[go: up one dir, main page]

TWI895763B - Remote Support System - Google Patents

Remote Support System

Info

Publication number
TWI895763B
TWI895763B TW112127723A TW112127723A TWI895763B TW I895763 B TWI895763 B TW I895763B TW 112127723 A TW112127723 A TW 112127723A TW 112127723 A TW112127723 A TW 112127723A TW I895763 B TWI895763 B TW I895763B
Authority
TW
Taiwan
Prior art keywords
aforementioned
supporter
user
connection management
side computer
Prior art date
Application number
TW112127723A
Other languages
Chinese (zh)
Other versions
TW202419992A (en
Inventor
澤田英明
Original Assignee
日商Ckd股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日商Ckd股份有限公司 filed Critical 日商Ckd股份有限公司
Publication of TW202419992A publication Critical patent/TW202419992A/en
Application granted granted Critical
Publication of TWI895763B publication Critical patent/TWI895763B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer And Data Communications (AREA)
  • Testing And Monitoring For Control Systems (AREA)
  • Lock And Its Accessories (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

[課題]提供一種遠距支援系統,既能從遠距處對用戶側設備進行支援,又可更確實地防止對用戶側設備的非法存取等。 [解決手段]遠距支援系統1具備:支援者側電腦21、可允許或不允許自身與支援者側電腦21之連接的連接管理伺服器4、和介於連接管理伺服器4及支援對象設備間的閘道裝置。用於啟動閘道裝置的電源開關係由鑰匙鎖開關所構成。構成為在用於使支援者側電腦21能經由連接管理伺服器4及閘道裝置與支援對象設備連接的條件下,至少含有允許支援者側電腦21及連接管理伺服器4之連接的狀態、及閘道裝置啟動而成為動作中的狀態兩者。 [Question] A remote support system is provided that can remotely support user-side devices while more reliably preventing unauthorized access to the user-side devices. [Solution] A remote support system 1 includes a supporter-side computer 21, a connection management server 4 that can allow or deny connections between the system and the supporter-side computer 21, and a gateway device between the connection management server 4 and the supported device. The power switch for activating the gateway device is a key lock switch. The conditions for enabling the supporter-side computer 21 to connect to the supported device via the connection management server 4 and the gateway device include at least two states: a state in which the connection between the supporter-side computer 21 and the connection management server 4 is permitted, and a state in which the gateway device is activated and in operation.

Description

遠距支援系統Remote Support System

本發明係有關一種用於從遠距處支援對於設置在用戶側設備進行之作業等的系統。The present invention relates to a system for remotely supporting operations performed on a user-side device.

用於進行各種製品的製造和檢查等的設備係由各種設備製造商所製造、銷售。有關這樣的設備方面,可舉出具備用於進行藥品(例如錠劑等)之檢查的檢查裝置,且一邊藉由該檢查裝置進行藥品的檢查,一邊製造收容有該藥品而成的泡殼片的泡殼包裝機等。Equipment used for manufacturing and inspecting various products is manufactured and sold by various equipment manufacturers. Examples of such equipment include inspection devices for inspecting pharmaceuticals (such as tablets), and blister packaging machines that simultaneously manufacture blister tablets containing the pharmaceuticals while inspecting the pharmaceuticals.

但是,在購入該設備的用戶(客戶)側,有時會有需對前述設備進行設定變更、維護、異常對應等之作業的情況。在這種情況下,可能會產生希望從設備製造商的負責人等的支援者接受到作業的支援之需求,但當支援者去到現場進行支援時,會導致時間和人員上的損失。However, users (customers) who purchased the equipment may need to perform configuration changes, maintenance, or troubleshooting on the equipment. In such cases, they may need to receive support from support personnel, such as those in charge of the equipment manufacturer. However, this requires on-site support, which incurs time and manpower losses.

因此,在用於從遠距處支援作業(特別是異常對應)的系統方面,已知有利用網際網路將設備製造商側的裝置和用戶側的裝置常時連接的系統(例如,參照專利文獻1等)。該系統具備:客戶監控用戶端、監視伺服器、客戶資訊伺服器及中心監控用戶端。Therefore, in terms of systems for remotely supporting operations (particularly abnormality response), there is a known system that utilizes the Internet to permanently connect devices at the equipment manufacturer and at the user's side (e.g., see Patent Document 1). This system comprises a client monitoring client, a monitoring server, a client information server, and a central monitoring client.

客戶監視客戶機係設置在用戶側的裝置,常時監視支援對象的設備(監視對象機器)以進行異常資料的檢出,並透過網際網路向支援者側的裝置發送監視日誌或異常資料。監視伺服器係設置在支援者側的裝置,利用經由網際網路接收到的監視日誌及異常資料,作成事件資料庫。客戶資訊伺服器係設置在支援者側的裝置,在事件資料庫的狀態發生變化的時點,依據該變化所涉及的事件內容來作成客戶資訊和故障(異常)一覽資訊。中心監視客戶端係設置在支援者側的裝置,顯示用於表示客戶及故障內容的畫面。依據該系統,在支援對象的設備發生故障(異常)的情況下,可由支援者進行迅速的異常對應。 [先前技術文獻] [專利文獻] The client monitoring client is a device installed on the user's side. It constantly monitors the supported equipment (monitored equipment) to detect abnormal data and sends monitoring logs and abnormal data to the supporter's device via the Internet. The monitoring server is a device installed on the supporter's side. It uses the monitoring logs and abnormal data received via the Internet to create an event database. The client information server is a device installed on the supporter's side. When the status of the event database changes, it creates customer information and fault (abnormal) summary information based on the event content related to the change. The central monitoring client is a device installed on the supporter's side that displays a screen showing the client and the details of the problem. This system enables the supporter to quickly respond to a malfunction (abnormality) in the supported equipment. [Prior Art] [Patent]

[專利文獻1]日本特開2003-271238號公報[Patent Document 1] Japanese Patent Application Laid-Open No. 2003-271238

[發明欲解決之課題][Problem to be solved by the invention]

但是,在上述系統中,有需要將用戶側的設備(支援對象的設備)與網際網路常時連接。因此,會有具惡意的第三者對用戶側的設備進行非法存取,使記憶在該設備的程式或資料被篡改、竊取、破壞等之虞。此外,由於用戶側的設備(支援對象的設備)與網際網路常時連接,因此即使支援者沒有惡意,但記憶在用戶側的設備之程式或資料亦有可能被支援者進行用戶不想要的變更、修正、刪除等。However, in the above system, the user's device (the supported device) must be constantly connected to the Internet. Therefore, there is a risk that a malicious third party could illegally access the user's device, causing the program or data stored on the device to be tampered with, stolen, or destroyed. Furthermore, because the user's device (the supported device) is constantly connected to the Internet, even if the supporter has no malicious intent, the program or data stored on the user's device could be modified, modified, or deleted by the supporter without the user's consent.

特別是,在用戶側的設備係具備用於進行藥品(錠劑等)之檢查的檢查裝置的設備的情況下,欲接受支援者的遠距支援之需求很高,此外,上述般問題的影響可能非常大。In particular, when the user's device is equipped with an inspection device for inspecting pharmaceuticals (tablets, etc.), there is a high demand for remote support from a supporter, and the impact of the above-mentioned problems may be very significant.

即,檢查裝置係隨著製造品種的變更進行各種不同藥品的檢查。因此,需對檢查裝置實施配合於各藥品的檢查設定,惟其設定並不容易。此外,在被檢查裝置判定藥品為不良的情況等,有時會發生用戶側無法特定該判定的原因般的事態。因此,用戶側容易產生想要充分且容易地接受來自支援者支援的要求,想接受支援者的遠距支援的需求很高。Specifically, inspection equipment is required to inspect a variety of different pharmaceutical products as the product line changes. Therefore, the inspection equipment must be configured to suit each pharmaceutical product, a complex task. Furthermore, when an inspection device determines a pharmaceutical product is defective, the user may be unable to pinpoint the cause of the determination. Consequently, users often demand support from support providers, making it easier and more convenient for them to receive support remotely.

另一方面,由於藥品是在嚴格的基準·管理下進行處理,所以在發生用戶側的設備所記憶的程式或資料被篡改、修正等般問題的情況下,該問題的影響可能變大。On the other hand, since pharmaceuticals are handled under strict standards and controls, if programs or data stored in user-side devices are tampered with or modified, the impact of the problem could be greater.

本發明係有鑒於上述情事而完成者,其目的在於提供一種遠距支援系統,該遠距支援系統既可從遠距處對用戶側的設備進行支援,又可更確實地防止對用戶側的設備(支援對象的設備)的非法存取或支援者所進行的用戶側不想要的資料變更等。 [用以解決課題之手段] The present invention was developed in light of the above-mentioned circumstances. Its purpose is to provide a remote support system that can remotely support a user's device while more reliably preventing unauthorized access to the user's device (the device being supported) or unwanted data changes by the supporter. [Means for Solving the Problem]

以下,針對適合於解決上述目的之各手段進行分項說明。此外,因應需要在對應的手段附記特有的作用效果。The following describes each of the measures suitable for achieving the above objectives. Furthermore, specific effects and benefits are noted for each measure as needed.

手段1.一種遠距支援系統,其具備用於進行藥品檢查的檢查裝置,用於支援者從遠距處支援對設置在用戶側的支援對象設備的作業,具備: 設置在支援者側,用於對前述支援對象設備進行作業支援的支援者側電腦,及 連接管理伺服器,具有至少管理用在來自於前述支援者側電腦連接的連接用資訊之連接管理部,依據從前述支援者側電腦輸入的資訊與前述連接用資訊之比較結果,能允許或不允許自身與前述支援者側電腦之連接;及 閘道裝置,其設置在用戶側,介於前述連接管理伺服器及前述支援對象設備間, 用於啟動前述閘道裝置的電源開關係由鑰匙鎖開關所構成, 前述支援者側電腦構成為:能經由前述連接管理伺服器及前述閘道裝置與前述支援對象設備連接,且 構成為:在用於使前述支援者側電腦能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備連接的條件下,至少包含前述支援者側電腦及前述連接管理伺服器之連接被允許的狀態、及前述閘道裝置啟動並動作中的狀態這兩者。 Means 1. A remote support system comprising an inspection device for performing pharmaceutical inspections, for enabling a supporter to remotely support operations on a target device located on a user's side, comprising: A supporter-side computer located on the supporter's side for providing operational support on the target device; A connection management server having a connection management unit for managing at least connection information from the supporter-side computer, capable of allowing or disallowing connection between the supporter-side computer and the supporter-side computer based on a comparison between information input from the supporter-side computer and the connection information; and A gateway device located on the user's side, interposed between the connection management server and the target device. The power switch for activating the gateway device is configured as a key lock switch. The supporter-side computer is configured to be connectable to the target device via the connection management server and the gateway device, and the conditions for enabling the supporter-side computer to connect to the target device via the connection management server and the gateway device include at least two conditions: a state in which the connection between the supporter-side computer and the connection management server is permitted, and a state in which the gateway device is activated and in operation.

依據上述手段1,構成為:在用於使支援者側電腦能經由連接管理伺服器及閘道裝置而與支援對象設備連接的條件下,至少包含允許支援者側電腦及連接管理伺服器的連接的狀態、及閘道裝置啟動並動作中的狀態這兩者。在此,支援者側電腦及連接管理伺服器的連接,係依據從支援者側電腦輸入的資訊(例如ID及密碼)與連接管理部管理的連接用資訊之比較結果而被設為允許或不允許。此外,閘道裝置的啟動係透過操作鑰匙鎖開關(用以切換開啟/關閉所需之規定的鑰匙的開關)才能實現。因此,為了設成能連接支援者側電腦及支援對象設備以進行來自遠距處的支援之狀態,需要在支援者側的規定的作業(資訊的輸入)及在用戶側的規定的作業(基於鑰匙鎖開關之閘道裝置的啟動)兩者。According to the aforementioned means 1, the conditions for enabling a supporter-side computer to connect to a supported device via a connection management server and a gateway device include at least two conditions: a state in which the connection between the supporter-side computer and the connection management server is permitted, and a state in which the gateway device is activated and in operation. Here, the connection between the supporter-side computer and the connection management server is permitted or not permitted based on a comparison between information input from the supporter-side computer (e.g., an ID and password) and connection information managed by the connection management unit. Furthermore, activation of the gateway device is achieved by operating a key lock switch (a switch for switching a predetermined key between on and off). Therefore, in order to establish a state where the supporter-side computer and the target device can be connected for remote support, both predetermined operations on the supporter side (inputting information) and predetermined operations on the user side (activating the gateway device based on the key lock switch) are required.

因此,能極有效地降低具惡意的第三者對用戶側的設備(支援對象設備)進行非法存取的風險,能更確實防止該設備所記憶的程式或資料被篡改、竊取、破壞等。Therefore, it can effectively reduce the risk of malicious third parties illegally accessing the user's device (supported device), and can more reliably prevent the programs or data stored in the device from being tampered with, stolen, or destroyed.

此外,閘道裝置的電源係由鑰匙鎖開關所管理,再者,由於閘道裝置的啟動係在用戶側進行,所以能更確實防止用戶不想要的支援者對用戶側的設備(支援對象設備)所記憶的程式或資料進行變更或修正、刪除等。In addition, the power supply of the gateway device is managed by a key lock switch. Furthermore, since the gateway device is activated on the user side, it can more reliably prevent unwanted supporters from changing, modifying, or deleting programs or data stored on the user-side device (support target device).

此外,依據上述手段1的遠距支援系統,能從遠距處對用戶側的設備(支援對象設備)進行支援,並能飛躍性地提高與用戶側的設備有關的資訊安全性。因此,上述手段1的遠距支援系統係在支援對象設備具備用於進行藥品的檢查之檢查裝置的情況下,發揮極其有效的功能。Furthermore, the remote support system of means 1 can remotely support a user's device (support target device) and significantly improve the security of information related to the user's device. Therefore, the remote support system of means 1 is particularly effective when the support target device is equipped with an inspection device for inspecting pharmaceuticals.

手段2.如手段1記載之遠距支援系統,其特徵為 在用戶側設置有複數個前述支援對象設備,且在複數個前述支援對象設備包含由不同設備製造商所製造的設備, 前述支援對象設備係按每個前述設備製造商而分別與不同前述閘道裝置連接。 Means 2. The remote support system according to Means 1, characterized in that: A plurality of the aforementioned support target devices are installed on the user side, and the plurality of the aforementioned support target devices include devices manufactured by different device manufacturers; The aforementioned support target devices are connected to different aforementioned gateway devices for each device manufacturer.

依據上述手段2,支援對象設備係按照每個設備製造商分別與不同的閘道裝置連接。因此,在經由閘道裝置連接支援者側電腦及支援對象設備時,對於支援者側電腦僅能連接與該閘道裝置對應之特定的設備製造商所製造的支援對象設備。藉此,例如能容易地將能從某個支援者側連接的支援對象設備限定為該支援者所製造的支援對象設備。因此,能更確實防止支援對象設備所記憶之有用的各種資訊(例如設定資訊、程式等)被與該支援對象設備無關係的支援者所閱覽等。其結果,可獲得複數個支援者的遠距支援,並能極其有效地實現保護各支援對象設備所具有之有用的資訊。According to the above-mentioned means 2, the support target device is connected to a different gateway device for each device manufacturer. Therefore, when the supporter-side computer and the support target device are connected via the gateway device, the supporter-side computer can only connect to the support target device manufactured by the specific device manufacturer corresponding to the gateway device. Thereby, for example, it is easy to limit the support target devices that can be connected from a certain supporter side to the support target devices manufactured by the supporter. Therefore, it is possible to more reliably prevent various useful information stored in the support target device (such as setting information, programs, etc.) from being browsed by supporters who are not related to the support target device. As a result, remote support from multiple supporters can be obtained, and the protection of useful information possessed by each support target device can be achieved extremely effectively.

手段3.如手段1記載之遠距支援系統,其特徵為 前述連接管理伺服器係設置在網際網路上, 具有用戶側通信裝置,其設置在用戶側且至少在將前述支援者側電腦及前述支援對象設備連接時與網際網路連接, 前述閘道裝置係透過以下(1)或(2)的路徑與網際網路連接。 Means 3. The remote support system as described in Means 1 is characterized in that: the connection management server is set on the Internet, and has a user-side communication device, which is set on the user side and is connected to the Internet at least when the supporter-side computer and the supported device are connected, and the gateway device is connected to the Internet via the following path (1) or (2).

(1)經由前述用戶側通信裝置路徑且為不與用戶側的網路連接的路徑。 (2)經由僅與前述用戶側通信裝置及前述閘道裝置連接之用戶側的網路和前述用戶側通信裝置的路徑。 在用戶側有時設置有記憶了生產管理系統、會計系統、購買系統、郵件系統、人事·工資系統等之事業營運所需的各種資料的伺服器。當將這般伺服器成為可與網際網路連接的狀態時,會有因非法存取而發生嚴重事態之虞。 (1) A path that passes through the aforementioned user-side communication device and is not connected to the user-side network. (2) A path that passes through the user-side network and the aforementioned user-side communication device, which is connected only to the aforementioned user-side communication device and the aforementioned gateway device. Sometimes, a server is installed on the user side that stores various data required for business operations, such as production management systems, accounting systems, purchasing systems, mail systems, and human resources and payroll systems. When such a server is made accessible to the Internet, there is a risk of a serious incident due to unauthorized access.

關於這點,依據上述手段3,閘道裝置係藉由(1)經由用戶側通信裝置路徑且為不與用戶側的網路連接的路徑,或者(2)經由僅與用戶側通信裝置及閘道裝置連接的用戶側的網路和用戶側通信裝置的路徑而連接到網際網路。因此,能更確實地從網際網路分離與用戶側的伺服器連接的網路。藉此,能更確實地防止對用戶側的伺服器的非法存取,此外,即使萬一發生了對支援對象設備等之侵入,也能有效地抑制該侵入的影響波及前述伺服器。In this regard, according to the above-mentioned means 3, the gateway device is connected to the Internet via (1) a path through the user-side communication device that is not connected to the user-side network, or (2) a path through the user-side network and the user-side communication device that is connected only to the user-side communication device and the gateway device. Therefore, the network connected to the user-side server can be more reliably separated from the Internet. In this way, unauthorized access to the user-side server can be more reliably prevented. In addition, even if an intrusion into the supporting target device or the like occurs, the influence of the intrusion can be effectively suppressed from affecting the aforementioned server.

手段4.如手段3記載的遠距支援系統,其特徵在於,具備切換開關,其設置在前述(1)或(2)的路徑上,能將前述閘道裝置在與前述用戶側通信裝置連接的狀態和與設置在用戶側的伺服器連接的狀態間切換。Means 4. The remote support system as described in means 3 is characterized in that it has a switching switch, which is set on the path (1) or (2) above and can switch the above-mentioned gateway device between a state of connection with the above-mentioned user-side communication device and a state of connection with a server set up on the user side.

依據上述手段4,在為了進行遠距支援而將閘道裝置與用戶側通信裝置連接的情況下,可將使用戶側的伺服器相對於網際網路設為非連接的狀態。因此,與上述手段3同樣,能更確實地防止對用戶側的伺服器之非法存取等。According to the above-mentioned means 4, when the gateway device is connected to the user-side communication device for remote support, the user-side server can be disconnected from the Internet. Therefore, similar to the above-mentioned means 3, unauthorized access to the user-side server can be more reliably prevented.

另一方面,在將閘道裝置與用戶側的伺服器連接的情況下,可將閘道裝置設為與用戶側通信裝置不連接的狀態。因此,既可確保良好的資訊安全性,又可經由閘道裝置在用戶側的伺服器收集支援對象設備的資料等。藉此,對用戶而言能提高便利性。On the other hand, when the gateway device is connected to the user's server, it can be disconnected from the user's communication device. This ensures high information security while allowing data from supported devices to be collected via the gateway device's server on the user's side. This improves user convenience.

手段5.如手段1記載之遠距支援系統,其特徵為 前述支援對象設備係具有包含前述檢查裝置的複數個構成裝置, 前述支援者側電腦構成為能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備所具有的前述構成裝置連接, 具備構成裝置連接管理部,其具有如下功能中的至少一者:按各個前述構成裝置來允許或不允許前述支援者側電腦及前述構成裝置之連接的功能;按各個前述構成裝置來管理由前述支援者側電腦所進行之記憶在前述構成裝置的資訊之變更或閱覽相關的權限。 Means 5. The remote support system according to Means 1, characterized in that: the supported device comprises a plurality of components including the inspection device; the supporter-side computer is configured to connect to the components of the supported device via the connection management server and the gateway device; and a component connection management unit is provided, having at least one of the following functions: allowing or disallowing connection between the supporter-side computer and the components for each component; and managing, for each component, permissions for the supporter-side computer to modify or view information stored in the components.

依據上述手段5,透過按照每個構成裝置來允許或不允許支援者側電腦及構成裝置的連接的功能,能更加確實地實現防止因非法存取而對構成裝置之侵入。此外,透過按各個構成裝置來管理由支援者側電腦進行的記憶在構成裝置的資訊之變更或閱覽相關權限的功能,能更確實地防止因支援者的誤操作等所致之記憶在構成裝置的資訊的變更、閱覽。According to the above-mentioned means 5, by allowing or disallowing connections between the supporter-side computer and a component device on a per-component basis, it is possible to more reliably prevent unauthorized access to the component device. Furthermore, by managing the permissions for the supporter-side computer to modify or browse information stored in the component device on a per-component basis, it is possible to more reliably prevent modification or browsing of information stored in the component device due to, for example, improper operation by the supporter.

此外,亦可適當組合上述各手段的技術事項。例如,亦可將上述手段2的技術事項與上述手段3或5的技術事項作組合。此外,例如,亦可將上述手段1的技術事項與上述手段2〜5的技術事項中的2個以上作組合。Furthermore, the technical aspects of each of the above-mentioned means may be appropriately combined. For example, the technical aspects of the above-mentioned means 2 may be combined with the technical aspects of the above-mentioned means 3 or 5. Furthermore, for example, the technical aspects of the above-mentioned means 1 may be combined with two or more of the technical aspects of the above-mentioned means 2 to 5.

[用以實施發明的形態][Form used to implement the invention]

以下,參照圖式就一實施形態作說明。遠距支援系統係用於支援者從遠距處支援對於設置在用戶側的支援對象設備所進行的作業。如圖1所示,遠距支援系統1係具備支援者側系統2、用戶側系統3以及連接管理伺服器4。The following describes one embodiment with reference to the accompanying drawings. A remote support system is used to allow a supporter to remotely support operations performed on a target device located on the user's side. As shown in FIG1 , the remote support system 1 includes a supporter-side system 2, a user-side system 3, and a connection management server 4.

支援者側系統2係設置在支援者側的系統,設置在遠離後述的支援對象設備31a、31b、31c、31d的設置場所的遠距處。在本實施形態中,支援者係製造並銷售支援對象設備31a、31b、31c、31d的設備製造商。支援者係特別進行對本身所製造、銷售的支援對象設備31a、31b、31c、31d之作業的支援。此外,在以下,有時將支援對象設備31a、31b、31c、31d簡略表示成「支援對象設備31a〜31d」。The supporter-side system 2 is installed on the supporter's side, remotely located from the installation location of the support target devices 31a, 31b, 31c, and 31d, described later. In this embodiment, the supporter is the device manufacturer that manufactures and sells the support target devices 31a, 31b, 31c, and 31d. The supporter specifically supports the operations of the support target devices 31a, 31b, 31c, and 31d that it manufactures and sells. In the following, the support target devices 31a, 31b, 31c, and 31d may be referred to simply as "support target devices 31a to 31d."

支援者側系統2係按不同的支援者而設置,具備支援者側電腦21、支援者側網路22以及支援者側通信裝置23。The supporter-side system 2 is configured for different supporters and includes a supporter-side computer 21 , a supporter-side network 22 , and a supporter-side communication device 23 .

支援者側電腦21係被支援者操作,被用在從遠距處對支援對象設備31a〜31d進行的作業的支援。支援者側電腦21具備:作為運算單元的CPU、記憶各種程式的ROM、暫時記憶運算資料或輸入輸出資料等之各種資料的RAM、長期記憶各種資料的記憶媒體、用於進行資訊輸入的輸入裝置(例如鍵盤等)、用於顯示各種資訊的顯示裝置(例如液晶顯示器等)等。The supporter-side computer 21 is operated by the supporter and is used to remotely support operations performed by the support target devices 31a to 31d. The supporter-side computer 21 includes a CPU as a processing unit, a ROM for storing various programs, a RAM for temporarily storing various data such as calculation data and input/output data, a storage medium for long-term storage of various data, an input device (such as a keyboard) for inputting information, and a display device (such as a liquid crystal display) for displaying various information.

支援者側網路22係藉由設置在支援者側系統2的LAN(區域網路)線路所構成,與支援者側電腦21及支援者側通信裝置23連接。支援者側網路22至少承擔支援者側電腦21和支援者側通信裝置23之間的信號(資訊)的收發。此外,亦可在支援者側網路22連接支援者側電腦21或支援者側電腦23以外的設備(例如電腦或印表機等)。The supporter-side network 22 is composed of a LAN (Local Area Network) line installed in the supporter-side system 2 and is connected to the supporter-side computer 21 and the supporter-side communication device 23. The supporter-side network 22 is responsible for at least transmitting and receiving signals (information) between the supporter-side computer 21 and the supporter-side communication device 23. Furthermore, devices other than the supporter-side computer 21 or the supporter-side computer 23 (such as a computer or printer) can also be connected to the supporter-side network 22.

支援者側通信裝置23係例如由路由器等所構成,介於支援者側網路22及網際網路5之間。透過支援者側通信裝置23,支援者側電腦21係成為與網際網路5連接的狀態。The supporter-side communication device 23 is composed of, for example, a router, and is interposed between the supporter-side network 22 and the Internet 5. The supporter-side computer 21 is connected to the Internet 5 via the supporter-side communication device 23.

用戶側系統3係一種既能實現良好的資訊安全,又能從支援者側電腦21對支援對象設備31a〜31d進行遠距支援、收集支援對象設備31a〜31d所記憶的資料等的系統。用戶側系統3係具備:支援對象設備31a〜31d、用戶側通信裝置32a、32b、子網路33、閘道裝置34a、34b、34c、34d、切換開關35a、35b、主網路36以及公司內部伺服器37。The user-side system 3 is a system that achieves high information security while enabling remote support of target devices 31a-31d from the supporter-side computer 21 and collecting data stored in the target devices 31a-31d. The user-side system 3 includes target devices 31a-31d, user-side communication devices 32a, 32b, a subnet 33, gateway devices 34a, 34b, 34c, and 34d, switches 35a, 35b, a main network 36, and an internal server 37.

在本實施形態中,公司內部伺服器37係相當於「設置在用戶側的伺服器」。此外,子網路33及主網路36係分別相當於「設置在用戶側的網路」,特別是子網路33係相當於「僅與用戶側通信裝置及閘道裝置連接的用戶側的網路」。此外,以下有時將閘道裝置34a、34b、34c、34d簡化表示成「閘道裝置34a〜34d」。In this embodiment, in-house server 37 corresponds to a "server located on the user side." Furthermore, subnet 33 and main network 36 each correspond to a "network located on the user side." In particular, subnet 33 corresponds to a "network located on the user side that is connected only to user-side communication devices and gateway devices." In the following, gateway devices 34a, 34b, 34c, and 34d are sometimes referred to simply as "gateway devices 34a through 34d."

支援對象設備31a〜31d具備:用於控制該支援對象設備31a〜31d動作的定序器即PLC(可程式邏輯控制器)311;用於進行藥品檢查的檢查裝置312、313;觸控板314,用於進行對該支援對象設備31a〜31d的資訊之輸入以及顯示該支援對象設備31a〜31d所記憶的資訊(資料)。The supporting object devices 31a to 31d are equipped with: a sequencer, i.e., a PLC (programmable logic controller) 311, for controlling the operation of the supporting object devices 31a to 31d; inspection devices 312 and 313 for performing drug inspections; and a touch panel 314 for inputting information into the supporting object devices 31a to 31d and displaying information (data) stored in the supporting object devices 31a to 31d.

本實施形態中的支援對象設備31a〜31d係泡殼包裝機,用於一邊透過檢查裝置312、313進行藥品(例如錠劑等)的檢查,一邊透過將經過檢查的藥品包裝來製造泡殼片(例如PTP片)。作為具備檢查裝置的泡殼包裝機,例如可舉出日本特開2017-1698號公報記載的泡殼包裝機等。在本實施形態中,PLC311、檢查裝置312、313以及觸控板314係分別相當於「構成裝置」。In this embodiment, the supporting devices 31a to 31d are blister packaging machines. These machines inspect pharmaceuticals (e.g., tablets) using inspection devices 312 and 313 and package the inspected pharmaceuticals to produce blister sheets (e.g., PTP sheets). Examples of blister packaging machines equipped with inspection devices include those described in Japanese Patent Application Publication No. 2017-1698. In this embodiment, the PLC 311, inspection devices 312 and 313, and touch panel 314 are each considered a "component device."

檢查裝置312、313係具備用於拍攝藥品的攝像裝置(照相機)和依據藉由該攝像裝置得到的圖像資料來判定藥品的良否的良否判定裝置。此外,在檢查裝置312、313記憶有用於檢查的各種資訊。各種資訊包含:用於判定良否的判定基準(例如閾值等)、用於進行二值化處理的二值化用閾值、用於劃定檢查對象範圍的資料(例如用於特定出圖像資料中的錠劑部分的資訊)等。Inspection devices 312 and 313 are equipped with an imaging device (camera) for photographing pharmaceuticals and a quality control device for determining the quality of the pharmaceuticals based on the image data obtained by the imaging device. Various information useful for inspection is stored in inspection devices 312 and 313. This information includes criteria for determining quality (e.g., thresholds), binarization thresholds used for binarization, and data for defining the inspection area (e.g., information for identifying the tablet portion in the image data).

此外,在用戶側設置有複數個支援對象設備31a〜31d,在此等支援對象設備31a〜31d包含由不同的設備製造商所製造的設備。在本實施形態中,支援對象設備31a、31b、31d係分別由A公司所製造,支援對象設備31c係由B公司所製造。並且,各支援對象設備31a〜31d(作為各支援對象設備31a〜31d的構成裝置的PLC311等)係按每個設備製造商分別與不同的閘道裝置34a〜34d連接。即,由A公司所製造的支援對象設備31a、31b、31d與由B公司所製造的支援對象設備31c不連接於同一個閘道裝置。Furthermore, a plurality of support target devices 31a to 31d are installed on the user side. These support target devices 31a to 31d include devices manufactured by different device manufacturers. In this embodiment, support target devices 31a, 31b, and 31d are each manufactured by Company A, while support target device 31c is manufactured by Company B. Furthermore, each support target device 31a to 31d (including the PLC 311 and other components of each support target device 31a to 31d) is connected to a different gateway device 34a to 34d for each device manufacturer. In other words, support target devices 31a, 31b, and 31d manufactured by Company A and support target device 31c manufactured by Company B are not connected to the same gateway device.

此外,如圖2所示,在支援對象設備31a〜31d的構成裝置(PLC311、檢查裝置312、313等)設置有構成裝置連接管理部315。構成裝置連接管理部315具有:按每個構成裝置允許或不允許支援者側電腦21及構成裝置(PLC311等)之連接的功能、按每個構成裝置來管理藉由支援者側電腦21進行的記憶在構成裝置(PLC311等)的資訊之變更或閱覽相關權限的功能。此外,構成裝置連接管理部315亦可僅具有兩個功能中的一個功能。Furthermore, as shown in FIG2 , a component connection management unit 315 is provided in the components (PLC 311, inspection devices 312, 313, etc.) of the supported devices 31a to 31d. The component connection management unit 315 has the function of allowing or disallowing the connection between the supporter-side computer 21 and the component (PLC 311, etc.) for each component, and the function of managing the permissions related to changes or browsing of information stored in the component (PLC 311, etc.) by the supporter-side computer 21 for each component. Furthermore, the component connection management unit 315 may have only one of these two functions.

在本實施形態中,構成裝置連接管理部315係在經由連接管理伺服器4或閘道裝置34a〜34d從支援者側電腦21對構成裝置(PLC311等)存取時,向連接管理伺服器4的後述的顯示操作管理部43發送規定的密碼輸入請求資訊。藉此,藉由顯示操作管理部43而在支援者側電腦21的前述顯示裝置顯示規定的密碼輸入畫面G3(參照圖7)。但是,從支援者側電腦21對構成裝置進行存取,係必須滿足支援者側電腦21及連接管理伺服器4的連接被允許的狀態、及連接於該構成裝置的閘道裝置34a〜34d啟動而成為動作中的狀態之兩個狀態。In this embodiment, when access is made to a component device (e.g., PLC 311) from the supporter-side computer 21 via the connection management server 4 or the gateway devices 34a-34d, the component device connection management unit 315 sends predetermined password input request information to the display operation management unit 43 (described later) of the connection management server 4. Consequently, the display operation management unit 43 displays a predetermined password input screen G3 (see FIG. 7 ) on the display device of the supporter-side computer 21. However, access to a component device from the supporter-side computer 21 requires that the connection between the supporter-side computer 21 and the connection management server 4 be permitted, and that the gateway devices 34a-34d connected to the component device be activated and in operation.

並且,當在密碼輸入畫面G3中輸入了來自於支援者側電腦21之針對作為連接目標的前述構成裝置的適當的密碼時,構成裝置連接管理部315係允許從支援者側電腦21對該構成裝置的連接。Furthermore, when the appropriate password for the aforementioned component device as the connection target is input from the supporter-side computer 21 in the password input screen G3, the component device connection management unit 315 permits the connection from the supporter-side computer 21 to the component device.

另一方面,構成裝置連接管理部315係在從支援者側電腦21輸入的密碼不適當的情況下,不允許從支援者側電腦21對成為連接目標的構成裝置的連接。允許或不允許連接係透過將預先記憶在構成裝置連接管理部315的密碼與從支援者側電腦21輸入的密碼之比較所決定。On the other hand, if the password input from the supporter-side computer 21 is inappropriate, the component connection management unit 315 does not permit connection from the supporter-side computer 21 to the target component. Permission or rejection of the connection is determined by comparing the password pre-stored in the component connection management unit 315 with the password input from the supporter-side computer 21.

返回圖1,用戶側通信裝置32a、32b係例如由路由器、行動電話等所構成,是至少在將支援者側電腦21及支援對象設備31a〜31d連接時連接到網際網路5的機器。在本實施形態中,用戶側通信裝置32a係由路由器所構成,用戶側通信裝置32b係由行動電話所構成。Returning to Figure 1 , user-side communication devices 32a and 32b are comprised of, for example, routers and mobile phones, and are devices that connect to the Internet 5 at least when connecting the supporter-side computer 21 and the supported devices 31a to 31d. In this embodiment, user-side communication device 32a is comprised of a router, and user-side communication device 32b is comprised of a mobile phone.

子網路33係例如由規定的LAN線路等所構成,是僅與用戶側通信裝置32a及閘道裝置34a、34b、34c連接的用戶側網路。在本實施形態中,子網路33是為了將1個用戶側通信裝置32a和複數個支援對象設備31a、31b、31c連接而設置。Subnet 33 is a user-side network composed of, for example, a predetermined LAN line, and is connected only to user-side communication device 32a and gateway devices 34a, 34b, and 34c. In this embodiment, subnet 33 is provided to connect a single user-side communication device 32a to a plurality of support target devices 31a, 31b, and 31c.

閘道裝置34a〜34d係用於將協定或資料形式不同的線路彼此連接的機器。閘道裝置34a〜34d係設置在用戶側,介於連接管理伺服器4和支援對象設備31a〜31d之間。Gateway devices 34a to 34d are devices used to connect lines with different protocols or data formats. They are located on the user side, between the connection management server 4 and the supported devices 31a to 31d.

此外,用於啟動閘道裝置34a〜34d的電源開關係由鑰匙鎖開關所構成。在本實施形態中,用於切換閘道裝置34a〜34d的電源開關(鑰匙鎖開關)中的開啟/關閉的鑰匙係由用戶側規定的管理者所管理。透過開啟電源開關(鑰匙鎖開關),閘道裝置34a〜34d啟動而成為動作中的狀態,透過關閉電源開關,停止閘道裝置34a〜34d。Furthermore, the power switches for activating gate devices 34a to 34d are configured as key lock switches. In this embodiment, the key used to switch the power switches (key lock switches) for gate devices 34a to 34d on and off is managed by an administrator specified by the user. Turning on the power switches (key lock switches) activates gate devices 34a to 34d and puts them into operation. Turning off the power switches deactivates gate devices 34a to 34d.

此外,閘道裝置34a〜34d係透過以下(1)或(2)的路徑與網際網路5連接。(1)的路徑係經由用戶側通信裝置32b的路徑,是不與用戶側的網路(子網路33及主網路36)連接的路徑。閘道裝置34d係透過(1)的路徑與網際網路5連接。(2)的路徑係經由僅與用戶側通信裝置32a及閘道裝置34a、34b、34c連接的子網路33和用戶側通信裝置32a的路徑。閘道裝置34a、34b、34c係透過(2)的路徑與網際網路5連接。In addition, the gateway devices 34a to 34d are connected to the Internet 5 via the following path (1) or (2). The path (1) is a path through the user-side communication device 32b, which is a path that is not connected to the user-side network (subnet 33 and main network 36). The gateway device 34d is connected to the Internet 5 via the path (1). The path (2) is a path through the subnet 33 connected only to the user-side communication device 32a and the gateway devices 34a, 34b, and 34c, and the user-side communication device 32a. The gateway devices 34a, 34b, and 34c are connected to the Internet 5 via the path (2).

切換開關35a、35b係用於將閘道裝置34a〜34d切換為與用戶側通信裝置32a、32b連接的狀態和與公司內部伺服器37連接的狀態之開關。在本實施形態中,切換開關35a係設置在前述(2)的路徑上,切換開關35b設置在前述(1)的路徑上。Switches 35a and 35b are switches for switching gateway devices 34a to 34d between a state of connection with user-side communication devices 32a and 32b and a state of connection with the company's internal server 37. In this embodiment, switch 35a is set on the path (2) above, and switch 35b is set on the path (1) above.

主網路36係例如由LAN線路等所構成,與公司內部伺服器37連接。此外,亦可將公司內部伺服器37以外的設備(例如電腦、印表機等業務上所需的設備等)與主網路36連接。The main network 36 is composed of, for example, a LAN line and is connected to the in-house server 37. In addition, devices other than the in-house server 37 (such as computers, printers, and other business-related devices) can also be connected to the main network 36.

公司內部伺服器37係記憶了生產管理系統、會計系統、購買系統、郵件系統、人事工資系統等業務運作所需的各種資料等的伺服器系統。透過操作切換開關35a、35b,公司內部伺服器37與用戶側通信裝置32a、32b成為未連接的狀態,而另一方面與閘道裝置34a~34d成為連接的狀態。公司內部伺服器37係透過成為與閘道裝置34a~34d連接的狀態,而能經由閘道裝置34a~34d收集記憶在支援對象設備31a~31d的資訊(資料)。The in-house server 37 is a server system that stores various data required for business operations, including the production management system, accounting system, purchasing system, mail system, and human resources and payroll system. By operating switches 35a and 35b, the in-house server 37 is disconnected from the user-side communication devices 32a and 32b, while connecting to the gateway devices 34a to 34d. By connecting to the gateway devices 34a to 34d, the in-house server 37 can collect information (data) stored in the supported devices 31a to 31d via the gateway devices 34a to 34d.

連接管理伺服器4係對來自支援者側的請求進行資訊和處理結果的提供等之電腦系统。連接管理伺服器4係設置在網際網路5上,如圖3所示,具備有連接管理部41、用戶裝置管理部42以及顯示操作管理部43。此外,連接管理伺服器4亦可為虛擬伺服器。此外,亦可將連接管理伺服器4設置在除了網際網路5上以外的地方(例如用戶側系统3等)。The connection management server 4 is a computer system that provides information and processing results in response to requests from the supporter. The connection management server 4 is located on the Internet 5 and, as shown in Figure 3 , includes a connection management unit 41, a user device management unit 42, and a display operation management unit 43. Furthermore, the connection management server 4 may be a virtual server. Furthermore, the connection management server 4 may be located somewhere other than the Internet 5 (e.g., in the user-side system 3).

連接管理部41係管理從支援者側電腦21與連接管理伺服器4連接所使用的連接用資訊。在本實施形態中,作為連接用資訊,支援者(例如A公司、B公司等)和與該支援者對應的ID以及密碼(參照圖4)被賦予關聯並記憶。The connection management unit 41 manages connection information used by the supporter-side computer 21 to connect to the connection management server 4. In this embodiment, the connection information includes a supporter (e.g., Company A, Company B, etc.) and an ID and password corresponding to the supporter (see FIG. 4 ).

此外,在從支援者側電腦21輸入資訊(ID及密碼)時,連接管理部41係比較該資訊和連接用資訊。並且,若從支援者側電腦21輸入的資訊(ID及密碼)與連接用資訊一致,則連接管理部41允許和該連接用資訊賦予關聯的支援者進行支援者側電腦21及連接管理伺服器4的連接。例如,在從支援者側電腦21輸入了作為ID的“000A”和作為密碼的“AAA”的情況下,連接管理部41允許和此等ID等賦予關聯的支援者的A公司連接支援者側電腦21和連接管理伺服器4。Furthermore, when information (ID and password) is input from the supporter-side computer 21, the connection management unit 41 compares that information with the connection information. If the information (ID and password) input from the supporter-side computer 21 matches the connection information, the connection management unit 41 permits the supporter associated with the connection information to connect between the supporter-side computer 21 and the connection management server 4. For example, if "000A" is input as the ID and "AAA" as the password from the supporter-side computer 21, the connection management unit 41 permits Company A, the supporter associated with these IDs, to connect between the supporter-side computer 21 and the connection management server 4.

並且,當允許連接時,與被允許連接的支援者有關的支援者側電腦21和連接管理伺服器4是以可收發各種信號(資訊)的狀態來連接。此外,當支援者側電腦21和連接管理伺服器4的連接被允許時,用於特定出被允許連接的支援者的資訊(登入者資訊)係記憶在連接管理伺服器4中。When the connection is permitted, the supporter-side computer 21 associated with the permitted supporter and the connection management server 4 are connected in a state where various signals (information) can be transmitted and received. Furthermore, when the connection between the supporter-side computer 21 and the connection management server 4 is permitted, information (login information) identifying the permitted supporter is stored in the connection management server 4.

另一方面,若從支援者側電腦21輸入的資訊(ID和密碼)與連接用資訊不一致,則連接管理部41不允許支援者側電腦21和連接管理伺服器4的連接。On the other hand, if the information (ID and password) input from the supporter-side computer 21 does not match the connection information, the connection management unit 41 does not permit the connection between the supporter-side computer 21 and the connection management server 4 .

用戶裝置管理部42係用於管理與支援對象設備31a~31d有關的各種資訊。作為各種資訊,如圖5所示,可列舉:擁有支援對象設備31a~31d的用戶的名稱(用戶名)、支援對象設備31a~31d的編號(設備No.)、支援對象設備31a~31d所具有的構成裝置(例如PLC311等)的名稱、此等構成裝置的編號、此等構成裝置的位址(IP位址或MAC位址等)、表示可否與此等構成裝置進行物理連接的資訊、允許與此等構成裝置進行連接的支援者的名稱(支援者名)、及表示此等構成裝置所記憶的資訊的變更或閱覽相關權限之資訊等。在本實施形態中,此等資訊係經由閘道裝置34a~34d從支援對象設備31a~31d獲得。例如,表示支援者名和權限的資訊係從構成裝置連接管理部315獲得。此外,各種資訊亦可由用戶預先輸入。The user device management unit 42 manages various information related to the supported devices 31a-31d. As shown in FIG5 , the various information includes the name of the user who owns the supported devices 31a-31d (user name), the number of the supported devices 31a-31d (device number), the name of the component devices (e.g., PLC 311, etc.) included in the supported devices 31a-31d, the number of these component devices, the address of these component devices (IP address or MAC address, etc.), information indicating whether physical connection with these component devices is permitted, the name of the supporter who is allowed to connect to these component devices (supporter name), and information indicating the permission to modify or view information stored in these component devices. In this embodiment, this information is obtained from the supported devices 31a-31d via the gateway devices 34a-34d. For example, information indicating the name and authority of the supporter is obtained from the component device connection management unit 315. Alternatively, various information can be pre-entered by the user.

顯示操作管理部43係在連接管理伺服器4及支援者側電腦21連接的狀態下,進行在支援者側電腦21的前述顯示裝置所顯示的資訊之控制、和與來自支援者側電腦21的操作對應的各種處理。顯示操作管理部43在支援者側電腦21及連接管理伺服器4的連接不被允許的狀態下,當從該支援者側電腦21對連接管理伺服器4存取時,在支援者側電腦21的前述顯示裝置中顯示規定的認證用畫面G1(參照圖6)。在認證用畫面G1中,顯示用於輸入ID的輸入欄N1、用於輸入密碼的輸入欄N2、用於ID等的輸入確定的確定按鈕B1等。在本實施形態中,在輸入欄N1中填入ID,在輸入欄N2填入密碼的狀態下,透過操作確定按鈕B1而從支援者側電腦21向連接管理部41輸入ID以及密碼。然後,依據輸入的資訊(ID及密碼),由連接管理部41允許或不允許支援者側電腦21及連接管理伺服器4的連接。When the connection management server 4 and the supporter-side computer 21 are connected, the display operation management unit 43 controls the information displayed on the display device of the supporter-side computer 21 and performs various processes corresponding to operations from the supporter-side computer 21. When the connection between the supporter-side computer 21 and the connection management server 4 is not permitted, the display operation management unit 43 displays a predetermined authentication screen G1 (see FIG. 6 ) on the display device of the supporter-side computer 21 when access to the connection management server 4 is attempted from the supporter-side computer 21. The authentication screen G1 displays an input field N1 for entering an ID, an input field N2 for entering a password, and a confirmation button B1 for confirming the input of the ID, etc. In this embodiment, after entering an ID in input field N1 and a password in input field N2, the user presses the OK button B1 to input the ID and password from the supporter-side computer 21 to the connection management unit 41. Based on the input information (ID and password), the connection management unit 41 then permits or denies the connection between the supporter-side computer 21 and the connection management server 4.

再者,當連接管理伺服器4及支援者側電腦21成為連接狀態時,顯示操作管理部43係依據前述登入者資訊和在用戶裝置管理部42管理的資訊(參照圖5),將由被允許連接的支援者(設備製造商)所製造的支援對象設備31a〜31d相關的各種資訊向支援者側電腦21發送。藉此,在支援者側電腦21的前述顯示裝置中,顯示規定的初始畫面G2(參照圖8)。在初始畫面G2中,顯示被允許連接的支援者能進行遠距支援的支援對象設備31a〜31d相關的各種資訊。例如,在本實施形態中,支援對象設備31a、31b、31d係由A公司所製造,因此,在前述登入者資訊示出A公司的情況下,在初始畫面G2中顯示由A公司所製造的支援對象設備31a、31b、31d相關的各種資訊。Furthermore, when the connection management server 4 and the supporter-side computer 21 are connected, the display operation management unit 43 transmits various information related to the target devices 31a to 31d manufactured by the supporter (device manufacturer) permitted to connect to the supporter-side computer 21 based on the aforementioned login information and the information managed by the user device management unit 42 (see FIG. 5 ). This causes a predetermined initial screen G2 (see FIG. 8 ) to be displayed on the display device of the supporter-side computer 21. This initial screen G2 displays various information related to the target devices 31a to 31d that the supporter permitted to connect can remotely support. For example, in this embodiment, the support target devices 31a, 31b, and 31d are manufactured by Company A. Therefore, when the aforementioned registrant information indicates Company A, various information related to the support target devices 31a, 31b, and 31d manufactured by Company A is displayed in the initial screen G2.

此外,在初始畫面G2中,對應於可進行物理連接之構成裝置(PLC311等),即與動作中的閘道裝置34a〜34d連接的構成裝置,顯示連接用按鈕B2。連接用按鈕B2係在選擇成為連接對象的構成裝置(PLC311等)時操作。In addition, on the initial screen G2, a connection button B2 is displayed for each component device (PLC 311, etc.) that can be physically connected, that is, a component device connected to the operating gate devices 34a to 34d. The connection button B2 is operated when a component device (PLC 311, etc.) to be connected is selected.

此外,亦可適當變更在初始畫面G2顯示的資訊。例如,亦可作成僅顯示與可進行物理連接之構成裝置(PLC311等)有關的資訊。在這種情況下,選擇作為連接對象的構成裝置變得容易。The information displayed on the initial screen G2 can also be modified as needed. For example, it can be configured to display only information related to physically connectable components (PLC311, etc.). This makes it easier to select the component to connect to.

此外,當操作連接用按鈕B2時,顯示操作管理部43係顯示規定的密碼輸入畫面G3(參照圖7)。在密碼輸入畫面G3中,顯示用於輸入密碼的輸入欄N3、用於確定密碼輸入的確定按鈕B3等。在本實施形態中,在輸入欄N3中已填入密碼的狀態下,透過操作確定按鈕B3,從支援者側電腦21經由連接管理伺服器4向成為連接目標的構成裝置(PLC311等)輸入密碼。然後,依據所輸入的密碼,藉由構成裝置連接管理部315來允許或不允許支援者側電腦21及構成裝置(PLC311等)的連接。當支援側電腦21和構成裝置(PLC311等)的連接被允許時,支援側電腦21和構成裝置(PLC311等)係以能收發各種信號(資訊)的狀態下連接。藉此,在藉由構成裝置連接管理部315管理之記憶在構成裝置的資訊之變更或閱覽相關權限的範圍內,支援者能使用支援者側電腦21進行記憶在構成裝置的資訊之變更或閱覽。Furthermore, when the connection button B2 is operated, the display operation management unit 43 displays a predetermined password input screen G3 (see FIG7 ). The password input screen G3 displays an input field N3 for entering a password and a confirmation button B3 for confirming the password entry. In this embodiment, with a password already entered in the input field N3, the supporter-side computer 21 enters a password to the target component (PLC 311, etc.) via the connection management server 4 by operating the confirmation button B3. Based on the entered password, the component connection management unit 315 then permits or disallows the connection between the supporter-side computer 21 and the component (PLC 311, etc.). When the connection between the support-side computer 21 and the component device (PLC 311, etc.) is permitted, the support-side computer 21 and the component device (PLC 311, etc.) are connected in a state where various signals (information) can be transmitted and received. This allows the supporter to use the support-side computer 21 to modify or view the information stored in the component device within the scope of the permissions for modifying or viewing the information stored in the component device managed by the component device connection management unit 315.

例如,在透過構成裝置連接管理部315管理已連接的支援者具有閱覽資訊的權限之情況下,顯示操作管理部43係依據從構成裝置發送的信號(資訊),將與該構成裝置可顯示的畫面(例如設定用畫面)相同的畫面顯示在支援者側電腦21的前述顯示裝置。例如,當被允許連接支援者側電腦21及觸控板314時,顯示操作管理部43對支援側電腦21的前述顯示裝置顯示與觸控板314所顯示的畫面之相同的畫面。For example, if the connected supporter is granted information viewing rights by the component connection management unit 315, the display operation management unit 43 displays the same screen (e.g., a configuration screen) as the screen that can be displayed by the component in question on the display device of the supporter-side computer 21, based on a signal (information) transmitted from the component. For example, if the connection between the supporter-side computer 21 and the touchpad 314 is permitted, the display operation management unit 43 displays the same screen on the display device of the supporter-side computer 21 as the screen displayed on the touchpad 314.

此外,例如,在藉由構成裝置連接管理部315管理已連接的支援者具有資訊的變更權限之情況下,透過顯示操作管理部43,能將使用支援者側電腦21的前述輸入裝置所輸入的資訊輸入到該構成裝置。藉此,使用支援者側電腦21的前述輸入裝置,能變更或修正記憶在構成裝置的資料等。Furthermore, for example, if a connected supporter has information modification authority managed by the component device connection management unit 315, information input using the input device of the supporter-side computer 21 can be input to the component device via the display operation management unit 43. This allows the supporter-side computer 21 to modify or amend data stored in the component device using the input device.

其次,針對使用了如上構成的遠距支援系統1的支援對象設備31a〜31d進行遠距支援的流程作說明。Next, the process of performing remote support on the support target devices 31a to 31d using the remote support system 1 constructed as described above will be described.

首先,請求支援的用戶透過電話等向支援者(例如A公司)聯絡用以特定出欲接受支援的支援對象設備31a〜31d及構成裝置(PLC311等)的資訊。在此基礎上,用戶例如在與支援者之間預先決定的時間,使用規定的鑰匙,將和欲接受支援的支援對象設備31a〜31d連接的閘道裝置34a〜34d的電源開關(鑰匙鎖開關)開啟(ON)。例如,在欲接受與支援對象設備31b中的檢查裝置312的作業相關的支援的情況下,將閘道裝置34b的電源開關開啟。藉此,閘道裝置34b啟動而成為動作中的狀態。First, the user requesting support contacts the support provider (e.g., Company A) by phone or other means to specify the target devices 31a-31d and their components (e.g., PLC 311) for which support is desired. Based on this, the user, for example, uses a specified key at a predetermined time with the support provider to turn on the power switches (key lock switches) of the gateway devices 34a-34d connected to the target devices 31a-31d for which support is desired. For example, if support is desired for the operation of the inspection device 312 in the target device 31b, the user turns on the power switch of the gateway device 34b. This activates the gateway device 34b and puts it into operation.

接著,使用支援者側電腦21,支援者存取連接管理伺服器4,並且在前述認證用畫面G1輸入適當的ID和密碼。藉此,透過連接管理部41成為允許了支援者側電腦21及連接管理伺服器4的連接的狀態。其結果,滿足成為允許了支援者側電腦21及連接管理伺服器4的連接的狀態、以及閘道裝置34a〜34d啟動而成為動作中的狀態這兩者。至少這兩個狀態包含使支援者側電腦21可經由連接管理伺服器4及閘道裝置34a〜34d對支援對象設備31a〜31d連接的條件。Next, using the supporter-side computer 21, the supporter accesses the connection management server 4 and enters the appropriate ID and password on the aforementioned authentication screen G1. This allows the connection between the supporter-side computer 21 and the connection management server 4 to be permitted via the connection management unit 41. As a result, both the state in which the connection between the supporter-side computer 21 and the connection management server 4 is permitted and the state in which the gateway devices 34a to 34d are activated and in operation are satisfied. At least these two states include the conditions that allow the supporter-side computer 21 to connect to the supported devices 31a to 31d via the connection management server 4 and the gateway devices 34a to 34d.

當允許支援側電腦21和連接管理伺服器4連接並且支援側電腦21和連接管理伺服器4以可收發信號(資訊)的狀態連接時,在支援側電腦21的前述顯示裝置顯示初始畫面G2(參照圖8)。然後,支援者在操作(選擇)與成為支援對象(連接目標)的構成裝置對應的連接用按鈕B2之後,透過在密碼輸入畫面G3輸入適當的密碼,藉由構成裝置連接管理部315允許支援者側電腦21和該構成裝置的連接。其結果,連接支援者側電腦21及構成裝置。並且,在藉由構成裝置連接管理部315管理已連接的支援者具有資訊的閱覽權限的情況下,在支援者側電腦21的前述顯示裝置顯示與在該構成裝置能顯示的畫面之相同的畫面。When the support-side computer 21 is allowed to connect to the connection management server 4 and the two are connected in a state where they can transmit and receive signals (information), the initial screen G2 (see FIG8 ) is displayed on the display device of the support-side computer 21. The supporter then operates (selects) the connection button B2 corresponding to the component device to be supported (connection target) and enters an appropriate password on the password input screen G3. This allows the component connection management unit 315 to allow the support-side computer 21 to connect to the component device. As a result, the support-side computer 21 and the component device are connected. Furthermore, when the connected supporter has information browsing authority managed by the component device connection management unit 315, the display device of the supporter-side computer 21 displays the same screen as the screen that can be displayed on the component device.

之後,支援者和用戶透過電話取得聯繫並且一邊觀看相同內容的螢幕,由一邊透過支援者或接受支援者建議的用戶,對支援對象設備31a〜31d的構成設備進行設定變更、維護和異常對應等之作業。例如,在藉由構成裝置連接管理部315管理已連接的支援者具有資訊變更權限之情況下,支援者可使用支援者側電腦21的前述輸入裝置進行對構成裝置的作業。Afterwards, the supporter and user communicate via phone and, while viewing the same screen, the supporter, or the user receiving the supporter's advice, performs configuration changes, maintenance, and abnormality response operations on the components of the supported devices 31a-31d. For example, if the connected supporter has information modification permissions managed by the component device connection management unit 315, the supporter can use the aforementioned input device of the supporter-side computer 21 to perform operations on the components.

作業結束後,支援者透過進行規定的登出操作,解除支援者側電腦21及連接管理伺服器4的連接。另一方面,用戶透過規定的鑰匙,將動作中的閘道裝置34a〜34d的電源開關(鑰匙鎖開關)關閉,使閘道裝置34a〜34d停止。且用戶將前述鑰匙返還給管理者。After completing the work, the supporter performs a predetermined logout procedure to disconnect the supporter's computer 21 from the connection management server 4. Meanwhile, the user uses a predetermined key to turn off the power switches (key lock switches) of the active gateway devices 34a-34d, shutting down the gateway devices 34a-34d. The user then returns the key to the administrator.

如上所詳述,依據本實施例,為了設成可連接支援者側電腦21和支援對象設備31a〜31d以從遠距處進行支援之狀態,用於連接支援者側電腦21和連接管理伺服器4之在支援者側的規定作業(ID和密碼的輸入等)以及在用戶側的規定作業(透過鑰匙鎖開關啟動閘道裝置34a〜34d)這兩者是必要的。As described above in detail, according to this embodiment, in order to set up a state in which the supporter-side computer 21 and the supported target devices 31a to 31d can be connected to provide support from a remote location, both the prescribed operations on the supporter side (entry of ID and password, etc.) for connecting the supporter-side computer 21 and the connection management server 4 and the prescribed operations on the user side (activating the gateway devices 34a to 34d through the key lock switch) are necessary.

因此,可極有效地降低具惡意的第三者對用戶側設備(支援對象設備31a〜31d)進行非法存取的風險,能更確實地防止記憶在該設備之程式和資料被篡改、盜取、破壞等。Therefore, the risk of a malicious third party illegally accessing the user-side device (support target device 31a~31d) can be extremely effectively reduced, and the programs and data stored in the device can be more reliably prevented from being tampered with, stolen, destroyed, etc.

此外,閘道裝置34a〜34d的電源係藉由鑰匙鎖開關進行管理,再者,閘道裝置34a〜34d的啟動係在用戶側進行,因此能更確實地防止記憶在用戶側設備(支援對象設備31a〜31d)的程式和資料被支援者進行用戶不想要的變更、修正、刪除等。In addition, the power supply of the gateway devices 34a to 34d is managed by a key lock switch. Furthermore, the activation of the gateway devices 34a to 34d is performed on the user side, thereby more reliably preventing the programs and data stored in the user-side device (support target device 31a to 31d) from being changed, modified, deleted, etc. by the supporter in ways that the user does not want.

而且,支援對象設備31a〜31d係按每個設備製造商而分別與不同的閘道裝置34a〜34d連接。因此,在經由閘道裝置34a〜34d將支援者側電腦21和支援對象設備31a〜31d連接時,可僅將與該閘道裝置34a〜34d對應之特定的設備製造商所製造的支援對象設備31a〜31d連接於支援者側電腦21。藉此,例如,可容易地將能從某個支援者側連接的支援對象設備31a〜31d限定為該支援者所製造的支援對象設備31a〜31d。因此,可更確實地防止與該支援對象設備31a〜31d無關的支援者閱覽支援對象設備31a〜31d所記憶的各種有用資訊(例如,設置資訊、程式等)。其結果,可極有效地達成既可由複數個支援者所進行之遠距支援,又能保護各支援對象設備31a〜31d所擁有的有用資訊。Furthermore, the target devices 31a to 31d are connected to different gateway devices 34a to 34d for each device manufacturer. Therefore, when the supporter-side computer 21 and the target devices 31a to 31d are connected via the gateway devices 34a to 34d, only the target devices 31a to 31d manufactured by the specific device manufacturer corresponding to the gateway device 34a to 34d can be connected to the supporter-side computer 21. This makes it easy to limit the target devices 31a to 31d connectable from a particular supporter to those manufactured by that supporter, for example. Therefore, it is possible to more reliably prevent supporters unrelated to the target devices 31a to 31d from viewing the various useful information (e.g., setting information, programs, etc.) stored in the target devices 31a to 31d. As a result, remote support by multiple supporters can be achieved very effectively while protecting the useful information held by each target device 31a to 31d.

再者,閘道裝置34a〜34d是藉由(1)經由用戶側通信裝置32b且不與用戶側的網路(子網路33或主網路36)連接的路徑,或者(2)經由僅與子網路33和用戶側通信裝置32a連接的用戶側通信裝置32a和閘道裝置34a、34b、34c之路徑,而連接網際網路5。因此,可更確實地將與公司內部伺服器37連接的主網路36從網際網路5分離。因此,可更確實地防止對公司內部伺服器37的非法存取,又,即使發生對支援對象設備31a〜31d等之侵入,亦可有效抑制該侵入的影響波及公司內部伺服器37。Furthermore, the gateway devices 34a to 34d are connected to the Internet 5 via (1) a path that passes through the user-side communication device 32b and is not connected to the user-side network (subnet 33 or main network 36), or (2) a path that passes through the user-side communication device 32a and the gateway devices 34a, 34b, and 34c, which are connected only to the subnet 33 and the user-side communication device 32a. Therefore, the main network 36 connected to the in-house server 37 can be more reliably separated from the Internet 5. Therefore, unauthorized access to the in-house server 37 can be more reliably prevented, and even if an intrusion into the support target devices 31a to 31d occurs, the impact of the intrusion can be effectively suppressed from affecting the in-house server 37.

此外,在為了進行遠距支援而將閘道裝置34a~34d與用戶側通信裝置32a、32b連接之情況下,能透過切換開關35a、35b將公司內部伺服器37設為與網際網路5非連接的狀態。因此,可以更確實地防止對公司內部伺服器37的非法存取等。Furthermore, when the gateway devices 34a to 34d are connected to the user-side communication devices 32a and 32b for remote support, the switches 35a and 35b can be used to disconnect the in-house server 37 from the Internet 5. This makes it possible to more reliably prevent unauthorized access to the in-house server 37.

另一方面,當將閘道裝置34a〜34d與公司內部伺服器37連接時,可透過開關35a、35b將閘道裝置34a〜34d設為與用戶側通信裝置32a、32b非連接的狀態。因此,既可確保良好的資訊安全性,又能經由閘道裝置34a〜34d在公司內部伺服器37收集支援對象設備31a〜31d的資料。藉此,對用戶而言能提高便利性。On the other hand, when gateway devices 34a-34d are connected to an in-house server 37, switches 35a and 35b can be used to disconnect gateway devices 34a-34d from user-side communication devices 32a and 32b. This ensures high information security while allowing data from supported devices 31a-31d to be collected on the in-house server 37 via gateway devices 34a-34d. This improves user convenience.

而且,構成裝置連接管理部315係具有按每個構成裝置來允許或不允許支援者側電腦21及構成裝置(PLC311等)的連接之功能。透過該功能,能更確實地達成防止因非法存取而侵入構成裝置。Furthermore, the component connection management unit 315 has a function of allowing or not allowing the connection between the supporter-side computer 21 and the component (PLC 311, etc.) for each component. This function can more reliably prevent the component from being invaded by illegal access.

此外,構成裝置連接管理部315係具有按各個構成裝置來管理由支援者側電腦21進行的記憶在構成裝置(PLC311等)的資訊之變更或閱覽相關權限的功能。透過該功能,能更確實地防止因支援者的誤操作等所致之記憶在構成裝置的資訊的變更、閱覽。Furthermore, the component connection management unit 315 manages the permissions related to changes or browsing of information stored in components (such as the PLC 311) by the supporter-side computer 21 on a per-component basis. This function more reliably prevents changes or browsing of information stored in components due to user errors.

此外,不限於上述實施形態的記載內容,例如也可按如下方式實施。當然,未在以下例示的其他應用例、變更例當然也是可能的。Furthermore, the present invention is not limited to the above-described embodiments, and may be implemented as follows, for example. Of course, other application examples and modifications not shown below are also possible.

(a)在上述實施形態中,在支援對象設備31a〜31d的構成裝置方面,具備PLC311、檢查裝置312、313及觸控板314,但支援對象設備所具有的構成裝置亦可適當變更。(a) In the above embodiment, the components of the supporting devices 31a to 31d include PLC 311, inspection devices 312 and 313, and a touch panel 314. However, the components of the supporting devices may be modified as appropriate.

此外,各支援對象設備不需要分別具備相同的構成裝置,各支援對象設備也可具備不同的構成裝置。例如,1個支援對象設備可具有PLC及1台檢查裝置,另一方面,其他的1個支援對象設備亦可具有PLC及3台檢查裝置。Furthermore, each supported device does not need to have the same components, and each supported device may have different components. For example, one supported device may have a PLC and one inspection device, while another supported device may have a PLC and three inspection devices.

(b)在上述實施形態中,支援對象設備31a〜31d係作為泡殼包裝機,具備用於檢查藥品(錠劑等)的檢查裝置312、313,用於製造包裝藥品而成的泡殼片。相對地,支援對象設備亦可為瓶裝裝置,具備用於檢查藥品(錠劑等)的檢查裝置,用於製造藥品收容在瓶中而成的瓶裝製品。(b) In the above embodiment, the supporting equipment 31a to 31d is a blister packaging machine equipped with inspection devices 312 and 313 for inspecting pharmaceuticals (tablets, etc.), and is used to produce blister sheets containing the packaged pharmaceuticals. Conversely, the supporting equipment may be a bottle packaging machine equipped with an inspection device for inspecting pharmaceuticals (tablets, etc.), and is used to produce bottled products containing the pharmaceuticals in bottles.

(c)在上述實施形態中,雖設置1個連接管理伺服器4,但亦可設置複數個連接管理伺服器4。(c) In the above embodiment, although one connection management server 4 is provided, a plurality of connection management servers 4 may be provided.

此外,在上述實施形態中,僅存在一個用戶側系統3,但亦可存在複數個用戶側系統3。在這種情況下,可構成為按每個用戶側系統3設置不同的連接管理伺服器4,亦可構成為對複數個用戶側系統3設置共同使用的連接管理伺服器4。In the above embodiment, there is only one user-side system 3, but there may be multiple user-side systems 3. In this case, a different connection management server 4 may be provided for each user-side system 3, or a connection management server 4 may be provided for multiple user-side systems 3.

(d)在上述實施形態中,切換開關35a係設置在用戶側通信裝置32a與子網路33之間,但亦可將切換開關35a設置在子網路33與閘道裝置34a、34b、34c之間。在這種情況下,設置共計3台切換開關35a。(d) In the above embodiment, the switch 35a is installed between the user-side communication device 32a and the subnet 33. However, the switch 35a can also be installed between the subnet 33 and the gateway devices 34a, 34b, and 34c. In this case, a total of three switches 35a are installed.

(e)在上述實施形態中,構成裝置連接管理部315係設置在PLC311等之構成裝置,但亦可將構成裝置連接管理部設置在連接管理伺服器4等。(e) In the above embodiment, the component device connection management unit 315 is provided in a component device such as the PLC 311, but the component device connection management unit may also be provided in the connection management server 4 or the like.

(f)在上述實施形態中,支援對象設備31a〜31d係具備用於進行藥品之檢查的檢查裝置312、313。相對地,支援對象設備亦可為具備將除了藥品以外作為檢查對象的檢查裝置。(f) In the above embodiment, the supporting target devices 31a to 31d are equipped with inspection devices 312 and 313 for inspecting pharmaceuticals. Alternatively, the supporting target devices may be equipped with inspection devices that inspect objects other than pharmaceuticals.

此外,支援對象設備亦可不具備檢查裝置。因此,亦可採用以下所述的手段A的遠距支援系統。Furthermore, the supported equipment does not need to be equipped with an inspection device. Therefore, a remote support system of the following method A can also be used.

手段A.一種遠距支援系統,其用於支援者從遠距處支援對設置在用戶側的支援對象設備的作業,具備: 支援者側電腦,設置在支援者側,用於支援對前述支援對象設備的作業, 連接管理伺服器,至少具有管理用於從前述支援者側電腦連接的連接用資訊之連接管理部,依據從前述支援者側電腦輸入的資訊與前述連接用資訊之比較結果,能允許或不允許自身與前述支援者側電腦的連接,及 閘道裝置,設置在用戶側,介於前述連接管理伺服器及前述支援對象設備間, 用於使前述閘道裝置啟動的電源開關係由鑰匙鎖開關所構成, 前述支援者側電腦係構成為可經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備連接,且 構成為:在用於使前述支援者側電腦能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備連接的條件下,至少包含前述支援者側電腦及前述連接管理伺服器之連接被允許的狀態、及前述閘道裝置啟動並動作中的狀態這兩者。 Means A. A remote support system for a supporter to remotely support operations on a target device located on a user side, comprising: a supporter-side computer, located on the supporter side, for supporting operations on the target device; a connection management server, comprising at least a connection management unit for managing connection information for connection from the supporter-side computer, and capable of allowing or disallowing connection between the supporter-side computer and the supporter-side computer based on a comparison between information input from the supporter-side computer and the connection information; a gateway device, located on the user side, interposed between the connection management server and the target device; a power switch for activating the gateway device, comprising a key lock switch; The supporter-side computer is configured to be connectable to the target device via the connection management server and the gateway device, and is configured such that conditions for enabling the supporter-side computer to connect to the target device via the connection management server and the gateway device include at least two conditions: a state in which the connection between the supporter-side computer and the connection management server is permitted, and a state in which the gateway device is activated and operating.

依據上述手段A,既能從遠距處對用戶側的設備(支援對象設備)進行支援,又能飛躍性地提高與用戶側的設備有關的資訊安全性。According to the above-mentioned means A, it is possible to remotely support the user's device (support target device) and significantly improve the security of information related to the user's device.

1:遠距支援系統 4:連接管理伺服器 5:網際網路 21:支援者側電腦 31a,31b,31c,31d:支援對象設備 32a,32b:用戶側通信裝置 33:子網路(用戶側的網路、僅連接到用戶側通信裝置及閘道裝置的用戶側的網路) 34a,34b,34c,34d:閘道裝置 35a,35b:切換開關 36:主網路(用戶側的網路) 41:連接管理部 311:PLC(構成裝置) 312,313:檢查裝置(構成裝置) 314:觸控板(構成裝置) 315:構成裝置連接管理部 1: Remote Support System 4: Connection Management Server 5: Internet 21: Supporter-Side Computer 31a, 31b, 31c, 31d: Supported Device 32a, 32b: User-Side Communication Device 33: Subnet (User-Side Network, User-Side Network Connected Only to User-Side Communication Devices and Gateway Devices) 34a, 34b, 34c, 34d: Gateway Device 35a, 35b: Switch 36: Main Network (User-Side Network) 41: Connection Management Unit 311: PLC (Component) 312, 313: Inspection Device (Component) 314: Touch Panel (Component) 315: Component Connection Management Unit

圖1係表示遠距支援系統的概略構成的方塊圖。 圖2係表示支援對象設備的概略構成的方塊圖。 圖3係表示連接管理伺服器的概略構成的方塊圖。 圖4係用於說明由連接管理部所管理的資訊之說明圖。 圖5係用於說明由用戶裝置管理部所管理的資訊之說明圖。 圖6係表示認證用畫面的一例之示意圖。 圖7係表示密碼輸入畫面的一例之示意圖。 圖8係表示初始畫面的一例之示意圖。 Figure 1 is a block diagram showing the schematic configuration of the remote support system. Figure 2 is a block diagram showing the schematic configuration of the supported device. Figure 3 is a block diagram showing the schematic configuration of the connection management server. Figure 4 is an explanatory diagram illustrating the information managed by the connection management unit. Figure 5 is an explanatory diagram illustrating the information managed by the user device management unit. Figure 6 is a diagram showing an example of an authentication screen. Figure 7 is a diagram showing an example of a password input screen. Figure 8 is a diagram showing an example of an initial screen.

1:遠距支援系統 1: Remote support system

2:支援者側系統 2: Supporter-side system

3:用戶側系統 3: User-side system

4:連接管理伺服器 4: Connect to the management server

5:網際網路 5: Internet

21:支援者側電腦 21: Supporter side computer

22:支援者側網路 22: Supporter-side network

23:支援者側通信裝置 23: Supporter-side communication device

31a,31b,31c,31d:支援對象設備 31a, 31b, 31c, 31d: Support equipment

32a,32b:用戶側通信裝置 32a, 32b: User-side communication device

33:子網路 33: Subnet

34a,34b,34c,34d:閘道裝置 34a, 34b, 34c, 34d: Gate device

35a,35b:切換開關 35a, 35b: Switch

36:主網路 36: Main Network

37:公司內部伺服器 37: Internal server

311:PLC 311:PLC

312,313:檢查裝置 312,313: Inspection device

314:觸控板 314: Touch Panel

Claims (4)

一種遠距支援系統,其用於供支援者從遠距處支援對於設置在用戶側的支援對象設備的作業,其特徵為具備: 支援者側電腦,其設置在支援者側,用於支援對於前述支援對象設備的作業,連接管理伺服器,具有至少管理用在來自於前述支援者側電腦的連接的連接用資訊之連接管理部,依據從前述支援者側電腦輸入的資訊與前述連接用資訊之比較結果,能允許或不允許自身與前述支援者側電腦之連接;及閘道裝置,其設置在前述用戶側,介於前述連接管理伺服器及前述支援對象設備間,用於啟動前述閘道裝置的電源開關係藉由鑰匙鎖開關所構成,前述支援者側電腦構成為能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備連接,且構成為:在用於使前述支援者側電腦能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備連接的條件下,至少包含前述支援者側電腦及前述連接管理伺服器之連接被允許的狀態、及前述閘道裝置啟動並動作中的狀態這兩者,在前述用戶側設置有複數個前述支援對象設備,且在複數個前述支援對象設備包含由不同設備製造商所製造的設備,前述支援對象設備係按每個前述設備製造商而分別與不同的前述閘道裝置連接。A remote support system is provided for a supporter to remotely support operations on a support target device located at a user's side. The system is characterized by: A supporter-side computer, which is provided on the supporter side and is used to support operations for the aforementioned support target device; a connection management server, which has a connection management unit for managing at least connection information for connection from the aforementioned supporter-side computer, and can allow or not allow the connection between itself and the aforementioned supporter-side computer based on the comparison result of the information input from the aforementioned supporter-side computer and the aforementioned connection information; and a gateway device, which is provided on the aforementioned user side and is between the aforementioned connection management server and the aforementioned support target device, and the power switch for activating the aforementioned gateway device is composed of a key lock switch, and the aforementioned supporter-side computer is configured to be able to connect to the aforementioned supporter-side computer through the aforementioned connection management server. The server and the aforementioned gateway device are connected to the aforementioned support target device, and are constructed as follows: under conditions for enabling the aforementioned supporter-side computer to connect to the aforementioned support target device via the aforementioned connection management server and the aforementioned gateway device, at least two conditions are included: a state in which the connection between the aforementioned supporter-side computer and the aforementioned connection management server is allowed, and a state in which the aforementioned gateway device is started and in operation. A plurality of the aforementioned support target devices are set on the aforementioned user side, and the plurality of the aforementioned support target devices include devices manufactured by different device manufacturers. The aforementioned support target devices are connected to different aforementioned gateway devices according to each of the aforementioned device manufacturers. 如請求項1之遠距支援系統,其中前述連接管理伺服器係設置在網際網路上,具有用戶側通信裝置,其設置在前述用戶側且至少在將前述支援者側電腦及前述支援對象設備連接時與網際網路連接,前述閘道裝置係透過以下(1)或(2)的路徑與網際網路連接,(1)經由前述用戶側通信裝置的路徑且為不與前述用戶側的網路連接的路徑;(2)經由僅與前述用戶側通信裝置及前述閘道裝置連接的前述用戶側的網路和前述用戶側通信裝置之路徑。A remote support system as claimed in claim 1, wherein the connection management server is located on the Internet and has a user-side communication device, which is located on the user side and is connected to the Internet at least when the supporter-side computer and the support target device are connected, and the gateway device is connected to the Internet via the following paths (1) or (2): (1) a path through the user-side communication device and a path that is not connected to the user-side network; (2) a path through the user-side network and the user-side communication device that is connected only to the user-side communication device and the gateway device. 如請求項2之遠距支援系統,其具備切換開關,該切換開關設置在前述(1)或(2)的路徑上,能將前述閘道裝置切換為與前述用戶側通信裝置連接的狀態和與設置在前述用戶側的伺服器連接的狀態。The remote support system of claim 2 is provided with a switch, which is arranged on the path of (1) or (2) and can switch the gateway device to a state of being connected to the user-side communication device and a state of being connected to the server arranged on the user side. 如請求項1之遠距支援系統,其中前述支援對象設備係具有包含檢查裝置的複數個構成裝置,前述支援者側電腦係構成為能經由前述連接管理伺服器及前述閘道裝置而與前述支援對象設備所具有的前述構成裝置連接,具備構成裝置連接管理部,其具有如下功能中的至少一者:按各個前述構成裝置來允許或不允許前述支援者側電腦及前述構成裝置之連接的功能;按各個前述構成裝置來管理由前述支援者側電腦所進行之記憶在前述構成裝置的資訊之變更或關於閱覽的權限。A remote support system as claimed in claim 1, wherein the aforementioned support target device has a plurality of components including an inspection device, the aforementioned supporter-side computer is configured to be connected to the aforementioned components of the aforementioned support target device via the aforementioned connection management server and the aforementioned gateway device, and has a component device connection management unit, which has at least one of the following functions: allowing or not allowing the connection between the aforementioned supporter-side computer and the aforementioned components according to each of the aforementioned components; and managing changes to information stored in the aforementioned components or browsing permissions performed by the aforementioned supporter-side computer according to each of the aforementioned components.
TW112127723A 2022-11-01 2023-07-25 Remote Support System TWI895763B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022-175680 2022-11-01
JP2022175680A JP7422842B1 (en) 2022-11-01 2022-11-01 remote support system

Publications (2)

Publication Number Publication Date
TW202419992A TW202419992A (en) 2024-05-16
TWI895763B true TWI895763B (en) 2025-09-01

Family

ID=89620896

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112127723A TWI895763B (en) 2022-11-01 2023-07-25 Remote Support System

Country Status (5)

Country Link
JP (1) JP7422842B1 (en)
KR (1) KR20250083529A (en)
CN (1) CN119968626A (en)
TW (1) TWI895763B (en)
WO (1) WO2024095515A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200401114A (en) * 2002-03-11 2004-01-16 Teratech Corp Ultrasound probe with integrated electronics
JP2006148661A (en) * 2004-11-22 2006-06-08 Toshiba Corp Information terminal remote operation system, remote access terminal thereof, gateway server thereof, information terminal control device thereof, information terminal device, and remote operation method thereof
US20160254962A1 (en) * 2006-12-29 2016-09-01 Prodea Systems, Inc. System and method for providing network support services and premises gateway support infrastructure
CN107085524A (en) * 2015-11-20 2017-08-22 国际商业机器公司 Method and apparatus for the log management of the guarantee in cloud environment
US20180124072A1 (en) * 2016-10-31 2018-05-03 Acentium Inc. Systems and methods for computer environment situational awareness
JP2020176957A (en) * 2019-04-19 2020-10-29 Ckd株式会社 Maintenance support system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0359709A (en) * 1989-07-28 1991-03-14 Seiko Epson Corp Lock mechanism for electronic information equipment
JP2003271238A (en) 2002-03-18 2003-09-26 Toshiba Corp Remote maintenance method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200401114A (en) * 2002-03-11 2004-01-16 Teratech Corp Ultrasound probe with integrated electronics
JP2006148661A (en) * 2004-11-22 2006-06-08 Toshiba Corp Information terminal remote operation system, remote access terminal thereof, gateway server thereof, information terminal control device thereof, information terminal device, and remote operation method thereof
US20160254962A1 (en) * 2006-12-29 2016-09-01 Prodea Systems, Inc. System and method for providing network support services and premises gateway support infrastructure
CN107085524A (en) * 2015-11-20 2017-08-22 国际商业机器公司 Method and apparatus for the log management of the guarantee in cloud environment
US20180124072A1 (en) * 2016-10-31 2018-05-03 Acentium Inc. Systems and methods for computer environment situational awareness
JP2020176957A (en) * 2019-04-19 2020-10-29 Ckd株式会社 Maintenance support system

Also Published As

Publication number Publication date
CN119968626A (en) 2025-05-09
JP7422842B1 (en) 2024-01-26
TW202419992A (en) 2024-05-16
JP2024066231A (en) 2024-05-15
WO2024095515A1 (en) 2024-05-10
KR20250083529A (en) 2025-06-10

Similar Documents

Publication Publication Date Title
CN1773937B (en) Equipment management device, equipment, and equipment management method
EP2974204B1 (en) Automatic fraudulent digital certificate detection
WO2023136658A1 (en) Controller-based system and method for controlling network access
WO2014069777A1 (en) Transit control for data
CN115701019B (en) Zero-trust network access request processing method and device and electronic equipment
WO2022231306A1 (en) System for controlling controller-based network connection and method therefor
WO2006076536A2 (en) Access control to files based on source information
US20190317481A1 (en) Firewall System and Method for Establishing Secured Communications Connections to an Industrial Automation System
CN101895578A (en) Document monitor and management system based on comprehensive safety audit
TWI890785B (en) Field device with security module, retrofit module for field device, method for setting it security level and computer program code
WO2023163509A1 (en) System for controlling controller-based network connection and method related to same
WO2023085793A1 (en) System for controlling network access on basis of controller, and method therefor
EP1701510B1 (en) Secure remote access to non-public private web servers
WO2023090756A1 (en) Controller-based network access control system, and method therefor
WO2023211122A1 (en) System for controlling file transmission and reception of application on basis of proxy and method relating to same
WO2023163514A1 (en) Controller-based network access control system and method therefor
US20190163881A1 (en) Software license management system and management method
WO2015078247A1 (en) Method, apparatus and terminal for monitoring phishing
TWI895763B (en) Remote Support System
WO2023211104A1 (en) System for controlling controller-based network access, and method related thereto
WO2023163506A1 (en) System for controlling file transmission and reception of application, and method therefor
WO2022231304A1 (en) System for controlling controller-based network access, and method therefor
Zhu et al. An efficient data leakage prevention framework for semiconductor industry
KR20180131765A (en) access management systems for management-mode and accessing methods
US20250267132A1 (en) Data security measures for cybersecurity threats