JP2009169615A - Data leakage prevention method and magnetic disk device to which same method is applied - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the leakage of data for determining password attack and user erroneous input. <P>SOLUTION: A security control circuit 20 of a hard disk device 100 is configured to perform a first process of determining that the mismatching frequency of passwords exceeds permitted frequency stored in a storage area 61 in advance; a second process of determining that an interval time from power ON to password input exceeds a standard time stored in a storage area 62; a third process of giving prescribed positive plus scores to the number of difference in the number of characters and the types of characters between mismatching passwords and prescribed passwords, and when the total value of the scores exceeds a prescribed value, determining that password attack has occurred; and a fourth process of determining that the mismatching frequency exceeds the permitted frequency, and that the time interval exceeds a standard time, and a fourth process of, when it is decided that the password attack has occurred, executing a data leakage preventing function corresponding to a preliminarily set security level. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a data leakage prevention method for preventing stored data from being leaked to the outside illegally, and a magnetic disk device to which the method is applied. In particular, the present invention determines whether an unauthorized password attack or an incorrect user input, and an unauthorized password attack. The present invention relates to a data leakage prevention method capable of preventing data leakage according to a preset security level and a magnetic disk device to which the method is applied.

  In recent years, in companies and the like, computerization has progressed. For this reason, company internal information is stored in a variety of ways in magnetic disk devices, which are computer storage devices, but computerized data is stored in portable semiconductor memories and networks. It tends to leak to the outside. For this reason, as a technique for preventing leakage of data stored in the magnetic disk device, for example, measures such as an HDD password lock function that requires a password when starting the magnetic disk device, encryption of data stored in the magnetic disk, etc. are implemented. Has been.

Incidentally, as a document describing the technology relating to the data leakage prevention from the magnetic disk device described above, for example, the following patent document can be cited. This patent document records and reproduces data in sector units designated by the host. When a data write command is received from a host to a designated sector, a management table is provided for recording a flag for performing the data write to the designated sector. When a sector read command is received, it is determined by referring to the management table whether or not data has been written to the sector. When it is determined that data has not been written or when data in a different sector is designated, it is meaningless. Describes techniques for sending data back to the host.
JP 2006-216146 A

  The above-mentioned leakage prevention technology by password lock allows password attacks (password analysis attempts) without being limited by the power on / off of the device even if incorrect passwords are input continuously. There was a problem that there is a possibility that will be analyzed. In particular, when a portable small-sized magnetic disk device is built in a mobile device, there is a problem that if the mobile device is lost or stolen, the password may be analyzed after repeated trials.

  Further, the technology described in the above-mentioned patent document assumes a special system in which the host computer performs recording sector management, and is difficult to use for a normal magnetic disk device, and can be easily performed by rewriting the flag of the management table. There was also a problem that data could be read by others.

  Also, a technique has been proposed to erase data when incorrect passwords are entered continuously, but if a legitimate user forgets the password and enters wrong passwords continuously, the user can be a legitimate user. Regardless, there was a problem that data was erased.

  An object of the present invention is to provide a data leakage prevention method capable of preventing data leakage by determining an illegal password attack and an erroneous input by a user, and a magnetic disk device to which the method is applied.

To achieve the above object, the present invention provides a magnetic disk that records data and magnetic head servo information, a head disk assembly that houses a magnetic head that reads and writes data on the magnetic disk, and data access to the head disk assembly. A magnetic disk device with a data leakage prevention function comprising a controller for controlling permission by inputting a predetermined password and outputting data, and a security control circuit for managing security of data stored in the magnetic disk,
The security control circuit is
Counting means for counting the number of mismatches between the input password and the predetermined password;
Time measuring means for measuring an interval time from the start of the device until the password is input;
Security level corresponding to the standard time from the start of the device to the input of the password, the number of times of permitting the mismatch between the input password and the predetermined password, and the data leakage prevention function set in advance by the user and the mismatch password Storage means for storing
A first step of determining that the number of mismatches counted by the number-of-mismatches counting unit exceeds the permitted number of times stored in the storage unit;
A second step of determining that the interval time measured by the time measuring means exceeds the standard time stored in the storage means;
A predetermined positive positive score is given to the number of character differences and the character type difference between the mismatch password stored in the mismatch password storage means and the predetermined password, and a password attack is performed when the total value of the scores exceeds a predetermined value. A third step for determining
When the number of mismatches exceeds the permitted number by the first step and the interval time exceeds the standard time by the second step, and the password attack is determined by the third step, the security level set in the storage means is set. The first feature is that the fourth step of executing the corresponding data leakage prevention function is performed.

  According to the present invention, in the magnetic disk device with a data leakage prevention function according to the first feature, the security control circuit determines whether or not a mismatched password and a predetermined password differ between upper and lower case types and whether adjacent characters differ in the third step. The second feature is that a predetermined negative score is given.

  According to the present invention, in the magnetic disk device with a data leakage prevention function according to any one of the above features, the security control circuit stores a plurality of time intervals measured in the past by the time measuring unit, the standard time stored in the storage unit. The third feature is to set the average value of.

  According to the present invention, in the magnetic disk device with a data leakage prevention function according to any one of the above features, the storage unit generates a security level for generating a warning sound by the driving unit that drives the magnetic head, and accesses the magnetic disk for a predetermined time. A fourth feature is that a security level that disables only access, a security level that outputs dummy data in response to the access, and a security level that erases all data recorded on the magnetic disk are stored.

Further, the present invention provides a magnetic disk for recording data and magnetic head servo information, a head disk assembly for storing a magnetic head for reading and writing data on the magnetic disk, and permission to access data to the head disk assembly with a predetermined password. A controller for controlling and outputting data controlled by input; and a security control circuit for managing security of data stored in the magnetic disk, wherein the security control circuit determines the number of mismatches between the input password and a predetermined password. A counting means for counting, a time measuring means for measuring an interval time from the start of the device to the input of the password, a standard time from the start of the device to the input of the password, the input password and the predetermined password Allow times to allow mismatch Wherein a pre-set multiple data-leakage prevention method for data leakage prevention function magnetic disk device having a storage means for storing the security level corresponding to data leakage prevention function is by mismatch password and user and,
The security control circuit is
A first step of determining that the number of mismatches counted by the number-of-mismatches counting unit exceeds the permitted number of times stored in the storage unit;
A second step of determining that the interval time measured by the time measuring means exceeds the standard time stored in the storage means;
A predetermined positive positive score is assigned to the number of character differences and the character type difference between the mismatched password and the predetermined password stored in the storage means, and a password attack is determined when the total value of the scores exceeds a predetermined value A third step to perform,
When it is determined that the number of mismatches exceeds the permitted number in the first step and the interval time exceeds a standard time in the second step, and the password attack is determined in the third step, the security set in the security level storage unit A fifth feature is that the fourth step of executing the data leakage prevention function according to the level is performed.

  According to the present invention, in the data leakage prevention method for the magnetic disk device according to the fifth feature, in the third step, in the third step, the security control circuit determines whether or not the mismatched password and the predetermined password differ between upper and lower case types and whether adjacent characters are different. A sixth characteristic is that a predetermined negative score is given.

  According to the present invention, in the data leakage prevention method for a magnetic disk device according to any one of the above characteristics, the security control circuit stores a plurality of time intervals measured in the past by the time measuring unit, the standard time stored in the storage unit. It is a sixth feature that the average value is set.

  According to another aspect of the present invention, in the data leakage prevention method for a magnetic disk device according to any one of the above features, a security level for generating a warning sound by the driving means for driving the magnetic head is stored in the storage means, and access to the magnetic disk is performed for a predetermined time. The eighth feature is that a security level that disables only access, a security level that outputs dummy data in response to the access, and a security level that erases all data recorded on the magnetic disk are stored.

  The magnetic disk apparatus to which the data leakage prevention method according to the present invention is applied, the security level storage means when the password mismatch count exceeds the permitted count and the interval time exceeds the standard time, and the password attack is determined. By executing the data leakage prevention function according to the security level set in the above, it is possible to determine an unauthorized password attack and an erroneous input by the user and prevent data leakage.

  Hereinafter, an embodiment of a magnetic disk device with a data leakage prevention function according to the present invention will be described in detail with reference to the drawings. 1 is an overall configuration diagram of a magnetic disk device with a data leakage prevention function according to an embodiment of the present invention, FIG. 2 is a diagram showing a security control circuit according to the present embodiment, and FIG. 3 is a diagram for explaining a security level according to the present embodiment. FIG. 4 and FIG. 5 are flowcharts for explaining the operation according to this embodiment, and FIG. 6 is a diagram for explaining another embodiment of the present invention. In the present application, a password attack in which password analysis attempts are continuously repeated a predetermined number of times or more is referred to as “illegal access”.

[Constitution]
As shown in FIG. 1, a magnetic disk device 100 with a data leakage prevention function, which is a target of this embodiment, reads and writes data according to instructions from a host computer (PC) 1. An HDA (head disk assembly) 50 including a magnetic disk for recording / reproducing data, a magnetic head, a magnetic head drive mechanism, and the like, a buffer memory 40 for temporarily storing data to be read / recorded from the HDA 50, a book The security control circuit 20, which is a feature of the embodiment, a timer 30 for notifying the security control circuit 20 of time, and an HDA controller 10 for controlling the circuits and the like, are configured by the host computer 1. Control the recording and playback of data on the magnetic disk according to instructions from the When the security control circuit 20 is configured so as to prevent determines an incorrect password attacks, performing data erasing and the like according to a preset security level when it is determined the password attack leakage. Although not shown, the host computer 1 is provided with a CPU / memory / keyboard / display and the like as in a general computer.

  The security control circuit 20 according to the present embodiment determines whether or not the input password is an unauthorized access due to a password attack. The determination as to whether or not this is an unauthorized access is based on the fact that the password attack is based on high-speed processing by computer processing. Considering the regularity and the regularity that is likely to cause an erroneous operation when a human makes an input error, (1) determining whether the security unlock command reception time interval is shorter than the normal operation time of the human; (2) The user is less likely to misrecognize the password character string type. For example, there is little possibility of erroneously inputting the type of alphabet or number, and there is a combination of a predetermined password character type and an erroneously entered password character type. (3) In the process by the computer, command attack is performed by changing the number of characters. In many cases, however, humans are unlikely to mistake the number of characters, and it is determined whether the number of characters matches, and (4) the processing by the computer has regularity such as random / increment / decrement. Therefore, it is determined whether or not the input character string has the regularity, and (5) there is a possibility that an adjacent character key by the keyboard arrangement may be erroneously operated as a possibility of human input error, and whether or not the mismatched character is an adjacent character. It is determined whether or not it is an illegal password attack by combining these determination results.

  For this reason, as shown in FIG. 2, the security control circuit 20 according to the present embodiment has a mismatch number storage area 25 for storing the number of times the input password does not match a predetermined password, and a mismatch password (for storing the mismatch password ( Password) storage area 26, a reception time interval storage area 27 for storing a reception time interval of a security unlock function command that is preset in the hard disk device and releases security with data erasure, and the security Learns the command reception interval measurement unit 22 that measures the reception interval time of the unlock function command using the timer 23, and the time interval when the security unlock command retry occurs after the power is turned on when not in the unauthorized access mode. And memorize the average time A reception time interval learning function unit 24 that performs learning for distinguishing between a time interval when a word is manually input and a command issuance time interval due to a password attack, and a security level storage area 60 that stores a security level preset by the user. And the security processing control unit 21 that controls them, and the security level storage area 60 sets the number of mismatches for setting whether to activate the security function when the passwords set by the user do not match A setting storage area 61, a command reception time interval setting storage area 62 for setting the reception interval time of the security unlock function command set by the user, and an operation recording area 63 are configured. The storage area is a storage means such as a semiconductor memory.

  The security levels described in the present embodiment include, for example, six levels shown in FIG. 3. As a plurality of leakage prevention processing operations corresponding to these security levels, a hard disk is returned for a certain time by returning a command port for access. Operation for disabling access to the memory, processing operation for generating a warning sound by oscillating the VCM (voice coil motor) that drives the magnetic head, and normal writing for access and dummy for reading Performs a data read operation, a processing operation that behaves as if the password has been released, a normal write response without performing normal write when writing to access, and a dummy data read operation when reading And the processing operation that behaves as if the password is released, the processing operation that erases all data, and all data And processing operation and are configured to erase the servo pattern (for positioning a magnetic head). The warning sound may be generated not only by VCM but also by increasing the rotational speed of a speaker or air fan installed in a computer as a standard, and the unauthorized access mode is in a normal state by inputting a release-only password. Set to return. The security level can be arbitrarily set by the user according to the importance of the data stored in the hard disk device.

[Operation]
Next, the operation of the magnetic disk device with a data leakage prevention function according to the present embodiment will be described with reference to FIGS. The security control circuit 20 of the magnetic disk device 100 determines whether or not a command is received from the host PC 1 following step S01 when the power is turned on. It is determined whether or not it is set, and the process of the command instructed when it is not set is executed. Step S03 proceeds to step S07, and the command (password) received in step S02 in step S03 is unauthorized access. Step S04 for determining whether or not the mode is to be described later, and Step S08 for determining whether or not a cancellation command (password) for canceling the unauthorized access mode is input when the unauthorized access mode is determined in Step S04. Fruit To.

  Next, when the security control circuit 20 determines in step S08 that a release command has been input, step S10 cancels the unauthorized access mode, and in step S08, it determines that a release command has not been input. Step S09 for performing a corresponding process according to the security level set in advance as in FIG. 3 and whether or not the input command is a security unlock command (password input) when it is determined in Step S04 that the mode is not an unauthorized access mode. Step S05 that shifts to step S07 when it is determined that the command is not a security unlock command, and when the input command is determined to be a security unlock command in step S05, the input command (password Whether or not it matches a preset regular security unlock command (password), and if it matches, executing step S11 for canceling the security lock mode, whether or not it is an unauthorized access due to a password attack. (Step S04), when it is determined that the access is unauthorized, a countermeasure according to the security level (step S09), and when it is determined that the access is not unauthorized, the security lock mode is released (step S11). Works like this.

  Further, when the security control circuit 20 determines that the security unlock command (password) input in step S06 does not match the normal one, the reception time interval learning function unit 24 turns on the power. Learn the time interval when security unlock command retries occur from, remember the average time interval, and distinguish between the time interval when manually entering the password and the time interval for issuing commands due to password attacks Step S12 for learning the interval is executed.

  In the processing in step S12, the security processing control unit 21 measures the time interval from the regular power-on by the user to the password input by the reception time interval learning function unit 24 and measures it by the command reception interval measurement unit 22, and the command This is performed by learning based on the time interval stored in the reception time interval storage area 27 and the time interval counted by the timer 23.

  Next, the apparatus proceeds to FIG. 5 following step S12, and whether or not the input command reception time interval is shorter than the set time interval by the user (manual) previously learned in step S12 (manual input). If it is determined that the time interval is shorter than the time interval, and if it is determined not to be shorter (determined as manual input), step S15 moves to step S17. Step S16 for storing a time interval warning flag in 63, Step S17 for storing the number of mismatches of the command (password) in Step S06 in the mismatch number storage area 25 following Step S15 or 16, and Step S17 The stored number of mismatches exceeds the preset number set in the mismatch number setting storage area 61 in advance. If it is determined that the number of times has not been exceeded, step S18 proceeds to step S20, and if it is determined in step S18 that the set number of times has been exceeded, a mismatch warning flag is stored in the operation storage area 63. Step S19 and Step S20 for storing the mismatched password in the mismatched password storage area 26 are executed.

  Further, the security control circuit 20 compares the error password stored in step S20 with the number of digits of the regular password and stores the number of different digits in the operation storage area 63, and compares the character string of the error password with the regular password. Step S22 for storing the number of different character strings in the operation storage area 63, Step S23 for storing the number of uppercase / lowercase differences between the character strings of the incorrect password and the regular password in the operation storage area 63, A step of determining whether or not a character such as an adjacent character that is likely to be erroneously input from the array (depending on whether or not it is a left-right upper and lower adjacent character), and storing whether or not erroneous input is likely to occur in the operation storage area 63 as an adjacent erroneous input flag S25 and the number of different digits / difference character string / adjacent entry entered in the action storage area 63 in steps S20-23. Flag based on erroneously entered password is determined whether incorrect password attacks, executes a step S26 to shift to step S28 to be described later, especially it is judged that no password attack.

  In this determination in step S26, points are added to each element of the number of digits / number of character string differences / number of difference in character string size / adjacent erroneous input flag (overlapping if necessary), and the total score is used as a reference determination. This is done by comparing with the value. For example, plus points according to the number of different digits (2 points for 1 digit differences, 3 points for 2 digit differences, etc.) and plus points according to the number of differences between character strings (2 points for 1 character differences, 2 character differences, 3 points, etc.), minus points for presence / absence of letter size difference (minus 1 point when there is a magnitude difference, 0 points when there is no difference), and minus 2 points etc. for the adjacent erroneous input flag, and the total of these However, it is conceivable that the password attack is determined when the value exceeds 4 of the determination values. However, the present invention is not limited to this. The reason for adding the minus point is that there is a large possibility of erroneous input of uppercase and lowercase letters and characters adjacent to the keyboard, and it is determined that unauthorized access is made only by determining only the number of different digits and the number of different characters. This is because there is a great possibility to prevent this.

  Next, when the security control circuit 20 determines that the password attack is made in step S26, the security control circuit 20 stores a flag indicating the password attack in the operation storage area 63, and whether or not the mismatch warning flag is stored in the operation storage area 63. When it is determined that the time interval warning flag is stored in the operation storage area 63, it is determined whether the time interval warning flag is stored in the operation storage area 63, and is not stored. If it is determined that the password attack flag is stored in the same area, step S31 returns to step S02 shown in FIG. 4 when the password attack flag is not stored, and the password attack is performed in step S29 or step S31. When it is determined that the flag is stored, the unauthorized access mode is set. And step S32 of the line operates to sequentially perform a step S33 to return to step S02 after performing the corresponding action according to the security level.

  As described above, when the input password is erroneously input, the security control circuit 20 according to the present embodiment determines whether the input time interval of the password exceeds a predetermined or measured standard time interval, and the number of password mismatches. Whether the password exceeds the specified number of times, the number of digits in the wrong password, the number of characters in the wrong password, whether the characters are different, and whether the wrong password is an adjacent character string The number of points is counted by a combination of the determination results of the number of digits difference, the number of characters difference, the difference in size of the characters, and the difference between adjacent character strings, the total number of points exceeds a predetermined value, and the number and time of mismatches When it is determined that the interval exceeds a predetermined value (average value), the process shifts to the unauthorized access mode and the inaccessible process for a predetermined time according to the security level shown in FIG. By executing any of the above, it is possible to discriminate between incorrect password attacks by users and unauthorized password attacks, thereby preventing data leakage by determining unauthorized password attacks and incorrect user attacks. Can do.

  In the above embodiment, the security control circuit is provided in the magnetic disk device. However, the present invention is not limited to this. For example, as shown in FIG. 6, a normal hard disk device 100, host computer 1, and A security device 200 having a security control circuit 20 and a timer 30 may be interposed between them, and the security device 200 may be configured to perform the same operation as shown in FIGS.

1 is an overall configuration diagram of a magnetic disk device with a data leakage prevention function according to an embodiment of the present invention. The figure which shows the security control circuit by this embodiment. The figure for demonstrating the security level by this embodiment. The operation | movement explanatory flowchart by this embodiment. The operation | movement explanatory flowchart by this embodiment. The figure for demonstrating other embodiment of this invention.

Explanation of symbols

  1: host computer, 10: controller, 20: security control circuit, 22: command reception interval measurement unit, 23: timer, 24: reception time interval learning function unit, 25 mismatch number storage area, 26: mismatch password storage area, 27 : Command reception time interval storage area, 30: timer, 40: buffer memory, 60: security level storage area, 61: mismatch number setting storage area, 62: command reception time interval setting storage area, 63: operation storage area, 100: Magnetic disk unit.

Claims (8)

A magnetic disk that records data and magnetic head servo information, a head disk assembly that houses a magnetic head that reads and writes data on the magnetic disk, and permission to access data to the head disk assembly is controlled by inputting a predetermined password. A magnetic disk device with a data leakage prevention function comprising a controller for outputting data and a security control circuit for managing security of data stored in the magnetic disk,
The security control circuit is
Counting means for counting the number of mismatches between the input password and the predetermined password;
Time measuring means for measuring an interval time from the start of the device until the password is input;
Security level corresponding to the standard time from the start of the device to the input of the password, the number of times of permitting the mismatch between the input password and the predetermined password, and the data leakage prevention function set in advance by the user and the mismatch password Storage means for storing
A first step of determining that the number of mismatches counted by the number-of-mismatches counting unit exceeds the permitted number of times stored in the storage unit;
A second step of determining that the interval time measured by the time measuring means exceeds the standard time stored in the storage means;
A predetermined positive positive score is assigned to the number of character differences and the character type difference between the mismatched password and the predetermined password stored in the storage means, and a password attack is determined when the total value of the scores exceeds a predetermined value A third step to perform,
When the number of mismatches exceeds the permitted number by the first step and the interval time exceeds the standard time by the second step, and the password attack is determined by the third step, the security level set in the storage means is set. A magnetic disk device with a data leakage prevention function that performs a fourth step of executing a corresponding data leakage prevention function.   2. The magnetic disk device with a data leakage prevention function according to claim 1, wherein the security control circuit gives a predetermined negative score to the presence / absence of a case difference between a mismatched password and a predetermined password and a difference between adjacent characters in the third step. .   3. The magnetic disk device with a data leakage prevention function according to claim 1, wherein the security control circuit sets a standard time stored in the storage means to an average value of a plurality of time intervals measured in the past by the time measuring means. .   A security level at which the storage means generates a warning sound by the driving means for driving the magnetic head; a security level that disables access to the magnetic disk for a predetermined time; and a security level that outputs dummy data for the access. 4. A data leakage prevention according to claim 1, wherein a security level for erasing all data recorded on the magnetic disk and a security level for erasing all data recorded on the magnetic disk and head servo information are stored. Functional magnetic disk unit. A magnetic disk that records data and magnetic head servo information, a head disk assembly that houses a magnetic head that reads and writes data on the magnetic disk, and permission to access data to the head disk assembly is controlled by inputting a predetermined password. A controller for outputting data; and a security control circuit for managing security of data stored in the magnetic disk, wherein the security control circuit counts the number of mismatches between the input password and the predetermined password; A time measuring means for measuring an interval time from the start of the device to the input of the password, and a permission for permitting a mismatch between the input password and the predetermined password with a standard time from the start of the device to the input of the password Count and said discrepancy A pre plurality set storage means and data leakage prevention method of data leakage prevention function magnetic disk apparatus having a storing and security level corresponding to data leakage prevention function is by Seward and user,
The security control circuit is
A first step of determining that the number of mismatches counted by the number-of-mismatches counting unit exceeds the permitted number of times stored in the storage unit;
A second step of determining that the interval time measured by the time measuring means exceeds the standard time stored in the storage means;
A predetermined positive positive score is assigned to the number of character differences and the character type difference between the mismatched password and the predetermined password stored in the storage means, and a password attack is determined when the total value of the scores exceeds a predetermined value A third step to perform,
When the number of mismatches exceeds the permitted number by the first step and the interval time exceeds the standard time by the second step, and the password attack is determined by the third step, the security level set in the storage means is set. A data leakage prevention method for a magnetic disk device, which performs a fourth step of executing a corresponding data leakage prevention function.   6. The method of preventing data leakage of a magnetic disk device according to claim 5, wherein in the third step, the security control circuit gives a predetermined negative score to the presence / absence of the case difference between the mismatched password and the predetermined password and the presence / absence of the adjacent character difference. .   7. The data leakage prevention method for a magnetic disk device according to claim 5, wherein the security control circuit sets the standard time stored in the storage means to an average value of a plurality of time intervals measured in the past by the time measurement means. .   A security level for generating a warning sound by the driving means for driving the magnetic head in the storage means; a security level for disabling access to the magnetic disk for a predetermined time; and a security level for outputting dummy data for the access; 8. A magnetic disk device with a data leakage prevention function according to claim 5, wherein a security level for erasing all data recorded on the magnetic disk is stored.

Images