JP2007334705A - Undocking inhibition method, and computer - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for inhibiting undocking by a person other than an original user in a computer connected to a docking station by a locking mechanism. <P>SOLUTION: The computer is operated in a first state where a user performs operation input and in a second state where the user can not perform the operation input. Also, when returning from the second state to the first state, the user is requested to input authentication information. When the computer is operated in the second state, undocking is inhibited. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a theft prevention technique for personal computers, and more particularly to a technique for preventing theft by controlling attachment / detachment from a docking station using user authentication information.

  Notebook type personal computers (hereinafter, personal computers are referred to as PCs, and notebook type PCs are referred to as notebook PCs) can be connected to a function expansion unit called a docking station in order to achieve both mobility and expandability. Many. The docking station includes an input / output terminal such as a serial port, a parallel port, and an external display output connector, an expansion slot such as a magnetic disk drive, an optical drive, and a PCI bus, and an AC adapter. By mounting the terminals and functions that are rarely used when carrying a notebook PC on the docking station side, the notebook PC is made smaller and lighter by itself, and is mounted on the docking station, comparable to a desktop PC. Functions and extensibility can be realized. Of these function expansion units, those having only input / output terminals are sometimes called port replicators. Here, however, they are called docking stations in the sense of including port replicators.

  FIG. 1 is an external view showing a typical configuration of a notebook PC connected to a docking station. The notebook PC 1 includes a casing 2 having a keyboard and a pointing device mounted on the surface and housing many devices therein, and a lid 3 having a liquid crystal display (LCD) mounted on the surface. The notebook PC 1 is attached to the docking station 4. The docking station 4 includes an eject button 5 that is pressed when the notebook PC 1 and the docking station 4 are disconnected (hereinafter referred to as undock), and a status display lamp 6 that displays a connection status between the notebook PC 1 and the docking station 4. Equipped. By connecting the notebook PC 1 and the docking station 4 with a connector (not shown), the notebook PC 1 and the docking station 4 can be combined to operate as one PC. Meanwhile, the status display lamp 6 is lit in green. Of course, the lid 3 can be opened while the notebook PC 1 is connected to the docking station 4, and the LCD, keyboard, and pointing device built into the notebook PC 1 can be used. However, as shown in FIG. 1, by attaching the external display 7, the external keyboard 8, and the mouse 9 to the docking station 4, the LCD built in the notebook PC 1 with the lid 3 of the notebook PC 1 closed is attached. It is possible to use the notebook PC with a display 7 having a larger size and higher performance, and a keyboard 8 and mouse 9 having higher operability.

  Further, while the notebook PC 1 is attached to the docking station 4, the notebook PC 1 is fixed so as not to be detached from the docking station 4 by a lock mechanism (not shown). The eject button 5 serves as both an electrical switch for instructing the notebook PC 1 to execute an undock process by software and a part of a mechanism for physically separating the notebook PC 1 from the docking station 4. While the notebook PC 1 is attached to the docking station 4, the eject button 5 functions only as an electrical switch and is configured so that an operation for physical separation cannot be performed. When the notebook PC 1 is operating while being connected to the docking station 4, the user instructs the notebook PC 1 to undock by pressing the eject button 5 before physical separation. An eject button having such a structure is known from Japanese Patent Application Laid-Open No. 2004-272597. Further, undocking in such a state that the notebook PC 1 is operating is called hot undock.

  The operating system (hereinafter referred to as the OS), BIOS (Basic Input / Output System), and each hardware component of the notebook PC 1 and docking station 4 all support power management using ACPI (Advanced Configuration and Power Interface). is doing. ACPI is a standard that allows the OS to manage the power supply inside the PC. With this, the OS can monitor the usage status of the PC and peripheral devices, and can select and shut down unnecessary devices and services. . The OS instructed to undock when the user presses the eject button 5 shuts down each device included in the docking station 4 based on the ACPI method, and disconnects the device from the notebook PC 1 electrically and in software. The process is performed (hereinafter, the process of electrically and software-separating the notebook PC and the docking station in this way is referred to as an undock process). The docking station 4 that has completed the undock process releases the locked state between the notebook PC 1 and the docking station 4 by the lock mechanism. When the undock process is completed, the display lamp 6 is turned off, so that the user can confirm the state of “undock OK”. Subsequently, the user can physically separate the notebook PC 1 from the docking station 4 by operating the eject button 5 again.

  In addition, when the eject button 5 is pressed while the notebook PC 1 is in a suspended state (AC3 S3 power state) or in a state where hibernation is performed (ACPI S4 power state), the notebook PC1 An undock is possible. This is called warm undocking. In this case, the notebook PC 1 instructed to undock once returns to a normal operation state (AC0 power supply state in ACPI), and performs the same undock processing as in the case of hot undock. After the undock process is completed and the user can perform physical separation, the notebook PC 1 returns to the original operation state. In the state where the notebook PC 1 attached to the docking station 4 is not turned on, the undock process cannot be completed and the locked state cannot be released.

There are the following documents as techniques related to PC undock that can be connected to the docking station. Japanese Patent Application Laid-Open No. 2004-228561 discloses a technique that enables undocking in the same operating state even when the notebook PC is in an operating state such as suspend. Patent Document 2 discloses a technique that allows a user to select in advance an operation state when a notebook PC is undocked. Patent Document 3 discloses a technique that enables an undocking of the notebook PC after the shutdown only when the release of the lock mechanism is instructed before the notebook PC is shut down. In addition, regarding a technique for prohibiting a person connected to a PC from being disconnected by a person other than the original user, a technique for requesting a password when the USB device is removed to prevent the device from being removed and taken away without permission. There exists patent document 4 which discloses.
JP 2001-209466 A JP 2003-216264 A JP-A-11-296250 JP 2005-346172 A

  Notebook PCs have one aspect that they are easy to carry because they are easy to carry. The conventional notebook PC 1 operating in the office connected to the docking station 4 can be undocked by anyone by pressing the eject button 5. Therefore, there is a risk that the notebook PC 1 is undocked and taken away by a third party while the user of the notebook PC 1 leaves the seat for a short time, for example. In particular, in the case of hot undock or warm undock, the notebook PC 1 taken away by a third party is taken away with a legitimate user logged on, so that the third party operates as a legitimate user. It becomes possible to access various important data including confidential information and personal information.

  On the other hand, the notebook PC 1 and the docking station 4 are each provided with a hole for passing a wire for preventing theft. By connecting the wire passed through the hole of the notebook PC 1 to a fixed object such as a desk, fixing the wire with a lock, and physically locking the PC, the PC can be protected from the risk of theft. Similarly, the docking station 4 can be connected to a fixed object such as a desk with a wire separately from the notebook PC 1 and can be locked with a lock. However, even if it is cheap, it is uneconomical because it requires two sets of wires and locks that cost about several thousand yen per set, one for fixing the notebook PC 1 and one for fixing the docking station 4. Some docking stations include a lock inside and can be physically fixed to the docking station 4 by locking. In this case, only one set for fixing the docking station 4 is required for the wire and the lock, but the cost for incorporating the lock is reflected in the docking station. Furthermore, in both cases, it is necessary to manage two keys for one notebook PC, which is complicated.

  Accordingly, an object of the present invention is to provide a method for prohibiting unauthorized undocking of a notebook PC attached to a docking station. It is a further object of the present invention to provide a method for prohibiting unauthorized undock when a notebook PC recognizes that the user is away from the seat. A further object of the present invention is to provide a method for prohibiting undocking of a notebook PC by a simple method. It is a further object of the present invention to provide a notebook PC that performs such a method.

  The present invention can be regarded as a method for prohibiting undock processing of a computer coupled to a docking station by a lock mechanism. The lock mechanism has a function of physically coupling and locking the computer to the docking station, and the lock function is released when the undock process is completed. This computer operates in a first state in which a user performs an operation input and a second state in which the user cannot perform an operation input. The operation input here refers to an input from a user via an operation means such as a keyboard and a pointing device. Further, the undock process refers to performing software processing and electrical disconnection before undocking the computer mounted on the docking station. When the first state and the second state are related to theft of a computer, the user is operating in front of the computer and there is no possibility of theft, and the user is away from the computer. It is possible to cope with a situation where there is a risk of theft. When transitioning from the first state to the second state, undock prohibition information is stored in the memory of the computer. And when returning from the second state to the first state, the user is required to input authentication information. Here, when there is a request for undock processing to the computer, the computer searches for undock prohibition information and prohibits undock processing when undock prohibition information is detected. This prevents a third party who does not have authentication information from undocking the computer when the user is in the second state not operating. Therefore, it is possible to prevent a third party other than a legitimate user from undocking and stealing the computer simply by fixing the docking station itself to the structure with a wire or the like.

  Further, when the authentication information requested when returning from the second state to the first state is input by a valid user, the stored undock prohibition information is deleted. As a result, in the first state where the authorized user is operating the computer, the undocking prohibition information is not detected, and therefore the computer can be undocked without any problem. As the second state, an operation state that is normally provided in the computer, such as a state in which the screen saver is operated, a suspend state, or a state in which hibernation is executed, can be used.

  In addition, if the computer has a function of giving a signal to make the transition from the first state to the second state, the user can immediately operate this button when interrupting the operation of the computer. Undock processing can be prohibited. Furthermore, when there is no operation input from the user for a certain period of time on the computer, it is also possible to shift from the first state to the second state. The user can also be notified that undock is prohibited. As a means for notifying, a display on the display screen or a lamp provided in the computer main body or the docking station can be used. Of course, when the undocking prohibition information is not detected, the undocking process is started without any problem. When the undocking process is completed, the lock mechanism is released and the computer can be detached.

  Further, without storing the undock prohibition information in the computer, it is searched whether or not the computer is operating in the second state. If the computer is operating in the second state, the undock process may be prohibited. The same effect is obtained. As the second state here, it is possible to use a standard operating state of the computer, such as a screen saver operating state, a logoff state, or a computer locked state.

  The present invention can also be understood as a computer. The computer can be attached to a docking station having an eject button and a lock mechanism, and includes a display, a processor, a nonvolatile memory, and a recording medium on which a program is recorded. The program recorded in the recording medium causes the processor to shift the computer from the first state in which the user performs operation input to the second state in which the user cannot perform operation input, and the computer from the second state to the first state. A process for requesting the user to input authentication information when returning to the state; a process for storing undocking prohibition information in the computer in response to the computer shifting to the second state; and the undocking in response to a request for an undocking process Processing for searching for prohibition information and processing for prohibiting undock processing when undock prohibition information is detected are executed. The request for the undock process may be given by operating the eject button of the docking station, or may be given from the computer side.

  The present invention can also be understood as a computer having means for executing each step described in the method for prohibiting undock processing.

  According to the present invention, it is possible to provide a method for prohibiting unauthorized undocking of a notebook PC attached to a docking station. Further, according to the present invention, it is possible to provide a method for prohibiting unauthorized undock when the notebook PC recognizes that the user is away from the seat. Furthermore, according to the present invention, it is possible to provide a method for prohibiting undocking of a notebook PC by a simple method. Furthermore, according to the present invention, a notebook PC that executes such a method could be provided.

  The present invention does not require the addition or change of hardware, and can be implemented by adding and changing only a part of software. Therefore, the external appearance and hardware configuration of the notebook PC and docking station according to the embodiment of the present invention are the same as those of the conventional one shown in FIG.

  FIG. 2 is a schematic block diagram showing a system configuration of the notebook PC 10 according to the embodiment of the present invention. Various devices shown in FIG. 1 are mounted inside the casing of the notebook PC 10. The CPU 11 is an arithmetic processing unit having a central function of the notebook PC 10 and executes an OS, a BIOS, a device driver, an application program, or the like. The CPU 11 includes an FSB (Front Side Bus) 13 as a system bus, a PCI (Peripheral Component Interconnect) bus 15 for performing communication between the CPU 11 and peripheral devices, and an LPC (Low Pin Count) as an interface in place of the ISA bus. ) Signals are transmitted and received by being connected to each device via a three-stage bus called a bus 17.

  The FSB 13 and the PCI bus 15 are connected by a CPU bridge 19 called a memory / PCI chip. The CPU bridge 19 includes a memory controller function for controlling an access operation to the main memory 21 and a data buffer function for absorbing a difference in data transfer speed between the FSB 13 and the PCI bus 15. It has a configuration. The main memory 21 is a writable memory used as a reading area for programs executed by the CPU 11 and a work area for writing processing data. The video card 23 has a video chip (not shown) and a VRAM (not shown), receives a drawing command from the CPU 21, generates an image to be drawn, writes it in the VRAM, and reads it from the VRAM. The image is sent to the display 25 as drawing data. This display includes one built in the lid 3 of the notebook PC 10 and an external display 7 attached to the docking station 4.

  An I / O bridge 27, a CardBus controller 29, a mini PCI slot 33, and a docking interface 35 are connected to the PCI bus 15. The CardBus controller 29 is a controller that controls data transfer between the PCI bus 15 and a PC card (not shown). A CardBus slot 31 is connected to the CardBus controller 29, and a PC card (not shown) is inserted into the CardBus slot 31. For example, a mini PCI card (not shown) with a built-in wireless LAN module is mounted in the mini PCI slot 33. The docking interface 35 is hardware for connecting the notebook PC 10 and the docking station 4. When the notebook PC 10 is set in the docking station 4, the internal bus of the docking station 4 is connected to the docking interface 35. Various hardware components connected to the internal bus of the docking station 4 are connected to the PCI bus 15 via the docking interface 35.

  The I / O bridge 27 has a function as a bridge between the PCI bus 15 and the LPC bus 17. The I / O bridge 27 has an IDE (Integrated Device Electronics) interface function, and is connected to a magnetic disk device (HDD) 41 and an optical drive 43 (CD drive, DVD drive, etc.). Also connected to the I / O bridge 27 are a USB connector 39, a shutdown / reset logic 45, and an EEPROM 49. Various peripheral devices (not shown) compatible with USB are connected to the USB connector 37. The shutdown / reset logic 45 is connected to the power supply device 47. The core chip constituting the I / O bridge 27 includes a power management unit 48 for managing the power state of the notebook PC 10, and a shutdown / reset logic 45 is interposed between the power management unit 48 and the power supply device 47. By transmitting and receiving various signals, power supply to the notebook PC 10 can be controlled. The EEPROM 49 is a non-volatile memory in which stored contents can be electrically rewritten, and holds information such as a BIOS password and a product serial number.

  A BIOS flash ROM 51, a CMOS-RAM 53, and an I / O controller 55 are connected to the LPC bus 17. The BIOS flash ROM 51 is a non-volatile memory in which stored contents can be electrically rewritten. The BIOS is a software that performs a hardware test when the notebook PC 10 is started, the system BIOS that is a basic program used for starting and managing the system. A certain POST (Power-On Self Test), various utilities that are software for managing an operating environment such as a power supply and temperature, an INT13H handler for accessing the magnetic disk device 41, an ACPI BIOS to be described later, and the like are stored. The CMOS-RAM 53 is configured by connecting a volatile semiconductor memory to a backup power source, and functions as a non-volatile and high-speed storage means for storing hardware initial settings by the system BIOS. The I / O controller 55 includes an input / output device such as a keyboard 59 and a pointing device 61 such as a mouse or a track point (registered trademark) via an I / O connector 57 (except for the keyboard 59 and the pointing device 61. (Not shown) is connected.

  Note that FIG. 2 merely shows a simplified configuration and connection relationship of main hardware related to the present embodiment in order to describe the present embodiment. In addition to those mentioned in the above description, many devices are used to configure the notebook PC 10. However, they are well known to those skilled in the art and will not be described in detail here. Of course, a person skilled in the art can arbitrarily select a plurality of blocks shown in the figure as one integrated circuit or device, or conversely, one block can be divided into a plurality of integrated circuits or devices. It is included in the scope of the present invention as long as it can be performed.

  FIG. 3 is a schematic block diagram showing a configuration between the hardware of the notebook PC 10 according to the first embodiment of the present invention and software including a Windows (registered trademark) series OS of US Microsoft Corporation. . The execution program that is read into the main memory 21 and executed by the CPU 11 includes an OS 107, various device drivers that operate peripheral devices, an application program directed to a specific task, an event driver 113, and an event service 115. , And firmware stored in the BIOS flash ROM 51. The OS 107 includes WIN32 101 as an API (Application Program Interface), a kernel 103 that performs task management and job management, and ACPI. SYS105, screen saver 119, etc. are included. The firmware is, for example, an ACPI BIOS 109 that provides information to the OS 107 or processes a request from the OS 107 in an ACPI environment, and a system BIOS that performs device initialization.

  In FIG. 3, the ACPI BIOS 109 receives a detection signal such as ejection of the notebook PC 10 generated by the docking station 4 from the hardware 111 including the power management unit 48 and the docking interface 35. Control signal such as suspend. The event driver 113 extracts a system-specific event from the ACPI BIOS 109 and sends information about the extracted event to the event service 115. The event service 115 monitors the operation of the system based on information from the event driver 113. Note that the OS 107, various device drivers, application programs, event driver 113, and event service 115 software are normally installed in the magnetic disk device 41. When the notebook PC 10 starts up, the software is necessary. Are read into the main memory 21 and executed by the CPU 11. Further, the ACPI BIOS 109 according to the present embodiment can read information during a screen saver operation described later, and prohibit undocking according to the read information.

  The OS 107 includes a screen saver 119. The screen saver 119 is an executable application program, and is activated when it is acquired from the event service 115 that the idle state has continued for a preset time. The idle state refers to a state in which there is no operation input by the user through input means such as the keyboard 59 and the pointing device 61. When the screen saver 119 is operated, a screen different from the screen displayed before the screen saver 119 is activated is displayed on the display 25, and the user can operate the screen displayed before the activation. become unable. The screen displayed by the screen saver 119 may be as simple as, for example, a solid black color, more complex still images or videos, or characters such as “I'm just away from my seat”. But you can.

  In this embodiment, the screen saver 119 uses a function for requesting a password in order to return to a normal operable state, rather than the original function of preventing burn-in of the display. When the screen saver 119 obtains from the event service 115 that the idle state has been canceled by an operation input or the like while the screen saver 119 is operating, the screen saver 119 can request the user to input a password. This password is uniquely set regardless of the password entered when the user logs in to the OS 107. If the password entered by the user is correct, the screen saver 119 stops operating, and the display screen of the display 25 returns to the screen that was displayed before the screen saver 119 was started. Thus, the user can resume the operation of the screen that was displayed before starting. When no password is entered or when the entered password is incorrect, the screen saver 119 continues to operate, and the screen operation that was displayed before the user started up cannot continue to be resumed. . As a result, the screen saver 119 detects a state in which the authorized legitimate user is not operating the notebook PC 10, and is used as a means for preventing a third party from impersonating the legitimate user and operating the notebook PC 10. it can. In the following description, it is assumed that such a password function is valid for the screen saver 119. Further, the screen saver 119 according to the present embodiment can record and delete information during the screen saver operation described later.

  FIG. 4 is a flowchart showing an undock (hot undock) process performed when the notebook PC 10 is connected to the docking station 4 and is in a normal operation state in the first embodiment of the present invention. 4A shows processing performed when the screen saver is activated, and FIG. 4B shows processing performed when the screen saver 119 ends. In the present embodiment, when the screen saver 119 is activated (block 301), information during the screen saver operation is stored in the nonvolatile memory (block 303), and the operation of the screen saver 119 is started (block 303). Block 305). The non-volatile memory here may be a CMOS-RAM 53 or an EEPROM 49.

  Also, when the screen saver 119 finishes operation (block 311), the screen saver 119 requests the user to enter a password (block 313). If the entered password is correct, the screen saver 119 deletes information during the screen saver operation from the non-volatile memory (block 315) and stops the operation (block 317). That is, if it is a legitimate user, a correct password can be input and operation input from the keyboard 59 and the pointing device 61 can be resumed. However, since the third party cannot input the correct password, the operation of the screen saver 119 cannot be stopped. While the information during the screen saver operation is stored in the non-volatile memory, the color of the status display lamp 6 is changed from green to red, or the screen on which the screen saver 119 is operating is displayed. It is possible to alert the person who is trying to undock by a method such as displaying a message such as “Unable to undock during operation”.

  FIG. 4C shows an undock processing procedure performed when the eject button 5 is pressed. When the notebook PC 10 is not undocked, a locking mechanism (not shown) of the docking station 4 is locked so that the casing of the notebook PC 10 cannot be detached (undocked) from the docking station. The docking station 4 itself is connected to a fixed object such as a desk with a wire and a lock. Since the notebook PC 10 is configured so that the lock mechanism cannot be released unless the undock process is performed, a third party cannot undock and take out the notebook PC 10 unless the undock process is performed. Further, in the state before the undock process is completed, the eject button 5 provided in the docking station 4 can only instruct the OS to start the undock process. Now, the eject button 5 is pressed, and a signal indicating that the eject button has been pressed is output from the docking station 4 to the notebook PC 10. Upon receiving this signal, the CPU 11 executes the ACPI BIOS 109. When the ACPI BIOS 109 recognizes that the eject button 5 of the docking station 4 has been pressed, it starts undock processing (block 321) and notifies the event driver 113 of the eject event (block 323). The event driver 113 notifies the event service 115 as it is of the event notified from the ACPI BIOS 109 (block 325). The event service 115 regards that the eject button 5 has been pressed as one of the operation inputs, and releases the idle state (block 327).

  On the other hand, the ACPI BIOS 109 reads the screen saver operating information stored in the non-volatile memory (block 329), and determines whether the screen saver 119 is operating based on the presence or absence of the information (block). 331). If the screen saver 119 is not in operation, the undock process is continued, and the ACPI BIOS 109 issues an undock request defined in ACPI. SYS105 is notified (block 351) and ACPI. The SYS 105 performs an undock process for making the notebook PC 10 removable from the docking station 4 (block 353). When the undock process is completed, the docking station 4 releases the lock mechanism, permits the eject button 5 to physically separate the notebook PC 10 from the docking station 4, and turns off the display lamp 6. “ANDOK OK” is performed (block 355). As a result, the notebook PC 10 can be undocked (block 357). Here, when the user presses the eject button 5 again, the connector connecting the notebook PC 10 and the docking station 4 is separated by the lever action, and the notebook PC 10 is physically separated from the docking station 4.

  If the screen saver 119 is operating at block 331, the undock request is discarded and no further processing relating to undock is performed. At that time, it is possible to alert the person who has pressed the eject button 5 by a method such as blinking the status display lamp 6 or making a beep sound. Since the idle state is released at block 327, the screen saver 119 executes the end operation described in FIG. 4B (block 333). If the user is a valid user, the correct password can be input to stop the operation of the screen saver 119. When the operation of the screen saver 119 is stopped, the information during the operation of the screen saver is deleted from the nonvolatile memory. Therefore, if the user presses the eject button 5 again after the operation of the screen saver 119 stops, the user can The undock process can be resumed to undock the notebook PC 10. However, since a third party cannot input a correct password, the operation of the screen saver 119 cannot be stopped and the undock process cannot be resumed, and the notebook PC 10 cannot be undocked.

  As can be seen from the above description, the present embodiment does not require the hardware configuration to be changed or the addition of wires, and the screen saver 119 has a function for saving information during the operation of the screen saver. The ACPI BIOS 109 is connected to the ACPI.109 only when the screen saver is not operating. This can be realized by changing the system so that an undock request is sent to the SYS.

  On the other hand, in the second embodiment of the present invention, the screen saver 119 itself does not record and delete information during the screen saver operation, but the screen saver 119 is operated by the undocking prohibition function driver 117. Search for no. FIG. 5 is a schematic block diagram showing the configuration of software including the hardware of the notebook PC 10 and the Windows (registered trademark) series OS of Microsoft Corporation in the second embodiment of the present invention. The configuration shown in FIG. 5 is almost the same as the configuration in the first embodiment shown in FIG. 3, but the undock prohibition function driver 117 is installed in the kernel 103 and operates as one of the kernel mode drivers. Only the point to be different. The undocking prohibition function driver 117 includes a function for searching for whether or not the screen saver 119 is operating. The detailed operation will be described later. Other than that, the configuration is the same as that of the first embodiment shown in FIG.

  FIG. 6 is a program exemplifying detection of whether or not the screen saver 119 is operating, which is executed by the undock prohibition function driver 117. Here, two examples are shown. The programs described in these examples are created in Visual Basic (registered trademark), a programming language of Microsoft Corporation. FIG. 6A is an example using the API function SystemParametersInfo. Lines 201 and 202 are written in a declaration section or the like as a common part. Line 201 declares that the API function SystemParametersInfo included in WIN32 101 is to be used. Line 202 defines the constant SPI_GETSCREENSAVERRUNNING. Line 203 is a procedure ScreenSaver_Check that detects the operation of the screen saver 119. Line 204 defines two variables lngSaverOn and lngRet, both of which are long integer types. When the function SystemParametersInfo on the line 205 is executed, the value of the variable lngSaverOn becomes 1 if the screen saver 119 is operating. If the screen saver 119 is not operating, the variable lngSaverOn is zero. If the value of the variable lngSaverOn is 1, a line 206 performs processing when the screen saver 119 is operating.

  FIG. 6B is an example of interpreting the operation of the screen saver 119 from the message WM_SYSCOMMAND using the window procedure WndProc that processes the event on the OS acquired by the event service 115. After defining the constant in line 211, WndProc is defined as a function in line 212. In line 213, the type of message is determined. If the message is WM_SYSCOMMAND (line 214) and the variable wParam is the constant SC_SCREENSAVE, the screen saver 119 is operating. Do the processing when you are. Line 216 is the default process. In the examples of FIGS. 6A and 6B, the names of variables and procedures are arbitrary (except for WndProc). The same API functions and window procedures can be used by using programming languages other than Visual Basic (registered trademark), such as Visual C ++ (registered trademark) of Microsoft Corporation in the United States and Delphi (registered trademark) of Borland Corporation in the United States. Can be used to create a program that performs the same process.

  FIG. 7 is a flowchart showing an undock (hot undock) process performed when the notebook PC 10 is connected to the docking station 4 and is in a normal operation state in the second embodiment of the present invention. Now, when the eject button 5 is pressed, a signal indicating that the eject button has been pressed is output from the docking station 4 to the notebook PC 10. The CPU 11 that has received this signal executes the ACPI BIOS 109. When the ACPI BIOS 109 recognizes that the eject button 5 of the docking station 4 has been pressed, undock processing is started (block 401), and the event driver 113 is notified of the eject event (block 403). The event driver 113 notifies the event service 115 as it is of the event notified from the ACPI BIOS 109 (block 405).

  The event service 115 that has been notified of the eject event here considers that the eject button 5 has been pressed as one of the operation inputs, releases the idle state (block 406), and prohibits undocking that operates in the kernel 103. The function driver 117 is activated (block 407). The undocking function driver 117 accesses the API function SystemParametersInfo described in FIG. 6A to detect whether or not the screen saver 119 is operating (block 409), and detects the detected screen saver. The operation state of 119 is stored in the non-volatile memory (block 411). The non-volatile memory here may be a CMOS-RAM 53 or an EEPROM 49. After that, the undock prohibition function driver 117 reads ACPI. The docking station 4 notifies the ACPI BIOS 109 of an undocking request for releasing the locking mechanism (not shown) via the SYS 105 (block 413). At this time, the ACPI BIOS 109 reads the operation state of the screen saver 119 stored in the nonvolatile memory (block 415), and determines whether or not the screen saver 119 is operating (block 417). At block 417, if the screen saver 119 is not in operation, the undock process is continued. The subsequent undock process is the same as that of the first embodiment described in FIG.

  If the screen saver 119 is operating at block 417, the undock request is discarded and no further processing relating to undock is performed. At that time, the eject button 5 is pressed by blinking the status display lamp 6 or displaying a message such as “Unable to undock while the screen saver is operating” on the display 25. You can also call attention to those who Then, the screen saver 119 released from the idle state in block 406 requests the user to input a password (block 419). Here, if the user is a valid user, the correct password can be input to terminate the operation of the screen saver 119, and the operation input from the keyboard 59 and the pointing device 61 can be resumed (block 421). If the eject button 5 is pressed again, the screen saver 119 is not operating, so the undock process can be resumed and the notebook PC 10 can be undocked. However, since the third party cannot input a correct password, the operation of the screen saver 119 cannot be stopped and the undock process cannot be resumed, so that the notebook PC 10 cannot be undocked.

  As can be seen from the above description, the present embodiment can be implemented only by adding and changing software, in which an undock prohibition function driver 117 is added and the ACPI BIOS 109 is changed to one corresponding to undock prohibition. Of course, there are no hardware changes. The screen saver may be a standard provided in the OS.

  By the way, in the power management setting of the notebook PC 10, when the idle state is continued and the screen saver 119 is operating in the notebook PC, when the idle state continues for a longer time, the notebook PC 10 shifts to the suspended state. It is usually set to do. When the notebook PC enters the suspend state, it is considered that the user is away from the seat for a certain period of time as in the case where the screen saver operates. In the third embodiment of the present invention, when the notebook PC 10 attached to the docking station 4 enters the suspend state and the eject button 5 is pressed, the notebook PC 10 is once operated under the control of the OS. After returning to a normal operation state (resume), theft can be prevented by the same processing as in the first and second embodiments. Further, if the notebook PC 10 is undocked and then suspended again, warm undock can be realized.

  FIG. 8 is a flowchart showing an undocking (warm undocking) process performed when the notebook PC 10 is connected to the docking station 4 and is in the suspended state as the third embodiment of the present invention. In FIG. 8, the same reference numerals are assigned to blocks that perform the same processing as in FIG. When the eject button 5 is pressed, a signal indicating that the eject button has been pressed is output from the docking station 4 to the notebook PC 10. The CPU 11 that has received this signal executes the ACPI BIOS 109. When the ACPI BIOS 109 recognizes that the eject button 5 of the docking station 4 has been pressed, undock processing is started (block 401), and the event driver 113 is notified of the eject event (block 403). The event driver 113 notifies the event service 115 of the event notified from the ACPI BIOS 109 (block 405). Note that, in the notebook PC 10 and the docking station 4, power is supplied to the devices and circuits necessary for the processes described so far even in the suspended state.

  Here, in order to perform the undock process, it is necessary to return (resume) the notebook PC 10 once to a normal operation state that operates under the control of the OS. Therefore, the ACPI BIOS 109 replaces the eject event with a wake-up request defined in the ACPI standard, and replaces the ACPI. The SYS 105 is notified (block 501). ACPI. The SYS 105 notifies the kernel 103 of this. As a result, ACPI. The SYS 105 resumes the notebook PC 10 from the suspended state (block 503). Upon receiving the notification of the eject event, the event service 115 considers that the eject button 5 has been pressed as one of the operation inputs and releases the idle state (block 406), and the undock prohibition function driver that operates in the kernel 103 117 is activated (block 407). The undocking function driver 117 accesses the API function SystemParametersInfo described in FIG. 6A to detect whether the screen saver 119 is operating (block 409), and detects the detected screen saver. The contents of the operation 119 are stored in the nonvolatile memory (block 411).

  After that, the undock prohibition function driver 117 reads ACPI. An undocking request for causing the docking station 4 to release the locking mechanism (not shown) is notified to the ACPI BIOS 109 via the SYS 105 (block 413). At this time, the ACPI BIOS 109 reads the operation content of the screen saver 119 stored in the non-volatile memory (block 415), and determines whether the screen saver 119 is operating. In block 417, if the screen saver is operating, the undock request is discarded and no further processing relating to undock is performed. The subsequent processing is the same as that of the second embodiment described in FIG.

  At block 417, undock processing is continued if the screen saver is not active. The undock process performed here is the same as that in the case of the hot undock described as blocks 351 to 355 in FIGS. 4 and 6, so the reference numerals are also the same and the description is omitted. When the ACPI BIOS 109 completes the “undock OK” process, the event driver 113 is notified that the undock process has been completed (block 505). The event driver 113 notifies the event service 115 of this (block 507). When the event service 115 recognizes that the undock process has ended, it notifies the kernel 103 of a suspend request (additional process event) so as to return from the normal operation state to the suspend state (block 509). As a result, the kernel 103 shifts the notebook PC 10 from the normal operation state to the suspended state (block 511). Here, when the user presses the eject button 5 again, the notebook PC 10 is physically separated from the docking station 4 in the suspended state. This completes the warm undocking (block 513).

  Note that the same operation as described above is possible even if the “suspend state” described above is changed to a “standby state” or a “state in which hibernation is performed”. Further, without using the screen saver password function, it is also possible to perform processing for prohibiting undock using an operation state such as a suspended state or a state where hibernation is executed. However, when returning from these operating states to a state where operation input can be resumed, it must be possible to authenticate a valid user by inputting a password or the like.

  On the other hand, as described above, the screen saver 119 is not activated unless the idle state continues for a set time. This set time is normally set by the user in “Display Properties” of Windows (registered trademark), but the set time that can be set there is at least one minute. However, no password protection is performed until the screen saver 119 is activated after the legitimate user leaves the seat. Moreover, the time from when the eject button 5 is pressed until the undocking process is completed is about several seconds, which is much shorter than one minute. Therefore, even if the time from when the legitimate user leaves the seat until the screen saver 119 is activated is set to the minimum one minute, there is a risk that the notebook PC 10 can be easily undocked by a third party.

  Thus, in the present embodiment, a leave button can be provided. FIG. 9 is a conceptual diagram showing an example of the configuration of the away button. The away button is a button that is pressed when the user temporarily interrupts the operation, such as when removing the seat for a purpose. When the button is pressed, the screen saver 119 is activated immediately and password protection is activated. For example, as shown in FIG. 9A, a function as an away button is provided for a specific key 601 in the keyboard 8, more specifically, a specific function key or shortcut key to which no function is assigned. May be assigned. Further, as shown in FIG. 9B, a button 613 displayed on the display screen 611 or an icon in the task tray 615 may be clicked by the pointing device 61 as a leaving button. In this way, if the user presses the away button when leaving the seat, it is possible to virtually eliminate the time zone that is unprotected against undocking by a third party. Of course, when a legitimate user resumes the operation, the password requested by the screen saver 119 may be input.

  The screen saver 119 can be activated by using an API function shown in the program example of FIG. This example is also created with Visual Basic (registered trademark) in the same way as the example of FIG. 6, but even if other programming languages are used, a program that performs the same processing is created using the same API function. be able to. Lines 621 and 622 are written in a declaration section or the like as a common part. Line 621 declares that the API function SendMessage included in WIN32 101 is to be used. Line 622 defines the constants WM_SYSCOMMAND and SC_SCREENSAVE. Line 623 is a procedure ScreenSaver_Start for starting the screen saver 119. Line 624 defines a variable Ret that is a long integer type. When the function SendMessage on line 625 is executed, the screen saver 119 is activated. Note that the names of variables and procedures are arbitrary.

  In the embodiments described so far, the screen saver 119 operating state, the suspended state, and the state in which hibernation is executed correspond to the state in which the authorized user is not operating the notebook PC 10. Have been used as. However, there are several other possible operating states of the notebook PC 10 that can be regarded as corresponding to a state in which a legitimate user is not operating the notebook PC 10. For example, a logoff state, a computer locked state, or the like can be used. In any case, when returning to a state where operation input can be resumed, it is assumed that a valid user is authenticated by inputting a password or the like. As described in the description of the first embodiment described above, it is possible to notify these operating states to a BIOS or the like that actually performs an undock process using a nonvolatile memory. Further, as described in the description of the second embodiment, it is possible to directly detect these operation states by an API function or the like. Of course, as means for authenticating a legitimate user, in addition to inputting a password, for example, biometric information such as fingerprints, veins, irises, etc., or electronic information stored in a medium such as a smart card or USB token is used. It can also be used.

  The computer lock here is an operation that can be performed by Windows (registered trademark) NT / 2000 / XP participating in the domain, and temporarily prevents an operation by a non-logged-on user. Is. A legitimate user who is logged on and using a PC locks the PC by simultaneously pressing the three keys ctrl + alt + del on the keyboard 59 and selecting “Lock Computer” from the dialog that appears on the screen. Is possible. The locked PC displays a screen different from the screen operated by the user. Unless the ID and password of a legitimate user who is logged on are input, the original screen operated by the user cannot be returned.

  In the embodiments described so far, the OS is described as Windows (registered trademark), but the implementation of the present invention is not necessarily limited to Windows (registered trademark). For example, an OS such as Linux or FreeBSD can manage the internal power supply of the PC by ACPI and can be used as an OS of a notebook PC having a docking station. Therefore, the present invention can be implemented for OSs other than Windows (registered trademark).

  Further, in the embodiments described so far, the explanation has been made on the assumption that the eject button 5 serving both as a switch and a physical mechanism is used. However, the embodiment of the present invention is not necessarily performed in such a form. It is not limited to. A means for instructing undock may be provided on the notebook PC 10 side. The means for instructing undock does not have to be a switch. For example, a button displayed on the display screen or an icon in the task tray may be clicked by the pointing device 61.

  Although the present invention has been described with the specific embodiments shown in the drawings, the present invention is not limited to the embodiments shown in the drawings, and is known so far as long as the effects of the present invention are achieved. It goes without saying that any configuration can be adopted.

  It can be used for a computer that can be used by connecting to a docking station.

It is an external view which shows the typical structure of the notebook PC connected to the docking station. 1 is a schematic block diagram showing a system configuration of a notebook PC according to an embodiment of the present invention. It is a schematic block diagram which shows the structure between the hardware of the notebook PC concerning the 1st Embodiment of this invention, and the software containing OS. 4 is a flowchart showing an undock (hot undock) process performed in a normal operation state in the first embodiment of the present invention. It is a schematic block diagram which shows the structure between the hardware of the notebook PC concerning the 2nd Embodiment of this invention, and the software containing OS. 7 is an example of a program for detecting whether or not a screen saver is operating in the second embodiment of the present invention. 9 is a flowchart showing an undock (hot undock) process performed in a normal operation state in the second embodiment of the present invention. It is a flowchart showing the process of the undock (warm undock) performed when it is a suspended state in the 3rd Embodiment of this invention. It is a conceptual diagram shown about the form of the equipment of a leaving button.

Explanation of symbols

4 Docking station 5 Eject button 6 Status indicator lamp 10 Notebook PC
11 CPU
21 Main memory 25 Display 35 Docking interface 41 Magnetic disk unit 41
49 EEPROM
51 BIOS flash ROM
53 CMOS-RAM
61 Pointing device 101 WIN32
103 Kernel 105 ACPI. SYS
107 OS
109 ACPI BIOS
113 Event driver 115 Event service 117 Undock prohibition function driver 119 Screen saver

Claims (18)

A method of prohibiting undocking of a computer mounted on a docking station having a lock mechanism released by undock processing,
Operating the computer in a first state in which a user is operating and input;
Transitioning the computer from the first state to a second state in which the user cannot input operations;
Storing undocking prohibition information in the computer in response to the computer transitioning to the second state;
Requesting the user to enter authentication information when the computer returns from the second state to the first state;
The computer receiving the request for the undock process;
The computer searching for the undocking prohibition information in response to the request for the undocking process;
An undocking prohibition method comprising: prohibiting the undocking process when the computer detects the undocking prohibition information.   2. The undock prohibition method according to claim 1, further comprising the step of erasing the stored undock prohibition information in response to the step of returning from the second state to the first state.   The undocking prohibition method according to claim 1, wherein the second state is a state in which a screen saver is operated.   The undocking prohibition method according to claim 1, wherein the second state is a suspended state.   The undocking prohibition method according to claim 1, wherein the second state is a state in which hibernation is executed.   The undock prohibition method according to claim 1, wherein the step of shifting from the first state to the second state includes a step in which the computer receives an operation signal from the outside.   The undock prohibition method according to claim 1, wherein the step of shifting from the first state to the second state is executed when there is no operation input from the user for a certain time in the computer.   The undock prohibition method according to claim 1, further comprising a step of notifying the user of an undock prohibition state in response to the undock prohibition information being stored in the computer. Starting the undocking process when the computer does not detect the undocking prohibition information;
The undock prohibition method according to claim 1, further comprising the step of releasing the lock mechanism in response to the end of the undock process to allow the computer to be detached. A method of prohibiting undocking of a computer coupled to a docking station having a lock mechanism released by undock processing,
Operating the computer in a first state in which a user is operating and input;
Transitioning the computer from the first state to a second state in which the user cannot input operations;
Requesting the user to enter authentication information when the computer returns from the second state to the first state;
The computer receiving the request for the undock process;
Searching for whether the computer is operating in the second state in response to a request for the undock process;
An undocking prohibition method comprising the step of prohibiting the undocking process when it is detected that the computer is operating in the second state.   The undock prohibition method according to claim 10, wherein a request for the undock process is received from the docking station.   The undock prohibition method according to claim 10, wherein the second state is logoff.   The undocking prohibition method according to claim 10, wherein the second state is a state where the computer is locked. A computer that can be attached to a docking station having an eject button and a lock mechanism that is released by an undock process,
Display,
A processor;
Non-volatile memory;
In the processor,
Transitioning the computer from a first state in which a user is performing operation input to a second state in which the user is unable to perform operation input;
Storing undocking prohibition information in response to transition to the second state;
Receiving authentication information from the user when returning from the second state to the first state;
Receiving a request for the undocking process;
Searching the undocking prohibition information in response to the request for the undocking process;
And a recording medium storing a program for executing a step of prohibiting the undock process when the undock prohibition information is detected.   15. The computer according to claim 14, wherein the request for the undock process is given by operating the eject button.   The computer according to claim 14, wherein the request for the undock process is given by the computer. A computer that can be attached to a docking station having an eject button and a lock mechanism that is released by an undock process,
Means for operating the computer in a first state in which a user is operating and input;
Means for causing the computer to transition from the first state to a second state in which the user cannot perform operation input;
Means for storing undocking prohibition information in said computer in response to said computer transitioning to said second state;
Means for requesting the user to enter authentication information when returning from the second state to the first state;

Means for receiving a request for the undock process;
Means for the computer to search the undocking prohibition information in response to the request for the undocking process;
And a computer for prohibiting the undock process when the undock prohibition information is detected. A computer that can be attached to a docking station having an eject button and a lock mechanism that is released by an undock process,
Means for operating the computer in a first state in which a user is operating and input;
Means for causing the computer to transition from the first state to a second state in which the user cannot perform operation input;
Means for requesting the user to enter authentication information when returning from the second state to the first state;
Means for receiving a request for the undock process;
Means for searching for whether or not the computer is operating in the second state in response to the request for the undocking process;
And a computer for prohibiting the undock process when it is detected that the computer is operating in the second state.

Images