JP2023157292A - Electronic device, system, and method of erasing data stored in storage device of electronic device - Google Patents

Abstract

To reliably notify server equipment of an erase result of a storage device.SOLUTION: A client device 1 erases data stored in a storage device 13 and displays a 2D barcode including erase completion information on a display device 16. A user terminal device 4 picks up an image of the 2D barcode, extracts the erase completion information from the 2D barcode, and transmits the erase completion information to a piece of server equipment 2. The server equipment 2 receives the erase completion information from the user terminal device 4, and reads a keyword from a storage device 23, and transmits the keyword to the user terminal device 4. The user terminal device 4 receives the keyword from the server equipment 2, and displays the keyword on a display device 46. The client device 1 acquires a keyword input via an input device 17, and when the keyword input via input device 17 matches the keyword stored in a storage device 14, shut down the client device 1.SELECTED DRAWING: Figure 1

Description

The present disclosure relates to an electronic device, a system, and a method of erasing data stored in a storage device of an electronic device.

When an organization such as a company disposes of an electronic device such as a personal computer, it is required to erase the data stored in the storage device in order to avoid leakage of confidential business information.

Patent Document 1 discloses a data erasing method in which a computer performs a data erasing process for erasing data stored in a memory device of a computer including a memory device, a display device, an arithmetic processing device, and an input device.

Japanese Patent Application Publication No. 2018-136778

If an organization manages a large number of electronic devices, it may be required to report the results of storage device erasure to an administrator (e.g., a server device accessible by the administrator) after data erasure is complete. be. However, due to the condition of the communication line between the electronic device including the storage device to be erased and the server device, the condition of the user who can access the electronic device including the storage device to be erased, etc. Notification is not always guaranteed. Therefore, it is required to notify the server device of the erasure result more reliably than in the past.

The present disclosure provides a system for erasing data stored in a storage device of an electronic device, and a system that can notify a server device of the result of erasing the storage device more reliably than before. The present disclosure also provides a method of operating such a system. Further, the present disclosure provides an electronic device that can notify a server device of the result of erasing a storage device more reliably than before.

A system according to one aspect of the present disclosure is a system for erasing data stored in a storage device of at least one electronic device, and the system includes at least one electronic device, a server device, and a terminal device. . The electronic device includes a first storage device that stores data to be erased, a second storage device that stores a first keyword, a first display device, and a first input device. The server device includes a third storage device that stores the second keyword. The terminal device includes a photographing device and a second display device. The electronic device erases the data stored in the first storage device, and displays a graphic code including erasure completion information on the first display device indicating that erasure of the data stored in the first storage device is completed. indicate. The terminal device photographs the graphic code using a photographing device, extracts erasure completion information from the graphic code, and transmits the erasure completion information to the server device. The server device receives the erasure completion information from the terminal device, reads the second keyword from the third storage device, and transmits the second keyword to the terminal device. The terminal device receives the second keyword from the server device and displays the keyword on the second display device. The electronic device obtains a second keyword input via the first input device, and the electronic device obtains a second keyword input via the first input device from the first keyword stored in the second storage device. If the keyword matches, shut down the electronic device.

According to the system according to one aspect of the present disclosure, it is possible to notify the server device of the erase result of the storage device more reliably than before.

FIG. 1 is a schematic diagram showing the configuration of a system 100 according to a first embodiment. 2 is a block diagram showing the configuration of the client device 1 in FIG. 1. FIG. 2 is a block diagram showing the configuration of a server device 2 in FIG. 1. FIG. 2 is a block diagram showing the configuration of an administrator device 3 in FIG. 1. FIG. 2 is a block diagram showing the configuration of a user terminal device 4 in FIG. 1. FIG. 3 is a schematic diagram showing functional blocks of a firmware program 50 and an erase application program 70 executed by the processor 11 of FIG. 2. FIG. 2 is a schematic diagram for explaining the distribution of keywords in the system 100 of FIG. 1. FIG. 3 is a flowchart showing the registration process of the client device 1 by the erasure application program 70 executed by the processor 11 of FIG. 2. FIG. 4 is a flowchart showing the registration process of the server device 2 by the erasure application program 92 executed by the processor 21 of FIG. 3. FIG. 4 is a diagram showing exemplary contents of a management table stored in memory 22 or storage device 23 in FIG. 3. FIG. 3 is a flowchart showing erasing processing of the client device 1 by an erasing application program 70 executed by the processor 11 of FIG. 2. FIG. 3 is a flowchart showing erasing processing of the client device 1 by a firmware program 50 executed by the processor 11 of FIG. 2. FIG. 4 is a flowchart showing erasure processing of the server device 2 by an erasure application program 92 executed by the processor 21 of FIG. 3. FIG. 13 is a diagram showing the content displayed on the display device 16 of the client device 1 in step S39 of FIG. 12. FIG. 14 is a diagram showing the content displayed on the display device 46 of the user terminal device 4 after the keyword is transmitted from the server device 2 to the user terminal device 4 in step S60 of FIG. 13. FIG. FIG. 2 is a sequence diagram showing the operation of the system 100 in the case where erasure result information is successfully transmitted via the communication line 6 in the system 100 of FIG. 1. FIG. FIG. 2 is a sequence diagram showing the operation of the system 100 in the case where transmission of erasure result information via the communication line 6 fails in the system 100 of FIG. 1. FIG. FIG. 7 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the second embodiment. 12 is a flowchart illustrating the erasing process of the client device 1 by the erasing application program 70 executed by the processor 11 of the client device 1 according to the second embodiment. 12 is a flowchart showing erasing processing of the client device 1 by the firmware program 50 executed by the processor 11 of the client device 1 according to the second embodiment. 12 is a flowchart showing erasure processing of the server device 2 by an erasure application program 92 executed by the processor 21 of the server device 2 according to the second embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 in a case where erasure result information is successfully transmitted via the communication line 6 in the system 100 according to the second embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 in the case where transmission of erasure result information via the communication line 6 fails in the system 100 according to the second embodiment. FIG. 6 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the first modification of the second embodiment. It is a figure which shows the content displayed on the display device 26 of the server apparatus 2 based on the 1st modification of 2nd Embodiment. 11 is a flowchart illustrating erasure processing of the server device 2 by an erasure application program 92 executed by the processor 21 of the server device 2 according to a second modification of the second embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 when the erasure result information is successfully transmitted via the communication line 6 in the system 100 according to the second modification of the second embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 when transmission of erasure result information via the communication line 6 fails in the system 100 according to the second modification of the second embodiment. It is a figure which shows the exemplary content of the keyword table stored in the memory 22 or the storage device 23 of the server apparatus 2 based on the 2nd modification of 2nd Embodiment. FIG. 7 is a diagram showing another exemplary content of the keyword table stored in the memory 22 or storage device 23 of the server device 2 according to the second modification of the second embodiment. FIG. 7 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the third embodiment. 12 is a flowchart showing the erasing process of the client device 1 by the erasing application program 70 executed by the processor 11 of the client device 1 according to the third embodiment. 12 is a flowchart illustrating erasure processing of the server device 2 by an erasure application program 92 executed by the processor 21 of the server device 2 according to the third embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 in a case where erasure result information is successfully transmitted via the communication line 6 in the system 100 according to the third embodiment. FIG. 7 is a sequence diagram showing the operation of the system 100 in the case where transmission of erasure result information via the communication line 6 fails in the system 100 according to the third embodiment. FIG. 7 is a diagram showing exemplary contents of a keyword table stored in the memory 22 or storage device 23 of the server device 2 according to the third embodiment. FIG. 7 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the first modification of the third embodiment.

Hereinafter, embodiments will be described in detail with reference to the drawings as appropriate. However, more detailed explanation than necessary may be omitted. For example, detailed explanations of well-known matters or redundant explanations of substantially the same configurations may be omitted. This is to avoid unnecessary redundancy in the following description and to facilitate understanding by those skilled in the art.

The inventor(s) provide the accompanying drawings and the following description to enable those skilled in the art to fully understand the present disclosure, and are intended to limit the subject matter recited in the claims. It's not something you do.

[First embodiment]
[Configuration of first embodiment]

FIG. 1 is a schematic diagram showing the configuration of a system 100 according to the first embodiment. The system 100 in FIG. 1 includes a plurality of client devices 1-1 to 1-3, a server device 2, an administrator device 3, a user terminal device 4, a base station device 5, and a communication line 6.

The client devices 1-1 to 1-3 are communicably connected to the server device 2 via a communication line 6. The client devices 1-1 to 1-3 are, for example, electronic devices including a storage device (described later), such as a personal computer or a mobile phone. Client devices 1-1 to 1-3 are examples of electronic devices according to the embodiment.

In this specification, the client devices 1-1 to 1-3 are also collectively referred to as "client device 1."

The server device 2 manages erasure of data stored in the storage device of each client device 1.

The administrator device 3 is communicably connected to the server device 2 via a communication line 6. The administrator of each client device 1 accesses the server device 2 using the administrator device 3 and specifies a storage device from which stored data should be deleted.

The user terminal device 4 is an electronic device, such as a mobile phone, including a photographing device 48 and a communication device (described later). The user terminal device 4 is communicably connected to the server device 2 via the base station device 5.

The communication line 6 is, for example, a local area network (LAN), the Internet, or a combination thereof.

For example, each client device 1 and administrator device 3 may be owned by an organization such as a company, while the server device 2 may be operated by a third party different from this organization. In this case, the organization that owns each client device 1 and administrator device 3 concludes a contract with the operator of the server device 2 to manage the erasure of data stored in the storage device of each client device 1, and Become a customer.

In this specification, "erasing" means overwriting with other data, such as "0", "1", or a random value, so that the original stored data can no longer be read.

FIG. 2 is a block diagram showing the configuration of the client device 1 of FIG. 1. As shown in FIG. The client device 1 includes a bus 10, a processor 11, a memory 12, a storage device 13, a storage device 14, a communication device 15, a display device 16, and an input device 17. The processor 11 controls the overall operation of the client device 1, and erases data stored in the storage device 13, for example. The memory 12 temporarily stores programs and data necessary for the operation of the client device 1 . The storage device 13 stores data including an operating system (OS), multiple application programs (APP), and user data. The storage device 13 is, for example, a nonvolatile storage medium such as a hard disk drive (HDD) or a solid state drive (SSD). The storage device 14 stores a firmware program of the client device 1, such as a UEFI (Unified Extensible Firmware Interface) or a BIOS (Basic Input/Output System) program. The storage device 14 is, for example, a nonvolatile storage medium such as a flash memory. The communication device 15 is communicably connected to the server device 2 via the communication line 6 . The display device 16 displays information related to the state of the client device 1, and displays, for example, a graphic code including information related to erasing data stored in the storage device 13. Input device 17 receives user inputs that control the operation of client device 1 , for example, user inputs related to erasing data stored in storage device 13 . Input device 17 includes, for example, a keyboard and a pointing device. Processor 11 , memory 12 , storage device 13 , storage device 14 , communication device 15 , display device 16 , and input device 17 are connected to each other via bus 10 .

FIG. 3 is a block diagram showing the configuration of the server device 2 of FIG. 1. The server device 2 includes a bus 20, a processor 21, a memory 22, a storage device 23, a communication device 25, a display device 26, and an input device 27. The processor 21 controls the overall operation of the server device 2 and also manages the erasure of data stored in the storage device 13 of each client device 1. The memory 22 temporarily stores programs and data necessary for the operation of the server device 2. The storage device 23 is a nonvolatile storage medium that stores programs necessary for the operation of the server device 2 . The communication device 25 is communicably connected to each client device 1 and the administrator device 3 via the communication line 6 . The display device 26 displays information related to the status of the server device 2. The input device 27 receives user input for controlling the operation of the server device 2 . Input device 27 includes, for example, a keyboard and a pointing device. Processor 21 , memory 22 , storage device 23 , communication device 25 , display device 26 , and input device 27 are connected to each other via bus 20 .

FIG. 4 is a block diagram showing the configuration of the administrator device 3 of FIG. 1. As shown in FIG. The administrator device 3 includes a bus 30, a processor 31, a memory 32, a storage device 33, a communication device 35, a display device 36, and an input device 37. The processor 31 controls the overall operation of the administrator device 3 . The memory 32 temporarily stores programs and data necessary for the operation of the administrator device 3. The storage device 33 is a nonvolatile storage medium that stores programs necessary for the operation of the administrator device 3. The communication device 35 is communicably connected to the server device 2 via the communication line 6. The display device 36 displays information related to the status of the administrator device 3. The input device 37 receives user input to control the operation of the administrator device 3 . Input device 37 includes, for example, a keyboard and a pointing device. Processor 31 , memory 32 , storage device 33 , communication device 35 , display device 36 , and input device 37 are connected to each other via bus 30 .

The server device 2 provides an interface accessible by the administrator device 3, for example, a web page-based interface, in order to manage the erasure of data stored in the storage device of each client device 1. In this case, the server device 2 executes a web server application program, and the administrator device 3 executes a web browser application program to access the web server of the server device 2.

FIG. 5 is a block diagram showing the configuration of the user terminal device 4 of FIG. 1. The user terminal device 4 includes a bus 40, a processor 41, a memory 42, a storage device 43, a communication device 45, a display device 46, an input device 47, and a photographing device 48. The processor 41 controls the overall operation of the user terminal device 4 . The memory 42 temporarily stores programs and data necessary for the operation of the user terminal device 4. The storage device 43 is a nonvolatile storage medium that stores programs necessary for the operation of the user terminal device 4. The communication device 45 is communicably connected to the server device 2 via the base station device 5. The display device 46 displays information related to the state of the user terminal device 4 and also displays information related to erasure of data stored in the storage device 13 of the client device 1. Input device 47 receives user input that controls the operation of user terminal device 4 . Input device 47 includes, for example, a switch and a touch panel. The photographing device 48 photographs an image displayed on the display device 16 of the client device 1, for example. As will be described later, the display device 16 of the client device 1 displays a graphic code (for example, a two-dimensional barcode) that includes information related to erasing data stored in the storage device 13 of the client device 1. There is. In this case, the user terminal device 4 transmits the contents of the photographed graphic code to the server device 2 via the base station device 5. The processor 41 , memory 42 , storage device 43 , communication device 45 , display device 46 , input device 47 , and photographing device 48 are connected to each other via a bus 40 .

As described above, in the client device 1, the storage device 13 stores an operating system and a plurality of application programs, and the storage device 14 stores a firmware program. The operating system, each application program, and the firmware program are executed by the processor 11. Generally, when the client device 1 is started, a firmware program is executed first, and then the operating system is called from the firmware program. Application programs run on the operating system. The application program accesses each hardware device (storage device 13, storage device 14, communication device 15, display device 16, and input device 17) of the client device 1 via the operating system. On the other hand, the firmware program directly accesses each hardware device of the client device 1 without going through the operating system. One of the application programs is an erasing application program for erasing data stored in the storage device 13. The client device 1 is configured to erase data stored in the storage device 13 by executing an erasing application program and a firmware program.

FIG. 6 is a schematic diagram showing functional blocks of firmware program 50 and erase application program 70 executed by processor 11 of FIG.

The firmware program 50 includes, for example, a core control section 51, an erasure control section 52, a data encoding section 53, and a two-dimensional barcode generation section 54 as its functional blocks. The core control unit 51 controls other functional blocks of the firmware program 50, controls data input/output between functional blocks, and controls data input/output to/from the firmware program 50 to the outside. The erasure control unit 52 controls erasure of data stored in the storage device 13. The data encoding unit 53 encodes erasure result information indicating whether all data stored in the storage device 13 has been successfully erased using a predetermined encoding method. The two-dimensional barcode generation unit 54 generates a two-dimensional barcode that includes erasure result information indicating whether all data stored in the storage device 13 has been successfully erased.

The operating system 60 provides an interface for each hardware device (storage device 13, storage device 14, communication device 15, display device 16, and input device 17) of the client device 1, and an erase application program 70 and other application programs. (not shown). The operating system 60 includes, for example, a device information monitor 61 and a power management unit 62 as its functional blocks. The device information monitor 61 acquires information about the client device 1 from the client device 1, and also acquires information about various components of the client device 1 from the components. The example in FIG. 6 shows a case where the device information monitor 61 acquires information on the storage device 13. The information on the client device 1 includes, for example, the manufacturer, model, serial number, and UUID (Universally Unique Identifier) of the client device 1. The information on the storage device 13 includes, for example, the manufacturer, model, serial number, UUID, and capacity of the storage device 13. The power management unit 62 controls stopping, suspending, resting, and restarting the client device 1 .

Manufacturer of client device 1, model of client device 1, serial number of client device 1, UUID of client device 1, manufacturer of storage device 13, model of storage device 13, serial number of storage device 13, serial number of storage device 13 Using the UUID and at least part of the capacity of the storage device 13, the storage devices of each client device 1 under the management of a certain server device 2 can be identified from each other. Therefore, the manufacturer of the client device 1, the model of the client device 1, the serial number of the client device 1, the UUID of the client device 1, the manufacturer of the storage device 13, the model of the storage device 13, the serial number of the storage device 13, the storage device The UUID of 13 and at least part of the capacity of the storage device 13 can be used as identification information for uniquely identifying the storage device 13.

The erasure application program 70 includes, for example, a core control section 71 as its functional block. The core control unit 71 controls other functional blocks (not shown) of the erasure application program 70, controls data input/output between the functional blocks, and controls data input/output to the outside of the erasure application program 70. .

Furthermore, the storage device 13 executes a firmware program including the functional blocks shown in FIG. The firmware program of the storage device 13 includes, for example, a core control section 81, a reading section 82, a writing section 83, and an erasing section 84 as its functional blocks. The core control unit 81 controls other functional blocks of the storage device 13 and controls input/output of data between the functional blocks. The reading unit 82 reads data from a storage medium (not shown) in the storage device 13. The writing unit 83 writes data to the storage medium of the storage device 13. The erasing unit 84 erases data on the storage medium of the storage device 13.

Hereinafter, the operation of the client device 1 will be explained with reference to each functional block in FIG. 6, and the operation of the server device 2 will also be explained.

[Operation of the first embodiment]
In the system 100 of FIG. 1, when deleting data stored in the storage device 13 of a certain client device 1, the administrator of each client device 1 first accesses the server device 2 via the administrator device 3, The storage device 13 to be erased is registered in the server device 2. Each client device 1 periodically accesses the server device 2 to check whether the storage device 13 of the client device 1 is registered as a deletion target. If the client device 1 is registered as a deletion target, the client device 1 deletes the data stored in the storage device 13. Thereafter, the client device 1 transmits the result of erasing the data stored in the storage device 13 to the server device 2 via the communication line 6. When the erasure result cannot be transmitted from the client device 1 to the server device 2, for example, when the client device 1 cannot receive an acknowledgment signal for the erasure result, the client device 1 sends a graphic code containing the erasure result, such as a QR code (registered trademark). ) is generated and displayed on the display device 26. As a result, a user or administrator who can access the client device 1 can photograph a two-dimensional barcode using the user terminal device 4, and transfer the erasure result included in the two-dimensional barcode from the user terminal device 4 to the server device 2. Can be sent. After transmitting the erasure result to the server device 2 using the user terminal device 4, the user or administrator shuts down the client device 1.

However, in conventional systems that use two-dimensional barcodes that include erasure results, it is not necessarily guaranteed that the erasure results are transmitted from the user terminal device to the server device before shutting down the client device. For example, once a two-dimensional barcode displayed on a client device is cleared by an operation by a user or administrator, it may not be displayed again. In this case, the server device cannot obtain the erase result of the storage device 13 to be erased. Therefore, in a system using a two-dimensional barcode that includes erasure results, it is required to transmit the erasure results to the server device more reliably than in the past.

The system 100 according to each embodiment of the present disclosure reliably transmits the deletion result to the server device 2 using keywords distributed to the client device 1 and the server device 2 in advance, as described below.

FIG. 7 is a schematic diagram for explaining the distribution of keywords in the system 100 of FIG. 1. In the first embodiment, the same keyword is distributed to the client device 1 and the server device 2 in advance. As described with reference to FIG. 6, the client device 1 uses the processor 11 to execute the firmware program 50, the operating system 60, and the erasure application program 70. The keyword is stored in the storage device 14 of the client device 1 in advance. For example, the keyword may be written into the storage device 14 when the client device 1 is manufactured. Further, the keyword may be embedded in the firmware program 50 in advance and installed in the storage device 14 together with the firmware program 50. Further, the keyword may be embedded in the erasure application program 70 in advance, installed in the storage device 13 along with the erasure application program 70, and then written to the storage device 14 by executing the erasure application program 70. The server device 2 uses the processor 21 to execute an operating system 91 and an erasure application program 92. The keyword is stored in advance in the memory 22 or storage device 23 of the server device 2. For example, the keyword may be written in the storage device 23 in advance and read from the storage device 23 to the memory 22 by executing the erasure application program 92. As a result, the same keyword is distributed to the client device 1 and the server device 2 in advance, for example, before executing the deletion process described later with reference to FIGS. 11 to 13 and the like.

FIG. 8 is a flowchart showing the registration process of the client device 1 by the erasure application program 70 executed by the processor 11 of FIG. FIG. 9 is a flowchart showing the registration process of the server device 2 by the erasure application program 92 executed by the processor 21 of FIG.

If the organization that owns each client device 1 is not registered in the server device 2, before executing the registration process shown in FIG. Obtain the following information from 2.

・Account information of server device 2 (customer ID and password)
・URL (Uniform Resource Locator) of the erasing application program 70
・Customer number (serial number associated with account information and assigned to each customer)

The customer number is not identification information for each client device 1 or storage device 13 because it is generated for each customer, that is, for each contract that manages deletion of data stored in the storage device of each client device 1 .

Each client device 1 accesses the URL of the erasure application program 70, downloads and installs the erasure application program 70. After installation, the erasure application program 70 is launched automatically or manually. After starting the erasure application program 70, the processor 11 executes the registration process shown in FIG. 8 in order to register the storage device 13 of the client device 1 with the server device 2.

In step S1 of FIG. 8, the core control unit 71 of the client device 1 displays on the display device 16 a dialog box prompting the user to input the customer number assigned to the organization that owns the client device 1. The user of the client device 1 inputs the customer number using the input device 17 according to the dialog box. The core control unit 71 obtains a customer number from the user via the input device 17.

In step S2, the core control unit 71 of the client device 1 obtains information about the client device 1 and information about the storage device 13 from the device information monitor 61 of the operating system 60.

In step S3, the core control unit 71 of the client device 1 uses the communication device 15 to transmit the customer number, information on the client device 1, and information on the storage device 13 to the server device 2.

In step S11 in FIG. 9, the server device 2 receives the customer number, information on the client device 1, and information on the storage device 13. The server device 2 stores in the memory 22 or the storage device 23 a management table for managing deletion of data stored in the storage device 13 of each client device 1. In step S12, the server device 2 registers the client device 1 and its storage device 13 as new management targets in the management table. When the client device 1 and its storage device 13 are registered, the server device 2 transmits an acknowledgment signal to the client device 1 in step S13.

In step S4 of FIG. 8, the core control unit 71 of the client device 1 determines whether or not a positive response signal has been received from the server device 2. If YES, the process ends; if NO, step S3 Return to

By executing the registration process shown in FIGS. 8 and 9, the storage device 13 of the client device 1 is registered in the management table of the server device 2 as a new management target. According to the registration process shown in FIGS. 8 and 9, the user of the client device 1 only needs to input the customer number using the input device 17, and the information of the client device 1 and the information of the storage device 13 are stored in the client device 1. automatically transmitted to the server device 2. According to the registration process shown in FIGS. 8 and 9, the user of the client device 1 does not need to be aware of the organization to which he or she belongs (or the organization that owns the client device 1), and the server device 2 registers the user based on the customer number. The stored storage devices 13 are automatically classified by customer.

After the storage device 13 of each client device 1 is registered in the server device 2, the administrator of the organization that owns each client device 1 should delete the data stored in the storage device 13 as necessary. and is registered in the server device 2. For this reason, the administrator first accesses the server device 2 using the administrator device 3 and logs into the server device 2 using account information. Next, while viewing the list of storage devices 13 registered in the management table of the server device 2, the administrator instructs one or more storage devices 13 that the stored data should be deleted. Set the erase flag to indicate.

FIG. 10 is a diagram showing exemplary contents of the management table stored in the memory 22 or storage device 23 of FIG. 3. The management table includes information for each client device 1 or storage device 13 to be managed, such as customer number, group number, information on the client device 1, information on the storage device 13, erasure flag, processing number, erasure start time, and erasure. Contains end time.

A customer number is assigned to each customer as described above. A group number is assigned to any sub-organization (group) that is part of the customer's organization. For example, if the customer is a company, the group may be a division or division of the company. As described above, the information on the client device 1 includes, for example, the manufacturer, model, serial number, and UUID of the client device 1. As described above, the information on the storage device 13 includes, for example, the manufacturer, model, serial number, UUID, and capacity of the storage device 13. The erase flag indicates that data stored in the storage device 13 should be erased, as described above. A processing number is issued for each storage device 13 whose erasure flag has been set to indicate that data stored in the storage device 13 should be erased. The erasure start time and erasure end time indicate the time when erasing data stored in the storage device 13 actually started and ended.

The customer number is provided by the server device 2. The group number, information on the client device 1, and information on the storage device 13 are provided by the client device 1. The deletion flag is set by the administrator of the organization that owns each client device 1 using the administrator device 3. The processing number is provided by the server device when a deletion flag indicating that stored data should be deleted is set. The erasure start time and erasure end time are obtained when data stored in the storage device 13 is actually erased.

The server device 2 may generate a status report indicating the status of each client device 1 and each storage device 13 based on the management table. The status report indicates, for example, which of the following states each storage device 13 is in.

・Erase flag set ・Erasing in progress ・Erase completed ・Erase completed and erasure certificate issued ・Erase failed

The erasure certificate will be described later.

The status report may further include the following information:

・Date and time when the deletion flag was set ・Person who approved the deletion ・Date and time when deletion started ・Date and time when deletion was completed ・Deletion method ・Manufacturer, model, and serial number of client device 1 ・Manufacturer, model, serial number, and capacity of storage device 13

The administrator can view the status report by accessing the server device 2 using the administrator device 3.

FIG. 11 is a flowchart showing the erasing process of the client device 1 by the erasing application program 70 executed by the processor 11 of FIG. FIG. 12 is a flowchart showing the erasing process of the client device 1 by the firmware program 50 executed by the processor 11 of FIG. FIG. 13 is a flowchart showing the erasing process of the server device 2 by the erasing application program 92 executed by the processor 21 of FIG.

First, in step S51 of FIG. 13, the server device 2 determines whether the storage device 13 to be erased has been specified by the administrator device 3. If YES, the process proceeds to step S52; if NO, the process proceeds to step S51. repeat. In step S52, the server device 2 sets a deletion flag in the storage device 13 designated as the deletion target in the management table, and updates the status report of this storage device 13.

Further, after the client device 1 is started, the erasure application program 70 is started automatically or manually.

In step S21 of FIG. 11, the core control unit 71 of the client device 1 determines whether the deletion flag is registered in the management table of the server device 2 for the storage device 13 of the client device 1 that is executing the deletion process of FIG. is inquired of the server device 2 using the communication device 15.

In step S53 of FIG. 13, the server device 2 determines whether or not it has received an inquiry about the deletion flag from the client device 1. If YES, the process proceeds to step S54; if NO, the process returns to step S51. In step S54, the server device 2 returns the presence or absence of the deletion flag to the client device 1.

In step S22 of FIG. 11, the core control unit 71 of the client device 1 determines whether an deletion flag is registered in the management table of the server device 2 for the storage device 13 of the client device 1 that is executing the deletion process of FIG. If YES, the process advances to step S23; if NO, the process returns to step S21.

In step S23, the core control unit 71 of the client device 1 uses the communication device 15 to transmit information on the client device 1 and information on the storage device 13 to the server device 2.

In step S55 of FIG. 13, the server device 2 determines whether information on the client device 1 and the storage device 13 has been received from the client device 1. If YES, the process proceeds to step S56; if NO, the process proceeds to step S56. Return to S51.

The information on the client device 1 and the information on the storage device 13 received by the server device 2 in step S55 are changed to the information on the client device 1 and the information on the storage device 13 registered in the management table of the server device 2 through the registration process of FIG. If they match, in step S56, the server device 2 generates a processing number for the storage device 13 of the client device 1 that is executing the erasure process of FIG. 11, and transmits it to the client device 1. If the server device 2 cannot identify the storage device 13 based on the received information on the client device 1 and information on the storage device 13, or if the deletion flag is not set, the server device 2 returns an error as a response. Even if the storage device 13 can be identified based on the received information on the client device 1 and information on the storage device 13, if the erasure flag is not set or the identification information of the storage device 13 is different, it may be different. may be returned as a response. In this case, since the processing number is not returned, the client device 1 cannot erase the data stored in the storage device.

In step S24 of FIG. 11, the core control unit 71 of the client device 1 determines whether or not a processing number for erasure has been received from the server device 2 in response to the information transmitted in step S23, and selects YES. If so, the process advances to step S25, and if NO, the process returns to step S23.

In step S25, the core control unit 71 of the client device 1 displays a dialog box on the display device 16 to confirm whether or not the data stored in the storage device 13 can be deleted. The user of the client device 1 uses the input device 17 to input whether or not data stored in the storage device 13 should be deleted, according to the dialog box. The core control unit 71 obtains whether data stored in the storage device 13 can be erased via the input device 17 .

In step S26, the core control unit 71 of the client device 1 determines whether the user has consented to erasure of data stored in the storage device 13. If YES, the process proceeds to step S27; if NO, the process proceeds. end.

In step S27, the core control unit 71 of the client device 1 sends the UUID of the storage device 13, the processing number, the address of the server device 2, and information on the erasure method to the firmware program 50. The erasure method information includes, for example, secure erase, overwrite three times erase, overwrite once erase, failure, and the like.

The core control unit 51 of the firmware program 50 stores the UUID of the storage device 13, the process number, the address of the server device 2, and the information on the erasure method obtained from the erasure application program 70 in the storage device 14 (steps in FIG. 12). (See S31). When the core control unit 51 acquires and stores the UUID of the storage device 13, the processing number, the address of the server device 2, and the information on the erasure method, it sends an acknowledgment signal to the erasure application program 70 (see step S32 in FIG. 12). ).

In step S28, the core control unit 71 of the client device 1 determines whether or not an acknowledgment signal has been received from the firmware program 50. If YES, the process proceeds to step S29, and if NO, the process returns to step S27.

In step S29, the core control unit 71 of the client device 1 restarts the client device 1 by sending a control signal to the power management unit 62 of the operating system 60.

Steps S31 to S33 in FIG. 12 correspond to steps S27 to S29 in FIG. 11.

In step S31 of FIG. 12, the core control unit 51 of the client device 1 transfers the UUID, process number, address of the server device 2, and erasure method information of the storage device 13 obtained from the erasure application program 70 to the storage device 14. Store.

In step S32, the core control unit 51 of the client device 1 sends an acknowledgment signal to the erasure application program 70 when acquiring and storing the UUID of the storage device 13, the processing number, the address of the server device 2, and the erasure method information. .

In step S33, the client device 1 is restarted by the erasure application program 70.

After rebooting, the firmware program 50 continues the erasing process of FIG. 12 without calling the operating system 60.

In step S34, the core control unit 51 of the client device 1 uses the erasure control unit 52 to erase all data stored in the storage device 13 using the specified erasure method. The erase control unit 52 may use a secure erase command of the storage device. After the erasure is completed, the core control unit 51 stores data indicating the erasure result including the erasure start time, erasure end time, and erasure method in the storage device 14.

In step S35, the core control unit 51 of the client device 1 reads data indicating the erasure result from the storage device 14, and uses the data encoding unit 53 to encode the data indicating the erasure result in a predetermined encoding method. encode. The core control unit 51 stores the encoded data in the storage device 14.

Encoding of data indicating the encoded erasure result is performed, for example, in the following steps.

(1) Arrange the UUID, process number, erasure start time, erasure end time, and erasure method in serial. These parameters may be arranged in CSV format, for example.
(2) Convert the character string related to the parameter in step (1) to a half-width character string such as BCD. A character string may be added here.
(3) Calculate the hash value of the character string in step (2).
(4) Convert the character string in step (2) and the hash value in step (3) into a format that can be transmitted via the communication line 6. If necessary, perform URL encoding, for example.
(5) Send the data in step (4) to the address of the server device 2 as the destination.

In step S36, the core control unit 51 of the client device 1 reads data indicating the encoded erasure result from the storage device 14, and uses the communication device 15 to transfer the data indicating the encoded erasure result to the server device 1. Send to.

In step S57 of FIG. 13, the server device 2 determines whether or not the deletion result has been received from the client device 1. If YES, the process proceeds to step S58; if NO, the process proceeds to step S59.

In step S58, the server device 2 transmits an acknowledgment signal in response to the deletion result to the client device 1.

In step S37 of FIG. 12, the core control unit 51 of the client device 1 determines whether or not an acknowledgment signal has been received from the server device 2 within a predetermined period after transmitting the erasure result, and if YES, step Proceed to S43, and if NO, proceed to step S38.

In step S38, the core control unit 51 of the client device 1 reads data indicating the erasure result from the storage device 14, and uses the two-dimensional barcode generation unit 54 to generate a two-dimensional barcode from the data indicating the erasure result. . The core control unit 51 stores the generated two-dimensional barcode in the storage device 14.

In step S39, the core control unit 51 of the client device 1 reads the two-dimensional barcode from the storage device 14 and displays the two-dimensional barcode on the display device 16.

FIG. 14 is a diagram showing the content displayed on the display device 16 of the client device 1 in step S39 of FIG. 12. A display screen 200 displayed on the display device 16 includes, for example, a two-dimensional barcode 201 and an input field 202. The user photographs the two-dimensional barcode 201 using the photographing device 48 of the user terminal device 4. The user terminal device 4 decodes the two-dimensional barcode 201, extracts data indicating the erasure result, and transmits this data to the server device 2. The two-dimensional barcode 201 may include, for example, the URL of the server device 2. In this case, the user terminal device 4 may start a web browser and access the server device 2 through HTTPS communication.

In step S59 of FIG. 13, the server device 2 determines whether or not the deletion result has been received from the user terminal device 4. If YES, the process proceeds to step S60, and if NO, the process returns to step S57.

In step S60, the server device 2 reads the keyword from the memory 22 or the storage device 23 and transmits it to the user terminal device 4.

The user terminal device 4 receives the keyword transmitted from the server device 2 in step S60 of FIG. 13, and displays the keyword on the display device 46.

FIG. 15 is a diagram showing the content displayed on the display device 46 of the user terminal device 4 after the keyword is transmitted from the server device 2 to the user terminal device 4 in step S60 of FIG. The user terminal device 4 displays the keyword 211 (“TWeraseEnd” in the example of FIG. 15) received from the server device 2 on the display device 46. When the user terminal device 4 that photographed the two-dimensional barcode starts up a web browser, the keyword 211 may be displayed on the web browser. The user inputs the displayed keyword 211 into the input field 202 of the client device 1 using the input device 17 and presses the Enter key.

In step S40 of FIG. 12, the core control unit 51 of the client device 1 determines whether a keyword has been input from the input device 17. If YES, the process proceeds to step S41; if NO, step S40 is repeated.

In step S41, the core control unit 51 of the client device 1 determines whether the keyword input from the input device 17 matches a keyword stored in advance in the storage device 14, and if YES, the process proceeds to step S42. If NO, the process returns to step S40.

According to the process shown in FIGS. 12 and 13, the erasure result is first transmitted from the client device 1 to the server device 2 via the communication line 6 in step S36. If a failure occurs in the communication line 6, that is, if an acknowledgment signal for the erasure result is not received in step S37, the erasure result is transmitted to the user terminal device 4 by executing steps S38 to S42. The information is sent to the server device 2 via the server device 2.

Referring to FIG. 13, after executing step S58 or S60, in step S61, the server device 2 stores the erasure result in the management table and updates the status report.

In step S62, the server device 2 issues an erasure certificate based on the erasure result.

In step S43 of FIG. 12, the core control unit 51 of the client device 1 performs post-processing and shuts down the client device 1.

FIG. 16 is a sequence diagram showing the operation of the system 100 in FIG. 1 when the erasure result information is successfully transmitted via the communication line 6. FIG. 17 is a sequence diagram showing the operation of the system 100 in FIG. 1 when transmission of erasure result information via the communication line 6 fails.

In FIGS. 16 and 17, for simplification of illustration, only the main steps among the steps described with reference to FIGS. 8 to 9 and 11 to 13 are shown, and the others are omitted. Further, FIG. 16 shows both the registration process shown in FIGS. 8 to 9 and the deletion process shown in FIGS. 11 to 13. Since the registration process is the same in both cases of FIGS. 16 and 17, FIG. 17 omits the registration process and only shows the deletion process.

Referring to FIG. 16, the client device 1 obtains a customer number from the user in step S1. Next, the client device 1 transmits the customer number, information on the client device 1, and information on the storage device 13 to the server device 2.

In step S11, the server device 2 registers the storage device 13 of the client device 1 as a new management target based on the customer number, the information on the client device 1, and the information on the storage device 13.

In the first embodiment, as described above, the same keyword is distributed to the client device 1 and the server device 2 in advance before executing the deletion process.

Thereafter, the administrator device 3 transmits account information to the server device 2 and logs into the server device 2 in step S101. The administrator device 3 specifies the storage device 13 to be erased, that is, the storage device 13 from which stored data should be erased.

In step S52, the server device 2 stores the deletion flag in the management table so as to correspond to the storage device 13 specified in step S101.

Thereafter, the client device 1 periodically inquires of the server device 2 whether or not a deletion flag is set in the management table of the server device 2 corresponding to the storage device of the client device 1. When the client device 1 receives a response signal from the server device 2 indicating that the deletion flag is set in the management table of the server device 2 in response to the inquiry about the deletion flag, the client device 1 deletes the information of the client device 1 and the storage device 13. information is sent to the server device 2. The server device 2 determines that the information of the client device 1 and the information of the storage device 13 that the server device 2 received match the information of the client device 1 and the information of the storage device 13 registered in the management table of the server device 2. In this case, a processing number for the storage device 13 of the client device 1 is generated and sent to the client device 1.

Thereafter, in step S25, the client device 1 displays a dialog box on the display device 16 to confirm whether or not the data stored in the storage device 13 can be deleted. If the user agrees to erase the data stored in the storage device 13, the client device 1 is restarted in step S29. Thereafter, in step S34, the client device 1 erases all data stored in the storage device 13.

After the deletion is completed, the client device 1 transmits the deletion result information to the server device 2. If a response signal to the erasure result information is received from the server device 2 within the predetermined timeout period, the client device 1 shuts down in step S43.

In step S61, the server device 2 stores the erasure result included in the erasure result signal in the management table. In step S62, the server device 2 issues an erasure certificate based on the erasure result included in the erasure result signal.

On the other hand, as shown in FIG. 17, when the erasure result information transmitted by the client device 1 does not reach the server device 2, or when a response signal to the erasure result information is desired to be received, the client device 1 performs the step In S39, the two-dimensional barcode is displayed on the display device 16.

The user of the client device 1 uses the user terminal device 4 to photograph the two-dimensional barcode displayed on the display device 16 of the client device 1 in step S111. The user terminal device 4 decodes the two-dimensional barcode, extracts data indicating the erasure result, and transmits this data to the server device 2.

When the server device 2 receives data indicating the erasure result from the user terminal device 4 , it reads the keyword from the memory 22 or the storage device 23 and transmits it to the user terminal device 4 .

The user terminal device 4 displays the keyword received from the server device 2 on the display device 46 in step S112. The user inputs the keyword displayed on the display device 46 into the client device 1.

The client device 1 acquires the input keyword in step S40. In step S41, the client device 1 determines whether the input keyword matches a keyword stored in the storage device 14 in advance. If the keywords match, the client device 1 clears the display content on the display device 16 in step S42. After that, the client device 1 shuts down in step S43.

[Erasure certificate]
For example, when data stored on a storage device is erased using erasure software or an erasure process certified by a third-party certification body such as the Association of Data Erase Certification (ADEC). , a certificate can be issued indicating that data has been properly erased. The certificate includes, for example, the following information:

(1) Client device 1 information/manufacturer/model/serial number (2) Storage device 13 information/manufacturer/model/serial number/capacity (3) Erasure information/erase operator information (operator ID, business person name, rating)
・Erase software information (vendor name, software name, certification number, erasure method)
・Date and time of erasure execution (erasure start time, erasure end time)
・Erase result

The information on the client device 1 and the information on the storage device 13 are sent from the client device 1 to the server device 2 by the erasure application program 70, as described above. Further, among the deletion information, the business ID, business name, vendor name, and software name must be certified in advance by applying to a certification body. Once the erasure software is certified, a certification number will be issued. Further, the erasure execution date and time and the erasure result are sent from the client device 1 to the server device 2 by the firmware program 50. In this way, since the information necessary for issuing the erasure certificate can be automatically sent from the client device 1 to the server device 2, the erasure certificate can be easily issued.

[summary]
The client device 1 receives an acknowledgment signal for the erasure result from the server device 2, or transmits the erasure result from the user terminal device 4 to the server device 2, and sends the keyword returned from the server device 2 to the user terminal device 4 as a client device. Unless input is made to the device 1, the erasing operation cannot be completed. The client device 1 may be configured to display the display contents of FIG. 14 on the display device 16 every time the client device 1 is powered on unless the erasing operation is completed normally. Thereby, if the deletion result cannot be transmitted from the client device 1 to the server device 2, the user can be reliably prompted to transmit the deletion result to the server device 2 using the user terminal device 4. Therefore, the system according to the first embodiment uses keywords, that is, distributes the keywords between the client device 1 and the server device 2, and transmits the keywords from the server device 2 to the user terminal device 4. , the result of erasing the storage device 13 can be notified to the server device 2 more reliably than in the past.

If the client device 1 is normally shut down after erasing the data stored in the storage device 13 of the client device 1 (that is, even if the client device 1 is turned on, the screen in FIG. 14 is not displayed). , it can be seen that the data has been deleted normally and the deletion result has been sent to the server device 2.

Even if you accidentally delete the keyword displayed on the user terminal device 4 before entering the keyword into the client device 1 (for example, when you close the web browser that displayed the keyword), you cannot use the user terminal device 4 to delete the keyword. The keyword can be displayed again by photographing the two-dimensional barcode.

Keywords may be commonly determined for each company, each department, or each contract. In this case, the firmware program 50 or erasing application program 70 in which keywords are embedded in advance may be installed on a plurality of client devices 1 belonging to the same company, department, or contract.

The keywords may be entered into the client device 1 by an end user of the client device 1 or by an administrator who has access to the client device 1 . The administrator who can access the client device 1 may be the same as or different from the administrator who can access the server device 2.

Further, according to the system according to the first embodiment, the administrator accesses the server device 2 and sets a deletion flag indicating that data stored in the storage device 13 of each client device 1 should be deleted. After that, without transmitting an erase command or the like from the server device 2 to the client device 1, the client device inquires of the server device 2 about the presence or absence of the erase flag. This makes it possible to specify and easily set the storage device 13 to be erased without error. No signal is sent from the server device 2 to the client device 1 when starting erasing, and the user of the client device 1 only needs to connect the client device 1 to the communication line 6 when starting erasing. Therefore, data can be deleted according to the user's convenience. Thereby, data stored in the storage device 13 can be identified without error and easily erased.

Performing the erasing process not only by the erasing application program 70 but also by a combination of the erasing application program 70 and the firmware program 50 has the following advantages. An erasing application program 70 executed on the operating system 60 exists in the storage device 13. Similarly, a UEFI application program running on firmware program 50 resides in storage device 13 . Therefore, when data stored in the storage device 13 is erased by the erasure application program 70 or the UEFI application program, the area of the storage device 13 where the program exists cannot be deleted. Further, the erasure application program 70 or the UEFI application program cannot communicate with the server device 2 via the communication line 6 after data erasure is completed. Further, since the erasure application program 70 or the UEFI application program cannot operate after data erasure is completed, information indicating the erasure result (for example, erasure start time, erasure end time, erasure method) cannot be obtained. According to the system 100 according to the first embodiment, all the data stored in the storage device 13 can be erased by executing the firmware program 50, and after the data erasure is completed, the communication line 6 can be erased. It is possible to communicate with the server device 2 via the server device 2, and after data erasure is completed, information indicating the erasure result can be acquired.

For example, it is conceivable to entrust erasure of data stored in the storage device 13 to a vendor. However, there is a security risk in transporting a client device with a storage device whose stored data is to be erased to a vendor's office. Using a delivery mode with high security increases costs. Also, a lot of work needs to be done for erasure and subsequent checking. Also, erasing data takes a long time, for example half a day. According to the system 100 according to the first embodiment, data stored in the storage device 13 of the client device 1 can be erased without moving the client device 1, so data can be easily erased with high security and low cost. can be erased.

[Effects of the first embodiment, etc.]
According to one aspect of the present disclosure, a system 100 for erasing data stored in a storage device of at least one client device 1 is provided. The system 100 includes at least one client device 1 , a server device 2 , and a user terminal device 4 . The client device 1 includes a first storage device 13 that stores data to be erased, a second storage device 14 that stores a first keyword, a first display device 16, and a first input device 17. The server device 2 includes a memory 22 or a storage device 23 that stores the second keyword. The user terminal device 4 includes a photographing device 48 and a second display device 46. The client device 1 erases the data stored in the first storage device 13, and sends a graphic code containing erasure completion information indicating that erasure of the data stored in the first storage device 13 is completed to the first storage device 13. It is displayed on the display device 16. The user terminal device 4 photographs the graphic code using the photographing device 48, extracts erasure completion information from the graphic code, and transmits the erasure completion information to the server device 2. The server device 2 receives the erasure completion information from the user terminal device 4, reads the second keyword from the memory 22 or the storage device 23, and transmits the second keyword to the user terminal device 4. The user terminal device 4 receives the second keyword from the server device 2 and displays the keyword on the second display device 46. The client device 1 acquires the second keyword input via the first input device 17 and stores the second keyword input via the first input device 17 in the second storage device 14. If the first keyword matches the first keyword, the client device 1 is shut down.

Thereby, the result of erasing the storage device 13 can be notified to the server device 2 more reliably than in the past.

According to one aspect of the present disclosure, the first storage device 13 may store data including an operating system, application programs, and user data, and the second storage device 14 may further store a firmware program. It's okay. In this case, the client device 1 erases all data stored in the first storage device 13 by executing the firmware program.

With this, all data stored in the storage device 13 including the operating system can be erased.

According to one aspect of the present disclosure, the first keyword may be embedded in the firmware program in advance.

Thereby, the same keyword can be distributed to the client device 1 and the server device 2 in advance.

According to one aspect of the present disclosure, the graphic code may be a two-dimensional barcode.

Thereby, the result of erasing the storage device 13 can be transmitted from the user terminal device 4 to the server device 2.

According to one aspect of the present disclosure, the client device 1 may transmit erasure completion information to the server device 2 after erasing data stored in the first storage device 13 . In this case, if an acknowledgment signal for the transmitted erasure completion information is received from the server device 2 within a predetermined period, the client device 1 is shut down without displaying the graphic code on the first display device 16. On the other hand, if the acknowledgment signal is not received from the server device 2 within the predetermined period, a graphical code is displayed on the first display device 16.

Thereby, even if the client device 1 cannot communicate with the server device 2, it is possible to notify the server device 2 of the erase result of the storage device 13 more reliably than in the past.

According to one aspect of the present disclosure, the server device 2 acquires erasure completion information from the client device 1 and indicates that erasure of data stored in the first storage device 13 is completed based on the erasure completion information. An erasure certificate may be issued to prove this.

This makes it possible to issue an erasure certificate that certifies that erasure of all data stored in the storage device has been completed.

According to one aspect of the present disclosure, an electronic device that processes information includes a first storage device 13 that stores data to be erased, a second storage device 14 that stores a first keyword, and a second storage device 14 that stores data to be erased. The electronic device 1 includes a first display device 16 for displaying images, a first input device 17 for receiving input from a user of the electronic device 1 , and a processor 11 for controlling the electronic device 1 . Processor 11 erases data stored in first storage device 13. The processor 11 displays on the first display device 16 a graphic code including erasure completion information indicating that erasure of data stored in the first storage device 13 has been completed. The processor 11 acquires, via the first input device 17, the second keyword obtained by the user transmitting erasure completion information included in the graphic code to the server device 2. The processor 11 compares the second keyword with the first keyword stored in the second storage device 14 and shuts down the electronic device 1 if they match.

Thereby, the result of erasing the storage device 13 can be notified to the server device 2 more reliably than in the past.

According to one aspect of the present disclosure, a method of operating system 100 for erasing data stored in a storage device of at least one client device 1 is provided. The system 100 includes at least one client device 1 , a server device 2 , and a user terminal device 4 . The client device 1 includes a first storage device 13 that stores data to be erased, a second storage device 14 that stores a first keyword, a first display device 16, and a first input device 17. The server device 2 includes a memory 22 or a storage device 23 that stores the second keyword. The user terminal device 4 includes a photographing device 48 and a second display device 46. In this method, data stored in a first storage device 13 is erased by a client device 1, and a graphic code containing erasure completion information indicating that erasure of data stored in the first storage device 13 is completed. This includes the step of displaying on the first display device 16. This method includes the steps of photographing the graphic code by the user terminal device 4 using the photographing device 48, extracting erasure completion information from the graphic code, and transmitting the erasure completion information to the server device 2. This method includes the steps of receiving erasure completion information from the user terminal device 4 by the server device 2, reading the second keyword from the memory 22 or the storage device 23, and transmitting the second keyword to the user terminal device 4. . The method includes the steps of receiving, by the user terminal device 4, a second keyword from the server device 2 and displaying the keyword on the second display device 46. In this method, a second keyword input via the first input device 17 is acquired by the client device 1, and the second keyword input via the first input device 17 is stored in a second memory. The method includes the step of shutting down the client device 1 if the first keyword stored in the device 14 is matched.

Thereby, the result of erasing the storage device 13 can be notified to the server device 2 more reliably than in the past.

[Second embodiment]
In the first embodiment, a case has been described in which keywords are distributed to the client device 1 and the server device 2 in advance before executing the deletion process. On the other hand, in the second embodiment, a case will be described in which the server device 2 sets a keyword and sends the keyword from the server device 2 to the client device 1 during execution of the deletion process.

[Configuration of second embodiment]
The configuration of the system 100 according to the second embodiment is the same as the configuration of the system 100 according to the first embodiment described with reference to FIGS. 1 to 5 and the like.

[Operation of second embodiment]
FIG. 18 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the second embodiment. In the second embodiment, as described above, the server device 2 sets a keyword and sends the keyword from the server device 2 to the client device 1 during execution of the erasure process. The server device 2 sets the keyword by, for example, executing the erasure application program 92 and generating the keyword internally. In this case, the server device 2 may randomly generate keywords. The set keyword is stored in the memory 22 or storage device 23 of the server device 2. Further, the server device 2 transmits the set keyword to the client device 1 including the storage device 13 to be erased. The client device 1 receives the keyword transmitted from the server device 2 using the erasure application program 70 and writes it into the storage device 14 . Further, the client device 1 may receive the keyword transmitted from the server device 2 using the erasure application program 70, send it once to the firmware program 50, and write it into the storage device 14 by the firmware program 50. As a result, the same keyword is distributed to the client device 1 and the server device 2.

FIG. 19 is a flowchart showing the erasing process of the client device 1 by the erasing application program 70 executed by the processor 11 of the client device 1 according to the second embodiment. FIG. 20 is a flowchart showing the erasing process of the client device 1 by the firmware program 50 executed by the processor 11 of the client device 1 according to the second embodiment. FIG. 21 is a flowchart showing the erasing process of the server device 2 by the erasing application program 92 executed by the processor 21 of the server device 2 according to the second embodiment.

Referring to FIG. 21, after executing step S52, the process proceeds to step S121. In step S121, the server device 2 sets a keyword. As described above, the server device 2 sets the keyword by, for example, generating the keyword internally. After executing step S121, the process proceeds to step S53. After that, when the information on the client device 1 and the storage device 13 is received in step S55, the server device 2 executes step S56A instead of step S56. In step S56A, the server device 2 generates a process number and transmits the process number and keyword to the client device 1.

Referring to FIG. 19, the client device 1 executes step S24A instead of step S24. In step S24A, the core control unit 71 of the erasure application program 70 determines whether or not the processing number and keyword have been received from the server device 2 in response to the information transmitted in step S23. If YES, step S24A If NO, the process returns to step S23. After that, if the user consents to erase the data stored in the storage device 13 in step S26, the client device 1 executes step S27A instead of step S27. In step S27A, the core control unit 71 sends information such as the UUID of the storage device 13, the processing number, the address of the server device 2, the erasing method, and the keyword to the firmware program 50.

Referring to FIG. 20, the client device 1 executes step S31A instead of step S31. In step S31A, the core control unit 51 of the firmware program 50 stores the UUID of the storage device 13, the process number, the address of the server device 2, the erasure method, and the keyword information obtained from the erasure application program 70 in the storage device 14. do.

FIG. 22 is a sequence diagram showing the operation of the system 100 according to the second embodiment when the erasure result information is successfully transmitted via the communication line 6. FIG. 23 is a sequence diagram showing the operation of the system 100 according to the second embodiment when transmission of the erasure result information via the communication line 6 fails. After executing step S52, the server device 2 sets a keyword in step S121. Thereafter, the server device 2 transmits the keyword along with the process number to the client device 1.

After that, the client device 1 and the server device 2 execute the remaining steps of the erasing process as in the first embodiment.

According to the system according to the second embodiment, the server device 2 sets the keyword and sends the keyword from the server device 2 to the client device 1 during execution of the erasure process, so that the keyword can be sent to the client device 1 and the server device 2. Pre-dispensing becomes unnecessary. Therefore, it is not necessary to provide in advance a special firmware program or application program with embedded keywords for the client device 1 that includes the storage device 13 to be erased.

In the second embodiment, the server device 2 may individually set keywords for each client device 1.

[First modification of the second embodiment]
FIG. 24 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the first modification of the second embodiment. Instead of generating the keyword internally, the server device 2 may set the keyword by acquiring the keyword from an external source, for example, from an administrator.

FIG. 25 is a diagram showing contents displayed on the display device 26 of the server device 2 according to the first modification of the second embodiment. In step S121 of FIG. 21, the server device 2 may display the window 220 of FIG. 25 on the display device 26 in order to prompt the administrator to input a keyword. The administrator uses the input device 27 of the server device 2 to input a keyword into the input field 221 and presses the Enter key or the apply button on the screen. Further, when the administrator is accessing the server device 2 using the administrator device 3, the server device 2 may display the window 220 of FIG. 25 on the display device 36 of the administrator device 3. In this case, the administrator inputs the keyword using the input device 37 of the administrator device 3.

Even if the server device 2 acquires the keyword from the outside, the deletion process is executed in the same way as in the cases of FIGS. 19 to 23.

In this modification, the administrator may set keywords individually for each client device 1, or may set a common keyword for each company, department, or contract.

[Second modification of second embodiment]
Keywords may be required to be updated regularly for security and other purposes. For this reason, the server device 2 may set a plurality of keywords respectively associated with a plurality of erasing operations executed at a plurality of different points in time. Note that the erasure of data stored in the storage device 13 is not necessarily executed immediately after transmitting the keyword from the server device 2 to the client device 1, and a new keyword may be set before the data erasure is completed. Sometimes. Further, the deletion result is not necessarily sent to the server device 2 immediately after data deletion is completed, and a new keyword may be set before the server device receives the deletion result. The server device 2 manages the history of keywords in order to transmit appropriate keywords to the user terminal device 4 when transmission of erasure result information via the communication line 6 fails.

For this reason, the server device 2 stores a keyword table including a plurality of set keywords in the memory 22 or the storage device 23. Each keyword has a different usage period and is therefore associated with a plurality of erasing operations performed at different points in time.

FIG. 26 is a flowchart showing the erasing process of the server device 2 by the erasing application program 92 executed by the processor 21 of the server device 2 according to the second modification of the second embodiment.

After executing step S121, the process proceeds to step S122. In step S122, the server device 2 adds the newly set keyword in step S121 to the keyword table and updates the keyword table. After executing step S122, the process proceeds to step S53.

In step S56A, as described above, the server device 2 generates a process number and transmits the process number and keyword to the client device 1. Here, the server device 2 transmits the latest keyword included in the keyword table to the client device.

If the deletion result is received from the user terminal device 4 in step S59, the process proceeds to step S123. In step S123, the server device 2 collates the keywords included in the keyword table based on the deletion result, and selects the keyword associated with the current deletion operation being executed by the client device 1, that is, the keyword transmitted in step S56A. Select the same keyword. For example, the server device 2 selects the keyword that was used at the time of starting the erasing operation of data stored in the storage device 13 of the client device 1, based on the erasure start time included in the erasure result. After executing step S123, the process proceeds to step S60, and the server device 2 reads the selected keyword from the memory 22 or storage device 23 and transmits it to the user terminal device 4.

In this modification, the client device 1 operates in the same way as in the case of FIGS. 19 and 20.

FIG. 27 is a sequence diagram showing the operation of the system 100 in the case where the erasure result information is successfully transmitted via the communication line 6 in the system 100 according to the second modification of the second embodiment. FIG. 28 is a sequence diagram showing the operation of the system 100 according to the second modification of the second embodiment when transmission of the erasure result information via the communication line 6 fails.

Referring to FIG. 27, after executing step S52, the server device 2 sets a keyword in step S121. Next, in step S122, the server device 2 adds the newly set keyword to the keyword table and updates the keyword table. Thereafter, the server device 2 transmits the latest keyword along with the process number to the client device 1. If the erasure result information is successfully transmitted via the communication line 6, the client device 1 and the server device 2 operate in the same manner as in the cases of FIGS. 16 and 22.

On the other hand, if the transmission of the erasure result information via the communication line 6 fails, as shown in FIG. 28, the server device 2 collates the keywords included in the keyword table based on the erasure result in step S123, and Select the keyword associated with the current erase operation being performed by 1. Next, the server device 2 transmits the selected keyword to the user terminal device 4.

After that, the client device 1 and the server device 2 execute the remaining steps of the erasing process as in the first embodiment.

FIG. 29 is a diagram showing exemplary contents of a keyword table stored in the memory 22 or storage device 23 of the server device 2 according to the second modification of the second embodiment. The keyword table in FIG. 29 includes four keywords having different usage periods (that is, a combination of usage start date and time and usage end date and time). As described above, the server device 2 selects the keyword that was used at the time of starting the erasure operation of the data stored in the storage device 13 of the client device 1, based on the erasure start time included in the erasure result. be able to.

FIG. 30 is a diagram showing another exemplary content of the keyword table stored in the memory 22 or storage device 23 of the server device 2 according to the second modification of the second embodiment. The keyword table in FIG. 30 includes the process number sent together with the keyword in step S56A. In this case, the server device 2 can select the keyword that was used at the time of starting the data deletion operation stored in the storage device 13 of the client device 1 based on the processing number included in the deletion result. .

In this modification, the plurality of keywords may be generated inside the server device 2 or may be acquired from outside the server device 2. In the former case, the server device 2 may periodically generate new keywords by executing the erasure application program 92. In the latter case, the server device 2 may periodically display the window 220 of FIG. 25 on the display device 26 or 36 in order to prompt the administrator to input a new keyword.

According to this modification, even if keywords are periodically updated for security or other purposes, an appropriate keyword associated with the current erasing operation being executed by the client device 1 can be sent to the user terminal device 4. Can be sent.

[Effects of the second embodiment, etc.]
According to one aspect of the present disclosure, the server device 2 may generate the keyword internally. In this case, the server device 2 transmits the generated keyword as a first keyword to the client device 1, and stores the generated keyword as a second keyword in the memory 22 or storage device 23.

This eliminates the need to distribute keywords to the client device 1 and server device 2 in advance.

According to one aspect of the present disclosure, the server device 2 may further include a second input device 27 or 37 that acquires a keyword from the outside. In this case, the server device 2 transmits the acquired keyword as a first keyword to the client device 1, and stores the acquired keyword as a second keyword in the memory 22 or storage device 23.

This eliminates the need to distribute keywords to the client device 1 and server device 2 in advance.

According to one aspect of the present disclosure, the memory 22 or the storage device 23 may store a plurality of second keywords each associated with a plurality of erasing operations performed at a plurality of mutually different points in time. In this case, the erasure completion information includes the erasure start time. Based on the erasure start time included in the erasure completion information received from the user terminal device 4, the server device 2 reads the second keyword associated with the current erasure operation from the memory 22 or the storage device 23, and stores the second keyword in the user terminal device 4. Send to device 4.

As a result, even when keywords are periodically updated for purposes such as security, an appropriate keyword associated with the current erasing operation can be transmitted to the user terminal device 4.

According to one aspect of the present disclosure, the memory 22 or the storage device 23 stores a plurality of process numbers and a plurality of second keywords respectively associated with a plurality of erasing operations executed at a plurality of mutually different points in time. Good too. In this case, the erasure completion information includes the processing number. The server device 2 reads the second keyword associated with the current erasing operation from the memory 22 or the storage device 23 based on the process number included in the erasure completion information received from the user terminal device 4, Send to 4.

As a result, even when keywords are periodically updated for purposes such as security, an appropriate keyword associated with the current erasing operation can be transmitted to the user terminal device 4.

[Third embodiment]
In the second embodiment, a case has been described in which the server device 2 sets a keyword and sends the keyword from the server device 2 to the client device 1 during execution of the deletion process. On the other hand, in the third embodiment, a case will be described in which the client device 1 sets a keyword and sends the keyword from the client device 1 to the server device 2 during execution of the deletion process.

[Configuration of third embodiment]
The configuration of the system 100 according to the third embodiment is the same as the configuration of the system 100 according to the first embodiment described with reference to FIGS. 1 to 5 and the like.

[Operation of third embodiment]
FIG. 31 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the third embodiment. In the third embodiment, as described above, the client device 1 sets a keyword, and sends the keyword from the client device 1 to the server device 2 during execution of the deletion process. The client device 1 sets the keyword by, for example, executing the erasure application program 70 and generating the keyword internally. In this case, the client device 1 may randomly generate keywords. The set keywords are stored in the storage device 14 of the client device 1. Further, the client device 1 transmits the set keyword to the server device 2. The server device 2 receives the keyword transmitted from the client device 1 using the erasure application program 92 and writes it into the memory 22 or the storage device 23. As a result, the same keyword is distributed to the server device 2 and the client device 1.

The server device 2 may receive keywords generated by each client device 1 from a plurality of client devices 1 . The server device 2 is capable of identifying a plurality of keywords received from a plurality of client devices 1 in order to transmit appropriate keywords to the user terminal device 4 when transmission of erasure result information via the communication line 6 fails. to be managed. For this reason, the server device 2 stores in the memory 22 or the storage device 23 a keyword table including a plurality of keywords respectively received from a plurality of client devices 1. The keyword table includes, for example, identification information of the storage device 13 to be erased, identification information of the client device 1 having the storage device 13 to be erased, in association with keywords generated by the client device 1 having the storage device 13 to be erased. It includes information or a process number associated with the erasing operation performed on the storage device 13 to be erased.

FIG. 32 is a flowchart showing the erasing process of the client device 1 by the erasing application program 70 executed by the processor 11 of the client device 1 according to the third embodiment. FIG. 33 is a flowchart showing the erasing process of the server device 2 by the erasing application program 92 executed by the processor 21 of the server device 2 according to the third embodiment.

Referring to FIG. 32, if it is determined in step S22 that the deletion flag is registered, the client device 1 executes step S131. In step S131, the core control unit 71 of the erasing application program 70 sets a keyword. As described above, the core control unit 71 sets the keyword by, for example, generating the keyword inside the client device 1. After executing step S131, the client device 1 executes step S23A instead of step S23. In step S23A, the core control unit 71 uses the communication device 15 to transmit information on the client device 1, information on the storage device 13, and keywords to the server device 2. After executing step S23A, the process proceeds to step S24.

Referring to FIG. 33, the server device 2 executes step S55A instead of step S55. In step S55A, the server device 2 determines whether or not the information on the client device 1, the information on the storage device 13, and the keyword have been received from the client device 1. If YES, the process proceeds to step S56; if NO, the server device 2 returns to step S51.

In step S56, the server device 2 generates a processing number and transmits it to the client device 1. Next, in step S141, the server device 2 updates the keyword table by adding the keyword received in step S55A and the process number generated in step S56 to the keyword table. After executing step S141, the process proceeds to step S57.

After that, if the erasure result is received from the user terminal device 4 in step S59, the process proceeds to step S142. In step S142, the server device 2 collates the keywords included in the keyword table based on the deletion result, and selects the keyword associated with the current deletion operation being executed by the client device 1, that is, the keyword received in step S55A. Select. After executing step S142, the process proceeds to step S60, where the server device 2 reads the selected keyword from the memory 22 or storage device 23 and transmits it to the user terminal device 4.

FIG. 34 is a sequence diagram showing the operation of the system 100 according to the third embodiment when the erasure result information is successfully transmitted via the communication line 6. FIG. 35 is a sequence diagram showing the operation of the system 100 according to the third embodiment when transmission of the erasure result information via the communication line 6 fails.

Referring to FIG. 34, after receiving a response signal from the server device 2 in response to the inquiry about the deletion flag, the client device 1 sets a keyword in step S131. Thereafter, the client device 1 transmits the keyword along with the information on the client device 1 and the information on the storage device 13 to the server device 2 . The server device 2 uses the information of the client device 1 and the information of the storage device 13 that are received by the server device 2 as the information of the client device 1 and the information of the storage device 13 registered in the management table of the server device 2. If they match, a processing number for the storage device 13 of the client device 1 is generated and sent to the client device 1. Furthermore, the server device 2 adds the keyword and the process number to the keyword table and updates the keyword table. If the erasure result information is successfully transmitted via the communication line 6, the client device 1 and the server device 2 operate in the same manner as in the cases of FIGS. 16, 22, and 27.

On the other hand, if the transmission of the deletion result information via the communication line 6 fails, as shown in FIG. 35, the server device 2 collates the keywords included in the keyword table based on the deletion result in step S142, and Select the keyword associated with the current erase operation being performed by 1. Next, the server device 2 transmits the selected keyword to the user terminal device 4.

After that, the client device 1 and the server device 2 execute the remaining steps of the erasing process as in the first embodiment.

FIG. 36 is a diagram showing exemplary contents of the keyword table stored in the memory 22 or storage device 23 of the server device 2 of the third embodiment. The keyword table in FIG. 36 includes a processing number associated with an erasure operation performed on the storage device 13 to be erased, and a keyword generated by the client device 1 equipped with the storage device 13 to be erased. In this case, the server device 2 can select the keyword generated by the client device 1 equipped with the storage device 13 to be erased, based on the process number included in the erase result. The keyword table includes identification information of the storage device 13 to be erased or identification information of the client device 1 equipped with the storage device 13 to be erased, for example, the information of the client device 1 and the information of the storage device included in the management table of FIG. may contain the same information as at least part of. Although FIG. 36 shows a case where the keyword table includes the UUID of the client device 1, it may also include other information regarding the client device 1 or the storage device. Thereby, even when the server device 2 receives keywords from a plurality of client devices 1, an appropriate keyword associated with the current erasing operation being executed by the client device 1 is sent to the user terminal device 4. be able to.

According to the system according to the third embodiment, the client device 1 sets a keyword and sends the keyword from the client device 1 to the server device 2 during execution of the erasure process, so it is similar to the system according to the second embodiment. Furthermore, it becomes unnecessary to distribute keywords to the client device 1 and the server device 2 in advance. Therefore, it is not necessary to provide in advance a special firmware program or application program with embedded keywords for the client device 1 that includes the storage device 13 to be erased.

[Modification of third embodiment]
FIG. 37 is a schematic diagram for explaining the distribution of keywords in the system 100 according to the first modification of the third embodiment. Instead of generating the keyword internally, the client device 1 may set the keyword by acquiring the keyword from an external source, for example, from the user. In step S131 in FIG. 32, the client device 1 may display the window 220 in FIG. 25 on the display device 16 in order to prompt the user to input a keyword. The user inputs a keyword using the input device 17 of the client device 1 . Even if the client device 1 acquires the keyword from outside, the deletion process is executed in the same way as in the cases of FIGS. 32 to 35.

[Effects of the third embodiment, etc.]
According to one aspect of the present disclosure, the client device 1 may generate the keyword internally. In this case, the client device 1 stores the generated keyword as a first keyword in the second storage device 14, and transmits the generated keyword as a second keyword to the server device 2.

This eliminates the need to distribute keywords to the client device 1 and server device 2 in advance.

According to one aspect of the present disclosure, the client device 1 may use the first input device 17 to acquire keywords from the outside. In this case, the client device 1 stores the acquired keyword as a first keyword in the second storage device 14, and transmits the acquired keyword as a second keyword to the server device 2.

This eliminates the need to distribute keywords to the client device 1 and server device 2 in advance.

[Other embodiments]
As described above, the embodiments have been described as examples of the technology disclosed in this application. However, the technology in the present disclosure is not limited to this, and can also be applied to embodiments in which changes, replacements, additions, omissions, etc. are made as appropriate. Furthermore, it is also possible to create a new embodiment by combining the components described in the above embodiments.

Therefore, other embodiments will be illustrated below.

In the second embodiment, a case has been described in which the server device 2 sets a keyword before receiving an inquiry about the deletion flag from the client device 1. Alternatively, the server device 2 may randomly generate a keyword after receiving an inquiry about the deletion flag from the client device 1.

When the administrator accesses the server device 2 via the administrator device 3, the display device 26 and input device 27 of the server device 2 may be omitted.

After erasing the data stored in the storage device 13, the client device 1 may verify that the data has been erased. The client device 1 transmits the verification result to the server device 2 via the communication line 6. However, if the verification result cannot be transmitted from the client device 1 to the server device 2, the client device 1 may generate a two-dimensional barcode including the verification result and display it on the display device 26. As a result, a user or administrator who can access the client device 1 can photograph a two-dimensional barcode using the user terminal device 4, and send the verification results included in the two-dimensional barcode from the user terminal device 4 to the server device 2. Can be sent. When generating a two-dimensional barcode containing the verification result, keywords can be used in the same way as when generating a two-dimensional barcode containing erasure completion information in order to reliably transmit the verification result to the server device 2. .

When issuing erasure permission, it may be possible to issue it by specifying the model. In addition to the model, user information may be written in the notes, and if the user has a different model from the specified model, permission to delete the specified model may be issued. A list of designated models may be displayed, and the administrator may issue erasure permission. This allows models with predetermined characteristics to be discarded and models without predetermined characteristics to be discarded (for example, both notebook and tablet computer formats (so-called This has the effect that the client device 1 can be managed in a way that reflects the user's intentions. This has the effect that, for example, older models can be discarded first.

Furthermore, erasure permission may be issued by specifying the manufacturer of the storage device 13. This has the effect of eliminating client devices 1 supplied from manufacturers that are prone to failures.

Furthermore, the management table of the server device 2 may have a remarks column into which any character string can be entered. By writing user information in the notes column, it is possible to create a list of users using a plurality of client devices 1 and issue deletion permission. This has the effect that the total number of client devices 1 can be reduced. Furthermore, by writing user information in the notes column, it becomes easy to handle a plurality of client devices 1 in units of departments, sections, or the like.

In addition, the S. M. A. R. T. By transmitting information (Self-Monitoring Analysis and Reporting Technology) to the server device 2, a client device 1 in a bad state may be discovered, and erasure permission may be issued based on the information. S. M. A. R. T. In order to evaluate the state of the storage device 13 based on the information, for example, the number of sectors that have been substituted, the number of times the power is turned on, the error rate caused by impact, the length of use time, the temperature, and the above parameters from the perspective of the server device 2. Incremental amounts, combinations thereof, etc. may also be used. In the client device 1, S. M. A. R. T. The state of the client device 1 may be calculated based on the information, and the state may be sent to the server device 2 as note information. Registered client device 1 periodically performs S. M. A. R. T. By sending the information to the server device 2, the server device 2 may be able to grasp the status of all client devices 1. The registered client device 1 periodically updates the S. M. A. R. T. The state of the client device 1 may be calculated based on the information, and the state may be sent to the server device 2 as note information, so that the server device 2 can grasp the state of all the client devices 1. This has the effect that client devices 1 in poor condition can be targeted for disposal.

Further, by sending the usage time of the client device 1 to the server device 2, a client device 1 in a bad condition may be discovered, and erasure permission may be issued based on that information. The usage time of the client device 1 may be sent to the server device 2 as comment information. This has the effect that client devices 1 that have been used for a long time can be discarded first.

Alternatively, the stress information of the client device 1 may be sent to the server device 2 to discover a client device 1 that is in a bad state and issue erasure permission based on that information. The stress of the client device 1 may be sent to the server device 2 as note information. This has the effect that client devices 1 that have been used in a high-load environment can be discarded.

In the examples shown in FIGS. 11, 13, 16, and 17, the inquiry about the erasure flag and the transmission of information about the client device 1 and the storage device 13 are performed separately from the client device 1 to the server device 2. , these communications may occur simultaneously. When the server device 2 receives information about the client device 1 and the storage device 13 from the client device 1, it may be assumed that the inquiry about the deletion flag has been received.

In the examples shown in FIGS. 11 to 13, FIG. 16, and FIG. 17, the client device 1 is restarted and the erasing process is shifted from a combination of the application program 70 and the firmware program 50 to an erasing process using only the firmware program 50. I explained the case. However, the client device 1 may be configured to shift from erasing processing using a combination of the application program 70 and firmware program 50 to erasing processing using only the firmware program 50 without rebooting.

In the example of FIG. 2, a case has been described in which the client device 1 includes only one storage device 13 from which stored data should be erased, but the client device 1 includes a plurality of storage devices from which stored data should be erased. 13 may be provided. The plurality of storage devices 13 may be configured as, for example, a RAID (Redundant Array of Inexpensive Disks) device. In this case, the plurality of storage devices 13 are treated as an integrated device, and the data stored therein is erased as one unit. Further, the plurality of storage devices 13 may be handled individually, and the data stored therein may be individually erased.

When erasing data stored in the storage device 13, if secure erase is specified as the erasing method but it fails and the overwriting three times erasing is performed as an alternative and is successful, the erasing result information is the overwriting three times erasing. is described. The firmware program 50 presets alternative processing in the event of a failure in erasing. For example, each time erasing fails, the erasing method may be changed in the following order: secure erase → overwrite three times → overwrite once.

As described above, the embodiments have been described as examples of the technology in the present disclosure. To that end, the accompanying drawings and detailed description have been provided.

Therefore, among the components described in the attached drawings and detailed description, there are not only components that are essential for solving the problem, but also components that are not essential for solving the problem, in order to exemplify the above technology. may also be included. Therefore, just because these non-essential components are described in the accompanying drawings or detailed description, it should not be immediately determined that those non-essential components are essential.

Moreover, since the above-described embodiments are for illustrating the technology of the present disclosure, various changes, substitutions, additions, omissions, etc. can be made within the scope of the claims or equivalents thereof.

An electronic device according to one aspect of the present disclosure is useful for erasing data stored in a storage device.

1,1-1 to 1-3 Client device 2 Server device 3 Administrator device 4 User terminal device 5 Base station device 6 Communication line 10 Bus 11 Processor 12 Memory 13 Storage device 14 Storage device 15 Communication device 16 Display device 17 Input device 20 Bus 21 Processor 22 Memory 23 Storage device 25 Communication device 26 Display device 27 Input device 30 Bus 31 Processor 32 Memory 33 Storage device 35 Communication device 36 Display device 37 Input device 40 Bus 41 Processor 42 Memory 43 Storage device 45 Communication device 46 Display Device 47 Input device 48 Imaging device 50 Firmware program 51 Core control section 52 Erasing control section 53 Data encoding section 54 Two-dimensional barcode generation section 60 Operating system 61 Device information monitor 62 Power management section 70 Erasing application program 71 Core control section 81 Core control unit 82 Reading unit 83 Writing unit 84 Erasing unit 91 Operating system 92 Erasing application program 100 System 200 Display screen 201 Two-dimensional barcode 202 Input field 211 Keyword 220 Window 221 Input field

Claims (14)

A system for erasing data stored in a storage device of at least one electronic device, the system comprising:
The system includes the at least one electronic device, a server device, and a terminal device,
The electronic device includes a first storage device that stores data to be erased, a second storage device that stores a first keyword, a first display device, and a first input device,
The server device includes a third storage device that stores a second keyword,
The terminal device includes a photographing device and a second display device,
The electronic device erases the data stored in the first storage device, and writes a graphic code including erasure completion information indicating that erasure of the data stored in the first storage device is completed to the first storage device. displayed on the display device,
The terminal device photographs the graphic code using the photographing device, extracts the erasure completion information from the graphic code, and transmits the erasure completion information to the server device;
The server device receives the erasure completion information from the terminal device, reads the second keyword from the third storage device, and transmits the second keyword to the terminal device,
The terminal device receives the second keyword from the server device and displays the keyword on the second display device,
The electronic device acquires the second keyword input via the first input device, and stores the second keyword input via the first input device in the second storage device. shutting down the electronic device if the first keyword stored in the first keyword matches the first keyword;
system. The first storage device stores data including an operating system, application programs, and user data;
The second storage device further stores a firmware program;
the electronic device erases all data stored in the first storage device by executing the firmware program;
The system of claim 1. The first keyword is embedded in the firmware program in advance.
The system according to claim 2. The server device generates a keyword internally, transmits the generated keyword as the first keyword to the electronic device, and stores the generated keyword as the second keyword in the third storage device. ,
The system of claim 1. The server device further includes a second input device 27 or 37 that acquires a keyword from the outside, transmits the acquired keyword as the first keyword to the electronic device, and transmits the acquired keyword to the second keyword. storing it in the third storage device as a keyword;
The system of claim 1. The third storage device stores a plurality of second keywords respectively associated with a plurality of erasing operations executed at a plurality of mutually different points in time;
The erasure completion information includes an erasure start time,
The server device reads a second keyword associated with the current erasure operation from the third storage device based on the erasure start time included in the erasure completion information received from the terminal device. send to,
The system according to claim 4 or 5. The third storage device stores a plurality of process numbers and a plurality of second keywords respectively associated with a plurality of erasing operations executed at a plurality of mutually different points in time,
The erasure completion information includes the processing number,
The server device reads a second keyword associated with the current erasing operation from the third storage device based on the process number included in the erasure completion information received from the terminal device, and sends the second keyword to the terminal device. Send,
The system according to claim 4 or 5. The electronic device generates a keyword internally, stores the generated keyword as the first keyword in the second storage device, and transmits the generated keyword as the second keyword to the server device. ,
The system of claim 1. The electronic device acquires a keyword from the outside using the first input device, stores the acquired keyword as the first keyword in the second storage device, and stores the acquired keyword as the second keyword. to the server device as a keyword of
The system of claim 1. the graphic code is a two-dimensional barcode;
The system of claim 1. The electronic device includes:
After erasing the data stored in the first storage device, transmitting the erasure completion information to the server device;
If an acknowledgment signal for the transmitted erasure completion information is received from the server device within a predetermined period, shutting down the electronic device without displaying the graphic code on the first display device;
displaying the graphical code on the first display device if the acknowledgment signal is not received from the server device within the predetermined period;
The system of claim 1. The server device includes:
obtaining the erasure completion information from the electronic device;
issuing an erasure certificate certifying that erasure of data stored in the first storage device is completed based on the erasure completion information;
The system according to claim 1 or 10. An electronic device that processes information,
a first storage device that stores data to be erased;
a second storage device that stores the first keyword;
a first display device that displays information;
a first input device that receives input from a user of the electronic device;
a processor that controls the electronic device;
The processor includes:
erasing data stored in the first storage device;
displaying on the first display device a graphic code including erasure completion information indicating that erasure of the data stored in the first storage device has been completed;
acquiring a second keyword obtained by the user transmitting erasure completion information included in the graphic code to a server device via the first input device;
comparing the second keyword with the first keyword stored in the second storage device and shutting down the electronic device if they match;
electronic equipment. A method of operating a system for erasing data stored on a storage device of at least one electronic device, the method comprising:
The system includes the at least one electronic device, a server device, and a terminal device,
The electronic device includes a first storage device that stores data to be erased, a second storage device that stores a first keyword, a first display device, and a first input device,
The server device includes a third storage device that stores a second keyword,
The terminal device includes a photographing device and a second display device,
The method of operation is
The electronic device erases the data stored in the first storage device, and sends a graphic code containing erasure completion information indicating that erasure of the data stored in the first storage device is completed to the first storage device. displaying on a display device;
Photographing the graphic code using the photographing device by the terminal device, extracting the erasure completion information from the graphic code, and transmitting the erasure completion information to the server device;
The server device receives the erasure completion information from the terminal device, reads the second keyword from the third storage device, and transmits the second keyword to the terminal device;
receiving the second keyword from the server device by the terminal device and displaying the keyword on the second display device;
The second keyword input via the first input device is acquired by the electronic device, and the second keyword input via the first input device is stored in the second storage device. and shutting down the electronic device if the first keyword stored in the electronic device matches the first keyword stored in the electronic device.
How it works.

Images