JP2008077413A - Thin client, thin client system, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance user convenience by permitting information to be recorded in a thin client and to specify the recorded information even if the thin client is lost or stolen. <P>SOLUTION: In a thin client system 10, a thin client has a CPU/memory 101 that is operated as it is switched between a first operating configuration in which the thin client 100 is operated by means of an OS recorded in an HDD 111 and a second operating configuration in which the thin client is operated by means of an OS recorded in an HDD 202; and a write inhibiting process module 108 which permits data to be written in the HDD 111 if a predetermined write command recognizable by the OSs is input, regardless of in which of the operating configurations the thin client is operated, and which, when the thin client is operated in the first operating configuration, inhibits data from being written in the HDD 111 even if a write command recognizable by the OSs is input to the thin client. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a thin client system used in, for example, an enterprise information system, a thin client that is a computer used by a user in the thin client system, and a program applied to the thin client.

  In recent years, for example, in an information system of a company or the like, a thin client system in which a computer used by a user has a minimum function and a server manages resources such as application software and files has been widely used. ing.

  In this type of thin client system, a computer used by a user is called a thin client. As a form of the thin client, for example, a mobile personal computer is used. While a mobile personal computer is used as a thin client in a normal office, since it is easy to carry, the mobile personal computer may be used by taking it to a customer, the site, or another office.

  If this mobile personal computer is lost or stolen when it is taken out, if the important data such as confidential information remains recorded, the confidential information may be leaked.

  Therefore, various products have been developed as countermeasures for preventing information leakage from mobile personal computers that can be used as thin clients.

(1) Ardence (network boot thin client) (Non-patent Document 1)
In Ardence (Non-Patent Document 1), an OS image of a thin client used by a mobile personal computer or the like exists in storage via a network, and OS boots from the storage on the network. All read / write request processing that occurs on the thin client during operation is performed for storage on the network. Accordingly, all update data generated in the thin client is recorded in the storage on the network. As a result, even when a mobile personal computer is used as a thin client, data is not stored in the local disk of the mobile personal computer, so that the risk of information leakage from the mobile personal computer is suppressed.

(2) Thin client using Windows (registered trademark) Embeded / Windows CE
In a thin client using Windows Embeded / Windows CE, the OS is started from the ROM. Thus, since the recording medium is a ROM, data cannot be recorded on the thin client. This has the effect of reducing the risk of information leakage due to theft or loss of a mobile personal computer used as a thin client.

  However, the technologies (1) and (2) are based on the premise that a mobile personal computer or the like is connected to the network as a thin client, and cannot cope with an environment that is not connected to the network, such as a mobile environment. The following products have been developed to cope with this.

(3) Microsoft Shared Computer Toolkit for Windows XP (Non-patent Document 2)
Microsoft Shared Computer Toolkit for Windows XP (Non-Patent Document 2) is a tool for shared computers used in public places such as schools, libraries, and Internet cafes. The tool has the ability to prevent changes made by the user, virus, spyware, or other programs from being cleared every time the computer is restarted, thanks to the Windows Disk Protection feature.

(4) HD Revolution / Win Protector (Ark Information Systems Inc.) (Patent Document 1, Non-Patent Document 3)
HD Revolution / Win Protector has a function to clear the writing to the local disk by rebooting.

(5) Virtual Thin Client (Net World Co., Ltd.) (Non-Patent Document 4)
The virtual thin client has a function of clearing writing to the local disk by restarting. In addition, it has a function of controlling execution of an executable file (application).

By using the products of (3) to (5) above, data writing to the hard disk of a mobile personal computer used as a thin client is suppressed to prevent illegal data take-out. Security can be ensured even when taken out to an environment not connected to the network.
JP 2005-352535 A http://www.j-bxp.jp/ http://www.microsoft.com/japan/windowsxp/sharedaccess/default.mspx http://www1.ark-info-sys.co.jp/products/products_pc/ hdwinpro2 / index.html http://www.networld.co.jp/faronics/virtual_thinclient.htm

  However, in the techniques (3) to (5), data is uniformly cleared at the time of restart regardless of the contents of the data. That is, even known information that does not require confidentiality is cleared. For this reason, when a mobile PC used as a thin client is taken out and used, no information can be recorded, and it is not necessary to keep confidential information, such as catalog materials, and there is no security problem. There is a problem that data cannot be taken out at all and it is inconvenient.

  In view of such circumstances, in the present invention, the convenience of the user is improved by allowing the recording of information on the thin client. In addition, the server has a function of grasping information recorded in the thin client. As a result, even if the thin client is lost or stolen, the information recorded therein can be specified.

  That is, the present invention allows the recording of information on the thin client, improves the convenience of the user, and has a function that allows the server to grasp the information recorded on the thin client, so that the thin client should An object is to provide a thin client, a thin client system, and a program capable of specifying information even when the client is lost or stolen.

  In order to achieve the above object, the present invention takes the following measures.

  That is, the present invention relates to a thin client system including a thin client including a first recording device and a second recording device connected to the thin client via a network, and the thin client. Furthermore, the present invention relates to a program applied to the thin client.

  Then, the thin client uses the first operating system recorded in the first recording device to operate the thin client itself, and the second operating mode recorded in the second recording device. Even when the thin client is operated in either the first or second operation mode, the switching means for switching and operating the second operation mode for operating the thin client itself using the system, When a predetermined write command that cannot be recognized by both the first and second operating systems is input to the thin client, writing that permits the thin client to write data to the first recording device When the thin client is operated according to the permission means and the first operation mode, the first operating system Be recognizable write command is input to the thin client Te, formed by a first write inhibiting means for inhibiting the writing of data by the thin client to the first recording device.

  The client further includes writing means for writing the data permitted to be written to the first recording device by the writing permission means to the second recording device via the network together with log information, and writing means In the case where writing according to the above cannot be performed, a second writing prohibiting unit that prohibits writing of data permitted by the writing permitting unit to the first recording device may be provided.

  Here, the writing permission means further determines whether or not the data is pre-approved data, and only when it is determined that the data is pre-approved data, the data is transferred to the first recording device. Allow writing.

  According to the present invention, it is possible to record information on a thin client, improve user convenience, and provide a function that allows the server to grasp information recorded on the thin client. Even if a client is lost or stolen, a thin client, a thin client system, and a program that can specify information can be realized.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

(First embodiment)
FIG. 1 is a conceptual diagram illustrating a configuration example of a thin client system 10 according to the first embodiment.

  That is, in the thin client system 10 according to the first embodiment, a thin client 100 such as a mobile personal computer can be connected to the update history server 200 via the network 400.

  The update history server 200 includes a hard disk (HDD) 202 that is a recording device, an information recording unit 201 that reads / writes information from / to the HDD 202, and a network interface card (NIC) 203 that functions as an interface with the network 400. Yes. The HDD 202 records an OS image used by the thin client 100. This OS is used for starting the thin client 100 connected to the update history server 200 via the network 400. The NIC 203 receives data sent from the thin client 100 via the network 400 or sends data sent from the information recording unit 201 to the thin client 100 side via the network 400. The information recording unit 201 writes data received by the NIC 203 to the HDD 202, acquires data from the HDD 202, and sends the data to the NIC 203.

  The network 400 includes a LAN such as Ethernet (registered trademark) or a WAN to which a plurality of LANs are connected via a public line or a dedicated line. In the case of a LAN, it is composed of a number of subnets via routers as necessary. In the case of a WAN, a firewall or the like for connecting to a public line is provided as appropriate, but illustration and detailed description thereof are omitted here. In FIG. 1, only one thin client 100 is shown for simplicity, but a plurality of thin clients 100 can be connected to the update history server 200.

  The thin client 100 has the same hardware configuration as a standard personal computer, and has a built-in hard disk (HDD) 111 as a recording device. The thin client 100 may include a display, a keyboard, a mouse, etc., but is not shown in FIG. 1 for simplicity. An OS image is recorded in the HDD 111. When the thin client 100 is used in a mobile environment without being connected to the network 400, the thin client 100 reads the OS image recorded in the HDD 111, and this OS Operates on the CPU / memory 101.

  On the other hand, the thin client 100 is recorded in the HDD 202 of the update history server 200 when used in an environment connected to the network 400, such as when used in a normal office, not in a mobile environment. Boot using the OS image. In this case, the OS image recorded on the HDD 202 is acquired by the information recording unit 201 and then sent to the NIC 203, and further sent from the NIC 203 to the NIC 107 of the thin client 100 via the network 400 to be sent to the thin client 100. . As a result, this OS operates on the CPU / memory 101.

  As described above, the CPU / memory 101 of the thin client 100 is activated using the OS image recorded in the HDD 111 in the mobile environment, and is activated using the OS image recorded in the HDD 202 in the network environment. In addition, it can be operated by switching the form.

  Further, in the thin client 100, the HDD driver 109 operates in the kernel space 101b in the CPU / memory 101. The HDD driver 109 performs operations such as reference (Read) and write (Write) to the HDD 111 via the IDE or SCSI interface 110. Further, a general application 102 and a writing tool 103 are operating in the user space 101a.

  The write prohibition processing module 108 operates above the HDD driver 109, and a processing request to the HDD driver 109 is passed to the HDD driver 109 via the write prohibition processing module 108.

  The write prohibition processing module 108 hooks the write request 106 issued by the OS and the write request 104 issued by the general application 102 and prevents data writing (including updating) from being performed on the HDD 111. Specifically, after hooking the Write requests 104 and 106, the cache is cached in a memory area or other cache area such as a dedicated area, and writing to the HDD 111 is not performed. The next time a read request is made to the same sector, the cached data is returned. The contents of this cache disappear when the OS is restarted. If the read request is for data that has not been cached, the HDD driver 109 acquires desired data from the HDD 111 and returns the acquired data.

  When operating in a network environment, the thin client 100 can write data to the HDD 111 (including updating) by using the writing tool 103. For example, when the user wants to write the file 301 to the HDD 111, the user specifies the file 301 to the writing tool 103 and instructs the writing. The writing tool 103 issues a write request 105 including a special command for a special write instruction to the write prohibition module 108. This special write command is unrecognizable by the OS or the general application 102 and is determined in advance.

  When this dedicated command is input and the file 301 is further specified, the writing tool 103 sends the input dedicated command to the write prohibition processing module 108 and the NIC 107 as a write request 105 for writing the file 301. This Write request 105 also includes log information (for example, information including date and time).

  The write prohibition processing module 108 determines whether the dedicated command included in the write request 105 sent from the writing tool 103 is a predetermined correct dedicated command. If it is determined that the command is a correct dedicated command, the dedicated command is converted into a Write command that can be recognized by the HDD driver 109, and a Write request 105 including the converted Write command is sent to the HDD driver 109 and the NIC 107. . When the write request 105 is sent from the write prohibition processing module 108, the HDD driver 109 recognizes the write command included in the write request 105 and starts writing the file 301 specified by the write request 105 to the HDD 111. Further, when the write request 105 is sent from the write prohibition processing module 108, the NIC 107 acquires the file 301 specified by the write request 105 through the writing tool 103, and the acquired file 301 is sent to the write request 105. It is sent to the update history server 200 via the network 400 together with the included log information.

  The file 301 and log information sent to the update history server 200 in this way are acquired by the information recording unit 201 via the NIC 203 and further written to the HDD 202 by the information recording unit 201.

  As a result, when the file 301 is written to the HDD 111, the same file 301 and log information are also written to the HDD 202.

  If a failure or the like occurs in the network 400, writing to the HDD 202 may fail. For this reason, writing is not performed simultaneously on the HDD 202 and the HDD 111, but writing to the HDD 111 is performed after successful writing to the HDD 202 in file units. For example, the writing tool 103 can recognize that a failure has occurred in the network 400 by detecting that the transmission speed of data transmitted from the NIC 107 to the NIC 203 has become smaller than a predetermined value. When it is recognized that some kind of failure has occurred in the network 400, a message indicating that the file 301 cannot be written to the HDD 111 is displayed from a display (not shown) of the thin client 100.

  As a result, when a failure or the like occurs in the network 400 and the file 301 and log information cannot be written to the HDD 202, the file 301 is not written to the HDD 111.

  Next, the operation of the thin client 100 in the thin client system 10 according to the present embodiment configured as described above will be described with reference to the flowchart of FIG.

  That is, I / O such as a Write request and a Read request that can be generated in the thin client 100 is issued by the general application 102 (S1), issued by the OS (S2), and issued by the writing tool 103. There are three types of things to do (S3).

  These issued I / Os are all input to the write prohibition processing module 108 (S4). When such an I / O is input, the write prohibition processing module 108 determines whether the command is a dedicated command (S5). As described above, the dedicated command is issued only from the writing tool 103. Since the I / O from the general application 102 and the I / O from the OS do not include a dedicated command (S5: No), the process proceeds to step S6 in this case.

  In step S6, the write prohibition processing module 108 determines the type of I / O. When the I / O is a write request (S6: Write), after the write request is hooked by the write prohibition processing module 108, data is cached in a cache area such as a memory or other dedicated area. Thus, data is written (S7). As a result, data writing to the HDD 111 is not performed.

  On the other hand, if the I / O is a read request in step S6 (S6: Read) and this is a read request for the data cached in step S7 (S8: Yes), the cached data is transferred from the cache area. Read is performed (S9).

  On the other hand, if the read request is for data that has not been cached in step S8 (S8: No), this read request is sent to the HDD driver 109 (S12), and the HDD driver 109 sends a desired request from the HDD 111. Data is acquired (S13).

  In step S4, if the I / O input to the write prohibition processing module 108 includes a dedicated command from the writing tool 103 (S5: Yes), the write prohibition processing module 108 causes the dedicated command to be received. It is then determined whether the command is a predetermined correct dedicated command (S10).

  If it is determined that the command is correct (S10: Yes), this dedicated command is converted into a Write command that can be recognized by the HDD driver 109 (S11), and a Write request 105 including the converted Write command is generated. The data is sent to the HDD driver 109 and the NIC 107 (S12). In the HDD driver 109, when a write request 105 is sent from the write prohibition processing module 108, the write command included in the write request 105 is recognized, and the data such as the file 301 specified in the write request 105 is transferred to the HDD 111. Writing is started (S13). In the NIC 107, when a write request 105 is sent from the write prohibition processing module 108, data such as the file 301 specified by the write request 105 is acquired via the writing tool 103, and the acquired file 301 is stored in the NIC 107. The log information included in the write request 105 is sent to the update history server 200 via the network 400.

  On the other hand, if it is determined in step S10 that the command is not a correct dedicated command (S10: No), the subsequent processing is not performed.

  As described above, in the thin client system 10 according to the present embodiment, information can be written in the HDD 111 of the thin client 100 by the operation as described above. As a result, when the user uses the thin client 100 in a mobile environment, the user can record necessary information on the HDD 111 and take it out, so that the convenience of the user can be improved.

  However, when information is written to the HDD 111 of the thin client 100, the same file 301 is also written to the HDD 202 of the update history server 200 together with the log information. This makes it possible for the update history server 200 to easily grasp when and what information has been written in the HDD 111 of the thin client 100. As a result, even if the thin client 100 is lost or stolen, it is possible to easily identify what information is recorded in the thin client 100.

(Second Embodiment)
A second embodiment of the present invention will be described with reference to FIG.

  FIG. 3 is a conceptual diagram illustrating a configuration example of the thin client system 20 according to the second embodiment.

  The thin client system 20 according to the present embodiment is a modification of the thin client system 10 according to the first embodiment. In the conceptual diagram of FIG. 3, a permission certificate 302 is assigned to a file 301. Only the point is different. Therefore, here, the same portions are denoted by the same reference numerals, and redundant description is omitted, and only differences from the first embodiment will be described.

  That is, in the client system 20 according to the present embodiment, the file 301 to be written is limited to those permitted in advance by applying electronic authentication technology. That is, the user can write to the HDD 111 only in advance with the file 301 that has been previously permitted by an electronic authentication technology such as PKI and has been given the permission certificate 302, and for the file to which the permission certificate 302 has not been given, This prevents writing to the HDD 111.

  In this case, when the user wants to write the file 301 to the HDD 111, the file 301 and the permission certificate 302 are specified for the writing tool 103.

  When the file 301 and the permission certificate 302 are designated, the writing tool 103 confirms whether the file 301 is a previously permitted file based on the file 301 and the permission certificate 302.

  Then, only when it is confirmed that the file 301 is a file permitted in advance, a dedicated command is sent to the write prohibition processing module 108 and the NIC 107 as a write request 105 for writing the file 301. Thereafter, the writing tool 103, the write prohibition processing module 108, the HDD driver 109, the NIC 107, the NIC 203, and the information recording unit 201 operate as described in the first embodiment, so that the file 301 that has been previously permitted is changed. The same file 301 and log information are written to the HDD 202 as well.

  On the other hand, if the designated permission certificate 302 does not exist, the contents are invalid, or the correspondence with the file 301 is not taken, the designated file 301 has been authorized in advance. It is determined that it is not a thing. In this case, the write prohibition processing module 108 displays a message indicating that the file 301 cannot be written from a display (not shown) and does not issue the write request 105. As a result, the file 301 is not written to the HDD 111.

  As described above, in the thin client system 20 according to the present embodiment, the information written in the HDD 111 of the thin client 100 in the first embodiment is limited to information that has been approved in advance in the first embodiment. can do.

  As a result, for example, only a file permitted by an appropriate person or department can be written in the HDD 111 by a workflow.

  The best mode for carrying out the present invention has been described above with reference to the accompanying drawings, but the present invention is not limited to such a configuration. Within the scope of the invented technical idea of the scope of claims, a person skilled in the art can conceive of various changes and modifications. The technical scope of the present invention is also applicable to these changes and modifications. It is understood that it belongs to.

The conceptual diagram which shows the structural example of the thin client system which concerns on 1st Embodiment. 6 is a flowchart showing an operation of a thin client in the thin client system according to the first embodiment. The conceptual diagram which shows the structural example of the thin client system which concerns on 2nd Embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10,20 ... Thin client system, 100 ... Thin client, 101 ... CPU / memory, 101a ... User space, 101b ... Kernel space, 102 ... General application, 103 ... Write tool, 104, 105, 106 ... Write request, 107 ... Network information card (NIC) 108 ... Write prohibition processing module 109 ... HDD driver 110 ... Interface 111 ... Hard disk (HDD) 200 ... Update history server 201 ... Information recording unit 202 ... Hard disk (HDD) 203 ... Network interface card (NIC), 301 ... File, 302 ... Authorization certificate, 400 ... Network

Claims (9)

In a thin client system comprising a thin client comprising a first recording device and a second recording device connected to the thin client by a network,
A first operation mode in which the thin client is operated using the first operating system recorded in the first recording device, and a second operation mode in which the thin client is recorded in the second recording device. A switching means for switching and operating the second operation mode operated using the operating system of
Even if the thin client is operating in any of the first and second operation modes, a predetermined write command that cannot be recognized by any of the first and second operating systems is Write permission means for permitting writing of data by the thin client to the first recording device when input to the thin client;
When the thin client is operating in the first operation mode, even if a write command that can be recognized by the first operating system is input to the thin client, A thin client system, comprising: the thin client including first write prohibiting means for prohibiting data writing by the thin client. The thin client system according to claim 1,
Writing means for writing the data permitted to be written to the first recording apparatus by the writing permission means to the second recording apparatus via the network together with log information;
If the writing by the writing means is not possible, the thin client further includes second writing prohibiting means for prohibiting writing of data permitted by the writing permission means to the first recording device. Thin client system. The thin client system according to claim 1 or 2,
The write permission unit further determines whether or not the data is pre-approved data, and only when it is determined that the data is pre-approved data, the data is transferred to the first recording device. Thin client system that allows writing. A thin client in a thin client system comprising: a thin client comprising a first recording device; and a second recording device connected to the thin client by a network,
A first operation mode in which the thin client itself is operated using the first operating system recorded in the first recording device, and the thin client itself is recorded in the second recording device. A switching means for switching and operating the second operating mode to be operated using the second operating system;
When a predetermined write command that is unrecognizable by any of the first and second operating systems is input even when the system is operating in either of the first and second operation modes. A write permission means for permitting data to be written to the first recording device;
When operating in the first operating mode, the first prohibiting the writing of data to the first recording device even if a writing command recognizable by the first operating system is input. A thin client provided with a write prohibition means. The thin client according to claim 4,
Writing means for writing the data permitted to be written to the first recording apparatus by the writing permission means to the second recording apparatus via the network together with log information;
A thin client, further comprising: a second write prohibiting unit that prohibits writing of the data permitted by the write permitting unit to the first recording device when writing by the writing unit is not possible. In the thin client according to claim 4 or 5,
The write permission unit further determines whether or not the data is pre-approved data, and only when it is determined that the data is pre-approved data, the data is transferred to the first recording device. Thin client that allowed to write. In a thin client system comprising a thin client comprising a first recording device and a second recording device connected to the thin client via a network, a program applied to the thin client,
A first operation mode in which the thin client is operated using the first operating system recorded in the first recording device, and a second operation mode in which the thin client is recorded in the second recording device. Function to switch to the second operation mode to be operated using the operating system of
Even if the thin client is operating in either of the first and second operation modes, a predetermined write command that cannot be recognized by any of the first and second operating systems is A function of permitting writing of data to the first recording device by the thin client when input to the thin client;
When the thin client is operated in the first operation mode, even if a write command that can be recognized by the first operating system is input to the thin client, the first operation by the thin client is performed. A program for causing a computer to realize a function of prohibiting data writing to a recording device. The program according to claim 7,
A function of writing data permitted to be written to the first recording device together with log information to the second recording device via the network;
In order to further cause the computer to realize a function of prohibiting writing of data permitted to be written to the first recording device to the first recording device when writing to the second recording device is not possible Program. In the program according to claim 7 or 8,
The function of permitting the writing is further to determine whether or not the data is pre-approved data and only when it is determined that the data is pre-approved data. A program that includes a function that permits writing to a recording device.

Images