Network management apparatus, management server, client terminal, and control method thereof
First Claim
Patent Images
1. A network management apparatus for managing a plurality of terminals connected to a local area network, said network management apparatus comprising:
- at least a processor and memory, which cooperate to;
store an administration table in which a plurality of fields corresponding to the plurality of the terminals is allocated, where a field corresponding to a terminal stores permission information identifying a storage device permitted for use on the terminal;
acquire, from a terminal among the plurality of terminals, current device configuration information identifying a storage device being connected to the terminal, the acquiring being executed repeatedly for each of the plurality of terminals;
compare the acquired current device configuration information with the permission information stored in the corresponding field in the administration table, and determine, based on the result of the comparison, whether the terminal is being connected to a storage device other than a storage device permitted for use for the terminal, the comparison being executed in response to the acquisition for each of the plurality of terminals when there is a storage device which is identified in the acquired current device configuration information; and
when the result of the comparison indicates that the terminal is being connected to a storage device not permitted for use, transmit to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to the storage device not permitted for use,wherein said network management apparatus performs the acquiring and the transmitting via the local area network.
2 Assignments
0 Petitions
Accused Products
Abstract
Configuration information representing the configuration elements of a client PC or the like on a network is compared with initial configuration information. When the configuration information changes, it is determined whether the configuration is proper. If the configuration is improper, the function of a corresponding configuration element to the network is inhibited. This can prevent an unstable state of the system, leakage of information, and a decrease in reliability of the network system upon a change in network configuration.
-
Citations
11 Claims
-
1. A network management apparatus for managing a plurality of terminals connected to a local area network, said network management apparatus comprising:
at least a processor and memory, which cooperate to; store an administration table in which a plurality of fields corresponding to the plurality of the terminals is allocated, where a field corresponding to a terminal stores permission information identifying a storage device permitted for use on the terminal; acquire, from a terminal among the plurality of terminals, current device configuration information identifying a storage device being connected to the terminal, the acquiring being executed repeatedly for each of the plurality of terminals; compare the acquired current device configuration information with the permission information stored in the corresponding field in the administration table, and determine, based on the result of the comparison, whether the terminal is being connected to a storage device other than a storage device permitted for use for the terminal, the comparison being executed in response to the acquisition for each of the plurality of terminals when there is a storage device which is identified in the acquired current device configuration information; and when the result of the comparison indicates that the terminal is being connected to a storage device not permitted for use, transmit to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to the storage device not permitted for use, wherein said network management apparatus performs the acquiring and the transmitting via the local area network.
-
2. A management server which manages a plurality of terminals connected to a local area network, comprising:
-
a memory that stores an administration table in which a plurality of fields corresponding to the plurality of terminals is allocated, where a field corresponding to a terminal stores permission information identifying a device permitted for use on the terminal; a first acquisition unit that acquires, from a terminal among the plurality of terminals via the network, first device information identifying a device that is being connected to the terminal, and registers the acquired first device information as the permission information into a corresponding field in the administration table stored in said memory, where the acquisition by said first acquisition unit is executed once for the terminal when the terminal is to be managed at an initial stage by said management server for each of the plurality of terminals; a second acquisition unit that acquires, from a terminal among the plurality of terminals, second device information identifying a device that is being connected to that terminal after the registration for the terminal by said first acquisition unit has been made, while said management server is managing the terminal, the acquiring being executed repeatedly for each of the terminals; a determination unit that compares the second device information acquired by said second acquisition unit with the permission information in the corresponding field in the administration table stored in said memory, and that determines, based on the result of the comparison, that the terminal is being connected to a device not permitted for use on that terminal when there is a device which is identified in the second device information, the comparison and the determination being performed repeatedly for each of the plurality of terminals; and a transmitter that, when the result of the determination indicates that the terminal is connected to a device not permitted for use, transmits to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to any device, wherein said management server performs the acquiring and the transmitting via the local area network. - View Dependent Claims (3, 4, 5, 6)
-
-
7. A network control method performed by a network management apparatus for managing a plurality of terminals connected to a local area network, the method comprising steps of:
-
storing an administration table in which a plurality of fields corresponding to the plurality of terminals is allocated, where a field corresponding to a terminal stores permission information identifying a storage device permitted for use on the terminal; acquiring, from a terminal among the plurality of terminals, current device configuration information identifying a storage device being connected to the terminal, the acquiring being executed repeatedly for each of the plurality of terminals; comparing the current device configuration information acquired in said acquiring step with the permission information in the corresponding field in the administration table stored in said storing step, and determining, based on the result of the comparison, whether the terminal is being connected to a storage device other than a corresponding storage device permitted for use for the terminal when there is a storage device which is identified in the current device configuration information; and when determined in said determining step that the terminal is being connected to a storage device not permitted for use, transmitting to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to the storage device not permitted for use, wherein the network management apparatus is coupled to the plurality of terminals by the local area network.
-
-
8. A method of controlling a management server which manages a plurality of terminals connected to a local area network, comprising steps of:
-
storing an administration table in which a plurality of fields corresponding to the plurality of terminals is allocated, where a field corresponding to a terminal stores permission information identifying a device permitted for use on the terminal; acquiring first, from a terminal among the plurality of terminals via the network, first device information identifying a device that is being connected to the terminal, and registering the acquired first device information as the permission information into a corresponding field in the administration table stored in said storing step, where the acquisition in said first acquiring step is executed once for the terminal when the terminal is to be managed at an initial stage by the management server for each of the plurality of terminals; acquiring second, from a terminal among the plurality of terminals, second device information identifying a device that is being connected to the terminal after the registration for the terminal in said first acquiring step has been made, while the management server is managing the terminal, said second acquiring step being executed repeatedly for each of the plurality of terminals; comparing the second device information acquired in said second acquiring step with the permission information in the corresponding field in the administration table stored in said storing step, and determining, based on the result of the comparison, whether the terminal is being connected to a device not permitted for use on the terminal when there is a device which is identified in the second device information, the comparison and the determination is executed in response to the acquisition by said second acquisition step for each of the plurality of terminals; and when determined in said determining step that the terminal is being connected to a device not permitted for use, transmitting to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to any device, wherein the method is performed by the management server, and wherein the management server is connected to the plurality of terminals by the local area network.
-
-
9. A non-transitory computer-readable memory storing a computer program which is loaded and executed by a computer for managing a plurality of terminals, the program comprising steps of:
-
storing an administration table in a plurality of fields corresponding to the plurality of terminals is allocated, where a field corresponding to a terminal stores permission information identifying a storage device permitted for use on the terminal; acquiring, from a terminal among the plurality of terminals, current device configuration information identifying a storage device being connected to the terminal, the acquiring being executed repeatedly for each of the plurality of terminals; comparing the current device configuration information acquired in said acquiring step with the permission information in the corresponding field in the administration table stored in said storing step, and determining, based on the result of the comparison, whether the terminal is being connected to a storage device other than a corresponding storage device permitted for use for the terminal when there is a storage device which is identified in the current device configuration information, the comparison and the determination being executed in response to the acquisition for each of the plurality of terminals; and when determined in said determining step that the terminal is being connected to a storage device not permitted for use, transmitting to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to the storage device not permitted for use, wherein the network management apparatus is coupled to the plurality of terminals by the local area network.
-
-
10. A non-transitory computer-readable memory storing a computer program which is loaded and executed by a computer and functions as a management server for managing a plurality of terminals connected to a local area network, the computer program comprising steps of:
-
storing an administration table in which a plurality of fields corresponding to the plurality of terminals is allocated, where a field corresponding to a terminal stores permission information identifying a device permitted for use on the terminal; acquiring first, from a terminal among the plurality of terminals via the network, first device information identifying a device that is being connected to the terminal and, registering the acquired first device information as the permission information into a corresponding field in the administration table stored in said storing step, where the acquisition in said first acquiring step is executed once for the terminal when the terminal is to be managed at an initial stage by the management server for each of the plurality of terminals; acquiring second, from a terminal among the plurality of terminals, second device information identifying a device that is being connected to the terminal after the registration for the terminal in said first acquiring step has been made, while the management server is managing the terminal, said second acquiring step being executed repeatedly for each of the plurality of terminals; comparing the second device information acquired in said second acquiring step with the permission information in the corresponding field in the administration table stored in said storing step, and determining, based on the result of the comparison, whether the terminal is being connected to a device not permitted for use on the terminal when there is a device which is identified in the second device information; and when determined in said determining step that the terminal is being connected to a device not permitted for use, transmitting to the terminal a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to any device, wherein the computer is connected to the plurality of terminals by the local area network.
-
-
11. A network management system comprising:
-
a plurality of client terminals connected to a local area network; and a management server connected to said plurality of client terminals by the local area network for managing each of said plurality of client terminals, wherein each of said client terminals includes; a detector that detects a device being currently connected to the client terminal and generates device information identifying the detected device; and a transmitter that transmits the device information of the client terminal to said management server, wherein said management server includes; a memory that stores an administration table in which a plurality of fields corresponding to the plurality of client terminals is allocated, where a field corresponding to a client terminal stores permission information identifying a device permitted for use on the client terminal; a first receiver that receives, from a client terminal among the plurality of client terminals, first device information identifying a device that is being connected to that client terminal, and registers the first device information as the permission information into a corresponding field in the administration table stored in said memory, where the reception by said first receiver is executed once for said client terminal when said client terminal is managed at an initial stage by said management server for each of the plurality of client terminals; a second receiver that receives, from a client terminal among the plurality of client terminals, second device information identifying a device that is being connected to that client terminal after the registration for the client terminal has been made, where the reception by said second receiver is executed repeatedly for the client terminal while said management server is managing the client terminal for each of the plurality of client terminals; a determination unit that compares the second device information received by said second receiver with the permission information in the corresponding field in the administration table stored in said memory and that determines based on the result of the comparison, that the client terminal is being connected to a device not permitted for use when there is a device which is identified in the second device information; and a transmitter that, when determined that the client terminal is being connected to the device not permitted for use, transmits a power-off instruction, a network access inhibition instruction, or a restriction instruction to restrict writing to any storage device to the client terminal.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCanon Hi-Tech Limited (Canon Inc.), Canon Kabushiki Kaisha (Canon Inc.)
-
Original AssigneeCanon Hi-Tech Limited (Canon Inc.)
-
InventorsSakamaki, Hisashi, Mochizuki, Kouichi, Uchida, Ahimusa
-
Primary Examiner(s)Tang, Karen
-
Application NumberUS11/269,644Publication NumberTime in Patent Office3,709 DaysField of Search709/217, 709/224, 709/225, 709/226US Class Current1/1CPC Class CodesH04L 41/082 the condition being updates...H04L 41/0853 by actively collecting conf...H04L 41/0869 Validating the configuratio...H04L 63/083 using passwords cryptograph...
