JP2003122443A - Electronic equipment with security function and security management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To ease or tighten a security level matching actual operation by executing an authentication process when power is on, in such a way that the process is not fixed at all times but changed according to the total off time of the power supply from the previous switching off to the current switching on of the power supply. SOLUTION: A sub CPU 102 of a portable terminal device 1 accesses a clock 110 when power is on, and acquires the total off time from the previous switching off to the current switching on of the power supply. The sub CPU 102 selects either of three kinds of authentication process programs according to the total off time and executes the selected authentication process program to perform control to determine whether or not a security lock is released.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention
The present invention relates to an electronic device with a security function that controls whether or not to release a security lock for authentication, a security management system, and programs thereof.

[0002]

2. Description of the Related Art Generally, in an information processing device such as a handy terminal or a personal computer, user authentication processing is performed based on user-specific information input when the power is turned on. As the processing, various user authentication methods such as a method of performing user authentication based on an input password and a method of performing user authentication based on fingerprint pattern data detected by a fingerprint sensor are known.

[0003]

However, in the case of password authentication, every time the power is turned on,
I had to enter a 4-digit password, which was troublesome. In particular, in order to prevent the power supply battery from being depleted, if there is an auto power-off function (APO function) that automatically turns off the power when it has not been used for a predetermined period of time, input operation is temporarily performed. Even if you seem to have interrupted
Since the power supply is automatically turned off by the APO function, it is necessary to enter the password each time, resulting in a loss of operability. Further, in the method of performing user authentication based on the fingerprint pattern data, the operability is good as compared with the above-mentioned password authentication because input is possible by one-touch operation, but there is a difficulty in handling it. If the finger or the sensor is dirty, the recognition rate will deteriorate, so it is necessary to wash the hand and clean the sensor regularly. As described above, in any of the conventional user recognition methods, there are problems such as impairing operability and being difficult to handle, and conversely, the password is stolen by a third party or is misused by using a pseudo finger. In some cases, it was not in line with the actual operation, such as sometimes being done. On the other hand, the portable terminal device has a risk of being lost or stolen on the go because it is carried and used on the go, and important confidential corporate information in a portable recording medium or built-in memory. If personal information is stored, important information may be leaked to others due to loss or theft.

An object of the first invention is not to constantly fix the authentication processing executed when the power is turned on, but to change the authentication processing according to the total off time from the previous power off to the current power on. The security level can be relaxed and strengthened according to the actual operation. A second object of the present invention is to not always fix the authentication processing executed when the power is turned on, but to change the authentication processing according to the power-off factor of the previous time, and relax the security level according to the actual operation. It is to be able to realize strengthening. A third object of the present invention is to enable a host device to monitor unauthorized use of a portable terminal device by a third party even if the portable terminal device is lost or stolen, and the portable terminal device can be monitored. It is to be able to realize security management considering the characteristics of the device.

The means of the present invention are as follows. The invention according to claim 1 (the first invention) is an electronic device with a security function for controlling whether or not to perform an authentication process and release a security lock based on input information when the power is turned on. The off-time measuring means for measuring the cumulative off-time from the power-off to the current power-on, and the authentication of any one of a plurality of authentication processes with different ways of releasing the security lock The selection means is provided for selecting according to the cumulative OFF time measured by the means, and the authentication process selected by the selection means is executed to control whether or not the security lock is released.

Therefore, in the first aspect of the present invention, the authentication process executed when the power is turned on is not always fixed, but the authentication process is performed according to the cumulative off time from the last power-off to the current power-on. Since the security level can be changed, the security level can be relaxed and strengthened according to the actual operation, and the operability can be improved and advanced security management can be performed.

The first invention may be as follows. When the cumulative off time measured by the off time measuring means exceeds a predetermined time that is predetermined, the selecting means selects a normal input format authentication process, and if it is within the predetermined time, The authentication process of the simplified input format is selected (the invention according to claim 2). Therefore, according to the invention described in claim 2, in addition to the effect similar to that of the invention described in claim 1, for example, the automatic power-off function (APO function) is activated by the temporary interruption of the input operation, and the power supply is turned on. When is turned off, the simplified input format authentication process is selected, so that the security lock can be released without much trouble.

If the accumulated off-time measured by the off-time measuring means is equal to or longer than a predetermined time, the selecting means performs an authentication process with a higher security lock release condition than a normal authentication process. Select (the invention according to claim 3). Therefore, according to the invention described in claim 3, in addition to having the same effect as the invention described in claim 1, when the electronic device is lost for a long period of time such as a business trip, the electronic device is lost. Since the authentication process in which the security lock release condition is made higher than the normal authentication process is selected, it is possible to further enhance the safety as compared with the normal case.

In addition to the main control means which is driven according to the main power source, there is a sub control means which is driven according to the sub power source when the main power source is off. This sub control means is the selection means. When the authentication process selected by is executed to release the security lock, the main power supply is turned on (the invention according to claim 4). Therefore, according to the invention described in claim 4, in addition to the effect similar to that of the invention described in claim 1, for example, even when a password is stolen by a third party, the main power is turned off in the authentication process. Since it is carried out in a state where the third party does not know how to use it and cannot enter the password, it is possible to reliably prevent unauthorized use by the third party.

Further, a program for causing the computer to realize the main functions shown in the above-mentioned invention of claim 1 is provided (invention of claim 9).

The invention according to claim 5 (second invention) is
When the power is turned on, an electronic device with a security function that controls whether to perform the authentication process based on the entered information to release the security lock. Among a plurality of types of authentication processing having different ways of releasing the lock, there is provided selection means for selecting any one of the authentication processings according to the off factor determined by the determination means, and the selection processing is performed by the selection means. It is configured to control whether the authentication process is executed to release the security lock.

Therefore, in the fifth aspect of the present invention, the authentication processing executed when the power is turned on is not always fixed, but the automatic power-off function () is caused by the previous power-off factor, for example, temporary interruption of the input operation. APO function) is activated and the authentication process can be changed according to the off factor such as whether the power was turned off, the power was turned off due to a hardware error, or the power was turned off due to an illegal operation. The security level can be relaxed and strengthened, which improves operability and enables advanced security management.

The second invention may be as follows. An off time measuring means for measuring the cumulative off time from the last power-off to the current power-on is provided, and the selecting means selects the off time measured by the off-time measuring means from among a plurality of types of authentication processing. The authentication process is selected based on the cumulative time and the off factor determined by the determination means (the invention according to claim 6). Therefore, according to the invention described in claim 6, in addition to the effect similar to that of the invention described in claim 5, other power-off factors such as power-off due to operation of the APO function, power-off due to hardware abnormality, etc. In addition, since the authentication processing is selected in consideration of the cumulative off time from the last power-off to the current power-on, more detailed security management is possible.

Further, a program for causing the computer to realize the main functions shown in the above-mentioned invention of claim 5 is provided (invention of claim 10).

The invention according to claim 7 (third invention) is
A security management system that has a host device that manages a plurality of portable terminal devices, and manages the security of each terminal device under the supervision of the host device. Each portable terminal device is a host device when the power is turned on. A transmitting means for communicating with the portable terminal device to transmit its own terminal identification information; and a host device, which stores and manages information indicating availability of the portable terminal device, corresponding to each portable terminal device. When the terminal identification information transmitted from the portable terminal device is received, it is determined whether or not the portable terminal device can be used by referring to the terminal information storage means, and the response information indicating the determination result is displayed. Transmitting means for transmitting to the source portable terminal device, and control means for controlling whether the portable terminal device receiving the response information releases the security lock based on the response information. It is those provided with the.

Therefore, according to the seventh aspect of the present invention, since the host device can monitor the unauthorized use of the portable terminal device, the host device can be lost or stolen if the portable terminal device is lost or stolen. On the other hand, in response to the report from the legitimate owner, it is possible to surely prevent unauthorized use of the portable terminal device by a third party only by changing the setting to prohibit the use of the portable terminal device. You can

The third invention may be as follows. The host device has a transmitting means for designating a portable terminal device and transmitting information indicating prohibition of use, and each portable terminal device forces a power supply when receiving information indicating prohibition of use from the host device. The portable terminal device, which has been illegally used, is forcibly turned off by remote control from the host device (the invention according to claim 8). Therefore, according to the invention of claim 8,
In addition to having the same effect as the invention according to claim 7, for example, when an unauthorized use is found on the host device side, the use can be forcibly terminated midway, and security enhancement against the unauthorized use can be achieved. Can be realized.

[0018]

BEST MODE FOR CARRYING OUT THE INVENTION (First Embodiment) A first embodiment of the present invention will be described below with reference to FIGS. Figure 1
[FIG. 2] is a block diagram showing an overall configuration of a security management system in this embodiment. This security management system has a host computer 2 that manages a plurality of mobile terminal devices 1. In addition to the security management performed by each mobile terminal device 1 itself, each security terminal system is controlled by the host computer 2. The security of the mobile terminal device 1 is managed. Here, each mobile terminal device 1 and the host computer 2 are connected to a wireless L dedicated to the premises.
It is communicatively connected by AN3.

Each mobile terminal device 1 is provided with a plurality of types (three types) of authentication processing programs, each of which has a different method of releasing the security lock. That is, a normal authentication processing program that executes user authentication processing based on the input user information (password),
The authentication processing program has an input format (one-touch key input method) that is simpler than the normal authentication processing, and the authentication processing program has a higher security lock release condition than the normal authentication processing. In addition, each mobile terminal device 1 measures the cumulative off-time from the last power-off to the current power-on, and measures one of the authentication processing programs among the plurality of types of authentication processing programs. The selection is made according to the total off time.

Each mobile terminal device 1 has a main CPU 101.
In addition, a main CPU 101 has a sub CPU (device controller) 102, and is a central processing unit that controls main operations of the mobile terminal device 1 according to an operating system and various application software in the storage device 103. The storage device 103 stores an operating system and various application software, a registration password set in advance for user authentication, terminal identification information (serial number), and the like, and is configured by magnetic, optical, semiconductor memory, or the like. It has a recording medium 104 and its drive system.

The recording medium 104 is a fixed medium or a portable medium such as a detachably mountable CD-ROM, floppy desk, RAM card, magnetic card or the like. Further, the programs and data in the recording medium 104 are RA under the control of the main CPU 101 as needed.
The M (for example, static RAM) 105 is loaded, or the data in the RAM 105 is saved in the recording medium 104. Further, the recording medium may be provided on the external device side such as a server, and the main CPU 101
Can also directly access and use the program / data in this recording medium via the sub CPU 102 and the wireless communication device 106.

The main CPU 101 is a recording medium 10
4 is partially or wholly stored in the recording medium 4 from another device side via the wireless communication device 106, and the recording medium 10
4 can be newly registered or additionally registered. Furthermore, the program / data may be stored and managed by an external device such as a server, and the main CPU 10
1 can also directly access and use programs / data on the external device side via the wireless communication device 106.
On the other hand, the main CPU 101 includes a wireless communication device 106, an input unit 107, and a power supply unit 1, which are its input / output peripheral devices.
08 is connected via the sub CPU 102, and the display unit 109 and the clock 110 are connected via a bus line.

The sub CPU 102 is a radio communication device 10.
6, a device controller for controlling the input unit 107 and the power supply unit 108, a low power consumption type CPU is used,
It is configured to have an internal ROM 102a and an internal RAM 102b. Then, the sub CPU 102 is the main C
It operates independently even when the PU 101 is not operating. This internal R
The OM 102a stores a plurality of types (three types) of authentication processing programs that differ in how to release the security lock. The power supply unit 108 includes a main power supply unit 108a and a sub power supply unit 108b, and the main CPU 101 is driven by the main power supply unit 108a, and the main power supply unit 10 is driven.
When the CPU 8a is off, the sub CPU 102 and the input unit 10
7. The clock 110 is driven by the sub power supply unit 108b.

The input section 107 has a power switch 107a for turning on / off the main power section 108a. When the power switch 107a is turned off, the main CPU 10 is turned off.
1, the driving of the display unit 109 and the like is stopped, but the sub CPU
102 becomes operable by using the sub power supply unit 108b as a drive source. The clock 110 also functions as a clock for power-off time measurement in addition to the normal system date and time information. When the clock 110 functions as a power-off time measurement, when the main power supply unit 108a is turned off. Start the timekeeping operation, and then main power supply 1
The total off-time until the 08a is turned on again is measured.

FIG. 2 shows the internal ROM 1 of the sub CPU 102.
02a and the internal RAM 102b are shown. The internal ROM 102a has a program memory M1 in which the above-mentioned three types of authentication processing programs are stored. The internal RAM 102b has a password setting memory M2, an off-time memory M3, and a serial number memory M4. In the password setting memory M2, a unique password previously input and set by the user of the mobile terminal is used as registration information for user authentication. Remembered Off-time memory M3
Is a work memory that temporarily stores the cumulative off time from when the main power supply unit 108a was turned off last time to when it is turned on this time. When the main power supply unit 108a is turned on this time,
It is obtained from the clock 110 and set in the off-time memory M3. The serial number memory M4 is a memory in which pre-assigned terminal identification information is registered as setting information.

FIG. 3 is a correspondence table showing the relationship between the authentication processing program started by the sub CPU 102 according to the cumulative off time when the power switch 107a is turned on, and the method of releasing the protection. Here, the sub CPU 10
2, when the power switch 107a is turned on, the accumulated off-time is acquired from the clock 110 and the off-time memory M3 is acquired.
Is set, and one of the three types of authentication processing programs described above is selected according to the cumulative off time in the off time memory M3, and the authentication processing is executed. Note that, of the above-mentioned three types of authentication processing programs A, B, and C, a normal authentication processing program that executes user authentication processing based on the input user information (password) is referred to as "B". An authentication processing program with a simpler input format (one-touch key input method) than the authentication processing program B is referred to as “A”, and an authentication processing program with a higher security unlock condition than the normal authentication processing program B is referred to as “C”. ".

In this case, the cumulative off time is "less than 1 hour".
In the case of, the authentication processing program A is selected to start,
In the case of "1 hour or more and less than 48 hours", the authentication processing program B is selected and activated, and in the case of "48 hours or more", the authentication processing program C is selected and activated. Then, as a protection canceling method corresponding to each authentication processing program, the following procedure is performed. That is, in the case of the authentication processing program A, “push the power switch 107a and then the numeric key“ 5 ”once”, and in the case of the authentication processing program B, “the numeric key after pressing the power switch 107a. Enter the password depending on the key. "If the authentication processing program C," Power switch 1
After pressing 07a to connect to the host computer 2 and obtain the license on the host side, enter the password depending on the numeric keypad. " As described above, the protection cancellation method has different weights (security levels) for each authentication processing program.

Next, the operation algorithm of the security management system in the first embodiment will be described with reference to the flow charts shown in FIGS. Here, each function described in these flowcharts is stored in the form of a readable program code, and the operation according to this program code is sequentially executed. Also,
It is also possible to sequentially execute the operation according to the above-mentioned program code transmitted via the transmission medium. This is the same in other embodiments described later, and it is also possible to execute the operation peculiar to this embodiment by using a program / data externally supplied via a transmission medium in addition to the recording medium.

FIG. 4 shows the operation of the portable terminal device 1 when the power is turned on, that is, the operation of the sub CPU 102 which is started when the power switch 107a is pressed while the main power supply 108a is off. It is a flowchart showing. First, the sub CPU 102 accesses the clock 110 functioning for measuring the power-off time, obtains the cumulative off-time from the last time the power switch 107a was turned off until the current on-operation, and turns off. Set in time memory M3 (step A
1). Then, it is checked whether or not this cumulative off time is "less than 1 hour" (step A2), and if it is not "less than 1 hour", it is checked whether "1 hour or more to less than 48 hours" or "48 hours or more". (Step A3).

If the cumulative off time is "less than 1 hour", the authentication processing program A in the program memory M1 is selected and the authentication processing according to it is executed (step A4). If "1 hour or more and less than 48 hours" (step A3), the authentication processing program B is selected, and the authentication processing according to it is executed (step A3).
5) Further, if it is "48 hours or more", after selecting the authentication processing program C and executing the authentication processing according to it (step A6), the authentication processing program B is continued.
The authentication processing according to the above is executed (step A7). The authentication processing corresponding to the authentication processing programs A to C is executed according to the flowcharts shown in FIGS. 5 to 7. As a result of such authentication processing, activation is OK (acknowledgement).
If it is obtained (step A8), the main power supply unit 108
Although a is turned on (step A9), if a negative response is obtained (step A8), the power switch 107a returns to the waiting state.

5 to 7 show authentication processing programs A to C.
5 is a flowchart detailing an authentication process corresponding to.
First, in the flowchart of FIG. 5, when the authentication processing program A is started, the input unit 107 is accessed to detect the key input state (step A41), and it is determined which key has been operated (step A41). A4
2) If none of the keys are operated, whether a certain time has passed since the authentication processing program A was started,
That is, it is determined whether or not a time-out has occurred (step A43),
If not, the process returns to step A41.

If any key is operated before the time-out occurs (step A42), it is determined whether the operation key is the numeric key "5" (step A).
44). If a time-out is detected in step A43 or if the operation key is not the numeric key "5" in step A44, it is determined that the power switch 107a is in a waiting state in order to return to the waiting state. However, if the numeric key “5” is operated before the time-out, it is determined that the activation is OK in order to turn on the main power supply unit 108a.

On the other hand, in the flow chart of FIG. 6, when the authentication processing program B is activated, it becomes ready to accept the input of the password (step A51),
The input of the password is accepted from the activation of the authentication processing program B until a fixed time elapses (steps A51 to A53). Here, when the password is input, the contents of the password setting memory M2 are acquired,
The input password and the set password are collated (step A54). As a result, when it is detected that a valid password is input, it is determined that the startup is OK in order to turn on the main power supply unit 108a, but step A53.
If a time-out is detected in step A54 or if a password mismatch is detected in step A54, it is determined that the power supply switch 107a is in a waiting state, that the activation has failed.

On the other hand, when the authentication processing program C is activated, the operation according to the flowchart of FIG. 7 is started, but in this case, data transmission / reception with the host computer 2 is performed. First, the mobile terminal device 1 opens a communication port (step A61) and establishes a connection state with the host computer 2 (step A6).
2) When the response of connection OK is received from the host computer 2 (step A63), the serial number memory M4 is accessed and the terminal identification information (serial number) is transmitted to the host computer 2 (step A6).
4). After that, it waits for a response from the host computer 2 (step A65).

FIG. 8 is a flowchart showing the operation on the host computer 2 side corresponding to the processing of the authentication processing program C. The host computer 2 waits for a connection request from the mobile terminal device 1 (step B
1) When receiving the request, a connection response is sent to the requesting mobile terminal device 1 (step B2). When the serial number is waited (step B3) and the serial number is received, the serial number management table (not shown) is referred to based on the received serial number to determine whether the terminal is usable or not. Perform processing (step B
4).

That is, in the above-mentioned serial number management table, information indicating "use permission / non-permission" is set corresponding to the serial number peculiar to each terminal, and normally, "use permission" is set. However, when the portable terminal device 1 is lost, “use not permitted” is set corresponding to the terminal according to the application of the owner. If "use permission" is set for the terminal having the received serial number (step B5), a "start OK" response is transmitted to the requesting portable terminal device 1 (step B6). If "use not permitted" is set (step B5), a "start NG" response is transmitted (step B7). Then, after executing the communication end process (step B8), the process returns to the state of waiting for a connection request from the mobile terminal device 1 (step B1).

On the portable terminal device 1 side, in the state of waiting for a response from the host computer 2 (step A6 in FIG. 7).
5) It is checked whether a response from the host computer 2 is received before the time-out (step A6).
6) When the response from the host computer 2 is received, after the communication end processing is executed (step A67),
The content of the response from the host computer 2 is discriminated (step A68), and if it is a "starting NG" response, the power switch 107a is returned to the waiting state, but if it is a "starting OK" response, the processing of the authentication processing program B is performed. Move to. Note that the processing of the authentication processing program B in this case is also performed according to the flowchart of FIG. 6 described above.

As described above, in the first embodiment, the portable terminal device 1 acquires the cumulative OFF time from the previous power-off to the current power-on when the power is turned on, and uses this cumulative power-off time as the power-off cumulative time. Depending on which of the three authentication processing programs A, B, and C is selected, and whether or not the security lock is released by executing the selected authentication processing program is controlled, the cumulative power-off time The authentication processing program can be changed according to the above. That is, the authentication process executed when the power is turned on is not always fixed,
Since the authentication process can be changed according to the cumulative off time from the last power-off to the current power-on, the security level can be relaxed and strengthened according to the actual operation. It is possible to improve security and perform advanced security management.

In this case, the cumulative off time is "less than 1 hour".
If so, the authentication processing program B which is a normal input format
Since the authentication processing program A with a simplified input format is selected for, for example, when the power is turned off when the auto power off function (APO function) is activated due to a temporary interruption of the input operation, The security lock can be released without much effort. If the cumulative off time is "1 hour or more and less than 48 hours", the authentication processing program B is selected, so that the security can be maintained as usual, and if "48 hours or more", the authentication is performed. Since the authentication processing program B is selected after the processing program C is selected, it is possible to perform the authentication processing with a higher security lock release condition than the normal authentication processing program B, for example, for a long time such as a business trip. If you have not used your device or lost your electronic device,
It is possible to further improve safety as compared with usual.

Further, in addition to the main CPU 101 driven according to the main power supply unit 108a, the main power supply unit 108a
Has a sub CPU 102 that is driven according to the sub power supply unit 108b when the sub CPU 10 is turned off.
2 selects the authentication processing program and determines whether or not to execute the authentication processing program to release the security lock. When releasing, the main power supply unit 108a is turned on. Even if is stolen by a third party, the authentication processing program is performed with the main power off, so the third party has no idea how to use it and cannot enter the password. It is possible to reliably prevent unauthorized use by a person.

In the first embodiment described above,
The authentication processing program is selected when the power is turned on to control whether or not the security lock is released. However, while the portable terminal device 1 is being activated, the host computer 2
The main power supply may be forcibly turned off when the information indicating the prohibition of use is received from. FIG. 9 is a flowchart showing the operations of the main CPU 101, the sub CPU 102, and the host computer 2 on the side of the mobile terminal device 1.

The host computer 2 is the mobile terminal device 1.
The "use prohibited" command is issued as a sub-CP depending on the lost application
It is transmitted to U102 (step C1). Sub CPU1
When the host 02 receives the “use prohibited” command (step C3) while waiting for communication from the host computer 2 (step C2), the main power-off command is issued to the main CP.
Notify U101 (step C4). Main C
The PU 101 (step C
5) When this forced power off command is input, the main power supply unit 108a is forcibly turned off (step C6).

As described above, since the main power supply is forcibly turned off when the use prohibition command is received from the host computer 2 while the portable terminal device 1 is being activated, for example, on the host computer 2 side. When an unauthorized use of the mobile terminal device 1 is discovered, the use can be forcibly terminated on the way, and security enhancement corresponding to the unauthorized use can be realized.

In the first embodiment described above,
Although three types of authentication processing programs are selected when the power is turned on, four or more types may be used. In this case, the cumulative power-off time may be subdivided according to the number of authentication processing programs. Further, the method of canceling the protection is also arbitrary, and any method that relaxes or strengthens the input format with respect to the normal input format may be used. For example, signature input using a touch panel, card authentication, personal identification in a quiz format, or the like may be used. Also, when the main power supply unit 108a is off,
Although the sub CPU 102 has performed the authentication process, with the main power supply unit 108a turned on, the main CPU 101
May perform authentication processing.

On the other hand, a recording medium (for example, a CD-ROM, a floppy disk, a RAM card, etc.) in which the program codes for executing the above-mentioned means are recorded may be provided to the computer.
That is, it is a recording medium having a computer-readable program code, and has a function of measuring the cumulative off time from the last power-off to the current power-on, and a plurality of different types of security lock releasing methods. A program for realizing a function of selecting any one of the authentication processes in accordance with the accumulated OFF time and a function of executing the selected authentication process and controlling whether to release the security lock. You may make it provide the computer-readable recording medium which recorded.

(Second Embodiment) A second embodiment of the present invention will be described below with reference to FIGS. 10 and 11. In the first embodiment described above, any one of the three types of authentication processing programs A, B, and C is selected according to the cumulative power-off time, but in the second embodiment, the power-on is further performed. At the same time, the authentication processing program is changed in consideration of the previous power-off factor. Here, basically the same components in both embodiments are denoted by the same reference numerals, and the description thereof will be omitted. In addition, the characteristic part of the second embodiment will be mainly described below.

FIG. 10 shows the sub CPU 1 of the portable terminal device 1.
2 is a diagram showing a memory provided in No. 02, in addition to the program memory M1, the password setting memory M2, the off-time memory M3, the serial number memory M4, as in the above-described first embodiment, the second embodiment. In, an off factor memory M5 is provided. Off factor memory M5
Is a memory in which the off factor is stored and held.
When the main power supply unit 108a is turned off, 02 determines the present off factor from a plurality of predetermined off factors and sets it in the off factor memory M5.

FIG. 11 is a correspondence table showing the relationship between the cumulative power-off time and the processing program activated according to the power-off factor, and the method of releasing the protection or the operation content of the program. Here, when the cumulative off time measured by the clock 110 is “less than 1 hour”, and the power off factor is “automatic off by APO”, “the authentication processing program to be started is“ none ””, Further, the method of canceling the protection in this case is "pressing the power switch 107a".

If the power-off factor is "power-off due to hardware abnormality", the "data save program" is selected. This "data save program"
This is a process for transferring the data on the RAM to the host computer 2 and saving it. Further, when the cumulative off time is “less than 1 hour” and the power-off factor is “off due to unauthorized operation”, “authentication processing program C”
Is selected, the method of canceling the protection is the same as in the above-described first embodiment, and when the power-off factor is “other”, “authentication processing program A” is selected and the protection is canceled. The method is the same as in the first embodiment described above.

On the other hand, the cumulative off time is "1 hour or more to 48 hours.
In the case of "less than time", if the power off factor is "Power off due to hardware error", "Data save program" is selected, and if the power off factor is "Off due to unauthorized operation", "Authentication""Processing program C" is selected. If the power off factor is "other",
The “authentication processing program B” is selected, and the method of canceling the protection is the same as in the above-described first embodiment. Further, in the case where the cumulative off time is "48 hours or more", if the power off factor is "power off due to hardware error", "data save program" is selected, and if "other", “Authentication processing program C” is selected.

As described above, in the second embodiment, in the same manner as the first embodiment described above, the program activated at power-on is changed according to the cumulative power-off time, and the second embodiment is also performed. In, the last power off factor,
For example, a processing program at the time of power-on depending on the power-off due to the operation of the APO function due to the temporary interruption of the input operation, the power-off due to a hardware abnormality, the power-off due to an illegal operation, etc. Since it can be changed, more detailed security management is possible, and it is more suitable for actual operation.

A recording medium (for example, a CD-ROM, a floppy disk, a RAM card, etc.) in which the program code for executing each of the above-mentioned means is recorded may be provided to the computer.
That is, a recording medium having a computer-readable program code, which has one of a plurality of types of user authentication processing with a function of determining a previous power-off factor when the power is turned on and a method of releasing a security lock A program for implementing a function of selecting the user authentication process according to the determined off factor and a function of executing the selected user authentication process and controlling whether to release the security lock is recorded. A computer-readable recording medium may be provided.

[0053]

According to the first invention (the invention according to claim 1), the authentication processing executed at the time of power-on is not always fixed, and the cumulative off-time from the previous power-off to the current power-on is accumulated. Since the authentication process can be changed depending on the time, relaxation of the security level according to the actual operation,
It is possible to strengthen the system, improve operability, and perform advanced security management. According to the second invention (the invention according to claim 5), the authentication processing executed at the time of power-on is not always fixed, but the power-off factor of the previous power-off, for example, the automatic power-off function by the temporary interruption of the input operation is used. Since the authentication process can be changed according to the off factor such as whether the power was turned off by the operation of, the power off due to a hardware error, or the off due to an illegal operation, the security level can be relaxed according to the actual operation. Therefore, it is possible to enhance the security, and it is possible to improve the operability and perform advanced security management. Third invention (an invention according to claim 7)
According to the above, since unauthorized use of the portable terminal device can be monitored by the host device, if the portable terminal device is lost or stolen, the host device side will report it from its legitimate owner. In response to this, only by changing the setting to prohibit the use of the portable terminal device, it is possible to reliably prevent unauthorized use of the portable terminal device by a third party.

[Brief description of drawings]

FIG. 1 is a block diagram showing the overall configuration of a security management system.

FIG. 2 is a diagram showing a configuration of an internal ROM 102a and an internal RAM 102b of a sub CPU 102.

FIG. 3 shows a sub-C when the power switch 107a is turned on.
The correspondence table which showed the relationship of the authentication process which PU102 starts according to a total off time, and the method of the protection release.

FIG. 4 shows an operation on the side of the mobile terminal device 1 when the power is turned on, that is, an operation of the sub CPU 102 which is started when the power switch 107a is pressed in a state where the main power supply unit 108a is turned off. flowchart.

FIG. 5 is a flowchart detailing an authentication processing program A.

FIG. 6 is a flowchart detailing an authentication processing program B.

FIG. 7 is a flowchart detailing an authentication processing program C.

FIG. 8 is a flowchart showing the operation on the host computer 2 side corresponding to the processing of the authentication processing program C.

FIG. 9 is a diagram for explaining an application example of the first embodiment, showing a main CPU 101 and a sub CPU 10 on the side of the mobile terminal device 1;
2. A flow chart showing the operation of the host computer 2.

FIG. 10 is a diagram showing various memories provided in the sub CPU 102 of the mobile terminal device 1 in the second embodiment.

FIG. 11 is a correspondence table showing a relationship between a processing program activated according to a cumulative power-off time and a power-off factor, and a method of canceling protection of the program or operation contents of the program in the second embodiment.

[Explanation of symbols]

1 Mobile terminal device 2 Host computer 3 wireless LAN 101 Main CPU 102 sub CPU 103 storage device 104 recording medium 106 wireless communication device 107 Input section 108a Main power supply unit 108b Sub power supply unit 107a power switch 110 clock 110 M1 program memory M2 password setting memory M3 off-time memory M3 serial number memory

Claims (10)

[Claims] 1. An electronic device with a security function for controlling whether or not a security lock is released by executing authentication processing based on input information when the power is turned on, from the last power-off to the current power-on The off-time measuring means for measuring the accumulated off-time and the authentication processing of a plurality of types having different ways of releasing the security lock are executed according to the off-time accumulated by the off-time measuring means. An electronic device with a security function, comprising: a selection unit for selecting the security lock, and controlling whether or not to release the security lock by executing the authentication process selected by the selection unit. 2. The selecting means selects a normal input format authentication process when the accumulated off time measured by the off time measuring means exceeds a predetermined time, and selects the predetermined time. The electronic device with a security function according to claim 1, wherein if it is within the range, a simplified input format authentication process is selected. 3. The authentication means, wherein the selection means has a higher security lock release condition than a normal authentication process if the cumulative off time measured by the off time measuring means is equal to or longer than a predetermined time. 2. The electronic device with a security function according to claim 1, wherein processing is selected. 4. In addition to the main control means which is driven according to the main power source, there is provided sub control means which is driven according to the sub power source when the main power source is turned off. 2. The electronic device with a security function according to claim 1, wherein the main power is turned on when the security lock is released as a result of executing the authentication process selected by the selection means. 5. An electronic device with a security function, which controls whether or not a security lock is released by performing an authentication process based on input information when the power is turned on, determines the previous power off factor when the power is turned on. And a selection unit that selects one of the authentication processes among the plurality of types of authentication processes that differ in how to release the security lock according to the off factor determined by the determination unit. An electronic device with a security function, characterized in that an authentication process selected by a selection unit is executed to control whether or not a security lock is released. 6. An off-time measuring means for measuring an accumulated off-time from the last power-off to the current power-on, wherein the selecting means selects the off-time measuring means from a plurality of types of authentication processing. 6. The electronic device with a security function according to claim 5, wherein the authentication process is selected based on the cumulative off time measured by and the off factor determined by the determination means. 7. A security management system having a host device for managing a plurality of portable terminal devices, and managing the security of each portable terminal device under the supervision of the host device. Is a transmitting means for communicating with the host device to transmit its own terminal identification information when the power is turned on, and the host device stores and manages information indicating availability of the portable terminal device in correspondence with each portable terminal device. Means, when receiving the terminal identification information transmitted from any of the portable terminal device, by referring to the terminal information storage means,
Transmitting means for determining whether or not the portable terminal device is usable, and transmitting response information indicating the determination result to the portable terminal device of the transmission source, and the portable terminal device receiving the response information, the response information A security management system comprising: a control unit that controls whether to release the security lock based on the above. 8. The host device has a transmitting means for designating a portable terminal device and transmitting information indicating prohibition of use, and each portable terminal device receives the information indicating prohibition of use from the host device. The power supply control means for forcibly turning off the power supply, and forcibly turning off the power supply of the portable terminal device being illegally used by remote control from the host device. Security management system described. 9. A computer, which has one of a plurality of types of authentication processing, which is a function of measuring a cumulative off time from the last power-off to the current power-on, and a method of releasing a security lock. A program for realizing the following: a function for selecting the authentication process according to the total off time, and a function for controlling whether to execute the selected authentication process to release the security lock. 10. A function for discriminating a previous power-off factor at the time of power-on of a computer, and a user authentication process of any one of a plurality of types of user authentication processes having different ways of releasing a security lock. A program that realizes the function to select according to the determined off factor and the function to control whether to release the security lock by executing the selected user authentication process.