JP2018136778A - Data erasing method, data erasing program, and administrative server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To ensure the completion of data erasing processing in a PC.SOLUTION: An erasing method in which a PC performs data erasing processing in a storage device of the PC, includes: an ID generating step of creating a processing ID by the PC before start of processing; an encryption step of creating an encryption ID by encrypting the processing ID; an encryption ID acquisition step of performing an encryption ID display step of displaying the encryption ID on a display device, and acquiring the encryption ID displayed on the display device by an administrative server; and a decoding step of decoding the acquired encryption ID. After completion of the processing, the PC performs a processing ID display step for displaying the processing ID created in the ID forming step on the display device . The administrative server compares the processing ID acquired in a processing ID acquisition step for acquiring the processing ID displayed on the display device in the processing ID display step and the processing ID acquisition step with the processing ID decoded in the decoding step, and determines that the erasing processing is completed if the two IDs match.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a data erasing method, a data erasing program, and a management server, and more particularly to a technique that makes it possible to obtain a guarantee that data stored in a storage device of a computer has been securely erased.

  In recent years, many personal computers (hereinafter referred to as “PCs” or “PCs”) have been used to carry out business at companies and offices, but these PCs have customer information, in-house information, Various types of confidential data, such as personal information, that should be kept secret outside the company are often stored. Therefore, when such a PC is disposed of for reasons such as replacement, disposal, or transfer, it is necessary to erase data stored in the storage device.

  Various methods for erasing data in the storage device are known from a relatively low security level to a high level, and various erasing programs are provided.

  Further, the applicant has previously proposed a technique for erasing data stored in the PC to prevent information leakage (see Patent Document 1 below).

JP 2014-115724 A

  However, no matter how a high level erasing method is applied, the desired effect cannot be obtained unless the processing itself (execution of the erasing program) is completely performed.

  For example, if there is a problem with the PC during the deletion process, or if the person who has been disposed of is inadvertently or deliberately not performing the process or canceling the process, delete it There is a possibility that the data to be left remains in the PC. Also, if such a PC is handed over to a third party, it is difficult to confirm whether the data has been completely erased.

  On the other hand, the technology according to Patent Document 1 mainly prevents the leakage of information by erasing data stored in a PC when the laptop is misplaced or stolen while on the go. It is not intended to guarantee that the complete erasure process has been completed.

  Accordingly, an object of the present invention is to obtain a guarantee that processing has been completed for erasing data in the PC.

  In order to solve the above-described problems and achieve the object, the present invention includes a computer (hereinafter also referred to as “client PC”) that is a target of data erasure and a management server that manages the erasure process. Is started based on an instruction input (referred to as a “local command”) on the client PC, or depending on whether an erase process is started based on an erase command (referred to as a “server command”) from the management server. In addition, the present application includes two types of inventions (the invention according to the local instruction is referred to as the “first invention”, and the invention according to the server instruction is referred to as the “second invention”). Each invention relating to a method, a data erasing program and a management server is included. Hereinafter, these inventions will be described in detail.

[First invention (local command)]
In the data erasing method according to the first invention of the present application, the computer performs a data erasing process for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device. A data erasing method to perform,
As a step performed by the computer before starting the data erasing process,
(A1) a process ID generation step for generating a process ID that is unique identification information capable of specifying the data erasure process;
(A2) a process ID encryption step for generating an encrypted ID obtained by encrypting the process ID;
(A3) a pre-execution ID generation step for generating a pre-execution ID including an encryption ID;
(A4) a pre-execution ID display step for displaying the pre-execution ID on the display device;
The data erasing method is a step performed by the management server.
(B1) a pre-execution ID acquisition step of acquiring a pre-execution ID displayed on the display device;
(B2) a process ID decrypting step of decrypting the encrypted ID included in the acquired pre-execution ID,
The data erasing method is
(A5) an erasure process execution step in which the computer executes a data erasure process,
As the steps performed by the computer after completion of the data erasing process,
(A6) a post-completion ID generation step for generating a post-completion ID including the process ID generated in the process ID generation step;
(A7) a post-completion ID display step of displaying post-completion ID on the display device;
As steps performed by the management server,
(B3) a post-completion ID acquisition step of acquiring a post-completion ID displayed on the display device in the post-completion ID display step;
(B4) a process ID comparison step that compares the process ID included in the post-completion ID acquired in the post-completion ID acquisition step with the process ID decrypted in the process ID decryption step;
(B5) including a determination step of determining that the data erasure process is completed when the process ID acquired in the post-completion ID acquisition step matches the process ID decoded in the process ID decryption step.

  The data erasing program according to the first invention of the present application includes a data erasing process for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device. A data erasing program to be executed by a computer, the data erasing program generating a process ID that is unique identification information that can identify the data erasing process before starting the data erasing process; A process ID encryption step for generating an encrypted ID obtained by encrypting the process ID, a pre-execution ID generation step for generating a pre-execution ID including the encryption ID, and a pre-execution ID for displaying the pre-execution ID on the display device The data erasure program executes a process ID generation step after completion of the data erasure process. In a completion ID generating step of generating a completion ID that includes the generated processed ID, to perform the post-completion ID display step of displaying completion ID to the display device to the computer.

  Furthermore, the management server according to the first invention of the present application manages data erasure processing for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device. A management server that obtains a pre-execution ID generated by the computer before the start of the data erasure process and a post-completion ID displayed on the display device by the computer after the data erasure process is completed; The pre-execution ID is an encrypted ID generated by the computer before the start of the data erasure process and encrypted by the computer as a process ID, which is unique identification information that can identify the data erasure process. The post-completion ID includes a process ID, and the management server further includes the pre-execution ID acquired by the data erasure management unit. Process ID decrypting unit that decrypts the encrypted ID to be processed, a process ID decrypted by the process ID decrypting unit, and a process ID that compares the process ID included in the post-completion ID acquired by the data erasure management unit The data erasure management unit includes a process ID decrypted by the process ID decryption unit and a process ID included in the post-completion ID acquired by the data erasure management unit. Is determined to be complete, the data erasure process is determined to have been completed.

  Both the first invention and the second invention described later are for erasing data stored in the storage device of the client PC. In the first invention, the data erasing program previously installed in the client PC is used. Prior to the erasure process, unique identification information (process ID) capable of specifying the erasure process is issued, and this is encrypted to generate a pre-execution ID including an encrypted ID that is the encrypted process ID. The previous ID is displayed on the display device of the client PC. On the other hand, after completion of the erasure process, a post-completion ID including a process ID is generated, and the post-completion ID is displayed on the display device of the client PC.

  The pre-execution ID displayed before the erasure process (including the encrypted ID obtained by encrypting the process ID) is the user of the client PC (the person who performs the erasure process on the client PC side / hereinafter referred to as “user”). The management server is notified of the post-completion ID (including the process ID) displayed on the display device even after the erasure process is completed. Thereby, the management server can acquire the encryption ID and the process ID. The management server decrypts the encrypted ID acquired from the user before the erasure process, and compares the decrypted ID with the process ID acquired from the user after the erasure process is completed. If the two IDs match, it can be determined that the erasure process has been completed.

  In the first invention, as described above, the process ID (included in the pre-execution ID) is also displayed on the display device of the client PC before the start of the erasure process. The encrypted encryption ID is a number or character string different from the ID before encryption. Therefore, even if the user notifies the management server that the encryption ID displayed before the process is disclosed, for example, the process has been completed despite the fact that the deletion process has not been completely executed, the notified ID is: Since it does not match the process ID (unencrypted) issued by the management server, the management server can determine that the erasure process has not been completed.

  It is desirable that the pre-execution ID includes identification information (referred to as “PC identification information”) that can identify the client PC in addition to the encryption ID and the post-completion ID in addition to the processing ID. This is because the PC related to the erasure process can be specified only by the pre-execution ID and the post-completion ID. However, the present invention does not require that the PC specifying information be included in the pre-execution ID or the post-completion ID. For example, when notifying the management server, the user himself / herself can also notify the management server of the PC specifying information together with the pre-execution ID and post-completion ID. This is because it is possible to make it possible for the management server side to grasp the client PC also by a method other than including.

  Further, the pre-execution ID can include, for example, the current year / month / date / time (before the execution of the erasing process) and information such as the erasing method to be executed. Similarly, the post-completion ID can include, for example, information such as the date and time when the erasing process is completed, and the erasing method executed.

  In one embodiment of the present invention, in the data erasing method, the pre-execution ID and the post-completion ID further include information (referred to as “storage device ID”) that can identify the storage device, and the management server performs A storage device ID comparison step that compares the storage device ID included in the pre-execution ID acquired in the pre-execution ID acquisition step with the storage device ID included in the post-completion ID acquisition step acquired in the post-completion ID acquisition step; In the determination step, it is determined that the data erasure process is completed when the storage device ID included in the pre-execution ID and the storage device ID included in the post-completion ID match in addition to the process IDs matching To do.

  According to such an aspect, it is possible to prevent fraud that pretends that the data erasure has been completed by replacing the storage device.

  Notification to the management server of IDs (pre-execution ID, post-completion ID) displayed on the display device before execution of the erasure process or after completion of the process in the present invention (the first invention and the second invention described later) The method is not particularly limited. In the embodiment described later, since a two-dimensional code (QR code) representing the pre-execution ID and post-completion ID is displayed on the screen of the display device, the user captures these two-dimensional codes by photographing them with a smartphone and manages them. For example, note the pre-execution ID and post-completion ID (for example, consisting of numbers and character strings) displayed on the screen, access the management server, and the user manually inputs the ID. May be. If it is assumed that the management server staff manually inputs data into the management server, the management server staff is called and notified verbally, or a memo with the ID is transmitted by facsimile or e-mail. It is also possible to notify. Further, other methods may be used.

  The storage device of the client PC to be erased is typically a hard disk drive (HDD / Hard Disk Drive) provided in a computer as an auxiliary storage device for storing programs and data, but is not necessarily limited to an HDD. However, other auxiliary storage devices such as a solid state drive (SSD / Solid State Drive) are also included in the storage device according to the present invention.

  In addition, the “data” referred to in the present invention is not limited to data created or acquired by the user of the PC and stored in the storage device, but various types of software such as application software and OS (Operating System / Operating System). This is a concept that widely includes various types of information that can be stored in the storage device, such as the above programs.

  In the present invention, the range of data erasure is not particularly limited. As a typical example, all the data in the data area of the storage device, that is, the area for storing user data, various application software, OS, etc. is erased. Only a folder may be deleted, or a specific area such as a partition unit may be deleted.

  When erasing all data in the data area including the OS as described above, the data erasure program installed on the client PC is executed by an erasure management program and an erasure execution program as in the embodiment described later. An erasure execution program that configures and executes data erasure processing may be stored in a storage area (for example, a protection area) other than the data area.

  In the present invention, the erasing method for erasing data is not particularly limited. For example, zero write method (write with zero value), random number write method (write with random value), random number + zero write method (write with random value, then write with zero value), US National Security Agency (NSA) method, Three-time writing, US Department of Defense (DoD5220.22-M) method (three-time writing), US Army method (US Army), US Navy method (US Navy), US Air Force method (Air Force), North Atlantic Treaty Organization method (NATO), US Computer Security Center system (NCSC), Gutman system (35 times in Gutmann system), and other systems may be used.

  Furthermore, in the present invention, two or more erasing methods may be prepared as erasing methods for performing the data erasing processing, and the data erasing processing may be executed by one of them.

  Specifically, in the data erasing method according to the first invention, the client PC is provided with two or more types of erasing methods as erasing methods for performing data erasing processing (the computer executes two or more types of erasing methods). The two or more types of erasing methods are displayed on the display device so that one of the two or more types of erasing methods can be selected as a step performed by the computer before the start of the data erasing process. The data erasing method may further include an erasing method display step, and the data erasing process in the erasing process executing step may be performed by the erasing method selected in the erasing method displaying step.

  In the data erasing program according to the first invention, the client PC is provided with two or more types of erasing methods as erasing methods for performing the data erasing process. The computer is further provided with an erasing method display step for displaying the two or more erasing methods on the display device so that one of the two or more erasing methods can be selected. The data erasing process may be performed by the computer according to the selected erasing method.

[Second invention (server command)]
According to a second aspect of the present invention, there is provided a data erasing method comprising: a storage device; a display device; an arithmetic processing device; an input device; and a communication control unit that enables communication via a computer network. A data erasing method in which the computer performs a data erasing process for erasing data stored in a storage device,
As a step that the management server performs before starting the data erasure process,
(B1) PC information acquisition step of acquiring and storing PC identification information which is information capable of identifying the computer;
(B2) a process ID generation step for generating a process ID that is unique identification information capable of specifying the data erasure process;
(B3) a process ID encryption step for generating an encrypted ID obtained by encrypting the process ID;
(B4) a pre-execution ID generation step for generating a pre-execution ID including an encryption ID;
(B5) an erasure command generation step for generating an erasure command including a pre-execution ID and instructing the computer to perform data erasure processing;
(B6) an erasure processing instruction step of transmitting an erasure command to the computer specified by the PC identification information stored in the PC information acquisition step,
As the steps performed by the computer,
(A1) a process ID decrypting step of decrypting the encrypted ID included in the pre-execution ID received from the management server to obtain a process ID;
(A2) an erasing process execution step for executing a data erasing process;
(A3) a post-completion ID generation step for generating a post-completion ID including the process ID obtained in the process ID decryption step after completion of the data erasure process;
(A4) a post-completion ID display step of displaying post-completion ID on the display device;
Furthermore, as a step that the management server performs after completion of the data erasure process,
(B7) a post-completion ID acquisition step of acquiring a post-completion ID displayed on the display device in the post-completion ID display step;
(B8) a process ID comparison step for comparing the process ID included in the post-completion ID acquired in the post-completion ID acquisition step with the process ID generated in the process ID generation step;
(B9) including a determination step for determining that the data erasure process is completed when the process ID acquired in the post-completion ID acquisition step matches the process ID generated in the process ID generation step.

  A data erasing program according to the second invention of the present application is a computer including a storage device, a display device, an arithmetic processing device, an input device, and a communication control unit that enables communication via a computer network. A data erasure program for causing the computer to perform data erasure processing for erasing data stored in the storage device, wherein the data erasure program receives an erasure command for instructing execution of the data erasure processing from the management server The erasure command receiving step is performed by the computer, and the erasure command includes a pre-execution ID including an encryption ID obtained by encrypting a process ID, which is unique identification information capable of specifying the data erasure process. In addition, the data erasure program further completes the process ID decryption step for obtaining the process ID by decrypting the encryption ID included in the pre-execution ID, the erasure process execution step for executing the data erasure process, and the data erasure process Then, a post-completion ID generation step for generating a post-completion ID including the process ID obtained in the process ID decoding step and a post-completion ID display step for displaying the post-completion ID on the display device are performed on the computer. Make it.

  A management server according to the second invention of the present application is a computer comprising a storage device, a display device, an arithmetic processing device, an input device, and a communication control unit that enables communication via a computer network. A management server for managing a data erasure process for erasing data stored in the storage device, and a storage unit capable of storing PC identification information, which is information for identifying the computer, and a data erasure process can be identified A process ID generating unit that generates a process ID that is unique identification information, a process ID encryption unit that generates an encrypted ID obtained by encrypting the process ID, and a pre-execution ID that includes a pre-execution ID including the encrypted ID An ID generating unit, an erasing command issuing unit for generating an erasing command including a pre-execution ID and instructing the computer to perform data erasing processing, and PC specifying information stored in the storage unit A data erasure management unit that transmits an erasure command to the computer specified by the computer and acquires a post-completion ID that is displayed on the display device and includes a process ID after the completion of the data erasure process, and a completion acquired by the data management unit A process ID comparison unit that compares the process ID included in the post-ID and the process ID generated by the process ID generation unit, and the data erasure management unit sets the post-completion ID as a result of the comparison by the process ID comparison unit; When the included process ID matches the process ID generated by the process ID generation unit, it is determined that the data erasure process has been completed.

  In the second invention, the data stored in the storage device of the client PC is erased as in the first invention. Unlike the first invention, the processing ID is set on the management server side. A pre-execution ID including the pre-execution ID is generated, and an erase command including the pre-execution ID is transmitted from the management server to the client PC, and an erase process is performed based on the erase command. After completion of the erasing process, the post-completion ID including the process ID is displayed on the display device of the client PC. Therefore, the user notifies the management server of this, so that the management server displays the processing displayed on the display device of the client PC. Get the ID (included in the post-completion ID). In the second invention, since the management server generates and stores the pre-execution ID including the process ID, it is not necessary for the client PC to display the pre-execution ID on the display device before starting the erasure process. Absent.

  Then, the management server compares the process ID acquired from the user with the process ID generated and stored by itself, and determines that the erasure process has been completed if the two IDs match. Regarding the notification method to the management server, the meaning of the storage device and data, the range of data erasure, the erasing method, the information included in the pre-execution ID and the post-completion ID, etc. The same as described in the explanation. In the second invention, it is not necessary to include the PC specifying information for the pre-execution ID (may be included). This is because, at the time of transmitting the pre-execution ID, the PC that transmits the ID can be specified on the management server side, and it is not necessary to include the PC specifying information in the pre-execution ID itself.

  Also in the second invention, as in the first invention, in order to prevent fraud due to replacement of the storage device, the management server obtains the storage device ID in advance before starting the erasure process and erases the data. Even after the completion, the management server may acquire the storage device IDs and compare these IDs so that it can be confirmed that the storage device has not been replaced.

  Specifically, in the data erasing method according to the second invention, as a step performed by the computer before starting the data erasing process, a storage device ID that stores a storage device ID that is information that can identify the storage device The storage server further includes a storage step, and further includes a storage device ID acquisition step of acquiring and storing the storage device ID as a step performed by the management server before the start of the data erasing process, and the post-completion ID is information that can identify the storage device Further includes a storage device ID. The data erasing method also includes a storage device that compares the storage device ID acquired in the storage device ID acquisition step with the storage device ID included in the post-completion ID acquired in the post-completion ID acquisition step as a step performed by the management server In addition to an ID comparison step, in the determination step, in addition to the process IDs matching, when the storage device ID acquired in the storage device ID acquisition step and the storage device ID included in the post-completion ID match, It is determined that the data erasure process has been completed.

  The same applies to the management server, and the configuration of the management server may be as follows.

  That is, the post-completion ID includes the storage device ID, and the management server includes the storage device ID storage unit that stores the storage device ID, the storage device ID stored in the storage device ID storage unit, and the post-completion ID. A storage device ID comparison unit that compares the storage device ID, and the data erasure management unit obtains a storage device ID in advance and transmits it to the storage device ID storage unit before transmitting an erasure command to the computer. When the storage device ID stored in the storage device ID storage unit matches the storage device ID included in the post-completion ID, in addition to the processing IDs matching, it is determined that the data erasing process has been completed. .

  Further, in the second invention as well, two or more types of erasing methods are prepared as data erasing methods, and the data erasing processing may be executed by one of them. It is.

  Specifically, in the data erasing method according to the second aspect of the invention, the computer can execute two or more types of erasing methods as erasing methods for performing data erasing processing, and the erasing command includes the two or more types of erasing instructions. The erasing method specifying information for designating one of the erasing methods may be included, and the data erasing process in the erasing process executing step may be performed by the erasing method specified by the erasing method specifying information.

  Further, in the data erasing program according to the second invention, the erasing instruction includes erasing method specifying information for designating one of two or more erasing methods, and the data erasing program includes an erasing process executing step. The data erasing process in (1) may be performed by the computer by the erasing method specified by the erasing method specifying information.

  In the management server according to the second aspect, the erasure command may include erasure method specifying information for designating one of two or more erasure methods.

  Furthermore, in the first and second inventions, an erasure certificate can be issued that certifies that the erasure process has been completed.

  Specifically, when the data erasing method according to the first or second invention determines that the data erasing process is completed in the determining step, information for identifying the computer that has completed the data erasing process; An erasure certificate issuing step for issuing an erasure certificate including at least information indicating that the data erasure process has been completed may be included.

  Further, the erasure certificate may include information for specifying the erasure method that performed the data erasure process (the same applies to the management server described below).

  The same applies to the management server. When the management server according to the first or second invention determines that the data erasure process has been completed, information for identifying the computer that has completed the data erasure process. And an erasure certificate issuing unit that issues an erasure certificate including at least information indicating that the data erasure process has been completed.

  According to the present invention, it is possible to obtain a guarantee that processing has been completed for erasing data in the PC.

  Other objects, features, and advantages of the present invention will become apparent from the following description of embodiments of the present invention described with reference to the drawings. In addition, in each figure, the same code | symbol shows the same or an equivalent part.

FIG. 1 is a block diagram showing a data erasing system according to the first embodiment of the present invention. FIG. 2A is a diagram showing a processing procedure of the data erasing system according to the first embodiment. FIG. 2B is a diagram showing a processing procedure of the data erasing system according to the first embodiment. FIG. 3 is a diagram showing a screen display example (before starting the erasing process) of the display device of the client PC in the system of the first embodiment. FIG. 4 is a diagram showing the display of the pre-execution ID in FIG. FIG. 5 is a diagram showing a screen display example (after completion of the erasing process) of the display device of the client PC in the system of the first embodiment. FIG. 6 is a diagram showing the display of the ID after completion in FIG. FIG. 7 is a block diagram showing a data erasing system according to the second embodiment of the present invention. FIG. 8 is a diagram showing a processing procedure of the data erasing system according to the second embodiment.

[First Embodiment (Erase by Local Instruction)]
The data erasure system according to the first embodiment of the present invention is a system that performs erasure processing by a local command, and includes a client PC (computer) 11 and a management server 41 as shown in FIG.

  The client PC 11 includes an erasing process management unit 12, a process ID generation unit 13 that generates a process ID, a process ID encryption unit 14 that encrypts the process ID, a process ID storage unit 15 that stores the process ID, and a mouse And an input unit 16 including a keyboard, a display unit (display device) 17 formed of a liquid crystal display, a power control unit 18 for controlling the power of the PC 11, and a BIOS (Basic Input / Output System / basic) stored in a nonvolatile memory BIOS 20 composed of an input / output system) program, an OS boot unit 21 that boots an OS including a boot loader (boot program), a boot OS storage unit 19 that stores an OS to be booted, and an erase execution unit 22 that executes an erase process A default OS (OS that is activated by default) 23, a pre-execution ID generation unit 51 that generates a pre-execution ID, and a post-completion ID A post-completion ID generation unit 52, an erasing method storage unit 53 that stores an erasing method executed by the erasing execution unit 22, and a storage device ID storage that stores a storage device ID that is identification information (for example, a serial number) of the storage device Part 26.

  The client PC 11 includes an HDD (Hard Disk Drive) as a storage device according to the present invention. This HDD stores MBR (Master Boot Record), a data area, and a protection area. Have.

  The MBR stores a boot program (boot loader / OS boot unit) for booting an OS program and a partition table (boot OS storage unit) indicating the OS program to be booted.

  The data area stores various data including, for example, a default OS such as Windows (registered trademark), Mac OS, or Linux (registered trademark), various application programs operating on the default OS, and data created by the user. Is stored. The erase management program is stored in this data area. The erasure management program constitutes the erasure process management unit 12, the process ID generation unit 13, the process ID encryption unit 14, and the pre-execution ID generation unit 51.

  The protection area is called an HPA (Host Protected Area) or the like, and is an area protected at the BIOS level, and the erase execution program is stored in this protection area. The erasure execution program constitutes the erasure execution unit 22 and the post-completion ID generation unit 52, and is activated in place of the default OS 23 to execute the erasure process as will be described later.

  On the other hand, the management server 41 decrypts the data deletion management unit 42, the communication control unit 47 that enables communication with the user's smartphone 31 via the computer network (Internet) 10, and the encrypted process ID. Process ID decryption unit 43, process information storage unit 45 that stores information about process ID, user, client PC 11, etc., process ID comparison unit 44 that compares process IDs transmitted from the user, and storage device ID Storage device ID comparison unit 54 and deletion certificate issuing unit 46 that generates and issues a deletion certificate.

  The management server 41 can manage a plurality of client PCs 11 (only one is shown in FIG. 1). In this case, the processing information storage unit 45 stores each of the plurality of client PCs 11. The identification information (PC identification information) to be identified is stored, the information included in the pre-execution ID and post-completion ID transmitted from the user, which will be described later, and the storage device ID are included in the identification information (PC identification information) of each PC. The process information is stored in the processing information storage unit 45 in association with each other.

  The erasing process according to the present embodiment will be described with reference to FIGS. 2A to 2B.

  In the erasure process, a data erasure program is installed in the client PC 11 in advance (step S101). As described above, the data erasure program is stored in the data area of the storage device (HDD) to issue a process ID, encrypts, and the like, and is stored in the protection area of the storage device to store the data. And an erasure execution program for executing erasure processing of data stored in the data area of the apparatus. When the data erasing program is installed, the erasure management program (erase processing management unit 12) acquires the storage device ID that is the identification information of the storage device, and stores it in the storage device ID storage unit 26 (step S102).

  When the erasure management program is activated in the client PC 11 (step S103), the process ID generation unit 13 generates a process ID that is identification information unique to the erasure process and stores it in the process ID storage unit 15 (step S103). S104). The process ID is not particularly limited as long as it is information that can uniquely identify the erasure process in the PC, and may be any information as long as it is unique information made up of numbers and character strings.

  The generated process ID is encrypted by the process ID encryption unit 14 (step S105). In the system of the present embodiment, the erasure execution program (erase execution unit 22) has a plurality of types of erasure methods, and executes data erasure processing by the designated erasure methods. Therefore, the erasure processing management unit 12 prompts the user to select (specify) the erasing method to be executed by displaying the erasing methods of the plurality of types on the display unit 17 (step S106). When the user designates an erasing method using the input unit 16, the erasure processing management unit 12 stores in the erasing method storage unit 53 which method is the designated erasing method (step S107).

  Further, the pre-execution ID generation unit 51 generates a pre-execution ID (step S108), and the erasure process management unit 12 displays the pre-execution ID on the display unit 17 (step S109). At this time, on the screen of the display unit 17, in addition to the number / character string 33 representing the pre-execution ID as shown in FIG. A message 61 to be executed, an erase execution button 62 for instructing the execution of processing, and a cancel button 63 for stopping the execution of processing are simultaneously displayed.

  In this example, the pre-execution ID 33 includes an encrypted ID 33a that is the process ID encrypted by the process ID encryption unit 14, PC specification information 33b that specifies the client PC, and storage, as shown in FIG. It includes a device ID 33c, a current date and time (hours and minutes) 33d, and information (erase method specifying information) 33e for specifying an erase method to be executed (specified). The PC specifying information 33b may be any information as long as the PC can be identified (the storage device ID is the same), for example, a number / character string including a product name (product number) and a serial number (manufacturing number). Or a combination of the UUID (Universally Unique Identifier) and IP address of the PC.

  When the confirmation screen (FIG. 3) is displayed, the user notifies the management server 41 of the pre-execution ID 33. Specifically, the pre-execution ID 33 is captured in the smartphone 31 by photographing the QR code 32 and transmitted to the management server 41 via the Internet 10. The notification of the pre-execution ID 33 to the management server 41 is displayed on the confirmation screen by accessing the management server 41 using, for example, another PC or smartphone accessible to the management server 41 as described above. Alternatively, other methods such as inputting the pre-execution ID 33 may be used.

  When the user transmits the pre-execution ID 33, in the management server 41, the data erasure management unit 42 receives this via the restriction control unit 47, and associates the storage device ID 33c included in the pre-execution ID 33 with the PC specifying information 33b to process information. It preserve | saves at the memory | storage part 45 (step S118). Further, the process ID decrypting unit 43 decrypts the encrypted ID 33a included in the pre-execution ID 33 (step S119). The decrypted process ID is associated with the PC specifying information 33b in the same manner as the storage device ID 33c, and is stored in the process information storing unit 45 by the data erasure managing unit 42 together with the information 33e specifying the erasing method (step S120). ).

  On the client PC 11, on the other hand, when the user clicks the delete execution button 62 on the confirmation screen (FIG. 3) of the display unit 17 with the mouse, the input unit 16 instructs the delete process management unit 12 to execute the process (step S110). Then, the erasure processing management unit 12 (erase management program) transfers control to the erasure execution unit 22 (erase execution program) to execute data erasure processing. Specifically, it is as follows. The following procedure shows an example, and the present invention is not limited to the control procedure.

  The default OS 23 is normally active in the startup OS storage unit 19 (MBR partition table) of the client PC 11, but when the process execution instruction is given, the deletion process management unit 12 (erase management program) Instead, after rewriting the boot OS storage unit 19 (MBR partition table) so that the erase execution program (erase execution unit 22) becomes active, the power supply control unit 18 restarts the client PC 11 (step S111).

  When the client PC 11 is restarted, the BIOS 20 executes POST, searches for the HDD that is the startup drive, and then loads the boot loader in the MBR (step S112). The BIOS 20 transfers control to the boot loader (OS boot unit), and the boot loader (OS boot unit 21) determines an OS to be booted by referring to the partition table (boot OS storage unit 19) in the MBR (step S113). At this time, in the partition table, since the erasure execution program is activated by rewriting by the erasure management program, the boot loader starts the erasure execution program (step S114). Then, the activated erase execution program (erase execution unit 22) erases all information in the data area of the HDD (step S115). At this time, the erasure execution program (the erasure execution unit 22) refers to the erasure method storage unit 53, and executes the erasure process according to the designated erasure method.

  When the erasure process is completed, the post-completion ID generation unit 52 stores the process ID from the process ID storage unit 15, the executed erasure method from the erasure method storage unit 53, and the storage device ID as the storage device ID storage unit 26. The IDs are respectively read out and generated after completion (step S116). The post-completion ID is displayed on the screen of the display unit 17 by the erasure execution unit 22 (step S117). For example, as shown in FIG. 5, this display is performed by displaying a QR code 34 obtained by two-dimensionally coding the post-completion ID 35 together with a number / character string 35 indicating the post-completion ID. Further, a message 54 indicating that the erasure process is completed, a process completion date and time 55, and the like may be displayed.

  In this example, the post-completion ID 35 includes a process ID 35a, information 35b identifying the client PC, a storage device ID 33c, a date and time (hour / minute) when the erasing process is completed, as shown in an enlarged view in FIG. ) 35d and information 35e specifying the executed erasing method. Here, since the process ID included in the numeric character string 35a (see FIG. 6) of the process ID and the QR code 34 displayed on the process completion screen (FIG. 5) is the one before encryption, the process starts. This is different from the encryption ID included in the numeric character string 33a of the encryption ID and the QR code 32 displayed on the previous display screen (FIG. 3).

  When the process completion screen (FIG. 5) is displayed, the user captures the post-completion ID by photographing the QR code 34 in the same manner as when the process is started, and transmits it to the management server 41 via the Internet 10. Notify ID after completion. Note that the notification to the management server 41 may be performed by another method as described above.

  When the post-completion ID is transmitted from the user, in the management server 41, the data erasure management unit 42 receives this via the traffic control unit 47, and the data erasure management unit 42 processes the storage device ID stored in step S118. The storage device ID read out from the information storage unit 45 and the storage device ID included in the post-completion ID transmitted from the user are compared with the storage device ID comparison unit 54 (see step S121 / FIG. 2B). If the two IDs (storage device IDs) match, the data erasure management unit 42 reads the processing ID stored in step S120 from the processing information storage unit 45 and includes the read processing ID and the post-completion ID transmitted from the user. The process ID comparison unit 44 is compared with the process ID to be processed (steps S122 to S123). If these IDs (processing IDs) also match, an erasure certificate is issued assuming that the erasure process in the client PC 11 is successful (normally completed) (steps S124 to S125).

  This erasure certificate includes information identifying the computer for which the data erasure process has been completed and information indicating that the data erasure process has been completed, for example, the date and time when the erasure process was completed, Information such as the system and the serial number (storage device ID) of the storage device that has been erased can be included. By issuing such an erasure certificate, it is possible to guarantee that data erasure has been completed normally and which PC has been erased by which erasing method and when.

  On the other hand, if the two IDs do not match as a result of the comparison by the storage device ID comparison unit 54 or the two IDs do not match as a result of the comparison by the processing ID comparison unit 44, the data erasure management unit 42 performs the erasure process. It determines with having failed (step S122-S126, step S124-S126).

[Second Embodiment (Erase by Server Instruction)]
The data erasure system according to the second embodiment of the present invention is a system for performing an erasure process by a server command, and includes a client PC (computer) 11 and a management server 41 as in the system of the first embodiment, and includes a client PC 11 The management server 41 determines whether or not the data erasure is successful. The management server 41 issues a pre-execution ID including a processing ID and transmits it to the client PC 11 with the erasing command. To do. Specifically, although the following is the same as in the first embodiment, a redundant description will be omitted, and differences will be mainly described.

  As shown in FIG. 7, in the system of this embodiment, the management server 41 has a process ID generation unit 49 that generates a process ID, a process ID encryption unit 50 that encrypts the process ID, and an erase command that issues an erase command. It includes a command issuing unit 48 and a pre-execution ID generating unit 51 that generates a pre-execution ID, and further includes a data erasure management unit 42, a process ID comparison unit 44, a storage device ID storage unit 54, and a process information storage unit. 45, an erasure certificate issuing unit 46, and a communication control unit 47.

  On the other hand, the client PC 11 includes a communication control unit 25 that enables communication with the management server 41 via the computer network (Internet) 10 and an encryption included in the erasure command (pre-execution ID) transmitted from the management server 41. The process ID decoding part 24 which decodes ID and obtains process ID, and the post-completion ID production | generation part 52 which produces | generates post-completion ID are provided, Furthermore, the deletion process management part 12, the process ID memory | storage part 15, and storage device ID Storage unit 26, display unit 17, power supply control unit 18, BIOS 20, OS startup unit 21, startup OS storage unit 19, deletion execution unit 22, default OS 23, and deletion method executed by deletion execution unit 22 (included in deletion command) The erasing method storage unit 53 stores the erasing method specified by the erasing method specifying information). Further, the client PC 11 includes an HDD having an MBR, a data area, and a protection area as a storage device.

  Further, in this embodiment, the client PC 11 also has an erasure management program stored in the data area to realize the erasure process management unit 12 and the process ID decryption unit 24 and a erasure process execution unit 22 stored in the protection area. Alternatively, a data erasure program including an erasure execution program for realizing the post-completion ID generation unit 52 is installed in advance. However, in this embodiment, since the pre-execution ID including the process ID is generated on the management server 41 side, the erasure management program does not generate the process ID, encrypt it, or generate the pre-execution ID.

  The erasing process in the present embodiment is as follows.

  Referring also to FIG. 8, when the data erasure program is installed in the client PC 11 (step S201), the erasure management program (erase processing management unit 12) acquires the storage device ID that is the identification information of the storage device, and stores it. The storage device ID is stored in the storage device ID storage unit 26 (step S202), and a display that prompts the user to transmit the storage device ID to the management server 41 together with the PC identification information is performed. In response to this display, the user transmits the PC specifying information and the storage device ID to the management server 41, whereby the management server 41 acquires the PC specifying information and the storage device ID.

  Note that the above processing (display on the client PC 11 or transmission to the management server 41 by the user) is performed in advance by the management server 41 on the identification information (storage device ID in the client PC 11) of the storage device that is the object of data deletion ( The purpose is to acquire an erasure command before sending the data to the client PC 11 and instructing data erasure. For example, when the data erasure program is installed without any user operation, the erasure process is performed. Other methods, such as the management unit 12 automatically connecting to the management server 41 via the communication control unit 25 and the Internet 10 (without user operation) and transmitting the PC identification information and the storage device ID, etc. It may be due to.

  In the management server 41, the data erasure management unit 42 receives the PC specifying information and the storage device ID transmitted from the user via the communication control unit 47, associates them with each other, and stores them in the processing information storage unit 45 (step S203).

  In the erasure process, first, the data erasure management unit 42 of the management server 41 generates a process ID through the process ID generation unit 49 and stores it in the process information storage unit 45 (step S204). The generated process ID is encrypted by the process ID encryption unit 50 (step S205), and a pre-execution ID including the encrypted process ID (encrypted ID) is generated by the pre-execution ID generation unit 51. (Step S206).

  Then, the erase command issuing unit 48 issues an erase command (step S207). This erasure command includes a pre-execution ID, erasure method specifying information for designating an erasure method to be executed by the client PC, and an erasure command issue date (year / month / day / time). In the first embodiment, the erasure method is selected on the client side, and the erasure method specifying information is included in the pre-execution ID in order to notify the management server of the selected erasure method. Since an erase command is transmitted to the PC, the erase command specifying information (not the pre-execution ID) is included in this erase command.

  The data erasure management unit 42 transmits the erasure command to the client PC 11 via the communication control unit 47 and the computer network (Internet) 10. At this time, on the client PC 11 side, the client PC 11 is turned on so that it can be connected to the Internet 10.

  In the client PC 11, the erasure management program is activated by receiving the erasure command via the communication control unit 25 (step S 208). When the erasure management program is activated, the erasure process management unit 12 decrypts the encrypted ID in the pre-execution ID included in the erasure command transmitted from the management server 41 through the process ID decryption unit 24 to obtain the process ID. Obtain (step S209) and store it in the process ID storage unit 15 (step S210). Further, the erasure processing management unit 12 acquires erasing method specifying information for designating the erasing method from the erasing command and stores it in the erasing method storage unit 53 (step S211).

  Further, the erasure processing management unit 12 rewrites the boot OS storage unit 19 (rewrites the MBR partition table so that the process execution program becomes active instead of the default OS 23), and then restarts the PC 11 by the power control unit 18. (Step S212), the control is transferred to the erasure execution program as in the first embodiment (steps S213 to S215).

  When the erasure execution program is activated, the erasure execution unit 22 executes the erasure process (step S216). When the erasure process is completed, the post-completion ID generation unit 52 stores the process ID from the process ID storage unit 15 and the storage device ID. Each storage device ID is read from the unit 26, and a post-completion ID including these process ID and storage device ID is generated (step S217).

  The post-completion ID includes the process ID and the storage device ID, as well as the PC identification information, the date and time (hour / minute) when the erasure process is completed, as well as the post-completion ID 35 of the first embodiment. It is. Note that the post-completion ID of the present embodiment does not need to include information (erase method specifying information) indicating the executed erase method. This is because in this embodiment, the erasing method is designated by the management server 41, and the erasing process is executed by the designated method. The erasure execution unit 22 displays the generated post-completion ID on the display unit 17 as in the first embodiment (FIG. 5) (step S218).

  The user captures the QR code 34 (see FIG. 5) representing the post-completion ID displayed on the display unit 17 with the smartphone 31 and transmits it to the management server 41. In the management server 41, processing similar to that shown in FIG. 2B is performed. That is, when the post-completion ID is transmitted from the user, in the management server 41, the data erasure management unit 42 receives this via the traffic control unit 47, and the data erasure management unit 42 stores the storage device ID stored in step S203. Is read from the processing information storage unit 45, and the storage device ID comparison unit 54 is compared with the storage device ID read out and the storage device ID included in the post-completion ID transmitted from the user (see step S121 / FIG. 2B). If the two IDs (storage device IDs) match, the data erasure management unit 42 reads the processing ID stored in step S204 from the processing information storage unit 45 and includes the read processing ID and the post-completion ID transmitted from the user. The process ID comparison unit 44 is compared with the process ID to be processed (steps S122 to S123). If these IDs (processing IDs) also match, an erasure certificate is issued assuming that the erasure process in the client PC 11 is successful (normally completed) (steps S124 to S125).

  As mentioned above, although embodiment of this invention was described, this invention is not limited to these, It is clear to those skilled in the art that a various change can be made within the range as described in a claim. .

  For example, in all of the above embodiments, the data erasure program is constituted by an erasure management program that operates on the default OS and an erasure execution program that starts in place of the default OS. For example, all data in the data area is erased. Instead, when only a specific file or folder is erased, the data erasure program can be limited to a program that operates on the default OS. The feature of the present invention is that it is possible to issue a process ID unique to the erasure process and confirm whether the erasure process by the data erasure program has been completely executed to the end. The data erasing process itself such as the procedure may be various in addition to the above.

  In the above-described embodiment, a PC having a BIOS and an MBR is described as an example of the user PC 11. However, the present invention is similarly applied to a user PC having a UEFI (Unified Extensible Firmware Interface) and a GPT (GUID partition table). Is possible. Furthermore, prior to the erasure process, the client transmits information to the management server and registers information related to the client PC to be erased and the storage device provided in the PC, and within a predetermined time period from the registration ( For example, the management server may determine that the deletion has failed unless the management server receives the ID after completion within 72 hours. In addition, the management server may perform a service for retrieving an erasure certificate from information related to the client PC so that the certificate can be browsed.

  The “computer” referred to in the present invention includes various computers such as a notebook PC, a desktop PC, and a tablet PC. Furthermore, in the first embodiment (FIG. 1), the communication control unit is not shown in the client PC 11, and in the second embodiment (FIG. 7), the input unit is not shown in the client PC 11. Of course, 41 may further include various configurations not shown.

  Also, unlike the second embodiment (second invention) in which erasure is initiated by the management server by sending an erasure command from the management server, in the first embodiment (first invention), the user unintentionally ( In order to eliminate the risk of performing an erasure process by mistake, for example, the computer (client PC) takes measures such as allowing a password to be entered before executing the data erasure process (erase process execution step). You can keep it.

10 Computer network (Internet)
11 Client PC (computer)
DESCRIPTION OF SYMBOLS 12 Erase process management part 13,49 Process ID production | generation part 14,50 Process ID encryption part 15 Process ID memory | storage part 16 Input part 17 Display part (display)
17a Display screen 18 Power control unit 19 Boot OS storage unit 20 BIOS
21 OS boot unit 22 Erase execution unit 23 Default OS
24, 43 Process ID decryption unit 25, 47 Communication control unit 26 Storage device ID storage unit 31 Smartphone 32 QR code (pre-execution ID)
33 Pre-execution ID
33a Encryption ID
33b, 35b Information identifying the client PC 33c Current date and time (hour and minute)
33d Erasing method designation information (information for specifying an erasing method to be executed)
34 QR code (ID after completion)
35 ID after completion
35a Process ID
35c Date and time (hour / minute) when erasure processing was completed
35d Erasing method designation information (information for specifying the executed erasing method)
41 Management Server 42 Data Erasing Management Unit 44 Processing ID Comparison Unit 45 Processing Information Storage Unit 46 Erasure Certificate Issuing Unit 48 Erase Instruction Issuing Unit 51 Pre-execution ID Generation Unit 52 Post-Complete ID Generation Unit 53 Erasing Method Storage Unit 54 Storage Device ID Comparison Section 61 Message confirming execution of erasure process 62 Erase execution button 63 Cancel button 64 Message indicating that erasure process is completed 65 Process completion date and time

Claims (26)

A data erasing method in which the computer performs a data erasing process for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device,
As a step performed by the computer before starting the data erasing process,
A process ID generating step for generating a process ID which is unique identification information capable of specifying the data erasure process;
A process ID encryption step for generating an encrypted ID obtained by encrypting the process ID;
A pre-execution ID generating step for generating a pre-execution ID including the encryption ID;
A pre-execution ID display step for displaying the pre-execution ID on the display device,
The data erasing method is performed as a step performed by the management server.
A pre-execution ID acquisition step of acquiring a pre-execution ID displayed on the display device;
A process ID decrypting step for decrypting the encrypted ID included in the acquired pre-execution ID,
The data erasing method includes an erasing process execution step in which the computer executes the data erasing process,
Further, as the steps performed by the computer after completion of the data erasing process,
A post-completion ID generation step for generating a post-completion ID including the process ID generated in the process ID generation step;
A post-completion ID display step of displaying the post-completion ID on the display device,
As a step performed by the management server,
A post-completion ID acquisition step of acquiring a post-completion ID displayed on the display device in the post-completion ID display step;
A process ID comparison step for comparing the process ID included in the post-completion ID acquired in the post-completion ID acquisition step with the process ID decrypted in the process ID decryption step;
A determination step of determining that the data erasure process is completed when the process ID acquired in the post-completion ID acquisition step matches the process ID decoded in the process ID decryption step. How to erase data. The data erasing method according to claim 1, wherein the pre-execution ID and the post-completion ID further include PC identification information that is information that can identify the computer. The pre-execution ID and the post-completion ID further include a storage device ID that is information that can identify the storage device,
In the data erasing method, the management server performs the following steps:
A storage device ID comparison step of comparing the storage device ID included in the pre-execution ID acquired in the pre-execution ID acquisition step with the storage device ID included in the post-completion ID acquired in the post-completion ID acquisition step ,
In the determination step, the data erasure process is completed when the storage device ID included in the pre-execution ID matches the storage device ID included in the post-completion ID in addition to the processing IDs matching The data erasing method according to claim 1 or 2, wherein the data erasing method is determined. The computer can execute two or more erasing methods as an erasing method for performing the data erasing process,
As a step performed by the computer before the start of the data erasing process, an erasing method display step for displaying the two or more erasing methods on the display device so that one of the two or more erasing methods can be selected. Further including
The data erasing method according to any one of claims 1 to 3, wherein the data erasing process in the erasing process executing step is performed by an erasing method selected in the erasing method display step. A data erasure program for causing the computer to perform data erasure processing for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device,
The data erasure program must
A process ID generating step for generating a process ID which is unique identification information capable of specifying the data erasure process;
A process ID encryption step for generating an encrypted ID obtained by encrypting the process ID;
A pre-execution ID generating step for generating a pre-execution ID including the encryption ID;
Causing the computer to perform a pre-execution ID display step of displaying the pre-execution ID on the display device;
The data erasure program, after completing the data erasure process,
A post-completion ID generation step for generating a post-completion ID including the process ID generated in the process ID generation step;
A data erasing program that causes the computer to perform a post-completion ID display step of displaying the post-completion ID on the display device. The data erasing program according to claim 4, wherein the pre-execution ID and the post-completion ID further include PC identification information that is information that can identify the computer. The data erasing program according to claim 5, wherein the pre-execution ID and the post-completion ID further include a storage device ID that is information that can identify the storage device. The computer can execute two or more erasing methods as an erasing method for performing the data erasing process,
The data erasing program is:
Before starting the data erasing process, the computer further includes an erasing method display step for displaying the two or more erasing methods on the display device so that one of the two or more erasing methods can be selected. As well as
The data erasing program according to any one of claims 5 to 7, which causes the computer to perform the data erasing process by an erasing method displayed and selected on the display device. A management server for managing data erasure processing for erasing data stored in the storage device of a computer having a storage device, a display device, an arithmetic processing device, and an input device,
The management server obtains a pre-execution ID generated by the computer before the start of the data erasure process and a post-completion ID displayed on the display device by the computer after the data erasure process is completed. Part
The pre-execution ID includes an encryption ID generated by the computer prior to the start of the data erasure process and encrypted by the computer as a process ID that is unique identification information that can identify the data erasure process.
The post-completion ID includes the processing ID,
The management server further includes:
A process ID decryption unit for decrypting the encryption ID included in the pre-execution ID acquired by the data erasure management unit;
A process ID comparison unit that compares the process ID decrypted by the process ID decryption unit and the process ID included in the post-completion ID acquired by the data erasure management unit;
The data erasure management unit has a process ID decrypted by the process ID decryption unit as a result of comparison by the process ID comparison unit, and a process ID included in the post-completion ID acquired by the data erasure management unit. A management server characterized by determining that the data erasure processing is completed when they match. The management server according to claim 7, wherein the pre-execution ID and the post-completion ID further include PC identification information that is information that can identify the computer. The pre-execution ID and the post-completion ID further include a storage device ID that is information that can identify the storage device,
The management server further includes a storage device ID comparison unit that compares a storage device ID included in the pre-execution ID and a storage device ID included in the post-completion ID,
The data erasure management unit performs data erasure processing when the storage device ID included in the pre-execution ID and the storage device ID included in the post-completion ID match in addition to the processing IDs matching The management server according to claim 9 or 10, wherein the management server determines that has been completed. Data erasure for erasing data stored in the storage device of a computer comprising a storage device, a display device, an arithmetic processing device, an input device, and a communication control unit enabling communication via a computer network A data erasing method in which the computer performs processing,
As a step that the management server performs before starting the data erasure process,
PC information acquisition step of acquiring and storing PC identification information that is information that can identify the computer;
A process ID generating step for generating a process ID which is unique identification information capable of specifying the data erasure process;
A process ID encryption step for generating an encrypted ID obtained by encrypting the process ID;
A pre-execution ID generating step for generating a pre-execution ID including the encryption ID;
An erasure command generating step for generating an erasure command including the pre-execution ID and instructing the computer to perform the data erasure process;
An erasure processing instruction step for transmitting the erasure command to a computer identified by the PC identification information stored in the PC information acquisition step;
While including
As the steps performed by the computer,
A process ID decrypting step of decrypting the encrypted ID included in the pre-execution ID received from the management server to obtain a process ID;
An erasing process executing step for executing the data erasing process;
A post-completion ID generation step for generating a post-completion ID including the process ID obtained in the process ID decryption step after completion of the data erasure process;
A post-completion ID display step for displaying the post-completion ID on the display device;
Further, as the step performed by the management server after completion of the data erasing process,
A post-completion ID acquisition step of acquiring a post-completion ID displayed on the display device in the post-completion ID display step;
A process ID comparison step for comparing the process ID included in the post-completion ID acquired in the post-completion ID acquisition step with the process ID generated in the process ID generation step;
A determination step of determining that the data erasure process is completed when the process ID acquired in the post-completion ID acquisition step matches the process ID generated in the process ID generation step. Erasing method. The data erasing method according to claim 12, wherein the post-completion ID further includes the PC specifying information. The data erasing method is:
As a step performed by the computer before the start of the data erasing process, the computer further includes a storage device ID storing step of storing a storage device ID that is information that can identify the storage device,
As the step performed by the management server before the start of the data erasure process, further includes a storage device ID acquisition step of acquiring and storing the storage device ID,
The post-completion ID further includes a storage device ID that is information that can identify the storage device,
The data erasing method is:
As the step performed by the management server, a storage device ID comparison step of comparing the storage device ID acquired in the storage device ID acquisition step with the storage device ID included in the post-completion ID acquired in the post-completion ID acquisition step. In addition,
In the determination step, in addition to the process IDs matching, the data erasure process when the storage device ID acquired in the storage device ID acquisition step matches the storage device ID included in the post-completion ID The data erasing method according to claim 12 or 13, wherein the data erasing method is determined to be completed. The computer can execute two or more erasing methods as an erasing method for performing the data erasing process,
The erasing command includes erasing method specifying information for specifying one of the two or more erasing methods,
The data erasing method according to any one of claims 12 to 14, wherein the data erasing process in the erasing process executing step is performed by an erasing method specified by the erasing method specifying information. Data erasure for erasing data stored in the storage device of a computer comprising a storage device, a display device, an arithmetic processing device, an input device, and a communication control unit enabling communication via a computer network A data erasure program for causing the computer to perform processing,
The data erasing program causes the computer to perform an erasing command receiving step of receiving an erasing command for instructing execution of data erasing processing from the management server,
The erasure command includes a pre-execution ID including an encryption ID obtained by encrypting a process ID which is unique identification information capable of specifying the data erasure process.
The data erasure program further includes:
A process ID decrypting step of decrypting an encrypted ID included in the pre-execution ID to obtain a process ID;
An erasing process executing step for executing the data erasing process;
A post-completion ID generation step of generating a post-completion ID including the process ID obtained in the process ID decryption step after completing the data erasure process;
A data erasing program that causes the computer to perform a post-completion ID display step of displaying the post-completion ID on the display device. The data erasing program according to claim 16, wherein the post-completion ID further includes PC identification information that is information that can identify the computer. The computer can execute two or more erasing methods as an erasing method for performing the data erasing process,
The erasing command includes erasing method specifying information for specifying one of the two or more erasing methods,
The data erasure program according to claim 16 or 17, wherein the data erasure program causes the computer to perform data erasure processing in the erasure processing execution step by an erasing method specified by the erasing method specifying information. Data erasure for erasing data stored in the storage device of a computer comprising a storage device, a display device, an arithmetic processing device, an input device, and a communication control unit enabling communication via a computer network A management server for managing processing,
A storage unit capable of storing PC identification information which is information capable of identifying the computer;
A process ID generating unit that generates a process ID that is unique identification information capable of specifying the data erasure process;
A process ID encryption unit for generating an encrypted ID obtained by encrypting the process ID;
A pre-execution ID generation unit that generates a pre-execution ID including the encryption ID;
An erasing command issuing unit that generates an erasing command that includes the pre-execution ID and instructs the computer to perform the data erasing process;
The erasure command is transmitted to the computer specified by the PC identification information stored in the storage unit, and a post-completion ID including a process ID displayed on the display device after the completion of the data erasure process is acquired. A data erasure management unit;
A process ID comparison unit that compares the process ID included in the post-completion ID acquired by the data management unit with the process ID generated by the process ID generation unit;
When the process ID included in the post-completion ID matches the process ID generated by the process ID generation unit as a result of the comparison by the process ID comparison unit, the data deletion management unit performs data deletion processing. A management server characterized in that it is determined that it has been completed. The management server according to claim 19, wherein the post-completion ID further includes the PC identification information. The post-completion ID further includes a storage device ID that is information that can identify the storage device,
The management server
A storage device ID storage unit that stores a storage device ID that is information that can identify the storage device;
A storage device ID comparing unit that compares the storage device ID stored in the storage device ID storage unit with the storage device ID included in the post-completion ID;
The data erasure management unit
Before sending the erasure command to the computer, the storage device ID is acquired in advance and stored in the storage device ID storage unit,
In addition to the coincidence of the process ID, when the storage device ID stored in the storage device ID storage unit matches the storage device ID included in the post-completion ID, the data erasing process is completed. The management server according to claim 19 or 20. The computer can execute two or more erasing methods as an erasing method for performing the data erasing process,
The management server according to any one of claims 19 to 21, wherein the erasing command further includes erasing method specifying information for designating one of the two or more erasing methods. When it is determined that the data erasure process is completed in the determination step, an erasure certificate including at least information for identifying a computer that has completed the data erasure process and information indicating that the data erasure process is completed is issued The data erasing method according to any one of claims 1 to 4 and 12 to 15, further comprising an erasing certificate issuing step. The data erasure method according to claim 23, wherein the erasure proof further includes information for specifying an erasure method for performing the data erasure processing. When the data erasure management unit determines that the data erasure process is completed, an erasure certificate including at least information for identifying the computer that has completed the data erasure process and information indicating that the data erasure process has been completed is issued The management server according to any one of claims 9 to 11 and 19 to 22, further comprising an erasure certificate issuing unit. The management server according to claim 25, wherein the erasure certificate further includes information for specifying an erasure method that has performed the data erasure process.

Images