JPH1097468A - Data recording and reproducing device, and security managing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To actualize a security function which is suitable for use in a server machine, etc., which is accessed and shared by more than one host devices. SOLUTION: When an indication to lock an arbitrary area is supplied from a host device to a magnetic disk drive as a server machine by using a locked write command which has an access destination start address and transfer length information and is given a password, the indication is accepted (S31) and if the address area indicated with the access destination start address and transfer length information overlaps with an area that is already locked (S32), information on the address area and password is saved, thereby locking the address area (S34 and S35). This locked area is accessed when a read/write command having the password matching the password set in the area is given.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data recording / reproducing apparatus having a password security function for protecting data recorded on an information recording medium, and a security management method.

[0002]

2. Description of the Related Art In a data recording / reproducing device represented by a magnetic disk device (hard disk device), data stored (recorded) in (a recording medium attached to) the device is protected from theft, falsification, and the like. Some commands can accept a special command called a security command.

When a user wants to protect (protect) data stored in a data recording / reproducing apparatus, the user goes through a hardware control module in an operating system called a BIOS (Basic Input / Output System) of the host apparatus. Issue a security command for setting a password, and set a password in the data recording / reproducing apparatus. Usually, this password (including security setting information) is set in a predetermined area (called a system area) secured on a recording medium (disk) of the data recording / reproducing apparatus.

When a hard reset (initialization by a command from a host device) or a power-on reset (initialization by turning on the power) of the data recording / reproducing apparatus is performed after setting the password, the data recording / reproducing apparatus becomes inoperable. A lock state is set, and reading / writing (with respect to the recording medium) in the device is prohibited unless the same password as the set password is input by the user. This makes it possible to protect data stored in (the recording medium of) the data recording / reproducing device.

[0005]

In the case where the data recording / reproducing apparatus employs a server machine or the like shared by a plurality of users (host devices), the data recording / reproducing apparatus is usually used as a server machine for security. Each user (host device) sets a password for access to the playback device). In this case, since the password is not set for the data recording / reproducing device,
The data recording / reproducing device itself is not protected by the security function. Therefore, when a data recording / reproducing device as a server machine is removed from the system, for example, like a data recording / reproducing device such as a magnetic disk device built in (or connected to) a personal computer, the data is recorded on the device. Existing data becomes readable / writable.

In a system in which a data recording / reproducing device is used as a server machine and is connected to a plurality of host devices via a network, a plurality of users (host devices, terminals) receive the data recording / reproducing with the expansion of the network. Access to the device will frequently occur. In such a case, it is necessary to protect each area of the recording medium unique to the user. There is a problem that the data recording / reproducing device cannot be accessed from other users sharing the device.

The present invention has been made in consideration of the above circumstances, and has as its object to provide a data recording / reproducing apparatus having a security function suitable for use in a server machine or the like which is accessed from a plurality of host devices and shared. And a security management method.

[0008]

According to the present invention, in a data recording / reproducing apparatus for accessing an information recording medium in response to a request from a host device, a password is set for a specific area of the recording area of the information recording medium. By receiving, from the host device, a lock unit that locks the specific area and a password that matches a password set in correspondence with the specific area locked by the lock unit, Unlocking means for releasing the state.

In such a configuration, the recording area can be partially protected, not the data recording / reproducing apparatus itself. Therefore, an unlocked area can be accessed without performing an unlock operation.

[0010] Further, the lock means having the above-described configuration is configured to be able to receive a change instruction of a specific area from the host device, and to change the area according to the change instruction when receiving the change instruction. It is also possible to lock and unlock an arbitrary area specified by the host device.

The present invention also relates to a data recording / reproducing apparatus which is used in common by a plurality of host apparatuses and accesses an information recording medium in response to a request from the host apparatus. When one of the divided areas obtained by dividing a specific area is designated, and it is instructed to lock the designated divided area with a designated password, the instruction is accepted and the designated divided area is designated with a designated password. Unlock means for unlocking a locked state of a corresponding divided area by receiving from the host device a password corresponding to a password set corresponding to the divided area locked by the locking means; Means is provided.

In such a configuration, each divided area can be locked and unlocked according to an instruction from each of the plurality of host devices. Further, when the host device specifies an arbitrary area on the information recording medium and instructs the locking means to lock the specified area with a specified password, the lock unit receives the instruction and specifies the specified means. By configuring the area to be locked with a designated password, a plurality of areas to be protected can be set arbitrarily with each password, and the address and size of each area can be set freely. Data can be protected.

An instruction to lock an arbitrary area from the host device is issued by using a specific write command (write command with lock) having an access destination start address and transfer length information and a password. It is possible to easily protect the data of specific information by locking the address area indicated by the access destination start address and transfer length information specified by the write command with the password added to the write command. Can be realized.

The present invention also relates to a data recording / reproducing apparatus which is used in common by a plurality of host apparatuses and accesses an information recording medium in response to a request from the host apparatus. When one of the divided regions is designated and an instruction is given to lock the designated divided region with a designated password, a lock means for receiving the instruction and locking the designated divided region with a designated password; For each password set in each of the divided areas locked by the locking means, all the divided areas accessible by the password are regarded as one continuous area, and a logical address is assigned and managed. A read / write command in which a password is added from the device and the access destination is indicated by the above logical address Address conversion means for converting the logical address into a corresponding physical address in an area accessible by a password attached to the read / write command, and an address converted by the address conversion means. And a read / write command execution means for executing a read / write command by using the command.

In such a configuration, since the accessible area is selected by the password, the startup file can be selected by changing the password. Further, since the area other than the password (other than the selected area) is not accessed, the host apparatus can use only the area accessible by the password as one storage device. For this reason, management of the area accessible in the host device can be easily performed.

As one of the passwords, in addition to locking an arbitrary area, a specific password (master password) capable of accessing the entire area of the information storage medium including the area is prepared, and a specific user (host) is prepared. By allowing the master password to be used only by the device, the specific user (host device) can perform periodic device diagnosis (virus check, etc.) by accessing the entire area. Become.

[0017]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a magnetic disk drive according to one embodiment of the present invention.

In FIG. 1, reference numeral 1 denotes a disk (magnetic disk) as a medium on which data is recorded, and 2 denotes data writing (data recording) to the disk 1 and data reading (data reproduction) from the disk 1. This is the head (magnetic head) used. The head 2 is provided corresponding to each data surface of the disk 1.

A large number of concentric tracks are formed on both surfaces of the disk 1, and each track is used for positioning control and the like (cylinder data indicating a cylinder number and a positional error in the cylinder indicated by the cylinder data indicating a waveform error). A plurality of servo areas on which servo data (including burst data for indicating amplitude) are recorded are arranged at equal intervals.
These servo areas are radially arranged on the disk 1 over the respective tracks from the center. The area between the servo areas is a user area. A plurality of data sectors are set in the user area between the servo areas.

A predetermined area on each surface of each disk 1 is assigned a system area. The system area is set in a different area from the data area, and is used for storing information (defect list) of a defect on the corresponding disk surface, security setting information including a password, and the like. The security setting information is stored in all the system areas allocated to each surface of each disk 1 in order to provide a backup of the security setting information. It is also possible to secure only one system area.

The disk 1 is a spindle motor (SPM)
3. High speed rotation. The head 2 is attached to a head moving mechanism called a carriage 4, and moves in the radial direction of the disk 1 by the movement of the carriage 4. The carriage 4 is driven by a voice coil motor (VCM) 5.

The spindle motor 3 and the voice coil motor 5 are connected to a motor driver 6. The motor driver 6 drives the motor 3 by supplying a control current to the spindle motor 3 and drives the motor 5 by supplying a control current to the voice coil motor 5. The value of the control current (control amount) is determined by calculation processing of the CPU (microprocessor) 10, and is given, for example, as a digital value.

Each head 2 is connected to a head IC 7 mounted on a flexible printed circuit (FPC). The head IC 7 controls switching of the head 2 and inputs and outputs read / write signals to and from the head 2, and has a head amplifier 71 that amplifies an analog output read by the head 2.

The read / write IC 8 receives an analog output (read signal of the head 2) read from the disk 1 by the head 2 and amplified by the head amplifier 71 in the head IC 7, and receives a signal necessary for a data reproducing operation. A decoding function for performing processing; an encoding function for performing signal processing required for recording data on the disk 1; and a reproduction process of servo data necessary for servo processing such as head positioning control (a servo area read by the head 2). A signal processing function of processing servo data to generate a data pulse including cylinder data, and performing a process of sampling and holding the peak of burst data in the servo data.

The servo processing circuit 9 includes a read / write IC
In response to the data pulse and the burst data from the control unit 8, signal processing necessary for servo processing is executed. That is, the servo processing circuit 9 has a decoding function for extracting and decoding cylinder data (cylinder number) and the like from the data pulse from the read / write IC 8, and a timing generation function such as a write gate. Also, the servo processing circuit 9 has a read / write I
A / D burst data (analog signal) from C8
It also has an A / D conversion function of converting (analog / digital) and outputting it to the CPU 10.

The CPU 10 is, for example, a one-chip microprocessor. The CPU 10 controls each unit in the magnetic disk device according to a control program (firmware) stored in the ROM 11.

The CPU 10 controls the head 2 according to the servo data (cylinder data and burst data therein) extracted by the servo processing circuit 9 (by controlling the driving of the voice coil motor 5 via the motor driver 6). Positioning control for moving to the target position, H
There are transfer control of read / write data by controlling the DC 14, and lock / unlock control of the area of the disk 1 in order to realize a security function directly related to the present invention.

The CPU 10 has a ROM 1 as a non-volatile memory in which a control program (firmware) for controlling each unit in the magnetic disk device is stored.
1 and a RAM 12 as a rewritable memory that provides a work area for the CPU 10, a storage area for control parameters used by the CPU 10, and the like.

An EEPROM 13 as a rewritable nonvolatile memory and a disk controller (HDC) 14 are also connected to the CPU 10. EEPR
The OM 13 saves parameters for controlling the magnetic disk device, saves area information indicating an area on the disk 1 designated by an area designation command from the host device, and specifies a lock command from the host device. It is used for storing passwords.

The disk controller (HDC) 14
It controls command and data communication with a host device (not shown), and also controls data communication with the read / write IC 8 (via the disk 1). This H
The DC 14 is connected to a buffer memory (buffer RAM) 15 including, for example, a RAM or the like, in which read / write data is stored in a cache system, and a host interface 16. Host interface 16
Is an interface between the HDC 14 and the host device, and the HDC 14 communicates commands and data with the host device via the host interface 16.

Next, the operation of the magnetic disk drive of FIG.
An example in which the device is used as a shared server machine accessed from a plurality of host devices will be described.

First, in this embodiment, one of the first to third security management methods is applied. Therefore, the operation in the case where the first to third security management methods are applied will be described in order.

(1) Operation when the first security management method is applied First, the operation when the first security management method is applied will be described with reference to the flowcharts of FIGS.

In the present embodiment, data protection using a password is not performed for the entire magnetic disk device, but for an arbitrary area of the disk 1 as a unit. The command for designating the area (disk area) to be protected is called an area designation command.

[0035] The user can use the disk 1 for which data protection is required.
When there is an upper area, the host apparatus transmits a disk area to be protected to the magnetic disk apparatus of FIG.
An area designation command designated by a pair of a start address (start address) and an end address (end address) of the area is issued. It is also possible to use the size (information indicating) of the area instead of the end address.

The area designation command issued from the host device is passed to the CPU 10 via the host interface 16 and the HDC 14. When the CPU 10 receives the area designation command from the host device (step S2 in FIG. 2)
1) It is checked whether the whole or a part of the area specified by the command overlaps with the already locked area (step S2 in FIG. 2). This check is
This is performed by comparing the information of the designated area with the area information already stored in a predetermined area of the EEPROM 13 (the storage area of the security setting information).

When the CPU 10 determines that the specified area overlaps with the already locked area as a result of the check in step S2, the CPU 10 aborts the area specifying command from the host device (step S3 in FIG. 2). . This is to avoid overlapping protected areas.

On the other hand, if it is determined that the designated area does not overlap the already locked area,
10 saves the information of the designated area in a predetermined area (security information storage area) of the EEPROM 13 (step S4 in FIG. 2).

Next, the user causes the host device to issue a lock command to the magnetic disk device shown in FIG. 1 in order to set a password in the area designated by the preceding area designation command to lock the area. A password specified by a user is added to this lock command.

When the CPU 10 receives the lock command issued from the host device (step S5 in FIG. 2), it changes the password attached to the command according to the area designation command previously issued from the same host device.
The data is stored in the EEPROM 13 in association with the area information stored in the ROM 13 (step S6 in FIG. 2).

Thus, the EEPROM 13 has
A set of information on the area specified by the area specification command from the host device and the password specified by the lock command is stored (registered).

When the CPU 10 stores the password in the EEPROM 13 in accordance with the information of the designated area,
The area indicated by the area information is locked (step S7 in FIG. 2). This operation is performed by securing a lock flag on the RAM 12 in association with the corresponding set of area information and password and turning on the flag.

FIG. 5A shows the result of execution of the area designation command and the lock command as described above, for example, the user A
The area 50A on the disk 1 locked by the password PA specified by the user B, the area 50B on the disk 1 locked by the password PB specified by the user B, and the area not locked (unlocked area) 50
13 shows an example of C. FIG. 5 shows a state where sets of the area information and the password of the locked areas 50A and 50B are stored in the EEPROM 13.
(B).

Now, as shown in FIG.
It is assumed that a read / write command is issued from the host device to the magnetic disk device of FIG. 1 in a state where 0A and 50B are locked and the area 50C is not locked.

The CPU 10 reads / writes from the host device.
Upon receiving the write command (step S11 in FIG. 3),
Check whether the disk access range (access range) specified by the command is within the range of the locked area by comparing it with each area information (and a set of passwords) stored in the EEPROM 13. (Step S12 in FIG. 3).

As a result of the check in step S12, the CPU 10 determines that the access range specified by the read / write command from the host device is out of the locked area, for example, out of the areas 50A and 50B. In this case, that is, when it is determined that the read / write command is within the range of the unlocked area 50C, the read / write command is executed (step S13 in FIG. 3).

On the other hand, if it is determined that the access range specified by the read / write command from the host device is within the locked area, for example, within the area 50A or 50B, the CPU 10 determines Abort the read / write command (step S1 in FIG. 3)
4).

As described above, when a read / write command is issued from the host device, it is checked whether or not the access range specified by the command is within the range of the locked area. The protected area can be protected.

Next, assume that the user A wants to access the area 50A locked by himself. In such a case, the user A causes the host device to issue an unlock command to the magnetic disk device of FIG. It is assumed that the password PA is attached to this unlock command.

When receiving the unlock command from the host device (step S21 in FIG. 4), the CPU 10 executes EE.
In the set of the area information and the password stored in the PROM 13, the password (P
A) Whether there is a pair with a password that matches
That is, it is checked whether there is an area locked by the same password as the password (PA) attached to the command (step S22 in FIG. 4).

In this example, the password attached to the unlock command from the host device is PA, and since there is a lock area 50A of the same password as the password, the CPU 10 changes the lock state of the area 50A. Release (step S23 in FIG. 4). This operation
The area corresponding to the area 50A to be unlocked (R
This is done by turning off the lock flag (on AM 12).

In the state where the locked state of the area 50A is released (unlocked state), even if the set of the area information of the area 50A and its password PA is stored in the EEPROM 13, the area 50A is accessed from the host device. it can.

The unlocked state of the area 50A is released when a hard reset (initialization by a command from the host device) or a power-on reset (initialization by turning on the power) of the magnetic disk device of FIG. 1 is performed, and again. Set to locked state. This is because when a hard reset or power-on reset of the device is performed, all the corresponding areas are locked based on each area information stored in the EEPROM 13 in the initialization processing at that time.

It should be noted that the above description is based on the arbitrary regions 50A and 50B.
Has been described as having been designated to be locked by the users A and B. However, an area composed of the area 50A and the area 50B (hereinafter, referred to as a specific area) is determined in advance as a lockable area, and the area 50C is previously determined as a non-locking area And the regions 50A and 50B may be divided regions obtained by dividing the specific region into two. Further, the magnetic disk device of FIG. 1 is not used as a server machine shared and used by a plurality of users (a plurality of host devices).
For example, in a system that is built in (or connected to) a personal computer and is used as an auxiliary storage device of the computer, one password is set for the entire specific area, and the entire specific area is locked and unlocked. It does not matter. Further, the specific area can be changed by an instruction from the host device.

(2) Operation When Applying the Second Security Management Method In the first security management method described above, it is possible to set a password for an arbitrary disk area from each user (host device) and lock / unlock it. Although possible, the unlocked area can be accessed by other users (host devices) who do not know the password of the area.

Therefore, the operation in the case where the second security management method in which only the user (host device) who knows the password of the locked area can access the locked area is applied, refer to the flowcharts of FIGS. 6 and 7. I will explain.

Here, a special write command for instructing a lock, called a write command with lock, can be used in place of the above-mentioned area designation command. This write command with lock is accompanied (linked) by a password specified by the user.

The user can use the disk 1 for which data protection is required.
When there is an upper area, the host apparatus transmits a disk area to be protected to the magnetic disk apparatus of FIG.
It is specified as if it is a disk area of a write access destination, and a write command with a lock linked with a password is issued. Normally, a write command is accompanied by a start address (start address) of a write destination and transfer length information. Therefore, in this embodiment, the start address of the write destination of the write command with lock is
The area is designated by using the start address of the disk area to be locked and using (the information of) the size of the disk area as the transfer length information.

When the CPU 10 receives the write command with the lock from the host device (step S3 in FIG. 6).
1) It is checked whether the whole or a part of the area specified by the command overlaps the already locked area (step S32 in FIG. 6).

As a result of the check in step S32, if the CPU 10 determines that the designated area overlaps with the already locked area, it aborts the write command with lock from the host device (step S3 in FIG. 6).
3).

On the other hand, if it is determined that the designated area does not overlap with the already locked area,
Reference numeral 10 denotes a set of information on an area designated by a write command with a lock from the host device and information on a password linked to the command, and saves the set in a predetermined area (storage area for security setting information) of the EEPROM 13 (FIG. Six steps S34). Here, the information of the designated area consists of the start address and end address of the area,
The end address is generated by adding the start address specified by the write command with lock and the transfer length information.

When the set of the information of the designated area and the information of the password is stored in the EEPROM 13, the CPU 10 locks the area indicated by the area information (step S35 in FIG. 6).

As described above, a desired area on the disk 1 can be locked with a password linked to the command only by one command (write command with lock). Here, it is assumed that as a result of the user A issuing a write command with a lock from the host device to the magnetic disk device of FIG. 1, the area 50A is locked by the password PA.

Now, in this embodiment, to access the locked area, a read / write command with a password is used. The read / write command with a password is obtained by linking a password to a normal read / write command.

Now, the area 50 locked by the user A by himself / herself
Suppose that you want to access inside A. In such a case, the user A causes the host device to issue a read / write command with a password linked with the password PA to the magnetic disk device of FIG.

When the CPU 10 receives a read / write command with a password from the host device (step S41 in FIG. 7), the disk access range (access range) specified by the command is within the locked area. Whether or not this is the case is checked by comparing with each area information (and a set of passwords) stored in the EEPROM 13 (step S42 in FIG. 7).

As a result of the check in step S42, the CPU 10 determines that the access range specified by the read / write command with a password from the host device is outside the range of the locked area, for example, outside the range of the areas 50A and 50B. If it is determined, that is, if it is determined that it is within the range of the unlocked area 50C, the read / write command is executed (step S4 in FIG. 7).
3).

On the other hand, if the CPU 10 determines that the access range specified by the read / write command with password from the host device is within the range of the locked area, the CPU 10 sets the corresponding area information and the set. If the password to be formed is the password (P
A) is checked to see if it matches (step S in FIG. 7)
44).

In this example, since the access range specified by the read / write command with password from the host device is within the area 50A and the password linked to the command is PA, it is determined that the passwords match. Is done.

Even if the access range specified by the read / write command with password from the host device is within the locked area 50A, the CPU 10 links the password linked to the command with the password locking the area 50A. If they match, the command is executed (step S43 in FIG. 7). As a result, read / write access is performed in the locked area 50A.

On the other hand, if the passwords do not match, the read / write command with password is aborted (step S45 in FIG. 7), and the access range (address area) in the lock area specified by the read / write command is accessed. It will not be possible.

(3) Operation when the third security management method is applied Next, the operation when the third security management method is applied will be described with reference to the flowcharts of FIGS.

Here, for example, the physical block addresses on the disk of the magnetic disk device of FIG.
As shown in FIG. 10, the disk area of
99 area 100A, address 100 to 399 area 1
00B, an area 100C of addresses 400 to 799, and an area 100D of addresses 800 to 999, and the apparatus is divided into a plurality of users (host apparatuses) X, Y, and Z.
Assume the network system used in. Also, assume that user Z is a network administrator.

In the present embodiment, the area specifying command with password having both functions of the area specifying command and the lock command used in the first security management method can be used.

The user Z designates, for example, the area 100D of the areas 100A to 100D of the magnetic disk drive shown in FIG. 1 and uses a special password (hereinafter referred to as a master password) MPZ which can be used only by the network administrator. The host device issues an area designation command with a master password to instruct locking of 100D to the magnetic disk device of FIG. The master password (MPZ) is used for the entire area of the apparatus (here, the area 100A to 100A).
100D), that is, not only the area locked by the password but also the area locked by a normal password by another user.

When the CPU 10 receives the area designation command with the master password from the host device (FIG. 8)
It is checked whether or not the area specified by the command is already locked (step S51) (step S52 in FIG. 8).

When the CPU 10 determines that the designated area is already locked as a result of the check in step S52, it aborts the area designation command with the master password from the host device (step S5 in FIG. 8).
3).

On the other hand, if the CPU 10 determines that the specified area is not locked, the CPU 10 determines the information on the area specified by the area specifying command with master password from the host device and the master password linked to the command. Are stored in a predetermined area (security setting information storage area) of the EEPROM 13 (step S54 in FIG. 8). Here, it is assumed that a set of the information of the area 100D and the master password MPZ is stored.

When the set of the information of the designated area 100D and the master password MPZ is stored in the EEPROM 13, the CPU 10 locks the area 100D indicated by the area information with the master password MPZ (step S8 in FIG. 8).
55).

In this case, the user Z uses the master password MPZ to obtain the addresses 0 to 999 of the entire apparatus.
(All areas 100A, 100B, 100C, 100D) can be accessed regardless of the presence or absence of the lock. However, the area 100D is locked by the master password MPZ as described above.

In this state, the user X issues an area designation command with a password for designating, for example, the area 100A and for locking the area 100A with the password PX from the host apparatus. It shall be issued to the disk device.

When the CPU 10 receives the area designation command with the password PX for instructing to lock the area 100A (step S51 in FIG. 8), the area 100A is not locked (step S52 in FIG. 8). ), The information of the area 100A and the password P
The set X is stored in the EEPROM 13 (step S5 in FIG. 8).
4) The area 100A is locked with the password PX (step S55 in FIG. 8).

Here, the user X uses the password PX to set the area 100 locked by the password PX.
A and the area 100 unlocked at that time
B, 100C can be accessed.

In this state, the user Y issues an area designation command with a password for designating, for example, the area 100B and for locking the area 100B with the password PY from the host apparatus. It shall be issued to the disk device.

When the CPU 10 receives the area designation command with the password PY for instructing to lock the area 100B (step S51 in FIG. 8), the area 100B is not locked (step S52 in FIG. 8). ), The information of the area 100B and the password P
The set of Y is stored in the EEPROM 13 (step S5 in FIG. 8).
4) The area 100B is locked with the password PY (step S55 in FIG. 8).

Here, the user Y uses the password PY to store the area 100 locked by the password PY.
B and the unlocked area 100 at that time
C can be accessed.

On the other hand, the area that user X can access is
Since the area 100B is locked by the user Y with the password PY, the area 100A and the area 100C are obtained.
However, the user Z, who is the network administrator, uses the master password MPZ to enter the entire area 100A, 10A of the apparatus.
0B, 100C, and 100D can be accessed.

In such a state, for example, the user X
It is assumed that the user wants to access the disk device. In such a case, the user X causes the host device to issue a read / write command with a password linked with the password PX to the magnetic disk device of FIG. At this time, the area that the user X can access is the area 10 as described above.
0A and the area 100C. However, it is not easy for the user X (host device) to manage which area is accessible other than the area 100A locked by the password PX by himself. That is, it is not easy to manage which area is aborted when trying to access the disk area by the read / write command.

Therefore, in the present embodiment, each user (host device) manages the entire area that can be accessed by himself / herself with only the number of blocks N, and the address range is 0 to N−1.
And is treated as a continuous area indicated by the address (logical address) above. Therefore, this apparent address is used to specify the access destination by the read / write command with the password.

For example, now, the number of blocks that can be accessed by the user X is 100 blocks in the area 100A and 100 blocks in the area 100A.
C is 500, which is a total of 400 blocks of C. In this case, when the CPU 10 of the magnetic disk device of FIG. 1 receives a read / write command with the password PX (from the user X) (Step S61 in FIG. 9), the apparent address accessible by the password PX (see FIG. 9). The logical device operates as a device having a disk area in the range of 0 to 499. Here, the addresses (physical addresses) on the actual disk area of the apparent addresses 0 to 99 are as follows:
As shown in FIG. 10, the addresses (physical addresses) corresponding to 0 to 99 in the area 100A (in this case, the logical address and the physical address match), and the apparent addresses 100 to 499 on the actual disk area. Is the area 100
C of 400 to 799.

Similarly, the number of blocks that can be accessed by user Y is 300 blocks in area 100B and 100 blocks in area 100C.
The sum of the 400 blocks is 700. in this case,
When the CPU 10 of the magnetic disk device of FIG. 1 receives a read / write command with the password PY (from the user Y) (step S61 in FIG. 9), the password P
The device operates as a device having a disk area in an apparent address (logical address) 0 to 699 accessible by Y. Here, the addresses (physical addresses) of the apparent addresses 0 to 299 on the actual disk area correspond to the addresses 100 to 399 of the area 100B, as shown in FIG. The address (physical address) on the disk area is
C of 400 to 799.

As described above, when receiving the read / write command with the password from the host device (step S61 in FIG. 9), the CPU 10 operates as a device accessible by the password and accesses the access destination address ( The logical address) is converted into an address (physical address) on the actual disk area determined by the password (step S62 in FIG. 9). For example, if 100 is specified as the access destination address by the read / write command with the password PX from the user X, the address 100 is converted into 400 as is clear from FIG. Similarly, if 0 is designated as the access destination address by the read / write command with the password PY from the user Y, the address 0 is converted to 100 as is clear from FIG.

The apparent address (logical address) accessible by the master password MPZ from the user Z naturally coincides with the addresses (physical addresses) 0 to 999 of all the actual disk areas of the apparatus. .

When the address conversion is completed, the CPU 10 executes an access specified by the read / write command using the converted address (physical address) (step S63 in FIG. 9).

As described above, in the present embodiment, the area locked by another user (the password from) can be ignored by the address conversion inside the magnetic disk device shared by each user. It is possible to easily manage the accessible area in the host device).

In such a magnetic disk drive, for example, the system area of user X is area 100A, the system area of user Y is area 100B, and area 100C is
Is used as a common area such as file storage as a data area, each system area is not accessed by another user. Also, the user Z is in the area 10
By using 0D as the entire system management area, the entire area of the apparatus can be accessed by the master password MPZ, so that periodic diagnosis (e.g., virus check) of the apparatus can be performed.

In the above embodiments, the magnetic disk device has been described. However, the present invention can be applied to data recording / reproducing devices other than the magnetic disk device, such as a magneto-optical disk device and an optical disk device.

[0098]

As described above in detail, according to the present invention, it is possible to realize a security function suitable for use in a server machine or the like which is accessed from a plurality of host devices and shared.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a magnetic disk drive according to an embodiment of the present invention.

FIG. 2 is a flowchart for explaining lock processing when the first security management method is applied.

FIG. 3 is a flowchart for explaining processing at the time of issuing a read / write command when the first security management method is applied;

FIG. 4 is a flowchart for describing unlocking processing when the first security management method is applied.

FIG. 5 shows an example of a locked area and an unlocked area;
FIG. 7 is a diagram showing an example of registration of a set of information and a password of an area to be locked.

FIG. 6 is a flowchart for explaining lock-time processing when the second security management method is applied.

FIG. 7 is a flowchart for explaining processing at the time of issuing a read / write command with a password when the second security management method is applied;

FIG. 8 is a flowchart for explaining lock processing when the third security management method is applied.

FIG. 9 is a flowchart for explaining processing at the time of issuing a read / write command with a password when the third security management method is applied;

FIG. 10 is a diagram showing an example of division of a disk area when a third security management method is applied, and a correspondence relationship between a physical address of each divided area and a logical address of an area accessible for each password.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Disk, 10 ... CPU (Lock means, unlock means, lock area determination means, read / write command execution means, address conversion means), 11 ... ROM, 13 ... EEPROM, 50A, 50B, 100A-100D ... area.

 ──────────────────────────────────────────────────続 き Continuing from the front page (72) Inventor Kazuo Issumigi 2-9-9 Suehirocho, Ome-shi, Tokyo Inside Toshiba Ome Plant Co., Ltd.

Claims (12)

[Claims] 1. A data recording / reproducing apparatus for accessing an information recording medium in response to a request from a host device, wherein a password is set for a specific area of a recording area of the information recording medium to lock the specific area. A lock unit that unlocks the specific area by receiving a password that matches a password set corresponding to the specific area locked by the lock unit from the host device. A data recording / reproducing apparatus comprising: 2. The method according to claim 1, wherein the lock unit is capable of receiving a change instruction of the specific area to be locked, which is given from the host device, and changes the area according to the change instruction when receiving the change instruction. The data recording / reproducing apparatus according to claim 1, wherein 3. A shared use by a plurality of host devices,
In a data recording / reproducing device for accessing an information recording medium in response to a request from the host device, one of each divided region obtained by dividing a specific region of the recording region of the information recording medium is designated by the host device; When it is instructed to lock the designated divided area with a designated password, the instruction is accepted and the locking means for locking the designated divided area with the designated password; and Data recording / reproducing means for receiving, from the host device, a password corresponding to a password set corresponding to the divided area, thereby unlocking the locked state of the corresponding divided area. apparatus. 4. Shared use by a plurality of host devices,
In a data recording / reproducing device for accessing an information recording medium in response to a request from the host device, an arbitrary area on the information recording medium may be designated by the host device, and the designated area may be locked with a designated password. When instructed, accept that instruction,
A lock unit that locks the specified area with the specified password; and receiving a password that matches a password set corresponding to the area locked by the lock unit from the host device, and A data recording / reproducing apparatus, comprising: an unlocking unit for releasing a locked state of an area. 5. A shared use by a plurality of host devices,
In a data recording / reproducing device for accessing an information recording medium in response to a request from the host device, an arbitrary area on the information recording medium may be designated by the host device, and the designated area may be locked with a designated password. When instructed, accept that instruction,
A lock unit for locking the specified area with the specified password; and when a read / write command added with a password is given from the host device, an access destination specified by the read / write command is locked by the lock unit. Lock area determining means for checking whether or not the access destination is within the locked area; and when the lock area determining means determines that the access destination is within the locked area, the password set in the area and the read A data recording / reproducing apparatus, comprising: read / write command execution means for comparing a password attached to a / write command and executing the read / write command only when the passwords match. 6. An instruction from the host device to lock an arbitrary area is a specific write command having an access destination start address, transfer length information, and a password, and the lock unit includes: When a specific write command is received, an address area specified by the access destination start address and transfer length information specified by the write command is locked by the password added to the write command. 6. The data recording / reproducing device according to 5. 7. A shared use by a plurality of host devices,
In a data recording / reproducing device for accessing an information recording medium in response to a request from the host device, one of the divided regions obtained by dividing the recording region of the information recording medium is designated by the host device, and the designated divided region is designated In the case where an instruction to lock with the password is given, the instruction is accepted, and a lock unit that locks the designated divided area with the designated password is set in each of the divided areas locked by the lock unit. For each of the passwords, all the divided areas accessible by the password are regarded as one continuous area, and a logical address is assigned and managed. A password is added from the host device, and the access destination is the logical address. When a read / write command indicated by an address is given, the logical address is Address conversion means for converting to a corresponding physical address in an area accessible by a password attached to the read / write command; and read for executing the read / write command using the address converted by the address conversion means. And a write command execution means. 8. A security management method in a data recording / reproducing apparatus for accessing an information recording medium in response to a request from a host device, wherein a password is set for a specific area of a recording area of the information recording medium. Locking the specific area, receiving a password matching the password set corresponding to the locked specific area from the host device, thereby unlocking the locked state of the specific area. Characteristic security management method. 9. A shared use by a plurality of host devices,
A security management method in a data recording / reproducing device for accessing an information recording medium in response to a request from the host device, wherein each of the divided regions obtained by dividing a specific region of the recording region of the information recording medium from the host device Is designated, and when it is instructed to lock the designated divided area with a designated password, the instruction is accepted, the designated divided area is locked with the designated password, and the locked divided area is designated. Receiving from the host device a password that matches a password set in accordance with (1), thereby unlocking the corresponding divided area in a locked state. 10. A security management method in a data recording / reproducing apparatus shared and used by a plurality of host devices and accessing an information recording medium in response to a request from the host device, comprising: If an arbitrary area is specified and it is instructed to lock the specified area with a specified password, the instruction is accepted,
The specified area is locked with the specified password, and a password that matches a password set corresponding to the locked area is received from the host device, so that the locked state of the corresponding area is released. A security management method characterized in that: 11. A security management method in a data recording / reproducing apparatus shared and used by a plurality of host devices and accessing an information recording medium in response to a request from the host device, wherein: If an arbitrary area is specified and it is instructed to lock the specified area with a specified password, the instruction is accepted,
The specified area is locked with the specified password, and when a read / write command added with a password is given from the host device, an access destination specified by the read / write command is locked by the lock unit. If the access destination specified by the read / write command is determined to be within the lock area, it is determined whether or not the access destination is within the lock area, and the password set in the area and the read / write command are added. A security management method, wherein the read / write command is executed only when the passwords are identical to each other. 12. A security management method in a data recording / reproducing device shared and used by a plurality of host devices and accessing an information recording medium in response to a request from the host device, wherein: When one of the divided areas obtained by dividing the recording area is designated, and it is instructed to lock the designated divided area with a designated password, the instruction is accepted and the designated divided area is locked with the designated password. For each of the passwords set in each of the locked divided areas, all the divided areas accessible by the password are regarded as one continuous area, and a logical address is assigned to manage the divided areas. A read / write frame to which a password is added and the access destination is indicated by the logical address. Command, the logical address is converted into a corresponding physical address in an area accessible by a password attached to the read / write command, and the read / write command is converted using the converted address. A security management method.