JP2500073B2 - Computer device with data security function - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer device having a resume function capable of protecting the confidentiality of data even when the program processing is resumed from the resume state.

[0002] A portable personal computer holds a program, data, etc. being processed in a main storage device (may be referred to as a main memory) when the program process is temporarily suspended, and a system start-up process when the process is restarted. , It has a resume function that can restart the program processing without executing the program start processing.

Alternatively, even in a data terminal device equipped with a non-portable CPU, it is necessary to suspend the data processing once, save the state as it is, and restart it, so that the resume function is required. Has been done.

The computer device having such a resume function interrupts the process in the middle of processing the confidential data and restarts the process from the resume state.
Since the confidential data cannot be protected, if the third person turns on the resume switch and the program processing is restarted, the confidential data is displayed and the confidential data file can be operated and the confidential data may be leaked. was there.

It is an object of the present invention to provide a computer device capable of protecting confidential data without complicating the procedure of the processing after the restart even when the program processing is restarted from the resumed state. To do.

[0006]

2. Description of the Related Art FIG. 7 shows a conventional computer system.
In the figure, 100 is a computer device, 101 is a CP
U and 102 are main memory devices, and 103 is a data processing program, which represents a data processing program stored in the main memory device 102. The confidential data 104 represents the content of the confidential data file 107 stored in the main storage device 102. 105 is a password, which is the input device 1
The password input and set from 10 is set. 10
An auxiliary storage device 6 is a disk device or the like. 1
Reference numeral 07 is a confidential data file, 108 is a normal data file, and is a file for storing non-confidential data. An input device 110 is composed of a keyboard or the like. A display device 111 is a display. A resume switch 112 is turned on when the program processing is interrupted to bring the computer 100 into the resume state and when the program processing is resumed from the resume state.

The operation of the configuration shown in FIGS. 8 and 9 will be described. FIG. 8 shows an operation flow (1) of a conventional computer device having a resume function.

In the figure, 102 is a main memory, and 105
Is the stored password, 104 is confidential data, 107
Is a confidential data file, 110 is an input device, 111 is a display device, and 112 is a resume switch (numbers common to FIG. 7 represent common parts). The flow will be described according to the numbers indicating the illustrated steps.

(1) The password input from the input device 110 is stored (registered) in the main storage device 102. (2), (3) The user inputs the password before starting the system of the computer system. The right-of-use determination process is performed, and if the registered password and the entered password match as a result of the right-of-use process, the system is started.

(4), (5) Enter the password before starting the data processing program. The right-of-use determination process is performed, and if the entered password matches the registered password, the data processing program is started.

(6), (7) When it is necessary to open the confidential data file in the program processing, usage right judgment processing is performed, and the confidential data file is opened when the entered password matches the registered password. . Then, the confidential data file 107 is read into the main memory and the confidential data is displayed on the display device 111. (The above right-of-use determination processing (2) (3) and (4) (5)
(6) One or more of (7) are performed depending on the character of the password set in (1). That is, if the password set in (1) protects the right to use the system, (2) and (3) are performed, and if the right to use the data processing program is protected (4), (5). If it protects the right to use the data itself, (6) (7) is carried out. (8) When the user turns off the resume switch 112, the program processing is interrupted and the computer device is put into the resume state.

(9) The resume switch 112 is turned on by the user or a third party to restart the program processing. (10) Data processing is continued by the data processing program and confidential data held in the main memory. The confidential data is displayed on the display device 111.

(11) Terminate the data processing program. (12) Terminate the system. In the computer having the operation flow (1) of FIG. 8, when the program processing is restarted from the resume state, the program processing is performed by the operation of merely turning on the resume switch 112, and the confidential data file opened is opened. Processing can be resumed. Even if the third party turns on the resume switch 112, the confidential data is displayed on the display and the confidential data file can be operated, so that the confidential data may be leaked to the third party.

FIG. 9 is an operation flow (2) of a conventional computer device having a resume function, and shows a case where data security is measured when data processing is resumed from the resume state.

In the configuration shown in the figure, 102 main storage devices, 1
The 04 confidential data, 105 password, 107 confidential data file, 110 input device, 111 display device and 112 resume switch are the same as those of the same numbers in FIGS. 7 and 8. Further, in the numbers representing the steps of the flow, the same numbers as in FIG. 8 represent the same processing.

The only difference is that in the steps of the flow in the figure, there is a (9 ') usage right determination process. In the flow of FIG. 9, after suspending the data processing to put it in the resume state, when the program processing is restarted, the password is input at (9 ') and the usage right judgment processing is performed. (The flow of FIG. 9 shows an example of the case where the data processing program is in the resume state during the processing of the confidential data. However, in general, the user simply turns off the resume switch to enter the program state. Regardless of the system, it can be resumed at any time from system startup to the end, and it is always (9 ') when restarting from resume.
The right-of-use determination process is performed. Therefore, even if the data processing program is not executed, or even if the data processing program is executed but the confidential data file is not operated, the password is always required to be input by the usage right judgment processing. It )

[0017]

In the conventional computer device having the resume function, as described above, when the program processing is resumed from the resume state, the third person can perform the same operation just by turning on the resume switch. Since the program processing can be restarted, even if the opened file is a confidential data file, the third party could easily read the content (see the flow of FIG. 8).
Further, when the program processing is resumed from the resumed state, the method of inputting the password and performing the usage right judgment processing and then restarting the program processing (refer to FIG. 9) is the same even when the data processing program is not executed. Even if the file opened by the processing program is a normal data file that does not require confidentiality, it is a hassle that requires password input.

It is an object of the present invention to provide a computer device which protects confidential data when resuming program processing from a resumed state and which can be resumed by a troublesome operation.

[0019]

The present invention provides a file name of a confidential data file based on a password file and a password defined for each file name, and an open flag set when the file is open. A usage right table with an area to be set was provided to make it easy to recognize that a confidential data file is open. Then, when resuming the program processing from the resume state, the usage right table is referred to, whether or not the open flag is set is determined, and if any open flag is set, the password input is instructed, When no open flag is set, the program processing and the data processing of the opened file are restarted without performing the usage right determination processing.

FIG. 1 shows the basic configuration of the present invention. In the figure, 1 indicates a process of creating a password file. Reference numeral 2 is a password file creating means for associating a file name of confidential data with a password. A password file 3 is created by the password file creating means 2 and stored in the auxiliary storage device (disk device or the like). Reference numerals 4, 4'are input means for inputting a password and the like. Reference numeral 5 represents a system activation process. 6
Is a usage right table creating means. Reference numeral 7 is a main storage device, which is a data processing program, data such as confidential data,
A usage right table (described later) and the like are stored. 8
Is a usage right table, which stores the file name of the confidential data file, the password specified for each file, and the opened flag.

Reference numeral 9 represents a file open process of the data processing program. Reference numeral 10 is a right-of-use determining means for comparing the input password with the password registered in advance. Reference numeral 11 is a usage right table reference means, which refers to the usage right table and refers to the password corresponding to the file name. Reference numeral 12 is a password determination means for comparing the password input from the input means 4 ′ with the password stored in the usage right table 8. 13 is a flag setting means,
The opened flag of the usage right table 8 is set or released.

Reference numeral 15 is a display process for displaying a password input instruction and a mismatch of the input passwords. Reference numeral 16 denotes a program processing restart processing, which is processing for restarting the program processing from the resume state. 1
Reference numeral 7 represents data processing, and 18 represents interruption processing of program processing. Reference numeral 19 represents a file closing process of the data processing program.

[0023]

The operation of the basic configuration of FIG. 1 will be described. In the figure, the solid line represents the process from creating the password file and starting the system to interrupting the program process in the resume state. The dotted line represents the resumption of program processing from the resume state and the subsequent program processing.

The operation of the configuration shown in the figure will be described according to the numbers showing the flow of the processing in the figure. (1) Password file creation process 1 is started. The password file creating means 1 is activated, and a password input instruction is displayed on the display device (not shown).

(2) The file name and password are input from the input means 4. (A plurality of pairs of file names and passwords are input as necessary) (3) The password file creating means 2 creates the password file 3 in which the password is associated with the file name.

(4) System start processing 5 is performed. (5), (6) The usage right table creating means 6 is activated.
Then, the file name and password are read from the password file 3, and the file name, password, and open flag setting area are associated with the usage right table 8.

(7), (8), (9) The data processing program is started. When the data processing program opens the file, the usage right table reference means 11 references the usage right table 8. If the data processing program is a confidential data file with a password set in the file, the password input instruction is displayed.

(10) When a password is input from the input means 4 ', the password determination means 12 compares the input password with the registered password to determine whether they match. If they do not match, the password is displayed as unmatched and the file is not opened.

(11) If they match, flag setting means 1
3 sets the opened flag in the flag area of the usage right table 8. (12) Then, the file is opened and data processing 1
7 is done.

(13) When the program processing is interrupted in the resume state, the program processing interruption processing 18 is performed (for example, the power of the display device, the disk device, etc. is turned off, and the data in the main storage device is used for data retention). (14) When the data processing 17 ends and the file is closed by the data processing program, the flag setting means 13 cancels the opened flag of the usage right table 8.

(15), (16), (16 ') When the program processing is resumed from the resume state, the usage right table reference means 11 refers to the usage right table 8 to determine whether the opened flag is set or not. To judge. If even one flag is set, the display processing 15 displays a password input instruction.

(17) Then, the password judgment means 12 receives the password inputted from the input means 4 '(processing of (18))
And the password registered in the usage right table 8 are compared.

(19) When the password judgment means 12 recognizes that the input password and the registered password match, the data processing 17 is restarted. (20) If the result of the reference processing (15) of the usage right table reference means 11 in the program processing restart processing 16 is that no opened file is set in the usage right table 8, a password input instruction or use is made. The data processing 17 is restarted without performing the right determination processing.

Subsequent program interruption processing or program restart processing is the same as in the above case.

[0035]

FIG. 2 shows an embodiment of the present invention. In the figure,
Reference numeral 40 is a CPU, 41 is a main memory, and 42 is a data processing program, which is stored in the main memory. Four
Reference numeral 3 denotes a usage right table, which is stored in the main memory. Reference numeral 44 denotes an auxiliary storage device, which is composed of a disk device or the like. A password file 45 is stored in the auxiliary storage device 44. A confidential data file 46 is stored in the auxiliary storage device 44. Reference numeral 48 denotes a password file creating means, which is stored in the auxiliary storage device 44. 50 is a control program,
It is a program that controls the system. 49 is a data processing program. Reference numeral 50 'is a usage right table creating means for creating a usage right table. 5
Reference numeral 0 "is a right-of-use determining means for performing reference to the right-of-use table, password determination, flag setting and cancellation. 51 is a keyboard, 52 is a display, 53 is a resume switch, and 54 is a main power switch. The main power switch of the computer device.

The operation of the embodiment will be described with reference to FIGS. 3, 4, 5 and 6. FIG. 3 shows a flow (1) of the embodiment of the present invention. FIG. 3A is a flow chart of password file creation processing. The password creation process will be described according to the numbers of the illustrated steps (see FIG. 2).

The S1 password file creating means 48 is activated and the program is stored in the main storage device 41. The file name and the password associated with the file name are input from the S2 keyboard 51.

The password file 45 in which the S3 password and the file name are associated with each other is created, and the auxiliary storage device 44
To be stored. FIG. 3B is a flow of the usage right table creating process.

When the S1 system (control program) is activated, the usage right table creating means 50 'is stored in the main memory 41, and the usage right table creating process is started. The S2 usage right table area is secured in the main storage device 41.

The file name and password are read from the S3 password file 45. In the area of the usage right table 43 of the S4 main memory 41,
Store the read file name and password.

FIG. 4 shows a flow (2) of the embodiment of the present invention. The figure shows the file open process by the data processing program. The S1 data processing program 49 is activated and stored in the main storage device 41. The data processing program 42 opens a required file by issuing an open system call prior to data processing.

By issuing the S2 open system call, the usage right decision means 50 "in the control program is activated. The file to be opened is the confidential data file 46.
The right-of-use determining means 50 ″ determines by referring to the right-of-use table 43. If the confidential data file 46, S
If it is the non-confidential normal data file 47, proceed to S8.

If the S3 confidential data file 46 is to be opened, the usage right decision means 50 "starts the usage right decision processing. S4 The password input instruction is displayed on the display 52 and the password entered from the keyboard 51 is displayed. Accept.

S5, S6 Password judging means in the usage right judging means 50 "(not shown in FIG. 2, see FIG. 1)
Determines whether the input password matches the password stored in the usage right table 43. If they match, the process proceeds to S7, and if they do not match, the processes from S4 onward are repeated.

S7 The flag setting means (not shown in FIG. 2, see FIG. 1) in the usage right judging means 50 "sets an open flag in the flag set area of the file name of the usage right table.

S8 Data processing of the target data file is performed. FIG. 5 shows a flow (3) of the embodiment of the present invention. FIG. 5A is a flow of file closing processing of the data processing program.

The processing of the data of the file required by the S1 data processing program 42 is completed and a close system call is issued. When the S2 system call is issued, the usage right determining unit 50 ″ in the control program 50 is activated, the usage right determining unit searches the usage right table 43, and if the file to be closed has been opened, the opened flag in the usage right table is opened. To cancel.

The S3 control program subsequently performs the original file closing process to close the file. FIG. 5B is a flow of the interruption processing of the data processing program.

S1 The user turns off the resume switch 53 to instruct the interruption of the data processing program 42. The S2 control program puts the computer device in the resume state, holds the data processing program in the main storage device as it is, and waits for the restart of the data program process by turning on the resume switch 53.

FIG. 6 shows a flow (4) of the embodiment of the present invention. The figure shows the flow of operations from the resume state. S1 When the user turns on the resume switch 53, the data processing program 4 is resumed from the resume state.
The process of 2 is restarted.

S2, S3 When the control program 50 detects that the resume switch 53 is turned on, the usage right table reference means (not shown in FIG. 2, see FIG. 1) of the usage right determination means 50 "in the control program is used. Table 43
Refer to to determine whether the open flag has been set. If at least one open flag is set, S
4. If not set, proceed to S7.

If the open flag is set in S4, the password judging means of the usage right judging means 50 "displays a password input instruction on the display 52. S5, S6 When the password inputted from the keyboard 51 is accepted, The password judgment means in the usage right judgment means 50 "compares the input password with the password stored in the usage right table 43 and judges whether they match. If they match, the process proceeds to S7, and if they do not match, the processes from S4 onward are repeated.

S7 If no open file is set in the usage right table, data processing of the file is performed.

[0054]

According to the present invention, when the program processing is resumed from the resume state, if the confidential data file is open, the right-of-use determination processing is performed by the password, and if the confidential data file is not opened, the password is input. Program processing is resumed without the need for. Therefore, data security can be protected when the program processing is resumed from the resume state, and if the usage right judgment processing is not required because the confidential data file is not used, it is possible to simply turn on the resume switch. The program processing can be restarted and the program processing can be performed efficiently.

[Brief description of drawings]

FIG. 1 is a diagram showing a basic configuration of the present invention.

FIG. 2 is a diagram showing an example of the present invention.

FIG. 3 is a diagram showing a flow (1) of the embodiment of the present invention.

FIG. 4 is a diagram showing a flow (2) of the embodiment of the present invention.

FIG. 5 is a diagram showing a flow (3) of the embodiment of the present invention.

FIG. 6 is a diagram showing a flow (4) of the embodiment of the present invention.

FIG. 7 is a diagram showing a conventional computer device having a resume function.

FIG. 8 is an operation flow (1) of a conventional computer device having a resume function.

FIG. 9 is a diagram showing an operation flow (2) of the conventional computer device having a resume function.

[Explanation of symbols]

 1: password file creation processing 2: password file creation means 3: password file 4, 4 ': input means 5: system startup processing 6: usage right table creation means 7: main memory 8: usage right table 9: data processing program File open processing 10: usage right determination means 11: usage right table reference means 12: password determination means 13: flag setting means 15: display processing 16: program processing restart processing 17: data processing 18: program processing interruption processing 19: File close processing of data processing program

Claims (1)

(57) [Claims] 1. A password file (3) in which a password is associated with a confidential data file, and for each file
File name and if the file is a confidential data file
Associates the password with the open flag setting area
Digit use right table (8) to the password file (3)
Usage right table creation means that is created by referencing
And (6), and said use right table (8), the file to be opened to input the determined usage rights judgment means whether <br/> or not the confidential data file (10), the password in the program processing the input Means (4, 4 '), the usage right judgment means (10) refers to the usage right table (8) when the file is opened in the program processing, and whether the file is a confidential data file or not. If it is a confidential data file, the password input is instructed, and if the entered password matches the password registered in the usage right table (8), the usage right table
The file to be closed is set by setting the opened flag in the open flag setting area of (8) , and the usage right judgment means (10) refers to the usage right table (8) when closing the file in the program processing. Is a sensitive data file
Its release the open flag, usage rights judgment means when the program is resumed processing from the resume state (10) refers to the usage rights table (8), the open flag is set to use right table (8) if A computer device having a data security function characterized by instructing the password input when the open flag is set and restarting the program processing without instructing the password input when the opened flag is not set.