JP2004348655A - Information processing device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing device which can reliably secure the security of a storage device (removable medium) detachably housed in a bay. <P>SOLUTION: In a server device having a bay which houses an attachable/detachable storage device and a door structure with a lid which covers the bay and a mechanism which locks/ unlocks an electronic lock, the door cannot be unlocked unless the action of the authentication of a password or the like is taken even in the case of system down. A manager of housed the storage device is manager for locking/unlocking the door always. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to an information processing device such as a server device that stores data in a removable storage device.
[0002]
[Prior art]
2. Description of the Related Art Recently, with the spread of broadband communication, large-capacity data transfer and file transfer can be easily performed at home even while at home. As a result, the affinity between ordinary households and the Internet has further increased, and not only transmission and reception of mails and browsing of the Internet, but also transmission and reception of various data and files, such as images and music, with anyone at any time. When various data and files overflow around us, a mechanism for storing, organizing, and managing such information is demanded.
[0003]
Similarly, in an office environment, various types of information that have never been related to digitization and data conversion, such as audio, video, and high-quality photographic images, are digitized and converted into data and files in a database. It has also been preserved. Also for these, management with high security level and simple and convenient operation are desired.
[0004]
Therefore, as a conventional technique for the demand described above, there is a method of storing and managing a huge amount of data using a removable storage device (removable medium). According to this, access permission can be set for each medium by individually setting a password, and since a medium can be attached and detached, there is an advantage that a single database device can be shared by a plurality of users.
[0005]
Also, in a database device (server device), a door with an electronic lock is provided in a bay for installing a removable medium, and the medium is managed so that it cannot be easily removed by a third party, thereby taking measures against security. Is also possible.
[0006]
For example, in a computer having a file bay in which a removable medium is mounted, there is a configuration in which a file bay cover that covers the file bay is electronically locked (for example, see Patent Document 1). Further, in addition to the first control unit for controlling the entire computer main body, a second control for electronically controlling locking / unlocking of the door is provided, which has a door corresponding to the door with the electronic lock. In some cases, the door is locked / unlocked even when the power supply of the computer is off (for example, see Patent Document 2).
[0007]
[Patent Document 1]
JP 2000-194448 A
[Patent Document 2]
JP 2002-373030 A
[0008]
[Problems to be solved by the invention]
However, the conventional technique has the following problems.
[0009]
(1) In the technique described in Patent Document 1, if the control unit that controls the entire electronic computer goes down for some reason, a problem occurs in security. For example, during a power outage or when the system is stopped, the power is off, and the electronic lock of the file bay cover becomes uncontrollable. As a result, the security management of the removable media is insufficient. Was a problem.
[0010]
(2) According to the technology described in Patent Document 2, although the above-mentioned door can be managed even when the power of the computer is off, individual access authentication is performed for each removable medium to be accommodated. There is no description of a management method for performing access authentication or a management method for performing individual access authentication for each data stored inside the removable medium. Further, data management information such as which user has an access right to which media (data) and door management information such as which user has a right to lock / unlock the door. There is no mention of the relationship with the information.
[0011]
That is, since the management of the door and the management of the internal data of the removable medium are separated, it is possible to take out the removable medium (and the internal data) by the manager of the door, not by the manager of the removable medium. There may be a situation where the door manager always gives priority to the door manager.
[0012]
Originally, it is ideal that the user who has the appropriate access right for each mounted removable media (internal data) should be able to attach and detach the removable media, but the authority of the door manager. As a result, the removable medium is attached and detached, and a problem occurs in the management of the removable medium itself.
[0013]
In particular, when the power of the computer itself is off, access to the removable medium is stopped, and there is no means for confirming the identity of the removable medium. In this state, the removal and attachment of the removable media accommodated by the administrator of the door involved a potential problem in ensuring security.
[0014]
SUMMARY OF THE INVENTION The present invention has been made in consideration of the above-described conventional problems, and has as its object to provide an information processing apparatus capable of reliably ensuring the security of a storage device (removable medium) that is detachably accommodated in a bay.
[0015]
[Means for Solving the Problems]
In order to achieve the above object, according to the present invention, a storage unit for detachably storing a storage device, a first control unit for controlling the operation of the entire information processing apparatus including a management operation for the storage device, A second control unit that manages the state of the storage unit, the second control unit shares specific information for managing the state of the storage unit with the first control unit, A predetermined control operation is performed using the specific information.
[0016]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[0017]
[First Embodiment]
<System configuration>
FIG. 1 is a conceptual diagram showing a configuration example of a system using a server device as an information processing device according to the first embodiment of the present invention.
[0018]
In the figure, reference numeral 101 denotes a server device, which has a function of issuing IDs to users, terminals 103 to 106 such as PCs, various media, etc., and managing them collectively, and It is a management server that performs encryption and performs authentication and processing according to various ID information for access to each data.
[0019]
The configuration of the server device 101 includes a plurality of bays 1014 to 1016 for storing dedicated or general-purpose removable storage devices (removable media), and two doors 1011 and 1012 covering the bays. .
[0020]
Each of the doors 1011 and 1012 has a mechanism that is electronically locked (locked) in a closed state so that the attached storage device cannot be easily taken out. In particular, the door 1011 located at the front is a liquid crystal screen 1013 with a touch sensor, and can display various information and input various settings and input information (for example, a password) by touching the screen with a pen or the like. It is possible.
[0021]
Reference numeral 102 denotes a network (personal area network) managed by the server device 101, and 103 denotes a PC connected to the network 102, and may be, for example, a desktop PC. The PC 103 is used as a terminal that transmits data to the server device 101 or accesses data stored inside the server device 101.
[0022]
Reference numeral 104 denotes a personal computer connected to the network 102, which may be a notebook PC, for example. The notebook PC 104 is used as a terminal that transmits data to the server device 101 or accesses data stored inside the server device 101.
[0023]
Reference numeral 105 denotes a printer connected to the network 102, which is used when printing data stored in various terminals and the server device 101. Reference numeral 106 denotes a scanner connected to the network 102, which is used when transmitting the read image information to various terminals and the server apparatus 101.
[0024]
<Function of server device 101>
FIG. 2 is a block diagram illustrating main functions of the server apparatus 101 illustrated in FIG.
[0025]
The server device 101 is configured to operate by two control units. The first control unit 201 controls overall functions of the server device 101. On the other hand, the second control unit 202 controls the locking / unlocking of the doors 1011 and 1012 of the bays 1014 to 1016 accommodating the removable media, the display control of the liquid crystal screen 1013, and the control of processing input information such as a touch panel. And so on.
[0026]
The first control unit 201 and the second control unit 202 each receive power supply from an independent power supply (not shown), and even if the power of the first control unit 201 is off, the second control unit 202 Can be turned on. Here, the bold line in the figure indicates the flow of control signals and information performed under the control of the first control unit 201, and similarly, the thin line in the figure indicates the flow of control signals and information performed under the control of the second control unit 202. Shows the flow.
[0027]
A first storage unit 203 stores management information associated with the first control unit 201. Inside, the ID information of the contained removable media, the ID information of each type of data stored in the removable media, or the ID information of various terminals contained in the network shown in FIG. It is remembered.
[0028]
Then, user information having an access right with respect to each ID information is also stored, and a correspondence table is also stored in which correspondence is established, such as which ID permits which user the access right. Then, the ID information and the above-described correspondence table are updated at any time in accordance with a change in the state in the server apparatus 101 or the network.
[0029]
A second storage unit 204 stores management information associated with the second control unit 202. Inside, user information having the authority to lock / unlock the doors 1011 and 1012 of the bay provided is stored. Here, the user information includes a password capable of specifying the user, and the user and the password have a paired relationship. Then, when a request for locking / unlocking the door is issued, it is used to refer to whether or not the operation is performed by a user according to the stored user information. Therefore, when the manager of the mounted removable medium or the manager of the data stored inside the medium is changed, the system is automatically updated.
[0030]
Reference numerals 205 and 206 denote removable media mounted on the server apparatus 101. For example, not only general-purpose removable media such as DVD media and CD media, but also a storage device having a dedicated interface (for example, a hard disk device) or a special storage device configured by combining a plurality of storage devices is assumed. . Further, the data stored therein includes not only various kinds of information but also an OS and application software for controlling the entire system.
[0031]
<Removable media management method>
Next, a method for managing the removable media 205 and 206 attached to the server apparatus 101 will be described with reference to FIGS.
[0032]
FIG. 3 is a block diagram illustrating a configuration related to the management processing of the removable medium according to the first embodiment. In the configuration illustrated in FIG. 2, a configuration of a range operable independently of the second control unit 202 is illustrated. Represents an element.
[0033]
That is, as shown in the figure, the components include a first control unit 201, storage units (removable media) 205 and 206, and a second storage unit (memory) 203, which are connected to the first control unit 201. 204, and can operate regardless of whether the power of the second control unit 202 is on or off.
[0034]
FIG. 4 is a flowchart of the removable media management process of the present embodiment executed by the first control unit 201 in the configuration shown in FIG. The following control method can be realized by storing and operating a program according to this flowchart in, for example, the storage unit 205 or 206.
[0035]
First, the state of step S401 indicates a state immediately after the power is turned on to the first control unit 201, and indicates a state in which the management processing of the media 205 and 206 starts from this. In the next step S402, management information of the removable media 205, 206 mounted on the server device 101 is read. Reference numerals 301 and 302 shown in FIG. 3 represent the flow of signals during this processing. Here, the management information includes detection information as to whether or not a medium is mounted in the bay of the server apparatus 101, and includes the type of the medium, the ID information of the medium, the type of internal data, and the manager information of the medium as necessary. And other information.
[0036]
In step S403, it is determined whether the read management information is updated information or new management information is detected. This determination process is performed by the first control unit 201 reading the management information of the removable media 205 and 206 and comparing it with the management information stored in the first storage unit 203 in advance. Reference numeral 303 shown in FIG. 3 indicates a signal flow at the time of this processing. If a change in the management information or new management information is detected, the flow shifts to step S404; otherwise, the flow shifts to step S402.
[0037]
In step S404, the management information stored in the first storage unit 203 is updated. By performing this process, the latest management information of the removable medium is reflected. Reference numeral 304 shown in FIG. 3 represents a signal flow at the time of this processing.
[0038]
In step S405, the door management information stored in the second storage unit 204 is updated. By performing this process, the administrator of the removable media 205 and 206 can perform the locking / unlocking process of the door of the server device 101. Reference numeral 305 shown in FIG. 3 indicates a signal flow during this processing.
[0039]
<Process to unlock the door>
Next, a process of unlocking the doors 1011 and 1012 of the server apparatus 101 will be described with reference to FIGS.
[0040]
FIG. 5 is a block diagram illustrating a configuration related to a door unlocking process according to the first embodiment. In the configuration illustrated in FIG. 2, a configuration of a range operable independently of the first control unit 201 is illustrated. Represents an element. That is, this component is operable regardless of whether the power of the first control unit 201 is turned on or off. FIG. 6 is a flowchart of the door unlocking process of the present embodiment executed by the second control unit 202 in the configuration shown in FIG. The following control method can be realized by storing and operating a program according to this flowchart in, for example, the removable media 205 and 206.
[0041]
First, in the state of step S601, a state is shown in which a predetermined operation is performed on the server apparatus 101, and a process of unlocking any of the equipped doors is started. In the next step S602, a display process for prompting input of a password for unlocking the door is performed on the screen display unit with touch panel 1013 provided in the server apparatus 101. Reference numeral 501 shown in FIG. 5 shows a signal flow during this processing. Here, the password is information known in advance by a user who has authority to unlock the door, and has a meaning of specifying the user who unlocks the door.
[0042]
In a succeeding step S603, it is determined whether or not a password has been input. When a predetermined input is performed at a predetermined location on the touch panel, the second control unit 202 detects that “there is a password input”, and 502 shown in FIG. Is shown. If the input of the password is detected, the process proceeds to step S604; otherwise, the process proceeds to step S606.
[0043]
In step S604, authentication is performed to determine whether the input password is correct. Whether the input password is correct is determined by comparing the user information (password) stored in the second storage unit 204 with the authority to lock / unlock the door with the input password. Reference numeral 503 shown in FIG. 5 shows a signal flow during this processing. If the password is correct, the process proceeds to step S605, and if not, the process proceeds to step S606.
[0044]
In step S605, the door 1011 or 1012 is unlocked under the control of the second control unit 202. Reference numeral 504 or 505 shown in FIG. 5 indicates a signal flow at the time of this processing. In step S606, the process of unlocking any of the doors provided in the server device 101 ends. In order to unlock the door again, a predetermined operation is performed, and the process proceeds to step S601.
[0045]
In the present embodiment, since the first control unit 201 and the second control unit 202 have independent controls (independent power supplies), security management of the removable media mounted in the bay even when the system main body is in a stopped state. Can be maintained. That is, it is possible to configure a system that requires input of a password or the like in order to attach and detach the medium.
[0046]
In addition, since the administrator of the removable media is automatically set as the administrator who locks / unlocks the bay door and the lock / unlock of the electronic lock of the door is permitted, a plurality of users can freely set the lock / unlock. However, even if the bay is used, only the administrator of the attached removable medium is given the authority to lock / unlock the door, so that it cannot be easily removed by a third party.
[0047]
Furthermore, even when the power of the system main unit is stopped, only the administrator of the removable media housed in the information processing apparatus can unlock the door. Writing a simple application software does not lower security.
[0048]
[Second embodiment]
FIG. 7 is a block diagram illustrating a main configuration of a server device that is an information processing device according to the second embodiment of the present invention.
[0049]
The configuration of the present embodiment is obtained by rewriting the signal flow of 305 in the configuration of FIG. 3, and specifically, directly from the first control unit 201 to the second storage unit 204 as in the first embodiment. Instead of writing the administrator information, after the first control unit 201 notifies the second control unit 202 (signal 701 in FIG. 7), the second control unit 202 writes the information to the second storage unit 204. (Signal 702 in FIG. 7).
[0050]
Next, a process of unlocking the doors 1011 and 1012 performed by the second control unit 202 of the server device 101 will be described.
[0051]
FIG. 8 is a block diagram showing a configuration related to a door unlocking process according to the second embodiment. In the configuration shown in FIG. 5, a flow of a signal 801 provided for deleting password information is added. It has a configuration.
[0052]
FIG. 9 is a flowchart of the door unlocking process of the present embodiment executed by the second control unit 202 in the configuration shown in FIG. The following control method can be realized by storing and operating a program according to this flowchart in, for example, the removable media 205 and 206.
[0053]
The door unlocking process of the present embodiment is obtained by adding steps S901 and S902 to the door unlocking process of the first embodiment shown in the flowchart of FIG. 6, and the processes from steps S601 to S606 are This is the same as the processing content of FIG. 6 described above. However, in step S604, it is determined whether the input password is correct. If the password is correct, the process proceeds to step S605; otherwise, the process proceeds to step S901.
[0054]
In step S901, it is determined whether the number of times of inputting an incorrect password has exceeded the set number. That is, the second control unit 202 counts how many times an incorrect password is continuously input. Then, it is determined whether or not a predetermined number of times has been exceeded. If the number exceeds the set number, the process proceeds to step S902; otherwise, the process proceeds to step S606.
[0055]
In step S902, the password information stored in the second storage unit 204 is deleted. Reference numeral 801 shown in FIG. 8 indicates a signal flow at the time of this processing. After erasing the password information, the door cannot be unlocked, and the attached removable medium cannot be taken out.
[0056]
Further, in order to register the password again, it is necessary to perform a predetermined operation to activate the flow control of the first control unit 201 and perform the flow processing as shown in FIG.
[0057]
In the present embodiment, when an incorrect password is input several times to unlock the door in a state where the system is down, the password is completely erased and cannot be unlocked. When the system is restarted, the password is automatically reset when the system is restarted, providing both security enhancement and convenience.
[0058]
The present invention is not limited to the device of the above-described embodiment, and may be applied to a system including a plurality of devices or an apparatus including one device. A storage medium storing software program codes for realizing the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus reads and executes the program code stored in the storage medium. It goes without saying that it will be completed by doing so.
[0059]
In this case, the program code itself read from the storage medium realizes the function of the above-described embodiment, and the storage medium storing the program code constitutes the present invention. As a storage medium for supplying the program code, for example, a floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, magnetic tape, nonvolatile memory card, or ROM is used. Can be. When the computer executes the readout program code, not only the functions of the above-described embodiment are realized, but also the OS or the like running on the computer performs the actual processing based on the instruction of the program code. It goes without saying that a case where some or all of the operations are performed and the functions of the above-described embodiments are realized by the processing is also included.
[0060]
Further, after the program code read from the storage medium is written to a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the expansion is performed based on the instruction of the next program code. It goes without saying that a CPU or the like provided in the expansion board or the expansion unit performs the processing and performs a part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.
[0061]
[Embodiment]
Examples of embodiments of the present invention are listed below.
[0062]
<Embodiment 1>
A storage unit for detachably storing a storage device, a first control unit for controlling the operation of the entire information processing apparatus including a management operation for the storage device, and a second control for managing a state of the storage unit Unit, the second control unit shares specific information for managing the state of the storage unit with the first control unit, and performs a predetermined control operation using the specific information. An information processing apparatus characterized by the above-mentioned.
[0063]
<Embodiment 2>
The information processing apparatus according to claim 1, wherein the second control unit shares the specific information with the first control unit regardless of an operation state of the first control unit.
[0064]
<Embodiment 3>
The specific information is stored in a storage unit readable by the second control unit, and can be written under the control of the first control unit. Information processing device.
[0065]
<Embodiment 4>
The specific information is authentication information, and a password input unit for inputting the authentication information is provided, and a door with an electronic lock for preventing attachment / detachment of the storage device is provided in the storage unit, Wherein the control unit includes means for detecting the input of the authentication information and performing an authentication process, and means for locking / unlocking the electronic lock when the authentication process is successful. An information processing apparatus according to any one of claims 1 to 3.
[0066]
<Embodiment 5>
The second control unit is configured to determine whether or not the number of times that the result of the authentication process has been consecutively unsuccessful has reached a predetermined number or more. 5. The information processing apparatus according to claim 4, further comprising a password erasing unit that erases the authentication information when it is determined that
[0067]
<Embodiment 6>
The information processing apparatus according to claim 5, wherein the authentication information erased by the password erasing unit is reset only by the first control unit.
[0068]
<Embodiment 7>
A storage section for detachably storing a storage device, a door with an electronic lock provided in the storage section for preventing the storage device from being detached, and a first control for controlling the operation of the entire information processing apparatus Unit, and a second control unit that manages the state of the bay, the second control unit shares authentication information with the first control unit regardless of the operation state of the first control unit. A control method of the information processing apparatus, wherein the second control unit detects an input of the authentication information and performs an authentication process, and locks / unlocks the electronic lock when the authentication process is successful. A method for controlling an information processing apparatus, comprising:
[0069]
<Embodiment 8>
A storage unit for detachably storing the storage device, a door with an electronic lock provided in the storage unit for preventing the storage device from being detached, and a management operation for the storage device, A first control unit that controls the operation, a second control unit that manages the state of the bay, the second control unit, the authentication information regardless of the operation state of the first control unit A medium providing a control program for executing a control method of an information processing device shared with the first control unit, wherein the control program detects an input of the authentication information, performs an authentication process, A medium for providing a control program, comprising a step of locking / unlocking the electronic lock when the authentication processing is successful.
[0070]
<Embodiment 9>
A storage unit for detachably storing the storage device, a door with an electronic lock provided in the storage unit for preventing the storage device from being detached, and a management operation for the storage device, A first control unit for controlling the operation, and a second control unit for managing the state of the storage unit, the second control unit, the authentication information regardless of the operation state of the first control unit Is a control program for executing the control method of the information processing apparatus sharing with the first control unit, performs an authentication process by detecting the input of the authentication information, and when the authentication process is successful, A control program comprising a step of locking / unlocking an electronic lock.
[0071]
【The invention's effect】
As described above, according to the information processing apparatus of the present invention, the second control unit shares specific information for managing the state of the storage unit with the first control unit. The management of the storage device is not separated, and the manager of the storage device housed in the storage unit can be the manager of the storage unit. Security can be reliably ensured.
[Brief description of the drawings]
FIG. 1 is a conceptual diagram showing a configuration example of a system using a server device which is an information processing device according to a first embodiment of the present invention.
FIG. 2 is a block diagram illustrating main functions of the server apparatus 101 illustrated in FIG.
FIG. 3 is a block diagram illustrating a configuration related to a removable medium management process according to the first embodiment.
FIG. 4 is a flowchart of a removable media management process of the first embodiment executed by the first control unit 201 in the configuration shown in FIG. 3;
FIG. 5 is a block diagram showing a configuration related to a door unlocking process according to the first embodiment.
FIG. 6 is a flowchart of a door unlocking process of the present embodiment executed by a second control unit 202 in the configuration shown in FIG. 5;
FIG. 7 is a block diagram illustrating a main configuration of a server device that is an information processing device according to a second embodiment of the present invention.
FIG. 8 is a block diagram showing a configuration related to a door unlocking process according to a second embodiment.
FIG. 9 is a flowchart of a door unlocking process of the present embodiment executed by a second control unit 202 in the configuration shown in FIG. 8;
[Explanation of symbols]
101 server device
102 Personal Area Network
103 Desktop PC
104 notebook PC
105 Printer
106 Scanner
201 first control unit
202 Second control unit
203 First storage unit
204 Second storage unit

Claims (1)

A storage unit for detachably storing the storage device,
A first control unit that controls the operation of the entire information processing device including a management operation for the storage device,
A second control unit that manages the state of the storage unit,
The information processing method, wherein the second control unit shares specific information for managing the storage state with the first control unit, and performs a predetermined control operation using the specific information. apparatus.

Images