JP2006099157A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for easily erasing data present on a volatile memory at high speed while ensuring secret processing data on the volatile memory. <P>SOLUTION: The information processor comprises a storage device composed of the volatile memory 9 divided to a plurality of areas; a storage control device 5 having the function of stopping refresh operation or power supply of the component volatile memory 9 for every area, an instruction processor 1 reading an instruction for stopping the refresh operation or power supply and instructing the execution thereof, and an external input device 2 stopping the refresh operation or power supply from the outside of the processor. This processor has the function of extinguishing memory data in each area at high speed by stopping, according to the instruction from the instruction processor or the external control device, the refresh signal or power supply of a specified volatile memory area. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data protection erasing method for an information processing apparatus including a volatile memory such as a DRAM.

  With the high performance and large scale of information processing systems, all information of society, including confidential information of individuals and corporate nations, has been incorporated into the information processing system as a database. On the other hand, with advances in technology such as mobile terminals and the Internet, anyone can easily refer to information anywhere. Information protection has become an extremely important issue in recent years due to the creation of a database of confidential information and the improvement of connectivity of information systems.

  As a method for protecting information, there are an encryption technique for preventing others from reading the data itself, and a technique for performing personal authentication using a password or biometric information. Numerous scheme technologies have been developed for encryption schemes, such as a scheme using a common key (Patent 1269899 et al.) And a scheme using a public key (JP 2001-66987 et al.). There are many authentication methods using biometric information, such as a recognition method using fingerprints (Japanese Patent Publication No. 03-20790) and a method using finger shapes (Japanese Patent Publication No. 02-39822). There are many patents for password authentication methods, such as authentication methods using user passwords and user information (Japanese Patent Laid-Open No. 06-332374), and authentication methods using multi-level passwords (Japanese Patent Publication No. 04-14396). is there.

  As one of the techniques for protecting data, there is a technique for completely erasing data. Since data on a magnetic storage device stores information by magnetism, it is difficult to completely erase the data. As a method of completely erasing data on the magnetic storage device, the United States National Security System (NSA) that writes two types of fixed data and 0, and the United States Army method that writes one type of random data and two types of fixed data ( There are many standards such as the US Computer Security Center method (NCSC-TG-025) that writes three types of fixed data. However, since it takes a lot of time to apply these processes to a large-capacity magnetic disk, Japanese Patent Application Laid-Open No. 2003-345526, etc., is a patent for speeding up the erasing process. Although there is no patent relating to erasing volatile memory data such as DRAM for protection, there is JP 2003-256401 which describes a method of stopping power supply in a short time as a volatile memory erasing method.

Patent 1269899 JP2001-66987 JP 05-20790 JP 02-39822 JP 06-332374 JP 04-14396 JP2003-345526 JP2003-256401

  In order to prevent leakage of confidential data on the information processing apparatus, there are an encryption method and a password method. However, with these methods alone, data still exists in the device even after the data is used, and data fragments may remain on various storage devices. For data that does not need to be reused, it is desirable to erase it explicitly after use, but a plurality of procedures are required for complete erasure of the magnetic information remaining in the disk. The information processing apparatus according to the present invention provides a method for securing confidential processing data on a volatile memory and erasing data existing on the volatile memory easily and at high speed.

  Volatile memory such as DRAM holds information on a semiconductor element as electric capacity, and if there is no periodic write-back operation called refresh, charge is lost with time and data is lost. Using this property of the volatile memory, data is erased by stopping the refresh operation and power supply of the memory area to be erased in accordance with an instruction from the processor or the outside. The memory is divided into a plurality of areas in order to clarify the area to be erased. The storage control device that controls the memory includes an independent refresh control circuit for each area. The instruction processing device includes a refresh stop instruction that can specify a target memory area. The external input device includes input means for instructing to stop refreshing for each target memory area. The external input device is provided with a timer for designating execution of erasure of the target area immediately or after a predetermined time.

  In the information processing device according to the present invention, data erasure is clearly executed by various methods such as designation of data in a memory by an instruction program, immediate designation by manual input, time designation using a timer, designation by a power supply life built in the device, etc. can do. Further, in this method, since a physical phenomenon called electric charge discharge of the volatile memory is used, it is difficult to specify a data destruction pattern, and the data erasing characteristics are excellent.

  It consists of a memory composed of a volatile memory such as DRAM that executes instructions, a storage control device, an instruction processing device, and an external input device. A memory composed of DRAMs is connected to the storage controller by an independent control signal for each appropriate memory capacity unit. In the storage control device, an independent control circuit is prepared for each independent control signal. Each control circuit independently has a control circuit for controlling the refresh operation. The control circuit for the refresh operation includes a refresh stop circuit and a circuit for controlling the interval. In the storage control device, three states of being used, being erased, and usable are held according to the state of each memory area.

  The instruction processing device is connected to the storage control device and has a refresh stop instruction function for stopping the refresh of the memory. The refresh stop instruction can explicitly indicate an independent control circuit prepared by the storage controller. Thereby, it is possible to explicitly issue an erase execution instruction to an independent area for each appropriate memory capacity unit on the memory. The instruction processing device also provides instructions for controlling the confidential information processing area. These commands include a command to check the state of each memory area (used, erased, usable) in order to search for an available confidential information processing area, and data in the erased area to attempt data recovery. An instruction, an instruction for instructing a refresh stop condition, etc. are provided to control the data loss time.

  The external input device is prepared for directly erasing memory data from outside the device without using the instruction processing device. In the external input device, a switch for instructing erasure is prepared for each independent control circuit prepared by the storage control device, and the signals of each switch are connected by a signal interface that can be transmitted to each control circuit. If a timer is interposed between the external input device and the storage control device, the memory erase start time can also be set. With this configuration, the confidential data erasure timing can be designated by an instruction program, immediate designation manually from the outside, or time designation via a timer.

  A part of the confidential information processing area may be physically removable from the main body information device. The removed memory is portable, has a function of refreshing or stopping power supply by an external input, and can erase data. As an erasing timing, an immediate designation method, a time designation by timer setting, or an erasure designation by the life of the built-in power supply can be used. By storing a composite key of information in the main body information device in the removed memory, the information in the main body information device can be protected.

  FIG. 1 shows a configuration example of a confidential data erasing apparatus according to the present invention. In this apparatus, a storage device is configured by a plurality of DIMMs 9 on which DRAM 10 is mounted. The storage device is divided into a plurality of areas, each of which becomes a unit memory area for processing confidential data. The divided confidential data processing unit memory 7 is connected to the storage control device 5 through independent memory control signal lines 8. The storage control device 5 is connected to the command processing device 1 and the external input device 2 that control confidential data processing, and receives control commands from the command processing device 1 and the external input device 2. The instruction processing device 1 is a device that decodes and processes a continuous instruction word program, such as a microprocessor, and the external input device 2 is a device that outputs an instruction input from an operator as an electrical signal. In the storage control device 5, the memory control signal generation circuit 6 for each confidential data processing unit memory 7 and the control command received from the instruction processing device 1 or the external input device 2 are decoded, and each confidential data processing unit memory region A request switch 4 for selectively starting the memory control signal generation circuit 6 is prepared.

  When processing confidential data that requires data protection, first, a unit memory area to be processed is secured. Next, necessary data is transferred to this area, and data processing is performed in this area. After the processing is completed, only necessary data is transferred to another memory area, and the area handling confidential data enters data erasure processing. The data erasure process is performed when the instruction processing device 1 decodes and executes the data erasure command or when the data processor issues an erasure instruction from the external input device 2.

  When an erasure instruction is issued, this instruction is transmitted to the storage controller 5, and the refresh operation or power supply of the designated memory area is stopped. In the memory where the refresh operation or power supply is stopped, data is gradually erased by the discharge of electric charge. Simultaneously with the start of data erasure, the storage controller 5 sets a flag indicating that this memory area is being erased. After a certain time after the charge discharge is sufficiently performed, the storage control device 5 sets a flag indicating that the memory area can be used again. The instruction processing device 1 and the external input device 2 can check the state of the memory area by referring to the flag in the storage control device 5. For example, while the memory area is being erased, the data is disappearing and the read data is not guaranteed to be correct. Normally, such data is not handled, but when data restoration is attempted, it may be possible to recover a part of the original information by reading and analyzing the data being erased.

  FIG. 2 shows the memory control signal generation circuit 6. The memory control signal generation circuit 6 has refresh control information 13 such as a counter timer 12, a refresh interval time register, and a refresh stop flag. During memory operation, the counter timer continues to count up and generates a refresh request each time it is equal to the value of the refresh interval time register. The refresh stop flag completely suppresses issuing of a refresh request. The generated request is arbitrated with other requests to the memory, and then output as control to the DRAM memory group.

  FIG. 3 shows the request switch 4. The command input to the request switch 4 reads the memory area state flag 15 indicating the state of the target confidential data processing unit memory area. When the flag of the target memory area is usable, an instruction is sent to the memory control signal generation circuit 6 corresponding to this area. If the issued instruction is a memory erase instruction, the refresh stop flag of the memory control signal generation circuit 6 is set. As a result, the refresh operation of the target memory area is suppressed, and the data disappears as time elapses. It is also possible to extend the data loss time by setting a large value in the refresh interval register and extending the refresh interval.

  FIG. 4 shows a data erasing procedure using the confidential data erasing apparatus. First, the status flag of each confidential data processing area is checked to secure an available area. Next, the confidential data is transferred to the confidential data processing area. After performing necessary data processing in the confidential data processing area, necessary output data is moved to another memory area. After the necessary data transfer, issue a data erasure command to the confidential data processing area. At this time, the state of this area is disabled until it is determined that the erasure is completed.

  FIG. 5 shows a configuration in which one or a plurality of confidential data processing memory areas can be physically removed from the information processing apparatus of the main body. In this configuration, the memory area for processing confidential data can be removed from the main body and stored in a portable manner. The removable memory 19 with a memory erasing function can be configured in a form convenient for carrying such as an IC card or a stick memory. The removable memory with erasure function 19 may store all of the confidential data, but may encrypt the memory area of the main body and store only the composite key.

  The detachable memory erasing function memory 19 has an external input device 2 for instructing data erasure and can instruct data erasure. By using the external input device 2 via the timer 3, the information erasing start time can be designated. When information erasure is started, internal memory refresh operation and power supply are stopped, and information is erased. Further, the removable small storage device may have a configuration in which the information erasing start time is determined only by the life of the built-in power supply without incorporating the external input device. The small storage device of this form can maintain confidential information by repeatedly charging within a certain time, and if the charging is neglected, the confidential data is lost. As a result, even if the small storage device is lost while being carried, it is possible to guarantee the disappearance of the data after a certain period of time.

  FIG. 6 shows an appearance example of a small memory with a removable memory erasing function. The external appearance includes a display 20, an input switch 21, and a connector 17. The display 20 displays the memory status, the time until the start of memory erasure, and the like. The input switch 21 inputs an erase instruction such as designation of a memory erase start time or memory area. The connector 17 can be connected to a mass storage information processing apparatus such as a personal computer using a standard bus used in a personal computer or the like.

  For information processing systems, maintaining the confidentiality of information is an increasingly important issue. The processing apparatus described in this patent can be easily incorporated into a computer system and can be used for information protection of the system.

It is a figure which shows the structural example of the confidential data deletion processing apparatus which concerns on this invention. It is a figure which shows the memory control signal generation circuit based on this invention. It is a figure which shows the request switch circuit based on this invention. It is a processing flow of data erasure | elimination using the confidential data erasure | elimination processing apparatus which concerns on this invention. It is a figure which shows the structural example of the small memory system with a removable memory erasing function which concerns on this invention. It is a figure which shows the example of an external appearance of the small memory with a removable memory erasing function.

Explanation of symbols

1 Instruction Processing Device 2 External Input Device 3 Timer 4 Request Switch 7 Confidential Information Processing Unit Memory 10 DRAM
19 Memory with removable memory erasure function

Claims (3)

  Decodes a storage device composed of volatile memory divided into multiple areas, a storage controller with a function to stop refresh operation and power supply of each volatile memory, and a command to stop refresh operation and power supply An instruction processing device that instructs execution, an external input device that stops the refresh operation and power supply from outside the device, and a refresh signal and power supply to a specific volatile memory area are stopped by an instruction from the command processing device or external control device An information processing device with a function of quickly erasing memory data in each area.   A volatile memory detachable small storage device and a large-scale memory that can be connected to the small storage device. The small storage device has a key for decrypting the encrypted data in the large storage device. An information storage device that holds and protects information in a large-scale memory by stopping the refresh operation or power supply of the small storage device according to an external instruction and erasing data. A portable small storage device that is composed of a volatile memory and that stops a refresh operation or power supply by an external operation and erases data.

Images