JP2013149022A - Computer system for performing access authority control - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a computer system for certainly blocking access to stored information, and finely setting access authority for every piece of the stored information when a storage device is passed to a hand of a third party by misplace or theft.SOLUTION: An access permission device 10 is provided with an identification signal transmission unit 101 which transmits an identification code signal with fixed intensity from a transmitter 102, and a storage device 20 includes: a storage area for storing information; access authority control means 202 for controlling access authority to the storage area; and a use restriction release unit 205 which transmits a use restriction release signal for releasing use restriction on the basis of the identification code signal received by a receiver 203. When a reception level is a predetermined value or more, the use restriction release signal is transmitted from the use restriction release unit to the access authority control means to be set to a first access authority state, and when the reception level is less than the predetermined value, transmission of the use restriction release signal is stopped to be set to a second access authority state.

Description

  The present invention relates to a technique for controlling access authority to information stored in a storage device using an access permission apparatus, and more particularly to a technique for controlling an access authority state by a radio signal.

Storage devices that can access information stored by being connected to a computer, such as a hard disk and a memory, are widely used. In particular, it is possible to store a very large amount of information even though it is small. If an external storage device is lost and accessed by a third party, a large amount of confidential information is leaked. It is generated.
In addition, there are cases where a third party uses a computer without permission and accesses stored information without permission.

As a technique for dealing with such unauthorized access to information, a use restriction function for restricting use by a third party has been proposed in a mobile phone.
As one of such use restriction functions, there is a system that enables a call by releasing the use restriction by the owner's personal identification number (ID). A mobile phone having such a use restriction function is disclosed in Patent Document 1, for example. This mobile phone is provided with a code code memory storing a code, and when a telephone number and a code are input from an input key and the entered code matches the code stored in the memory in advance, a call is made. Enable.

  As another example of providing the use restriction function, a mobile phone device according to Patent Document 2 is known. This mobile phone device is provided with a receiving unit for receiving the incoming subaddress signal in addition to the normal incoming phone number, and is locked unless a predetermined incoming subaddress signal is received from the outside when the mobile phone is transmitted by telephone. The device is deactivated and various operations are canceled to enable a call, and when a predetermined incoming subaddress signal is received, various locks are made to prevent unauthorized use.

  In addition, in the patent held by the applicant (Patent Document 3), the unauthorized use due to misplacement or theft of the mobile phone is restricted and prevented when the mobile phone leaves the owner, and a warning is given that the mobile phone has left. Disclosure of technology for the owner to recognize. That is, the use restriction device is composed of an identification signal transmission unit and a use restriction release unit provided integrally with a device subject to use restriction, both units are provided with a receiver and a receiver, and an identification code signal from the transmission unit is released. In response to this signal, a use restriction release signal is output, and if there is a confirmation code signal sent back to the transmission unit, it will be in a normal state, and if both units are separated by a certain distance or more, the reception level will decrease and the release unit will decrease. Stops the release signal and gives a warning to the transmission unit.

  In this technology, a receiver having a transmitter for transmitting a radio signal to the receiver is incorporated into the mobile phone by incorporating a receiver that restricts the calling function of the mobile phone to a certain distance from the owner. Always put it in a chest pocket, etc., and if the mobile phone is more than a certain distance away from the owner due to misplacement or theft, the signal from the transmitter will weaken and automatically limit the internal operation of the mobile phone Suggested a thing.

  In such a mobile phone, even if the owner misplaces or stolen his / her mobile phone and does not immediately notice it, the use restriction is automatically activated on the mobile phone, and the non-owner has a transmitter card. Unless the mobile phone can be used, the mobile phone cannot be used, and it is possible to effectively prevent misplacement or theft without automatic operation for restricting the use.

JP-A-6-291835 JP-A-6-291835 Patent No. 293276

  In the technique of Patent Document 1 described above, in order to remove the restriction on the use of a personal identification number, the personal identification code is collated by connecting the number registration device to the mobile phone and inputting the telephone number and the personal identification code using the input keys. Therefore, even if it is left in the hands of a person other than the owner due to misplacement or theft, the use cannot be restricted if the use restriction by the password is still released.

  On the other hand, in the mobile phone device according to Patent Document 2 described above, since the receiving unit that receives the incoming subaddress signal receives the incoming subaddress signal, various locks are performed to limit unauthorized use that occurs when the phone is misplaced or stolen. If you miss a misplacement or theft, it may take a considerable amount of time to make a phone call to limit such unauthorized use and process it. Such unauthorized use cannot be prevented.

Moreover, although the technique of patent document 3 provides an effective technique for misplacement of a mobile phone, the same use restriction is applied to storage means for storing more highly confidential information. Technology does not provide.
In particular, unlike mobile phones, there is a need not only to restrict use, but also to restrict access to some information, or to deal with a case where a plurality of users share.

  In view of the problems of the prior art, the present invention reliably blocks access to stored information when the storage device is transferred to a third party due to misplacement or theft. An object of the present invention is to provide a computer system in which access authority can be set in detail.

In order to solve the above problems, the present invention provides the following means.
That is, a computer system comprising a storage device having a storage means of a computer and an access permission device that permits access to information stored in the storage device, wherein the access permission device includes a first transmitter. An identification signal transmission unit that sends out an identification code signal from the first transmitter at a constant intensity, and the storage device controls at least one storage area for storing information and access authority to the storage area An access authority control means, a first receiver, and a use restriction release unit for sending a use restriction release signal for releasing the use restriction based on the identification code signal received by the first receiver.

  Then, when the reception level of the identification code signal in the first receiver is greater than or equal to a predetermined value according to the distance between the two units, a signal is detected that the identification code signal received from the identification signal transmission unit is its own. Based on this, a use restriction release signal is sent from the use restriction release unit to the access authority control means, and the access authority control means sets the first access authority state accordingly.

  On the other hand, when the reception level of the identification code signal in the first receiver is less than a predetermined value according to the distance between the two units, the use restriction release unit stops sending the use restriction release signal, and accordingly the access authority is The control means sets the second access authority state.

  The access authority control means may be configured to permit access to a predetermined storage area as the first access authority state, while disallowing access to the storage area as the second access authority state. .

  The access authority control unit may be configured to make a predetermined storage area invisible as the second access authority state.

  When information is written in the storage area in the first access authority state, the access authority control means records the write information and the identification code signal at that time in association with each other, and the first access authority In the state, access is permitted to the writing information associated with the identification code signal, while in the second access authority state, access is prohibited or not permitted at least for the writing information associated with the identification code signal. It may be configured to be visualized.

In the above computer system, the access permission device further includes a second receiver, and the storage device further includes a second transmitter, which is the same code signal as the identification code signal received by the first receiver. In the configuration in which the confirmation code signal is transmitted from the second transmitter with a constant strength, the identification code signal received from the identification signal transmission unit is its own if the distance between the two units is within a certain range. The confirmation code signal is transmitted from the use restriction release unit based on the signal detected.
On the other hand, when the distance between the two units becomes a certain value or more and the reception level of the code signal from the counterpart unit in each unit falls below a predetermined value, the use restriction release unit stops sending the use restriction release signal and identifies it. The signal transmission unit may emit an alarm signal.

  The identification code signal or the confirmation code signal may be composed of a binary pseudo irregular signal followed by a unique code signal.

  Each unit includes a signal presence / absence determination unit, obtains a timing signal from the binary pseudo-random signal of the code signal received at each unit, and sends the timing signal to the signal presence / absence determination unit. It is determined whether the unique code signal matches the own code signal and whether the reception level of the unique code signal is equal to or greater than a certain level. Based on this determination, the distance between the above two units is equal to or greater than a certain value. You may make it determine whether there exists.

  Each of the above units may be provided with a transmission / reception control timer, and the identification code signal or the confirmation code signal may be transmitted / received as an intermittent signal by setting the control timer.

  The above computer system may further include an access device that accesses information stored in the storage device, and the access authority from the access device may be controlled according to the distance between the access permission device and the storage device.

  In the above computer system, a storage device and an access device that accesses information stored in the storage device are integrally configured, and access authority from the access device is given according to the distance between the access permission device and the storage device. You may make it control.

  In the above computer system, an access permission device and an access device that accesses information stored in the storage device are integrally configured, and access authority from the access device is determined according to the distance between the access permission device and the storage device. May be controlled.

  The present invention can also provide a single access permission device or storage device used in the computer system.

The present invention has the following effects.
In other words, the access authority can be controlled so that the access is permitted only when the access permission device is sufficiently close to the storage device.
Further, the access authority can be changed depending on the storage area in the storage device, or the predetermined storage area can be made invisible.
Information written for each identification code signal transmitted from the access permission device can be managed, and whether access to the written information can be made or whether visibility is invisible can be changed.

  According to the configuration of the present invention, when a storage device reaches a third party due to misplacement or theft, access to stored information is surely blocked, and fine access authority is set for each stored information. A possible computer system can be provided.

1 is an overall configuration diagram of a computer system according to the present invention. It is explanatory drawing of the positional relationship of an access permission apparatus and a memory | storage device. It is explanatory drawing of access right control by an identification code signal. It is a whole block diagram of the computer system by another Example. It is explanatory drawing of the content of a structure of an identification number. It is explanatory drawing of a pulse compression signal and a pulse compression process. It is explanatory drawing of the structural example of a coincidence and addition circuit. It is explanatory drawing of an identification signal and transmission timing. It is explanatory drawing of a received signal level and a signal level determination area. 1 is an overall configuration diagram of Embodiment 1 of a computer system. It is a whole block diagram of Example 2 of a computer system. It is a whole block diagram of Example 3 of a computer system.

Embodiments of the present invention will be described below. FIG. 1 is an overall configuration diagram of a computer system (hereinafter, this system) (1) according to the present invention.
As shown in the figure, the present system (1) includes an access permission device (10) and a storage device (20). In the present invention, an identification code signal for controlling access authority is assigned to the access permission device (10), and the identification signal transmission unit (101) transmits it from the transmitter (102).

  The transmitter (102) is provided with an antenna (103), and the radio wave intensity during transmission is constant. The radio wave may be continuously transmitted, or may be intermittently transmitted as described later.

  The storage device (20) is a storage means of a computer, and includes a storage unit (201) having at least one storage area for storing information, and an access authority control unit (202) for controlling access authority to the storage area. , A receiver (203) for receiving the identification code signal, an antenna (204) attached to the receiver (203), and a use restriction release signal for releasing the use restriction based on the received identification code signal. A use restriction releasing unit (205) for sending to the unit (202).

  FIG. 2 is an explanatory diagram of the positional relationship between the access permission device and the storage device. Since the radio wave transmitted from the transmitter (102) has a constant intensity, the range (11) in which the identification code signal reaches around the access permission device (10) is substantially within a constant range. Therefore, on the receiver (203) side, the storage device (21) in the area (11) can be accessed based on whether the signal can be received or whether the signal level of the received signal exceeds a predetermined value. The storage device (22) outside the area (12) can recognize that the permission device (10) is at a short distance and that the access permission device (10) is not within a predetermined range.

The storage device (21) collates the identification code signal received by the receiver (203) with the identification code signal stored in the storage device (20). Sends a use restriction release signal to the access authority control unit (202).
The access authority control unit (202) controls the access authority from the outside to the storage unit (201) to the first access authority state.

On the other hand, when the reception level of the identification code signal at the receiver (203) is less than the predetermined value, the use restriction release unit (205) stops sending the use restriction release signal, and the access authority control unit (202) accordingly Set the access authority status to 2.
The second access authority state is also set when the identification code signal does not match the one stored in itself.

  The present invention is characterized in that the access authority state is changed by the identification code signal as described above. An example of the access authority state is given below, but the access authority state according to the present invention is not limited to this.

(1) Visible / invisible setting for each area in the storage unit (201) First, as the first access authority state, one or more areas in the storage unit (201) can be recognized from the outside (visible state) ) And an unrecognizable state (invisible state) in the second access authority state.
As a specific example, it is a well-known technique to set a plurality of partitions in a hard disk or a memory and use it as a logical drive, and whether or not the logical drive can be recognized from the OS side. Realize with.
In the area of the access permission device (10), when an attempt is made to access the storage device (20), a region where the identification code signals match can be recognized from the outside and can be used as a normal storage device (20). On the other hand, if the area is outside or the identification code signals do not match, the logical drive is not recognized even if the storage device is connected, and the stored information cannot be accessed at all.

As shown in FIG. 1, when an area A (201a) and an area B (201b) are defined as two partitions in the storage unit (201), the visibility of each area changes according to the identification code signal. It can also be made.
That is, when the identification code signal A is sent from the access permission device (10) of the user A, the use restriction release unit (205) sends a use restriction release signal related to the user A, and the access authority control unit (202 ) Makes the region A (201a) visible. At this time, the region B (201b) associated with the identification code signal B of the user B remains invisible.
According to this configuration, even with a single storage device, a configuration is realized in which a plurality of users can access their own area as a normal storage device, and other users' areas do not even exist. be able to.
In this case, for example, when access permission devices of a plurality of users are in the area at the same time, the access authority of all users may be made visible, or the access of the user who has received the identification code signal at the beginning or end Only authority can be made visible.
Further, the area C (not shown) that is always visible may be provided, and there may be an area that can be accessed regardless of the presence or absence of the access permission device.

  For example, a user who is present at a shared file server in the office can access his / her area and the always-visible shared area without going through a special authentication procedure. The area becomes inaccessible at all. Therefore, even if a personal terminal is always placed, it is possible to automatically determine whether or not the user is using the terminal and easily control the access right.

(2) Setting of access right for each area in the storage unit (201) As the first access authority state, a read authority, a write authority, etc. are given to a certain area in the storage unit (201), while the second These can also be restricted in the access authority state.
That is, for example, when the access permitting device (10) of the user A is in the area, the area A is set to permit both reading and writing, while the area B is set to permit only reading or prohibit both reading and writing. .
Since the setting of the read / write authority for a certain area is a well-known technique, the present invention can be implemented in combination therewith.
In the case of an access permission device for a specific super user, read / write authority for all areas may be granted.

(3) Setting Visibility and Invisibility of Storage Device (20) itself In the case of the above two access authorities, it is an aspect in which the storage device itself is recognized by changing whether or not the partition can be recognized. ) Itself may not be recognized by an external device.
That is, even if the first storage device (20) is connected to the external device, the external device is prevented from acting as the storage device (20).
This configuration is effective when the present invention is applied to a device that functions as an external storage device when connected to a computer, such as a recent mobile phone.

(4) Setting of access right for each write information written in the storage unit (201) When information is written in the storage area in the first access right state, the write information and the above identification code signal at that time May be recorded in association with each other, and an access right may be set for each piece of writing information. FIG. 3 is an explanatory diagram of access right control based on an identification code signal.
First, when writing information (231) is written in the storage area (23) of the storage device from the access permission device of the identification code signal 1 (13), it is recorded in association with the identification code signal 1, and written information-1 (232).

Similarly, write information-2 (233) associated with the recorded identification code signal 2 and write information-3 (234) associated with 3 are stored.
At this time, the write information-1 (232) can be read and written from the access permission device (13) of the identification code signal 1, while the write information-2 (233) and the write information-3 (234) are Cannot be read because the information was written with different access authority status.

Only the write information-2 (233) can be accessed from the access permission device (14) of the identification code signal 2, and other information cannot be accessed.
As for the access right in the present embodiment, for example, the user of the identification code signal 1 (13) can recognize the write information-2 (233) of another user but can not read it, or is invisible. Write information-3 (234) can also be used.

(Another embodiment)
FIG. 4 shows an overall configuration diagram of a computer system (1) according to another embodiment of the present invention.
This system is composed of an access permission device (10 ′) and a storage device (20 ′), and components of the same reference numerals in the respective devices are the same as those in the above embodiment.
In this alternative embodiment, the access granting device (10 ′) comprises a receiver (104) and the storage device (20 ′) comprises a transmitter (206).

On the storage device (20 ′) side, a confirmation code signal having the same code signal as the identification code signal received by the receiver (203) is transmitted from the transmitter (206) with a constant strength.
On the access permission device (10 ′) side, an alarm signal is issued from the identification signal transmission unit (101) in accordance with the signal level of the confirmation code signal received by the receiver (104).

That is, the use restriction canceling unit determines that the confirmation code signal is based on a signal detected that the identification code signal received from the identification signal transmitting unit is sufficiently close to the identification signal transmitting unit and the use restriction canceling unit. Send. This is the same as in the above embodiment.
On the other hand, when the distance between the two units becomes long and the reception level of the code signal from the counterpart unit in each unit falls below a predetermined value, the use restriction release unit stops sending the use restriction release signal, and the identification signal transmission unit Emits an alarm signal.

  According to this configuration, since it is possible to warn the user that the access permission device is out of the usable range, an operation mistake that causes the access permission device to move away during access, or misplacement of the access permission device or the storage device. , Can prevent illegal take-out.

(Details of identification code signal)
Next, details of the identification code signal according to the present invention will be described. This configuration is also disclosed in Patent Document 3.
First, in the transmitter (102) of the access permission device (10), the transmission system for transmitting the identification code signal sends out the identification code signal set in the identification code memory in response to a command from the transmission / reception control timer (1010), and FSK The signal is transmitted after FSK modulation (250 MHz) with a carrier wave in the modulation circuit.

  On the other hand, the reception system in the case where the access permission device (10 ') receives the confirmation code signal includes the following components in the receiver. First, the received confirmation signal (250 MHz) is FSK demodulated by the FSK demodulating circuit and sent to the coincidence / addition circuit. The coincidence / adder circuit reads the identification signal stored in the identification code memory in advance, and adds a coincidence point for each bit of the identification signal to determine whether the confirmation code signal matches the identification code signal. To process.

  The addition-processed output signal (pulse compression signal, which will be described later) is output to a threshold processing unit, and the threshold processing unit outputs the output signal to a threshold value (threshold value) set in advance by a threshold setting unit. If the output signal exceeds the threshold value, the timing signal is sent to the signal presence / absence determining unit.

  On the other hand, the confirmation signal received by the above-described receiver (104) is also sent to the signal level detection circuit, and a signal indicating the signal level detected by this circuit is sent to the signal presence / absence determination unit. In addition to the above, the confirmation code signal from the FSK demodulation circuit and the identification code signal from the identification code memory are also input to the signal presence / absence determination unit.

  The signal presence / absence determining unit determines whether the confirmation signal matches the identification code signal, and the signal level of the confirmation signal received within a predetermined time t after receiving the timing signal from the threshold processing unit is a constant value. As long as the above two determinations are both established, an output signal is not generated. However, when the coincidence determination is established, but the signal level is determined to be below a certain value, an alarm signal is output to the alarm circuit. It is like that.

The identification code signal according to the present invention is a signal including a preset unique code signal. However, when a mobile phone is used as the access permission device, for example, the following configuration can be adopted.
As shown in FIG. 5, this identification signal is composed of an M-sequence (Maximum length null sequence) signal followed by a unique code signal of a telephone number (hereinafter simply referred to as a telephone number) of the mobile phone. The reason why the M number signal is included in the identification number in addition to the telephone number is that, as will be described later, when the identification number is received, it is recognized that the received signal is that of the own mobile phone. This is because the signal is convenient for circuit processing.

  This identification signal is transmitted as an intermittent signal repeated every arbitrary time interval S seconds (for example, 2000 ms) in units of an M-sequence signal and a telephone number signal. This is to save power and to prevent battery consumption and enable stable long-time transmission. The M series signal may be a C / A code, a P code, a linear FM signal, or the like. Further, the telephone number as the unique code signal may be a signal representing other ID numbers, other owners, and administrator information in devices other than the cellular phone.

The M-sequence signal is a kind of binary pseudo-random signal and has a length obtained by subtracting 1 from 2 to the nth power, that is, (2n
-1) is a code string (code) consisting of 1 and 0 having a length of 1; for example, if n = 5, it is a 31-bit signal. When this M-sequence signal is sent to the coincidence / adder circuit, a pulse compression signal indicated by B in FIG. 6 is obtained. In this pulse compression, the M-sequence signal as an input signal is compressed by 1/31.

  The unique code signal is required for the number of mobile phones sold. If the code length is m bits, 2m types are possible. For example, if m = 30, about 1 billion types of unique codes are available. Code signals are possible. In this embodiment, the unique code signal is a power supply number, but other ID numbers may be used. If the M-sequence signal and the unique code signal are stored in the identification code memory in advance as identification signals, unauthorized use at the time of misplacement or theft can be effectively prevented.

The identification signal described above is transmitted from the transmitter (102) of the access permission device (10 ′) and received by the receiver (203) of the storage device (20 ′). After the elapse of time, the same signal is sent back as a confirmation code signal, and the signal received by the receiver (104) of the access permission device (10 ′) is subjected to pulse compression processing by the matching / adding circuit of the access permission device (10 ′). The details are shown in FIG.
When the received signal having received the confirmation code signal is demodulated by the FSK demodulating circuit, the leading M-sequence signal of the confirmation code signal is temporarily stored in a shift register provided in the receiver (104).

  The M-sequence signal written in the shift register is sent to the coincidence / adder circuit, where the M-sequence signal is called out of the stored data stored in advance in the identification code memory, and both M-sequence signals are one for each bit. Compare whether they match, and add the number of matching bits.

  The matched / added signal is output as a pulse compression signal. In this example, the shift register has a 31-bit storage capacity, but the identification code memory has both a 60-bit storage capacity because it stores both the M-sequence signal (31 bits) and the unique code signal (29 bits). Therefore, it is assumed that the data portion of the M-sequence signal is called when processing both the M-sequence signals.

  The operation of the access permission device (10 ') applied to the mobile phone according to the embodiment having the above-described configuration will be described below separately for the operation of the access permission device (10') and the operation of the storage device (20 '). First, when transmitting an identification signal from the access permission device (10 '), when a power switch (not shown) is turned on, the transmission / reception control timer (1010) is immediately set and power is supplied to each unit.

  As shown in (a) and (b) of the time chart of FIG. 8, when 2 ms elapses after the power supply is turned on, an identification code signal is read from the identification code memory in response to a command from the transmission / reception control timer (1010). After modulation by the FSK modulation circuit, transmission is performed via the transmission antenna (103).

  As described above, the identification signal is transmitted by FSK-modulating a 31-bit M-sequence signal followed by a 29-bit unique code signal indicating a unique telephone number.

  When the transmission signal of the identification signal from the access permission device (10 ′) is received by the release unit 20 at a predetermined level or higher and the identification signal is recognized as its own, the identification code signal is transmitted from the storage device (20 ′). The same transmission signal is sent back and received as a confirmation code signal. The transmission and reception timings are as shown in FIGS. 8A to 8C, and the power supply of the access permission device (10 ′) is activated (2 ms) + transmission (6 ms) + lag time (2 ms). + Send back (6 ms) + Lag time (2 ms) = ON for a total of 18 ms.

  Thereafter, the transmission timing is controlled by the transmission / reception control timer (1010) so that the power is turned on for a fixed time of, for example, 2000 ms after the first power-on after a predetermined time has elapsed. Even if the signal transmitted by the access permission device (10 ′) is received at the same time by the receiver (104) of the access permission device (10 ′), the subsequent processing to be described later is not performed. The alarm signal is not sent to the alarm circuit, so that it does not act as an original received signal and is distinguished from the confirmation code signal.

  On the other hand, when the confirmation code signal sent back from the storage device (20 ′) at a predetermined timing is received by the receiver (104), it is demodulated by the FSK demodulator circuit and then subjected to pulse compression processing by the coincidence / adder circuit. Has already been described with reference to FIG. In this pulse compression processing, the M-sequence signal of symbol A shown in FIG. 6A in the confirmation code signal is subjected to pulse compression processing. The signal to be matched / added is transferred to the shift register as indicated by symbol B. Since the data of each bit partially matches the value of each corresponding bit of the M-sequence signal storage data of the identification code memory before or after the pulse train of the M-sequence signal is completely written, the pulse compression is performed. The signal always varies in value.

  However, when data that matches the M-sequence signal stored in its own identification code memory is written to the shift register, the number of bits to be subjected to the coincidence addition processing by the coincidence / adder circuit is all established for all 31 bits of the shift register. In this case, the pulse compression signal becomes 31, and the M-sequence signal can be regarded as the same if the M-sequence signal is completely coincident, or at least the number of coincident / added bits is 24 or more.

  Therefore, the threshold processing unit determines whether the pulse compression processing signal is a threshold (threshold value) preset by the threshold setting unit, for example, 24 or more (see FIG. 6B), and exceeds the threshold. If it is determined, a timing signal as shown in FIG. 6C is output to the signal presence / absence determining unit.

  Further, as described above, the signal level of the received signal received by the receiver (104) is detected by the signal level detection circuit, and the signal presence / absence determining unit determines whether or not the signal level is equal to or higher than a certain value. In this signal level determination, a threshold value of a certain voltage is provided for the received signal of the detection waveform, and if the level is higher than that, it is determined that a signal of a certain level or higher has been received.

  As shown in FIG. 9 (a), the above determination is made when the distance R between the access permission device (10 ′) and the storage device (20 ′) increases when receiving a signal transmitted with a constant strength. Based on the fact that the received signal level decreases in inverse proportion to the square of the distance, one of the determination methods is to determine the threshold value corresponding to a predetermined distance (for example, 1 m), and the received signal level is equal to or less than the threshold value. If it becomes, it can be detected that both of them are separated by a predetermined distance or more. Note that FIG. 9A is represented on a logarithmic scale.

  Instead of the determination method, the received signal level may be known by A / D converting the detection waveform of the received signal and measuring the voltage level of the received signal.

  The signal level is determined by a predetermined time t (2.9 ms in the illustrated example) corresponding to the unique code signal received after the timing signal after the threshold processing for the M-sequence signal is sent from the threshold processing unit. Only for the target. The reason is that noise and signal levels from other telephones are not detected, and the determination can be made accurately by setting the fixed time specified by the timing signal as the determination section. .

  In addition to the determination of the signal level, the determination by the signal presence / absence determination unit is that the unique code signal received after the timing signal is input and subjected to FSK modulation matches the unique code signal stored in the identification code memory. Is also done. Therefore, in the signal presence / absence determination unit, it is determined that there is a timing signal input, then a reception signal of a predetermined level is received for a certain time, and the received unique code signal matches the own unique code signal. Then, the access permission device (10 ′) and the storage device (20 ′) exist within a certain distance, and the signal presence / absence determination unit outputs no signal.

  However, even if a timing signal is input and the unique code signal matches that of the self, the storage device (20 ′) is separated from the access permission device (10 ′) by a certain distance or more as long as the signal level is below a certain level. In this case, an output signal is output to activate the alarm circuit.

  In the alarm circuit, for example, the voice generator (not shown) generates a voice message “Access permission device will leave” to give a warning to prevent incorrect or unauthorized movement of the access permission device or storage device. can do.

  In addition to the method of giving the above voice message, the warning by the warning circuit is a method of giving a warning by some means such as a beeping warning sound or an indication that “access permission device is leaving”. Any method can be used.

In addition to the above, the transmission timing of the identification code signal is arbitrary. For example, the transmission / reception control timer (2050) may be provided in the storage device (20 ′), and the reception timing of the identification code signal in the receiver (203) may be intermittent. Similarly, the transmission timing of the confirmation code signal can be intermittent.
Furthermore, the identification code signal may be received when the storage device (20 ′) is energized or triggered by an external access.

Finally, some specific implementation examples of the present invention will be described.
First, as described in the above embodiments, an access device that accesses information stored in the storage device can be further provided. As shown in FIG. 10, the access permission device (10) is composed of a mobile phone such as a smartphone, and the external storage device (20) is composed of a portable memory such as an SD (registered trademark) card or a USB memory. Mount. When the portable memory is used in an access device (30) such as a digital camera (31) or a personal computer (32), the mobile phone (10) that transmits the identification code signal is in the area (11). The above access authority is controlled so that only access is possible.

  Further, as a second embodiment, a storage device and an access device that accesses information stored in the storage device can be integrally configured. As shown in FIG. 11, the hard disk built in the personal computer (24) is the storage device (20) of the present invention, and access is performed only when the mobile phone (10) that transmits the identification code signal is in the area (11). The access authority is controlled as possible.

As a third embodiment, an access permission device and an access device that accesses information stored in a storage device can be integrally configured. As shown in FIG. 12, an access device (15) integrated with a digital camera, a personal computer, or the like is configured, and access right control to a storage device (20) in a range sufficiently close to the access device (15) is performed. . Thereby, it is possible to provide the storage device (20) having a difference in information that can be accessed by the connected access device (15).
At the same time, the access right between another access device and the storage device (20) can be controlled as long as it is within an area (11) sufficiently close to the access device (15) functioning as the access permission device (10). It becomes.

  In the above embodiment, a mobile phone has been described as an example of the access permission device. However, an information device such as a personal computer, a tablet terminal, a game machine, or a portable music player may be used. Further, it may be provided as personal items such as wristwatches, bracelets, necklaces, etc., card-type devices having functions as boarding tickets, employee ID cards, and the like.

  Examples of the storage device include a hard disk, an SD card, a USB memory, and various information devices that can have a storage area as shown in the second embodiment, such as a mobile phone, a personal computer, a tablet terminal, A game machine, a portable music player, or the like may be used.

DESCRIPTION OF SYMBOLS 1 Computer system which concerns on this invention 10 Access permission apparatus 101 Identification signal transmission unit 102 Transmitter 103 Antenna 20 Storage device 201 Storage part 201a Area | region A
201b area B
202 Access Authority Control Unit 203 Receiver 204 Antenna 205 Usage Restriction Release Unit

Claims (13)

A computer system comprising a storage device having storage means for a computer and an access permission device for permitting access to information stored in the storage device,
The access permission apparatus includes a first transmitter, an identification signal transmission unit that transmits an identification code signal from the first transmitter with a constant intensity, and
The storage device includes at least one storage area for storing information, access authority control means for controlling access authority to the storage area, a first receiver, and the identification code received by the first receiver. In a configuration comprising a use restriction release unit that sends out a use restriction release signal for releasing the use restriction based on the signal,
When the reception level of the identification code signal in the first receiver is greater than or equal to a predetermined value according to the distance between the two units, a signal is detected that the identification code signal received from the identification signal transmission unit is its own. On the basis of the use restriction release unit, the use restriction release signal is sent to the access authority control means, and the access authority control means sets the first access authority state accordingly,
When the reception level of the identification code signal in the first receiver is less than a predetermined value according to the distance between the two units, the use restriction release unit stops sending the use restriction release signal, and accordingly the access authority control means Is set to the second access authority state. The access authority control means is
While permitting access to the predetermined storage area as the first access authority state,
The computer system according to claim 1, wherein access to the storage area is not permitted as the second access authority state. The access authority control means is
The computer system according to claim 1 or 2, wherein the predetermined storage area is made invisible as the second access authority state. The access authority control means is
When information is written to the storage area in the first access authority state, the write information and the identification code signal at that time are recorded in association with each other,
In the first access authority state, while permitting access to the write information associated with the identification code signal,
The computer system according to claim 1, wherein in the second access authority state, at least the write information associated with the identification code signal is not permitted or made invisible. In the computer system,
The access permission device further includes a second receiver,
The storage device further includes a second transmitter, wherein the confirmation code signal of the same code signal as the identification code signal received by the first receiver is transmitted from the second transmitter with a constant strength.
If the distance between the two units is within a certain range, the confirmation code signal is transmitted from the use restriction canceling unit based on a signal detected that the identification code signal received from the identification signal transmitting unit is its own. on the other hand,
When the distance between the two units exceeds a certain value and the reception level of the code signal from the counterpart unit in each unit becomes a predetermined value or less, the use restriction release unit stops sending the use restriction release signal, and the identification signal transmission unit The computer system according to claim 1, wherein an alarm signal is generated. The computer system according to any one of claims 1 to 5, wherein the identification code signal or the confirmation code signal is composed of a binary pseudo irregular signal followed by a unique code signal. Each unit includes a signal presence / absence determination unit, obtains a timing signal from the binary pseudo-random signal of the code signal received in each unit, and sends the timing signal to the signal presence / absence determination unit. It is determined whether or not the code signal of the code matches the own code signal and the reception level of the specific code signal is equal to or greater than a certain level. The computer system according to claim 6, wherein the computer system is determined. The computer system according to claim 1, wherein each unit includes a transmission / reception control timer, and the identification code signal or the confirmation code signal is transmitted / received as an intermittent signal by setting the control timer. In the computer system,
An access device for accessing information stored in the storage device;
The computer system according to any one of claims 1 to 8, wherein access authority from the access device is controlled in accordance with a distance between the access permission device and the storage device. In the computer system,
The storage device and an access device that accesses information stored in the storage device are integrally configured,
The computer system according to any one of claims 1 to 8, wherein access authority from the access device is controlled in accordance with a distance between the access permission device and the storage device. In the computer system,
The access permission device and an access device that accesses information stored in the storage device are integrally configured,
9. The computer system according to claim 1, wherein access authority from the access device is controlled in accordance with a distance between the access permission device and the storage device. It is used in the computer system according to any one of claims 1 to 11,
An access permission apparatus comprising at least a first transmitter and an identification signal transmission unit for transmitting an identification code signal from the first transmitter with a constant intensity. It is used in the computer system according to any one of claims 1 to 11,
Usage restriction based on at least one storage area for storing information, access authority control means for controlling access authority to the storage area, a first receiver, and the identification code signal received by the first receiver A storage device comprising at least a use restriction canceling unit for sending a use restriction canceling signal for canceling the use.

Images