JP2016062558A - Information processing system, information processing device, and control method of information processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To facilitate the setting of information indicating the security level of an electronic apparatus in an information processing system that includes the electronic apparatus for setting a security function on the basis of the information indicating the security level.SOLUTION: An information processing system, which includes an electronic apparatus for setting a security function on the basis of information indicating a security level, includes: acquisition means that obtains use information of the electronic apparatus; determination means that determines the information indicating the security level of the electronic apparatus on the basis of the obtained use information; and setting means that notifies the electronic apparatus of the determined information indicating the security level.SELECTED DRAWING: Figure 5

Description

  The present invention relates to an information processing system, an information processing apparatus, and an information processing system control method.

  In recent years, interest in security of electronic devices such as office devices has increased, and electronic devices equipped with various security functions have been widespread in order to satisfy various security requirements of users.

  Also, there is provided an image forming apparatus that manages the correspondence between information indicating a security level and setting values of setting items of a security function, and can easily perform security setting by designating information indicating the security level by a user. It is known (see, for example, Patent Document 1).

  As described above, in an electronic device having various security functions, there are many items of security settings, and it takes a lot of time and effort to set security functions for a plurality of electronic devices. In the technique disclosed in the cited document 1, since the user sets the information indicating the security level, the user who sets the security function of the electronic device is required to have knowledge about the security level. .

  As described above, in an information processing system including an electronic device that sets a security function based on information indicating a security level, it has been difficult to set information indicating the security level of the electronic device.

  Embodiments of the present invention have been made in view of the above problems, and in an information processing system including an electronic device that sets a security function based on information indicating a security level, the level of security of the electronic device An object of the present invention is to provide an information processing system that makes it easy to set information indicating the above.

  In order to solve the above problems, an information processing system according to an embodiment of the present invention is an information processing system including an electronic device that sets a security function based on information indicating a security level, and uses the electronic device. An acquisition means for acquiring information, a determination means for determining information indicating the security level of the electronic device based on the acquired usage information, and notifying the electronic device of information indicating the determined security level Setting means.

  According to an embodiment of the present invention, in an information processing system including an electronic device that sets a security function based on information indicating a security level, information processing that facilitates setting of information indicating the security level of the electronic device A system can be provided.

It is a figure showing an example of composition of an information processing system concerning one embodiment. It is a figure which shows the hardware structural example of the electronic device which concerns on one Embodiment. It is a figure which shows the hardware structural example of the information processing apparatus which concerns on one Embodiment. It is a figure which shows the software structural example of the information processing system which concerns on one Embodiment. It is a figure which shows an example of a function structure of the information processing system which concerns on one Embodiment. It is a figure which shows another example of a function structure of the information processing system which concerns on one Embodiment. It is a flowchart which shows the flow of a process of the information processing system which concerns on one Embodiment. It is a flowchart which shows the flow of the initialization process which concerns on one Embodiment. It is a figure which shows the example of the system setting screen which concerns on one Embodiment. It is a figure which shows the example of the usage information of the electronic device which concerns on one Embodiment. It is a flowchart which shows the flow of the method determination process which concerns on one Embodiment. It is a flowchart which shows the flow of the setting process which concerns on one Embodiment. It is a figure which shows the example of the setting list which concerns on one Embodiment. It is a figure which shows the example of the setting information which concerns on one Embodiment. It is a figure which shows the example of the security level which concerns on one Embodiment.

  Embodiments of the present invention will be described below with reference to the accompanying drawings.

<System configuration>
FIG. 1 is a diagram illustrating a configuration example of an information processing system according to an embodiment. In the information processing system 100, for example, a user environment 112 such as a customer company and a service providing environment 113 such as a company providing a remote management service are connected via a network 114 such as the Internet.

  The user environment 112 includes, for example, a plurality of electronic devices connected to a corporate network 111 such as a LAN (Local Area Network), such as a projector 102, a multi-function machine A 103, a multi-function machine B 104, a printer 105, a TV conference system 106, and the like. Is included. Note that each of the plurality of electronic devices according to the present embodiment has a security function. Each of the plurality of electronic devices stores in advance a correspondence relationship between the information indicating the security level and the setting value of the setting item of the security function, and according to the information indicating the specified security level, Multiple security function settings can be changed (set).

  The information indicating the level of security is information indicating the level (security level), for example, by dividing the level of information security that can be set by the electronic device into several levels (levels). Preferably, the information indicating the security level is associated with a plurality of security policies having different information security strengths.

  Also, the user environment 112 includes information on people around the electronic device such as the detection device A 107, the detection device B 108, and the entry / exit recording device 109, or information on people in the place (conference room, floor, etc.) where the electronic device is installed. Equipment to acquire.

  The detection apparatus A 107 includes, for example, the projector 102 and a camera that captures the surroundings of the projector 102 (for example, the conference room), and uses the projector 102 based on the captured image (for example, the use in the conference room). Presence or absence, number, etc.). The detection device B108 includes, for example, the multifunction device A103 and a human sensor installed around the multifunction device A103, and detects the usage status (for example, the presence / absence of a user, the usage frequency) of the multifunction device A103. . Further, the entry / exit recording device 109 has, for example, an IC (Integrated Circuit) card reader such as an employee ID card or guest card installed at the entrance / exit of a conference room where the TV conference system 106 is installed. . In addition, the entry / exit recording device 109 performs, for example, authentication at the time of entry / exit, management of entry / exit records, and the like based on an ID (Identification) read from the IC card, thereby using the TV conference system 106. (For example, the presence / absence or number of users in the conference room) is acquired.

  Further, the user environment 112 includes a remote management device 110 that collects device information of a plurality of electronic devices connected to the corporate network 111 and transmits the collected device information to the remote management center 101. The device information acquired by the remote management device 110 includes, for example, usage count information, device setting information, function information, consumable status information, and the like of each electronic device. In addition, the remote management device 110 according to the present embodiment has a function of acquiring information on the usage status of electronic devices from the detection device A 107, the detection device B 108, the entry / exit recording device 109, and transmitting the information to the remote management center 101. doing. Further, the remote management device 110 has a function of notifying information to a plurality of electronic devices connected to the corporate network 111 in response to an instruction from the remote management center 101.

  On the other hand, the service providing environment 113 includes a remote management center 101 that manages information indicating the security level of a plurality of electronic devices in the user environment 112 by communicating with the remote management device 110 or the like of the user environment 112. The remote management center 101 is an example of an information processing apparatus. For example, the remote management center 101 may be an information processing device included in the user environment 112.

  With the above configuration, the remote management device 110 acquires device information of a plurality of electronic devices included in the user environment 112 and usage information such as information regarding usage status, and notifies the remote management center 101 of the usage information.

  Further, the remote management center 101 determines information indicating the security level of a plurality of electronic devices based on the usage information notified from the remote management device 110, and includes information indicating the determined security level, for example, A plurality of electronic devices are notified via the remote management device 110.

  The plurality of electronic devices included in the user environment 112 change the setting value of the security function of the own device based on the information indicating the security level notified from the remote management center 101.

  Thereby, in the information processing system 100, the security setting according to the usage status of the plurality of electronic devices having the security function included in the user environment 112 can be automatically performed. That is, according to the embodiment of the present invention, it is possible to easily set the security function of the electronic device in the information processing system 100 including one or more electronic devices having the security function.

  Note that the system configuration in FIG. 1 is merely an example, and does not limit the scope of the present invention. For example, the function of the detection device A107 may be realized by a camera or the like built in the projector 102, and the function of the detection device B108 is realized by a human sensor or the like built in the multifunction device A103. It may be a thing. Further, the function of the entry / exit recording device 109 may be realized by an IC card reader, an IC tag reader, or the like built in the TV conference system 106, the multifunction peripheral B104, or the like. Alternatively, the detection device A 107, the detection device B 108, the entry / exit recording device 109, and the like may have only a function of transmitting data acquired by a camera, a human sensor, an IC card reader, or the like. In this case, the information processing device that has received the transmitted data, such as the remote management device 110 or the remote management center 101, may determine information on the usage status of the electronic device based on the received data.

<Hardware configuration>
(Hardware configuration of electronic equipment)
FIG. 2 is a diagram illustrating a hardware configuration example of the electronic device according to the embodiment. In the example of FIG. 2, a hardware configuration of a multifunction peripheral (multifunction peripheral A 103, multifunction peripheral B 104) having functions such as a printer, a copy, a scanner, and a facsimile is shown as an example of an electronic device.

  The MFPs 103 and 104 include, for example, a controller board 200, an operation panel 209, an FCU (Facsimile Control Unit) 210, and hardware engines such as a printer 211 and a scanner 212.

  The controller board 200 includes a general computer configuration. For example, a CPU (Central Processing Unit) 201, a system memory 202, an NB (North Bridge) 203, an SB (South Bridge) 204, an ASIC (Application Specific Integrated Circuit). ) 206, local memory 207, HDD (Hard Disk Drive) 208, NIC (Network Interface Card) 213, USB (Universal Serial Bus) interface 214, IEEE 1394 interface 215, Centronics interface 216, and the like.

  The operation panel 209 is connected to the ASIC 206 of the controller board 200. The SB 204, NIC 213, USB interface 214, IEEE 1394 interface 215, and Centronics interface 216 are connected to the NB 203 via a PCI bus. The FCU 210, the printer 211, and the scanner 212 are connected to the ASIC 206 of the controller board 200 via a PCI bus.

  In the controller board 200, the local memory 207, the HDD 208, and the like are connected to the ASIC 206, and the CPU 201 and the ASIC 206 are connected via the NB 203 of the CPU chip set. The ASIC 206 and the NB 203 are not connected via a PCI bus, but are connected via an AGP (Accelerated Graphics Port) 205 for speeding up.

  The CPU 201 is a processor that performs overall control of the multifunction peripherals 103 and 104. The CPU 201 executes programs such as an operating system, applications, and various services stored in the HDD 208 and the like, and implements the functions of the multifunction peripherals 103 and 104.

  The NB 203 is a bridge for connecting the CPU 201, the system memory 202, the SB 204, and the ASIC 206. The system memory 202 is a memory used as a drawing memory for the multifunction peripherals 103 and 104. The SB 204 is a bridge for connecting the NB 203 to the PCI bus and peripheral devices. The local memory 207 is a memory used as a copy image buffer and a code buffer, for example. In the following description, the system memory 202 or the local memory 207 may be simply expressed as a memory or a storage area.

  The ASIC 206 is an integrated circuit for image processing having hardware elements for image processing. The HDD 208 is a storage device for storing, for example, images, programs, font data, forms, and the like.

  The operation panel 209 is hardware (operation unit) for receiving an input operation from the user and hardware (display unit) that performs display for the user. The FCU 210 transmits and receives FAX data according to a standard such as G3 FAX (Group 3 Facsimile). For example, the printer 211 performs printing in accordance with control of a program or the like that operates on the CPU 201. The scanner 212 reads an image in accordance with, for example, control of a program or the like that operates on the CPU 301.

  The NIC 213 is a communication interface for connecting the MFPs 103 and 104 to the network and transmitting / receiving data. The USB interface 214 is a serial bus interface for connecting a recording medium such as a USB memory and various USB devices, for example. The IEEE 1394 interface 215 is an interface for connecting a device compliant with the high-speed serial bus standard IEEE 1394. The Centronics interface 216 is an interface for connecting a device compliant with the Centronics specification which is the specification of the parallel port.

  For example, as described above, the electronic apparatus according to the present embodiment includes a general computer configuration that realizes various functions by a program operating on a CPU.

(Hardware configuration of information processing device)
The remote management center 101 and the remote management device 110 in FIG. 1 are information processing devices such as a PC (Personal Computer) having a general computer configuration, for example.
FIG. 3 is a diagram illustrating a configuration example of the information processing apparatus according to the embodiment. The information processing apparatus 300 has a general computer configuration. For example, the CPU 301, a RAM (Random Access Memory) 302, a ROM (Read Only Memory) 303, a storage unit 304, an external I / F (Interface) unit 305, an input unit 306, a display unit 307, a communication I / F unit 308, a bus 309, and the like. The remote management center 101 and the remote management device 110 are examples of information processing devices.

  The CPU 301 is an arithmetic device that implements each function of the information processing apparatus 300 by reading a program and data stored in the ROM 303, the storage unit 304, and the like onto the RAM 302 and executing processing. A RAM 302 is a volatile memory used as a work area for the CPU 301. The ROM 303 is a non-volatile memory that retains programs and data even when the power is turned off, and is configured by, for example, a flash ROM.

  The storage unit 304 is a storage device such as an HDD or SSD (Solid State Drive), and stores an OS (Operation System), application programs, various data, and the like.

  The external I / F 305 is an interface with the external device 310. The external device 310 includes various devices that can be used in the information processing device 300, such as an external storage device such as a USB memory, a camera, a human sensor, and an IC card reader.

  The input unit 306 includes a pointing device such as a mouse, a keyboard, and the like, and is used to input each operation signal to the information processing apparatus 300. The display unit 307 includes a display such as an LCD (Liquid Crystal Display), for example, and displays a processing result or the like by the information processing apparatus 300.

  The communication I / F 308 is an interface that connects the information processing apparatus 300 to a network. The information processing apparatus 300 can perform data communication with other information processing apparatuses and electronic devices via the communication I / F 308. The communication I / F 308 may include a plurality of communication interfaces that can be connected to a plurality of different networks. A bus 309 is commonly connected to the above-described components and transmits an address signal, a data signal, various control signals, and the like.

  Note that the configuration in FIG. 3 is merely an example. For example, the information processing apparatus 300 may include the input unit 306, the display unit 307, and the like outside, or does not necessarily include the input unit 306 and the display unit 307.

<Software configuration>
FIG. 4 is a diagram illustrating a software configuration example of the information processing system according to the embodiment. In FIG. 4, the user environment 112 of the information processing system 100 includes an electronic device 401, a detection device 402, and a remote management device 110. The service providing environment 113 of the information processing system 100 includes a remote management center 101.

  4 corresponds to the projector 102, the multifunction peripheral A 103, the multifunction peripheral B 104, the printer 105, the TV conference system 106, and the like in FIG. 4 shows only one electronic device 401, the information processing system 100 may include a plurality of electronic devices 401. Similarly, the detection device 402 in FIG. 4 corresponds to the detection device A 107, the detection device B 108, and the like in FIG. 4 shows only one detection device 402, the information processing system 100 may include a plurality of detection devices 402.

(Software configuration of electronic equipment)
The engine unit 403 of the electronic device 401 executes various functions provided in the electronic device 401. For example, if the electronic device 401 is a multifunction device, the engine unit 403 controls the printer 211, the scanner 212, and the like in FIG. Further, the engine unit 403 controls a projection unit that projects an image and the like if the electronic device 401 is a projector.

  The storage unit 404 stores data such as images handled by the electronic device 401, setting information of the electronic device 401, and the like. For example, if the electronic device 401 is a multifunction device, the storage unit 404 controls storage of data and information necessary for the HDD 208 in FIG.

  A UI (User Interface) unit 405 executes display processing of the electronic device 401. For example, if the electronic device 401 is a multifunction device, the UI unit 405 controls display of display data on the operation panel 209 of FIG.

  The acquisition unit 406 acquires device information of the electronic device 401 and transmits the acquired device information to the external device via the communication unit 408. For example, if the electronic device 401 is a multifunction device, the acquisition unit 406 transmits the device information acquired via the NIC 213 in FIG. 2 to an information processing apparatus on the network.

  The control unit 407 performs overall control of the electronic device 401. For example, when the control unit 407 receives information indicating the security level via the communication unit 408, the control unit 407 sets (changes) the setting of the electronic device 401 according to the received information indicating the security level. The control unit 407 controls various operations and settings of the electronic device 401 based on the input information notified from the UI unit 405.

  The communication unit 408 of the electronic device 401 transmits the device information of the electronic device 401 notified from the acquisition unit 406 to an external device, for example, the remote management device 110. Further, the communication unit 408 receives various types of information such as information indicating the security level from the external device, and notifies the control unit 407 of the received information.

(Detector software configuration)
The detection unit 409 of the detection device 402 notifies the communication unit 410 of the detected information. For example, when the detection device 402 is the detection device A 107 in FIG. 1, the detection unit 409 communicates image data captured by the camera or information such as the usage status of the electronic device 401 determined based on the captured image data. Notification to the unit 410. In addition, when the detection device 402 is the detection device B108 in FIG. 1, the detection unit 409 includes information such as the usage data of the electronic device 401 determined based on the output data of the human sensor or the output data of the human sensor. Is communicated to the communication unit 410.

  The communication unit 410 of the detection device 402 transmits information such as the usage status of the electronic device 401 notified from the detection unit 409 to an external device, for example, the remote management device 110.

(Software configuration of remote management device)
The communication unit 411 of the remote management device 110 transmits information received from the electronic device 401, the detection device 402, and the like to the remote management center 101. In addition, the communication unit 411 of the remote management device 110 transfers the notification received from the remote management center 101 to the electronic device 401.

(Remote management center software configuration)
The communication unit 412 of the remote management center 101 notifies the information received from the remote management device 110 to the determination unit 415, the extraction unit 413, the management unit 414, and the like. In addition, the communication unit 412 of the remote management center 101 transmits information indicating the security level notified from the determination unit 415 to the remote management device 110.

  The extraction unit 413 extracts necessary information from the information notified from the communication unit 412, creates usage information to be described later, and notifies the management unit 414, the determination unit 415, etc. of the created usage information.

  The management unit 414 manages information such as information notified from the communication unit 412, usage information notified from the extraction unit 413, and a setting list described later.

  The determination unit 415 determines information indicating the security level of the electronic device 401 based on the usage information notified from the extraction unit 413 and the setting list managed by the management unit 414. Further, the communication unit 412 is notified of information indicating the determined security level.

<Functional configuration>
FIG. 5 is a diagram illustrating an example of a functional configuration of the information processing system according to the embodiment. In FIG. 5, the user environment 112 of the information processing system 100 includes a plurality of electronic devices 401, a detection device 402, an entry / exit recording device 109, and a remote management device 110. The service providing environment 113 of the information processing system 100 includes the remote management center 101.

  5 corresponds to the projector 102, the multi-function device A 103, the multi-function device B 104, the printer 105, the TV conference system 106, and the like shown in FIG. 5 corresponds to the detection device A 107, the detection device B 108, and the like shown in FIG.

(Functional configuration of remote management device)
The remote management apparatus 110 includes a communication unit 501 and an acquisition unit 502.

  The communication unit 501 is a unit for communicating with a plurality of electronic devices 401, the detection device 402, the entry / exit recording device 109, the remote management center 101, and the like, for example, the communication I / F unit 308 in FIG. 4 communication units 411 and the like. The communication unit 501 has a first communication interface for connecting to the corporate network 111 included in the user environment 112 and a second communication interface for connecting to the network 114 such as the Internet. Also good.

  The obtaining unit 502 is a unit that obtains usage information of a plurality of electronic devices 401 having a security function using the communication unit 501, and is realized by, for example, a program operating on the CPU 301 in FIG. The usage information acquired by the acquisition unit 502 includes, for example, device information including information on the number of times each electronic device 401 is used, information on the usage status of the electronic device 401 detected by the detection device 402, and the entry / exit recording device 109. Information such as the number of users at the location is included. In addition, the acquisition unit 502 transmits the acquired usage information to the remote management center 101 using the communication unit 501.

  With the above configuration, the remote management apparatus 110 acquires usage information of a plurality of electronic devices 401 having a security function and transmits the usage information to the remote management center 101.

(Functional configuration of remote management center)
The remote management center 101 includes an extraction unit 503, a communication unit 504, a device setting unit 506, a determination unit 505, a system setting unit 507, and a storage unit 508.

  The extracting unit 503 receives the usage information of the plurality of electronic devices 401 received from the remote management apparatus 110 via the communication unit 504, extracts necessary information from the received information, and stores the usage information in the storage unit 508. 509 is stored. In the system in which the remote management apparatus 110 transmits only necessary usage information, the extraction unit 503 may store the received usage information in the storage unit 508 as it is.

  The communication unit 504 is a unit for communicating with a plurality of electronic devices 401, the detection device 402, the entry / exit recording device 109, the remote management device 110, and the like, for example, the communication I / F unit 308 in FIG. 4 communication units 412 and the like.

  The determining unit 505 determines information indicating the security level of the plurality of electronic devices 401 based on the usage information of the plurality of electronic devices 401 having the security function acquired by the acquiring unit 502 of the remote management apparatus 110. For example, the determining unit 505 displays information indicating the security level of the plurality of electronic devices 401 based on the usage information 509 stored in the storage unit 508 by the extracting unit 503 and the setting list 510 stored in the storage unit 508 in advance. decide. Preferably, the determination unit 505 determines information indicating the security level for each of the plurality of electronic devices 401. The setting list 510 is information in which the relationship between the usage information of the electronic device 401 and the information indicating the security level is stored in association with each other. A specific example of the setting list will be described later.

  The device setting unit (setting unit) 506 sets information indicating the security level determined by the determining unit 505 in the plurality of electronic devices 401. For example, the device setting unit 506 notifies the plurality of electronic devices 401 of information indicating the determined security level via the communication unit 504, and instructs the plurality of electronic devices 401 to set (change) the security function. To do. At this time, the information indicating the security level notified by the device setting unit 506 may be notified to the plurality of electronic devices 401 via the remote management device 110, or may be sent to the plurality of electronic devices 401. It may be notified directly.

  The system setting unit 507 changes (sets) the setting of the information processing system 100. For example, the system setting unit 507 displays a system setting screen on the display unit 307 and the like in FIG. 3, and sets the information processing system 100, for example, on / off of automatic setting of information indicating the security level, and the security level. The user can select a method for determining the information to be shown.

  The extraction unit 503, the determination unit 505, the device setting unit 506, the system setting unit 507, and the like are realized by, for example, a program that operates on the CPU 301 in FIG.

  The storage unit 508 is a unit that stores the usage information 509, the setting list 510, the system setting information 511 set by the system setting unit 507, and is realized by, for example, the storage unit 304 of FIG.

  With the above configuration, the remote management center 101 acquires the usage information 509 of the plurality of electronic devices 401 from the remote management device 110 and stores it in the storage unit 508. Further, the remote management center 101 determines information indicating the security level of the plurality of electronic devices 401 based on the usage information 509 and the setting list 510 stored in the storage unit 508. Further, the remote management center 101 sets (notifies) information indicating the security level determined by the determining unit 505 in the plurality of electronic devices 401.

(Functional configuration of electronic equipment)
The electronic device 401 includes a communication unit 512, a collection unit 513, a setting control unit 514, and a security unit 515, respectively.

  The communication unit 512 is a unit for communicating with other network devices such as the remote management device 110 and the remote management center 101, for example, the communication I / F unit 308 in FIG. 3 or the communication unit in FIG. 408 or the like.

  The collecting unit 513 acquires device information including information regarding the number of times the electronic device 401 is used, and transmits the device information to the remote management device 110, the remote management center 101, and the like via the communication unit 512. At this time, the collection unit 513 may acquire the device information 517 stored in the storage unit 516, or the collection unit 513 may manage the number of times the electronic device 401 is used. . For example, the collection unit 513 transmits the collected device information in response to a request from the acquisition unit 502 or in accordance with a predetermined condition (for example, a predetermined time).

  When the setting control unit 514 receives information indicating the security level from the remote management center 101, the remote management device 110, or the like, for example, via the communication unit 512, the electronic device according to the information indicating the requested security level A security function 401 is set. For example, the setting control unit 514 changes the setting value of the setting information 518 stored in the storage unit 516 in accordance with the received information indicating the security level. Alternatively, the setting control unit 514 may change the setting value directly with respect to the security unit 515.

  The security unit 515 implements various security functions of the electronic device 401, such as an authentication function, an encryption function, an HDD automatic deletion function, a network port close function, and the like. The security unit 515 executes various security functions based on the setting of the setting information 518 stored in the storage unit 516, for example. Alternatively, various security function settings of the security unit 515 may be set directly by the setting control unit 514. The collection unit 513, the setting control unit 514, the security unit 515, and the like are realized by a program that operates on the CPU 201 in FIG. 2, for example.

  The storage unit 516 is, for example, a unit that stores device information 517, setting information 518, and the like, and is included in, for example, the HDD 208 in FIG. 2, the storage unit 404 in FIG.

  With the above configuration, the electronic device 401 acquires device information including information on the number of times the electronic device 401 is used, and notifies the remote management device 110 and the like. Further, the electronic device 401 changes the setting value of the security function according to the information indicating the security level notified from the remote management center 101 or the like.

(Functional configuration of detection device)
The detection device 402 includes, for example, a detection unit 519, a determination unit 520, and a communication unit 521.

  The detection unit 519 is, for example, a human sensor that detects an electronic device 401 or a person around the electronic device 401 provided around the electronic device 401, or a camera that captures an image around the electronic device 401 or the electronic device 401. Etc., and people around the electronic device 401 are detected. The detection unit 519 generates, for example, a captured image obtained by imaging the periphery of the electronic device 401, an output signal of a human sensor that indicates the presence or absence of a person around the electronic device 401, and the like. The detection unit 519 is included in, for example, the detection unit 409 in FIG.

  The determination unit 520 determines information on the usage status of the electronic device 401 based on the captured image output from the detection unit 519, the output signal of the human sensor, and the like, and the information on the determined usage status is transmitted to the communication unit 521. To the remote management device 110 or the like. The information regarding the usage status of the electronic device 401 determined by the determination unit 520 includes, for example, the number of people around the electronic device 401, the presence / absence of people around the electronic device 401, the usage frequency of the electronic device 401, and the like.

  For example, the determination unit 520 obtains information on the number of people around the electronic device 401 based on a captured image obtained by imaging the surroundings of the electronic device 401, for example, information such as the number of people and whether there are many people or not. to decide. Alternatively, the determination unit 520 determines information such as the presence / absence of a person, the presence / absence of a person, the usage frequency of the electronic apparatus 401, and the like around the electronic apparatus 401 based on the output signal of the human sensor. The determination unit 520 is realized by, for example, a program that operates on the detection device 402.

  Note that the configuration in which the detection device 402 includes the determination unit 520 is merely an example. For example, the detection device 402 may not include the determination unit 520 but may transmit data detected by the detection unit 519 to an external device including the determination unit 520. In this case, the determination unit 520 is included in, for example, an external device such as the remote management device 110, the remote management center 101, the electronic device 401, or another information processing device.

  The communication unit 521 transmits information on the usage status of the electronic device 401 determined by the determination unit 520, data detected by the detection unit 519, and the like to the external device.

  With the above configuration, the detection apparatus 402 detects and detects information related to the usage status of the electronic device 401, for example, information related to the number of people around the electronic device 401, information such as the usage frequency of the electronic device 401. The transmitted information is transmitted to the remote management device 110 or the like.

(Functional structure of entry / exit recording device)
The entry / exit recording device 109 includes, for example, an authentication unit 522, a storage unit 523, a communication unit 524, and the like.

  For example, the authentication unit 522 authenticates a user who enters and exits based on ID information read by an IC card reader installed at the entrance of a room where the electronic device 401 is installed or an IC tag reader. Manage entry and exit based on the results.

  The storage unit 523 stores information such as entry / exit determined by the authentication unit 522.

  Note that the configuration in which the entry / exit recording device 109 includes the storage unit 523 and manages the entry / exit information is merely an example. For example, the entry / exit recording device 109 may transmit the entry / exit data determined by the authentication unit 522 to an external device having the storage unit 523 without the storage unit 523. In this case, the storage means 523 and the means for managing the entry / exit information are included in, for example, an external device such as the remote management device 110, the remote management center 101, the electronic device 401, or another information processing device.

  With the above configuration, the entry / exit recording device 109 transmits information related to the number of users such as a room in which the electronic device 401 is installed, for example, the number of authenticated users to the remote management device 110 or the like.

  Note that the functional configuration of FIG. 5 is a preferred example, and the information processing system 100 according to the present embodiment can have various system configurations.

  FIG. 6 is a diagram illustrating another example of the functional configuration of the information processing system according to the embodiment. Since the basic configuration is the same as that of the information processing system 100 in FIG. 5, the difference will be mainly described here.

  The information processing apparatus 604 in FIG. 6 includes an acquisition unit 502 of the remote management apparatus 110 in place of the extraction unit 503 of the remote management center 101 in FIG. For example, as described above, each function of the remote management device 110 and the remote management center 101 in FIG. 5 may be included in one information processing device.

  The acquisition unit 502 of the information processing device 604 uses the communication unit 504 of the information processing device 604 to acquire usage information of a plurality of electronic devices 401 and 601 having a security function. The acquisition unit 502 stores the acquired usage information as usage information 509 in the storage unit 508. The other configuration of the information processing apparatus 604 may be the same as that of the remote management center 101 in FIG.

  The electronic apparatus 601 in FIG. 6 is assumed to be, for example, a portable video conference device, and includes a detection unit 603 such as a camera and a determination unit 602. Other configurations of the electronic device 601 may be the same as those of the electronic device 401. For example, when the electronic device 601 is a video conference device, the detection unit 603 captures an image of the installation location of the electronic device 601 using a camera of the video conference device. The determination unit 602 determines information such as the number of users included in the captured image, and transmits the determined information to the information processing apparatus 604 via the communication unit 512.

  As described above, the electronic device 601 can transmit the usage information of the electronic device 601 to the information processing device 604 without using the detection device 402, the entry / exit recording device 109, and the like. Therefore, the information processing system 100 can set information indicating the security level of the electronic device 601 even when the electronic device 601 is connected to the external network of the user environment 112.

  For example, as described above, the information processing system 100 according to the present embodiment can have various system configurations.

<Process flow>
FIG. 7 is a flowchart illustrating an outline of processing of the information processing system according to the embodiment. When starting the process, the information processing system 100 executes processes such as an initialization process (step S701), a method determination process (step S702), a setting process (step S703), and the like.

  FIG. 8 is a flowchart showing a flow of initialization processing according to an embodiment.

  When the information processing system 100 starts the initialization process (step S701 in FIG. 7), is automatic setting of information indicating the security level effective based on, for example, the system setting information 511 stored in the storage unit 508? It is determined whether or not (step S801).

  In the information processing system 100, the system setting unit 507 can set validity / invalidity of automatic setting of information indicating a security level.

  FIG. 9 is a diagram illustrating an example of a system setting screen according to an embodiment. For example, the system setting unit 507 displays the system setting screen 901 shown in FIG. 9 on the display unit 307 and the like shown in FIG. 3, and prompts the user to input system settings.

  In the example of FIG. 9, the system setting screen 901 includes setting items such as automatic security setting 902, security level determination method 903, and priority item 904. The security level is an example of information indicating a security level. In the present embodiment, the security level is divided into a plurality of stages (for example, level 1 to level 4) having different security policies, and that stage is called a security level. A specific example of the security level will be described later.

  When “Yes” is selected in the automatic security setting 902, the system setting unit 507 effectively sets the automatic setting of information indicating the security level of the information processing system 100. On the other hand, when “NO” is selected in the automatic security setting 902, the system setting unit 507 disables the automatic setting of information indicating the security level of the information processing system 100. Preferably, when “No” is selected in the automatic security setting 902, the system setting unit 507 grays out setting items such as the security level determination method 903 and the priority item 904 that do not require setting so that the setting items cannot be selected. It is desirable.

  When “selection item priority” is selected in the security level determination method 903 in FIG. 9, the system setting unit 507 displays the priority item 904, and the security level of the electronic device usage information 509 is determined. You can select the information you want to prioritize. In the example of FIG. 9, “priority number”, “number of times of use of equipment”, “number of people in the room”, and “use place” can be selected as the priority items 904, of which “number of people” and “use” "Location" is selected.

  On the other hand, when “security strength priority” is selected in the security level determination method 903, the system setting unit 507, for example, grays out the setting item of the priority item 904 so that it cannot be selected. In this case, the information processing system 100 automatically determines the security level so that the security level becomes the highest, for example, without selecting the priority item 904.

  The system setting unit 507 stores information set on the system setting screen 901 as system setting information 511 in the storage unit 508.

  Here, returning to FIG. 8, the description of the processing is continued.

  If the automatic setting of the information indicating the security level is not valid in step S801, the information processing system ends the initialization process. On the other hand, if automatic setting of information indicating the security level is valid in step S801, the process proceeds to step S802.

  In step S <b> 802, the acquisition unit 502 of the information processing system 100 acquires usage information on a plurality of electronic devices 401 and 601 that set a security function based on information indicating a security level (security level) to be processed. To do.

  In step S803, the acquisition unit 502 determines a security level weight value and ends the processing.

  As an example of the weight value, the acquisition unit 502 determines the usage location of each electronic device based on the IP address of each electronic device. For example, the acquisition unit 502 determines whether the network to which each electronic device is connected is an in-house network such as the user environment 112, a registered network such as an affiliated company, or an unregistered external network. In addition, the acquisition unit 502 adds information on the determined usage location to the usage information. The usage location information added to the usage information is an example of a security level weight value.

  FIG. 10 is a diagram illustrating an example of usage information of an electronic device according to an embodiment. The usage information 509 in FIG. 10 includes information such as the device ID 1001, the device name 1002, the number of users 1003, the number of times of use 1004, the number of people in the room 1005, and the location of use 1006.

  The device ID 1001 is identification information unique to each electronic device. The device name is the name of each electronic device. The number of users 1003 is information related to the number of people around each electronic device, which is determined by the determination unit 520 based on an image captured around the electronic device detected by the detection unit 519. The information related to the number of people around each electronic device may be information indicating a specific number of people. For example, the number of people is “large” / “normal” / “small” or “5”. It may be rough information such as “more than people” / “less than 5 people”.

  The usage count 1004 is information relating to the usage count of each electronic device based on the device information collected by the collection unit 513. The information related to the number of times of use of each electronic device may be a specific count value of the number of times of use, for example, rough information such as “High” / “Normal” / “Low” There may be.

  The number of people in the room 1005 is information related to the number of users who have been authenticated by the authentication means 522 and where the electronic devices are installed, for example, the number of people who have been recorded by the entry / exit recording device 109. The information related to the number of users at the place where each electronic device is installed may be information indicating the number of specific users. For example, the number of users is “large” / “normal”. ”/“ Less ”or“ five or more ”/“ less than five ”or the like.

  The usage location 1006 is information indicating the usage location, which is an example of the weight value determined in step S803 in FIG. In the example of FIG. 10, the projector 1 is connected to an external network, and entry / exit management by the authentication unit 522 is not performed, so information on the number of people 1005 in the room is not included.

  FIG. 11 is a flowchart illustrating a flow of a method determination process according to an embodiment.

  When starting the method determination process, the information processing system 100 determines whether or not to change the security level determination method (step S1101). For example, the system setting unit 507 determines whether or not to change the security level determination method based on the presence or absence of a user operation that requests a change in system settings.

  If the security level determination method is not changed in step S1101, the information processing system 100 ends the method determination process. On the other hand, when the security level determination method is changed in step S1101, the information processing system 100 proceeds to step S1102.

  In step S1102, the system setting unit 507 displays, for example, the system setting screen 901 in FIG. 9 and prompts the user to select a security level determination method 903.

  When the security level determination method 903 is selected by the user, the system setting unit 507 determines whether to set a priority (step S1103). For example, when “security strength priority” is selected in the security level determination method 903 on the system setting screen 901 in FIG. 9, the system setting unit 507 determines that priority is not set, and ends the method determination processing. . On the other hand, if “selection item priority” is selected in the security level determination method 903 on the system setting screen 901, it is determined that priority is set, and the process proceeds to step S1104.

  In step S1102, the system setting unit 507 displays, for example, the system setting screen 901 in FIG. 9 and prompts the user to select the priority item 904. When the priority item 904 is selected, the system setting unit 507 reflects the selected item in the system setting information 511 and ends the method determination process.

  FIG. 12 is a diagram illustrating a flow of setting processing according to an embodiment. When the information processing system 100 starts the setting process, the determination unit 505 reads (acquires) the usage information 509 stored in the storage unit 508 (step S1201), and determines the security level of each electronic device based on the setting list 510. (Step S505).

  FIG. 13 is a diagram illustrating an example of a setting list according to an embodiment. The setting list 510 is information indicating a security level according to usage information of each electronic device. In the example of FIG. 13, the setting list 510 includes information such as the security level 1301, the number of users 1302, the device usage count 1303, the number of people in the room 1304, and the usage location 1305. In the example of FIG. 13, the setting list 510 is created so that the security strength is basically set higher as the number of people using the electronic device increases. In addition, when the usage location is outside the company, the security strength is set high.

  The determining unit 505 determines the security level of each electronic device using, for example, the usage information 509 in FIG. 10 and the setting list 510 in FIG. For example, according to the usage information 509, the number of users 1003 of the projector 1 is “10”, the usage count 1004 is “30”, and the usage location 1006 is “external”. Therefore, the determination unit 505 determines the security level based on the setting list 510. , “Level 3” can be easily determined.

  On the other hand, according to the usage information 509, the number of users 1003 of the MFP 2 is “30”, the number of usages 1004 is “200”, the number of people 1005 in the room is “8”, and the usage location 1006 is “affiliated company”. In this case, the security level based on the number of users 1302 in the setting list 510 is “level 3”, and the security level based on the device usage count 1303 is “level 4”.

  In such a case, the determination unit 505 determines the security level based on the setting contents set on the system setting screen 901 in FIG. For example, when “security strength priority” is selected in the security level determination method 903 on the system setting screen 901, the determination unit 505 sets “level 3” based on the number of users 1302 and “level 4” based on the device usage count 1303. Among them, “level 4” with high (strong) security strength is selected.

  On the other hand, when “selection item priority” is selected in the security level determination method 903 on the system setting screen 901, among the “level 3” by the number of users 1302 and “level 4” by the device usage count 1303, the priority item 904 Priority is given to the “number of users” selected in. Therefore, the determination unit 505 selects “level 3”.

  For example, as described above, the determination unit 505 determines the security level of each electronic device based on the usage information 509 of each electronic device and the setting list 510.

  Here, returning to FIG. 12, the description of the flow of the setting process will be continued.

  When the security level of each electronic device is determined in step S1202, the device setting unit 506 determines whether there is a change in the security level of each electronic device (step S1203). If it is determined in step S1203 that there is no change in the security level, the setting process ends.

  On the other hand, if it is determined in step S1203 that there is a change in the security level, the device setting unit 506 notifies the electronic device whose security level has been changed of the security level (information indicating the security level) (step S1204). ).

  The setting control unit 514 of the electronic device that has received the security level change request changes the setting value of the security function based on the received security level and the setting information 518 stored in the storage unit 516 (step S1205). .

  FIG. 14 is a diagram illustrating an example of setting information according to an embodiment. The setting information 518 is information in which a plurality of security levels and function setting items are associated with each other, and setting values corresponding to the respective security levels are stored. The electronic device setting control means 514 can set setting values for a plurality of security functions based on such setting information 518 and the received security level.

  FIG. 15 is a diagram illustrating an example of a security level according to an embodiment. The security level is a value indicating the strength (height) of the security of the electronic device, and is associated with, for example, a plurality of security policies. In FIG. 15, the security level 1501 has four levels from level 0 to level 3, and a security policy 1502 is set for each security level 1501.

  In the example of FIG. 15, level 0 is a setting when there is no particular policy and security management is not much concerned. Level 1 has a policy of protecting authority for multiple administrators, and setting to level 1 makes settings such as requiring administrator authentication. Level 2 has a policy of specifying users and restricting the range of use, and setting to level 2 makes settings such as the function that restricts copy users to work. Level 3 has a policy to prevent leakage of personal information such as address books. Setting to level 3 makes settings such as encryption of the address book. For example, in this way, the security policy is defined so that the security becomes stronger as the level becomes higher.

  The security level 1501 shown in FIG. 15 is an example of information indicating the security level. The information indicating the security level may be information that represents the strength of security step by step, and does not necessarily have to be associated with the security policy 1502.

  The electronic apparatus according to the present embodiment can easily set (change) the setting values of a plurality of security functions based on such a security level 1501 and the setting information 518 shown in FIG.

<Summary>
As described above, the information processing system (100) according to the present embodiment includes the electronic devices (401, 601) for setting the security function based on the information indicating the security level, and usage information of the electronic devices (401, 601). Acquisition means (502) for acquiring. Further, the information processing system (100) determines the information indicating the security level of the electronic device (401, 601) based on the usage information (509) acquired by the acquisition unit (502). Have Furthermore, the information processing system (100) includes setting means (506) for notifying the electronic devices (401, 601) of information indicating the security level determined by the determination means (505).

  Accordingly, the information processing system (100) automatically sets information indicating the security level corresponding to the usage information (509) of each electronic device (401, 601) in each electronic device (401, 601). Can do.

  Preferably, the information processing system (100) includes a detection unit (519, 603) for detecting a person around the electronic device (401, 601) and a result detected by the detection unit (519, 603). Determination means (520, 620) for determining the usage status of the device. Further, the usage information (509) includes information on the usage status of the electronic device (401, 601) determined by the determination unit (520, 620) based on the result detected by the detection unit (519, 603).

  Thereby, the information processing system (100) can automatically set information indicating the security level according to the usage status of each electronic device (401, 601) in each electronic device (401, 601).

  Preferably, the information on the usage status of the electronic device (401, 601) includes information on the number of people around the electronic device (401, 601). Thereby, the information processing system (100) automatically sets information indicating the security level according to the number of people around each electronic device (401, 601) in each electronic device (401, 601). be able to.

  Preferably, the information on the usage status of the electronic devices (401, 601) includes information on the usage frequency of the electronic devices (401, 601). Thereby, the information processing system (100) can automatically set information indicating the security level according to the usage frequency of each electronic device (401, 601) in each electronic device (401, 601).

  Preferably, the detection means (519, 603) includes an electronic device (401, 601) or a camera that captures an image around the electronic device (401, 601). Accordingly, the determination unit (520, 603) can determine information related to the number of people around the electronic device (401, 601) based on the image captured by the camera. The information processing system (100) can use, for example, a video conference system 106 or a camera such as the projector 102 having a camera as the detection means (519, 603).

  Preferably, the information processing system (100) includes an authentication unit (522) that authenticates a user at a place where the electronic device (401, 601) is installed. The usage information (509) includes information related to the number of users authenticated by the authentication means (522). As a result, the information processing system (100) automatically sends information indicating the security level according to the number of users at the location where each electronic device (401, 601) is installed to each electronic device (401, 601). Can be set to

  Preferably, the information processing system (100) includes a collection unit (513) that collects device information including information on the number of times the electronic device (401, 601) is used. The usage information (509) includes information on the number of times the electronic device (401, 601) has been collected by the collecting means (513). As a result, the information processing system (100) can automatically set information indicating the security level corresponding to the number of uses of each electronic device (401, 601) in each electronic device (401, 601).

  Note that the reference numerals in the parentheses are given for ease of understanding, are merely examples, and do not limit the scope of the present invention.

100 Information processing system 101 Remote management center (information processing device)
102 Projector (electronic equipment)
103 MFP A (electronic equipment)
104 MFP B (electronic equipment)
105 Printer (electronic equipment)
106 TV conference system (electronic equipment)
401, 601 Electronic device 502 Acquisition unit 505 Determination unit 506 Device setting unit (setting unit)
509 Usage information 513 Collection means 519, 603 Detection means 520, 602 Determination means 522 Authentication means 1501 Security level (information indicating the level of security)

JP 2007-185814 A

Claims (10)

An information processing system including an electronic device that sets a security function based on information indicating a security level,
Obtaining means for obtaining usage information of the electronic device;
Determining means for determining information indicating the security level of the electronic device based on the acquired usage information;
Setting means for notifying the electronic device of information indicating the determined level of security;
An information processing system. Detecting means for detecting a person around the electronic device;
Determining means for determining the usage status of the electronic device based on the detected result;
Have
The information processing system according to claim 1, wherein the usage information acquired by the acquisition unit includes information on a usage status of the electronic device determined by the determination unit.   The information processing system according to claim 2, wherein the information on the usage status of the electronic device includes information related to the number of people around the electronic device.   The information processing system according to claim 2, wherein the information on the usage status of the electronic device includes information on a usage frequency of the electronic device.   The information processing system according to any one of claims 2 to 4, wherein the detection unit includes a camera that captures the electronic device or an image around the electronic device. Having an authentication means for authenticating a user of a place where the electronic device is installed;
The information processing system according to claim 1, wherein the usage information includes information related to the number of authenticated users. Collecting means for collecting device information including information on the number of times the electronic device is used;
The information processing system according to claim 1, wherein the usage information includes information on a usage count of the electronic device. A plurality of the electronic devices;
The determining means includes
The information processing system according to claim 1, wherein weighting of information indicating a security level of each of the plurality of electronic devices is changed based on usage information of the plurality of electronic devices. An acquisition means for acquiring usage information of an electronic device that sets a security function based on information indicating a security level;
Determining means for determining information indicating the security level of the electronic device based on the acquired usage information;
Setting means for notifying the electronic device of information indicating the determined level of security;
An information processing apparatus. An information processing system control method comprising: an electronic device that sets a security function based on information indicating a security level; and an information processing device that sets information indicating the security level of the electronic device,
The information processing apparatus acquiring usage information of the electronic device;
The information processing apparatus determining information indicating the security level of the electronic device based on the acquired usage information;
The information processing apparatus notifying the electronic device of information indicating the determined level of security;
Control method of information processing system including

Images