, the control means is unacceptable by releasing the restriction on the external output of the image signal when a predetermined condition is satisfied in a state where the external output of the image signal is restricted. Even when connected to a router, for example, when the administrator or the like determines that there is no risk of information leakage, it is possible to remove the restriction on the external output of the image signal.
 本開示のプログラムは、使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置に実行させるプログラムであって、所定の事象が生じているか否かを判定する判定手段と、前記所定の事象が発生していると判定した場合、所定の処理を実行する制御手段と、して機能させることによって、情報処理装置における情報漏洩リスクを抑止する。 The program of the present disclosure is a program to be executed by an information processing apparatus having a display unit that displays an image according to a user's operation and capable of transmitting and receiving information via a network by connecting to a router. , Information processing by functioning as a determination means for determining whether or not a predetermined event has occurred and a control means for executing a predetermined process when it is determined that the predetermined event has occurred. Suppress the risk of information leakage in the device.
 本開示の情報処理装置の制御方法は、使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置の制御方法であって、所定の事象が生じているか否かを判定する判定ステップと、前記所定の事象が発生していると判定した場合、所定の処理を実行する制御ステップと、を実行することによって、情報処理装置における情報漏洩リスクを抑止する。 The control method of the information processing apparatus of the present disclosure includes a display unit that displays an image according to a user's operation, and controls an information processing apparatus capable of transmitting and receiving information via a network by connecting to a router. By executing a determination step for determining whether or not a predetermined event has occurred, and a control step for executing a predetermined process when it is determined that the predetermined event has occurred. , Suppress the risk of information leakage in information processing equipment.
 本開示によれば、情報漏洩リスクを抑止することが可能な技術を提供することができる。 According to this disclosure, it is possible to provide a technology capable of suppressing the risk of information leakage.
本開示の実施形態に係る全体システム構成図である。It is an overall system block diagram which concerns on embodiment of this disclosure. 図1に示した社員用端末100、VDIサーバ200、および、管理サーバ300に適用可能なハードウェア構成を示すブロック図である。FIG. 3 is a block diagram showing a hardware configuration applicable to the employee terminal 100, the VDI server 200, and the management server 300 shown in FIG. 1. 図1に示した社員用端末100、および、管理サーバ300の機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the employee terminal 100 and management server 300 shown in FIG. 撮影判定の例を示す図である。It is a figure which shows the example of the shooting determination. 使用許容ルータ判定の例を示す図である。It is a figure which shows the example of the use allowable router determination. 社員用端末100、VDIサーバ200、および、管理サーバにおける処理の例を示すフローチャートである。It is a flowchart which shows the example of the process in the employee terminal 100, the VDI server 200, and the management server. 社員用端末100におけるルータ認証処理の例を示すフローチャートである。It is a flowchart which shows the example of the router authentication processing in the employee terminal 100. 社員用端末100における撮影検知処理の例を示すフローチャートである。It is a flowchart which shows the example of the photographing detection processing in the employee terminal 100.
(本開示の概要)
 まず、本開示の概要について説明する。 (Summary of this disclosure)
First, the outline of the present disclosure will be described.
 本開示の情報漏洩リスク抑止技術は、パーソナルコンピュータ等の情報処理装置に具備または接続されるカメラによって、所定の事象として、第三者が所持するカメラやカメラ付携帯端末等の撮影装置の画像を検知したことによって、所定の処理を実行するというものである。この所定の処理には、所定の画像信号を出力する処理又は画像信号の出力を制限する処理を実行する処理、管理者端末に通知する処理、情報処理端末のログを記録する処理などが含まれる。 The information leakage risk suppression technology of the present disclosure uses a camera equipped or connected to an information processing device such as a personal computer to capture an image of a camera owned by a third party or a photographing device such as a mobile terminal with a camera as a predetermined event. By detecting it, a predetermined process is executed. This predetermined process includes a process of outputting a predetermined image signal or a process of limiting the output of the image signal, a process of notifying the administrator terminal, a process of recording a log of the information processing terminal, and the like. ..
 また、本開示の情報漏洩リスク抑止技術は、所定の事象として、情報処理装置が予め登録された使用許容ルータ以外のルータに接続された場合、所定の処理を実行するというものである。 Further, the information leakage risk suppression technology of the present disclosure is to execute a predetermined process when the information processing apparatus is connected to a router other than the pre-registered allowable use router as a predetermined event.
 以下、図面を参照しながら本開示を実施するための形態(以下、本開示の実施形態という)について詳細に説明する。 Hereinafter, a mode for carrying out the present disclosure (hereinafter referred to as an embodiment of the present disclosure) will be described in detail with reference to the drawings.
(全体システム構成)
 次に、本開示の実施形態に係る全体システム構成について説明する。図1は、本開示の実施形態に係る全体システム構成図である。本開示の実施形態に係る全体システム10は、情報処理装置である複数の社員用端末100、VDIサーバ200、管理サーバ300、複数の無線ルータA401~無線ルータEF404から構成される。社員用端末100の一つを管理者端末とすることができる。 (Overall system configuration)
Next, the overall system configuration according to the embodiment of the present disclosure will be described. FIG. 1 is an overall system configuration diagram according to an embodiment of the present disclosure. The overall system 10 according to the embodiment of the present disclosure is composed of a plurality of employee terminals 100, a VDI server 200, a management server 300, and a plurality of wireless routers A401 to EF404, which are information processing devices. One of the employee terminals 100 can be an administrator terminal.
 会社内で業務を行う社員が使用する社員用端末である社員1端末100a、社員2端末100b、および、社員3端末100cは社内に設置された無線ルータA401に接続され、社内ネットワーク(例えば、LAN)を介してVDIサーバ200や管理サーバ300に接続される。 Employee 1 terminal 100a, employee 2 terminal 100b, and employee 3 terminal 100c, which are employee terminals used by employees working in the company, are connected to the wireless router A401 installed in the company and are connected to the company network (for example, LAN). ) Is connected to the VDI server 200 and the management server 300.
 また、社外1(例えば、自宅)で業務を行う社員が使用する社員用端末である社員4端末100dは、自宅に設置された無線ルータAB402に接続され、インターネット500を介してVDIサーバ200や管理サーバ300に接続される。 Further, the employee 4 terminal 100d, which is an employee terminal used by an employee who works outside the company 1 (for example, at home), is connected to the wireless router AB402 installed at home, and is managed by the VDI server 200 via the Internet 500. Connected to the server 300.
 また、社外2(例えば、他社の会議室)で打合せを行う社員が使用する社員用端末である社員5端末100eは、他社内に設置された無線ルータCD403に接続され、インターネット500を介してVDIサーバ200や管理サーバ300に接続される。 Further, the employee 5 terminal 100e, which is an employee terminal used by an employee who has a meeting in an outside company 2 (for example, a conference room of another company), is connected to a wireless router CD403 installed in the other company and is connected to a VDI via the Internet 500. It is connected to the server 200 and the management server 300.
 また、社外3(例えば、シェアオフィス)で業務を行う社員が使用する社員用端末である社員6端末100fは、シェアオフィス内に設置された無線ルータEF404に接続され、インターネット500を介してVDIサーバ200や管理サーバ300に接続される。 Further, the employee 6 terminal 100f, which is an employee terminal used by an employee who works in an external 3 (for example, a shared office), is connected to a wireless router EF404 installed in the shared office and is a VDI server via the Internet 500. It is connected to 200 and the management server 300.
 社員用端末100は、VDIサーバ200、および、管理サーバ300とそれぞれ通信するクライアントとして動作する。この社員用端末100は、ノートブック型パーソナルコンピュータやデスクトップ型パーソナルコンピュータであってもよいし、タブレットコンピュータであってもよい。また、社員用端末100は、シンクライアント端末であってもよい。 The employee terminal 100 operates as a client that communicates with the VDI server 200 and the management server 300, respectively. The employee terminal 100 may be a notebook type personal computer, a desktop type personal computer, or a tablet computer. Further, the employee terminal 100 may be a thin client terminal.
 管理サーバ300は、社員用端末100が正当なものであるかを認証する機能、および、社員用端末100に、必要に応じて各種データや各種プログラム等の情報を送信する機能を有する。また、管理サーバ300は、各社員の社員用端末100の稼働時間に基づいて業務時間を管理する機能、更新情報を社員用端末100に送信する機能、および、ワンタイムパスワードを生成し社員用端末100に送信する機能を有する。また、管理サーバ300は、社員用端末100の使用者が不特定の使用者であった場合又は撮影装置で撮影している撮影装置特定情報を受信した場合に、管理者端末に通知してもよい。 The management server 300 has a function of authenticating whether the employee terminal 100 is legitimate and a function of transmitting information such as various data and various programs to the employee terminal 100 as needed. Further, the management server 300 has a function of managing business hours based on the operating time of the employee terminal 100 of each employee, a function of transmitting update information to the employee terminal 100, and a function of generating a one-time password to the employee terminal. It has a function of transmitting to 100. Further, the management server 300 may notify the administrator terminal when the user of the employee terminal 100 is an unspecified user or when the user receives the photographing device specific information taken by the photographing device. good.
 VDIサーバ200は、仮想デスクトップ基盤(VDI)を使用して仮想デスクトップ環境を社員用端末100に提供するように構成されたサーバとして機能する。なお、仮想デスクトップ環境を提供するためにデスクトップ仮想化を実現する技術は複数知られているが、本開示の実施形態では、VDIを用いて説明する。 The VDI server 200 functions as a server configured to provide a virtual desktop environment to the employee terminal 100 using a virtual desktop infrastructure (VDI). Although a plurality of techniques for realizing desktop virtualization for providing a virtual desktop environment are known, in the embodiment of the present disclosure, VDI will be used for description.
 VDIサーバ200は、仮想デスクトップ環境を提供するために、社員用端末100上における各種の操作情報を受信し、社員用端末100の画面に表示する画像情報や、画面の更新箇所に対応する画像情報を送信する。社員用端末100では、この画像情報に応じた画面が表示されることにより、VDIサーバ200上で実行される仮想デスクトップ環境が、社員用端末100上で動作するデスクトップ環境と同様に使用することができる。なお、仮想デスクトップ環境を使用した作業の状況は記録されるようにしてもよい。特に所定の事象を検知した後においては社員用端末100のログを記憶するようにしてもよい。 In order to provide a virtual desktop environment, the VDI server 200 receives various operation information on the employee terminal 100 and displays the image information on the screen of the employee terminal 100 and the image information corresponding to the updated part of the screen. To send. By displaying the screen corresponding to this image information on the employee terminal 100, the virtual desktop environment executed on the VDI server 200 can be used in the same manner as the desktop environment operating on the employee terminal 100. can. The status of work using the virtual desktop environment may be recorded. In particular, after detecting a predetermined event, the log of the employee terminal 100 may be stored.
 なお、本開示の実施形態に係る全体システム構成において、VDIサーバ200は必須の構成ではない。また、VDIサーバ200を使用しない場合、会社内にある端末(例えば、会社内での作業に使用する社員用端末100)に、社外の社員用端末100からリモート接続することによりリモートデスクトップ環境を用いるようにしてもよい。 The VDI server 200 is not an essential configuration in the overall system configuration according to the embodiment of the present disclosure. When the VDI server 200 is not used, a remote desktop environment is used by remotely connecting to a terminal inside the company (for example, an employee terminal 100 used for work in the company) from an external employee terminal 100. You may do so.
(社員用端末100、VDIサーバ200、および、管理サーバ300に適用可能なハードウェア構成)
 次に、社員用端末100、VDIサーバ200、および、管理サーバ300に適用可能なハードウェア構成について説明する。図2は、図1に示した社員用端末100、VDIサーバ200、および、管理サーバ300に適用可能なハードウェア構成を示すブロック図である。 (Hardware configuration applicable to employee terminal 100, VDI server 200, and management server 300)
Next, the hardware configuration applicable to the employee terminal 100, the VDI server 200, and the management server 300 will be described. FIG. 2 is a block diagram showing a hardware configuration applicable to the employee terminal 100, the VDI server 200, and the management server 300 shown in FIG.
 CPU701は、システムバス720に接続される各デバイス等の統括制御を行う。また、ROM702や記憶装置704には、CPU701の制御プログラムである基本入出力システム(BIOS)やオペレーティングシステム(OS)が記憶されている。ROM702や記憶装置704には、社員用端末100であれば、社員用端末100として機能するために必要な各種プログラム等が記憶され、VDIサーバ200であれば、VDIサーバ200として機能するために必要な各種プログラム等が記憶され、管理サーバ300であれば、管理サーバ300として機能するために必要な各種プログラム等が記憶される。また、社員用端末100であれば、所定の事象を検知した後における社員用端末100のログは、記憶装置704に記憶される。 The CPU 701 performs integrated control of each device connected to the system bus 720. Further, the ROM 702 and the storage device 704 store a basic input / output system (BIOS) and an operating system (OS), which are control programs of the CPU 701. The ROM 702 and the storage device 704 store various programs and the like necessary for functioning as the employee terminal 100 in the case of the employee terminal 100, and are necessary for functioning as the VDI server 200 in the case of the VDI server 200. Various programs and the like are stored, and in the case of the management server 300, various programs and the like necessary for functioning as the management server 300 are stored. Further, in the case of the employee terminal 100, the log of the employee terminal 100 after detecting a predetermined event is stored in the storage device 704.
 RAM703は、CPU701のメインメモリやワークエリア等として機能する。CPU701は、各種処理の実行において必要なプログラム等をROM702または記憶装置704からRAM703に読み込んで、この読み込んだプログラム等を実行することによって各種動作を実現する。 The RAM 703 functions as the main memory, work area, etc. of the CPU 701. The CPU 701 reads a program or the like necessary for executing various processes from the ROM 702 or the storage device 704 into the RAM 703, and executes the read program or the like to realize various operations.
 通信I/F(通信インターフェース)705は、ネットワーク(LANやインターネット)を介して外部装置と通信するものであり、ネットワークでの通信制御処理(例えば、TCP/IPを用いた通信等)を実行する。 The communication I / F (communication interface) 705 communicates with an external device via a network (LAN or Internet), and executes communication control processing (for example, communication using TCP / IP) on the network. ..
 カメラ(撮影手段)706は、例えば、ディスプレイ(表示部)711が設けられた面の上方に設けられており、ディスプレイ711を見ている操作者側の映像を撮影するものである。また、カメラ706には、広角レンズが装備されており、操作者および操作者の周囲の映像も撮影可能である。なお、カメラ706を設ける位置については、操作者および操作者の周囲の映像が撮影可能な位置であればよい。 The camera (shooting means) 706 is provided, for example, above the surface on which the display (display unit) 711 is provided, and shoots an image on the operator side looking at the display 711. Further, the camera 706 is equipped with a wide-angle lens, and can capture images of the operator and the surroundings of the operator. The position where the camera 706 is provided may be any position as long as the operator and the image around the operator can be photographed.
 スピーカ707は、各種の音を出力するものであり、マイク708は、操作者の音声や周囲の音を入力するものである。入力装置709は、キーボードやマウス等である。 The speaker 707 outputs various sounds, and the microphone 708 inputs the operator's voice and surrounding sounds. The input device 709 is a keyboard, a mouse, or the like.
 グラフィックボード710は、映像信号を出力するものであり、ディスプレイ711が接続されている。また、グラフィックボード710は、例えば、HDMI(登録商標)端子やアナログRGB出力端子等の映像出力I/F(映像出力インターフェース)712を有しており、映像出力I/F712に接続された映像機器(ディスプレイ、プロジェクタ等)に映像信号を出力する。 The graphic board 710 outputs a video signal, and a display 711 is connected to it. Further, the graphic board 710 has a video output I / F (video output interface) 712 such as an HDMI (registered trademark) terminal and an analog RGB output terminal, and is a video device connected to the video output I / F 712. Output a video signal to (display, projector, etc.).
(社員用端末100、および、管理サーバ300の機能構成)
 次に、社員用端末100、および、管理サーバ300の機能構成について説明する。図3は、図1に示した社員用端末100、および、管理サーバ300の機能構成を示すブロック図である。 (Functional configuration of employee terminal 100 and management server 300)
Next, the functional configurations of the employee terminal 100 and the management server 300 will be described. FIG. 3 is a block diagram showing a functional configuration of the employee terminal 100 and the management server 300 shown in FIG.
 画像入力部(撮影手段)101は、カメラ706により撮影された画像データを使用者認証部102、および、撮影判定部104に送信する。なお、画像入力部は、例えば、1秒間に10枚の画像データを送信するように設定されているため、フレームレートは10fpsである。 The image input unit (shooting means) 101 transmits the image data taken by the camera 706 to the user authentication unit 102 and the shooting determination unit 104. Since the image input unit is set to transmit 10 image data per second, for example, the frame rate is 10 fps.
 使用者顔画像データ記憶部103には、社員用端末100の使用が許可された各使用者(社員)の使用者ID(使用者識別子)と対応付けられて顔画像データと、顔画像データにおける特徴を示す特徴量データ等からなる使用者顔画像データが記憶されている。 In the user face image data storage unit 103, the face image data and the face image data are associated with the user ID (user identifier) of each user (employee) who is permitted to use the employee terminal 100. User face image data including feature amount data showing features is stored.
 使用者判定部(判定手段)102は、画像入力部101から受信した画像データに含まれる顔画像データを特定する。そして、特定した顔画像データと使用者顔画像データ記憶部103に記憶された使用者顔画像データとを照合し、使用者顔画像データの中に一致度が所定レベル(例えば、80%)以上であるデータがあるか否かを判定する。そして、使用者顔画像データの中に一致度が所定レベル以上であるデータが存在すると判定した場合、画像入力部101から受信した画像データに含まれる顔画像データは、社員用端末100の使用が許可された使用者の顔画像データであると判定し、この使用者顔画像データに対応付けられた使用者IDを含む使用者特定情報を漏洩防止制御部109に送信する。使用者判定部102は、使用者判定結果情報を随時、つまり、画像入力部101のフレームレートが10fpsであるので、1秒間に約10回、漏洩防止制御部109に送信する。なお、使用者判定部102は、画像入力部101から受信した画像データから顔画像データが特定できない場合、顔画像データが特定できないことを示す使用者不特定情報を漏洩防止制御部109に送信する。なお、使用者判定部102は、機械学習等を活用したAI(人工知能)によるAIモデルであってもよい。そして、このようにした場合、例えば、管理サーバ300から社員用端末100に送信されるAIモデルによって、使用者判定部102のAIモデルが更新されるようにしてもよい。 The user determination unit (determination means) 102 specifies the face image data included in the image data received from the image input unit 101. Then, the specified face image data is collated with the user face image data stored in the user face image data storage unit 103, and the degree of matching in the user face image data is at least a predetermined level (for example, 80%). It is determined whether or not there is data that is. When it is determined that the user face image data contains data having a degree of matching of a predetermined level or higher, the face image data included in the image data received from the image input unit 101 can be used by the employee terminal 100. It is determined that the user's face image data is permitted, and the user identification information including the user ID associated with the user's face image data is transmitted to the leakage prevention control unit 109. The user determination unit 102 transmits the user determination result information to the leakage prevention control unit 109 at any time, that is, since the frame rate of the image input unit 101 is 10 fps, about 10 times per second. When the face image data cannot be specified from the image data received from the image input unit 101, the user determination unit 102 transmits the user unspecified information indicating that the face image data cannot be specified to the leakage prevention control unit 109. .. The user determination unit 102 may be an AI model based on AI (artificial intelligence) utilizing machine learning or the like. Then, in this case, for example, the AI model of the user determination unit 102 may be updated by the AI model transmitted from the management server 300 to the employee terminal 100.
 撮影判定用画像データ記憶部105には、撮影装置である複数のカメラの各形状に対応した複数のカメラ画像データや、複数のカメラ付携帯端末の各形状に対応した複数のカメラ付携帯端末画像データ等からなる複数の撮影装置画像データが記憶されている。なお、撮影判定用画像データ記憶部105に記憶される撮影装置画像データは、撮影判定部104による検知速度を優先するため、カメラやカメラ付携帯端末の輪郭の特徴を示す輪郭画像データ等の簡素な画像データとしている。 The image data storage unit 105 for shooting determination contains a plurality of camera image data corresponding to each shape of a plurality of cameras as a shooting device, and a plurality of camera-equipped mobile terminal images corresponding to each shape of a plurality of camera-equipped mobile terminals. A plurality of image data of a plurality of photographing devices including data and the like are stored. Since the image data of the imaging device stored in the image data storage unit 105 for imaging determination gives priority to the detection speed by the imaging determination unit 104, the contour image data indicating the characteristics of the contour of the camera or the portable terminal with a camera is simplified. Image data.
 撮影判定部(判定手段)104は、撮影判定用画像データ記憶部105に記憶された撮影装置判定用画像データを読み込み、画像入力部101から受信した画像データにおいて撮影装置判定用画像データと一致する画像があるか否かを判定する。そして、撮影装置判定用画像データとの一致度が所定レベル(例えば、60%)以上であるデータが存在すると判定した場合、画像入力部101から受信した画像データには、撮影装置画像データが含まれていると判定する。 The imaging determination unit (determination means) 104 reads the imaging device determination image data stored in the imaging determination image data storage unit 105, and the image data received from the image input unit 101 matches the imaging device determination image data. Determine if there is an image. When it is determined that there is data having a degree of matching with the image data for determining the photographing device at a predetermined level (for example, 60%) or more, the image data received from the image input unit 101 includes the image data of the photographing device. It is determined that it is.
 また、撮影判定部104は、撮影装置画像データが含まれていると判定した場合、画像入力部101から受信した次回以降の画像データにおいても、前回と同様の撮影装置判定用画像データと一致する画像があるか否かを判定する。撮影判定部104は、このような判定を所定回数(例えば、計3回)実行することにより、各画像データにおいて同じ撮影装置画像データが存在するか否かを判定する。また、各画像データにおいて同じ撮影装置画像データが存在する場合、この撮影装置画像データの軌跡が設定範囲内であるか否かを判定する。そして、各画像データにおいて同じ撮影装置画像データが存在し、かつ、この撮影装置画像データの軌跡が設定範囲(例えば、撮影装置画像データのサイズの1.2倍の領域)内であると判定した場合、撮影装置により社員用端末100の画面が撮影される可能性があると判定する。撮影装置により社員用端末100の画面が撮影される可能性があると判定した場合、撮影装置特定情報を漏洩防止制御部109に送信する。なお、撮影装置画像データの軌跡が設定範囲を超えている場合、撮影装置は移動しているため、撮影装置により社員用端末100の画面を撮影する意図はないと判断する。 Further, when the photographing determination unit 104 determines that the image data of the photographing device is included, the image data for the next time or later received from the image input unit 101 also matches the same image data for determining the photographing device as the previous time. Determine if there is an image. By executing such a determination a predetermined number of times (for example, a total of three times), the imaging determination unit 104 determines whether or not the same imaging device image data exists in each image data. Further, when the same image pickup device image data exists in each image data, it is determined whether or not the locus of the image pickup device image data is within the set range. Then, it was determined that the same image data of the imaging device exists in each image data, and that the locus of the image data of the imaging device is within the set range (for example, a region 1.2 times the size of the image data of the imaging device). In this case, it is determined that the screen of the employee terminal 100 may be photographed by the photographing device. When it is determined that the screen of the employee terminal 100 may be photographed by the photographing device, the photographing device specific information is transmitted to the leakage prevention control unit 109. If the locus of the image data of the photographing device exceeds the set range, it is determined that the photographing device does not intend to photograph the screen of the employee terminal 100 because the photographing device is moving.
 撮影判定部104は、撮影装置特定情報の送信後において画像入力部101から受信した画像データに撮影装置判定用画像データと一致する画像が含まれていない(撮影装置画像データが存在しない)と判定した場合、漏洩防止制御部109に撮影装置不特定情報を送信する。なお、撮影判定部104は、画像入力部101から受信した画像データに含まれる撮影装置画像データの大きさが撮影装置毎に設定したサイズ(設定画素数)よりも小さい場合は、社員用端末100の画面の撮影が困難な距離であるため、撮影装置画像データが含まれていると判定しない。なお、撮影判定部104は、機械学習等を活用したAI(人工知能)によるAIモデルであってもよい。そして、このようにした場合、例えば、管理サーバ300から社員用端末100に送信されるAIモデルによって、撮影判定部104のAIモデルが更新されるようにしてもよい。 The photographing determination unit 104 determines that the image data received from the image input unit 101 after the transmission of the photographing device specific information does not include an image matching the image data for determining the photographing device (the image data of the photographing device does not exist). If so, the image pickup device unspecified information is transmitted to the leakage prevention control unit 109. If the size of the image data of the photographing device included in the image data received from the image input unit 101 is smaller than the size (set number of pixels) set for each photographing device, the photographing determination unit 104 sets the employee terminal 100. Since it is difficult to shoot the screen of the camera, it is not determined that the image data of the shooting device is included. The photographing determination unit 104 may be an AI model based on AI (artificial intelligence) utilizing machine learning or the like. Then, in this case, for example, the AI model of the shooting determination unit 104 may be updated by the AI model transmitted from the management server 300 to the employee terminal 100.
 使用許容ルータデータ記憶部107には、使用許容ルータデータとして、社員用端末100の接続が許可された無線ルータ(使用許容ルータ)のSSID(サービスセット識別子)が記憶されている。 The allowable use router data storage unit 107 stores the SSID (service set identifier) of the wireless router (allowable use router) to which the connection of the employee terminal 100 is permitted as the allowable use router data.
 ルータ判定部(判定手段)106は、社員用端末100が接続された無線ルータのSSIDが使用許容ルータデータ記憶部107に記憶された使用許容ルータのSSIDに該当するか否かを判定する。社員用端末100が接続された無線ルータのSSIDが使用許容ルータのSSIDに該当すると判定した場合、使用許容ルータのSSIDと使用者IDを含む使用許可ルータ接続情報を漏洩防止制御部109に送信する。また、社員用端末100が接続された無線ルータのSSIDが、使用許容ルータのSSIDに該当しないと判定した場合、使用不許可ルータのSSIDと使用者IDを含む使用不許可ルータ接続情報を漏洩防止制御部109に送信する。 The router determination unit (determination means) 106 determines whether or not the SSID of the wireless router to which the employee terminal 100 is connected corresponds to the SSID of the allowable use router stored in the allowable use router data storage unit 107. When it is determined that the SSID of the wireless router to which the employee terminal 100 is connected corresponds to the SSID of the allowable use router, the permission router connection information including the SSID of the allowable use router and the user ID is transmitted to the leakage prevention control unit 109. .. Further, when it is determined that the SSID of the wireless router to which the employee terminal 100 is connected does not correspond to the SSID of the permitted use router, the leakage prevention of the unauthorized router connection information including the SSID of the unauthorized router and the user ID is prevented. It is transmitted to the control unit 109.
 漏洩防止制御部(制御手段)109は、所定の事象として、使用者判定部102から使用者不特定情報を受信した場合、および、撮影判定部104から撮影装置特定情報を受信した場合、所定の画像信号を出力する処理又は画像信号の出力を制限する処理を実行する処理、管理者端末に通知する処理、情報処理端末のログを記録する処理などの所定の処理を実行する。漏洩防止制御部109は、所定の画像信号を出力する処理として、ディスプレイ711への画像信号を現在の画像信号(第1画像)からスクリーンセイバー画像信号(第2画像)に変更して出力する。なお、スクリーンセイバー画像信号以外の信号に変更して出力するようにしてもよい。また、ポップアップ画像を出力するようにしてもい。漏洩防止制御部109は、所定の事象が発生した場合にバックグラウンドで管理者端末に通知するようにしてもよい。このとき、漏洩防止制御部109は、画面の情報を変えずに管理者端末に通知するようにしてもよい。
 また、撮影装置特定情報を受信した場合、稼働時間管理部301に使用者IDを含む撮影検知情報を送信する。 When the leak prevention control unit (control means) 109 receives the user unspecified information from the user determination unit 102 and receives the image pickup device specific information from the image pickup determination unit 104 as a predetermined event, the leak prevention control unit (control means) 109 is predetermined. A predetermined process such as a process of outputting an image signal or a process of limiting the output of an image signal, a process of notifying an administrator terminal, and a process of recording a log of an information processing terminal is executed. As a process of outputting a predetermined image signal, the leakage prevention control unit 109 changes the image signal to the display 711 from the current image signal (first image) to a screen saver image signal (second image) and outputs the image signal. It should be noted that the signal may be changed to a signal other than the screen saver image signal and output. You can also output a pop-up image. The leak prevention control unit 109 may notify the administrator terminal in the background when a predetermined event occurs. At this time, the leakage prevention control unit 109 may notify the administrator terminal without changing the information on the screen.
Further, when the photographing device specific information is received, the photographing detection information including the user ID is transmitted to the operating time management unit 301.
 また、漏洩防止制御部109は、ルータ判定部106から使用許可ルータ接続情報、または、使用不許可ルータ接続情報を受信した場合、稼働時間管理部301に稼働情報を送信する。そして、使用許可ルータ接続情報、または、使用不許可ルータ接続情報に含まれるSSIDを接続先ルータ情報として記憶する。なお、新たに受信した使用許可ルータ接続情報、または、使用不許可ルータ接続情報に含まれるSSIDが記憶している接続先ルータ情報のSSIDと異なる場合、新たに受信した使用許可ルータ接続情報、または、使用不許可ルータ接続情報に含まれるSSIDを新たな接続先ルータ情報として記憶する。 Further, when the leakage prevention control unit 109 receives the usage permission router connection information or the usage permission router connection information from the router determination unit 106, the leakage prevention control unit 109 transmits the operation information to the operation time management unit 301. Then, the SSID included in the licensed router connection information or the licensed router connection information is stored as the connection destination router information. If the newly received SSID of the licensed router connection information or the SSID included in the disallowed router connection information is different from the SSID of the connection destination router information stored, the newly received licensed router connection information or , The SSID included in the unauthorized router connection information is stored as new connection destination router information.
 また、漏洩防止制御部109は、ルータ判定部106から使用不可ルータ接続情報を受信した場合、映像出力部108における映像出力I/F(外部出力)712を無効化(映像信号の出力を停止)する。漏洩防止制御部109は、映像出力部108における映像出力I/F712の無効化後においてパスワード入力部110から送信されたワンタイムパスワードが、後述するパスワード生成部309から受信したワンタイムパスワードと一致した場合、映像出力部108における映像出力I/F712を有効化(映像信号の出力を許容)する。
 漏洩防止制御部109は、ルータ判定部106から使用不可ルータ接続情報を受信した場合、ディスプレイ711への画像信号を現在の画像信号からスクリーンセイバー画像信号に変更するように別の画像信号を出力するようにしてもよい。ポップアップ画像を出力するようにしてもよい。また、管理サーバ300を介して管理者端末に通知するようにしてもよい。さらに、対象となる社員用端末100のログを記録するようにして、後で解析をすることができるようにしてもよい。 Further, when the leakage prevention control unit 109 receives the unusable router connection information from the router determination unit 106, the leakage prevention control unit 109 invalidates the video output I / F (external output) 712 in the video output unit 108 (stops the output of the video signal). do. In the leak prevention control unit 109, the one-time password transmitted from the password input unit 110 after the video output I / F 712 in the video output unit 108 was invalidated matched the one-time password received from the password generation unit 309 described later. In this case, the video output I / F 712 in the video output unit 108 is enabled (the output of the video signal is allowed).
When the leakage prevention control unit 109 receives the unusable router connection information from the router determination unit 106, it outputs another image signal so as to change the image signal to the display 711 from the current image signal to the screen saver image signal. You may do it. A pop-up image may be output. Further, the administrator terminal may be notified via the management server 300. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
 稼働時間管理部301は、漏洩防止制御部109から受信した稼働情報、撮影検知情報、解除情報等に基づいて社員用端末100の稼働時間を管理する。稼働時間管理部301は、社員用端末100の稼働が終了した場合、社員用端末100の稼働時間を稼働時間記憶部302に記憶させる。 The operating time management unit 301 manages the operating time of the employee terminal 100 based on the operation information, the shooting detection information, the cancellation information, etc. received from the leak prevention control unit 109. When the operation of the employee terminal 100 is completed, the operating time management unit 301 stores the operating time of the employee terminal 100 in the operating time storage unit 302.
 使用者顔画像データ更新部303は、使用者顔画像データ登録部304に登録された使用者顔画像データが更新されたか否かを判定し、使用者顔画像データが更新されたと判定した場合、更新された使用者顔画像データ(新たな使用者顔画像データ)を漏洩防止制御部109に送信する。漏洩防止制御部109は、使用者顔画像データ更新部303から新たな使用者顔画像データを受信すると、使用者顔画像データ記憶部103に記憶された使用者顔画像データを新たな使用者顔画像データに更新する。 When the user face image data update unit 303 determines whether or not the user face image data registered in the user face image data registration unit 304 has been updated and determines that the user face image data has been updated, the user face image data update unit 303 determines whether or not the user face image data has been updated. The updated user face image data (new user face image data) is transmitted to the leakage prevention control unit 109. When the leakage prevention control unit 109 receives new user face image data from the user face image data update unit 303, the leak prevention control unit 109 uses the user face image data stored in the user face image data storage unit 103 as the new user face. Update to image data.
 撮影判定用データ更新部305は、撮影判定用画像データ登録部306に登録された撮影装置判定用画像データが更新されたか否かを判定し、撮影装置判定用画像データが更新されたと判定した場合、更新された撮影装置判定用画像データ(新たな撮影装置判定用画像データ)を漏洩防止制御部109に送信する。漏洩防止制御部109は、撮影判定用データ更新部305から新たな撮影装置判定用画像データを受信すると、撮影判定用画像データ記憶部105に記憶された撮影装置判定用画像データを新たな撮影装置判定用画像データに更新する。 When the shooting determination data update unit 305 determines whether or not the shooting device determination image data registered in the shooting determination image data registration unit 306 has been updated, and determines that the shooting device determination image data has been updated. , The updated image data for determining the photographing device (new image data for determining the photographing device) is transmitted to the leakage prevention control unit 109. When the leakage prevention control unit 109 receives new image data for image determination for image capture from the image data update unit 305 for image determination, the leak prevention control unit 109 uses the image data for image image determination for image capture stored in the image data storage unit 105 for image determination as a new image device. Update to the image data for judgment.
 使用許容ルータ更新部307は、使用許容ルータ登録部308に登録された使用許容ルータデータが更新されたか否かを判定し、使用許容ルータデータが更新されたと判定した場合、更新された使用許容ルータデータ(新たな使用許容ルータデータ)を漏洩防止制御部109に送信する。漏洩防止制御部109は、使用許容ルータ更新部307から新たな使用許容ルータデータを受信すると、使用許容ルータデータ記憶部107に記憶された使用許容ルータデータを新たな使用許容ルータデータに更新する。 The permissible use router update unit 307 determines whether or not the permissible use router data registered in the permissible use router registration unit 308 has been updated, and if it is determined that the permissible use router data has been updated, the updated permissible use router has been updated. Data (new usage allowable router data) is transmitted to the leakage prevention control unit 109. When the leakage prevention control unit 109 receives new use-allowed router data from the use-allowed router update unit 307, the leak-prevention control unit 109 updates the use-allowed router data stored in the use-allowed router data storage unit 107 with new use-allowed router data.
 パスワード生成部309は、外部端末(例えば、管理者(上長)等が使用する社員用端末100)からワンタイムパスワードの生成要求を受信した場合、ワンタイムパスワードを生成し、生成したワンタイムパスワードを漏洩防止制御部109および外部端末に送信する。漏洩防止制御部109は、パスワード生成部309から受信したワンタイムパスワードとパスワード入力部110から受信したワンタイムパスワード(例えば、管理者等から伝えられ、使用者が入力したワンタイムパスワード)が一致するか否かを判定する。漏洩防止制御部109は、ワンタイムパスワードが一致した場合、使用不可ルータのSSIDを一時使用が許可されたルータ(一時使用許可ルータ)のSSIDとして記憶する。 When the password generation unit 309 receives a one-time password generation request from an external terminal (for example, an employee terminal 100 used by an administrator (superior) or the like), the password generation unit 309 generates a one-time password and generates the one-time password. Is transmitted to the leakage prevention control unit 109 and the external terminal. The leak prevention control unit 109 matches the one-time password received from the password generation unit 309 with the one-time password received from the password input unit 110 (for example, the one-time password transmitted from the administrator or the like and input by the user). Judge whether or not. When the one-time passwords match, the leakage prevention control unit 109 stores the SSID of the unusable router as the SSID of the router for which temporary use is permitted (temporary use permitted router).
(撮影判定の例)
 次に撮影判定の例について説明する。図4は、撮影判定の例を示す図である。 (Example of shooting judgment)
Next, an example of shooting determination will be described. FIG. 4 is a diagram showing an example of shooting determination.
 図4(a)は、撮影装置により社員用端末100の画面が撮像される可能性があると判定される例を示している。この図に示すように、使用者画像の周囲にカメラ付携帯端末画像G01(または、カメラ画像G02)が撮影装置毎に設定したサイズ以上であり、かつ、カメラ付携帯端末画像G01(または、カメラ画像G02)の軌跡が設定範囲内にあると判定した場合、撮影装置により社員用端末100の画面が撮像される可能性があると判定される。そして、撮影装置により社員用端末100の画面が撮像される可能性があると判定された場合、スクリーンセイバー画像を表示する。スクリーンセイバー画像のように第1画像から第2画像に表示を変更するのに代えて、ポップアップ画像のように現在の画像に別の画像を重ねて表示するようにしてもよい。画像(映像)出力を遮断してもよい。また、管理者端末に通知し、又は対象となる社員用端末100のログを記録するようにしてもよい。また、例えば、所定の解除処理等が行われた場合、通常の状態にする。 FIG. 4A shows an example in which it is determined that the screen of the employee terminal 100 may be imaged by the photographing device. As shown in this figure, the camera-equipped portable terminal image G01 (or camera image G02) is larger than the size set for each photographing device around the user image, and the camera-equipped portable terminal image G01 (or camera) is used. When it is determined that the locus of the image G02) is within the set range, it is determined that the screen of the employee terminal 100 may be imaged by the photographing device. Then, when it is determined that the screen of the employee terminal 100 may be imaged by the photographing device, the screen saver image is displayed. Instead of changing the display from the first image to the second image as in the screen saver image, another image may be superimposed and displayed on the current image as in the pop-up image. Image (video) output may be blocked. Further, the administrator terminal may be notified or the log of the target employee terminal 100 may be recorded. Further, for example, when a predetermined release process or the like is performed, the normal state is set.
 図4(b)は、撮影装置により社員用端末100の画面が撮像される可能性がないと判定される例を示している。この図に示すように、使用者画像の周囲にカメラ付携帯端末画像G01(または、カメラ画像G02)が撮影装置毎に設定したサイズ以下であると判定した場合、または、カメラ付携帯端末画像G01(または、カメラ画像G02)が撮影装置毎に設定したサイズ以上であってもカメラ付携帯端末画像G01(または、カメラ画像G02)の軌跡が設定範囲を超えていると判定した場合、撮影装置により社員用端末100の画面が撮像される可能性がないと判定される。 FIG. 4B shows an example in which it is determined that there is no possibility that the screen of the employee terminal 100 is imaged by the photographing device. As shown in this figure, when it is determined that the camera-equipped mobile terminal image G01 (or camera image G02) is smaller than or equal to the size set for each photographing device around the user image, or the camera-equipped mobile terminal image G01. (Or, even if the size of the camera image G02 is larger than the size set for each shooting device, if it is determined that the trajectory of the camera-equipped portable terminal image G01 (or camera image G02) exceeds the set range, the shooting device determines. It is determined that there is no possibility that the screen of the employee terminal 100 will be imaged.
(使用許容ルータ判定の例)
 次に使用許容ルータ判定の例について説明する。図5は、使用許容ルータ判定の例を示す図である。 (Example of allowable router judgment)
Next, an example of determining the allowable router will be described. FIG. 5 is a diagram showing an example of determination of an allowable router.
 図5(a)は、使用許容ルータデータに登録された無線ルータに接続した場合の例を示している。この図に示すように、社員用端末100が接続した無線ルータが使用許容ルータデータに登録された無線ルータA401であると判定された場合、外部への映像出力が有効化(ON)される。 FIG. 5A shows an example when connecting to a wireless router registered in the allowable use router data. As shown in this figure, when it is determined that the wireless router to which the employee terminal 100 is connected is the wireless router A401 registered in the allowable use router data, the video output to the outside is enabled (ON).
 図5(b)は、使用許容ルータデータに登録されていない無線ルータに接続した場合の例を示している。この図に示すように、社員用端末100が接続した無線ルータが使用許容ルータデータに登録されていない無線ルータAB402である場合、外部への映像出力が無効化(OFF)される。そして、外部への映像出力が無効化(OFF)された場合、ワンタイムワードが入力され、この入力されたワンタイムパスワードが認証された場合、外部への映像出力が有効化される。このように映像出力の制限に代えて、現在の画像に代えて別の画像を表示したり、現在の画像に重ねて別の画像を表示したりするようにしてもよい。また、管理者端末に通知し、又は対象となる社員用端末100のログを記録するようにしてもよい。この場合も、ワンタイムパスワードの入力によって別の画像の表示が終了されるようにしてもよい。 FIG. 5B shows an example when connecting to a wireless router that is not registered in the allowable router data. As shown in this figure, when the wireless router to which the employee terminal 100 is connected is the wireless router AB402 which is not registered in the allowable router data, the video output to the outside is invalidated (OFF). Then, when the video output to the outside is invalidated (OFF), a one-time word is input, and when the input one-time password is authenticated, the video output to the outside is enabled. In this way, instead of limiting the video output, another image may be displayed instead of the current image, or another image may be displayed overlaid on the current image. Further, the administrator terminal may be notified or the log of the target employee terminal 100 may be recorded. In this case as well, the display of another image may be terminated by inputting the one-time password.
(社員用端末100、VDIサーバ200、および、管理サーバにおける処理の例)
 次に社員用端末100、VDIサーバ200、および、管理サーバにおける処理の例について説明する。図6は、社員用端末100、VDIサーバ200、および、管理サーバにおける処理の例を示すフローチャートである。 (Example of processing in employee terminal 100, VDI server 200, and management server)
Next, an example of processing in the employee terminal 100, the VDI server 200, and the management server will be described. FIG. 6 is a flowchart showing an example of processing in the employee terminal 100, the VDI server 200, and the management server.
 社員用端末100において、まず、ログイン処理を実行する(S101)。このログイン処理では使用者を撮影し、撮影した画像データから特定された顔画像データと使用者顔画像データとを照合することにより、使用者の顔画像認証を実行する。 First, the login process is executed on the employee terminal 100 (S101). In this login process, the user is photographed, and the user's face image authentication is executed by collating the face image data specified from the photographed image data with the user's face image data.
 続いて、ログイン処理において使用者の顔画像が認証されたか否かを判定する(S102)。使用者の顔画像が認証されたと判定した場合、S103に処理を進める。一方、使用者の顔画像が認証されないと判定した場合、S101に処理を進める。 Subsequently, it is determined whether or not the user's face image has been authenticated in the login process (S102). If it is determined that the user's face image has been authenticated, the process proceeds to S103. On the other hand, if it is determined that the user's face image is not authenticated, the process proceeds to S101.
 S102において使用者の顔画像が認証されたと判定した場合、S103において社員用端末100を無線ルータに接続する(ログイン時のルータ接続)。 If it is determined in S102 that the user's face image has been authenticated, the employee terminal 100 is connected to the wireless router in S103 (router connection at login).
 続いて、社員用端末100がVDIサーバ200に接続されることにより、VDIサーバ200においてユーザ認証(使用者の認証)が実行される。使用者が認証された場合、VDIサーバ200は、認証された使用者の仮想デスクトップ環境を選択し、この仮想デスクトップ環境に応じた画面データを社員用端末100に送信する。以後、社員用端末100の入力装置709により入力された入力データがVDIサーバ200に送信され、この入力データを受信したVDIサーバ200は、入力データに応じた画面データを送信する。社員用端末100では、VDIサーバ200から送信される画面データが更新表示される。 Subsequently, when the employee terminal 100 is connected to the VDI server 200, user authentication (user authentication) is executed in the VDI server 200. When the user is authenticated, the VDI server 200 selects the virtual desktop environment of the authenticated user and transmits screen data corresponding to the virtual desktop environment to the employee terminal 100. After that, the input data input by the input device 709 of the employee terminal 100 is transmitted to the VDI server 200, and the VDI server 200 receiving the input data transmits the screen data corresponding to the input data. On the employee terminal 100, the screen data transmitted from the VDI server 200 is updated and displayed.
 また、社員用端末100が管理サーバ300に接続されることにより、管理サーバ300において社員用端末100の稼働時間の計測を開始する。管理サーバ300は、更新データ(更新された使用者顔画像データ、更新された撮影装置判定用画像データ、更新された使用許容ルータデータ)がある場合、更新データを社員用端末100に送信する。社員用端末100は更新データを受信した場合、該当するデータの更新処理を実行する。 Further, when the employee terminal 100 is connected to the management server 300, the management server 300 starts measuring the operating time of the employee terminal 100. When the management server 300 has updated data (updated user face image data, updated photographing device determination image data, updated usable allowable router data), the management server 300 transmits the updated data to the employee terminal 100. When the employee terminal 100 receives the update data, the employee terminal 100 executes the update process of the corresponding data.
 続いて、接続先の無線ルータのSSIDを確認する(S104)。 Next, check the SSID of the wireless router to connect to (S104).
 続いて、社員用端末100は、接続された無線ルータは新たな無線ルータであるか否かを判定する。また、管理サーバ300からワンタイムパスワード(OTP)を受信しているか否かを判定する(S105)。ここでは、漏洩防止制御部109に記憶された接続先ルータ情報のSSIDと同じSSIDであるか否かを判定することにより、新たな無線ルータであるか否かを判定する。なお、漏洩防止制御部109に接続先ルータ情報が記憶されていない場合、新たな無線ルータであると判定する。接続された無線ルータは新たな無線ルータである、または、管理サーバ300からワンタイムパスワードを受信していると判定した場合、S106に処理を進める。一方、接続された無線ルータは新たな無線ルータではない、または、管理サーバ300からワンタイムパスワードを受信していないと判定した場合、S107に処理を進める。 Subsequently, the employee terminal 100 determines whether or not the connected wireless router is a new wireless router. Further, it is determined whether or not the one-time password (OTP) is received from the management server 300 (S105). Here, it is determined whether or not the wireless router is a new one by determining whether or not the SSID is the same as the SSID of the connection destination router information stored in the leakage prevention control unit 109. If the connection destination router information is not stored in the leakage prevention control unit 109, it is determined that the wireless router is a new one. If it is determined that the connected wireless router is a new wireless router or has received the one-time password from the management server 300, the process proceeds to S106. On the other hand, if it is determined that the connected wireless router is not a new wireless router or the one-time password has not been received from the management server 300, the process proceeds to S107.
 S105において接続された無線ルータは新たな無線ルータである、または、管理サーバ300からワンタイムパスワードを受信していると判定した場合、ルータ判定処理を実行する(S106)。 If it is determined that the wireless router connected in S105 is a new wireless router or has received the one-time password from the management server 300, the router determination process is executed (S106).
 ここで、ルータ判定処理について説明する。図7は、社員用端末100におけるルータ認証処理の例を示すフローチャートである。 Here, the router determination process will be described. FIG. 7 is a flowchart showing an example of router authentication processing in the employee terminal 100.
 ルータ判定処理では、まず、使用が許容された無線ルータであるか否かを判定する(S1061)。使用が許容された無線ルータであると判定した場合、S1062に処理を進める。一方、使用が許容された無線ルータではないと判定した場合、S1063に処理を進める。 In the router determination process, first, it is determined whether or not the wireless router is permitted to be used (S1061). If it is determined that the wireless router is permitted to be used, the process proceeds to S1062. On the other hand, if it is determined that the wireless router is not permitted to be used, the process proceeds to S1063.
 S1061において使用が許容された無線ルータであると判定した場合、接続先ルータ情報を記憶する(S1062)。 If it is determined in S1061 that the wireless router is permitted to be used, the connection destination router information is stored (S1062).
 S1061において使用が許容された無線ルータではない(使用不許可ルータである)と判定した場合、映像出力を無効化(OFF)する(S1063)。 If it is determined in S1061 that the wireless router is not permitted to be used (it is a router not permitted to be used), the video output is invalidated (OFF) (S1063).
 続いて、接続先ルータ情報を記憶する(S1064)。 Subsequently, the connection destination router information is stored (S1064).
 続いて、ワンタイムパスワードの入力の有無を判定する(S1065)。ワンタイムパスワードの入力が有ると判定した場合、S1066に処理を進める。一方、ワンタイムパスワードの入力が無いと判定した場合、ルータ判定処理を終了する。 Subsequently, it is determined whether or not the one-time password has been entered (S1065). If it is determined that the one-time password has been input, the process proceeds to S1066. On the other hand, if it is determined that the one-time password has not been entered, the router determination process is terminated.
 S1055においてワンタイムパスワードの入力が有ると判定した場合、ワンタイムパスワードの認証を行う(S1066)。ここでは、S1051において使用が許容された無線ルータではないと判定された以降において、管理サーバ300から送信されたワンタイムパスワードを受信済(図6参照)であり、かつ、使用者によりワンタイムパスワードが入力済である場合、管理サーバ300から受信したワンタイムパスワードと、使用者により入力されたワンタイムパスワードの認証を行う。 If it is determined in S1055 that the one-time password has been input, the one-time password is authenticated (S1066). Here, after it is determined in S1051 that the wireless router is not permitted to be used, the one-time password transmitted from the management server 300 has been received (see FIG. 6), and the one-time password has been received by the user. Is already entered, the one-time password received from the management server 300 and the one-time password entered by the user are authenticated.
 続いて、ワンタイムパスワードが認証されたか否かを判定する(S1067)。ワンタイムパスワードが認証されたと判定した場合、S1068に処理を進める。一方、ワンタイムパスワードが認証されないと判定した場合、認証エラー表示をした後、ルータ判定処理を終了する。 Subsequently, it is determined whether or not the one-time password has been authenticated (S1067). If it is determined that the one-time password has been authenticated, the process proceeds to S1068. On the other hand, if it is determined that the one-time password is not authenticated, an authentication error is displayed and then the router determination process is terminated.
 S1062において接続先ルータ情報を記憶した後、または、S1067においてワンタイムパスワードが認証されたと判定した場合、映像出力を有効化(ON)した(S1068)後、ルータ判定処理を終了する。図7においては、漏洩防止制御部109は、使用許可ルータでなかった場合に、画像信号の出力を制限し、パスワードでその制限を解除する例について説明したが、所定の事象が発生した場合に、所定の画像信号を出力し、パスワードでその制限を解除するようにしてもよい。また、漏洩防止制御部109は、使用許可ルータでなかった場合、管理者端末に通知し、対象となる社員用端末100のログを記録するようにしてもよい。 After storing the connection destination router information in S1062, or when it is determined in S1067 that the one-time password has been authenticated, the video output is enabled (ON) (S1068), and then the router determination process is terminated. In FIG. 7, the leakage prevention control unit 109 has described an example in which the output of the image signal is restricted and the restriction is released by the password when the router is not a licensed router. However, when a predetermined event occurs. , A predetermined image signal may be output, and the restriction may be lifted with a password. Further, if the leak prevention control unit 109 is not a licensed router, the administrator terminal may be notified and the log of the target employee terminal 100 may be recorded.
 図6に戻り、S106においてルータ判定処理が終了すると、続いて、撮影判定処理を実行する(S107)。 Returning to FIG. 6, when the router determination process is completed in S106, the shooting determination process is subsequently executed (S107).
 ここで、撮影判定処理について説明する。図8は、社員用端末100における撮影検知処理の例を示すフローチャートである。 Here, the shooting determination process will be described. FIG. 8 is a flowchart showing an example of shooting detection processing in the employee terminal 100.
 撮影判定処理では、まず、撮影画像データを確認する(S1071)。 In the shooting determination process, first, the shot image data is confirmed (S1071).
 続いて、撮影画像データに撮影装置画像データが含まれているか否かを判定する(S1072)。撮影画像データに撮影装置画像データが含まれていると判定した場合、S1073に処理を進める。一方、撮影画像データに撮影装置画像データが含まれていないと判定した場合、S1081に処理を進める。 Subsequently, it is determined whether or not the captured image data includes the imaging device image data (S1072). If it is determined that the captured image data includes the captured image data, the process proceeds to S1073. On the other hand, if it is determined that the captured image data does not include the captured image data, the process proceeds to S1081.
 S1072において撮影画像データに撮影装置画像データが含まれていると判定した場合、画像(撮影装置画像データ)のサイズ(画素数)は撮影装置毎に設定したサイズ(設定サイズ)以上であるか否かを判定する(S1073)。撮影装置画像データのサイズは撮影装置毎に設定したサイズ以上であると判定した場合、S1074に処理を進める。一方、撮影装置画像データのサイズは撮影装置毎に設定したサイズ以上ではないと判定した場合、S1081に処理を進める。 When it is determined in S1072 that the captured image data includes the capture device image data, whether or not the size (number of pixels) of the image (shooting device image data) is equal to or larger than the size (set size) set for each photographing device. (S1073). If it is determined that the size of the image data of the photographing device is equal to or larger than the size set for each photographing device, the process proceeds to S1074. On the other hand, if it is determined that the size of the image data of the photographing device is not larger than the size set for each photographing device, the process proceeds to S1081.
 S1073において撮影装置画像データのサイズは撮影装置毎に設定したサイズ以上であると判定した場合、撮影判定カウンタDC(以下、DCという)の値が0であるか否かを判定する(S1074)。DCの値が0であると判定した場合、S1075に処理を進める。一方、DCの値が0ではないと判定した場合、S1076に処理を進める。 When it is determined in S1073 that the size of the image data of the photographing apparatus is equal to or larger than the size set for each photographing apparatus, it is determined whether or not the value of the photographing determination counter DC (hereinafter referred to as DC) is 0 (S1074). If it is determined that the DC value is 0, the process proceeds to S1075. On the other hand, if it is determined that the DC value is not 0, the process proceeds to S1076.
 S1074においてDCの値が0であると判定した場合、軌跡範囲を設定する(S1075)。ここでは、撮影者が手振れすることを考慮して、例えば、撮影装置画像データのサイズの1.2倍のサイズの領域が軌跡範囲に設定される。 When it is determined in S1074 that the DC value is 0, the locus range is set (S1075). Here, in consideration of camera shake by the photographer, for example, a region having a size 1.2 times the size of the image data of the photographing apparatus is set in the locus range.
 続いて、画像(撮影装置画像データ)は、設定した軌跡範囲内(設定軌跡範囲内)であるか否かを判定する(S1076)。なお、DCの値が0である場合、当然のことながら、撮影装置画像データは設定した軌跡範囲内であると判定されることになる。撮影装置画像データは設定した軌跡範囲内であると判定した場合、S1077に処理を進める。一方。撮影装置画像データは設定した軌跡範囲を超えていると判定した場合、S1081に処理を進める。 Subsequently, it is determined whether or not the image (shooting device image data) is within the set locus range (within the set locus range) (S1076). When the DC value is 0, it is naturally determined that the image data of the photographing apparatus is within the set locus range. If it is determined that the image data of the photographing apparatus is within the set locus range, the process proceeds to S1077. on the other hand. If it is determined that the image data of the photographing apparatus exceeds the set locus range, the process proceeds to S1081.
 S1076において撮影装置画像データは設定した軌跡範囲内であると判定した場合、DCの値を1加算する(S1077)。 When it is determined in S1076 that the image data of the photographing apparatus is within the set locus range, the DC value is added by 1 (S1077).
 続いて、DCの値が3であるか否かを判定する(S1078)。DCの値が3以上であると判定した場合、S1079に処理を進める。一方、DCの値が3以上ではない(1または2である)と判定した場合、S1072に処理を進める。 Subsequently, it is determined whether or not the DC value is 3 (S1078). If it is determined that the DC value is 3 or more, the process proceeds to S1079. On the other hand, if it is determined that the DC value is not 3 or more (1 or 2), the process proceeds to S1072.
 S1078においてDCの値が3以上であると判定した場合、所定の画像信号を出力し、スクリーンセイバー画像を表示する(S1079)。 When it is determined in S1078 that the DC value is 3 or more, a predetermined image signal is output and a screen saver image is displayed (S1079).
 続いて、撮影検知情報を管理サーバ300に送信する(S1080)。撮影検知情報を管理サーバ300に送信すると撮影判定処理を終了する。なお、管理サーバ300は、上述した撮影検知情報を受信した場合、稼働時間の計測を一時停止させる。そして、所定の解除処理等が行われた場合、一時停止させた稼働時間の計測を再開する(図6参照)。撮影検知情報をサーバ300に送信することにより、漏洩という所定の事象が発生したことを管理者端末に通知することができる。また、撮影検知情報を管理サーバ300に送信すると同時に、対象となる社員端末100のログを記憶装置704に記憶するようにしてもよい。 Subsequently, the shooting detection information is transmitted to the management server 300 (S1080). When the shooting detection information is transmitted to the management server 300, the shooting determination process ends. When the management server 300 receives the above-mentioned shooting detection information, the management server 300 suspends the measurement of the operating time. Then, when a predetermined release process or the like is performed, the measurement of the paused operating time is restarted (see FIG. 6). By transmitting the shooting detection information to the server 300, it is possible to notify the administrator terminal that a predetermined event of leakage has occurred. Further, at the same time as transmitting the shooting detection information to the management server 300, the log of the target employee terminal 100 may be stored in the storage device 704.
 S1072において撮影画像データに撮影装置画像データが含まれていないと判定した場合、S1073において撮影装置画像データのサイズは撮影装置毎に設定したサイズ以上ではないと判定した場合、または、S1076において撮影装置画像データは設定した軌跡範囲を超えていると判定した場合、DCの値は1以上であるか否かを判定する(S1081)。DCの値は1以上であると判定した場合、S1082に処理を進める。一方、DCの値は1以上ではない(0である)と判定した場合、撮影判定処理を終了する。 When it is determined in S1072 that the captured image data does not include the imaging device image data, when it is determined in S1073 that the size of the imaging device image data is not larger than the size set for each imaging device, or in S1076, the imaging device is determined. When it is determined that the image data exceeds the set locus range, it is determined whether or not the DC value is 1 or more (S1081). If it is determined that the DC value is 1 or more, the process proceeds to S1082. On the other hand, when it is determined that the DC value is not 1 or more (0), the shooting determination process is terminated.
 S1081においてDCの値は1以上であると判定した場合、DCの値を0にする(リセットする)。また、軌跡範囲の設定をクリアする(S1082)。DCの値を0にし、軌跡範囲の設定をクリアすると撮影判定処理を終了する。 If it is determined in S1081 that the DC value is 1 or more, the DC value is set to 0 (reset). Further, the setting of the locus range is cleared (S1082). When the DC value is set to 0 and the locus range setting is cleared, the shooting determination process ends.
 図6に戻り、S107において撮影判定処理が終了すると、続いて、ログアウトするか否かを判定する(S108)。ログアウトすると判定した場合、S109に処理を進める。一方、ログアウトしないと判定した場合、S104に処理を進める。 Returning to FIG. 6, when the shooting determination process is completed in S107, it is subsequently determined whether or not to log out (S108). If it is determined to log out, the process proceeds to S109. On the other hand, if it is determined not to log out, the process proceeds to S104.
 S108においてログアウトすると判定した場合、ログアウト処理を実行する(S109)。ここで、ログアウト処理が実行されると、社員用端末100からVDIサーバ200にログアウト情報が送信される。ログアウト情報を受信したVDIサーバ200は、この社員用端末100の使用者の仮想デスクトップ環境の選択を解除する。 If it is determined in S108 to log out, the logout process is executed (S109). Here, when the logout process is executed, the logout information is transmitted from the employee terminal 100 to the VDI server 200. Upon receiving the logout information, the VDI server 200 deselects the virtual desktop environment of the user of the employee terminal 100.
 また、ログアウト処理が実行されると、社員用端末100から管理サーバ300にもログアウト情報が送信される。ログアウト情報を受信した管理サーバ300は、この社員用端末100の稼働時間の計測を終了する。 Further, when the logout process is executed, the logout information is also transmitted from the employee terminal 100 to the management server 300. The management server 300 that has received the logout information ends the measurement of the operating time of the employee terminal 100.
 S109においてログアウト処理を終了すると、社員用端末100における処理は終了する。 When the logout process is completed in S109, the process in the employee terminal 100 is completed.
 以上、本開示の実施形態について説明したが、本開示に係る情報取得装置は上述した実施形態に限定されるものではなく、特許請求の範囲に記載された本開示の要旨の範囲内において、種々の変形、変化が可能である。 Although the embodiments of the present disclosure have been described above, the information acquisition device according to the present disclosure is not limited to the above-described embodiments, and various within the scope of the gist of the present disclosure described in the claims. Can be transformed and changed.
 本開示の実施形態では、漏洩防止制御部109は、使用者判定部102から使用者不特定情報を受信した場合、および、撮影判定部104から撮影装置特定情報を受信した場合、ディスプレイ711への画像信号を現在の画像信号からスクリーンセイバー画像信号に変更して出力するようにしていた。しかしながら、これに限らず、スクリーンセイバー画像信号以外の画像信号に変更して出力するようにしてもよい。また、ディスプレイ711にポップアップ画像などの別の画像信号を重ねて表示するようにしてもよい。また、画像信号の出力を停止するようにしてもよい。また、映像出力部108における映像出力I/F712を無効化するようにしてもよい。漏洩防止制御部109は、使用者判定部102から使用者不特定情報を受信した場合、および、撮影判定部104から撮影装置特定情報を受信した場合、サーバ300を介して管理者端末に通知するようにしてもよい。また、対象となる社員用端末100のログを記録するようにして、後で解析をすることができるようにしてもよい。 In the embodiment of the present disclosure, when the leakage prevention control unit 109 receives the user unspecified information from the user determination unit 102 and receives the image pickup device specific information from the image pickup determination unit 104, the leak prevention control unit 109 is displayed on the display 711. The image signal was changed from the current image signal to the screen saver image signal and output. However, the present invention is not limited to this, and an image signal other than the screen saver image signal may be changed and output. Further, another image signal such as a pop-up image may be superimposed and displayed on the display 711. Further, the output of the image signal may be stopped. Further, the video output I / F 712 in the video output unit 108 may be invalidated. The leak prevention control unit 109 notifies the administrator terminal via the server 300 when the user unspecified information is received from the user determination unit 102 and when the photographing device specific information is received from the photographing determination unit 104. You may do so. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
 また、本開示の実施形態では、漏洩防止制御部109は、ルータ判定部106から使用不可ルータ接続情報を受信した場合、映像出力部108における映像出力I/F712を無効化するようにしていた。しかしながら、これに限らず、ディスプレイ711への画像信号を現在の画像信号からスクリーンセイバー画像信号に変更するように別の画像信号を出力するようにしてもよい。また、漏洩防止制御部109は、ルータ判定部106から使用不可ルータ接続情報を受信した場合、管理サーバ300を介して管理者端末に通知するようにしてもよい。また、ポップアップ画像などの別の画像信号を重ねて表示するようにしてもよい。また、対象となる社員用端末100のログを記録するようにして、後で解析をすることができるようにしてもよい。 Further, in the embodiment of the present disclosure, the leakage prevention control unit 109 invalidates the video output I / F 712 in the video output unit 108 when the unusable router connection information is received from the router determination unit 106. However, the present invention is not limited to this, and another image signal may be output so as to change the image signal to the display 711 from the current image signal to the screen saver image signal. Further, when the leakage prevention control unit 109 receives the unusable router connection information from the router determination unit 106, the leak prevention control unit 109 may notify the administrator terminal via the management server 300. Further, another image signal such as a pop-up image may be superimposed and displayed. Further, the log of the target employee terminal 100 may be recorded so that the analysis can be performed later.
 また、本開示の実施形態では、管理サーバ300にパスワード生成部309を設け、外部端末からワンタイムパスワードの生成要求を受信した場合、ワンタイムパスワードを生成し、生成したワンタイムパスワードを漏洩防止制御部109に送信するようにしていた。しかしながら、これに限らず、管理サーバ300にパスワード生成部309を設けないようにしてもよい。なお、このようにした場合、外部端末において生成(もしくは管理者が作成)したワンタイムパスワードを社員用端末100に送信することが考えられる。或いは管理者端末から管理者サーバ300に対して画像信号の外部出力の制限を解除する処理をおこなうようにしてもよい。 Further, in the embodiment of the present disclosure, the management server 300 is provided with a password generation unit 309, and when a one-time password generation request is received from an external terminal, the one-time password is generated and the generated one-time password is controlled to prevent leakage. It was supposed to be transmitted to the unit 109. However, the present invention is not limited to this, and the password generation unit 309 may not be provided in the management server 300. In this case, it is conceivable to send the one-time password generated (or created by the administrator) on the external terminal to the employee terminal 100. Alternatively, the administrator terminal may perform a process of releasing the restriction on the external output of the image signal to the administrator server 300.
 また、本開示の実施形態では、社員用端末100、VDIサーバ200、および、管理サーバ300の接続形態は、無線接続または有線接続としていたが、接続形態は無線接続であってもよく、また、有線接続であってもよい。 Further, in the embodiment of the present disclosure, the connection form of the employee terminal 100, the VDI server 200, and the management server 300 is a wireless connection or a wired connection, but the connection form may be a wireless connection, and the connection form may be a wireless connection. It may be a wired connection.
 また、本開示の実施形態では、無線ルータのSSIDから接続先を特定するようにしていた。しかしながら、これに限らず、ホスト名や装置の識別子(例えば、MACアドレスやBDアドレス等)により接続先を特定するようにしてもよい。また、独自コード(例えば、パスワード等)と識別子の組み合わせから、接続先として許可するか否かを判定するようにしてもよい。 Further, in the embodiment of the present disclosure, the connection destination is specified from the SSID of the wireless router. However, the present invention is not limited to this, and the connection destination may be specified by the host name or the device identifier (for example, MAC address, BD address, etc.). Further, it may be determined whether or not to allow the connection destination from the combination of the unique code (for example, a password or the like) and the identifier.
 また、本開示の実施形態では、DCの値が3以上であると判定した場合、撮影装置による撮影と検知するようにしていた(S1078参照)。しかしながら、これに限らず、DCの値を3以上の値としてもよい。また、DCの値が可変できるようにしてもよい。また、撮影判定に用いるための画像データのフレームレートについても可変できるようにしてもよい。 Further, in the embodiment of the present disclosure, when it is determined that the DC value is 3 or more, it is detected as shooting by a shooting device (see S1078). However, the present invention is not limited to this, and the DC value may be a value of 3 or more. Further, the DC value may be variable. Further, the frame rate of the image data to be used for the shooting determination may be variable.
10 全体システム
100(100a~100f) 社員用端末(社員1端末~社員6端末)
200 VDIサーバ
300 管理サーバ
401~404 無線ルータA~無線ルータEF
500 インターネット
701 CPU
702 ROM
703 RAM
704 記憶装置
705 通信I/F
706 カメラ
707 スピーカ
708 マイク
709 入力装置
710 グラフィックボード
711 ディスプレイ
712 映像出力I/F 10 Overall system 100 (100a-100f) Employee terminals (1 employee terminal to 6 employee terminals)
200 VDI server 300 Management server 401-404 Wireless router A-Wireless router EF
500 Internet 701 CPU
702 ROM
703 RAM
704 Storage device 705 Communication I / F
706 Camera 707 Speaker 708 Microphone 709 Input device 710 Graphic board 711 Display 712 Video output I / F

Claims (12)

  1.  使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置であって、
     所定の事象が生じているか否かを判定する判定手段と、
     前記所定の事象が発生していると判定した場合、所定の処理を実行する制御手段と、
     を備えることを特徴とする情報処理装置。     An information processing device that has a display unit that displays images according to user operations and can send and receive information via a network by connecting to a router.
    Judgment means for determining whether or not a predetermined event has occurred,
    When it is determined that the predetermined event has occurred, the control means for executing the predetermined process and the control means.
    An information processing device characterized by being equipped with.
  2.  前記制御手段は、前記所定の事象が発生していると判定した場合、所定の画像信号を出力する処理又は画像信号の出力を制限する処理を実行する、
     ことを特徴とする請求項1に記載の情報処理装置。     When it is determined that the predetermined event has occurred, the control means executes a process of outputting a predetermined image signal or a process of limiting the output of the image signal.
    The information processing apparatus according to claim 1.
  3.  前記制御手段は、前記所定の事象が発生していると判定した場合、管理者端末に通知する処理を実行する、
     ことを特徴とする請求項1に記載の情報処理装置。     The control means executes a process of notifying the administrator terminal when it is determined that the predetermined event has occurred.
    The information processing apparatus according to claim 1.
  4.  前記制御手段は、前記所定の事象が発生していると判定した場合、前記情報処理端末のログを記録する処理を実行する、
     ことを特徴とする請求項1に記載の情報処理装置。     When the control means determines that the predetermined event has occurred, the control means executes a process of recording a log of the information processing terminal.
    The information processing apparatus according to claim 1.
  5.  前記使用者を撮影する撮影手段を備え、
     前記所定の事象は、前記撮影された撮影画像に撮影装置画像が含まれていることであり、
     前記判定手段は、
     前記撮影画像に撮影装置画像が含まれているか否かを判定する、
     ことを特徴とする請求項1~4の何れか1項に記載の情報処理装置。     A shooting means for shooting the user is provided.
    The predetermined event is that the captured image includes a capture device image.
    The determination means is
    Determining whether or not the captured image includes an image of a photographing device.
    The information processing apparatus according to any one of claims 1 to 4.
  6.  前記判定手段は、
     前記撮影画像に前記撮影装置画像が含まれている場合、前記撮影装置画像が撮影装置毎に設定したサイズよりも大きいサイズであるか否かを判定し、
     前記撮影装置画像が前記撮影装置毎に設定したサイズよりも大きいサイズであると判定した場合、前記撮影画像に前記撮影装置画像が含まれていると判定する
     ことを特徴とする請求項5に記載の情報処理装置。     The determination means is
    When the captured image includes the imaging device image, it is determined whether or not the photographing device image has a size larger than the size set for each imaging device.
    The fifth aspect of claim 5 is characterized in that when it is determined that the image of the photographing device is larger than the size set for each of the photographing devices, it is determined that the image of the photographing device includes the image of the photographing device. Information processing equipment.
  7.  前記判定手段は、
     前記撮影画像に前記撮影装置画像が含まれている場合、所定回数撮影された撮影画像に含まれる前記撮影装置画像の軌跡が設定軌跡範囲内であるか否かを判定し、
     前記撮影装置画像の軌跡が前記設定軌跡範囲内であると判定した場合、前記撮影画像に前記撮影装置画像が含まれていると判定する
     ことを特徴とする請求項5又は6に記載の情報処理装置。     The determination means is
    When the captured image includes the capture device image, it is determined whether or not the trajectory of the capture device image included in the captured image captured a predetermined number of times is within the set trajectory range.
    The information processing according to claim 5 or 6, wherein when it is determined that the locus of the image of the photographing device is within the set locus range, it is determined that the image of the photographing device includes the image of the photographing device. Device.
  8.  前記制御手段は、前記所定の事象が発生していると判定した場合、第1画像を第2画像に変更して表示する、
     ことを特徴とする請求項2又は請求項5~7の何れか1項に記載の情報処理装置。     When the control means determines that the predetermined event has occurred, the control means changes the first image to the second image and displays it.
    The information processing apparatus according to any one of claims 2 or 5 to 7, wherein the information processing apparatus is characterized by the above.
  9.  前記所定の事象は、使用が許容されていない非許容ルータに接続されたことであり、
     前記判定手段は、
     ルータが、前記使用が許容された許容ルータであるか否かを判定し、
     前記制御手段は、
     前記許容ルータであると判定した場合、画像信号を外部出力し、前記許容ルータではないと判定した場合、画像信号の外部出力を制限する処理を含む、
     ことを特徴とする請求項1から請求項8のいずれか1項に記載の情報処理装置。     The predetermined event was that the connection was made to an unacceptable router that was not allowed to be used.
    The determination means is
    Determining if the router is an acceptable router for which use is permitted,
    The control means is
    When it is determined that the router is the allowable router, the image signal is output to the outside, and when it is determined that the router is not the allowable router, the process of limiting the external output of the image signal is included.
    The information processing apparatus according to any one of claims 1 to 8, wherein the information processing apparatus is characterized.
  10.  前記制御手段は、
     前記画像信号の外部出力を制限している状態において、所定条件が成立した場合、前記画像信号の外部出力の制限を解除する
     ことを特徴とする請求項9に記載の情報処理装置。     The control means is
    The information processing apparatus according to claim 9, wherein when a predetermined condition is satisfied in a state where the external output of the image signal is restricted, the restriction on the external output of the image signal is released.
  11.  使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置に実行させるプログラムであって、
     所定の事象が生じているか否かを判定する判定手段と、
     前記所定の事象が発生していると判定した場合、所定の処理を実行する制御手段と、
     して機能させることを特徴とするプログラム。     It is a program that has a display unit that displays images according to the user's operation and is executed by an information processing device that can send and receive information via a network by connecting to a router.
    Judgment means for determining whether or not a predetermined event has occurred,
    When it is determined that the predetermined event has occurred, the control means for executing the predetermined process and the control means.
    A program characterized by making it work.
  12.  使用者の操作に応じた画像を表示する表示部を備え、ルータに接続することによりネットワークを介して情報を送受信することが可能な情報処理装置の制御方法であって、
     所定の事象が生じているか否かを判定する判定ステップと、
     前記所定の事象が発生していると判定した場合、所定の処理を実行する制御ステップと、
     を実行することを特徴とする情報処理装置の制御方法。     It is a control method of an information processing device that has a display unit that displays an image according to the user's operation and can send and receive information via a network by connecting to a router.
    A determination step for determining whether or not a predetermined event has occurred, and
    When it is determined that the predetermined event has occurred, the control step for executing the predetermined process and
    A control method for an information processing device, which is characterized by executing.
PCT/JP2021/022430 2020-07-08 2021-06-14 Information processing device, program, and control method of information processing device WO2022009611A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2021534123A JP7077504B1 (en) 2020-07-08 2021-06-14 Information processing equipment, programs, and control methods for information processing equipment
JP2021171471A JP2022016441A (en) 2020-07-08 2021-10-20 Information processing device, program, and control method of information processing device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2020117610 2020-07-08
JP2020-117610 2020-07-08

Publications (1)

Publication Number Publication Date
WO2022009611A1 true WO2022009611A1 (en) 2022-01-13

Family

ID=79552526

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/022430 WO2022009611A1 (en) 2020-07-08 2021-06-14 Information processing device, program, and control method of information processing device

Country Status (2)

Country Link
JP (2) JP7077504B1 (en)
WO (1) WO2022009611A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008099156A (en) * 2006-10-16 2008-04-24 Hitachi Ltd Information leakage prevention system
JP2012173991A (en) * 2011-02-22 2012-09-10 Sky Co Ltd Theft state determination terminal and theft state determination program
JP2012181262A (en) * 2011-02-28 2012-09-20 Sharp Corp Video display screen, video display system, and imaging device detection method
JP2012190096A (en) * 2011-03-09 2012-10-04 Nec Commun Syst Ltd Information processor and control method thereof
JP2017208645A (en) * 2016-05-17 2017-11-24 コニカミノルタ株式会社 Information processing device, program, and information processing system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005159611A (en) * 2003-11-25 2005-06-16 Victor Co Of Japan Ltd Imaging unit

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008099156A (en) * 2006-10-16 2008-04-24 Hitachi Ltd Information leakage prevention system
JP2012173991A (en) * 2011-02-22 2012-09-10 Sky Co Ltd Theft state determination terminal and theft state determination program
JP2012181262A (en) * 2011-02-28 2012-09-20 Sharp Corp Video display screen, video display system, and imaging device detection method
JP2012190096A (en) * 2011-03-09 2012-10-04 Nec Commun Syst Ltd Information processor and control method thereof
JP2017208645A (en) * 2016-05-17 2017-11-24 コニカミノルタ株式会社 Information processing device, program, and information processing system

Also Published As

Publication number Publication date
JPWO2022009611A1 (en) 2022-01-13
JP7077504B1 (en) 2022-05-31
JP2022016441A (en) 2022-01-21

Similar Documents

Publication Publication Date Title
US10055956B2 (en) Monitoring camera apparatus and control method for monitoring camera apparatus
JP7014313B2 (en) Face recognition system, face recognition method, biometric authentication system, biometric authentication method and recording medium
US9317721B2 (en) Privacy aware camera and device status indicator system
JP6823267B2 (en) Information processing equipment, information processing systems, control methods, and programs
JP5903375B2 (en) Communication apparatus, method, and program
JP4458729B2 (en) Camera server system, program, and medium
JP2018036812A (en) System and method for remotely supporting it operation work
JP6335551B2 (en) Image forming apparatus, monitoring system, log management method, and computer program
JP5500639B2 (en) Terminal device, authentication system, and program
JP2009211381A (en) User authentication system, user authentication method and user authentication program
JP6428152B2 (en) Portrait right protection program, information communication device, and portrait right protection method
JP2019138145A (en) Information processor, control method for information processor, and program
JP2017084025A (en) Automatic login system for information processing device
JP7077504B1 (en) Information processing equipment, programs, and control methods for information processing equipment
JP6589736B2 (en) Monitoring system
JP5891828B2 (en) Mobile terminal, photographed image disclosure method, program
JP2017102758A (en) Authentication device, authentication method, and program
CN106561043B (en) The control method of facility information Accreditation System and managing device
JP2015153154A (en) Information processor and method, information processing system and program
KR100907741B1 (en) Control method for ip camera and server therefor
JP4509619B2 (en) Video processing device operation program
JP2014044686A (en) Information processing device and information processing method
WO2018232647A1 (en) Electronic device having high privacy protection level and related product
JP2022100385A (en) Common entrance slave unit, image output method of common entrance slave unit, and program
JP2006048134A (en) Network security monitoring system, network security monitoring method, and program

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2021534123

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21837905

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21837905

Country of ref document: EP

Kind code of ref document: A1