JP2014178877A - Electronic apparatus, and control method of password lock for storage device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an electronic apparatus including a hard disk drive (HDD) having a locking function using a password, such as MPF, shortening a time required for password unlocking processing of the HDD when recovering from a power saving state to a normal power state, while retaining confidentiality of important data in the HDD.SOLUTION: A password management register retains, as password management information, that whether or not data with high confidentiality is stored in an HDD. When recovering from the power saving state to a normal power state, the password management register immediately cancels a password lock of the HDD in a case that data with high confidentiality is not stored, and only in a case that data with high confidentiality is stored, conditionally executes a normal password lock canceling processing.

Description

  The present invention relates to an electronic device including a storage device such as a hard disk drive, and a password lock control method for the storage device.

  An electronic apparatus such as an image processing apparatus typified by an MFP generally includes a hard disk drive (hereinafter referred to as HDD) as a large-capacity storage device in order to store image data, personal data of users, and the like. Is.

  Conventionally, in an electronic device equipped with such an HDD, a TPM (Trusted Platform Module) has been installed to prevent the information on the HDD from being leaked due to failure or theft. It is generally known to encrypt data that is used and stored in the HDD. However, the TPM has an effect on the overall performance depending on the processing capability of hardware such as a CPU, which is the main component of the device, and costs high.

  Therefore, in recent years, in order to improve security more easily, a password is registered in the HDD, and the "HDD password lock function" is used to prevent access to the internal data of the HDD without entering this password. This has been adopted as an effective means. However, the HDD password lock function requires a user to input a password every time the apparatus is started, and is not suitable for an electronic device shared by an unspecified number of users such as an MFP.

  For this reason, a password is automatically generated on the device side, the generated password is set in the HDD and registered in a specific memory, and the password is entered by the user by checking the registered password against the HDD password at startup. A technique for reducing the above is already known (for example, Patent Document 1, Patent Document 2, etc.).

  By the way, an electronic device such as an image processing apparatus has a power saving mode, and when shifting to a power saving state, the HDD is generally turned off to reduce power consumption. Therefore, when returning from the power saving state to the normal power state, it is necessary to perform a verification process of the HDD password in the same manner as at the start-up, and there is a problem that it takes time to return to the normal operation of the HDD. In Patent Document 1 and Patent Document 2, such a problem is not considered.

  An object of the present invention is to restore a normal operation of a storage device when returning from a power saving state to a normal power state while maintaining confidentiality of important data in the storage device in an electronic device including a storage device such as an HDD. This is to shorten the time.

  The present invention provides an electronic device having a storage device having a password lock function, a holding unit that holds whether or not highly confidential data is stored in the storage device as password management information, and a power saving state. When the password management information indicates that no highly confidential data is stored in the storage device when returning to the normal power state, the password lock of the storage device is released, and the storage If the device indicates that highly confidential data is stored, the password set in the storage device is compared with a password registered in advance, and if they match, the storage device And a control means for releasing the password lock.

  According to the present invention, when the device returns from the power saving state to the normal power state, the determination of locking / releasing the password of the storage device is performed according to the type of data stored in the storage device, thereby protecting the confidentiality of important data. Thus, it is possible to reduce the time required for the storage device to return to normal operation during normal use where only data that need not be protected is handled.

It is a figure explaining the use environment of an electronic device and this image processing apparatus. 1 is an overall block diagram according to an embodiment of an image processing apparatus. It is a figure which shows the structural example of EC in FIG. 2, and EC flash ROM. 6 is an overall flowchart of HDD password lock release control when power is turned on. It is a flowchart at the time of the data storage to HDD. It is a flowchart at the time of the data deletion of HDD. 6 is a flowchart of HDD password lock release control when returning from a power saving state to a normal power state.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings. In the embodiment, the electronic device is an image processing apparatus such as an MPF, and the image processing apparatus includes a hard disk and a live (HDD) as a large-capacity storage device.

  FIG. 1 is a diagram illustrating a use environment according to an embodiment of an image processing apparatus as an electronic apparatus. In FIG. 1, an image processing apparatus 10 is connected to a plurality of client terminals 20 such as personal computers and an authentication server 30 via a network 40 such as a LAN. In addition to the normal copy function, the image processing apparatus 10 has a function of receiving a print request and a data storage request from the client terminal 20 and sending data obtained by scanning a document to the client terminal 20. Some image processing apparatuses 10 have a personal authentication device 15 as a security function. A card reader is generally used as the personal authentication device 15. Further, when processing the job or the like, the image processing apparatus 10 may collate the personal authentication information for specifying the client terminal 20 or the user via the dedicated authentication server 30.

  FIG. 2 is a block diagram illustrating an example of the overall configuration of the image processing apparatus 10 according to the present embodiment. In FIG. 2, a CPU 110 is connected to the graphic device 120 via a graphic I / F, connected to the memory 130 via a high-speed memory bus, and further connected to the chipset 140 via a high-speed dedicated bus. The graphic device 120 is a display device that also serves as an operation unit. Note that the operation unit may be connected by USB together with a user I / F such as a touch panel instead of the graphic I / F. The memory 130 is a DRAM or the like.

  The chip set 140 includes a general-purpose I / F group to which the engine unit 150, the flash ROM 160, a hard disk drive (HDD) 170, various peripheral devices 180 and the like are connected, and an internal bus that connects the I / F group. . In general, the chip set 140 is composed of an ASIC.

  The engine unit 150 includes a scanner unit and a plotter unit. The engine I / F of the engine unit 150 is dedicated to general-purpose I / F such as PCI capable of high-speed transfer of image data for copying and scanning, and serial I / F for control signals for copying and scanning operations. It consists of I / F. The flash ROM 160 is connected to a ROM I / F, and the HDD 170 is connected to a dedicated general-purpose I / F such as an HDD I / F (SATA I / F or the like).

  Other general-purpose I / Fs include input devices such as a mouse and keyboard (not shown), external external storage devices, card readers, USB I / Fs for connecting other peripheral devices 180, communication I / Fs such as LANs and modems. There is.

  Further, the chip set 140 includes a local I / F bus 190 for connecting an internal device that is different from the above-described general-purpose I / F but is relatively low speed. A BIOS ROM 200 and an EC (Embedded Controller) 210 are connected to the local I / F bus 190. An EC flash ROM 220 and an EC operation panel 230 are connected to the EC 210.

  The CPU 110 controls the operation of each part of the image processing apparatus and performs necessary data processing as control means. The memory 130 is a working memory for the CPU 110, and stores a program for control and processing in the CPU 110, data being processed, and the like. The flash ROM 160 stores the OS and application programs. The program in the flash ROM 160 is expanded in the memory 130 and executed by the CPU 110. In addition, a BIOS (Basic Input / Output System) program in the BIOS ROM 200 is also executed by the CPU 110. In this case, the CPU 110 functions as a BIOS.

  The HDD 170, which is a large-capacity storage device, stores image data handled by the image processing apparatus 10 and user personal data. The HDD 170 has a password lock function that registers internal passwords (HDD passwords) and prevents access to internal data unless the password is entered and verified with the internal password. . As will be described later, in this embodiment, the EC 210 manages the HDD password.

  The EC 210 is mainly responsible for power management and the like, and operates independently of the CPU 110 by a program in the EC flash ROM 220 connected to the EC 210. Specifically, the EC 210 maintains the operation of the image processing apparatus such as temperature monitoring, hardware failure detection, and management of start / end of the apparatus, which are not directly related to the application program processing in the CPU 110. Responsible for the function. Therefore, the EC 210 operates independently from a power source different from the CPU 110 and the like.

  Normally, the HDD password is input by the user using an input device such as a keyboard when the apparatus is activated, and is transmitted to the HDD 170 under the control of the CPU 110 by the program in the BIOS ROM 200.

  By managing the HDD password with the EC 210, it is possible to save the user from having to input the HDD password every time the apparatus is activated. The program of the EC 210 is different from the program of the BIOS ROM 200 and operates separately from the system in which the OS operates. Therefore, the operation of the program cannot be directly referred from the system. Therefore, managing the HDD password with the EC 210 makes it easier to take security measures than managing it with the BIOS program. As will be described later, the HDD password is stored in an EC flash ROM 220 connected to the EC 210.

  With this configuration, the HDD password is not determined by the user, but can be set to a value uniquely prepared on the device side, so that the HDD password can be set without the user being aware of it. it can. It is possible to eliminate the trouble of managing the password by the user while maintaining security.

  If the HDD password is specified by the user, only the administrator of the device knows it, so that the confidentiality is high, but conversely, the password may be lost. When the HDD password is prepared on the device side, a device-specific value, for example, a physical address of a LAN device mounted on the device, or an arbitrary calculation that is not directly known to an outsider by the EC 210 using the physical address. By applying the processing such as applying to the formula, even when the HDD 170 is stolen, there is an effect of minimizing the danger of the password being known.

  The EC 210 has a dedicated EC operation panel 230 because it needs to manage information before the apparatus is activated, such as power management. The display unit of the EC operation panel 230 is composed of a character LCD or the like, and is used to display the operation state of the device, error information, error information, LAN IP address, and the like. The input button (input unit) is used for switching display contents, selecting an activation method, and the like. The operation panel 230 can be used to set the HDD password.

  FIG. 3 is a block diagram illustrating a configuration example of the EC 210 and the EC flash ROM 220. The EC 210 includes a password input / output register 211, a password management register 212, and a password processing unit 213. The EC flash ROM 220 stores key information, HDD password, and password management information. The EC flash ROM 220 stores other information such as a program for operating the EC 210 and power management, but is omitted here.

  The password input / output register 211 is a register for inputting / outputting password information and HDD password. Password information is set in the system or from the EC operation panel 230. When there is a request to save the HDD password from the BIOS, the EC 210 outputs the password information set in the password input / output register 211 to the password processing unit 213. The password processing unit 213 calculates key information and password information and stores them in the EC flash ROM 220 as an HDD password. When the HDD password is requested from the BIOS, the EC 210 reads the HDD password from the EC flash ROM 220 and sets it in the password input / output register 211.

  The EC 210 stores the password information in the password input / output register 211 in the EC flash ROM 220 when the BIOS requests to store the HDD password. When the BIOS requests the HDD password, the EC 210 stores the password in the EC flash ROM 220. The information may be output to the password processing unit 213, and the calculation result of the key information and password information by the password processing unit 213 may be set in the password input / output register 211 as the HDD password. In this case, the HDD password cannot be directly read from the EC flash ROM 220 which is a password storage device.

  The password management register 212 is a register for managing whether or not it is necessary to lock the password of the HDD 170. When shifting to the power saving state, the EC 210 saves the contents of the password management register 212 to the EC flash ROM 220 as password management information. When returning from the power saving state to the normal power state, the EC 210 returns the password management information of the flash ROM 220 to the password management register 212. As will be described later, the password management information indicates whether or not highly confidential data is stored in the HDD (storage device) 170.

  As described above, the password processing unit 213 is a processing unit that calculates key information and keyword information to generate HDD keywords. The password processing unit 213 may be handled by the EC 210 program itself.

  The key information is stored in advance in the EC flash ROM 220, but may be in a readable / writable area of the EC flash ROM 220 or in the program. This key information can be provided by the system via the BIOS, or can be set to a unique value in the EC program or set to the EC flash ROM register input I / F pin with a pull-up / pull-down resistor. It is. The key information can be a value unique to the device by using specific information on the device, such as a physical address of the LAN. In this case, for example, the physical address of the LAN is acquired by the CPU 110 under the program of the BIOS ROM 200 and sent to the EC 210, and is stored in the EC flash ROM 220 from the EC 210.

  The key information can be the HDD password itself. When this key information is used as the HDD password, the ECM program has a program for performing arbitrary calculation in the password processing unit 213, so that the key information does not directly become the HDD password. In addition, the HDD password can be protected.

  The key information can be personal authentication information. For example, as shown in FIG. 1, when the image processing apparatus 10 has a personal authentication device 15, the personal authentication information is used as key information. When the personal authentication information is larger than the data size that can be registered as the HDD password, it is handled by converting it into a size that can be used by the password processing unit 213 of the EC 210. For example, when the authentication key is 128 bytes and the HDD password is 32 bytes, the lower 32 bytes are used. In this case, the same password may be created, but the HDD password is not known from the outside.

  Further, when the image processing apparatus 10 checks personal authentication information for identifying the client terminal 20 or the user via the dedicated authentication server 30 when processing the job, information obtained from the authentication device 15 is used. Alternatively, since the system acquires data obtained by processing authentication information, the information and data can be taken into the EC flash ROM 220 of the EC 210 as key information via the BIOS. According to this method, it is possible to obtain only information from the HDD 170 to which the HDD password lock has been applied only by a user who uses data stored in the HDD 170. Even when a password is applied to the HDD 170 due to a device failure or the like, the HDD password can be canceled by inputting user authentication information from the EC operation panel 230 or the like.

  FIG. 4 is a basic flowchart of HDD password lock release control when the image processing apparatus 10 is powered on.

  The BIOS determines whether the HDD password setting is valid or invalid at startup when the power is turned on (step 1001). If the HDD password setting is valid, the BIOS determines whether a password (HDD password) is set in the HDD 170 (step 1002). When the HDD password is set in the HDD 170, the BIOS requests the HDD password from the EC 210 (step 1003), acquires the HDD password from the EC 210 via the password input / output register 211, and sends this HDD password to the HDD 170 ( Step 1004). The HDD 170 collates the set HDD password with the HDD password sent from the BIOS (step 1005). If they match, the HDD 170 unlocks the HDD password and makes it accessible (step 1006). If they do not match, an error is displayed as inaccessible (step 1007).

  On the other hand, if it is determined in step 1002 that no password is set in the HDD 170 (normally, when a new device is newly installed, no password is set in the HDD 170), the BIOS stores password information in the password input / output register 211 of the EC 210. Is written (step 1008). This password information is obtained from the inside of the system or from the EC operation panel 230. The EC 210 calculates key information and password information and stores them in the EC flash ROM 220 as HDD passwords, and sends the HDD passwords to the BIOS via the password input / output register 211 (step 1009). Specifically, the password processing unit 213 of the EC 210 calculates key information and password information and generates an HDD password. The BIOS sets the HDD password sent from the EC 210 in the HDD 170 (step 1010). The HDD 170 is made accessible by releasing the HDD password lock (step 1011).

  At the next startup, the HDD password is set in the HDD 170, and the HDD password is stored in the EC 210, so that the processing in the previous steps 1003 to 1006 becomes valid.

  If it is determined in step 1001 that the HDD password setting is invalid, it is determined whether a password is set in the HDD 170 (step 1012). If no password is set in the HDD 170, the process is terminated. On the other hand, if a password is set in the HDD 170, the BIOS requests the HDD password from the EC 210 (step 1013), acquires the HDD password from the EC 210, and sends this HDD password to the HDD 170 (step 1014). The HDD 170 collates the set HDD password with the HDD password sent from the BIOS (step 1015). If they match, the HDD 170 cancels the HDD password and enables access (step 1016). The BIOS accesses the HDD 170 and clears the HDD password (step 1017). If they do not match, an error is displayed (step 1018).

  If a password is set in the HDD 170 in the event of a device failure or the like, even if the BIOS requests a password from the EC, there is no information and the HDD cannot be accessed. In this case, an error occurs because the password is different. Such a situation can be prevented by clearing the password of the HDD 170 by the above processing.

  Next, HDD password lock release control when the image processing apparatus 10 returns from the power saving state to the normal power state will be described.

  When the image processing apparatus 10 shifts to the power saving state, the image processing apparatus 10 turns off the power supply except for portions necessary for reducing power consumption. In this case, the HDD 170 is also turned off. For this reason, when returning from the power saving state to the normal power state, it is necessary to perform the HDD password verification process to release the password lock in the same manner as at the start-up when the power is turned on, until the HDD 170 becomes accessible. Takes time.

  In the present embodiment, when there is highly confidential data in the HDD 170 when returning from the power saving state to the normal power state, the password lock is released by performing the HDD password verification process. When there is no high data, the password lock of the HDD 170 is immediately released, so that the time required for returning to the normal operation accessible by the HDD 170 is shortened. Here, the password management register 212 of the EC 210 manages whether or not it is necessary to lock the HDD password, that is, whether or not highly sensitive data exists in the HDD 170.

  FIG. 5 is a processing flowchart when the CPU 10 stores data in the HDD 170. In the image processing apparatus 10 such as an MFP, the HDD 170 temporarily stores image data read by a copy or a scanner for encryption processing on the memory 130 by the CPU 110 or stores data such as OCR processing. Saved for processing. Also, the HDD 170 is used as a simple storage location (document BOX) for print data from the client terminal 20.

  In FIG. 5, when a data storage request to the HDD 170 is issued from an application program or the like (step 2001), the CPU 110 determines the confidentiality of the data before storing the data in the HDD 170 (step 2002). . When determining that the confidentiality is high, the CPU 110 issues a request to the EC 210 and adds 1 to the current value of the password management register 212 (step 2003). The initial value of the password management register 212 is 0. Thereafter, the CPU 110 stores data in the HDD 170 (step 2004). On the other hand, when determining that the confidentiality is not high, the CPU 110 skips the process of step 2003 and immediately proceeds to step 2004. This is performed for each job unit, for example.

  Here, the confidentiality of the data is determined as follows. For example, a request for a print request from a client terminal such as a confidential print request, and similarly, in the case of copying, the determination is made based on additional data indicating that copy-forbidden copy-forgery-inhibited pattern printing is set. That is, the determination is made based on user instruction information added to the data.

  Ordinary print data is not normally stored in the HDD 170, but it may be temporarily stored in the HDD 170 when a large amount of data is sent at once. Such data is data that has been specially processed for use in MFP print processing, and is not in a general-purpose data file format, so it is difficult to restore the original data. It turns out that the data is not particularly protected.

  Further, for example, a data file to be printed in advance as a document BOX may be sent to the HDD 170 and printing may be performed by a user performing an authentication process in front of the image processing apparatus 10. In this case, the data is assumed to be a general image file format (for example, pdf, Tiff, jpeg, bmp format, etc.) or a file format specific to an application represented by Word, Excel, or the like. Since it is the CPU 110 that actually stores such a file in the HDD 170, this file format information can be used as a material for determining confidentiality.

  Note that a flag indicating that is added to the data determined to have high confidentiality and stored in the HDD 170.

  FIG. 6 is a processing flowchart when the CPU 10 erases data stored in the HDD 170. In a device such as an MFP, data once stored in the HDD 170 is generally deleted (deleted) after a target job such as printing is processed. In this case, in order to completely erase, a process (overwrite erasure) is performed in which another data is overwritten several times in the area where the data is stored.

  In FIG. 6, when there is a request to delete data stored in the HDD 170 from an application program or the like (step 3001), the CPU 110 determines whether the data is highly confidential (step 3002). This can be easily determined by whether or not a flag to that effect is added to the data. If the data is highly confidential, a request is sent to the EC 210 to subtract 1 from the current value of the password management register 212 (step 3003). Thereafter, an erasure process is performed on the data in the HDD 170 (step 3004). Specifically, the data is completely erased, for example, by overwriting another data (eg, all 0) in the area of the HDD 170 where the data is stored. On the other hand, if it is determined that the data is not highly confidential, step 3003 is skipped, and the process immediately proceeds to step 3004 to delete the data in the HDD 170. In this case, the number of overwrites may be smaller than that of highly confidential data.

  5 and 6, when highly confidential data remains in the HDD 170, the value of the password management register 212 is 1 or more, and 0 when no data remains. Therefore, according to the value of the password management register 212, when highly confidential data remains in the HDD, the HDD password can be locked, and in other cases, the lock can be released.

  When the image processing apparatus 10 shifts from the normal power state to the power saving state, the EC 210 stores the contents of the password management register 212 in the EC flash ROM 220 as password management information.

  FIG. 7 is a flowchart of the HDD password unlock control when returning from the power saving state to the normal power state according to the present embodiment. This is also a flowchart according to an embodiment of the password lock control method of the present invention.

  When the image processing apparatus 10 returns from the power saving state to the normal power state, the EC 210 sets the password management information of the EC flash ROM 220 in the password management register 212 (step 4001). The BIOS determines whether the value of the password management register 212 of the EC 210 is 0 (step 4002). Here, if the value of the password management register 212 is 0, it is determined that there is no highly confidential data in the HDD 170, and the BIOS immediately releases the lock of the HDD 170 and makes the HDD 170 accessible (step). 4003). On the other hand, if the value of the password management register 212 is 1 or more, it is determined that highly confidential data exists in the HDD 170, and the BIOS performs the same HDD password unlock processing as that at startup when the power is turned on. Implement (step 4004). In other words, the BIOS performs the processing of steps 1001 to 1007 in FIG.

  As described above, according to the present embodiment, high security can be maintained by applying the HDD password pass lock only when highly confidential data is stored depending on the type of data stored in the HDD. However, during normal use where data that does not need to be protected is stored, the HDD password lock is immediately released, saving time when the power-saving HDD 170 is restored from the power-off state. Return is possible.

  Although the embodiments of the present invention have been described above, the present invention can be widely applied to storage devices generally having a password lock function and is not limited to a hard disk drive (HDD). The present invention is not limited to an image processing apparatus typified by MPF, and can be widely used in electronic devices having a storage device having a password lock function.

DESCRIPTION OF SYMBOLS 10 Image processing apparatus 15 Personal authentication device 20 Client terminal 30 Authentication server 110 CPU
140 Chipset 170 Hard disk drive (HDD)
200 BIOS ROM
210 EC
211 Password input / output register 212 Password management register 213 Password processing unit 220 Flash ROM
230 EC operation panel

JP 2004-78539 A JP 2007-328765 A

Claims (6)

In an electronic device having a storage device with a password lock function,
Holding means for holding, as password management information, whether or not highly confidential data is stored in the storage device;
When the password management information indicates that no highly confidential data is stored in the storage device when the power saving state returns to the normal power state, the password lock of the storage device is released. If it is shown that highly confidential data is stored in the storage device, the password set in the storage device is compared with the password registered in advance, and if they match, Control means for releasing the password lock of the storage device;
An electronic device comprising: The control means includes
When highly confidential data is stored in the storage device, the password management information is incremented by 1. When highly confidential data is erased from the storage device, the password management information is decremented by 1,
When the password management information is 0 when returning from the power saving state to the normal power state, the password lock of the storage device is immediately released, and when the password management information is 1 or more, the storage device The password set in the password and the registered password are verified, and if they match, the password lock of the storage device is released.
The electronic device according to claim 1.   The electronic device according to claim 2, wherein the control unit determines whether or not the data is highly confidential based on file format information of the data.   The electronic device according to claim 2, wherein the control unit determines whether the data is highly confidential based on user instruction information added to the data.   The electronic device according to claim 1, wherein the password of the storage device is generated from personal authentication information. A password lock control method for a storage device having a password lock function,
Holding password management information whether or not highly confidential data is stored in the storage device; and
When the password management information indicates that highly confidential data is not stored in the storage device when the power saving state returns to the normal power state, the password lock of the storage device is immediately performed. If the data is released and indicates that highly confidential data is stored in the storage device, the password set in the storage device is compared with the password registered in advance, Releasing the password lock of the storage device;
A password lock control method comprising:

Images