JP2009294975A - Recording information management device, recording information management method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To more improve the burglary preventing effects of data stored in a storage device, in a recording information management device, a recording information management method and a program for managing the data stored in the storage device such as an HDD. <P>SOLUTION: A recording information management device 100 is provided with: a storage part 111 for preliminarily storing arbitrary information including a unique key 111a preliminarily calculated based on identification information unique to a first information processor 10; a key calculation part 113 for calculating a decision key based on the identification information of a second information processor 20 to which the recording information management device is connected; a unique key decision part 115 for deciding whether or not the decision key is equal to the unique key 111a; a start control part 116 for controlling the start of the second information processor 20 according to the decision result of the unique key decision part 115; and an information management part 117 for managing arbitrary information preliminarily stored in the storage part 111 in response to the decision result of the unique key decision part 115. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a recording information management device, a recording information management method, and a program.

  Conventionally, data stored in a storage device such as a hard disk drive (hereinafter referred to as “HDD”) is encrypted to protect it from theft or loss. As means for canceling the password, a method by inputting a password is generally used (see, for example, Patent Documents 1 to 3). In Patent Document 1, when a user removes a hard disk expansion device that can be attached to and detached from the printing device, the user inputs a password, and when the expansion device is removed from the printing device without entering the password, data in the hard disk is stored. Has been disclosed. Patent Document 2 discloses a technique for detecting password on / off regardless of a user's input of a password and inputting the password with a security lock command when the power is turned on to cancel encryption. Has been. In Patent Document 3, the password is built in the HDD lock tool (USB memory or the like), and the password is not stored in the program medium that is a portable medium, and the function of starting the PC and the HDD lock tool are controlled. A technique for mounting only functions is disclosed. Furthermore, Patent Document 4 discloses a technique for canceling an encrypted state by combining not only a password but also an authentication means such as CPRM (Content Protection for Recordable Media) and fingerprint authentication.

JP 2006-201930 A JP 2007-035136 A Japanese Patent Laid-Open No. 2007-086884 JP 2007-094911 A

  However, in any of the techniques described in Patent Documents 1 to 3, since data stored in a storage device such as an HDD is stored in an encrypted state, for example, when the HDD or the like is stolen. If the stolen person can cancel the encrypted state, there is a problem that the data may be stolen. This is the same even when a password and other authentication means are combined as in Patent Document 4.

  In addition, when using password input by the user as means for canceling the encrypted state as in Patent Document 1, the user needs to store the password, which increases the management load or forgets the password. As a result, there is a problem in that data stored in a legitimate HDD or the like cannot be accessed. Furthermore, setting an easy password (for example, an empty password) to reduce the management load does not make sense for encryption.

  Furthermore, instead of a password, there is a method of canceling the encrypted state using a connection to an information processing apparatus such as a PC as a key instead of a USB memory. In this case, the problem with the password is solved. However, when a medium such as a USB memory is stolen together with a storage device such as an HDD, there is a problem that data stored in the HDD or the like is stolen.

  Therefore, the present invention has been made in view of such problems, and the recording information management device, the recording information management method, and the program for managing data stored in a storage device such as an HDD are stored in the storage device. The purpose is to further increase the data theft prevention effect.

  In order to solve the above problems, according to an aspect of the present invention, there is provided a recording information management apparatus connected to a first information processing apparatus provided with a predetermined member to which identification information unique to the apparatus is assigned. The predetermined information provided in the second information processing apparatus to which the storage unit storing arbitrary information including the unique key calculated in advance based on the identification information and the recording information management apparatus is connected Based on the identification information of the member, a key calculation unit that calculates a determination key, a unique key determination unit that determines whether the determination key is equal to the unique key, and a determination result of the unique key determination unit Accordingly, an information management unit that manages the arbitrary information stored in advance in the storage unit according to the determination result of the activation control unit that controls activation of the second information processing apparatus and the unique key determination unit A recording information management device comprising It is. In this recorded information management apparatus, the activation control unit activates the second information processing apparatus when it is determined that the determination key is equal to the unique key, and the information management unit includes the determination key When it is determined that the key is different from the unique key, the arbitrary information stored in advance in the storage unit is deleted.

  Here, the recorded information management device is a device including a storage device including the storage unit and the information management unit, and an activation control device including the key calculation unit, the unique key determination unit, and the activation control unit. There may be.

  The storage unit further stores an activation authentication key for identifying that the activation control device is an apparatus including the key calculation unit, the unique key determination unit, and the activation control unit. The storage device further includes an activation authentication unit that authenticates whether the activation control device includes the key calculation unit, the unique key determination unit, and the activation control unit based on the activation authentication key. Also good.

  The information management unit stores in advance in the storage unit when the activation authentication unit determines that the activation control device is not an apparatus including the key calculation unit, the unique key determination unit, and the activation control unit. The arbitrary information that has been made may be deleted.

  The activation control device further includes a unique key acquisition unit that acquires the unique key from an external storage medium, and the activation control unit is configured such that the unique key acquisition unit cannot acquire the unique key from the external storage medium. In addition, the activation of the second information processing apparatus may be stopped.

  The activation control apparatus may further include a unique key acquisition unit that acquires the unique key from an external storage medium. In this case, the unique key determination unit may include the unique key acquisition unit. If the unique key can be acquired from the storage unit, it is determined whether the unique key stored in advance in the storage unit is equal to the unique key acquired from the external storage medium, the information management unit, The unique key stored in advance in the storage unit when the unique key determination unit determines that the unique key stored in advance in the storage unit is equal to the unique key acquired from the external storage medium The key and the unique key stored in the external storage medium may be deleted, and the determination key generated by the key generation unit may be newly recorded in the storage unit and the external storage medium as the unique key. Good.

  Further, the activation control device determines a predetermined number of times as a result of the determination as to whether or not the unique key stored in advance in the storage unit and the unique key acquired from the external storage medium are equal. An authentication number determination unit that determines whether the number is less than the number of times may further be provided.In this case, when the authentication number determination unit determines that the number is less than the predetermined number, the unique key acquisition unit is The information management unit requests the external storage medium to acquire the unique key stored in the external storage medium, and determines that the authentication number determination unit determines that the number of authentication keys is greater than a predetermined number. The arbitrary information stored in advance may be deleted.

  In the recording information management apparatus, the predetermined member may be at least one of a board to which a unique serial number is assigned and a NIC to which a unique MAC address is assigned.

  In order to solve the above-described problem, according to another aspect of the present invention, the information processing apparatus is connected to a first information processing apparatus provided with a predetermined member to which identification information unique to the apparatus is assigned, and is based on the identification information. There is provided a recording information management method for managing information recorded in a recording information management apparatus having a storage unit in which arbitrary information including a unique key calculated in advance is stored. The recorded information management method includes a step of calculating a determination key based on the identification information of the predetermined member provided in a second information processing apparatus connected to the recording information management apparatus, and the determination key includes Determining whether it is equal to the unique key, starting the second information processing apparatus when it is determined that the determination key is equal to the unique key, and the determination key being the unique key And erasing the arbitrary information stored in advance in the storage unit when it is determined that they are different from each other.

  In order to solve the above problem, according to still another aspect of the present invention, the identification information is connected to a first information processing apparatus provided with a predetermined member to which identification information unique to the apparatus is assigned. The predetermined information provided in the second information processing apparatus to which the recording information management apparatus is connected to the recording information management apparatus having a storage unit in which arbitrary information including a unique key calculated in advance is stored in advance. Calculating a determination key based on the identification information of the member, determining whether the determination key is equal to the unique key, and determining that the determination key is equal to the unique key A step of activating the second information processing apparatus; and a step of erasing the arbitrary information stored in advance in the storage unit when it is determined that the determination key is different from the unique key; Execute Program for is provided.

  According to the present invention, in a recording information management device, a recording information management method, and a program for managing data stored in a storage device such as an HDD, the effect of preventing theft of data stored in the storage device is further enhanced than before. Is possible.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

[First Embodiment]
(Hardware configuration of recording information management device, etc.)
First, a hardware configuration of a recording information management apparatus according to the first embodiment of the present invention and an information processing apparatus to which the recording information management apparatus is connected will be described with reference to FIGS. 1 and 2. FIG. 1 is an explanatory diagram showing a hardware configuration of a recording information management apparatus according to the present embodiment and an information processing apparatus to which the recording information management apparatus is connected. FIG. 2 is a block diagram illustrating a hardware configuration of the information processing apparatus according to the present embodiment. In the following description, a personal computer (hereinafter referred to as “PC”) 10 is an example of the information processing apparatus according to the present embodiment, and a hard disk device (hereinafter, referred to as a recorded information management apparatus 100 according to the present embodiment). , Referred to as “HDD”) 110, a ROM type storage medium 120 such as ROM (Read Only Memory), and a rewritable storage medium 130 such as a USB memory will be described as an example.

  As shown in FIG. 1, a PC 10 as an example of a first information processing apparatus according to the present embodiment includes a substrate 11 and a NIC (Network Interface Card) 13, and an HDD 110 is connected to the substrate 11. Is done. The recording information management apparatus 100 according to the present embodiment includes an HDD 110, a ROM type recording medium 120, and a rewritable storage medium 130.

  The board 11 is a system board of the PC 10 and has a serial number that is a unique number assigned to each board 11 in order to identify the board 11. That is, for example, a serial number different from that of the board 11 is assigned to the board 21 of the PC 20, which is a different apparatus from the PC 10, and this serial number is a number unique to each apparatus such as the PC 10 and the PC 20. Yes.

  The NIC 13 is an expansion card for connecting the PC 10 to a network such as Ethernet (registered trademark), and has a MAC (Media Access Control) address that is a unique number assigned to each NIC 13 in order to identify the NIC 13. ing. The MAC address is a physical address unique to each hardware set to identify each node on the network. That is, for example, a MAC address different from that of the NIC 13 is assigned to the NIC 23 of the PC 20 which is an example of the second information processing apparatus according to the present embodiment different from the PC 10. The address is unique to each device. As the form of the NIC 13, a form suitable for the PC 10 such as a form added to a PCI bus (not shown) in the PC 10 or a form such as a PC card or USB connection can be selected.

  The HDD 110 is an example of a storage device according to the present embodiment, and is connected to a PC 10 including a board 11 having a unique serial number and a NIC 13 having a unique MAC address. The HDD 110 has a hidden area 110a, in which a program for realizing a function as a storage device to be described later and various authentication keys are stored.

  The ROM type recording medium 120 is an example of a medium in which a program for realizing the function of the activation control device according to the present embodiment is recorded. The ROM type recording medium 120 is a removable recording medium that is detachably connected to the PC 10 and once data. Is a medium that can only be read after. The form of the ROM type recording medium 120 is not particularly defined, and examples thereof include a CD-ROM and a DVD-ROM.

  The rewritable storage medium 130 is an example of an external storage medium according to the present embodiment. The rewritable storage medium 130 is a removable storage medium that is detachably connected to the PC 10 and can be written to any number of times. The form of the rewritable storage medium 130 is not particularly defined, and examples thereof include a USB memory, a CD-RW, a DVD-RW, a DVD-RAM, a Blu-ray Disk, and an MO.

  Next, a detailed hardware configuration of the PC 10 will be described with reference to FIG. As shown in FIG. 2, the PC 10 mainly includes a CPU (Central Processing Unit) 21, a ROM (Read Only Memory) 23, a RAM (Random Access Memory) 25, a host bus 27, a bridge 29, and an external device. A bus 31, an interface 33, an input device 35, an output device 37, an HDD 110, a drive 39, a connection port 41, and a communication device 43 are provided.

  The CPU 21 functions as an arithmetic processing unit and a control unit, and controls all or some of the operations in the PC 10 according to various programs recorded in the ROM 23, RAM 25, HDD 110, ROM type recording medium 120, or the like. In particular, the CPU 21 according to the present embodiment implements a program for realizing functions to be described later, that is, functions such as a key calculation unit, a unique key determination unit, and an activation control unit stored in the hidden area 110a of the HDD 110. The operation in the PC 10 is controlled according to the program for realizing the functions such as the key calculation unit, the unique key determination unit, and the activation control unit recorded in the ROM type recording medium 120. The ROM 23 stores programs used by the CPU 21 and calculation parameters. The RAM 25 primarily stores programs used in the execution of the CPU 21, parameters that change as appropriate during the execution, and the like. These are connected to each other by a host bus 27 constituted by an internal bus such as a CPU bus.

  The host bus 27 is connected via a bridge 29 to an external bus 31 such as a PCI (Peripheral Component Interconnect / Interface) bus.

  The input device 35 is an operation means operated by the user such as a mouse, a keyboard, a touch panel, a button, a switch, and a lever. Further, the input device 35 may be, for example, remote control means (so-called remote control) using infrared rays or other radio waves, or may be an external connection device 47 such as a mobile phone or a PDA corresponding to the operation of the PC 10. May be. Furthermore, the input device 35 includes, for example, an input control circuit that generates an input signal based on information input by the user using the operation unit and outputs the input signal to the CPU 21. The user of the PC 10 can input various data and instruct processing operations to the PC 10 by operating the input device 35.

  The output device 37 is acquired, for example, a display device such as a CRT display device, a liquid crystal display device, a plasma display device, an EL display device and a lamp, a sound output device such as a speaker and headphones, a printer device, a mobile phone, a facsimile, etc. It is comprised with the apparatus which can notify the information which carried out visually or audibly to a user. For example, as will be described later, the output device 37 outputs a message or the like prompting the user to connect the rewritable storage medium 130 according to the present embodiment to the PC 10 using characters or voices.

  The HDD 110 is a data storage device configured as an example of a storage device according to the present embodiment, and is a magnetic storage device. The HDD 110 stores programs executed by the CPU 21, various data, various authentication keys, and the like. In this embodiment, the HDD 110 is taken as an example of the storage device. However, the storage device according to the present invention is not limited to a magnetic storage device such as an HDD, and for example, a semiconductor storage device, an optical storage device, or a magneto-optical device. It may be a storage device or the like.

  The drive 39 is a reader / writer for a storage medium, and is built in or externally attached to the PC 10. The drive 39 reads information recorded on a removable recording medium 45 such as a mounted magnetic disk, optical disk, magneto-optical disk, or semiconductor memory, and outputs the information to the RAM 25. The drive 39 can also write a record to a removable recording medium 45 such as a mounted magnetic disk, optical disk, magneto-optical disk, or semiconductor memory. The removable recording medium 45 is, for example, a DVD medium, an HD-DVD medium, a Blu-ray medium, a compact flash (registered trademark) (CompactFlash: CF), a memory stick, or an SD memory card (Secure Digital memory card). The removable recording medium 45 may be, for example, an IC card (Integrated Circuit card) on which a non-contact IC chip is mounted, an electronic device, or the like. In particular, in the present embodiment, the ROM type recording medium 120 is used as the removable recording medium 45, the drive 39 reads out the program recorded on the ROM type recording medium 120, and the CPU 21 executes this program, thereby implementing the present embodiment. The function as the start control device according to the embodiment can be realized.

  The connection port 41 is, for example, a USB (Universal Serial Bus) port, i. This is a port for directly connecting devices such as an IEEE1394 port such as Link, a SCSI (Small Computer System Interface) port, an RS-232C port, and an optical audio terminal to the PC 10. By connecting the external connection device 47 to the connection port 41, the image display apparatus acquires data directly from the external connection device 47 or provides data to the external connection device 47. In particular, in the present embodiment, a rewritable recording medium 130 such as a USB memory is used as the external connection device 47, and an authentication key recorded on the rewritable recording medium 130 is read or rewritable via the connection port 41. An authentication key can be written on the recording medium 130.

  The communication device 43 is a communication interface configured with, for example, a communication device for connecting to the network 5. The communication device 43 is, for example, a wired or wireless LAN (Local Area Network), Bluetooth, or WUSB (Wireless USB) communication card (for example, NIC 13), a router for optical communication, and an ADSL (Asymmetric Digital Subscriber Line). A router or a modem for various communications.

  With the configuration described above, the PC 10 executes a program stored in the HDD 110 or the ROM type recording medium 120, reads various authentication keys recorded in the HDD 110 or the rewritable recording medium 130, or reads out the HDD 110 or the rewritable recording medium. By writing various authentication keys on the medium 130, a function as a recording information management apparatus according to the present embodiment can be realized.

  Note that the hardware configuration of the PC 20 shown in FIG. 1 is substantially the same as the hardware configuration of the PC 10, and a description thereof will be omitted.

  Heretofore, an example of the hardware configuration capable of realizing the functions of the image display device and the identification information reading device according to the present embodiment has been shown. Each component described above may be configured using a general-purpose member, or may be configured by hardware specialized for the function of each component. Therefore, it is possible to change the hardware configuration to be used as appropriate according to the technical level at the time of carrying out this embodiment.

(About the functional configuration of the recording information management device)
The hardware configuration of the PC 10 as an example of the recorded information management apparatus 100 and the information processing apparatus connected to the recording information management apparatus 100 according to the present embodiment has been described above in detail. Subsequently, with reference to FIGS. 3 and 4, A functional configuration of the recording information management apparatus 100 according to the present embodiment will be described. FIG. 3 is a block diagram showing a functional configuration of the HDD 110 as an example of a storage device according to the present embodiment. FIG. 4 is a block diagram showing a functional configuration of a ROM type recording medium 120 as an example of the activation control apparatus according to the present embodiment and a rewritable storage medium 130 as an example of an external storage medium.

<Storage device>
As shown in FIG. 3, the HDD 110 mainly includes a storage unit 111, a key calculation unit 113, a unique key determination unit 115, an activation control unit 116, an information management unit 117, and an activation authentication unit 119. .

  Part of the storage unit 111 is the above-described hidden area 110a, and a unique key 111a, an activation authentication key 111b, and programs for realizing the above functions are stored in advance in the hidden area 110a. . In addition, in the area other than the hidden area 110a of the storage unit 111, information that should be protected from being leaked to a third party due to theft of other arbitrary information, for example, the user's personal information or trade secret information, etc. Hereinafter, it is referred to as “protect information”.) 111c is stored in advance.

Here, the unique key 111a is calculated based on an identification number unique to the information processing apparatus such as the PC 10 to which the HDD 110 is connected. In this embodiment, the serial number of the board 11 of the PC 10 and the MAC of the NIC 13 are used. Calculated based on the address. More specifically, for the unique key 111a, for example, the serial number of the board 11 and the MAC address of the NIC 13 are given to the Fibonacci function (irreversible function), and all of them are summed to obtain the unique key 111a. For example, when the serial number of the board 11 is 1-2-3-4 and the MAC address of the NIC 13 is 7D-8A-EE-DC, it is calculated as in the following formula (1) and is set as the unique key 111a. . Hexadecimal numbers are considered as decimal numbers (D is 13, A is 10). Also, if the number of digits is too large, the calculation processing load increases, so it is preferable to appropriately vary the number of digits given to the Fibonacci function.
fib (123) + fib (471) + fib (381) + fib (014)
+ Fib (141) + fib (312) (1)

  The activation authentication key 111b is an activation control for activating the PC 10 including the key calculation unit 113, the unique key determination unit 115, and the activation control unit 116 by the activation control device used when activating the PC 20 connected to the HDD 110. Information for identifying the device. The activation authentication key 111b is stored in the storage unit 111, and the ROM type recording medium 120 is a ROM type as long as the program for realizing the function of the activation control device for activating the PC 10 is recorded. The same activation authentication key 111b is also stored in the storage unit (see FIG. 4) of the recording medium 120. That is, when the activation authentication key stored in the storage unit of the ROM type recording medium 120 is equal to the activation authentication key 111b stored in the storage unit 111, the ROM type recording medium 120 is used to activate the PC 10. It can be said that this is a medium in which a program for realizing the function of the activation control device is recorded.

  The key calculation unit 113 calculates a determination key based on the serial number of the board 21 provided in the PC 20 connected to the HDD 110 and the MAC address of the NIC 23. The method for calculating the determination key is the same as the method for calculating the unique key 111a. This determination key is a key for determining whether or not the PC 20 connected to the HDD 110 is an information processing apparatus having the same hardware as the PC 10. The key calculation unit 113 outputs the calculated determination key to the unique key determination unit 115.

  The unique key determination unit 115 determines whether or not the determination key calculated by the key calculation unit 113 is equal to the unique key 111 a stored in the storage unit 111. As a result, the unique key determination unit 115 uses the identification information (serial number and MAC address in this embodiment) uniquely assigned to predetermined members (in the present embodiment, the board 21 and the NIC 23) provided in the PC 20. The determination key calculated based on the identification information (serial number and MAC address in the present embodiment) uniquely assigned to a predetermined member (in the present embodiment, the board 11 and the NIC 13) provided in the PC 10 When it is determined that the fixed key 111a is equal to the calculated fixed key 111a, the PC 20 and the PC 10 are determined to be the same information processing apparatus. In this case, the unique key determination unit 115 outputs a determination result that the determination key is equal to the unique key 111 a to the activation control unit 116. On the other hand, as a result of the determination, if the unique key determination unit 115 determines that the determination key is different from the unique key 111a, it is determined that the PC 20 is an information processing apparatus different from the PC 10. In this case, the unique key determination unit 115 outputs a determination result that the determination key is different from the unique key 111a to the information management unit 117.

  The activation control unit 116 controls the activation of the PC 20 according to the determination result of the unique key determination unit 115. More specifically, in the present embodiment, the activation control unit 116, when a determination result is input from the unique key determination unit 115 that the determination key is equal to the unique key 111a, Output a signal to instruct to start. As a result, the PC 20 is activated, and it becomes possible to access arbitrary information (for example, protect information 111c) stored in the storage unit 111 of the HDD 110 connected to the PC 20.

  The information management unit 117 manages arbitrary information stored in advance in the storage unit 111 according to the determination result of the unique key determination unit 115. More specifically, in the present embodiment, when the determination result that the determination key is different from the unique key 111 a is input from the unique key determination unit 115, the information management unit 117 stores the HDD 110 connected to the PC 20. Arbitrary information previously stored in the unit 111 (for example, including the unique key 111a, the activation authentication key 111b, the protect information 111c, etc.) is deleted. That is, in this case, the HDD 110 may be connected to a PC 20 different from the PC 10 that should be illegally connected due to theft or the like, and in order to prevent unauthorized access to data stored in the HDD 110, The information management unit 117 overwrites all information stored in the storage unit 111 of the HDD 110 with erasure data and the like, and deletes all information stored in the storage unit 111. Therefore, even when the HDD 110 is illegally connected to another information processing apparatus such as the PC 20 and the HDD 110 is likely to be illegally accessed, the protection information 111c stored in the encrypted state in the storage unit 111 is stored. There is no risk of decryption.

  Based on the activation authentication key 111b, the activation authentication unit 119 determines whether the ROM-type recording medium 120 is a medium on which a program for realizing the function of the activation control device for activating the PC 10 is recorded. . That is, the activation authentication unit 119 includes only the ROM type recording medium 120 including the key calculation unit 124, the unique key determination unit 125, the activation control unit 126, and the like (see FIG. 4), and the HDD 110 is connected to the PC 10. It is authenticated whether or not it has a function of starting the PC 10 or the like. Specifically, the activation authentication unit 119 confirms whether or not the same one as the activation authentication key 111b stored in the storage unit 111 is stored in the storage unit 123 of the ROM type recording medium 120, and the storage unit When the activation authentication key 111b is stored in 123, it is determined that the ROM type recording medium 120 is a medium in which a program for realizing the function of the activation control device for activating the PC 10 is recorded. In this case, the activation authentication unit 119 outputs a determination result indicating that the ROM type recording medium 120 has been authenticated to the key calculation unit 124, the activation control unit 126, and the like of the ROM type recording medium.

  On the other hand, when the activation authentication key 111b is not stored in the storage unit 123, the ROM type recording medium 120 is not a medium in which a program for realizing the function of the activation control device for activating the PC 10 is recorded. to decide. In this case, the activation authentication unit 119 outputs a determination result that the ROM type recording medium 120 has not been authenticated to the information management unit 117. In this case, since the PC 20 is activated by unauthorized activation software or the like, there is a possibility that information in the storage unit 110 may be illegally accessed. Therefore, the information management unit 117 does not store all information stored in the storage unit 111. Is erased, and all the information stored in the storage unit 111 is erased. That is, the PC 20 or the like to which the HDD 110 is connected is activated by a medium other than the ROM type recording medium 120 in which a program for realizing the function of the activation control apparatus for activating the PC 10 is recorded, and the HDD 110 is accessed. In such a case, arbitrary information in the storage unit 111 is erased when the PC 20 or the like is started (for example, when the BIOS is accessed).

<Startup control device>
As shown in FIG. 4, the ROM type recording medium 120 includes an initial setting unit 121, a storage unit 123, a key calculation unit 124, a unique key determination unit 125, an activation control unit 126, and a unique key acquisition unit 128. The authentication number determination unit 129 is mainly provided.

  The initial setting unit 121 includes the activation authentication key 111b, the unique key 111a, the key calculation unit 113, the fixed key determination unit 115, and the activation control in the hidden area 110a of the storage unit 111 in a state where the PC 10 is connected to the HDD 110. It is checked whether a program for realizing the functions of the unit 116 and the information management unit 117 is stored. If at least one of the activation authentication key 111b, the unique key 111a, and the program is not stored as a result of the confirmation, the initial setting unit 121 is based on the serial number of the board 11 of the PC 10 and the MAC address of the NIC 13. Thus, the unique key 111a is calculated. Then, the initial setting unit 121 writes the calculated fixed key 111a, the activation authentication key 111b stored in the storage unit 123, and the program into the hidden area 110a of the storage unit 111 of the HDD 110, and the unique key 111a. Is written to the rewritable storage medium 130.

  The storage unit 123 stores an activation authentication key 111b, a program for realizing each function of the ROM type recording medium 120, and the like. This activation authentication key 111b is used in the authentication by the activation authentication unit 119 of the HDD 110 described above. The storage unit 123 may store arbitrary information other than the above.

  When the determination result indicating that the ROM type recording medium 120 is authenticated is input from the activation authentication unit 119 of the HDD 110, the key calculation unit 124, like the key calculation unit 113 of the HDD 110, the PC 20 connected to the HDD 110. The determination key is calculated based on the serial number of the board 21 and the MAC address of the NIC 23. The key calculation unit 124 outputs the calculated determination key to the unique key determination unit 125.

  Similar to the unique key determination unit 115, the unique key determination unit 125 determines whether the determination key calculated by the key calculation unit 124 is equal to the unique key 111 a stored in the storage unit 111 of the HDD 110. As a result, the unique key determination unit 125 uses the identification information (serial number and MAC address in this embodiment) uniquely assigned to a predetermined member (in this embodiment, the board 21 and the NIC 23) provided in the PC 20. The determination key calculated based on the identification information (serial number and MAC address in the present embodiment) uniquely assigned to a predetermined member (in the present embodiment, the board 11 and the NIC 13) provided in the PC 10 When it is determined that the fixed key 111a is equal to the calculated fixed key 111a, the PC 20 and the PC 10 are determined to be the same information processing apparatus. In this case, the unique key determination unit 125 outputs a determination result that the determination key is equal to the unique key 111 a to the activation control unit 126. On the other hand, as a result of the determination, if the unique key determination unit 125 determines that the determination key is different from the unique key 111a, it is determined that the PC 20 is an information processing apparatus different from the PC 10. In this case, the unique key determination unit 125 outputs a determination result that the determination key is different from the unique key 111 a to the information management unit 117 of the HDD 110.

  The activation control unit 126 activates the PC 20 according to the determination result of the unique key determination unit 125 when the determination result that the ROM type recording medium 120 is authenticated is input from the activation authentication unit 119 of the HDD 110. Control. More specifically, in the present embodiment, the activation control unit 126 causes the PC 20 to the CPU 21 of the PC 20 when the determination result that the determination key is equal to the unique key 111a is input from the unique key determination unit 125. Output a signal to instruct to start. As a result, the PC 20 is activated, and it becomes possible to access arbitrary information (for example, protect information 111c) stored in the storage unit 111 of the HDD 110 connected to the PC 20.

  The unique key acquisition unit 128 acquires the unique key 130 a stored in the rewritable storage medium 130 from the rewritable storage medium 130. More specifically, as a result of determination of the number of authentications (details will be described later) performed by the authentication number determination unit 129, the number of authentications is a predetermined number (in this embodiment, n is an arbitrary integer greater than or equal to 0). If the rewritable storage medium 130 determines that the unique key 130a stored in the rewritable storage medium 130 is acquired, the rewritable storage medium 130 is requested to acquire the unique key 130a. Further, the unique key acquisition unit 128 determines whether or not the unique key 130a has been acquired from the rewritable storage medium 130 as a result of the request. As a result of this determination, when it is determined that the unique key 130 a has been acquired, the unique key acquisition unit 128 transmits the acquired unique key 130 a to the unique key determination unit 125.

  The unique key determination unit 125 that has received the unique key 130 a determines whether the unique key 111 a stored in advance in the storage unit 111 of the HDD 110 is equal to the unique key 130 a acquired from the rewritable storage medium 130. As a result of the determination, when it is determined that the unique key 111a and the unique key 130a are equal, the unique key determination unit 125 outputs the determination result to the information management unit 117 of the HDD 110. Receiving this determination result, the information management unit 117 deletes the unique key 111a previously stored in the storage unit 111 of the HDD 110 and the unique key 130a (= unique key 111a) stored in the rewritable storage medium 130, and the key. The determination key generated by the generation unit 124 is newly recorded as a unique key in the storage unit 111 and the rewritable storage medium 130 (reset of the unique key).

  On the other hand, if it is determined that the unique key 130a could not be acquired as a result of the determination as to whether or not the unique key 130a could be acquired from the rewritable storage medium 130, the unique key acquiring unit 128 sends the activation control unit 126 The judgment result is output. Upon receiving this determination result, the activation control unit 126 outputs a signal for instructing the activation of the PC 20 to the CPU 21 of the PC 20.

  The number-of-authentication determination unit 129 differs as a result of the determination by the unique key determination unit 125 whether or not the unique key 111 a stored in advance in the storage unit 111 of the HDD 110 and the unique key 130 a acquired from the rewritable storage medium 130 are equal. It is determined whether or not the number of times determined (the number of authentications) is less than a predetermined number. If the authentication count determination unit 129 determines that the authentication count is less than the predetermined count, the authentication count determination unit 129 outputs the determination result to the unique key acquisition unit 128. On the other hand, if the number-of-authentication determination unit 129 determines that the number of authentications is greater than the predetermined number, the determination result is output to the information management unit 117 of the HDD 110.

  When the information management unit 117 receives a determination result that the number of authentications is greater than the predetermined number, the HDD 110 may be connected to a PC 20 different from the PC 10 to be connected illegally due to theft or the like. It is necessary to prevent access to data stored in the HDD 110. Therefore, the information management unit 117 overwrites all the information stored in the storage unit 111 of the HDD 110 with erasure data and the like, and deletes all the information stored in the storage unit 111.

<External storage medium>
As shown in FIG. 4, the rewritable storage medium 130 stores a unique key 130a. When the unique key 130a is recorded by the initial setting unit 121, it is equal to the unique key 111a. In addition, as described above, when the unique key is reset by the information management unit 117 of the HDD 110, the determination key calculated by the key calculation unit 124 is recorded in the rewritable storage medium 130 as a new unique key. The

(About the processing flow of the recorded information management method)
The functional configuration of the recording information management apparatus 100 according to the present embodiment has been described in detail above. Subsequently, the flow of processing of the recording information management method according to the present embodiment will be described with reference to FIGS. To do. FIG. 5 is a flowchart showing a flow of initial setting processing in the recording information management method according to the present embodiment. FIG. 6 is a flowchart showing the flow of processing when starting from the HDD 110 in the recording information management method according to the present embodiment. FIG. 7 is a flowchart showing the flow of processing when starting from other than the HDD 110 in the recording information management method according to the present embodiment.

<Initial setting process>
First, the flow of the initial setting process will be described with reference to FIG. The initial setting process is a process of storing a unique key, an activation authentication key, and a program for realizing each function described above in the storage unit 111 of the HDD 110 in advance in relation to the PC 10 to which the HDD 110 is originally connected. Specifically, as shown in FIG. 5, first, using the ROM type recording medium 120, the PC 10 having the substrate 11 and the NIC 13 connected to the HDD 110 is activated (S101). Next, the initial setting unit 121 of the ROM type recording medium 120 stores a unique key 111a, an activation authentication key 111b, and a program for realizing each function as the above-described recording information management apparatus in the hidden area 110a of the HDD 110. It is confirmed whether or not (S103).

  As a result, if it is confirmed that the data is stored by the initial setting unit 121, the process proceeds to a process (see FIG. 7) when booting from other than the hard disk described later (see FIG. 7) (S300).

  On the other hand, as a result of step S103, if it is confirmed that the data is not stored by the initial setting unit 121, the initial setting unit 121 determines from the serial number of the board 11 of the PC 10 to which the HDD 110 is connected and the MAC address of the NIC 13. The unique key 111a is calculated (S105). Furthermore, the initial setting unit 121 writes the calculated unique key 111a, the activation authentication key 111b, and a program for realizing the function as the recording management device in the hidden area 110a of the storage unit 111, and stores the calculated unique key 111a. Writing to the rewritable storage medium 130 (S107).

  Through the initial setting process as described above, the storage unit 111 (hidden area 110a) of the HDD 110 stores the unique key 111a, the activation authentication key 111b, and a program for realizing the function as the recording management apparatus in advance. become.

<Processing when booting from HDD>
Next, the flow of processing when the HDD 110 is activated from the HDD 110 when the HDD 110 is connected to the PC 20 after the initial setting processing will be described with reference to FIG. As shown in FIG. 6, first, the key calculation unit 113 of the HDD 110 calculates a determination key based on the serial number of the board 21 of the PC 20 and the MAC address of the NIC 23 (S201). Next, the unique key determination unit 115 determines whether or not the determination key calculated by the key calculation unit 113 is equal to the fixed key 111a stored in the storage unit 111 (S203).

  As a result of this determination, if it is determined that the determination key is equal to the fixed key 111a, the unique key determination unit 115 outputs the determination result to the activation control unit 116. The activation control unit 116 determines that the PC 20 is the same information processing apparatus as the PC 10, accesses the CPU 21 of the PC 20 to the storage unit 111 of the HDD 110, and selects an OS (Operating System) stored in the storage unit 111. Outputs a signal to instruct to start. As a result, the OS of the PC 20 is activated (S205), and the process when activated from the HDD is terminated. At this time, the user of the PC 20 (= PC 10) can access information stored in the storage unit 111 (for example, protect information 111c).

  On the other hand, if it is determined that the determination key is different from the fixed key 111a as a result of the determination in step S203, the unique key determination unit 115 outputs the determination result to the information management unit 117. The information management unit 117 determines that the PC 20 is an information processing apparatus different from the PC 10, overwrites all information stored in the storage unit 111 with erasure data, etc., and stores all information stored in the storage unit 111. Information is deleted, and the process when starting up from the HDD is terminated. At this time, a user of the PC 20 different from the PC 10 (for example, a user who attempted to illegally acquire data stored in the HDD 110 by theft or the like) before decrypting the information stored in the storage unit 111. Since the information stored in the storage unit 111 is overwritten and erased, the data stored in the HDD 110 cannot be accessed.

<Processing when booting from other than HDD>
Next, based on FIG. 7, a processing flow when the HDD 110 is started from other than the HDD 110 when the HDD 110 is connected to the PC 20 after the initial setting process will be described. As shown in FIG. 7, first, the medium in which the activation authentication unit 119 of the HDD 110 records a program for realizing the function of the activation control apparatus for the apparatus that is attempting to activate the PC 20 to activate the PC 10, that is, Then, it is determined (start-up authentication) whether or not it is the ROM type recording medium 120 (S301). In this activation authentication, it is determined whether or not the device that is attempting to activate the PC 20 has the activation authentication key 111 b stored in the storage unit 111. As a result, if the activation authentication unit 119 determines that the device that is trying to activate the PC 20 is not the ROM type recording medium 120 (it cannot be authenticated), it outputs the determination result to the information management unit 117. In this case, since the PC 20 is activated by unauthorized activation software or the like, there is a possibility that information in the storage unit 110 may be illegally accessed. Therefore, the information management unit 117 does not store all information stored in the storage unit 111. Is erased, and all the information stored in the storage unit 111 is erased (S303), and the process when starting from other than the HDD is terminated. That is, the PC 20 or the like to which the HDD 110 is connected is activated by a medium other than the ROM type recording medium 120 in which a program for realizing the function of the activation control apparatus for activating the PC 10 is recorded, and the HDD 110 is accessed. In such a case, arbitrary information in the storage unit 111 is erased when the PC 20 or the like is started (for example, when the BIOS is accessed).

  On the other hand, as a result of the determination in step S301, if the activation authentication unit 119 determines (authenticates) that the device that is trying to activate the PC 20 is the ROM type recording medium 120, the determination result is used to calculate the key of the ROM type recording medium. Are output to the unit 124, the activation control unit 126, etc., and the PC 20 is activated by the ROM type recording medium 120 (S305). Next, the key calculation unit 124 of the ROM type recording medium 120 calculates a determination key based on the serial number of the substrate 21 of the PC 20 and the MAC address of the NIC 23 (S307). Next, the unique key determination unit 125 determines whether or not the determination key calculated by the key calculation unit 124 is equal to the fixed key 111a stored in the storage unit 111 (S309).

  As a result of this determination, if it is determined that the determination key is equal to the fixed key 111a, the unique key determination unit 125 outputs the determination result to the activation control unit 126. The activation control unit 126 determines that the PC 20 is the same information processing apparatus as the PC 10, accesses the storage unit 111 of the HDD 110 to the CPU 21 of the PC 20, and selects an OS (Operating System) stored in the storage unit 111. Outputs a signal to instruct to start. As a result, the OS of the PC 20 is activated (S311), and the processing when activated from a device other than the HDD is terminated. At this time, the user of the PC 20 (= PC 10) can access information stored in the storage unit 111 (for example, protect information 111c).

  On the other hand, if it is determined that the determination key is different from the fixed key 111a as a result of the determination in step S309, the unique key determination unit 125 outputs the determination result to the authentication count determination unit 129. Next, a result of determination by the unique key determination unit 125 whether or not the authentication number determination unit 129 is equal to the unique key 111 a stored in advance in the storage unit 111 of the HDD 110 and the unique key 130 a acquired from the rewritable storage medium 130. Then, it is determined whether or not the number of times determined to be different (number of times of authentication) is less than a predetermined number (n (n is an arbitrary integer greater than or equal to 0)) (S313).

  As a result of this determination, if the authentication number determination unit 129 determines that the number of authentications is less than n times, the determination result is output to the unique key acquisition unit 128. Next, the unique key acquisition unit 128 requests the rewritable storage medium 130 to acquire the unique key 130a stored in the rewritable storage medium 130 (S315). The request for acquiring the unique key 130a is made, for example, by displaying a message prompting the user of the PC 20 to insert the rewritable storage medium 130 (for example, a USB memory) on a display (not shown) of the PC 20. . Further, the unique key obtaining unit 128 determines whether or not the unique key 130a has been obtained from the rewritable storage medium 130 as a result of the request in step S315 (S317). This determination is made, for example, by determining whether or not the rewritable storage medium 130 has been inserted into the PC 20.

  As a result of this determination, when the unique key acquisition unit 128 determines that the unique key 130 a has been acquired, the unique key acquisition unit 128 transmits the acquired unique key 130 a to the unique key determination unit 125. Next, the unique key determination unit 125 that has received the unique key 130 a determines whether or not the unique key 111 a stored in advance in the storage unit 111 of the HDD 110 is equal to the unique key 130 a acquired from the rewritable storage medium 130 ( S319).

  As a result of this determination, when the unique key determination unit 125 determines that the unique key 111 a and the unique key 130 a are equal, the unique key determination unit 125 outputs the determination result to the information management unit 117 of the HDD 110. Receiving this determination result, the information management unit 117 deletes the unique key 111a previously stored in the storage unit 111 of the HDD 110 and the unique key 130a (= unique key 111a) stored in the rewritable storage medium 130, and the key. The determination key generated by the generation unit 124 is newly recorded as a unique key in the storage unit 111 and the rewritable storage medium 130 (reset unique key: S321). As described above, even if a person who tries to obtain data stored in the HDD 110 illegally by theft or the like steals the HDD 110 and the ROM type recording medium 120 and resets the unique key 111a, The rewritable storage medium 130 is necessary for resetting. Accordingly, since the HDD 110, the ROM type recording medium 120, and the rewritable storage medium 130 are all required for resetting the unique key 111a, the data stored in the HDD 110 can be illegally acquired unless all of them are stolen. I can't.

  If a legitimate user changes only the PC base, NIC, or the like, or a legitimate user connects the HDD 110 with another PC or the like, all of the HDD 110, the ROM type recording medium 120, and the rewritable storage medium 130 Therefore, the data stored in the HDD 110 can be legitimately accessed by resetting the unique key 111a.

  On the other hand, as a result of the determination in step S319, when the unique key determination unit 125 determines that the unique key 130a has not been acquired, the unique key acquisition unit 128 outputs the determination result to the activation control unit 126. Next, the activation control unit 126 outputs a signal instructing to stop the activation of the PC 20 (for example, a signal indicating that the power is turned off in this embodiment) to the CPU 21 of the PC 20, and the power of the PC 20 is turned off ( S323), the processing when starting from other than the HDD is terminated.

  If the authentication number determination unit 129 determines that the number of authentications is greater than n as a result of the determination in step S313, the determination result is output to the information management unit 117 of the HDD 110. Next, the information management unit 117 overwrites all the information stored in the storage unit 111 of the HDD 110 with erasure data and the like, and deletes all the information stored in the storage unit 111 (S303). The processing when starting from other than the HDD is terminated.

(Operational effect of the recording information management apparatus and the recording information management method according to the present embodiment)
As described above, according to the recording information management apparatus and the recording information management method according to the present embodiment, the data stored in the HDD 110 is not encrypted with the password, but the serial number of the board 11 or the like. Since it is encrypted with identification information unique to the device such as the MAC address of the NIC 13, the user of the PC 10 (HDD 110) does not have to manage the password by himself.

  In the case of conventional encryption, if the password is decrypted, the encrypted state may be released. However, in this embodiment, even if the HDD 110 is illegally connected to the PC 20 other than the information processing apparatus (PC 10) to be originally connected and tries to access the HDD 110, the data in the HDD 110 is overwritten when the PC 20 is started. Therefore, there is no fear that the encrypted data of the HDD 110 is released.

  Conventionally, if only the HDD (HDD 110 in this embodiment) is stolen and the password is decrypted, the data stored in the HDD can also be obtained illegally. However, in this embodiment, even if only the HDD is stolen, if the information processing apparatus to be connected is different, for example, when the HDD 110 is connected to an information processing apparatus PC20 different from the PC 10 to which the HDD 110 is originally connected, In addition, since the data in the HDD 110 is overwritten and deleted, the data in the HDD 110 cannot be obtained illegally.

  Furthermore, even if the HDD 110 and the ROM type recording medium 120 on which a program for realizing a function as a start control device for starting the PC 10 according to the present embodiment is stolen, the unique key 111a is stored in the HDD 110. It cannot be acquired because it is stored in the hidden area 110a. Therefore, the information management unit 117 overwrites and erases the data in the HDD 110 according to the determination result of the unique key determination unit 125, and thus the person who steals the HDD 110 cannot access the data in the HDD 110.

  On the other hand, even if the ROM 110 and the rewritable storage medium 130 in which the unique key 130a equal to the unique key 111a is stolen, if there is no ROM type recording medium 120, a program other than the program recorded on the ROM type recording medium 120 Since the data in the HDD 110 is overwritten and erased at the time of activation, the person who steals the HDD 110 cannot access the data in the HDD 110. Even when the rewritable storage medium 130 such as a USB memory having a unique key 130 a is inserted when the HDD 110 is started, the program stored in the storage unit 111 of the HDD 110 is stored in the rewritable storage medium 130. Since the unique key 130a is not recognized, data in the HDD 110 cannot be accessed without the ROM type recording medium 120. In this case, for example, a message such as “Please start from CD-ROM (ROM type recording medium 120)” may be displayed.

  That is, in order to acquire data in the HDD 110, it is necessary to steal all of the HDD 110, the ROM type recording medium 120, and the rewritable storage medium 130, or steal the entire information processing apparatus (PC 10) to which the HDD 110 is connected. Therefore, the anti-theft effect can be remarkably enhanced as compared with the conventional art.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to this example. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

  For example, in the above-described embodiment, the PC has been described as an example of the information processing apparatus. However, the information processing apparatus in the present invention is not limited to the PC, and any apparatus to which an HDD is connected is applied. can do. For example, the information processing apparatus according to the present invention includes an HDD built-in DVD recorder, an HDD built-in television receiver, an HDD built-in music player, an HDD built-in printer, and the like. Therefore, for example, even if an HDD such as an HDD built-in DVD recorder is removed and illegally copied, the connected DVD recorder or the like is different hardware, so the data in the HDD is overwritten and erased. Further, by discarding the HDD such as the HDD built-in type DVD recorder and the DVD recorder separately, the data stored in the HDD does not pass to a third party, so that privacy can be protected.

  In the above-described embodiment, the combination of the substrate and the NIC has been described as an example of the predetermined member having the unique identification information for calculating the unique key and the determination key. This member is not limited to this combination, and may be either the substrate or the NIC, or may be another member.

It is explanatory drawing which shows the hardware constitutions of the recording information management apparatus which concerns on the 1st Embodiment of this invention, and the information processing apparatus to which this is connected. It is a block diagram which shows the hardware constitutions of the information processing apparatus which concerns on the embodiment. 3 is a block diagram showing a functional configuration of a storage device according to the embodiment. FIG. It is a block diagram which shows the function structure of the starting control apparatus and external storage medium which concern on the embodiment. It is a flowchart which shows the flow of the initial setting process in the recording information management method concerning the embodiment. It is a flowchart which shows the flow of a process when starting from HDD in the recording information management method concerning the embodiment. It is a flowchart which shows the flow of a process when starting from other than HDD in the recording information management method concerning the embodiment.

Explanation of symbols

10 PC
11 Substrate 13 NIC
20 PC
100 Recording information management device 110 HDD
110a Hidden area 111 Storage unit 111a Unique key 111b Activation authentication key 113 Key calculation unit 115 Unique key determination unit 116 Activation control unit 117 Information management unit 119 Activation authentication unit 120 ROM type recording medium 121 Initial setting unit 123 Storage unit 124 Key calculation unit 125 unique key determination unit 126 activation control unit 128 unique key acquisition unit 129 authentication count determination unit 130 rewritable storage medium 130a unique key

Claims (10)

A recording information management device connected to a first information processing device provided with a predetermined member assigned identification information unique to the device,
A storage unit in which arbitrary information including a unique key calculated in advance based on the identification information is stored;
A key calculation unit that calculates a determination key based on the identification information of the predetermined member provided in the second information processing apparatus to which the recording information management apparatus is connected;
A unique key determination unit that determines whether or not the determination key is equal to the unique key;
An activation control unit that controls activation of the second information processing apparatus according to a determination result of the unique key determination unit;
According to the determination result of the unique key determination unit, an information management unit for managing the arbitrary information stored in advance in the storage unit;
With
The activation control unit activates the second information processing apparatus when it is determined that the determination key is equal to the unique key,
The recording information management apparatus, wherein the information management unit erases the arbitrary information stored in advance in the storage unit when it is determined that the determination key is different from the unique key. The recorded information management device includes:
A storage device comprising the storage unit and the information management unit;
An activation control device comprising the key calculation unit, the unique key determination unit and the activation control unit;
The recording information management apparatus according to claim 1, comprising: The storage unit further stores an activation authentication key for identifying that the activation control device is an apparatus including the key calculation unit, the unique key determination unit, and the activation control unit,
The storage device further includes an activation authentication unit that authenticates whether the activation control device includes the key calculation unit, the unique key determination unit, and the activation control unit based on the activation authentication key. The recording information management apparatus according to claim 2, wherein:   The information management unit is stored in the storage unit in advance when the activation authentication unit determines that the activation control device is not an apparatus including the key calculation unit, the unique key determination unit, and the activation control unit. 4. The recorded information management apparatus according to claim 2, wherein the arbitrary information is deleted. The activation control device further includes a unique key acquisition unit that acquires the unique key from an external storage medium,
5. The activation control unit suspends activation of the second information processing apparatus when the unique key acquisition unit cannot acquire the unique key from the external storage medium. 6. The recorded information management apparatus according to any one of the above. The activation control device further includes a unique key acquisition unit that acquires the unique key from an external storage medium,
The unique key determination unit, when the unique key acquisition unit is able to acquire the unique key from the external storage medium, the unique key stored in advance in the storage unit and the unique key acquired from the external storage medium Determine if the key is equal,
When the unique key determination unit determines that the unique key stored in advance in the storage unit is equal to the unique key acquired from the external storage medium, the information management unit stores in advance in the storage unit. The stored unique key and the unique key stored in the external storage medium are deleted, and the determination key generated by the key generation unit is newly used as the unique key in the storage unit and the external storage medium. The recording information management apparatus according to claim 2, wherein recording is performed. The activation control device determines that the number of times that the unique key stored in advance in the storage unit and the unique key acquired from the external storage medium are equal as a result of the determination is different from a predetermined number of times. Further comprising an authentication number determination unit for determining whether or not
When the authentication number determination unit determines that the number is less than the predetermined number, the unique key acquisition unit requests the external storage medium to acquire the unique key stored in the external storage medium,
The information management unit erases the arbitrary information stored in advance in the storage unit when the authentication number determination unit determines that the number is greater than a predetermined number. The recorded information management apparatus described.   8. The device according to claim 1, wherein the predetermined member is at least one of a board to which a unique serial number is assigned and a NIC to which a unique MAC address is assigned. 9. Record information management device. Arbitrary information including a unique key calculated in advance based on the identification information is stored in advance, connected to a first information processing apparatus provided with a predetermined member to which identification information unique to the apparatus is assigned. A recording information management method for managing information recorded in a recording information management apparatus having a storage unit,
Calculating a determination key based on the identification information of the predetermined member provided in the second information processing apparatus to which the recording information management apparatus is connected;
Determining whether the determination key is equal to the unique key;
Activating the second information processing apparatus when it is determined that the determination key is equal to the unique key;
When it is determined that the determination key is different from the unique key, erasing the arbitrary information stored in advance in the storage unit;
A recorded information management method comprising: Arbitrary information including a unique key calculated in advance based on the identification information is stored in advance, connected to a first information processing apparatus provided with a predetermined member to which identification information unique to the apparatus is assigned. In a recording information management apparatus having a storage unit,
Calculating a determination key based on the identification information of the predetermined member provided in the second information processing apparatus to which the recording information management apparatus is connected;
Determining whether the determination key is equal to the unique key;
Activating the second information processing apparatus when it is determined that the determination key is equal to the unique key;
When it is determined that the determination key is different from the unique key, erasing the arbitrary information stored in advance in the storage unit;
A program for running

Images