JP2018139025A - Data erasing method, data erasing program, computer with data erasing program and data erasing management server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To quickly confirm and ensure that data erasing in a storage apparatus is performed reliably.SOLUTION: Provided is a data erasing method in which a management server determines that erasing of data to be erased is performed on a PC by overwriting information stored in a storage apparatus of the PC with data for erasing. The data for erasing is a random data string of which a part includes identification data stored in the management server in advance. After the PC overwrites the data for erasing to a storage area in the storage apparatus, the PC reads the identification data included in the data for erasing written in the storage area. The management server compares the identification data read from the storage apparatus with the identification data stored in the management server in advance, and determines that the data erasing is performed on the PC if both match. The identification data preferably includes first identification data arranged at a head part of the data for erasing and second identification data arranged at a tail part of the data for erasing.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a data erasing method, a data erasing program, a computer equipped with a data erasing program, and a data erasing management server, and in particular, erasing data by overwriting data specific to a computer storage device, and erasing is completed. The present invention relates to a technology for confirming and guaranteeing that the management server has performed.

  Today, personal computers (hereinafter referred to as “PCs”) are widely spread from government agencies, public institutions, private enterprises to individuals, and the leakage of information stored in storage devices has become a problem. This is because various kinds of information to be kept secret such as personal information and confidential information necessary for business are often stored in the storage device. For this reason, when disposing (disposing, selling, etc.) the PC, it is desirable to completely erase the data in the storage device.

  As a data erasing method, not only the file management information is deleted, but also binary “0” and “1” are overwritten in all storage areas of the storage device in order to delete the data body, Various software methods have been proposed, such as overwriting random data multiple times in order to erase the remnant magnetic surface traces.

  Further, there is the following patent document relating to the proposal of the present inventor relating to a technology for erasing data in a storage device.

JP 2007-316789 A JP 2014-115724 A

  By the way, in order to perform complete data erasure, the erasure method (reliability of the process itself in which the erased information is not restored) is also important, but the predetermined erasure process has been executed reliably and completely, that is, the information It is necessary that the processing is performed to the end of the entire storage area in which is stored without being interrupted.

  However, for example, when a PC used in business is disposed of, a professional supplier may be asked to delete data, but there are many cases where the deletion process is left to the PC user or in-house administrator. For this reason, there is actually an accident in which information is leaked to the outside without being erased due to carelessness, or without being completely performed from some accident and the data being left in the storage device. Has occurred.

  Therefore, confirming data erasure from the standpoint of an objective third party, not the person who owns or uses the PC, and providing a service that guarantees that the erasure has been performed reliably prevents information leakage. This is also meaningful from the viewpoint of reusing PC resources. Moreover, it is necessary to perform such erasure confirmation work efficiently in a short time. This is because the capacity of the storage device is expected to increase further in the future, and it is desirable to be able to cope with a storage device having a huge quantity as a whole society.

  On the other hand, the inventions described in the above-mentioned patent documents related to the proposal of the present inventor are all capable of remotely erasing data in a PC from a remote location when the notebook PC is misplaced or stolen. It is not intended to efficiently confirm and guarantee data erasure from a third-party standpoint.

  Accordingly, it is an object of the present invention to be able to quickly and efficiently confirm and guarantee that data has been securely erased from a storage device.

  In order to solve the above-mentioned problems and achieve the object, a data erasing method according to the present invention erases information stored in a storage device of a computer by overwriting it with erasing data. The management server determines what has been done in step (b). In the present invention, the “storage device” does not indicate a main storage device (main memory) but means an auxiliary storage device (recording device) such as a hard disk drive (HDD) or a solid state drive (SSD). .

  The erasing data is a random data string that partially includes identification data stored in advance in the management server. The data erasing method includes, as the steps executed by the computer, an erasing step of erasing information stored in the storage area by overwriting the erasing data in the storage area of the storage device, and the erasing step. And a reading step of reading the identification data included in the erasing data written in the storage area.

  Further, as the steps executed by the management server, the identification data read from the storage device in the reading step is compared with the identification data stored in advance in the management server, and the comparison step reads from the storage device. And a determination step of determining that the data erasure has been executed by the computer when the issued identification data matches the identification data stored in advance in the management server.

  While it is known that erasing by overwriting with random data can reduce the recoverability of the erased data and improve safety, such processing is performed and overwriting processing is performed. It can be expected that it will take a very long time if it is attempted to check whether or not the recording has been completed over the entire area of the storage device. Moreover, the longer the storage capacity, the longer the time required for work. In particular, when considering a service that certifies erasure (for example, an issuance of a certificate from an objective standpoint) from a third-party standpoint (for example, an industry group or public institution) It is anticipated that it will be necessary to perform a confirmation operation on the storage device.

  Therefore, in the data erasing method of the present invention, the data erasing is performed by overwriting the erasing data that is a random data string, and the erasing data includes identification data that is a specific data string, After the erasing process is performed by the computer that is the processing target, the identification data is read out and provided to the management server. The management server stores the identification data in advance, and the management server compares the identification data read from the computer that has been erased with the identification data stored in advance in the management server. It is determined that the data erasure has been completed by confirming that they match.

  It should be noted that since there is a possibility that an error may occur when writing the erasure data to the storage device or reading the identification data from the storage device, the “match” of the identification data in the present invention is completely The management server determines that both pieces of identification data coincide with each other if they coincide with a predetermined value or more (for example, 90% or more or 95% or more) in comparison between identification data. This fixed value (how much matching is determined as matching) may be set in the management server in advance.

  In the comparison / confirmation work as described above, it is not necessary to handle all of the data overwritten on the storage device, but only the identification data is compared. Therefore, the operation can be performed quickly even if the storage device has a large capacity. Therefore, it is possible to efficiently cope with a huge amount of storage devices.

  The number and location of identification data in the erasure data are not particularly limited. Regardless of how many (sets) of identification data are included in the erasure data, the identification data is arranged in any position of the erasure data. You may do it. However, as a preferred embodiment, identification data is arranged at the beginning and the end of the erasing data. The management server confirms that the first identification data (first identification data) is normally written at the beginning of the erasing data and the second identification data (second identification data) is normally written at the end. This is because it can be estimated that all of the erasure data is overwritten in the storage device and the data erasure is performed over the entire area (from the beginning to the end).

  In order to further increase the reliability of such estimation (determination by the management server), in addition to the first identification data and the second identification data, one or more similar identification data are further included in the intermediate portion of the erasing data. However, it may be stored in advance in the management server, and after the erasure process is completed, the identification data of these intermediate portions may also be read from the storage device and the same comparison confirmation work may be performed in the management server.

  Any part of the erasing data other than the identification data is not particularly limited. Typically, random number data is used as in an embodiment described later, but other data may be used.

  In addition, the erasure data is a data string with no regularity, and therefore, the number of overwrites to the storage device can be sufficiently ensured by one time (depending on the required security level, general business PCs and personal However, when a high security level is required, overwriting may be performed a plurality of times in order to further improve safety (determination certainty). In the case of overwriting a plurality of times, for example, a different data string (for example, a random data string) may be written in each writing operation, and the erasing data including the identification data may be overwritten in the last writing operation.

  The area to which the erasure data is written can be a storage area where the data is desired to be erased for the storage device, for example, the entire data area as in the embodiment described later. In this case, for example, the first sector (or the number from the beginning of the data area) Overwrite the first identification data in the sector / same as above, the second identification data in the last sector (or the last few sectors / same below), and random data in all sectors between the first sector and the last sector. (Overwrite the entire data area so that it is filled with erasure data). In the confirmation of erasure, identification data is read from the first sector and the last sector and provided to the management server, and the management server may compare these identification data with the identification data stored in the management server. As a result, it can be confirmed that data erasure has been performed for all sectors in the data area.

  The storage area desired to be erased can include a hidden area such as a protected area (HPA) in addition to the data area (the hidden area is also subject to data erasure). An erasure execution program (erase OS in the embodiment described later) for writing data and erasing data may be stored in another hidden area that is not an erasure target. Further, in the case where the storage device of the computer is an SSD equipped with the “Secure Erase” function, the computer (erase OS in the embodiment described later) includes identification data after the data is erased by the “Secure Erase” function. What is necessary is just to perform an overwriting process further by the data for deletion.

  In order for the management server to obtain the identification data read from the computer (storage device) related to the erasure process, typically, the computer (erase OS) is managed via the communication line (computer network) as in the embodiment described later. This can be done by sending to, but other methods are possible. For example, the computer (erase OS) may store the identification data in a storage medium such as a CD, DVD, or flash memory loaded in the computer. In this case, the provision of the identification data to the management server is performed by the user. May send the storage medium, or read the identification data from the storage medium using another computer, and transmit the identification data from the other computer to the management server.

  The data erasure program, the computer, and the data erasure management server according to the present invention have the same features as the data erasure method.

  Specifically, the data erasure program according to the present invention is a data erasure program for erasing data by overwriting information stored in a computer storage device with erasure data. A random data string that includes a part of the identification data stored in advance in the server, and the data erasure program stores the erasure data in the storage area by overwriting the storage area of the storage device. An erasing step for erasing the stored information and a reading step for reading the identification data included in the erasing data written in the storage area in the erasing step are performed by the computer.

  In addition, the data erasing program is configured to transmit the identification data read in the reading step to the management server, and when the identification data read in the reading step matches the identification data stored in advance in the management server. The computer may further have an erase certificate receiving step of receiving an erase certificate issued by the management server from the management server through a computer network.

  A computer according to the present invention includes the data erasing program according to the present invention.

  Furthermore, the data erasure management server according to the present invention erases data stored in a computer storage device by overwriting it with erasure data, which is a random data string including identification data in part. Is a management server for determining what has been performed by the computer, a verification data storage unit for storing the identification data, and identification data read from the storage device after data is erased by the computer The identification data stored in the read data storage unit is verified by comparing the identification data stored in the read data storage unit with the identification data stored in the verification data storage unit. A data erasure determination unit that determines that data erasure has been performed when it matches the identification data stored in the data storage unit. To have.

  Also in the data erasure program and the data erasure management server, as in the data erasure method, the identification data is preferably provided at the first identification data arranged at the beginning of the erasure data and at the end of the erasure data. Second identification data to be arranged.

  Further, in the data erasure management server and the data erasure method, when the management server determines that the data erasure is executed, the management server issues an erasure certificate indicating that the data erasure has been performed. good. This is to show that data erasure has been completed from an objective third-party perspective.

  Specifically, the data erasing method according to the present invention includes a certificate issuance step in which the management server issues the erasure certificate. The data erasure management server according to the present invention further includes an erasure certificate issuing unit that issues the erasure certificate when the data erasure determination unit determines that data erasure has been performed.

  The erasure certificate includes, for example, information identifying the computer (model name, model number, serial number, etc.), information identifying the storage device (model name, model number, serial number, etc.), storage device capacity, and erasure method. Information such as the information to be shown, the number of overwriting, and the date (year / month / day / time, etc.) when the data was erased can be included.

  In such an aspect of issuing an erasure certificate, the computer transmits identification data to the management server (data erasure management server) after the data erasure is completed, and the management server transmits the erasure certificate to the computer. Anyway.

  That is, in the data erasing method according to the aspect, the identification data read step in which the computer transmits the identification data read in the read step to a management server through a computer network, and the erase certificate issued in the certificate issuance step A certificate sending step that the management server sends to the computer through a computer network.

  The data erasure management server according to this aspect receives the identification data transmitted from the computer through a computer network, and transmits the erasure certificate issued by the erasure certificate issuing unit to the computer through the computer network. And a proof request receiving unit.

  According to the present invention, it is possible to quickly and efficiently confirm and guarantee that data erasure in a storage device has been reliably performed.

  Other objects, features, and advantages of the present invention will become apparent from the following description of embodiments of the present invention described with reference to the drawings. In addition, in each figure, the same code | symbol shows the same or an equivalent part.

FIG. 1 is a block diagram showing a data erasing system (particularly the configuration of a user PC) according to an embodiment of the present invention. FIG. 2 is a block diagram showing the user PC and the management server in the embodiment as understood from the functional aspect. FIG. 3 is a diagram showing an example of erasing data (displayed in decimal number) in the embodiment. FIG. 4 is a flowchart showing data erasure processing of the user PC in the embodiment. FIG. 5 is a flowchart showing processing of the management server in the embodiment.

  As shown in FIG. 1, a data erasing system according to an embodiment of the present invention includes a computer (user PC / hereinafter sometimes simply referred to as “PC”) 11 having a data erasing function according to the present invention, and a management server. 31, the management server 31 confirms this after executing the data erasure by the PC 11, and the management server 31 issues an erasure certificate that proves that the data erasure is surely performed. The management server 31 can confirm data erasure and issue an erasure certificate for a plurality of PCs respectively owned by a plurality of users, but only one PC 11 is shown in the figure.

  The user PC 11 includes an arithmetic processing unit (CPU) 1, a main storage device (main memory composed of RAM (Random Access Memory)) 2, and a nonvolatile memory (BIOS ROM) storing a BIOS program, which are connected to each other via a bus 6. ) 16, an auxiliary storage device (storage device referred to in the present invention) 3 comprising a hard disk drive (HDD), a network communication control unit (network interface) 25 that enables connection to the Internet 10, and a keyboard and a mouse. It has the input device 4 and the display 5 which is a display device.

  The HDD 3 is a boot disk, and can store an MBR (Master Boot Record) which is the first sector read first when the PC 11 is booted, a default OS (OS booted by default), an application program, data, and the like. It has a data area and a protected area that is hidden from the default OS and inaccessible from the default OS. In this example, the data area of the HDD 3 is shown as a single area, but it may be divided into a plurality of partitions, and as described above, all partitions may be subject to data erasure or only a part thereof. It is also possible to set the target partition for data erasure.

  The MBR stores a boot loader (start program) for starting the OS. The data area stores various data including, for example, a default OS such as Windows (registered trademark), Mac OS, or Linux (registered trademark), various application programs operating on the default OS, and data created by the user. Is done. The protection area is called an HPA (Host Protected Area) or the like, and is an area protected at the BIOS level. In this protection area, an erasure execution program (hereinafter referred to as “erase OS”) for erasing data. Is stored.

  The erasure OS constitutes a data erasure program according to the present invention together with an erasure management program stored in the data area. The erasure OS executes data erasure (write of erasure data) and erases data to the management server 31. Request a certificate. On the other hand, the erasure management program performs user registration with the management server 31, acceptance of data erasure through the input device 4, switching of the OS (switching from the default OS to the erasure OS), and the like. Note that the operations and processing by these programs will be described in detail later.

  FIG. 2 is a block diagram in which the PC 11 is grasped from the functional aspect. As shown in this figure, the PC 11 in this embodiment includes a registration setting unit 12 for performing user registration with the management server 31, a user ID for identifying the user, and information for identifying the PC 11 (model name / model number / manufacturing number). ), An ID storage unit 13 for storing information on the HDD (model name, model number, serial number, storage capacity), an erasure command detection unit 14 for detecting a data erasure instruction input through the input device 4, and a power source of the PC 11 A power control unit 15 that controls the BIOS, a BIOS 16, an OS boot unit 17, a boot OS storage unit 18, a default OS 19, a data erasure unit 20, and an erasure data generation unit 21 that generates erasure data An identification data storage unit 22 that stores data, a random number generation unit 23 that generates random numbers, an erasure certification request unit 24 that requests the management server 31 for erasure certification, an interface And a network communication control unit 25 is a communication interface of the net 10.

  The BIOS 16 includes a BIOS program stored in the above-described nonvolatile memory, and the OS boot unit 17 is configured by the boot loader. The boot OS storage unit 18 is configured by a partition table in the MBR, and the registration setting unit 12 and the erase command detection unit 14 are realized by an erase management program. The data erasure unit 20, the erasure data generation unit 21, the identification data storage unit 22, the random number generation unit 23, and the erasure certification request unit 24 are configured by an erasure OS.

  As shown in FIG. 1, both the default OS and the erase management program (erase command detection unit 14 and the like) are stored in the data area of the HDD 3, and the erase OS (data erase unit 20 and the like) are stored in the protection area of the HDD 3. However, FIG. 2 shows the HDD 3 as one block separately from these units in order to show the function of the erase OS for erasing the data area of the HDD 3.

  On the other hand, the management server 31 includes a registration receiving unit 32 that accepts user registration, a user information storage unit 33 that stores information on the user and the PC / storage device that is the target of data deletion, and an erasure certification request transmitted from the user PC 11. A proof request receiving unit 34 for receiving data, a read data storage unit 35 for storing identification data read from the HDD 3 after completion of data erasure and transmitted from the user PC 11 together with the erasure proof request, and identification data (first identification data and first identification data). Two identification data), a data erasure determination unit 37 for comparing the identification data stored in the read data storage unit 35 with the identification data stored in the verification data storage unit 36, An erasure certificate issuing unit 38 for issuing an erasure certificate, and an Internet communication interface And a network communication control unit 39.

[Introduction and user registration]
When using the service provided by the system of this embodiment, the data erasure program (erase management program and erasure execution program) is installed in advance on the PC 11 that is the target of data erasure. This installation may be performed by the user himself / herself after purchasing the PC 11 or may be performed by the manufacturer before the PC 11 is sold (pre-installed).

  The user performs user registration with the management server 31. Specifically, the user transmits user information to the management server 31 through the computer network 10 via the input device 4 and the registration setting unit 12. This user information includes a user name, information about the PC 11 (model name / model number / manufacturing number), and information about the HDD 3 (model name / model number / manufacturing number / storage capacity). The registration setting unit 12 reads each piece of information related to the PC 11 and the HDD 3 from the ID storage unit 13 for user registration, and provides the information to the management server 31.

  In the management server 31, the registration receiving unit 32 receives the user registration, issues a user ID and transmits it to the user PC 11, and stores the user information in the user information storage unit 33 in association with the user ID. The user ID transmitted to the user PC 11 is stored in the IC storage unit 13 by the registration setting unit 12.

[Executing data]
Data deletion in the user PC 11 is performed by restarting the PC 11 and starting the deletion OS instead of the default OS 19 when the PC 11 is restarted. 4 shows a startup sequence of the PC 11, and FIG. 5 shows a procedure in which the management server 31 that has received a request for erasure from the user PC 11 issues an erasure certificate. This embodiment also refers to these figures. An erasing process by the system will be described.

  First, when the power of the PC 11 is turned on (step S101), the BIOS program executes POST (Power On Self Test / initialization processing) according to a normal boot sequence, and searches for a boot drive (HDD3 in this embodiment). After that, the boot loader (start program / OS start unit) in the MBR is loaded into the main storage device (RAM) 2 (step S102). The BIOS 16 transfers control to the boot loader, and the boot loader (OS activation unit 17) determines an OS to be activated with reference to the partition table (activation OS storage unit 18) in the MBR (step S103). At this time, since the default OS 19 is activated in the partition table, the boot loader (OS startup unit 17) starts the default OS (for example, Windows (registered trademark)) 19 (step S104).

  When the default OS 19 is activated, the erasure management program according to the present invention can be launched. When the user starts up the erasure management program (step S105) and commands execution of data erasure through the input device 4, the erasure command detection unit 14 detects this command (step S106). Upon receiving the erase command, the erase command detection unit 14 rewrites the boot OS storage unit 18 (MBR partition table) so that the erase OS becomes active instead of the default OS 19 (step S107), and then passes through the power control unit 15. The PC 11 is forcibly terminated and restarted (step S108).

  When the PC 11 is restarted, the BIOS program 16 again executes POST, searches for the startup drive (HDD 3), and then loads the boot loader (OS startup unit 17) in the MBR (step S102). The BIOS 16 transfers control to the boot loader 17, and the boot loader (OS activation unit 17) determines an OS to be activated with reference to the partition table (activation OS storage unit 18) in the MBR (step S103). At this time, in the partition table, since the erase OS is activated by rewriting by the erase management program (erase instruction detection unit 14), the boot loader 17 starts the erase OS (step S109).

  When the erasure OS is activated, the data erasure unit 20 determines whether data erasure has already been performed (step S110). If data erasure has not yet been performed, the entire data area (from the first sector to the last sector) is determined. All the information in the data area of the HDD 3 is erased by overwriting the erasing data (up to the sector) (step S111). If data erasure has already been performed, the erasure certificate is displayed on the display 5 to indicate that the PC 11 has already completed data erasure (step S115). If data erasure has already been performed, the erasure certificate is stored in the data area as described later (step S114), and the data erasure unit 20 determines whether the erasure certificate is stored in the HDD 3. Whether or not data erasure has been completed is determined based on whether or not the data has been deleted.

  FIG. 3 shows an example of the erasure data (displayed in decimal number). As shown in this figure, the erasure data includes the first identification data (“0478153493” in this example) at the head portion and the second identification data (“96367758138” in this example) at the tail portion. The intermediate part (between the first identification data and the second identification data) is composed of random number data. The first identification data and the second identification data are both random data having no regularity, and are composed of different data strings.

  The first identification data and the second identification data are stored in advance in the identification data storage unit 22, and the random number data is generated by the random number generation unit 23. The erasure data generation unit 21 sequentially erases the first identification data read from the identification data storage unit 22, the random number data generated by the random number generation unit 23, and the second identification data read from the identification data storage unit 22. Provided to part 20. The data erasure unit 20 erases the information in the data area by overwriting the data obtained from the erasure data generation unit 21 in order from the top of the data area.

  Note that the number of times of erasure data writing (overwriting number) is one in this embodiment, but a plurality of times of writing may be performed in order to increase the security level (determination of erasure). In this case, for example, the erasure data composed only of the random number data generated by the random number generator 23 may be written once or more, and the erasure data including the identification data may be written in the last write operation. .

  When the data erasure unit 20 writes the erasure data in the entire data area (when the second identification data has been written), the data erasure unit 20 reads the first identification data and the second identification data from the data area, 24 (step S112). The erasure certification request unit 24 reads the user ID and information about the PC 11 (model name / model number / manufacturing number) and information about the HDD 3 (model name / model number / manufacturing number / storage capacity) from the ID storage unit 13 and stores them in the data Along with the first identification data and the second identification data obtained from the erasing unit 20, the erasure certification request is transmitted to the management server 31 via the network communication control unit 25 and the Internet 10 (step S113).

  In the management server 31, the certification request receiving unit 34 receives the erasure certification request via the network communication control unit 39. The certification request reception unit 34 searches the user information storage unit 33 using the user ID included in the erasure certification request as a clue, and information (model name / model number / manufacturing) related to the PC 11 and the HDD 3 stored in the user information storage unit 33. (Number / storage capacity) is read, and information (model name / model number / manufacturing number / storage capacity) related to the PC 11 and HDD 3 included in the erasure certification request is stored in the user information storage unit 33 at the time of user registration. And the information regarding the HDD 3 are confirmed (step S201 in FIG. 5).

  If the information regarding the PC 11 and the HDD 3 does not match, the certification request accepting unit 34 notifies the user PC 11 that the certification request is not accepted (step S207). On the other hand, when the information regarding the PC 11 and the HDD 3 coincides, the certification request reception unit 34 stores the first identification data and the second identification data included in the erasure certification request in the read data storage unit 35 (step). In step S202, the data erasure determination unit 37 is requested to perform data erasure determination.

  In response to this request, the data erasure determination unit 37 reads the first identification data and the second identification data from the read data storage unit 35 and the verification data storage unit 36, respectively, and stores them in the read data storage unit 35. The identification data and the first identification data stored in the verification data storage unit 36 are compared, and the second identification data stored in the read data storage unit 35 and the verification data storage unit 36 are stored. The second identification data is compared (step S203).

  If the first identification data and the second identification data coincide with each other as a result of the comparison, the erasure certificate issuing unit 38 is notified that the data erasure has been successful, and the erasure certificate issuing unit 38 issues an erasure certificate. (Steps S204 to S205). The “match” of the identification data does not mean a complete (100%) match in consideration of a write error at the time of data erasure and a read error of the identification data after the erasure, but a predetermined constant value. As described above, it is determined that “match” is satisfied if the values match (for example, 90%) or more.

  The erasure certificate issued by the erasure certificate issuing unit 38 is stored in the user information storage unit 33 by the certification request receiving unit 34 and transmitted to the user PC 11 (step S206). The erasure certificate includes information on the PC 11 (model name / model number / manufacturing number), information on the storage device 3 related to data erasure (model name / model number / manufacturing number / storage capacity), and information indicating the erasing method executed. Include information such as the number of overwrites and the date (year / month / day / time) of the erasure certificate.

  On the other hand, if the two identification data do not match (step S204), the erasure certificate issuing unit 38 does not issue an erasure certificate, and the data erasure determination unit 37 notifies the proof request accepting unit 34 that the data erasure has failed. The certification request accepting unit 34 notifies the user PC 11 to that effect (step S208).

  In the user PC 11 that has received the erasure certificate, the erasure certificate request unit 24 stores the erasure certificate in the data area of the HDD 3 via the data erasure unit 20 (step S114 in FIG. 4), and the erasure certificate is erased. The unit 20 displays on the display 5 (step S115), indicating that the confirmation of data erasure has been completed.

  According to the system of the present embodiment, for example, a third party such as an industry group or a public organization operates the management server 31 to confirm data erasure from an objective third party's point of view. It is possible to certify and guarantee that data erasure has been completed. By obtaining such a certificate, the user / administrator of the PC 11 can dispose of the PC 11 with confidence and dispose of it.

  In addition, the determination work in the management server 31 does not need to check all the erasure data corresponding to the entire capacity of the erasure area (storage device), and it is only necessary to compare the identification data arranged at a specific location. Therefore, it is possible to make an efficient determination in a short time, and it is possible to respond quickly even if a large number of users request deletion certification for a large number of PCs 11. Therefore, it can contribute to promotion of recycling of the PC 11 while preventing information leakage.

  As mentioned above, although embodiment of this invention was described, these show an example of the concrete structure and processing procedure of this invention, and this invention is not limited to the said embodiment. It will be apparent to those skilled in the art that the present invention can take various forms other than those described above and that various modifications can be made within the scope of the claims.

  For example, in the above-described embodiment, the PC having the BIOS and the MBR is described as an example of the user PC 11. However, the present invention is similarly applied to a user PC having a UEFI (Unified Extensible Firmware Interface) and a GPT (GUID partition table). Is possible.

1. Arithmetic processing unit (CPU)
2 Main memory (main memory)
3 Auxiliary storage device (hard disk drive)
4 Input device 5 Display 6 Bus 10 Computer network (Internet)
11 User PC (computer)
12 Registration Setting Unit 13 ID Storage Unit 14 Erase Instruction Detection Unit 15 Power Supply Control Unit 16 BIOS
17 OS boot unit 18 Boot OS storage unit 19 Default OS
DESCRIPTION OF SYMBOLS 20 Data erasure | elimination part 21 Deletion data generation part 22 Identification data storage part 23 Random number generation part 24 Erase certification request part 25,39 Network communication control part 31 Management server 32 Registration reception part 33 User information storage part 34 Certification request reception part 35 Reading Data storage unit 36 Verification data storage unit 37 Data erasure determination unit 38 Erasure certificate issue unit

Claims (12)

A data erasing method in which a management server determines that data erasing is performed by erasing data by erasing data stored in a computer storage device by overwriting with the erasing data.
The erasure data is a random data string that partially includes identification data stored in advance in the management server,
The data erasing method is:
As the steps executed by the computer,
An erasing step of erasing the information stored in the storage area by overwriting the erasing data in the storage area of the storage device;
And a reading step of reading out the identification data included in the erasing data written in the storage area in the erasing step, and
As the step executed by the management server,
A comparison step of comparing the identification data read from the storage device in the reading step with identification data stored in advance in the management server;
A determination step of determining that the computer has performed data erasure when the identification data read from the storage device matches the identification data stored in advance in the management server in the comparison step. A data erasing method characterized by the above. The identification data is
First identification data arranged at the top of the erasing data;
The data erasing method according to claim 1, further comprising: second identification data arranged at a last part of the erasing data. 3. The certificate issuing step according to claim 1, further comprising: a certificate issuing step in which the management server issues an erasure certificate indicating that data erasure has been performed when it is determined in the determination step that data erasure has been executed. Data erasing method. An identification data transmission step in which the computer transmits the identification data read in the reading step to the management server through a computer network;
The data erasing method according to claim 3, further comprising: a certificate transmission step in which the management server transmits the erasure certificate issued in the certificate issuance step to the computer through the computer network. A data erasing program for erasing information by overwriting information stored in a computer storage device with erasing data,
The erasing data is a random data string that partially includes identification data stored in advance in the management server,
The data erasing program is:
An erasing step of erasing the information stored in the storage area by overwriting the erasing data in the storage area of the storage device;
A data erasing program that causes the computer to perform a reading step of reading the identification data included in the erasing data written in the storage area in the erasing step. The identification data is
First identification data arranged at the top of the erasing data;
The data erasing program according to claim 5, further comprising: second identification data arranged at the last part of the erasing data. An identification data transmission step of transmitting the identification data read in the reading step to the management server through a computer network;
An erasure certificate receiving step for receiving an erasure certificate issued by the management server from the management server through the computer network when the identification data read in the reading step matches the identification data stored in advance in the management server. The data erasing program according to claim 5 or 6, further causing the computer to perform the following. A computer comprising the data erasing program according to any one of claims 5 to 7. It is determined that data erasure is performed by erasing the information stored in the computer storage device by overwriting the erasure data, which is a random data string including identification data in part. A management server,
A verification data storage unit for storing the identification data;
A read data storage unit for storing identification data read from the storage device after the data is erased by the computer;
The identification data stored in the read data storage unit is compared with the identification data stored in the verification data storage unit, and the identification data stored in the read data storage unit is stored in the verification data storage unit. A data erasure management server, comprising: a data erasure determination unit that determines that the data erasure has been performed when the identification data matches. The identification data is
First identification data arranged at the top of the erasing data;
The data erasure management server according to claim 9, further comprising: second identification data arranged at a last part of the erasure data. The data according to claim 9 or 10, further comprising an erasure certificate issuing unit that issues an erasure certificate indicating that data erasure has been performed when the data erasure determination unit determines that data erasure has been performed. Erase management server. A certificate request accepting unit for receiving the identification data transmitted from the computer through a computer network and transmitting the erase certificate issued by the erase certificate issuing unit to the computer through the computer network. 11. A data erasure management server according to 11.

Images