JP5794416B2 - Remote maintenance system and remote maintenance method - Google Patents

Description

  The present invention relates to a remote maintenance system and a remote maintenance method for maintaining and managing devices possessed by a plurality of users while maintaining the anonymity of each user with a management device at a remote location.

  There are cases in which a plurality of users owns a device, an administrator is in a remote place away from the place where the device is used, and performs maintenance management of each device via the Internet or the like. The term “maintenance management” as used herein refers to an action of collecting data from a device and transmitting corresponding response information when there is a need for response. The management device acquires the usage status of each device via the Internet or the like regularly or periodically, and provides a repair or a countermeasure for the device when the acquired information is abnormal. That is, the management apparatus acquires information such as usage status from each user-owned device for maintenance management of the device, analyzes the information, and confirms that the device is operating correctly.

On the other hand, by providing information such as device usage status to the management device, there is a possibility that the administrator may reveal secret information such as the user's sales from this information, so the information provided is anonymous I need sex.
Therefore, an intermediary processing device is provided between the information collector (administrator) and the information provider (user), and information is exchanged via the mediation processing device, so that the information collector and the provider can interact with each other. A system that can collect information while maintaining anonymity of the information has been developed (see Patent Document 1).

JP 2003-316965 A

However, in the technique disclosed in Patent Document 1, an intermediary processing device must be provided in addition to the device and the management device, which causes problems such as a complicated configuration, an increase in cost, and a decrease in efficiency. Arise.
Further, in Patent Document 1, information from a plurality of information providers can be obtained anonymously. However, even if problem information is found as a result of analyzing these information, the information is anonymous. There is a problem in that it is impossible to determine the provider of the problem, and it is not possible to feed back a countermeasure for the problem.

  The present invention has been made to solve such a problem, and the object of the present invention is to acquire information on devices owned by a plurality of users while maintaining anonymity, and to respond from the information. It is an object of the present invention to provide a remote maintenance system and a remote maintenance method capable of providing response contents while maintaining anonymity for a discovered device.

In order to achieve the above-described object, in the remote maintenance system according to claim 1, the management device communicates information about the plurality of devices between the management device of the administrator and a plurality of users' devices that are communicably connected. Is a remote maintenance system that collects information corresponding to each device based on the information, and the management device generates a unique administrator encryption key and administrator decryption key. And information acquisition means for acquiring information on the plurality of devices via the communication in a state where each device cannot be identified, and a response necessity for determining whether the acquired information on each device is in a response-necessary state The administrator encryption key generated by the determination unit and the administrator key generation unit is transmitted to each device, and the information acquisition unit encrypts the device using the administrator encryption key from each device. Information and specific to each device Receiving collectively encrypted information that combines the user encryption key, obtains the user encryption key of the information and the devices of each device by the encrypted information decoded by the administrator decryption key The information collection control unit and the acquired information on each device are determined by the response necessity determination unit, and for information on the device determined to be in the response required state, a response corresponding to the response required state A maintenance control unit that encrypts the content with the user encryption key corresponding to the information of the device and transmits the encrypted information to each device, and the device has a user encryption key and a user decryption key unique to the device. A user key generation unit that generates information, a device information storage unit that stores information on the device, device information stored in the device information storage unit, and the user encryption key generated by the user key generation unit Join the management Encrypts the received put al the administrator encryption key, the information provision control part for transmit, decryption key generated by the user key generating unit the encrypted response content is received from the management device And a response content execution control unit that executes the response content obtained by decoding when the decryption is successful.

In the remote maintenance system according to claim 2, in the management apparatus according to claim 1, the information acquisition unit combines the information of each device and the user encryption key, and encrypts the information using the administrator encryption key. Information storage means capable of storing encrypted information for each device is used, and the information collection control unit transmits the information storage means so that the information storage device is rotated in turn between the devices, and the returned information The encryption information of each device is acquired from a storage unit, and the maintenance control unit stores the response content in the information storage unit and transmits the response contents in turn between the devices. It is characterized by that.

The remote maintenance system according to claim 3 is characterized in that, in claim 2, the information storage means rearranges the stored order when storing the encrypted information from each device.
In the remote maintenance method of claim 4, the management device collects information on the plurality of devices between the management device of the administrator and the devices of the plurality of users that are communicably connected, and each of the information is based on the information. A remote management maintenance method for transmitting information corresponding to a device, wherein the management device generates a unique administrator encryption key and an administrator decryption key by an administrator key generation unit, and An encryption key is transmitted to each device, and each device uses the administrator encryption key to store the device information stored in the device information storage unit and the user encryption key generated by the user key generation unit. Encryption information obtained by combining and encrypting the received information to the administrator device, wherein the management device collectively receives the encrypted information from the devices in a state where the devices cannot be identified , of the encryption information to the administrator decrypt key Decrypt and acquire the information of each device and user encryption key, determine whether the acquired device information indicates a response required state, and for the device information determined to be in the response required state Then, the response content corresponding to the response required state is encrypted with the user encryption key corresponding to the information of the device, transmitted to each device, and the device that has received the encrypted response content is the user The decryption is attempted with the user decryption key generated by the key generation unit, and when the decryption is successful, a process corresponding to the response content obtained by decryption is executed.

  According to the present invention using the above means, when information on each user's device is collected by the management device, information between the users is obtained by encrypting the information on the device with an administrator encryption key unique to the management device. Leakage can be prevented, and by receiving the encrypted information collectively for each device, it is not possible for the administrator to identify which information belongs to which user's device, and to ensure anonymity .

  Furthermore, each user's device provides a unique user encryption key to the management device together with the device information. When the management device determines that a response is necessary from the acquired device information, the device information along with the device information is provided. Using the provided user encryption key, the response content is encrypted and transmitted to each device. This encrypted response content can be decrypted only by a device having a corresponding user decryption key, and cannot be decrypted by another user's device, so that information is not leaked to other users, and the management device In addition, it is possible to provide a countermeasure without specifying a device in which an abnormality has occurred, and maintain anonymity of the user.

1 is a schematic configuration diagram of a remote maintenance system according to an embodiment of the present invention. It is a sequence diagram which shows the maintenance method of the remote maintenance system which concerns on one Embodiment of this invention.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
Referring to FIG. 1, a schematic configuration diagram of a remote maintenance system according to an embodiment of the present invention is shown.
As shown in the figure, there are a plurality of users U1 to Un, and each user owns and uses devices D1 to Dn provided by an administrator (hereinafter referred to as maintainer M). Examples of the equipment include a prime mover such as a gas turbine and an industrial machine.

On the other hand, the maintainer M owns a management device A for performing maintenance management on the devices D1 to Dn owned by the users U1 to Un. The management apparatus A is remote from the devices D1 to Dn, and is connected to the devices D1 to Dn via the Internet I (network) so as to be capable of bidirectional communication.
The management device A mainly includes a communication unit 2, a maintainer key generation unit 4 (administrator key generation unit), a container packet generation unit 6 (information acquisition unit), a database unit 8, a totaling unit 10, and an abnormality determination unit 12 (response required). Sex determination unit), an information collection control unit 14, and a maintenance control unit 16.

The communication unit 2 has a function of transmitting / receiving information to / from the devices D1 to Dn via the Internet I.
The maintainer key generation unit 4 is a maintainer public key pkm (administrator encryption key) that is an encryption key unique to the management apparatus A and a maintainer that is a decryption key for decrypting information encrypted with the maintainer public key pkm. It has a function of generating a secret key skim (administrator decryption key).

The container packet generation unit 6 has a function of generating a container packet (information storage unit) for storing information such as usage statuses of the devices D1 to Dn (hereinafter referred to as log information).
The database unit 8 has a function of storing various types of information, and the log information acquired from each device D1 to Dn in the database unit 8, the totaling result, the analysis result, the condition of the abnormal state of the device, and the abnormal state The countermeasures etc. are saved.

The totaling unit 10 has a function of totaling and analyzing log information acquired from each device D1 to Dn.
The abnormality determination unit 12 determines whether or not the log information acquired from each of the devices D1 to Dn satisfies a condition indicating an abnormal state of the device stored in the database unit 8. That is, the abnormal state is a state that requires some kind of response such as a countermeasure for the device, and the condition indicating the abnormal state is, for example, that a threshold is set in advance according to log information, or is totaled by the totaling unit 10 A histogram or the like is created from the values and is statistically derived such as a value far from the average.

  The information collection control unit 14 is connected to each of the communication unit 2, maintainer key generation unit 4, container packet generation unit 6, database unit 8, totaling unit 10, and maintenance control unit 16. The information collection unit 14 transmits the maintainer public key generated by the maintainer key generation unit 4 to the devices D1 to Dn via the communication unit 2, and then uses the container packet generated by the container packet generation unit 6. The log information of the devices D1 to Dn of the users U1 to Un is acquired together. These may be performed simultaneously by storing and sending out the maintainer public key in the container packet. Further, the container packet may contain information for designating in what order the users U1 to Un are to be routed. In the container packet, log information and a user public key pku (user encryption key) unique to each device D1 to Dn are combined, and encrypted information encrypted by the maintainer public key pkm is stored. By decrypting with the maintainer secret key skim, the log information and the user public key pku corresponding to the log information are obtained. The acquired log information is totaled by the totaling unit 10, and the totaling result is stored in the database unit 8.

  The maintenance control unit 16 is connected to the communication unit 2, maintainer key generation unit 4, container packet generation unit 6, database unit 8, abnormality determination unit 12, and information collection control unit 14. The maintenance control unit 16 determines the log information of each device D1 to Dn acquired by the information collection control unit 14 in the abnormality determination unit 12, and when an abnormal state (response required state) is found, A coping method (response content) corresponding to the abnormal state is acquired from the database unit 8, and the coping method is encrypted with the user public key pku corresponding to the log information and transmitted to the devices D1 to Dn.

  On the other hand, each of the devices D1 to Dn owned by the users U1 to Un includes a communication unit 20, a user key generation unit 22 (user key generation unit), a database unit 24 (device information storage unit), an information provision control unit 26, And a countermeasure execution control unit 28 (response content execution control unit). In FIG. 1, only the device D1 of the user U1 is illustrated in detail in FIG. 1, but it is assumed that other devices have the same configuration.

The communication unit 20 has a function of transmitting / receiving information to / from the management apparatus A via the Internet I.
The user key generation unit 22 includes a user public key pku (user encryption key) that is a unique encryption key for each device D1 to Dn, and a decryption key for decrypting information encrypted with the user public key pku. It has a function of generating a user secret key sku (user decryption key).

The database unit 24 has a function of storing various data, and the database unit 24 periodically stores device log information. Examples of the log information include a usage time, a temperature change, and a rotation speed change when the device is a gas turbine.
The information provision control unit 26 is connected to each of the communication unit 20, the user key generation unit 22, the database unit 24, and the countermeasure execution control unit 28. The information provision control unit 26 receives the maintainer public key pkm and the container packet from the management apparatus A via the communication unit 20. When a container packet is received, the log information stored in the database unit 24 and the user public key pku generated by the user key generation unit 22 are combined and encrypted information encrypted by the maintainer public key pkm Is stored in the container packet and transmitted to the next user via the communication unit 20. If the next user does not exist, transmission is performed to the maintainer.

  The coping execution control unit 28 is connected to each of the communication unit 20, the user key generation unit 22, the database unit 24, and the information provision control unit 26. The coping execution control unit 28 receives the coping method stored in the container packet and encrypted by the user public key pku from the management apparatus A via the communication unit 20, and the user secret generated by the user key generation unit 22 When the decryption is attempted with the key sku and the decryption is successful, the countermeasure obtained by the decryption is executed, and when the decryption fails, the container packet is directly transmitted to the next user. . If it is not desired to specify which user to deal with, the container packet is transmitted to the next user regardless of the success of the decoding.

The remote maintenance system in the embodiment has the above-described configuration, and the operation of the remote maintenance system will be described below.
Referring to FIG. 2, there is shown a sequence diagram showing a maintenance method of a remote maintenance system according to an embodiment of the present invention. Hereinafter, a maintenance method of each device in the remote maintenance system will be described in detail based on FIG.

First, the maintainer key generation unit 4 of the management apparatus A generates the maintainer public key pkm and the maintainer secret key skim. Then, the management apparatus A transmits the maintainer public key pkm to the devices D1 to Dn of the users U1 to Un via the Internet I.
Subsequently, the management device A generates a container packet in the container packet generation unit 6 and first sends the device packet D1 of the user U1 who is the first transmission partner so that the container packet sequentially turns between the devices D1 to Dn. Send. The container packet includes a request for storing predetermined log information in each of the devices D1 to Dn.

  The device D1 that has received the container packet generates a user public key pku unique to the user 1 in the user key generation unit 22, and also stores predetermined log information corresponding to the request included in the container packet in the database unit 24 of the device D1. Take out from. Key generation may require a lot of calculation processing, and is not necessarily performed every time, and the same key as the previous time may be used. The user public key pku and the user secret key sku may be the same (common key method). The user public key pku and the log information are combined, encrypted with the maintainer public key pkm, stored in a container packet, and the container packet is transmitted to the device D2 of the next user U2.

Similarly to the device D1, the device D2 of the user U2 that has received the container packet combines the user public key pku and the log information, encrypts and stores it in the container packet, and transfers the container packet to the next user device. Send. At this time, the order is shuffled inside the container packet so that the user is not specified from the storage order.
In this way, the container packet is sequentially transmitted between the devices D1 to Dn, and when the information of the device Dn of the last user Un is stored, the container packet is returned to the management apparatus A. Thereby, the management apparatus A will acquire the information of each apparatus D1-Dn collectively.

  The management apparatus A to which the container packet has been returned decrypts the encrypted information of each device D1 to Dn stored in the container packet under the control of the information acquisition control unit 14 with the maintainer secret key skim, and each device D1 to D1. Dn log information and user public key pku are acquired. Then, the aggregation unit 10 aggregates the log information of each device D1 to Dn and stores the aggregation result in the database unit 8.

  In addition, the management apparatus A determines the acquired log information of each device D1 to Dn in the abnormality determination unit 12 under the control of the maintenance control unit 16, and if there is log information indicating an abnormal state, the abnormality is detected. A countermeasure according to the state is created based on the information in the database unit 8. In this countermeasure, the corresponding user public key pku encrypted together with the log information is encrypted and stored in the container packet. When an abnormal state is found in a plurality of log information, each countermeasure is encrypted with the user public key pku corresponding to each log information. And the container packet which stored the countermeasure method encrypted in this way is transmitted to each apparatus D1-Dn.

  Receiving the container packet, each of the devices D1 to Dn tries to decrypt the encrypted countermeasure stored in the container packet using its own user secret key sku under the control of the countermeasure execution control unit 28. When the decoding is successful, it is determined that the countermeasure is directed to the user, the countermeasure is executed, and the container packet is transmitted to the next user device. On the other hand, if the decryption fails, it is determined that it is not a countermeasure for the user, and the container packet is transmitted to the next user device as it is.

Then, the container packet storing the encrypted countermeasure is sequentially transmitted to each device, and each device performs the same operation to execute the countermeasure when there is a countermeasure addressed to itself. . The container packet after being transmitted to the devices D1 to Dn of all the users U1 to Un is returned to the management apparatus A, and the current maintenance work is completed.
As described above, when the log information of the devices D1 to Dn of the users U1 to Un is collected by the management apparatus A, the log information is encrypted with the maintainer public key pkm, so that the user U1 to Un Can prevent information leakage. In addition, by receiving log information of each device D1 to Dn in a container packet together, it is not possible to identify which information belongs to which user device from the maintainer M, and the anonymity of the users U1 to Un is maintained. It is. In particular, each time information is stored in a container packet, the information regarding the stored order is rearranged randomly, so that anonymity can be more reliably maintained.

  Furthermore, the devices D1 to Dn of the users U1 to Un provide the user public key pku together with the log information to the management apparatus A, and when the management apparatus A determines an abnormal state from the log information, the log information Using the provided user public key pku corresponding to, the countermeasure for the abnormal state is encrypted and transmitted to the devices D1 to Dn. This encrypted countermeasure can be decrypted only by a device having the corresponding user secret key sku, and cannot be decrypted by other devices, so that no information leaks to other users, and the management apparatus A also A countermeasure can be provided without specifying a device in which an abnormality has occurred, and the anonymity of the users U1 to Un is maintained.

As described above, according to the remote maintenance system and the remote maintenance method of the present invention, it is possible to acquire information on the devices D1 to Dn owned by a plurality of users U1 to Un while maintaining anonymity, and an abnormality is discovered from the information. It is possible to provide a coping method while maintaining anonymity for the devices.
Although the description of the embodiments of the remote maintenance system and the remote maintenance method according to the present invention is finished as above, the embodiments are not limited to the above embodiments.

For example, in the above embodiment, the management apparatus A and the devices D1 to Dn are connected via the Internet I, but the network connecting the two is not limited to this, and may be an intranet, for example.
In the above embodiment, the storage order is rearranged at random every time information is stored in the container packet, but the method of increasing anonymity is not limited to this.

For example, anonymity can be further increased by randomizing the order in which container packets are transmitted to the devices D1 to Dn.
Furthermore, the management apparatus A prepares two container packets, and the devices D1 to Dn divide the log information into two, store them in separate container packets, and provide them to the management apparatus A. Then, the management apparatus A searches for a combination that matches one of the divided log information and the other log information, and acquires device information. Thereby, anonymity can be further increased.

  In addition, when the communication always becomes a one-to-one connection format between the management apparatus A and each of the apparatuses D1 to Dn due to the network topology, or when there is only one user, the order shuffle is anonymous. Therefore, as an alternative means, anonymity may be secured by adding a plurality of fake log information and fake user public keys as if a plurality of devices are connected in each device.

  In the above embodiment, when the countermeasure is transmitted from the management apparatus A to each of the devices D1 to Dn, the container packets are sequentially transmitted to the respective devices. For example, a container packet in which a countermeasure that is encrypted in the same manner is stored may be individually transmitted from the management apparatus A to each of the devices D1 to Dn. Even with such a transmission method, anonymity is not impaired.

4 Maintainer key generator (manager key generator)
6 Container packet generator (information acquisition means)
8 Database section 10 Total section 12 Abnormality determination section (response necessity determination section)
14 Information Collection Control Unit 16 Maintenance Control Unit 22 User Key Generation Unit (User Key Generation Unit)
24 Database section (equipment information storage section)
26 Information Provision Control Unit 28 Countermeasure Execution Control Unit (Response Content Execution Control Unit)
M maintainer (administrator)
U1-Un User A Management device D1-Dn Equipment

Claims (4)

A remote where the management device collects information of the plurality of devices and transmits information corresponding to each device based on the information between the management device of the administrator and a plurality of user devices that are communicably connected A maintenance system,
The management device
An administrator key generation unit for generating a unique administrator encryption key and administrator decryption key;
Information acquisition means for acquiring information of the plurality of devices via the communication in a state where each device cannot be identified ;
A response necessity determining unit that determines whether the acquired information of each device is in a response required state;
The administrator encryption key generated by the administrator key generation unit is transmitted to each device, the device information encrypted by the administrator encryption key from each device by the information acquisition means, and each of the devices Receiving the encrypted information combined with the device-specific user encryption key together and decrypting the encrypted information with the administrator decryption key, the information of each device and the user encryption key of each device An information collection control unit for acquiring
The acquired information on each device is determined by the response necessity determination unit, and for the information on the device determined to be in the response required state, the response content corresponding to the response required state is the information on the device. And a maintenance control unit that encrypts with a corresponding user encryption key and transmits to each device,
The equipment is
A user key generation unit that generates a user encryption key and a user decryption key unique to the device;
A device information storage unit for storing information on the device;
Combining the user encryption key generated by the information and the user key generation unit of the apparatus stored in the device information storage unit, and encrypted by the administrator encryption key received from the management apparatus, transmit An information provision control unit that
Attempts to decrypt the encrypted response content received from the management device with the decryption key generated by the user key generation unit, and if the decryption is successful, the response content obtained by decrypting A remote maintenance system comprising: a response content execution control unit to be executed. In the management device,
The information acquisition means uses information storage means that combines the information of each device and the user encryption key and can store the encrypted information encrypted by the administrator encryption key for each device. ,
The information collection control unit is configured to transmit the information storage unit so as to turn between the devices in order, and acquire the encryption information of the devices from the returned information storage unit,
The remote maintenance system according to claim 1, wherein the maintenance control unit stores the response content in the information storage unit and transmits the response contents so as to turn in order between the devices.   The remote maintenance system according to claim 2, wherein the information storage means rearranges the stored order when storing the encrypted information from each device. A remote where the management device collects information of the plurality of devices and transmits information corresponding to each device based on the information between the management device of the administrator and a plurality of user devices that are communicably connected A management and maintenance method,
The management device generates a unique administrator encryption key and administrator decryption key by an administrator key generation unit, and transmits the administrator encryption key to each device,
Each device uses the administrator encryption key to combine the information on the device stored in the device information storage unit and the user encryption key generated by the user key generation unit and encrypt the encrypted information. To the administrator device,
The management apparatus, the encrypted information from the respective devices, the received together in a state that can not identify each device, and the encrypted information of the respective equipment and decoded by the administrator decrypt key, the devices Information and user encryption key,
Determine whether the acquired device information indicates a response required state,
For the information of the device determined to be in the response-necessary state, the response content corresponding to the response-necessary state is encrypted with the user encryption key corresponding to the information of the device, and transmitted to each device.
Device has received the encrypted response content not try decoding the user decryption key generated by the user key generation unit, the response content obtained by decoding in the case of successful decoding A remote maintenance method characterized by executing a corresponding process.

Images