JP2003186753A - Electronic device, control method of electronic device and control program of electronic device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To attain both of tamper resistance and maintenance ability of an electronic device. <P>SOLUTION: When a chassis open/close state flag 2 indicates openness of the chassis in the past, an operation of an apparatus via a predetermined shell is approved only when reset booting is instructed by a reset switch 3, while normal booting of the apparatus is prohibited when reset boosting is not instructed by the reset switch 3. In the operation of the apparatus via the shell, the chassis open/close state flag 2 is reset to a state indicating cloure by initializing an inside data memory device. Protection of data is attained by breaking or prohibiting duplication of contents in a memory device (RAM 15) when the chassis open/close state flag 2 indicates openness of the chassis in the past. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention has a case opening detection means for detecting opening of a case and a case opening / closing state flag for storing a detection state of the case opening detection means. After that, the present invention relates to an electronic device that prohibits normal activation of the device, a control method thereof, and a control program thereof.

[0002]

2. Description of the Related Art In recent years, with the spread of electronic commerce, the security of electronic devices has become more important.

In particular, an electronic payment system has been devised in which authentication information and personal information are stored in a portable electronic device such as a PDA, a mobile phone, an IC card, and payment is performed using these information. In such an electronic payment system, there is a risk that confidential data such as passwords, personal information, customer information, and monetary information may leak out by stealing the electronic device itself and reading the built-in data.

Therefore, in the unlikely event that the electronic device is stolen, the third
It has been considered to protect internal information by requesting a password or providing a special key operation at the time of starting an electronic device so that it cannot be operated even by a person's hand.

However, protection by a password or a special key operation is not sufficient for the act of taking out the storage device and directly accessing it if the device itself is stolen, and the device is small. The lighter the weight, the more likely the device will be lost or stolen.

There is also a problem that trade secrets and know-how regarding software and hardware are leaked by illegally modifying or reverse engineering the inside.

[0007] Therefore, in order to prevent a person who stole the electronic device from opening the housing to read confidential internal data, and illegally modifying or reverse engineering the inside, the tamper resistance (Tamper-Proof:
An electronic device having a function of preventing tampering or preventing fraud has also been devised. For example, even if the housing of the device is opened even once, the tamper resistant function can be realized by controlling the device so that it will never operate again.

[0008]

However, as described above, the conventional tamper resistant function that prevents the housing from operating again when it is opened is effective in preventing unauthorized modification or access by a third party. However, it may be inconvenient. For example, even if the casing is opened / closed during the regular maintenance work during the actual operation, the subsequent operation is similarly inconvenient.

SUMMARY OF THE INVENTION An object of the present invention is to solve the above problems and to make the tamper resistance and the maintainability of electronic equipment compatible.

[0010]

In order to solve the above-mentioned problems, according to the present invention, a housing opening detection means for detecting opening of the housing, and a housing for storing a detection state of the housing opening detection means. In an electronic device that has a body opening / closing state flag and prohibits the normal activation of the device once the casing is opened, a control method therefor, and a control program therefor, the case opening / closing state flag indicates that the case is in the past. When showing the opening of
A configuration is adopted in which operation of the device via a predetermined user interface is allowed only when reset activation is instructed by the reset operation means, and normal activation of the device is prohibited unless reset activation is instructed by the reset operation means. .

Alternatively, in the operation of the apparatus via the predetermined user interface, the internal data storage device is initialized to reset the case open / close state flag to a state indicating the case is closed. Adopted the configuration.

Alternatively, when the case open / close state flag indicates that the case has been opened in the past, the contents of the internal data storage device are destroyed.

Alternatively, when the case open / close state flag indicates that the case has been opened in the past, it is possible to prohibit copying the contents of the internal data storage device.

[0014]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings.

[First Embodiment] FIG. 1 shows a structure of a control system of a portable electronic device adopting the present invention, and FIG. 2 shows an appearance of a portable electronic device adopting the present invention.

The housing of the portable electronic device of this embodiment is composed of an upper case 21 and a lower case 20 as shown in FIG. 2, and is not shown to disassemble the portable electronic device. It is necessary to loosen the fastening screw and remove the upper case 21 and the lower case 20. The housing opening / closing detection switch 1 to be described later is arranged at an appropriate position between the upper case 21 and the lower case 20, and when the upper case 21 and the lower case 20 are closed, the Close signal is output to the upper case 21. When the lower case 20 is empty, the Open signal is output. For the other members denoted by the reference numerals in FIG. 2, refer to the description relating to FIG. 1 below.

In the control circuit of FIG. 1, the case opening / closing detection switch 1 is a switch for detecting the opening of the case, and is a fastening screw for fixing the case of the portable electronic device. When it is loosened and the case back is removed, an Open signal is output. This Open signal is transmitted to the control device 4 as an interrupt signal.

The open / closed state flag 2 indicates the sub CPU 6 which will be described later.
RAM15 built in (RAM1 as described later
The contents of No. 5 are retained as a backup even during the main power-off period), and the past enclosure open / close detection switch 1
Remember the state of.

The reset switch 3 is a switch for performing a hardware reset of the portable electronic device according to the first embodiment of the present invention. When the reset switch 3 is pressed, a reset signal is first output to the sub CPU 6 described later, and the sub CPU 6 starts processing from a predetermined reset vector by interrupt processing.

The reset flag 18 is set when the reset switch 3 is pressed and the sub CPU 6 resets and starts. The sub CPU 6 supplies power to the main CPU 9 described later by a signal from the power switch 7 described later. When starting, the state of the reset flag 18 is transmitted to the main CPU 9 using a signal line. It should be noted that this information is cleared when the power supply to the main CPU 9 is terminated.

The control device 4 is the central existence of the sub CPU 6 described later, and makes a comprehensive judgment for controlling the power supply of the main CPU 9 based on the open / closed state of the casing and the value of the dead battery flag 5 described later. Have the function to do.

The battery exhaustion flag 5 indicates that the sub CPU 6 will be described later.
It is provided in the built-in RAM. Specifically, a specific pattern is written in this flag,
Normally, the contents are backed up by a sub secondary battery 8 which will be described later, but when the sub CPU 6 runs out of battery, the contents are not retained and the contents change. By determining this change by the control device 4, it is treated as a flag for checking whether the battery has run out.

The sub CPU 6 incorporates an open / closed state flag 2, a battery dead flag 5, a reset flag 18, a control device 4, a ROM, a RAM and an I / F (not shown). The states of the open / closed state flag 2, the dead battery flag 5, and the reset flag 18 can be acquired by the main CPU 9 through a signal line, but other contents of the RAM and ROM are packaged in the sub CPU 6. , It is impossible to look it up from the outside. The sub CPU 6 itself is
The specifications are such that the sub-secondary battery 8 always keeps operating regardless of the state of the power switch 7 described later.

The power switch 7 is a switch for turning on the power of the portable electronic device, and its instruction signal is a sub CPU 6
When the power is supplied to the sub CPU 6 and the power supply is permitted in the sub CPU 6, the main power management device 10 to be described later is instructed to energize.

The sub secondary battery 8 is for supplying the power required for the operation of the sub CPU 6 and the backup of the built-in RAM, and further for the backup of the RAM 15, and supplies the power even if the main battery 11 described later is removed. There is a function. As a result, even if the main battery 11 is removed to disassemble the housing, for example, only the sub CPU 6 can continue to operate, and the past state of the housing open / close detection switch 1 is stored as to whether or not the housing is opened. It can be known by the open / close state flag 2.

The main CPU 9 controls the operation of the portable electronic device by using the programs and data in the ROM 14 and the variable area in the RAM 15 which will be described later.

The main power management device 10 includes a sub CPU 6
Power from the main battery 11 according to the instruction from the main CPU
9 and an interface (I / F) 12, a keyboard 13, a ROM 14, a RAM 15, a display 16 and the like.

The main battery 11 supplies power to the main CPU 9 via the main power management device 10 and also charges the sub secondary battery 8 while the main battery 11 is attached to an electronic device. .

The interface 12 is used when the portable electronic device of the present invention is connected to an external device (cellular phone, memory card, printer, etc.). The interface circuit configuration and communication method are arbitrary.

The keyboard 13 is composed of ten keys, input keys, etc., and is used for data input. The display device 16 displays a message or an image by drawing the output result by the main CPU 9.

The ROM 14 stores programs and data when the main CPU 9 executes processing, and the RAM 15
Is used for a variable area for programs and work when the main CPU 9 executes processing.

The RAM power management device 17 has a function of sending electric power from the sub secondary battery 8 to the RAM 15, and is normally designed to keep the RAM 15 energized for backup. This power supply can be cut off by an instruction from the sub CPU 6, and in this case, the backed up contents can be destroyed.

Next, the operation of the above configuration will be described.

FIG. 3 shows an algorithm executed by the main CPU 9 when the power of the portable electronic device of this embodiment is turned on.

When the power switch 7 is pressed, the sub CPU 6
When the power-on instruction is input to the sub CPU 6, the sub CPU 6 issues an instruction to supply power to the main power management device 10, so that the main CPU 9 starts operation from step S01 in FIG.

In step S02, the content of the dead battery flag 5 provided in the sub CPU 6 is checked, and if the battery is dead, the process branches to step S05, and if the battery is not dead, the process proceeds to step S03.

In step S03, the contents of the housing open / close state flag 2 provided in the sub CPU 6 are checked. If there is a sign that the housing has been opened in the past, the operation proceeds to step S06. If it has not been opened, It proceeds to step S04.

When the battery of the electronic device runs out, the contents of the RAM in the sub CPU 6 become indefinite.
Although the case open / close state flag 2 becomes invalid, in such a case, it is impossible to illegally suck up the internal data because the processing undesirably proceeds to the data destruction processing in the previous step S02.

In step S04, since it is determined that the case has not been opened in step S03 and the process has branched, a normal startup process of the portable electronic device is performed, and then, not shown. Control is transferred to the original processing (automatic execution of application programs and shell startup).

In step S05, the set battery depletion flag 5 is cleared. This is the main CPU9
This is performed by issuing a command for clearing the dead battery flag 2 from the main CPU 9 to the sub CPU 6 using a signal line connecting the sub CPU 6 and the sub CPU 6.

Step S06 is an R of the portable electronic device.
This is a process of destroying the contents of the AM 15. This clears all the data in the memory with 00, or RA
This is performed by turning off the backup power supplied from the M power management device 17 to the RAM 15.

Next, in step S07, the reset flag 1
8, it is checked whether or not the current activation is the first activation after pressing the reset switch 2. If the reset switch 18 has not been pressed just before the start-up, the sub CPU using the signal line from the main CPU 9 in step S09.
By issuing a power-off request to U6, the power supply from the main power management device 10 is cut off, and the power of the entire device is cut off.

If it is found in step S07 that the startup has just started after reset, the shell is started in step S08.

FIG. 4 is a flowchart showing the algorithm of the shell activated in step S08. The shell is a program that interprets a character string input by the operator from the keyboard 13 as a command and executes the command, for example, sh and csh in UNIX (trade name) and COM in MS-DOS.
MAND. COM and the like are typical. In this embodiment, some functions are added to these general shells, and the algorithm is as follows.

First, in step S12, a command character string is input from the keyboard 13 of the portable electronic device.

Next, in step S13, if this character string matches the command name for instructing the format (initialization) of the storage device, the process branches to step S14; otherwise, the process branches to step S15. The command name for formatting the storage device may be arbitrary, and if necessary, the command name may be followed by command line arguments. Preferably, the substance of this command is implemented as an internal command of the shell instead of a separate file.

If the input character string is the memory device initialization command in step S13, step S14
Then, the contents of the reset flag 18 in the sub CPU 6 are cleared. This clearing process is performed by issuing a command for clearing the open / closed state flag 2 from the main CPU 9 to the sub CPU 6 using a signal line connecting the main CPU 9 and the sub CPU 6, for example.

Step S15 is a process for directly executing the function of a general shell. Here, a file is copied or an external command is executed. Of course, when the initialization command is input in step S12, the open / close state flag 2 is cleared in step S14, and then the specified initialization process is performed. To do. Although step S15 is described as a single step, an event loop from command input to execution may be executed here, or only one command input and its execution may be performed.

FIG. 5 shows the sub CPU 6 of the portable electronic device.
Shows the algorithm of.

The sub CPU 6 does not have a power switch and is designed to start the operation immediately after the main battery 11 is attached and to continue the operation thereafter. Therefore, in the flowchart shown in FIG. 5, there is no block indicating the end of processing, but this does not cause any problem.

Further, since the sub secondary battery 8 is charged with the electric power supplied from the main battery 11, the main battery 1
Even if 1 is removed, by the power from the sub secondary battery 8,
The sub CPU 6 can continue to operate.

In order to execute the process from step S21 on the sub CPU 6, it is possible to press the reset switch 3 and restart from the reset vector in addition to mounting the main battery 11 as described above.

In step S22, the reset flag 18 in the sub CPU 6 is set and the fact that the reset is started is stored. This information is notified to the main CPU 9 when an information acquisition command is sent from the main CPU 9 later.

After performing an unillustrated initial setting process and the like, the sub CPU 6 shifts to the HALT mode in step S23. This HALT mode may be a known one implemented in the CPU chip as a mode for reducing the power consumption of the sub CPU 6. Normally, in the HALT mode, the clock signal necessary for the operation is stopped and the access to the external bus is prohibited. In the HALT mode, the sub CPU 6 waits for a press signal from the power switch 7 as an interrupt input.

When the interrupt signal from the power switch 7 is notified, an instruction to start power supply is issued to the main power management device 10 in step S24, and the operation of the main CPU 9 is started. After that, processing of responding to various commands sent from the main CPU 9 via the signal line is executed. A command for acquiring the contents of the reset flag 18 is also input and processed here.

In step S25, the command input from the main CPU 9 is fetched, and in step S26, the content is analyzed. As a result of the analysis, if the command is not the power-off request command, the process according to the content is executed in step S
After the execution in 29, the process proceeds to step S25 again to wait for command input. If the command input from the main CPU 9 is the power off request command, the process branches to step S27.

The step S27 is the step S24 described above.
Similarly, an instruction to end power supply is issued to the main power management device 10 to end the operation of the main CPU 9.

A step S28 clears the reset flag 18 in the sub CPU 6 and stores that the reset has not been started thereafter. After that, the process of the sub CPU 6 shifts to the low power consumption mode of step S23 again.

Next, the operation of the portable electronic device of this embodiment as described above will be described in detail.

First, when the portable electronic device is assembled in a factory and the power is first turned on, in the flowchart of FIG. 3, step S01 → step S02.
→ step S05 → step S06 → step S07 →
The process goes from step S09 to step S10, and the power is immediately turned off.

Then, next, when the reset switch 3 is pressed and then the power is turned on, step S01 → step S
02 → step S03 → step S06 → step S0
7 → Step S08, and the shell is started. Here, when the initialization process is performed, the housing open / close state flag 2 is cleared in step S14, and the process ends in step S10.

Next, when the power is turned on, step S01 →
The sequence is step S02 → step S03 → step S04 → step S10. From then on, a completely normal operation can be performed, and the user is shipped in this state.

The user adds an application program to the shipped portable electronic device, if necessary, and further data necessary for its own operation (including highly confidential data such as passwords and personal information). RAM15
Installed on and used for business.

When the case is opened, the case open / close state flag 2 in the sub CPU 6 is set, and when the power is turned on next, step S01 → step S02 → step S03.
→ step S06 → step S07 → step S09 →
At step S10, the power is turned off immediately. In other words, even if a malicious person disassembles the portable electronic device and makes a work inside, it will never start again.

However, the act of opening this housing is an essential work even during regular maintenance, and as it is, 2
It is very inconvenient to be unable to use it frequently.

However, according to the present embodiment, when the power is turned on after the reset switch 3 is pressed, the step S0
1 → step S02 → step S03 → step S06
→ Step S07 → Step S08, and the shell is started. At this point, if a command to initialize the contents of the RAM 15 is executed from the shell, the chassis open / close state flag 2
Is cleared, and then normal startup and operation are possible again.

As described above, according to this embodiment, when the housing of the device is opened, the internal data of the device is destroyed,
By setting the housing open / closed state flag, the device is controlled so that the device cannot be started again by the normal starting method. As a result, the password, personal information, and the like stored in the storage device of the device can be reliably protected. According to the present embodiment, it is impossible to reverse engineer the built-in application and steal confidential information.

Even if the housing of the device is opened, the shell can be started by turning on the power after performing the reset operation. If the initialization operation of the storage device is performed here, the storage device can be started. Since it is possible to reset the enclosure open / closed state flag while performing the initialization, the normal activation operation can be re-enabled and the device can be easily returned to the reusable state.

In this embodiment, when the housing of the device is opened, the internal data of the device is unconditionally destroyed, and the initialization of the storage device is executed in order to enable the normal starting operation. Therefore, even if the service person maliciously steals the customer's data, such unauthorized internal data access cannot be performed.

In the control of FIG. 4, step S1
If the initialization command is not issued in step 3, the process proceeds to step S15. However, if the initialization command is not issued in step S13, the process may be stopped and the power may be cut off. . That is, only when the initialization command is executed, the opening / closing state flag 2 is cleared and the command execution (or command execution loop) is allowed. Alternatively, if the initialization command is not issued in step S13, the process can proceed to step S15, but the command that can be executed in step S15 may be limited.

[Embodiment 2] In the previous embodiment, when the housing is opened, the data in the memory is all cleared to 00 in step S06, or the backup power supplied from the RAM power management device 17 to the RAM 15 is turned on. The contents of RAM15 were destroyed by cutting. This is because when a shell is started in step S08, a file in the RAM 15 is interfaced using a copy command (for example, a COPY command in MS-DOS).
This is to prevent copying to an external storage device via the.

However, in reality, it takes some time to clear all the data in the memory with 00. Particularly in recent years, it may take a considerable time for a portable electronic device having a large-capacity memory. In addition, RAM15
It is not preferable to provide the RAM power management device 17 that manages power supply to the electronic device because it increases the manufacturing cost of the electronic device.

Therefore, in the second embodiment of the present invention, in consideration of the above problem, the following processing is performed.

First, the algorithm obtained by removing step S06 (data destruction processing) from FIG. 3 becomes the algorithm of the main CPU 9 of the second embodiment. The algorithm of the main CPU 9 of the present embodiment is otherwise the same as that of FIG.

FIG. 6 shows the shell algorithm of this embodiment. Since steps S31 to S36 have the same functions as steps S11 to S16 of FIG. 4, respectively, description thereof will be omitted.

In FIG. 6, if the command input in step S33 is not the initialization command, step S33 is executed.
Branch to 37. Here, it is checked whether the further input command is a copy command (for example, COPY command in MS-DOS), and if it is not a copy command, the process branches to step S38. However, in the case of a copy command, nothing is done and the process branches to step S36 and ends as it is.

In step S38, it is checked whether the input command is an external command (not a shell built-in command), and if it is not an external command, step S38
It branches to 35 and executes the command as it is. But,
If the command is an external command, nothing is done, and the process branches to step S36 and ends as it is.

By mounting the shell as shown in FIG. 6 in this manner, it becomes impossible to copy the internal data of the electronic device without step S06 of FIG. The internal data of the device can be protected. In the present embodiment, since the data destruction is not performed, the RAM power management device 17 or at least the data destruction function thereof is not required, which reduces the manufacturing cost, and the tamper proof operation at the time of opening the case is performed by opening the case. It can be executed more quickly because only the flags need to be set.

According to the configuration of the second embodiment, the internal data of the electronic device is not erased so that the electronic data cannot be copied, and the internal data is backed up even if a dedicated program is prepared. It is not possible.

It should be noted that after the case is opened, normal startup becomes impossible, and the shell is started by a reset operation, and the initialization command is input there to restore the reusable state. It is similar to the first embodiment.

In the above, a small portable electronic device having a display and a keyboard has been exemplified, but the same technique includes data (password, personal information, or trade secret) to be protected inside a mobile phone, PDA, IC card or the like. Application program, program data, etc.)
It can be widely applied to electronic devices for storing. Further, in the above, as the shell, sh, csh, common
d. Although a command line interface such as com is used as an example, a shell user interface method is arbitrary and a GUI may be used. Further, with regard to the present invention, it is needless to say that the shell may be used at least for maintenance work after reset, and after the normal startup, the user does not need to operate the device using this shell.

The control program of the present invention may be stored in the ROM 14 or the like and supplied with the apparatus, or may be installed or upgraded by being downloaded via the network or the interface 12. . In the above, the CPU
Exemplifies a configuration in which the main / sub is divided into two, but such a configuration of a plurality of CPUs is not always essential.

[0083]

As is apparent from the above description, according to the present invention, a housing opening detection means for detecting the opening of the housing,
Having a case open / close state flag that stores the detection state of the case open detection means, once the case is opened,
In the electronic device for prohibiting the normal activation of the device, the control method thereof, and the control program thereof, when the case opening / closing state flag indicates the opening of the case in the past, the reset operation command is issued by the reset operation means. Only when the operation of the device via a predetermined user interface is allowed, and if the reset operation means does not command the reset activation, the normal activation of the device is prohibited. Then, by prohibiting the normal activation of the device thereafter, it is possible to prevent unauthorized use of the device such as internal data extraction and reverse engineering, and if the reset operation is performed by the reset operation means, a predetermined user interface is used. Since the device can be operated, the device can be maintained. Compatible tamper resistance and maintenance of electronic equipment, there is excellent effect that.

Alternatively, in the operation of the device via the predetermined user interface, the internal data storage device is initialized to reset the case open / close state flag to the state indicating the case is closed. By adopting the configuration, it is possible to restore the device so that the device can be normally started on condition that the internal data storage device is initialized.

Further, when the case opening / closing state flag indicates the opening of the case in the past, the contents of the internal data storage device are destroyed, or the case opening / closing state flag indicates the case in the past. When the body is open, the configuration that prohibits copying of the contents of the internal data storage device has the excellent effect that the data contents of the data storage device can be reliably protected. In particular, in the configuration in which only the copying is prohibited without destroying the contents of the internal data storage device, there is an advantage that the repair / maintenance work of the device can be performed without damaging the user data.

[Brief description of drawings]

FIG. 1 is a block diagram of a portable electronic device adopting the present invention.

2 is an external view of the portable electronic device of FIG.

FIG. 3 is a flow chart diagram showing control at power-on according to the first embodiment of the present invention.

FIG. 4 is a flowchart showing control of the shell according to the first embodiment of the present invention.

FIG. 5 is a flowchart showing control of a sub CPU according to the first embodiment of the present invention.

FIG. 6 is a flowchart showing the control of the shell according to the second embodiment of the present invention.

[Explanation of symbols]

1 Case open / close detection switch 2 Case open / close status flag 3 reset switch 4 control device 5 dead battery flag 6 sub CPU 7 power switch 8 sub secondary battery 9 Main CPU 10 Main power management device 11 main battery 12 interfaces 13 keyboard 14 ROM 15 RAM 16 indicator 17 RAM power management device 18 Reset flag 20 lower case 21 upper case

Claims (12)

[Claims] 1. A housing opening detection means for detecting opening of the housing, and a housing opening / closing state flag for storing a detection status of the housing opening detection means. In an electronic device that prohibits normal activation of the device, when reset operation means for instructing reset activation and the case opening / closing state flag indicates opening of the case in the past, the reset operation means causes reset activation. An electronic device having control means for permitting operation of the device via a predetermined user interface only when instructed and for prohibiting normal activation of the device unless reset activation is instructed by the reset operation means. . 2. When the device is operated through the predetermined user interface, the internal data storage device is initialized to reset the case open / close state flag to a state indicating that the case is closed. The electronic device according to claim 1, wherein: 3. The electronic device according to claim 1, wherein the contents of the internal data storage device are destroyed when the case opening / closing state flag indicates opening of the case in the past. 4. The electronic device according to claim 1, wherein copying of the contents of the internal data storage device is prohibited when the housing opening / closing state flag indicates opening of the housing in the past. . 5. A housing opening detection means for detecting opening of the housing, and a housing opening / closing state flag for storing a detection status of the housing opening detection means. In a method of controlling an electronic device that prohibits normal activation of the device, when the case opening / closing state flag indicates opening of the case in the past, a predetermined activation is performed only when reset activation is instructed by the reset operation means. A method of controlling an electronic device, which allows operation of the device via a user interface and prohibits normal startup of the device unless reset activation is instructed by the reset operation means. 6. When the device is operated via the predetermined user interface, the internal data storage device is initialized to reset the case open / close state flag to a state indicating that the case is closed. The method for controlling an electronic device according to claim 5, further comprising: 7. The control of the electronic device according to claim 5, wherein the contents of the internal data storage device are destroyed when the case opening / closing state flag indicates opening of the case in the past. Method. 8. The electronic device according to claim 5, wherein copying of the contents of the internal data storage device is prohibited when the case opening / closing state flag indicates opening of the case in the past. Control method. 9. A housing opening detection means for detecting opening of the housing, and a housing opening / closing state flag for storing a detection status of the housing opening detection means. In a control program of an electronic device that prohibits normal activation of the device, when the case opening / closing state flag indicates opening of the case in the past, a predetermined activation is performed only when reset activation is instructed by the reset operation means. A control program for an electronic device, comprising: a control step that allows operation of the device via a user interface and prohibits normal startup of the device unless reset activation is commanded by the reset operation means. 10. A control for resetting the casing open / closed state flag to a state indicating that the casing is closed by initializing an internal data storage device in the operation of the device via the predetermined user interface. The electronic device control program according to claim 9, further comprising steps. 11. The control method according to claim 9, further comprising a control step of destroying the contents of the internal data storage device when the housing open / closed state flag indicates a past opening of the housing. Electronic device control program. 12. The method according to claim 9, further comprising a control step of prohibiting copying of the contents of the internal data storage device when the housing open / closed state flag indicates opening of the housing in the past. A control program for the described electronic device.