Understanding the Usage Status of Service Provisioning Server Equipment

The management system addresses inefficiencies in service provision server device usage by aggregating function access information, integrating efficient use, and preventing unauthorized access, thereby enhancing security and management.

JP2026095664APending Publication Date: 2026-06-11MOTEX INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
MOTEX INC
Filing Date
2026-04-03
Publication Date
2026-06-11

AI Technical Summary

Technical Problem

Existing systems fail to detect inefficiencies such as redundant use of similar functions across multiple service provision server devices, lack access frequency data for certain devices, and cannot identify unused or rarely used accounts, leading to security and management challenges.

Method used

A management system with a management server device that aggregates function access information from terminal devices, identifies usage status, and integrates or prohibits the use of functions based on usage patterns, ensuring appropriate access and authentication.

Benefits of technology

Accurately grasps the usage status of each function in service provision server devices, integrates efficient use, and prevents unauthorized access by identifying and managing authorized but unused or unauthorized devices.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026095664000001_ABST
    Figure 2026095664000001_ABST
Patent Text Reader

Abstract

This technology provides information on how to monitor the usage status of service provision server equipment. [Solution] Each communication means 12 of terminal devices T1, T2...Tm can access and use the functions provided by service provision server devices SS1, SS2...SSn. Function access detection means 14 detects which function of service provision server devices SS1, SS2...SSn has been accessed and records it as function access information. Function access information transmission means 16 transmits the function access information to the management server device MS. Therefore, the function access information acquisition means 24 of the management server device MS acquires function access information from each terminal device T1, T2...Tm. The function aggregation means 22 of the management server device MS aggregates the acquired function access information for each function and outputs it.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to grasping the usage status of a service - providing server device.

Background Art

[0002] In enterprises and the like, the opportunity for each employee to access an external service - providing server device such as SaaS from their terminal device has been increasing. There are service - providing server devices with various functions, and the service - providing server devices are properly used according to the functions required by the enterprise. Since it can be used by accessing the service - providing server device without installing a program having the function on the terminal device, there is an advantage that the barrier to use is low and it is easy to use.

[0003] Due to such ease of use, there are also employees who use service - providing devices not permitted by the enterprise's information system administrator. Such a situation is not preferable in terms of security and management, so countermeasures have been taken. For example, in Patent Document 1, from an accounting server (a server device that consolidates regular payments to each service - providing server device) and in - house network devices, etc., it is obtained which service - providing server device an employee has accessed, and it is checked whether there is any among these accessed service - providing server devices that is not subject to management. Thereby, access to a service - providing server device that is not permitted can be extracted, and countermeasures can be taken.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] However, (a) while Patent Document 1 can detect and eliminate unauthorized access to service provision server devices, it could not detect inefficiencies such as the redundant use of similar functions across multiple service provision server devices being used.

[0006] (b) In the prior art described in Patent Document 1, access information is obtained from the service provision server device. However, some service provision server devices do not provide the information necessary to count the frequency of access, etc. For such service provision server devices, there was a problem in that the access status could not be grasped and therefore could not be addressed.

[0007] (c) The prior art described in Patent Document 1 detects and eliminates unauthorized access to service provision server equipment, but does not detect service provision server equipment that is authorized but not being used, and therefore could not be made more efficient.

[0008] (d) Furthermore, if the accounts set up by employees or other members to use the service provision server device are not being used at all or only very rarely, it is preferable to take countermeasures such as suspending the accounts. To do this, it is necessary to understand the account usage status of each service provision server device, but there has been a problem in that this cannot be done.

[0009] The purpose of this invention is to provide a usage status monitoring technology that solves any one of the above problems (a) to (d). [Means for solving the problem]

[0010] The following lists some independent features of this invention. These features are not necessarily required to be combined, but can be combined as desired.

[0011] (1)-(5) A management system according to one embodiment of the present invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the plurality of terminal devices, The terminal device includes a function access detection means for detecting which function of each service provision server device has been accessed, and a function access information transmission means for transmitting function access information, which indicates which function of each service provision server device has been accessed as detected by the function access detection means, to the management server device. The management server device is characterized by comprising a function access information acquisition means for acquiring function access information from each terminal device, and a function aggregation means for aggregating the usage status of each function in each service provision server device based on the function access information acquired from each terminal device.

[0012] Therefore, the usage status of each function in the service provision server device can be accurately grasped. Since function access information is obtained from the terminal device, this can be grasped even if the service provision server device does not provide usage status for each function.

[0013] (6)(7) The management server device according to the present invention is a management server device that aggregates which functions of a plurality of service provision server devices a plurality of terminal devices are using, and comprises a function access information acquisition means for acquiring function access information from each service provision server device that indicates which function of each service provision server device each terminal device has accessed, and a function aggregation means for aggregating the usage status of each function in each service provision server device based on the function access information acquired from each service provision server device.

[0014] Therefore, it is possible to accurately grasp the usage status of each function in the service provision server device.

[0015] (8) The management system according to this invention includes terminal devices connected to an external network, and is configured such that a terminal device cannot connect to the internal network unless it is equipped with a function access detection means and a function access information transmission means.

[0016] Therefore, it is practically possible to compel terminal devices to be equipped with functional access detection means and functional access information transmission means, making management easier.

[0017] (9) The management system according to this invention is characterized in that the function aggregation means aggregates the usage status of the same or similar functions in different service provision server devices, and for the same function of multiple service provision devices, prohibits the use of the function of the service provision server device with low usage and suggests the use of the same function of another service provision server device.

[0018] Therefore, it is possible to integrate the use of the functions of the service provision server device.

[0019] (10)(11) The management system according to this invention comprises a terminal device, a communication start detection means for detecting the start of communication in the terminal device, and a communication operation determination means for determining whether the operation of the detected communication is appropriate based on communication operation determination information recorded in the recording unit, and stopping any communication that is determined to be inappropriate to operate. The management server device includes a communication operation determination information setting means that communicates with a terminal device and transmits the communication operation determination information to the terminal device for recording in the terminal device, and a registration means that registers, as the communication operation determination information, a prohibition on communication to the same function of multiple service provision server devices other than the service provision server device that has been decided to use.

[0020] Therefore, integration of function usage can be ensured.

[0021] (12) The management system according to this invention is characterized in that the function aggregation means identifies the users of the terminal devices that utilize the management functions of the service providing devices and identifies the said users as administrators when receiving services from the said service providing devices.

[0022] Therefore, the administrator can be appropriately determined.

[0023] (13) The management system according to this invention is characterized in that the function aggregation means identifies whether multi-factor authentication is being performed when each service providing device is utilized.

[0024] Therefore, it is possible to grasp whether multi-factor authentication is being executed.

[0025] (14)-(18) The management system according to this invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the said plurality of terminal devices, wherein the said terminal device comprises access detection means for detecting to which of each service providing server device access has been made, and access information transmission means for transmitting, to the said management server device, access information indicating to which of each service providing server device access has been made, detected by the access detection means, and the said management server device comprises access information acquisition means for acquiring access information from each terminal device, and specifying means for collating the access information acquired from each terminal device with a list of service providing devices that are permitted, and specifying a service providing device that is not being utilized despite being permitted, or a service providing device that is being utilized despite not being permitted.

[0026] Therefore, it is possible to specify a service providing device that is not being utilized despite being permitted, or a service providing device that is being utilized despite not being permitted, and take appropriate action. Since the access information in the terminal device is acquired, it is possible to grasp this even if the service providing server device does not provide access information.

[0027] (19)(20) The management server device according to the present invention is a management server device that identifies which of a plurality of service provision server devices a plurality of terminal devices is using, and comprises access information acquisition means for acquiring access information from each service provision server device indicating which of the service provision server devices each terminal device has accessed, and identification means for comparing the access information acquired from each service provision server device with a list of authorized service provision devices and identifying service provision devices that are authorized but not being used, or service provision devices that are not authorized but are being used.

[0028] Therefore, it is possible to identify service provision devices that are not being used despite being authorized, and service provision devices that are being used despite not being authorized, and take appropriate action.

[0029] (21) The management system according to this invention is characterized in that the terminal devices include terminal devices connected to an external network, and the terminal devices are configured such that they cannot be connected to the internal network unless they are equipped with the function access detection means and the function access information transmission means.

[0030] Therefore, it is practically possible to compel terminal devices to be equipped with functional access detection means and functional access information transmission means, making management easier.

[0031] (22)(23) The management system according to the present invention comprises a terminal device, a communication start detection means for detecting the start of communication in the terminal device, and a communication operation determination means for determining whether the operation of the detected communication is appropriate based on communication operation determination information recorded in the recording unit, and stopping any communication that is determined to be inappropriate to operate. A management server device communicates with a terminal device and transmits the communication operation determination information to the terminal device for recording, and a communication operation determination information setting means is provided for the terminal device. The communication operation determination information is characterized by including a registration means for registering that communication from a terminal device to a service provider that is not being used despite being authorized, or to a service provider that is being used despite not being authorized, should be prohibited.

[0032] Therefore, access to inappropriate service delivery server devices can be prohibited.

[0033] (24) The management system according to this invention is characterized in that the function aggregation means, aggregation means, or identification means of the management server device identify the access destination by also taking into consideration the program operation log or process communication log.

[0034] Therefore, it is possible to identify the access destination more accurately.

[0035] (25)-(29) The management system according to this invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the plurality of terminal devices, The terminal device comprises: a login ID acquisition means for acquiring the user's terminal login ID or terminal ID used during the login process; an access detection means for detecting that the user has accessed the account of the service provision server device; and an access information transmission means for attaching the terminal login ID or terminal ID to the information indicating that the user has accessed the service provision server device as detected by the access detection means, and transmitting it to the management server device as terminal acquired access information. The management server device is characterized by comprising: a server account information acquisition means for acquiring account information from the service provision server device, which indicates each account established on the service provision server device and the server login ID for each account; a terminal access information acquisition means for acquiring terminal access information from each terminal device; a history generation means for aggregating the terminal access information acquired from each terminal device for each user based on the terminal login ID or terminal ID to generate an access history; and an aggregation means for identifying which user each account on the service provision server device belongs to based on the terminal login ID or terminal ID or user information recorded in association with either of these, and the server login ID, and associating each account with the access history to aggregate the usage status of each account.

[0036] Therefore, even if the service provider server does not provide detailed usage information for each account, the usage status of each account can still be obtained.

[0037] (30)(31) The management server device according to the present invention includes a server account information acquisition means for acquiring account information from the service provision server device, which shows each account established in the service provision server device and the usage history of each account, and an aggregation means for aggregating the usage status of each account based on the account information acquired from the service provision server device.

[0038] Therefore, it is possible to understand the usage status of each account on the service provision server device.

[0039] (32) The management system according to this invention is characterized in that the terminal devices include terminal devices connected to an external network, and the terminal devices are configured such that they cannot be connected to the internal network unless they are equipped with the access detection means and the access information transmission means.

[0040] Therefore, it is practically possible to compel terminal devices to be equipped with functional access detection means and functional access information transmission means, making management easier.

[0041] (33) The management system according to this invention is characterized in that the aggregation means identifies accounts that are not used or are used infrequently on the service provision server device and performs processing to delete such accounts on the service provision server device.

[0042] Therefore, undesirable accounts can be deleted.

[0043] (34) The management system according to this invention is characterized in that the terminal acquisition access information and the server acquisition access information include IP address information used by the terminal device that made the access when accessing the Internet, and the aggregation means detects access to the account of the service provision server device from a terminal device not managed by the management server device based on the difference between the IP address information included in the terminal acquisition access information and the IP address information included in the server acquisition access information.

[0044] Therefore, it is possible to prevent unauthorized access and use of business accounts on service provision server devices from personal terminal devices, etc.

[0045] (35)-(37) The management system according to this invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the plurality of terminal devices, The terminal device comprises at least one processor and storage for recording agents configured to run by the at least one processor, and the agent includes a command to detect which function of each service provision server device it has accessed and to transmit the detected function access information indicating which function of each service provision server device it has accessed to the management server device. The management server device comprises at least one processor and storage for recording a management program configured to be executed by the at least one processor, and the management program is characterized by comprising instructions for acquiring function access information from each terminal device and for aggregating the usage status of each function in each service provision server device based on the function access information acquired from each terminal device.

[0046] Therefore, the usage status of each function in the service provision server device can be accurately grasped. Since function access information is obtained from the terminal device, this can be grasped even if the service provision server device does not provide usage status for each function.

[0047] (38)(39) The management server device according to the present invention is a management server device that aggregates which functions of a plurality of service provision server devices a plurality of terminal devices are using, and comprises at least one processor and storage for recording a management program configured to be executed by the at least one processor, wherein the management program includes instructions for obtaining function access information from each service provision server device indicating which functions of each service provision server device each terminal device has accessed, and for aggregating the usage status of each function in each service provision server device based on the function access information obtained from each service provision server device.

[0048] Therefore, it is possible to accurately grasp the usage status of each function in the service provision server device.

[0049] (40)-(42) The management system according to this invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the plurality of terminal devices, The terminal device comprises at least one processor and storage for recording an agent configured to run by the at least one processor, the agent includes a command to detect which of the service provision server devices it has accessed and to transmit the detected access information indicating which of the service provision server devices it has accessed to the management server device, The management server device comprises at least one processor and storage for recording a management program configured to be executed by the at least one processor, and the management program is characterized by having instructions for acquiring access information from each terminal device, comparing the access information acquired from each terminal device with a list of authorized service providers, and identifying service providers that are authorized but not being used, or service providers that are not authorized but are being used.

[0050] Therefore, it is possible to identify service provision devices that are not being used despite being authorized, and service provision devices that are being used despite not being authorized, and to take appropriate action. Since access information is obtained from terminal devices, it is possible to ascertain this even if the service provision server device does not provide access information.

[0051] (43)(44) The management server device according to the present invention is a management server device that identifies which of a plurality of service provision server devices a plurality of terminal devices is using, and comprises at least one processor and storage for recording a management program configured to be executed by the at least one processor, wherein the management program is characterized by having an instruction to obtain access information from each of the service provision server devices indicating which of the service provision server devices each terminal device has accessed, to compare the access information obtained from each of the service provision server devices with a list of authorized service provision devices, and to identify a service provision device that is authorized but not being used, or a service provision device that is not authorized but is being used.

[0052] Therefore, it is possible to identify service provision devices that are not being used despite being authorized, and service provision devices that are being used despite not being authorized, and take appropriate action.

[0053] (45)-(47) The management system according to this invention is a management system comprising a plurality of terminal devices to be managed and a management server device capable of communicating with the plurality of terminal devices, The terminal device comprises at least one processor and storage for recording an agent configured to run by the at least one processor, the agent includes a command to obtain the terminal login ID of the user used during the login process, detect that access has been made to the account of the service provision server device, and transmit the detected information indicating access to the service provision server device, along with the terminal login ID, as terminal access information to the management server device. The management server device comprises at least one processor and storage for recording a management program configured to run by the at least one processor, the management program obtains account information from the service provision server device, indicating each account established on the service provision server device and the server login ID of each account, obtains terminal access information from each terminal device, aggregates the terminal access information obtained from each terminal device for each user based on the terminal login ID, and generates an access history. The system is characterized by having a command that identifies which user each account on the service provision server device belongs to based on the terminal login ID or user information recorded in association with the terminal login ID and the server login ID, associates each account with the access history, and aggregates the usage status of each account.

[0054] Therefore, even if the service provider server does not provide detailed usage information for each account, the usage status of each account can still be obtained.

[0055] (48)(49) The management server device according to the present invention comprises at least one processor and storage for recording a management program configured to be executed by the at least one processor, wherein the management program includes instructions for acquiring account information from the service provision server device, which shows each account opened in the service provision server device and the usage history of each account, and for aggregating the usage status of each account based on the account information acquired from the service provision server device.

[0056] Therefore, it is possible to understand the usage status of each account on the service provision server device.

[0057] In this embodiment, step S29 corresponds to the "function access detection means".

[0058] In this embodiment, step S35 corresponds to the "function access information transmission means".

[0059] In this embodiment, step S156 corresponds to the "means for acquiring function access information".

[0060] In this embodiment, step S157 corresponds to the "function aggregation means".

[0061] In this embodiment, step S29 corresponds to the "access detection means".

[0062] In this embodiment, step S35 corresponds to the "access information transmission means".

[0063] In this embodiment, the "means for obtaining access information" correspond to step S156.

[0064] In this embodiment, the "specific means" corresponds to step S158.

[0065] In this embodiment, the "means for obtaining a login ID" correspond to step S20.

[0066] In this embodiment, step S162 corresponds to the "means for obtaining server account information".

[0067] In this embodiment, step S156 corresponds to the "terminal acquisition access information acquisition means".

[0068] In this embodiment, the "history generation means" corresponds to step S163.

[0069] In this embodiment, step S164 corresponds to the "aggregation means".

[0070] The term "device" is a concept that includes not only devices composed of a single computer, but also devices composed of multiple computers connected via a network or the like. Therefore, if the means (or even a part of the means) of the present invention are distributed across multiple computers, these multiple computers constitute the device.

[0071] The term "program" is a concept that includes not only programs that can be directly executed by the CPU, but also source code programs, compressed programs, encrypted programs, and programs that work in conjunction with the operating system to perform their functions. [Brief explanation of the drawing]

[0072] [Figure 1] This is the functional configuration of a management system according to one embodiment of the present invention. [Figure 2] This is the system configuration of the management system. [Figure 3] This describes the hardware configuration of terminal devices for IT and OT. [Figure 4] This is the hardware configuration of the management server device MS. [Figure 5] This is a flowchart for recording communication logs. [Figure 6] This is an example of a recorded communication log. [Figure 7] This is a flowchart of the communication log collection process performed by the management server device. [Figure 8] This is a correspondence table between URLs and SaaS server devices (SaaS services) and functions. [Figure 9] This is aggregated data on usage. [Figure 10] This is the result of counting the number of uses. [Figure 11] This is a list of interchangeable functions. [Figure 12] This is a modified example of the management system's functional configuration. [Figure 13] This is the functional configuration of the management system according to the second embodiment. [Figure 14]This is a flowchart for the communication log collection process. [Figure 15] This table shows the correspondence between URLs and SaaS server devices. [Figure 16] This is aggregated data on usage. [Figure 17] These are the results of counts such as the number of uses. [Figure 18] This is the functional configuration of the management system according to the third embodiment. [Figure 19] This is a flowchart of the process for recording communication logs. [Figure 20] This is a flowchart of the process for collecting communication logs. [Figure 21] This is a flowchart of the process for collecting access information. [Figure 22] This is an aggregated result of access history based on communication logs. [Figure 23] This is a summary of access information. [Figure 24] This is an integrated access history. [Figure 25] This is a compilation of communication logs. [Figure 26] This is a compilation of access logs. [Figure 27] This is a diagram illustrating the processing overview of the management system according to the embodiment. [Figure 28] This is the functional configuration of the management system according to the fourth embodiment. [Figure 29] This is an operation flowchart for Agent 52 and OS 50. [Figure 30] This is a list of processes that are allowed to run (a process whitelist). [Figure 31] This is an operation flowchart of agent 52, OS 50, process P, and SaaS server device of terminal device T. [Figure 32] This is a list of URLs that are permitted to communicate (a communication whitelist). [Figure 33] This is an operation flowchart of Agent 52, OS 5050, using another example. [Figure 34]This is an operation flowchart of agent 52, OS 50, process P, and SaaS server device of terminal device T, as in another example. [Figure 35] This is the functional configuration of the management system according to the fifth embodiment. [Figure 36] This is an operation flowchart for Agent 52, the management server program. [Figure 37] This is the functional configuration of the management system according to the sixth embodiment. [Figure 38] This is an operation flowchart for the management server program, SaaS server device, agent 52, OS 50, and process P. [Figure 39] This is an operation flowchart for the management server program, SaaS server device, agent 52, OS 50, and process P. [Figure 40] This is an example of configuration information. [Modes for carrying out the invention]

[0073] 1. First Embodiment 1.1 Functional configuration Figure 1 shows the functional configuration of a management system according to one embodiment of this invention. Service provision server devices SS1, SS2...SSn, such as SaaS, are provided on the internet. Terminal devices T1, T2...Tm are terminal devices used by members of a company (organization), etc.

[0074] Each communication means 12 of terminal devices T1, T2, ..., Tm can access and use the functions provided by service provision server devices SS1, SS2, ..., SSn. The function access detection means 14 detects which function of service provision server devices SS1, SS2, ..., SSn has been accessed and records it as function access information.

[0075] The function access information transmission means 16 transmits function access information to the management server device MS. Therefore, the function access information acquisition means 24 of the management server device MS acquires function access information from each terminal device T1, T2...Tm. The function aggregation means 22 of the management server device MS aggregates the acquired function access information by function and outputs it.

[0076] As described above, since function access information is obtained from each terminal device T1, T2...Tm, the access status of each function of each service provision server device can be accurately grasped. In addition, since the usage status of multiple service provision server devices SS1~SSn is aggregated by function, it can be used to improve efficiency on a function-by-function basis.

[0077] An example of the processing according to this embodiment will be explained using Figure 27. An agent is installed on the in-house terminal devices (IT, such as PCs and smartphones) provided by the company. Similarly, an agent is installed on the terminal devices (OT, such as PCs and smartphones) that the company allows to be used for teleworking.

[0078] The agents of terminal devices IT and OT record which functions of which SaaS server device SS the terminal device accessed. The management server device MS obtains the aforementioned access status of each terminal device IT and OT from these agents.

[0079] The management server (MS) aggregates access data from each terminal device (IT, OT), so even if the SaaS server devices do not provide detailed access data, it is possible to know how much each function of each SaaS server device is being used.

[0080] 1.2 Hardware Configuration Figure 2 shows the system configuration of the management system. In this embodiment, the terminal devices T used are an in-house terminal device IT and an external terminal device OT.

[0081] Internal terminal devices IT1, IT2, ITm are connected to the company network (internal network) via wired or wireless connections. A shared server device (not shown) is connected to the company network and stores data necessary for business operations. Each internal terminal device IT1, IT2, ITm can access the shared server device via the company network and utilize this data.

[0082] External terminal devices OT1...OTp can connect to the company network via a VPN over the internet, either via a wired or wireless connection. In cases such as working from home, employees can connect to the company network via VPN and then connect to the shared server device to perform their work.

[0083] A management server device MS is located on the internet. In addition, SaaS server devices SS1...SSq are provided via the cloud, offering various functional business applications.

[0084] Figure 3 shows the hardware configuration of the IT and OT terminal devices. The CPU 30 is connected to memory 32, a display 34, an SSD (or other storage device such as a hard disk) 36, a DVD-ROM drive 38, a keyboard / mouse 40, and a communication circuit 42. The communication circuit 42 is a circuit for connecting to the company network and the internet.

[0085] SSD36 contains the operating system 50, process P1...Pr, and agent 52. Process P1...Pr and agent 52 work in conjunction with the operating system 50 to perform their functions.

[0086] Operating system 50, process P1...Pr, was installed on SSD 36 via DVD-ROM drive 38 from DVD-ROM 58. Alternatively, programs stored on external storage devices such as USB memory may be installed. Furthermore, these programs may be downloaded and installed from server devices or management server devices on the internet.

[0087] Processes P1...Pr represent individual functions of an application program (for example, a process that connects to a SaaS server device SS and obtains processing results). In other words, multiple processes come together to form a single application program. However, a single process may also form a single application program.

[0088] Agent 52 was downloaded and installed from the management server device MS. Alternatively, it can be installed from DVD-ROM 78.

[0089] Figure 4 shows the hardware configuration of the management server device MS. The CPU 60 is connected to memory 62, a communication circuit 64, an SSD (or other storage device such as a hard disk) 66, and a DVD-ROM drive 68. The communication circuit 64 is a circuit for connecting to the internet.

[0090] SSD66 contains the operating system 70 and the management server program 72. The management server program 72 works in cooperation with the operating system 70 to perform its functions.

[0091] The operating system 70 and the management server program 72 were installed on the SSD 66 via the DVD-ROM drive 68 from the DVD-ROM 78. Alternatively, they may be installed from an external storage device such as a USB memory stick. Furthermore, these programs may be downloaded and installed from a server device on the internet.

[0092] 1.3 Recording process of communication logs in each terminal device Figure 5 shows a flowchart of the process for recording communication logs. In terminal devices (IT and OT), this process is executed by the CPU 60 based on the operating system (OS) 50, agent 52, and processes P1...Pr. Hereafter, when the CPU 30 performs the processing based on the OS 50, it will be expressed as "the OS 50 performs the processing." The same notation will be used for other programs.

[0093] Process P, which is a browser program or application (or a program that comprises them), needs to request OS 50 to communicate with the SaaS server device SS on the internet and receive the processing result when using the functions of the SaaS server device SS on the internet. Therefore, Process P gives OS 50 a communication command indicating the URL of the SaaS server device to communicate with and the desired processing content (step S41).

[0094] In this embodiment, when OS50 receives a communication command, it notifies agent 52 of its contents (step S5). Such a function can be realized by a hook function provided in OS50. In the figure, the horizontal dashed lines indicate communication between programs within the same terminal device IT and OT.

[0095] Agent 52 records the content of the communication command in association with the user information of the terminal device IT or OT (step S29). The user can be identified by the user ID used when logging into the terminal device IT or OT.

[0096] When agent 52 authorizes communication, OS 50 accesses the SaaS server device SS based on the command and requests the desired processing (step S7). In response, the SaaS server device SS executes the requested processing and sends the processing result to the OS 50 of the terminal devices IT and OT (step S101). OS 50 receives the processing result via communication and provides it to process P (step S8).

[0097] Subsequently, process P utilizes the processing functions of the SaaS server device SS via OS50 as needed.

[0098] Figure 6 shows the communication log recorded in step S29. It includes the date and time, username, program name (process name), URL, etc.

[0099] 1.4 Collection and aggregation of communication logs on the management server device Figure 7 shows a flowchart of the process by which the management server device MS collects and aggregates communication logs from each terminal device IT and OT. The CPU 60 of the management server device MS (hereinafter sometimes abbreviated as management server device MS) sends a request for communication logs to each terminal device IT and OT (step S155).

[0100] Each terminal device (IT, OT) receives this information and sends the recorded communication log back to the management server device (MS) (step S35). The management server device (MS) receives the communication logs from each terminal device (IT, OT) (step S156).

[0101] For example, by performing the above process once a day, daily communication logs for each terminal device (IT) and OT can be obtained. In this embodiment, the management server device (MS) requests communication logs from the terminal devices (IT) and OT, but the terminal devices (IT) and OT) may also be configured to voluntarily send communication logs to the management server device (MS).

[0102] The management server device MS aggregates the usage status of each function of the SaaS server device based on communication logs obtained from each terminal device IT and OT for a predetermined period (step S157). As shown in the communication log in Figure 6, the destination URL is recorded. Since this URL is different for each function, aggregation by function is possible.

[0103] In this embodiment, as shown in Figure 8, a correspondence table between the functions of each SaaS server device SS and their URLs is prepared in advance. Note that for some SaaS server devices SS, identification may not be possible based solely on the URL, but rather by examining the query parameters. In such cases, the function is identified by associating it with both the URL and the query parameters.

[0104] The management server device MS uses this correspondence table to aggregate how many times each function of each SaaS server device is used during the aggregation period. Figure 9 shows the aggregated usage data that is generated. It shows how each function of each SaaS server device is used. Note that Figure 9 only shows a portion of the usage of user "TaroMorete," but the usage of all other users using terminal devices IT and OT is also aggregated. In addition, since the communication log shown in Figure 7 includes access to servers other than the SaaS server device SS, only access to the SaaS server device SS is selected using the correspondence table in Figure 8.

[0105] Furthermore, the management server device MS counts how many times each function of each SaaS server device is used, based on the aggregated data in Figure 9. Figure 10 shows an example of the count. This makes it possible to identify functions that are used infrequently or not used at all.

[0106] Information system administrators can access this information from their own terminal device (IT) to the management server device (MS) and consider terminating contracts for unused functions.

[0107] Furthermore, the management server device MS can, in light of usage patterns, propose integrations and other measures regarding the use of functions on the SaaS server devices SS. In this case, the management server device MS records a list of functions that can be exchanged between different SaaS server devices SS, as shown in Figure 11.

[0108] When the management server device MS obtains usage summaries like those in Figure 10, it refers to Figure 11 to extract the functions of the interchangeable SaaS server device SS and obtains the number of times (usage time) they are used. In Figure 10, it compares the number of times Gagarin's calendar viewing, adding, and deleting functions are used (853 times, 347 times, 35 times) with the number of times Web Calendar's calendar viewing, adding, and deleting functions are used (2 times, 1 time, 0 times), and proposes consolidating the less frequently used Web Calendar functions into Gagarin. The information system administrator can then review this information and consider actions such as terminating the contract with SaaS server device SS.

[0109] Furthermore, as shown in Figure 11, if it is necessary to replace a function as part of an integrated set of functions, it is preferable to include this as a condition in the table.

[0110] Furthermore, process control and communication control as described in the fourth to sixth embodiments may be used to prohibit communication to the SaaS server device SS whose contract has been terminated, or to prohibit the startup of processes for using the SaaS server device SS.

[0111] 1.5 Variations (Other) (1) In the above embodiment, agent 52 uses the hook function of OS 50 to obtain the communication destination of process P. However, instead of this, or in addition to this, the communication destination may be obtained using a communication status list. Alternatively, the communication destination may be obtained using the communication log of OS 50.

[0112] (2) In the above embodiment, the communication destination of a program running on OS 50 is obtained. However, the agent 52 may obtain the program's operation log (process operation log) and determine which function of the SaaS server device SS is being used from the page title and other information included in the operation log. For example, if the page title is "Add Calendar", it can be determined that the calendar addition function is being used. To do this accurately, it is preferable to prepare a correspondence table between the page titles displayed when each function of each SaaS server device SS is used and the function.

[0113] In the following embodiments, the term "communication log" can refer to "communication logs only" or "communication logs as well as process operation logs," as described above.

[0114] (3) In the above embodiment, the agents 52 of the terminal devices IT and OT acquire and record access to each function of each SaaS server device SS. However, as shown in Figure 12, if the service provision server device SS provides access logs (function access information) to each function, the function access information may be acquired from each service provision server device SS.

[0115] Furthermore, the target service provision server device SS may be configured to combine a system that acquires functional access information from terminal devices T with a system that acquires functional access information from the service provision server device itself.

[0116] Alternatively, functional access information may be obtained from both the terminal device T and the service provision server device SS, and any missing information may be supplemented.

[0117] For example, if a SaaS server device SS performs an operation to "share a specific file with a specific user," terminal devices IT and OT do not record "which file?" or "to whom?". However, the service provider server device can record "which file?" and "to whom?", so by obtaining functional access information from the service provider server device, it is possible to understand these usage details.

[0118] This approach allows for accurate tracing of events during incident response and other related tasks.

[0119] (4) In the above embodiment, the system aggregates which functions of the service provision server device SS are being used. Of these functions, it may also detect which employee is accessing the administrator function necessary to receive services from the service provision server device SS. This allows the information system administrator to know which employee is registered as the administrator when receiving the service.

[0120] This allows for responses to issues arising in service provision through the employee in question. Furthermore, in some cases, the information systems administrator can be designated as the administrator for receiving the service, instead of the employee in question. Additionally, it allows for the immediate identification of who the administrator of an unauthorized SaaS application is.

[0121] Furthermore, when logging into the service provider server device SS, it may be possible to determine whether or not multi-factor authentication, such as two-factor authentication, is being performed based on the communication logs from the terminal device. In the case of multi-factor authentication, it will be indicated that multiple authentication processes are performed during login, for example, by accessing the login screen, accessing some multi-factor authentication process, accessing some multi-factor authentication process, and accessing the screen after successful login. Therefore, the management server device can check whether multi-factor authentication is being performed by looking at these communication logs.

[0122] Similarly, when single sign-on is performed, access to the server managing single sign-on occurs, and this can be verified.

[0123] If company regulations require multi-factor authentication, the IT administrator can review this information to determine which SaaS services (service provider server devices SS) are using multi-factor authentication. Similarly, if company regulations require (or prohibit) single sign-on, the IT administrator can review this information to determine which SaaS services are using single sign-on.

[0124] (5) In the above embodiment, the management server device MS is located on the internet. However, the management server device MS may be located on the company's internal network. This is acceptable if the only devices to be managed are terminal devices IT connected to the company's internal network. In this case, if terminal devices connected to external networks (networks outside the organization) are also to be managed, it is sufficient to assume that such terminal devices are always connected to the company's internal network via VPN.

[0125] (6) In the above embodiment, the management server device MS aggregates how each function of each SaaS server device was used based on the correspondence table in Figure 8. That is, each terminal device sends URLs and other information as function access information.

[0126] However, the correspondence table in Figure 8 may be recorded on each terminal device (or configured to be accessible), and each terminal device may record whether it accessed the corresponding function of each SaaS server device, and this may be sent to the management server device MS as function access information. Based on the data from each terminal device, the management server device MS will compile how each function of each SaaS server device was used.

[0127] (7) The above embodiments and their modifications can be implemented in combination with each other. They can also be implemented in combination with other embodiments and their modifications.

[0128] 2. Second Embodiment 2.1 Functional configuration In the first embodiment, the usage status is monitored for each function of the service provision server device SS. In this embodiment, the usage status of each service provision server device SS is monitored, and service provision server devices SS that are not being used or are not being used are identified.

[0129] Figure 13 shows the functional configuration of the management system according to the second embodiment. Service provision server devices SS1, SS2...SSn, such as SaaS, are located on the internet. Terminal devices T1, T2...Tm are terminal devices used by members of organizations such as companies.

[0130] Each communication means 12 of terminal devices T1, T2, ..., Tm can access and use the functions provided by the service provision server devices SS1, SS2, ..., SSn. The access detection means 18 detects which of the service provision server devices SS1, SS2, ..., SSn has been accessed and records it as access information.

[0131] The access information transmission means 20 transmits access information to the management server device MS. Therefore, the access information acquisition means 28 of the management server device MS acquires access information from each terminal device T1, T2...Tm. The identification means 26 of the management server device MS refers to the access information and compares it with a list of service provider devices that are permitted to access, in order to identify service provider server devices that are not used or are not in use.

[0132] As described above, access information is obtained from each terminal device T1, T2...Tm, so even if the service provision server device SS does not provide detailed access information, the usage status of the service provision server device SS can be understood, and service provision server devices SS that are not being used or are not being used can be identified.

[0133] An example of the processing according to this embodiment will be explained using Figure 27. An agent is installed on the in-house terminal devices (IT, such as PCs and smartphones) provided by the company. Similarly, an agent is installed on the terminal devices (OT, such as PCs and smartphones) that the company allows to be used for teleworking.

[0134] Agents on terminal devices (IT and OT) record which SaaS server device (SS) the terminal device accessed. The management server device (MS) obtains the aforementioned access status of each terminal device (IT and OT) from these agents.

[0135] Therefore, the management server device MS can aggregate access data from each terminal device (IT, OT) to determine the extent to which each SaaS server device is being used.

[0136] 2.2 System Configuration and Hardware Configuration The system configuration, the hardware configuration of terminal device T, and the hardware configuration of management server device MS are the same as in Figures 2, 3, and 4 in the first embodiment.

[0137] 2.3 Management Processing The flowchart for acquiring communication logs from the terminal devices in this embodiment is the same as in Figure 5. Also, the communication logs collected by each terminal device T1, T2...Tm in step S29 of Figure 5 are the same as in Figure 6.

[0138] Figure 14 shows a flowchart illustrating the process by which the management server device MS collects and aggregates communication logs from each terminal device IT and OT. The management server device MS sends a request for communication logs to each terminal device IT and OT (step S155).

[0139] Each terminal device (IT, OT) receives this information and sends the recorded communication log back to the management server device (MS) (step S35). The management server device (MS) receives the communication logs from each terminal device (IT, OT) (step S156).

[0140] For example, by performing the above process once a day, daily communication logs for each terminal device (IT) and OT can be obtained. In this embodiment, the management server device (MS) requests communication logs from the terminal devices (IT) and OT, but the terminal devices (IT) and OT) may also be configured to voluntarily send communication logs to the management server device (MS).

[0141] The management server device MS aggregates the usage status of each SaaS server device based on communication logs obtained from each terminal device IT and OT for a predetermined period (step S158). As shown in the communication log in Figure 6, the destination URL is recorded. By looking at this URL, it is possible to aggregate which SaaS server device SS is being accessed.

[0142] In this embodiment, as shown in Figure 15, a correspondence table between each SaaS server device SS (and its services) and its URL is prepared in advance. The management server device MS uses this correspondence table to calculate how many times each SaaS server device has been used during the aggregation period.

[0143] Figure 16 shows the aggregated usage data that was generated. It shows how each SaaS server device is being used. Note that Figure 16 only shows a portion of the usage data for user "TaroMorete," but the usage data for all other users using terminal devices IT and OT is also aggregated. In addition, since the communication logs shown in Figure 7 include access to servers other than the SaaS server device SS, only access to the SaaS server device SS is selected using the correspondence table in Figure 15.

[0144] Furthermore, the management server device MS counts how many times each SaaS server device SS has been used, based on the aggregated data in Figure 16. Figure 17 shows an example of the count. The management server device MS then cross-references this with a list of SaaS server devices SS that it manages (that the organization has authorized).

[0145] The management server device MS extracts the usage frequency of the SaaS server devices SS included in the list and selects those that are not used or are used infrequently. This makes it possible to identify SaaS server devices that are used infrequently or not used at all among the SaaS server devices for which usage fees are paid and contracted.

[0146] Information system administrators can access the management server device MS from their own terminal device IT to view this information and consider actions such as terminating contracts for unused or infrequently used SaaS server devices.

[0147] Furthermore, process control and communication control as described in the fourth to sixth embodiments may be used to prohibit communication to the SaaS server device SS whose contract has been terminated, or to prohibit the startup of processes for using the SaaS server device SS.

[0148] 2.4 Variations (Other) (1) In the above embodiment, agent 52 uses the hook function of OS 50 to obtain the communication destination of process P. However, instead of this, or in addition to this, the communication destination may be obtained using a communication status list.

[0149] (2) In the above embodiment, the communication destination of the program running on OS 50 is obtained. However, the agent 52 may obtain the program's operation log and determine which SaaS server device SS is being used from the URL etc. included in the operation log.

[0150] (3) In the above embodiment, the management server device MS extracts unused or infrequently used SaaS server devices SS from among those it manages (permitted by the organization). However, it may also extract access to SaaS server devices SS other than those it manages. This allows the system administrator to find access to unmanaged SaaS server devices SS and terminate the contract or enter into a new contract.

[0151] (4) In the above embodiment, the agents 52 of the terminal devices IT and OT acquire and record access to each SaaS server device SS. However, if the service provision server device SS provides access logs (access information), access information may be acquired from each service provision server device SS.

[0152] Furthermore, the service provision server device SS may be configured to combine a system that obtains access information from terminal devices T with a system that obtains access information from the service provision server device itself.

[0153] Alternatively, access information may be obtained from both the terminal device T and the service provision server device SS, and any missing information may be supplemented.

[0154] Even if a service server device is not authorized for company use by the information systems administrator, if access logs are provided based on the user's email address, access to that service server device, which is not authorized for company use by the information systems administrator, can still be tracked.

[0155] (5) The above embodiments and their modifications can be implemented in combination with each other. They can also be implemented in combination with other embodiments and their modifications.

[0156] 3. Third Embodiment 3.1 Functional configuration In the above embodiment, access to the service provision server device SS, or access to each of its functions, is acquired and aggregated. In this embodiment, the usage status of accounts set on the service provision server device SS is aggregated.

[0157] Figure 18 shows the functional configuration of the management system according to the third embodiment. Service provision server devices SS1, SS2...SSn, such as SaaS, are located on the internet. Terminal devices T1, T2...Tm are terminal devices used by members of organizations such as companies (employees, etc.).

[0158] Each terminal device T1, T2...Tm's login ID acquisition means 11 acquires the terminal login ID (meaning information other than the password entered during login, such as the username) when an organization member uses the terminal device. Each terminal device T1, T2...Tm's communication means 12 can access service provision server devices SS1, SS2...SSn and use their services. The access detection means 14 detects which of the service provision server devices SS1, SS2...SSn was accessed and records it as terminal acquisition access information.

[0159] The access information transmission means 16 transmits access information to the management server device MS. Therefore, the terminal access information acquisition means 21 of the management server device MS acquires terminal access information from each terminal device T1, T2...Tm. The history generation means 23 of the management server device MS aggregates the acquired terminal access information for each terminal login ID and generates an access history.

[0160] The server account information acquisition means 27 of the management server device MS acquires account information from each service provision server device SS1 to SSn indicating which account was used.

[0161] The aggregation means 25 associates the terminal login ID and the server login ID based on these two, and determines which access history corresponds to which account on the server device. This makes it possible to obtain the usage status for each account on each service-providing server device.

[0162] As described above, the usage status acquired by each terminal device T1, T2...Tm is mapped to an account on the service provision server device SS based on the terminal login ID and server login ID. Therefore, even if the service provision server device SS does not provide detailed access information for the account, the usage status of the account can be understood.

[0163] An example of the processing according to this embodiment will be explained using Figure 27. An agent is installed on the in-house terminal devices (IT, such as PCs and smartphones) provided by the company. Similarly, an agent is installed on the terminal devices (OT, such as PCs and smartphones) that the company allows to be used for teleworking.

[0164] Agents on terminal devices (IT and OT) record which SaaS server device (SS) the terminal device accessed. The management server device (MS) obtains the aforementioned access status from these agents for each terminal device (IT and OT). This access status includes the frequency of access to the SaaS server device (SS).

[0165] On the other hand, the management server device MS obtains account information from the SaaS server device SS (see F in the diagram). This account information does not record details of account usage (such as frequency of use).

[0166] Therefore, the management server device MS associates the account of the SaaS server device SS with the login ID of the terminal device. This makes it possible to obtain usage details for each account of the SaaS server device SS.

[0167] 3.2 System Configuration and Hardware Configuration The system configuration, the hardware configuration of terminal device T, and the hardware configuration of management server device MS are the same as in Figures 2, 3, and 4 in the first embodiment.

[0168] 3.3 Recording process of communication logs in each terminal device Figure 19 shows a flowchart of the process for recording communication logs. In terminal devices (IT and OT), this process is executed by the CPU 60 based on the operating system (OS) 50, agent 52, and processes P1...Pr. Hereafter, when the CPU 30 performs the processing based on the OS 50, it will be expressed as "the OS 50 performs the processing." The same notation will be used for other programs.

[0169] Employees using terminal devices IT and OT perform a login process after starting up the terminal device IT or OT. Specifically, agent 52 prompts the user for a login ID (user ID) and password, and if these do not match a pre-registered combination, it does not allow the use of terminal device IT or OT (step S20). Employees who are permitted to use the terminal device IT or OT can then use the program.

[0170] Process P, which is a browser program or application (or a program that comprises them), needs to request OS 50 to communicate with the SaaS server device SS on the internet and receive the processing result when using the functions of the SaaS server device SS on the internet. Therefore, Process P gives OS 50 a communication command indicating the URL of the SaaS server device to communicate with and the desired processing content (step S41).

[0171] In this embodiment, when OS50 receives a communication command, it notifies agent 52 of its contents (step S5). Such a function can be realized by a hook function provided in OS50.

[0172] Agent 52 records the content of the communication command in association with the user information of the terminal device IT or OT (step S29). The user can be identified by the user ID used when logging into the terminal device IT or OT.

[0173] When agent 52 authorizes communication, OS 50 accesses the SaaS server device SS based on the command and requests the desired processing (step S7). In response, the SaaS server device SS executes the requested processing and sends the processing result to the OS 50 of the terminal devices IT and OT (step S101). OS 50 receives the processing result via communication and provides it to process P (step S8).

[0174] Subsequently, process P utilizes the processing functions of the SaaS server device SS via OS50 as needed.

[0175] Figure 6 shows the communication log recorded in step S29. The date and time, terminal login ID (logon user name), program name (process name), URL, etc. are recorded.

[0176] 3.4 Collection and aggregation of communication logs on the management server device Figure 20 shows a flowchart illustrating the process by which the management server device MS collects and aggregates communication logs from each terminal device IT and OT. The management server device MS sends a request for communication logs to each terminal device IT and OT (step S155).

[0177] Each terminal device (IT, OT) receives this information and sends the recorded communication log back to the management server device (MS) (step S35). The management server device (MS) receives the communication logs from each terminal device (IT, OT) (step S156).

[0178] For example, by performing the above process once a day, daily communication logs for each terminal device (IT) and OT can be obtained. In this embodiment, the management server device (MS) requests communication logs from the terminal devices (IT) and OT, but the terminal devices (IT) and OT) may also be configured to voluntarily send communication logs to the management server device (MS).

[0179] The management server MS aggregates and records the access history of each SaaS server device SS for each login ID of each terminal device IT and OT, based on the communication logs received from each terminal device IT and OT (step S157).

[0180] The aggregated access history is shown in Figure 22. For each SaaS server device SS, the number of times and duration of use by each user with each terminal login ID are aggregated. Note that aggregation can be done daily, or it can be done over a predetermined period (e.g., one week).

[0181] Figure 21 shows a flowchart illustrating the process by which the management server device MS collects communication logs from each SaaS server device SS1 to SSn and correlates them with the aggregated results shown in Figure 22.

[0182] The management server device MS sends an access information request to each SaaS server device SS1 to SSn (step S161). Each SaaS server device SS1 to SSn receives this request and sends the access information back to the management server device MS (step S45). The management server device MS receives and records the access information from each SaaS server device SS1 to SSn (steps S162, S163).

[0183] As shown in Figure 23, the access information from each SaaS server device SS1 to SSn records the SaaS account (the ID used when accessing the SaaS server device) and the last access date and time for each account. Thus, the access information obtained from SaaS server devices SS1 to SSn does not provide detailed information about the usage status of each account. On the other hand, as shown in Figure 22, the communication logs obtained and aggregated from each terminal device (IT, OT) provide detailed usage history for each terminal login ID, but it does not indicate which account the logs belong to.

[0184] Therefore, in this embodiment, SaaS accounts are associated with terminal login IDs. This makes it possible to understand the detailed usage status of each SaaS account.

[0185] However, the same employee does not necessarily use the same terminal login ID and SaaS account (account ID). In most cases, terminal login IDs are determined by company rules, often requiring the use of only the last name or the full name (first name, last name). In contrast, SaaS account IDs are almost always the email address provided by the company, regardless of whether or not there are company rules regarding this. Company-provided email addresses typically use only the last name or the full name (first name, last name) before the "@" symbol. Therefore, terminal login IDs and SaaS accounts can be associated if the parts of the terminal login ID and SaaS account before the "@" symbol match.

[0186] Furthermore, in the mapping process, employee information (email address, full name, etc.) determined by the terminal login ID may be used to perform the mapping. Alternatively, even if an exact match is not achieved, the system may determine the degree of similarity and perform the mapping if it exceeds a predetermined similarity level.

[0187] By performing the above mapping, as shown in Figure 24, detailed usage information for each account on each SaaS server device can be obtained.

[0188] Information system administrators can access this information from their own terminal devices (IT) to the management server device (MS) and consider suspending contracts for accounts that are not being used or are used infrequently (number of uses / usage time).

[0189] Alternatively, the management server device (MS) may pre-select accounts with usage frequencies lower than a predetermined frequency and automatically notify the corresponding SaaS server device to terminate the contract for those accounts.

[0190] In this way, we can understand the usage status of each account and take appropriate countermeasures.

[0191] 3.4 Variations (Other) (1) In the above embodiment, the management server device MS obtains the usage status of each account based on the usage information of the SaaS server device SS in the terminal devices IT and OT, and the access information in the SaaS server device SS.

[0192] However, it may also be used to detect instances where an employee accesses a SaaS server device SS from their personal terminal device XT using a business account. The process in this case will be explained with reference to Figure 27.

[0193] The action we want to detect now is the act of accessing and using the business account of the SaaS server device SS from a private terminal device XT (without the agent installed) (see (7) in the diagram).

[0194] The management server device MS acquires access logs from the SaaS server device SS (see F in the diagram). These access logs record the IP address information used by the accessing terminal device when accessing the internet. The management server device MS also acquires communication logs from terminal devices IT and OT to the SaaS server device SS. These communication logs record the IP address information used by the terminal device when accessing the internet.

[0195] The management server device MS compares access logs and communication logs to identify IP addresses that appear in the access logs but not in the communication logs. This IP address is the IP address of the private terminal device XT that accessed the SaaS server device. In this way, unauthorized access can be identified.

[0196] Furthermore, by identifying the account information used in relation to the IP address, and even the terminal login ID corresponding to this account information, it is possible to identify the employee who committed the fraudulent use.

[0197] When performing the above processing, terminal devices IT and OT record access to the SaaS server device as a communication log. This communication log includes the IP address of the terminal device IT or OT. The management server device MS acquires the communication logs from each terminal device IT or OT and aggregates them as shown in Figure 25.

[0198] In Figure 25, the second and third rows show the total number of accesses from user "furutani" to the SaaS server device "Gagarin".

[0199] The second line records the IP address information 122.213.111.96 used by the terminal device when accessing the internet. This indicates access from an internal IT terminal device. The third line records that the terminal device accessed the internet using its IP address 189.563.256.88. This indicates access from an external OT terminal device.

[0200] Similarly, lines 4 and 5 show that user "tanaka" accessed the SaaS server device "Gagarin" from terminal device IT with IP address 122.213.111.87 and terminal device OT with IP address 141.313.222.35.

[0201] Meanwhile, the management server device MS obtains access information from the SaaS server device. This access information includes the IP address information used when the terminal device that accessed the SaaS account accessed the internet. The management server device MS then aggregates this information as shown in Figure 26.

[0202] The management server device MS compares the aggregated data in Figure 25 (communication logs obtained from terminals) with the aggregated data in Figure 26 (access logs obtained from the SaaS server device). This comparison identifies whether there are any IP addresses in the aggregated data in Figure 26 that are not present in the aggregated data in Figure 25. If the SaaS server device is accessed only from terminal devices IT and OT with agents installed, the IP addresses in both aggregated data should match. A discrepancy arises when a personal terminal device XT without an agent installed uses a business SaaS account, as shown in (7) of Figure 27.

[0203] Here, we can find the IP address "163.564.222.89" in the sixth row of Figure 26. We can determine that this is an unauthorized account created by a personal terminal device XT. Furthermore, by associating the SaaS account with the terminal login ID, we can identify which employee committed this unauthorized use.

[0204] Information system administrators can access this information from their own terminal device (IT) to the management server device (MS), view it, and detect and address any misuse.

[0205] (2) In the above embodiment, the agent performs the login process on the terminal device. However, a program other than the agent may perform the login process, and the agent may obtain the login information.

[0206] (3) In the above embodiment, agent 52 uses the hook function of OS 50 to obtain the communication destination of process P. However, instead of this, or in addition to this, the communication destination may be obtained using a communication status list.

[0207] (4) In the above embodiment, the communication destination of the program running on OS 50 is obtained. However, the agent 52 may obtain the program's operation log and determine which SaaS server device SS is being used from the URL etc. included in the operation log.

[0208] (5) In the above embodiment, the agents 52 of the terminal devices IT and OT are used to obtain and record details of access to each SaaS server device SS. However, if the service provider server device SS provides details of account access, the account access information may be obtained from each service provider server device SS. In this case, the user can be identified from the account ID (often an email address).

[0209] (6) The above embodiments and their modifications can be implemented in combination with each other. They can also be implemented in combination with other embodiments and their modifications.

[0210] 4. Fourth Embodiment 4.1 Functional configuration Figure 28 shows the functional configuration of the management system according to the fourth embodiment. Terminal devices T1, T2...Tn and a management server device MS capable of communicating with them are provided.

[0211] The process operation determination information setting means 22 of the server device S transmits process operation determination information to each terminal device T1, T2...Tn. Additionally, the communication operation determination information setting means 24 transmits communication operation determination information to terminal devices T1, T2...Tn. This determination information is recorded in the recording unit 6 of terminal devices T1, T2...Tn.

[0212] The communication start detection means 14 of terminal devices T1, T2...Tn (hereinafter referred to as terminal device T) detects the start of communication 18 in terminal device T. The communication operation determination means 12 refers to the recorded communication operation determination information 10 for the communication 18 whose start has been detected and determines whether the communication 18 is appropriate or not.

[0213] If it is determined that communication 18 is appropriate, the communication 18 is initiated. On the other hand, if it is determined that the initiation of communication 18 is inappropriate, the communication operation determination means 12 stops the communication 18. Thus, the initiation of inappropriate communication 18 is prevented. In this embodiment, stopping a communication includes not only stopping a communication that has already been started, but also not starting a communication that has been requested to be started but has not yet been started.

[0214] The process startup detection means 2 of the terminal device T detects the startup of process 16 in the terminal device T. The process operation determination means 4 refers to the recorded process information determination information 8 for the process 16 whose startup has been detected and determines whether the startup is appropriate or not.

[0215] If it is determined that starting process 16 is appropriate, process 16 is started. On the other hand, if it is determined that starting process 16 is inappropriate, the process operation determination means 4 stops process 16. Thus, the inappropriate starting of process 16 is prevented. In this embodiment, stopping a process includes not only stopping a process that has already started, but also not starting a process that has been requested to start but has not yet started.

[0216] As described above, judgment information from the management server device MS is recorded in each terminal device T, and based on this, each terminal device T eliminates inappropriate processes and communications. Therefore, inappropriate processes and communications can be identified and eliminated on the terminal device T side. Furthermore, since the above management process can be performed by recording the judgment information in each terminal device T, proper management can be carried out even if the terminal device T is connected to an external network.

[0217] 4.2 System Configuration and Hardware Configuration The system configuration of the management system is the same as in Figure 2 in each of the embodiments described above. The terminal devices T used are the in-house terminal device IT and the external terminal device OT.

[0218] Internal terminal devices IT1, IT2, ITm are connected to the company network via wired or wireless connections. A shared server device (not shown) is connected to the company network and stores data necessary for business operations. Each internal terminal device IT1, IT2, ITm can access the shared server device via the company network and utilize this data.

[0219] External terminal devices OT1...OTp can connect to the company network via a VPN over the internet, either via a wired or wireless connection. In cases such as working from home, employees can connect to the company network via VPN and then connect to the shared server device to perform their work.

[0220] A management server device MS is located on the internet. In addition, SaaS server devices SS1...SSq are provided via the cloud to offer business applications and other services.

[0221] The hardware configuration of the terminal devices IT and OT is the same as in Figure 3. The hardware configuration of the management server device MS is the same as in Figure 4.

[0222] 4.3 Process and Communication Management Processing Figures 29 and 31 show flowcharts of process and communication management processes. Figure 29 is a flowchart of the process management process. These processes are executed by the CPU 30 based on the operating system (hereinafter referred to as OS) 50, agent 52, and process P1...Pr in terminal devices IT and OT, and by the CPU 60 based on the management server program 72 in the management server device MS. Hereafter, when it is stated that the OS 50 performs processing, it means that the CPU 30 performs processing based on the OS 50. The same applies to other programs.

[0223] In this embodiment, when OS50 receives a process startup command, it uses a hook function provided in OS50 to notify agent 52 that a startup command has been received (step S1). Examples of when OS50 receives a process startup command include when a user double-clicks an application icon to launch it, or when another process attempts to launch the same process.

[0224] When the agent 52 of the terminal device IT or OT receives a command to start a process from the OS 50 of the terminal device IT or OT, it reads process operation determination information 56 from the SSD 36 (step S21). In the diagram, the horizontal dashed lines indicate communication between programs within the same terminal device IT or OT. Next, for the process that received the start command, the agent refers to this process operation determination information 56 and determines whether it is appropriate to start it (step S23).

[0225] Figure 30 shows the process operation determination information 56. In this embodiment, the process operation determination information 56 is a list of permitted processes that are allowed to start. Agent 52 determines whether the process for which a start command has been issued is on this permitted list. If it is on the list, it is determined that it is appropriate to start it; if it is not on the list, it is determined that it is not appropriate to start it.

[0226] Agent 52 notifies OS 50 whether the process that has been given a start command should be started (step S23). OS 50 receives this notification. If the notification indicates that the process should be started, OS 50 starts the process (step S3).

[0227] On the other hand, if the notification indicates that the startup is inappropriate, OS50 will not start the process in question.

[0228] As described above, it is possible to ensure that only processes permitted by the process permission list are launched. Note that, as will be explained later, this process permission list can be modified by the administrator via the management server device MS. Therefore, each terminal device (IT, OT) can be managed to ensure that only processes specified by the administrator can run.

[0229] Figure 31 shows a flowchart of the communication management process. This is the process that occurs when process P, which is started and running as described above, attempts to communicate with the SaaS server device SS on the internet. In the figure, horizontal dashed lines indicate communication between programs within the same terminal device IT and OT. Horizontal solid lines indicate communication between terminal devices IT and OT and the SaaS server device SS.

[0230] When a terminal device IT or OT process P uses the functions of a SaaS server device SS on the internet, it needs to request OS 50 to communicate with the SaaS server device SS and receive the processing result. Therefore, process P provides OS 50 with a communication command indicating the URL of the SaaS server device to communicate with and the desired processing content (step S41).

[0231] In this embodiment, when OS50 receives a communication command, it uses a hook function or the like provided in OS50 to notify agent 52 that a communication command has been received (step S5).

[0232] When the agent 52 of the terminal device IT or OT receives notification from the OS 50 of the terminal device IT or OT that a communication command has been received, it reads communication operation determination information 54 from the SSD 36 (step S25). Subsequently, it refers to this communication operation determination information 54 and determines whether the communication command is appropriate or not (step S26).

[0233] Figure 32 shows the communication operation determination information 54. In this embodiment, the communication operation determination information 54 is a list of permitted URLs of SaaS server devices SS that are allowed to communicate. Agent 52 determines whether the URL of the SaaS server device SS indicated by the communication command is in this permitted URL list. If it is in the list, it is determined that it is appropriate to communicate with this SaaS server device SS; if it is not in the list, it is determined that it is not appropriate to communicate.

[0234] Furthermore, if a URL has the same URL as one listed in the allowed URL list, or if the destination URL is at a lower level, it will be considered an allowed URL. For example, if www.xxx.jp is listed in the allowed URL list, then any of the destination URLs such as www.xxx.jp / yyy, www.xxx.jp / zzz, or www.xxx.jp / yyy / kkk will be considered allowed. Alternatively, communication may be denied unless the URL exactly matches one of the URLs listed in the allowed URL list.

[0235] Agent 52 notifies OS 50 whether communication with the SaaS server device SS that sent the communication command is possible (step S26). OS 50 receives this notification.

[0236] If notification indicates that communication with the SaaS server device SS is appropriate, OS50 communicates with the SaaS server device SS and requests the desired processing (step S7). In response, the SaaS server device SS executes the requested processing and sends the processing result to the OS50 of the terminal devices IT and OT (step S101). OS50 receives the processing result via communication and provides it to process P (step S8).

[0237] The process P can, as needed, utilize the processing functions of the SaaS server device SS via OS50.

[0238] On the other hand, if OS50 receives notification in step S6 that communication with the SaaS server device SS is inappropriate, it will not communicate with the SaaS server device SS that is the target of the communication command.

[0239] As described above, communication can be restricted to only SaaS server devices SS permitted in the communication permission list. Note that, as described later, this communication permission list can be modified by the administrator via the management server device MS. Therefore, each terminal device (IT, OT) can be managed to restrict communication to only the SaaS management server device SS specified by the administrator.

[0240] In this embodiment, agent 52 is installed not only on terminal devices (IT) that are intended to be used connected to the company network, but also on terminal devices (OT) used for teleworking, etc. (which are not intended to be used connected to the company network). Therefore, process management and communication management can be performed on these external terminal devices (OT) in the same way as on internal terminal devices (IT). In this case, no additional equipment is required.

[0241] Furthermore, when connecting external terminal devices (OT) to the internal network, a VPN is used. This allows for secure access to the internal network from outside. However, connecting to the internal network is not required to connect to the SaaS server device (SS), as external terminal devices (OT) are also managed by agent 52. Therefore, this does not unnecessarily increase the VPN's load.

[0242] 4.4 Agent Deployment Process As described in the above embodiment, if agent 52 is installed on each terminal device (IT, OT), the above-described process management and communication management can be performed. Conversely, if agent 52 is not installed on the terminal devices (IT, OT) to be managed, the above-described management cannot be performed.

[0243] In this embodiment, in order to ensure that agent 52 is installed on the managed terminal devices IT and OT, the following is done.

[0244] In organizations such as companies, when lending IT and OT terminal devices to employees and other members of the organization, Agent 52 should be pre-installed. This ensures that Agent 52 is properly implemented in the IT and OT terminal devices.

[0245] Furthermore, the administrator records the MAC addresses of terminal devices (IT and OT) on which Agent 52 is installed in network equipment such as routers on the company network. The router then restricts access to the company network to only terminal devices (IT and OT) whose MAC addresses are recorded.

[0246] Therefore, terminal devices that are not IT or OT devices provided by the organization, and that do not have Agent 52 installed, cannot connect to the company network. As a result, it becomes difficult to perform work using such terminal devices.

[0247] If you use a terminal device other than the one provided for work purposes, you must install Agent 52, contact your administrator, and have them configure the router to configure the MAC address so that it can connect to the company network.

[0248] In this way, a state can be created in which agent 52 is effectively installed on the terminal device used for business operations.

[0249] Alternatively, the management server device MS may collect the MAC addresses of terminal devices IT and OT on which agent 52 is installed, and then configure the router's MAC addresses based on this information. This can reduce the administrator's workload.

[0250] 4.5 Updating process operation determination information and communication operation determination information In the above, it has been described that process management and communication management are performed based on the process operation determination information (the process permission list in the above) and the communication operation determination information (the communication permission list in the above) recorded in the terminal devices IT and OT.

[0251] These determination information are those recorded in the management server device MS and downloaded by each of the terminal devices IT and OT, and then recorded in each of the terminal devices IT and OT.

[0252] Also, the administrator can access the management server device MS using their own terminal device IT, update the determination information, and record it in each of the terminal devices IT and OT. Thereby, it becomes possible to handle newly permitted processes and communications, as well as newly prohibited processes and communications.

[0253] 4.6 Variation Example (Others) (1) In the above embodiment, both the propriety of process startup and the propriety of communication are determined to control the operation. However, it may be possible to determine only the propriety of process startup or only the propriety of communication to control the operation.

[0254] (2) In the above embodiment, in steps S21 and S25, the determination information is acquired each time. However, these determination information may be acquired from the SSD 36 only once at startup, held in the memory 32, and referred to.

[0255] (3) In the above embodiment, in the management of process startup, using a hook function or the like, when the OS 50 that has received the startup command for the process P does not immediately start the process P, only the process that the agent 52 determines to be appropriate is started.

[0256] However, the agent 52 may control using a process list indicating the currently running processes as follows.

[0257] The processing flowchart in this case is shown in FIG. 33.

[0258] When a process start command is received, the OS50 of the terminal device IT or OT starts the process (step S11). At this time, the OS50 adds the started process to the process list, which shows the processes that are currently running.

[0259] Agent 52 of the terminal device IT, OT constantly monitors the process list recorded and updated by OS 50 (at predetermined time intervals) (step S31). Agent 52 obtains process operation determination information 56 (process permission list in Figure 30) and determines whether a newly appearing (i.e., newly started) process in the process list is suitable for startup.

[0260] If the started process is on the process permission list, it is determined that the start of the process is appropriate; if it is not on the process permission list, it is determined that the start of the process is inappropriate (step S33).

[0261] If Agent 52 determines that the startup of the process is inappropriate, it informs OS 50 to terminate the process (step S34). Upon receiving the termination instruction, OS 50 terminates the process (step S13).

[0262] On the other hand, if agent 52 determines that the startup of the process is appropriate, it will not issue a command to forcibly terminate the operation of the started process.

[0263] As described above, process startup can be managed using the process list managed by OS50. In this example, an inappropriate process will start up initially, but it will be forcibly terminated after a short time, effectively achieving the same effect as not allowing it to start at all.

[0264] Note that the above uses a process list that shows currently running processes. However, instead, the same processing can be performed using an event log. The event log is a log that records when OS50 starts a new process. By monitoring this event log, agent 52 can know when a new process has started and can execute the processing from step S32 onwards in Figure 33.

[0265] The above explains the differences between using process lists and event logs. Since process lists show currently running processes, they eliminate unnecessary processing for processes that have already terminated.

[0266] (4) In the above embodiment, in managing communications, a hook function or the like is used so that the OS 50 does not immediately communicate when it receives a communication command, and only communications that the agent 52 deems appropriate are permitted.

[0267] However, agent 52 may also control the communication using a communication status list that indicates the currently active communication, as follows:

[0268] The processing flowchart in this case is shown in Figure 34. When OS50 receives a communication command from process P, it communicates with the SaaS server device SS specified in the communication command and requests the specified processing (step S15). At this time, OS50 adds the communication with this SaaS server device SS to the communication status list which shows the current communication status.

[0269] Agent 52, which constantly monitors the communication status list (monitoring at predetermined intervals), acquires the above communication that has been newly added to the communication status list (step S27). Agent 52 determines whether the communication with the above SaaS server device SS is appropriate based on the communication operation determination information 54 (communication permission list).

[0270] If it is determined that the communication is not in the communication permission list and is inappropriate, the agent 52 notifies the OS 50 of an instruction to forcibly terminate the communication (step S30). In response to this, the OS 50 forcibly terminates the communication (step S17).

[0271] On the other hand, if it is determined that the communication is in the communication permission list and is appropriate, the agent 52 does not give an instruction to forcibly terminate to the OS 5050. Therefore, the OS 50 receives the result from the SaaS server device SS and conveys this to the process P (step S18).

[0272] (5) In the above embodiment, the management server device MS is placed on the Internet. However, the management server device MS may be placed on the company's internal network. If the management target is only the terminal device IT connected to the company's internal network, this may be done. In this case, if the terminal device connected to the external network (organization-external network) is also to be a management target, it is assumed that such a terminal device must be connected to the company's internal network through a VPN and used.

[0273] (6) In the above embodiment, the process permission list (white list) for permitting startup is used as the process operation determination information 56. However, a process list (black list) for not permitting startup may be used.

[0274] Similarly, for the communication operation determination information 54, instead of the permission URL list (white list) for permitting communication, a non-permission URL list (black list) for not permitting communication may be used.

[0275] (8) In the above embodiment, the communication with the SaaS server device SS is managed. However, the communication with other devices on the Internet, such as a normal web server device, may be managed.

[0276] (9) In the above embodiment, a whitelist or blacklist of destination URLs is used as communication operation determination information. That is, the suitability is determined based on the destination and communication operation determination information is constructed.

[0277] However, it is also possible to determine suitability based on communication conditions (communication speed, communication method (wireless or wired, etc.), security status such as SSL, communication capabilities of the server device of the communication partner, etc.) and to construct communication operation determination information accordingly.

[0278] (10) In the above embodiment, the allowed URL list in Figure 32 does not specify protocols such as http: / / , https: / / , and ftp. However, these may be specified.

[0279] Alternatively, you can specify the domain or IP address, or, if necessary, specify the port number.

[0280] (11) In the above embodiment, the permission list is used to allow or deny the startup of each process, and the URL list is used to allow or deny connections to each communication destination.

[0281] However, when administrators authorized employees to use a specific SaaS service, it was cumbersome because they had to register multiple processes required to access the service in an allow list and multiple communication destinations in a URL list.

[0282] Therefore, a set of information containing multiple processes and communication destinations necessary to receive each service may be recorded on a maintenance server device located on the internet. Administrators can access this maintenance server device to obtain the set of information containing multiple processes and communication destinations necessary for each service. Consequently, setting up allow lists and URL lists becomes easy.

[0283] Furthermore, the maintenance server device updates the set information if there are any changes to the necessary processes or communication destinations for each service. This allows administrators to easily respond to changes in the processes and communication destinations of each service by obtaining the set information from the maintenance server device. Alternatively, the maintenance server device may update the processes and communication destinations on the management server device (deleting old processes and communication destinations and adding new ones). Alternatively, the management server device may access the maintenance server device to obtain and update the set information.

[0284] The above explains the necessary processes and communication destinations for each service, but the same procedure applies when registering new processes and communication destinations for each service.

[0285] (12) The above embodiments and modifications can be implemented in combination with each other. Furthermore, these embodiments and modifications can be implemented in combination with other embodiments and their modifications.

[0286] 5. Fifth Embodiment 5.1 Functional configuration Figure 35 shows the functional configuration of the management system according to the fifth embodiment. The basic process startup management and communication management in this embodiment are the same as in the first embodiment. However, it differs in that when a communication stoppage process is performed, the process operation determination information is updated to prohibit the startup of the process that attempted to perform the communication in the future.

[0287] The communication operation determination means 12 refers to the communication operation determination information 10 and determines whether the communication is appropriate or not. If it determines that the communication is inappropriate, it stops the communication 18. At this time, the communication operation determination means 12 transmits to the process operation determination information setting means 22 of the management server device MS that the communication has been stopped and the process that attempted to perform the communication.

[0288] The process operation determination information setting means 22 receives this information, updates the process operation determination information to prohibit the startup of the process, and transmits it to the terminal device T. As a result, the startup of the process will be prohibited from then on.

[0289] As described above, the process operation detection information has been updated to prohibit the startup of the process that attempted to perform inappropriate communication, so it is now possible to prohibit the startup of that process. 5.2 System Configuration and Hardware Configuration The system configuration and hardware configuration are the same as those shown in Figures 2 to 4 in the first embodiment.

[0290] 5.3 Process and Communication Management Processing The process management process is the same as in Figure 29 of the fourth embodiment. However, in this embodiment, a list of processes that are not permitted to start (startup blacklist) is used as process operation determination information. Therefore, agent 52 allows the start of any process that is not on this list of processes that are not permitted to start. On the other hand, it does not allow the start of any process that is on the startup blacklist.

[0291] The flowchart for the communication management process is the same as in Figure 31 in the fourth embodiment. In this embodiment as well, a list of URLs that are permitted to communicate (communication whitelist) is used as communication operation determination information, just as in the fourth embodiment.

[0292] In this embodiment, as described above, the appropriateness of starting a process is determined by the startup blacklist. Therefore, it is possible to install and start newly supplied processes (for example, processes provided by the SaaS server device SS that have not been used in terminal devices IT and OT until now) in terminal devices IT and OT.

[0293] If this process attempts to communicate with an unauthorized destination, the communication will be blocked by the communication whitelist. Therefore, no particular problems arise regarding communication itself. However, because the operation of the process itself is not prohibited, the process will be started repeatedly, unnecessarily consuming processing power in the terminal devices (IT and OT).

[0294] Therefore, in this embodiment, the startup of a process that attempts to perform inappropriate communication is prohibited.

[0295] In step S26 of Figure 31, agent 52 refers to a list of URLs that are permitted to communicate (communication whitelist) to determine whether the communication that process P intends to perform is appropriate. This is the same as in the fourth embodiment.

[0296] However, if agent 52 determines that the communication is inappropriate, it performs the processing shown in Figure 36. Agent 52 requests the management server device MS to prohibit the startup of process P, which attempted to perform the communication that was determined to be inappropriate.

[0297] In response, the management server program 72 of the management server device MS updates the startup blacklist (process operation determination information 76) by adding the process P (step S151). Furthermore, the management server program 72 sends the rewritten startup blacklist (process operation determination information 76) to the agents 52 of each terminal device IT and OT (step S152).

[0298] Upon receiving the startup blacklist, the IT and OT agents 52 of each terminal device rewrite the startup blacklist (process operation determination information 56) based on it (step S123).

[0299] As described above, process P, which is deemed to be engaging in inappropriate communication, will be prohibited from being started again in each terminal device (IT, OT).

[0300] 5.4 Variations (Other) (1) In the above embodiment, a list of URLs that are not allowed to communicate (communication blacklist) is used as communication operation determination information. However, a list of URLs that are allowed to communicate (communication whitelist) may also be used as communication operation determination information.

[0301] (2) In the above embodiment, the management server program instructs all terminal devices IT and OT to rewrite the process operation determination information in step S152.

[0302] However, it is also possible to instruct the system to rewrite the process operation determination information only for terminal devices IT and OT on which a process attempting to perform an inappropriate communication operation was running (in this case, agent 52 itself may rewrite the process operation determination information for the terminal devices IT and OT without going through the management server device MS).

[0303] Furthermore, the system may be modified to rewrite all IT and OT terminal devices belonging to the same department (or terminal devices with a predetermined relationship) as the terminal device on which the process is running.

[0304] (3) In the above embodiment, agent 52 requests the management server device MS to update the process operation determination information in step S122.

[0305] However, agent 52 may choose to terminate process P, which attempted to perform inappropriate communication, without making such a request. Alternatively, after terminating the process, agent 52 may request the update of the process operation determination information in step S122.

[0306] (4) The above embodiments and modifications can be implemented in combination with each other. Furthermore, these embodiments and modifications can be implemented in combination with other embodiments and their modifications.

[0307] 6. Sixth Embodiment 6.1 Functional configuration Figure 37 shows the functional configuration of the management system according to the sixth embodiment. The basic process startup management and communication management in this embodiment are the same as in the fourth embodiment. However, the difference is that the communication destinations of processes that are permitted to start are updated with communication operation determination information to allow communication.

[0308] The communication operation determination means 12 refers to the communication operation determination information 10 and determines whether the communication is appropriate or not. If it determines that the communication is inappropriate, it makes a decision to stop the communication or allow the communication based on the setting information recorded in association with the process P that attempted to perform the communication.

[0309] If the configuration information specifies that communication should be stopped, the current communication will be stopped. If the configuration information specifies that communication should be permitted, the current communication will be permitted, and a communication operation determination information update command will be sent to the management server device MS. The communication operation determination information setting means 24 of the management server device MS will receive this command, update the communication operation determination information to permit the communication, and send it to the terminal device T.

[0310] In response, terminal device T rewrites the communication operation determination information 10. Therefore, the communication in question will be permitted from that point onward.

[0311] Therefore, by configuring the settings, communication can be automatically permitted for specific processes.

[0312] 6.2 System Configuration and Hardware Configuration The system configuration and hardware configuration are the same as those shown in Figures 2 to 4 in the first embodiment.

[0313] 6.3 Process and Communication Management Processing The process management process is the same as in Figure 29 of the fourth embodiment. However, in this embodiment as well, a list of processes that are permitted to start (startup whitelist) is used as process operation determination information. Therefore, agent 52 allows the start of any process that is listed in this list of permitted processes. Processes that are not listed in the startup whitelist are not permitted to start.

[0314] The flowchart for the communication management process is shown in Figures 38 and 39. In this embodiment as well, as in the fourth embodiment, a list of URLs that are permitted to communicate (communication whitelist) is used as communication operation determination information.

[0315] In the fourth embodiment, communication to URLs not listed in the communication whitelist is prohibited. However, the following problems could arise.

[0316] When a dedicated application (process) is authorized to connect to the SaaS server device SS and utilize its functions, the SaaS server device SS may provide a new URL as a connection destination to offer new functions. In this case, since the new URL is not listed in the communication whitelist, communication will be rejected according to the fourth embodiment.

[0317] This meant that administrators had to rewrite communication operation determination information in order to use new features of the SaaS server device, which was cumbersome.

[0318] In this embodiment, to address the situations described above, the communication operation determination information is automatically updated depending on the process to allow communication to a new destination URL. This is explained below.

[0319] Process P provides OS 50 with a communication command indicating the URL of the SaaS server device that is the communication partner and specifying the desired processing content (step S41).

[0320] When the agent 52 of the terminal device IT or OT receives notification from the OS 50 of the terminal device IT or OT that a communication command has been received (step S5), it reads the communication operation determination information 54 from the SSD 36 (step S25). Subsequently, it refers to this communication operation determination information 54 and determines whether the communication commanded is appropriate or not (step S26). In this embodiment, as in the fourth embodiment, a list of URLs that are permitted to communicate (communication whitelist) is used as the communication operation determination information 54.

[0321] If agent 52 determines that it is appropriate to communicate, it informs OS 50 of permission to communicate in step S124 of Figure 39.

[0322] On the other hand, if it is determined that communication is inappropriate, instead of immediately informing OS50 that communication is not permitted, the system refers to the configuration information to decide whether to permit or deny communication.

[0323] Agent 52 reads configuration information recorded in association with the process attempting to communicate from SSD 36. In this embodiment, the configuration information is included in the communication operation determination information 54. An example of the configuration information is shown in Figure 40. It records whether or not to automatically allow communication with the destination for each process.

[0324] Agent 52 refers to this configuration information and determines whether the communication destination is automatically permitted for the process that is to communicate (step S123). If automatic permission is not granted, in step S124, it communicates to OS 50 that communication is not permitted.

[0325] If automatic permission is enabled, step S125 transmits a notification to OS50 that communication is permitted. Therefore, communication will be permitted even for URLs not listed in the communication whitelist.

[0326] Furthermore, Agent 52 requests the management server program to update the communication whitelist (communication operation determination information 54) so ​​that communication with the URL in question is deemed appropriate (step S126).

[0327] Upon receiving this, the management server program adds the URL to the communication whitelist and updates it (step S153). Furthermore, the management server program transmits this to the agents 52 of each terminal device IT and OT (step S154).

[0328] Upon receiving the updated communication whitelist, the IT and OT agents 52 of each terminal device record and rewrite it in the SSD 36 (step S127).

[0329] As described above, by configuring the settings, communication destinations can be automatically permitted for specified processes.

[0330] The reason why automatic permission for communication destinations was not uniformly granted to all processes is that it would be dangerous to allow communication with processes that the administrator has not deemed safe. The administrator can configure settings information for each terminal device (IT, OT) via the management server device (MS) and decide which processes should be allowed to communicate with destinations automatically.

[0331] 6.4 Variations (Other) (1) In the above embodiment, the management server program instructs all terminal devices IT and OT to rewrite the communication operation determination information in step S154.

[0332] However, it is also possible to instruct the agent to rewrite the communication operation determination information only for terminal devices IT and OT that have requested communication permission settings (in this case, agent 52 itself may rewrite the communication operation determination information for the terminal devices IT and OT without going through the management server device MS).

[0333] Alternatively, the settings may be rewritten for all IT and OT terminal devices belonging to the same department (or terminal devices with a specified relationship) as the terminal device that requested the communication permission settings.

[0334] (2) In the above embodiment, the communication operation determination information is updated in step S126. However, the communication operation determination information may not be updated, and only a communication permission notification may be given to the OS50 (step S125).

[0335] (3) In the above embodiment, the configuration information is included as part of the communication operation determination information. However, the configuration information may be provided separately from the communication operation determination information.

[0336] (4) The above embodiments and modifications can be implemented in combination with each other. Furthermore, these embodiments and modifications can be implemented in combination with other embodiments and their modifications.

Claims

1. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is A function access detection means for detecting which function of each service-providing server device has been accessed, The system includes a function access information transmission means that transmits function access information to the management server device, which indicates which function of each service provision server device has been accessed, as detected by the function access detection means. The aforementioned management server device is A means for acquiring function access information that acquires function access information from each terminal device, A management system characterized by comprising a function aggregation means for aggregating the usage status of each function in each service provision server device based on function access information acquired from each terminal device.

2. A management server device that constitutes a management system together with terminal devices, A function access information acquisition means that acquires function access information from each terminal device, indicating which function of each service provision server device each terminal device has accessed. A function aggregation means that aggregates the usage status of each function in each service provision server device based on function access information obtained from each terminal device, A management server device equipped with the following features.

3. A management server program for implementing a management server device, which constitutes a management system together with terminal devices, using a computer, A function access information acquisition means that acquires function access information from each terminal device, indicating which function of each service provision server device each terminal device has accessed. A management server program that functions as a function aggregation means for aggregating the usage status of each function in each service provision server device based on function access information obtained from each terminal device.

4. A terminal device that constitutes the management system together with the management server device, A function access detection means for detecting which function of each service-providing server device has been accessed, In the management server device, in order to aggregate the usage status of each function in each service provision server device, a function access information transmission means transmits to the management server device function access information, which indicates which function of each service provision server device was accessed, as detected by the function access detection means. A terminal device equipped with this device.

5. A terminal program for implementing terminal devices that constitute a management system together with a management server device, using a computer, A function access detection means for detecting which function of each service-providing server device has been accessed, A terminal program that functions as a function access information transmission means for transmitting function access information to the management server device, which indicates which function of each service provision server device has been accessed, as detected by the function access detection means, so that the usage status of each function of each service provision server device can be aggregated in the management server device.

6. A management server device that aggregates which function of which of multiple service provision server devices multiple terminal devices are using, A function access information acquisition means that acquires function access information from each service provision server device, indicating which function each terminal device has accessed on each service provision server device. A function aggregation means that aggregates the usage status of each function in each service provision server device based on function access information obtained from each service provision server device, A management server device equipped with the following features.

7. A management server program for implementing a management server device, which aggregates which functions of multiple service provision server devices multiple terminal devices are using, using a computer, A function access information acquisition means that acquires function access information from each service provision server device, indicating which function each terminal device has accessed on each service provision server device. A management server program that functions as a function aggregation means for aggregating the usage status of each function in each service provision server device based on function access information obtained from each service provision server device.

8. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 1 to 5, The aforementioned terminal devices also include terminal devices connected to external networks. A system, management server device, management server program, terminal device, or terminal program configured such that it cannot connect to the internal network of an organization unless it is equipped with the function access detection means and the function access information transmission means.

9. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 1 to 7, The aforementioned function aggregation means aggregates the usage status of the same or similar functions in different service provision server devices. A system, management server device, management server program, terminal device, or terminal program characterized by prohibiting the use of the function of a less frequently used service server device for the same function of multiple service provision devices, and suggesting the use of the same function of another service server device.

10. In the system, management server device, or terminal device according to claim 9, The aforementioned terminal device is A communication start detection means for detecting the start of communication in the terminal device, The system includes a communication operation determination means that determines whether the operation of a communication whose start has been detected is appropriate based on communication operation determination information recorded in the recording unit, and stops any communication that is determined to be inappropriate for operation. The aforementioned management server device is A communication operation determination information setting means that communicates with the terminal device and transmits the communication operation determination information to the terminal device for recording in the terminal device, A system, server device, or terminal device comprising, as communication operation determination information, registration means for registering that communication to the same function of multiple service-providing server devices other than the service-providing server device that has been decided to use is prohibited for the said function.

11. In the management server program of claim 9, the computer further comprises A communication operation determination information setting means that communicates with the terminal device and transmits the communication operation determination information to the terminal device for recording in the terminal device, A management server program that functions as a registration means for registering, as communication operation determination information, the same function of multiple service provision server devices, and prohibiting communication to said function on the terminal devices of service provision devices other than the service provision server device that has been decided to use.

12. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 1 to 7, The system, management server device, server program, terminal device, or terminal program is characterized in that the function aggregation means identifies users of terminal devices that are using the management functions of the service provider, and identifies such users as administrators when receiving services from the service provider.

13. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 1 to 7, The aforementioned function aggregation means is characterized by identifying whether or not multi-factor authentication is performed when using each service provision device. System, management server device, management server program, terminal device, or terminal program.

14. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is Access detection means for detecting which of the service-providing server devices was accessed, The system includes an access information transmission means that transmits access information to the management server device indicating which of the service provision server devices, detected by the access detection means, was accessed. The aforementioned management server device is Access information acquisition means for acquiring access information from each terminal device, A management system characterized by comprising a means for identifying service providers that are authorized but not being used, or service providers that are not authorized but are being used, by comparing access information obtained from each terminal device with a list of authorized service providers.

15. A management server device that constitutes a management system together with terminal devices, Access information acquisition means that acquires access information from each terminal device indicating which of the service provision server devices each terminal device accessed, A management server device characterized by comprising a means for identifying service providers that are authorized but not being used, or service providers that are not authorized but are being used, by comparing access information obtained from each terminal device with a list of authorized service providers.

16. A management server program for implementing a management server device, which constitutes a management system together with terminal devices, using a computer, Access information acquisition means that acquires access information from each terminal device indicating which of the service provision server devices each terminal device accessed, A management server program that compares access information obtained from each terminal device with a list of authorized service providers to identify service providers that are authorized but not being used, or service providers that are not authorized but are being used.

17. A terminal device that constitutes the management system together with the management server device, Access detection means for detecting which of the service-providing server devices was accessed, In the management server device, access information transmission means transmits access information to the management server device, which indicates which of the service provider server devices detected by the access detection means was accessed, so that access information obtained from each terminal device can be compared with a list of authorized service provider devices and service provider devices that are authorized but not being used, or service provider devices that are not authorized but are being used. A terminal device equipped with this device.

18. A management server program for implementing terminal devices that constitute a management system together with a management server device, using a computer, Access detection means for detecting which of the service-providing server devices was accessed, A terminal program that functions as an access information transmission means, which transmits access information to the management server device, indicating which of the service provider server devices detected by the access detection means was accessed, so that the management server device can compare the access information obtained from each terminal device with a list of authorized service provider devices and identify service provider devices that are authorized but not being used, or service provider devices that are not authorized but are being used.

19. A management server device that identifies which of multiple service provider server devices multiple terminal devices are using, Access information acquisition means for obtaining access information from each of the service provision server devices, which indicates which of the service provision server devices each terminal device accessed. A means for identifying service providers that are not being used despite being authorized, or that are being used despite not being authorized, by comparing access information obtained from each service provider server device with a list of authorized service providers, A management server device characterized by being equipped with the following features.

20. A management server program for implementing a management server device using a computer that identifies which of multiple service provision server devices multiple terminal devices are using, wherein the computer is Access information acquisition means for obtaining access information from each of the service provision server devices, which indicates which of the service provision server devices each terminal device accessed. A management server program that functions as a means of identifying service providers that are not being used despite being authorized, or that are being used despite not being authorized, by comparing access information obtained from each service provider server device with a list of authorized service providers.

21. In any of the systems, server devices, terminal devices, server programs, or terminal programs according to claims 14 to 18, The aforementioned terminal devices also include terminal devices connected to external networks. A system, server device, terminal device, server program, or terminal program configured such that the terminal device cannot connect to the internal network of the organization unless it is equipped with the access detection means and the access information transmission means.

22. In the system of claim 14, the management server device of claim 15, or the terminal device of claim 17, The aforementioned terminal device is A communication start detection means for detecting the start of communication in the terminal device, The system includes a communication operation determination means that determines whether the operation of a communication whose start has been detected is appropriate based on communication operation determination information recorded in the recording unit, and stops any communication that is determined to be inappropriate for operation. The aforementioned management server device is A communication operation determination information setting means that communicates with the terminal device and transmits the communication operation determination information to the terminal device for recording in the terminal device, A system, server device, or terminal device comprising, as communication operation determination information, registration means for registering to prohibit communication from a terminal device to a service provider that is permitted but not being used, or to a service provider that is not permitted but is being used.

23. In the management server program of claim 20, the computer further comprises A communication operation determination information setting means that communicates with the terminal device and transmits the communication operation determination information to the terminal device for recording in the terminal device, A management server program characterized in that it functions as a registration means for registering, as communication operation determination information, the prohibition of communication from a terminal device to a service provider that is not being used despite being permitted, or to a service provider that is being used despite not being permitted.

24. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 1 to 7 or 14 to 20, The system, management server device, management server program, terminal device, or terminal program is characterized in that the function aggregation means, aggregation means, or identification means of the management server device identify the access destination by also considering the program's operation log or the process's communication log.

25. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is A means for obtaining a login ID to obtain the user's terminal login ID or terminal ID used during the login process, Access detection means for detecting that access has been made to the account of the service provider server device, The system includes an access information transmission means that attaches the terminal login ID or terminal ID to information indicating that access to the service provision server device detected by the access detection means, and transmits it to the management server device as terminal acquired access information. The aforementioned management server device is A server account information acquisition means that obtains account information from the service provision server device, which includes each account established on the service provision server device and the server login ID for each of those accounts. A means for acquiring terminal access information that acquires terminal access information from each terminal device, A history generation means that aggregates terminal access information acquired from each terminal device for each user based on the terminal login ID or terminal ID to generate an access history, An aggregation means for identifying which user each account on the service provision server device belongs to based on the terminal login ID or terminal ID or user information recorded in association with either of these, and the server login ID, and for associating each account with the access history and aggregating the usage status of each account, A management system characterized by having the following features.

26. A management server device that constitutes a management system together with terminal devices, A server account information acquisition means that obtains account information from the service provision server device, which includes each account established on the service provision server device and the server login ID for each of those accounts. A means for acquiring terminal access information that obtains terminal access information from each terminal device, which includes the user's terminal login ID attached to information indicating that access was made to the account of the service provision server device, A history generation means that aggregates terminal access information acquired from each terminal device for each user based on the terminal login ID or terminal ID to generate an access history, An aggregation means for identifying which user each account on the service provision server device belongs to based on the terminal login ID or terminal ID or user information recorded in association with either of these, and the server login ID, and for associating each account with the access history and aggregating the usage status of each account, A management server device equipped with the following features.

27. A management server program for implementing a management server device, which constitutes a management system together with terminal devices, using a computer, A server account information acquisition means that obtains account information from the service provision server device, which includes each account established on the service provision server device and the server login ID for each of those accounts. A means for acquiring terminal access information that obtains terminal access information from each terminal device, which includes the user's terminal login ID attached to information indicating that access was made to the account of the service provision server device, A history generation means that aggregates terminal access information acquired from each terminal device for each user based on the terminal login ID or terminal ID to generate an access history, A management server program that, based on the terminal login ID or terminal ID or user information recorded in association with either of these, and the server login ID, identifies which user each account on the service provision server device belongs to, associates each account with the access history, and functions as an aggregation means for aggregating the usage status of each account.

28. A terminal device that constitutes the management system together with the management server device, A means for obtaining a login ID to obtain the user's terminal login ID or terminal ID used during the login process, Access detection means for detecting that access has been made to the account of the service provider server device, Access information transmission means transmits to the management server device as terminal access information, by adding the terminal login ID or terminal ID to the information indicating that the service provider server device has been accessed, as detected by the access detection means, so that the management server device can aggregate terminal access information acquired from each terminal device for each user based on the terminal login ID or terminal ID, and associate the access history with the account of the service provider server device. A terminal device equipped with this device.

29. A terminal program for implementing terminal devices that constitute a management system together with a management server device, using a computer, A means for obtaining a login ID to obtain the user's terminal login ID or terminal ID used during the login process, Access detection means for detecting that access has been made to the account of the service provider server device, A terminal program that functions as an access information transmission means, which transmits to the management server device, as terminal acquired access information, by attaching the terminal login ID or terminal ID to information indicating that the service provision server device has been accessed, as detected by the access detection means, so that the management server device can aggregate terminal acquired access information for each user based on the terminal login ID or terminal ID, generate an access history, and associate the said access history with the account of the service provision server device.

30. A server account information acquisition means that acquires account information from the service provision server device, which includes each account established on the service provision server device and the usage history of each account. An aggregation means for aggregating the usage status of each account based on account information obtained from the service provision server device, A management server device equipped with the following features.

31. A management server program for implementing a management server device using a computer, wherein the computer A server account information acquisition means that acquires account information from the service provision server device, which includes each account established on the service provision server device and the usage history of each account. A management server program that functions as an aggregation tool to collect and summarize the usage status of each account based on account information obtained from the service provision server device.

32. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 25 to 29, The aforementioned terminal devices also include terminal devices connected to external networks. The system, management server device, management server program, terminal device, or terminal program is configured such that the terminal device cannot connect to the company network unless it is equipped with the access detection means and the access information transmission means.

33. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 25 to 31, The aggregation means is characterized by identifying accounts that are not used or are used infrequently on the service provision server device and performing processing to delete such accounts on the service provision server device. System, management server device, management server program, terminal device, or terminal program

34. In any of the systems, management server devices, management server programs, terminal devices, or terminal programs according to claims 25 to 29, The aforementioned terminal access information and server access information include the IP address information used by the terminal device that made the access when accessing the internet. The system, management server device, management server program, terminal device, or terminal program is characterized in that the aggregation means detects access to the account of the service provision server device from a terminal device not managed by the management server device, based on the difference between the IP address information included in the terminal acquisition access information and the IP address information included in the server acquisition access information.

35. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is At least one processor, The system includes storage for recording agents configured to run on at least one processor, The aforementioned agent, It detects which function of each service-providing server device was accessed, The system includes a command to transmit function access information to the management server device, indicating which function of each service-providing server device was accessed. The aforementioned management server device is At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Obtain function access information from each terminal device, A management system characterized by having a command to aggregate the usage status of each function in each service provision server device based on function access information obtained from each terminal device.

36. A management server device capable of communicating with terminal devices, At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Obtain function access information from each terminal device, A management server device characterized by having a command to aggregate the usage status of each function in each service provision server device based on function access information obtained from each terminal device.

37. A non-temporary recording medium that stores a management program for realizing a management server device that can communicate with terminal devices using a computer, The aforementioned management program, Obtain function access information from each terminal device, A non-temporary recording medium that stores a management program characterized by having commands to aggregate the usage status of each function in each service provision server device based on function access information obtained from each terminal device.

38. A management server device that aggregates which function of which of multiple service provision server devices multiple terminal devices are using, At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Function access information indicating which function of each service provision server device each terminal device accessed is obtained from each service provision server device. A management server device equipped with commands to aggregate the usage status of each function in each service provider server device based on function access information obtained from each service provider server device.

39. A non-temporary recording medium that stores a management program for implementing a management server device, which aggregates which function of multiple service provision server devices multiple terminal devices are using, using a computer, The aforementioned management program, Function access information indicating which function of each service provision server device each terminal device accessed is obtained from each service provision server device. A non-temporary recording medium that stores a management program equipped with commands for aggregating the usage status of each function in each service provision server device based on function access information obtained from each service provision server device.

40. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is At least one processor, The system includes storage for recording agents configured to run on at least one processor, The aforementioned agent, It detects which of the service-providing server devices was accessed, The system includes a command to transmit access information to the management server device indicating which of the detected service provision server devices was accessed. The aforementioned management server device is At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Obtain access information from each terminal device, A management system characterized by having a command that compares access information obtained from each terminal device with a list of authorized service providers and identifies service providers that are authorized but not being used, or service providers that are not authorized but are being used.

41. A management server device that constitutes a management system together with terminal devices, At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Access information indicating which of the service provision server devices each terminal device accessed is obtained from each terminal device. A management server device characterized by having a command that compares access information obtained from each terminal device with a list of authorized service providers and identifies service providers that are authorized but not being used, or service providers that are not authorized but are being used.

42. A non-temporary recording medium that stores a management program for implementing a management server device, which constitutes a management system together with terminal devices, using a computer. The aforementioned management program, Access information indicating which of the service provision server devices each terminal device accessed is obtained from each terminal device. A non-temporary recording medium containing a management program that records instructions for comparing access information obtained from each terminal device with a list of authorized service providers, and for identifying service providers that are authorized but not being used, or service providers that are not authorized but are being used.

43. A management server device that identifies which of multiple service provider server devices multiple terminal devices are using, At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, Access information indicating which of the service provision server devices each terminal device accessed is obtained from each of the service provision server devices. A management server device characterized by having a command that compares access information obtained from each service provider server device with a list of authorized service provider devices, and identifies service provider devices that are authorized but not being used, or service provider devices that are not authorized but are being used.

44. A non-temporary recording medium that stores a management program for implementing a management server device using a computer to identify which of multiple service provision server devices multiple terminal devices are using, The aforementioned management program, Access information indicating which of the service provision server devices each terminal device accessed is obtained from each of the service provision server devices. A non-temporary recording medium containing a management program that includes commands to compare access information obtained from each service-providing server device with a list of authorized service-providing devices, and to identify service-providing devices that are authorized but not being used, or service-providing devices that are not authorized but are being used.

45. A management system comprising a plurality of terminal devices to be managed, and a management server device capable of communicating with the plurality of terminal devices, The aforementioned terminal device is At least one processor, The system includes storage for recording agents configured to run on at least one processor, The aforementioned agent, Obtain the user's terminal login ID used during the login process. It detects that access has been made to the account of the service provider server device, The system includes a command to send information indicating that the detected service provision server device has been accessed, along with the terminal login ID, as terminal access information to the management server device. The aforementioned management server device is At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, The service provider server device obtains account information, including each account established on the service provider server device and the server login ID for each of those accounts, Obtain terminal access information from each terminal device, The terminal access information obtained from each terminal device is aggregated for each user based on the terminal login ID to generate an access history. A management system characterized by comprising commands to identify which user each account on the service provision server device belongs to based on the terminal login ID or user information recorded in association with the terminal login ID and the server login ID, and to associate each account with the access history and aggregate the usage status of each account.

46. A management server device that constitutes a management system together with terminal devices, At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, The service provider server device obtains account information, including each account established on the service provider server device and the server login ID for each of those accounts, The system obtains terminal access information from each terminal device, which includes the user's terminal login ID, indicating that the user has accessed the account of the service provision server device. The terminal access information obtained from each terminal device is aggregated for each user based on the terminal login ID to generate an access history. A management server device equipped with commands to identify which user each account on the service provision server device belongs to, based on the terminal login ID or user information recorded in association with the terminal login ID and the server login ID, and to associate each account with the access history and aggregate the usage status of each account.

47. A non-temporary recording medium that stores a management program for implementing a management server device, which constitutes a management system together with terminal devices, using a computer. The aforementioned program, The service provider server device obtains account information, including each account established on the service provider server device and the server login ID for each of those accounts, The system obtains terminal access information from each terminal device, which includes the user's terminal login ID, indicating that the user has accessed the account of the service provision server device. The terminal access information obtained from each terminal device is aggregated for each user based on the terminal login ID to generate an access history. A non-temporary recording medium that records a management server program equipped with commands to identify which user each account of the service provision server device belongs to, based on the terminal login ID or user information recorded in association with the terminal login ID and the server login ID, and to associate each account with the access history and aggregate the usage status of each account.

48. At least one processor, The system includes storage for recording a management program configured to run on at least one of the processors, The aforementioned management program, The service provider server device acquires account information from the service provider server device, including each account established on the server and the usage history of each account. A management server device equipped with commands to aggregate the usage status of each account based on account information obtained from the service provision server device.

49. A non-temporary recording medium that stores a management program for implementing a management server device using a computer, The aforementioned management program, The service provider server device acquires account information from the service provider server device, including each account established on the server and the usage history of each account. A non-temporary recording medium containing a management program that includes instructions for aggregating the usage status of each account based on account information obtained from a service provision server device.