JP4931543B2 - Information device and computer program - Google Patents

Description

  The present invention prevents leakage of important information such as personal information due to loss or theft of a portable information device (a general term for PC and PDA) such as a notebook computer (Personal Computer) and a PDA (Personal Digital Assistance). In particular, it restricts the retention of data in the portable information device body that is prone to theft and loss due to its asset value, and does not retain any information generated or owned by the user in the body And a computer program that forcibly holds setting information and the like essential for the operation of the portable information device in a hard disk device in the portable electronic device provided separately from the main body And an electronic device that provides a means to prevent the loss or theft of the independent portable electronic device itself and the built-in hard disk. It is.

  Portable information devices such as notebook computers and PDAs are small and portable, so they can be used freely at the destination and provide great convenience. However, these portable information devices are more likely to be misplaced or stolen while on the move than fixed information devices that are placed on a desk or the like, and leakage of important information such as personal information stored there is likely to occur. It has become a social problem frequently. In the future, it is expected that the situation will be the same in the telephone directory of mobile phones with built-in hard disks.

  Conventionally, as a general means for preventing leakage of information stored in a portable information device, it has been encrypted from a portable information device by encrypting information stored in a long-term storage device such as a built-in hard disk Even if information is leaked, it is difficult to decrypt the information, and the third party cannot know the actual information. However, even if it is encrypted, if it is leaked, it will be treated as a case in the media, so there is a strong demand that the information owned by the user is not completely present in the portable information device, but until now there has been a risk of information leakage. On the other hand, the user's important information must be put on the internal hard disk in the portable information device.

  As one of the techniques described above, an external auxiliary storage device configured to be externally connectable to a portable device and capable of storing data received from the portable device in an external storage medium, In order to ensure confidentiality, a device that encrypts / decrypts data between the portable device and the external storage medium has been proposed (see Patent Document 1).

  A portable electronic device having a disk, a semiconductor memory, and a CPU in which a program for executing a main function is communicated with a portable terminal via a wireless line, the portable electronic device being mounted In order to improve the confidentiality of data transmitted and received between the device and the portable terminal, it is possible to perform electronic authentication or communicate when the distance between the portable electronic device and the portable terminal is within a predetermined distance Has been proposed (see Patent Document 2).

JP 2004-127183 A JP 2004-252552 A

  However, in the technique described in Patent Document 1 described above, since the external storage medium can be freely inserted and removed from the portable device, there is a high risk that the external storage medium itself will be lost. As long as the current encryption technology is used, no matter what encryption technology is used for the data, the possibility of illegal decryption cannot be denied 100%. In addition, as a social fact, even if it is difficult to access information by encryption, it will be immediately judged that information will be leaked if the storage device containing the information is delivered to a third party. The impact of credit loss is significant.

  In the technique described in Patent Document 2 described above, the portable electronic device itself is easily lost, and no countermeasures against information leakage can be found. Therefore, similarly to the technique described in Patent Document 1, there is a high risk of stored data being leaked.

  Accordingly, the present invention provides a portable electronic device with a built-in hard disk device separately from the portable information device main body so that information is not stored in the portable information device that is likely to cause information leakage. An object of the present invention is to provide an electronic device capable of preventing leakage of important information owned by a user by preparing a protective means for preventing loss or theft of the portable electronic device.

In order to achieve the above object, an information device according to one aspect of the present invention provides:
It is possible to specify the management permission data including the management target information to be managed and the access permission output permission / inhibition state that is associated with each management target data and that is an output permission state of the external output for permitting access to the management target data. output environmental restriction data is the information management apparatus capable of data communication configured with storage means you store, the management object data or the management object data can output an external output the processed data after the processing to the external device Means for accessing the management target data stored in the information management device and capable of performing information processing on the accessed management target data ,
An information device-side storage unit that is provided inside the information device and capable of storing the management target data or post-processing data after processing the management target data ;
Execution processing means for executing a computer program for performing information processing based on the management target data ;
Communication means for transmitting and receiving data to and from the information management device;
Receiving output environment restriction data corresponding to the management target data, which is transmitted before the management target data is transmitted from the information management device in response to access to the management target data, and outputting the data in the external output means Output permission state transition means for shifting the permission state to the access permission output permission state specified from the received output environment restriction data;
Have
The execution processing means is configured to send the management target data or the post- processing when the user requests a storage process of the management target data transmitted from the information management apparatus or the post-processing data after processing the management target data. Prohibiting storage of data in the information device-side storage means, and transmitting the management target data or processed data to the information management apparatus via the communication means and storing the data in the storage means of the information management apparatus Features.

The output environment restriction data is output environment restriction data that can specify an individual access permission output permission / inhibition state corresponding to the location of the information device,
It has a location information acquisition means for acquiring location information that can identify the location of the information device,
The output enable / disable state transition means shifts to the output permission output enable / disable state corresponding to the location specified from the output environment restriction data received from the information management apparatus and the location information acquired by the location information acquisition means. You may make it perform transfer of .

According to one aspect of the present invention, a computer program includes management target data including management target information to be managed, and whether or not to output an external output that is associated with each management target data and permits access to the management target data. is the information management apparatus capable of data communication configured with storage means you store a particular possible output environment restrict data access permission output permission condition is a condition, after processing the object data or the management object data An external output means capable of outputting post-processing data to an external device, an information device-side storage means capable of storing the management target data or post-processing data after processing the management target data, and the information management device; Communication means for performing transmission and reception of the data, access to the management target data stored in the information management device, Computer capable of performing information processing related managed data accessed,
When the management request data transmitted from the information management apparatus or the storage processing of the processed data after processing the managed data is requested by the user, the information device side of the managed data or the processed data Management target data transmission processing means for prohibiting storage in storage means, transmitting the management target data or post-processing data to the information management apparatus and storing it in the storage means of the information management apparatus ;
Receiving output environment restriction data corresponding to the management target data, which is transmitted before the management target data is transmitted from the information management device in response to access to the management target data, and outputting the data in the external output means It is made to function as output permission state transition means for shifting the permission state to the access permission output permission state specified from the received output environment restriction data .

  According to the present invention, an information device such as a personal computer or a cellular phone is physically separated into a “part that accepts a human operation and has a predetermined calculation function” and a “part that stores the created information”. Therefore, even if the portable information device is lost or stolen, it is possible to prevent leakage of information created using the information device. In addition, even in an office, the portable electronic device is stored in a drawer of a desk that can lock the portable electronic device, and can be used / stored separately from the portable information device. The portable electronic device can be protected from theft and prevent information from being leaked. Furthermore, if a wireless connection is used here, the presence of the portable electronic device is also completely hidden visually, which is a more perfect prevention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram illustrating a usage state of an electronic device 1 according to an example of the present invention. As shown in the figure, the electronic apparatus 1 is configured to be carried by being attached to a belt 2 worn by a person, and is provided in the electronic apparatus 1 with a hard disk drive 4 to be described later mounted thereon. By connecting to the USB port of the external personal computer (hereinafter referred to as “external PC”) 3 from the USB port 106 via a USB cable, the data communication is used.

  Next, FIG. 2 schematically shows a configuration example of the electronic apparatus 1. As shown in FIG. 1, the electronic device 1 includes a lid portion 11 and a main body 12.

  The lid portion 11 is for opening and closing a storage portion 12 b for storing the hard disk drive 4, and a key 101 corresponding to a key hole 102 provided in the main body 12 is attached.

  A warning buzzer 103 for issuing a warning in a predetermined warning state is attached to the lower surface of the lid portion 11. That is, the warning buzzer 103 emits a warning sound when an opening / closing sensor 104 (to be described later) detects the opening of the lid part 11 or when the pressure sensitive sensor 105 detects that the hard disk drive 4 is removed from the storage part 12b. .

  The sound of the warning may be changed depending on whether the alarm sensor 104 uses the open / close sensor 104 or the pressure sensor 105.

  A key hole 102 corresponding to the key 101 of the lid 11 is provided on the front surface of the main body 12. The inside of the main body 12 includes a control unit 12a and a storage unit 12b.

  The control unit 12a includes an open / close sensor 104, a pressure sensitive sensor 105, a USB port 106, a printed circuit board 107, a storage battery 108, and a connector 109.

  The open / close sensor 104 is a sensor that monitors and detects the open / closed state of the lid 11. For example, a non-contact infrared sensor is used and is electrically connected to the printed circuit board 107.

The pressure-sensitive sensor 105 is a sensor that detects whether or not the hard disk drive 4 is inserted into the storage unit 12b, and detects the pressing force applied to the inner wall of the storage unit 12b by storing the hard disk drive 4, It is monitored whether or not the hard disk drive 4 is inserted. The pressure sensor 105 is also electrically connected to the printed circuit board 107.
The pressure sensor 105 may be configured as a contact sensor that detects physical contact between the hard disk drive 4 and the storage unit 12b and monitors whether the hard disk drive 4 is inserted in the storage unit 12b.

  The USB port 106 is a transmission / reception unit corresponding to the interface of the USB key 5 conforming to the USB standard and the external PC 3, and can transmit / receive data to / from the external PC 3 by being connected to the external PC 3 via a USB cable. It has become. The USB port 106 is electrically connected to the printed circuit board 107.

  The printed circuit board 107 includes a CPU, a RAM, a ROM, and a controller for performing processing according to the control program. As a result, data communication with the external PC 3 and the USB key 5 and data writing to or reading from the hard disk drive 4 are possible.

  The storage battery 108 is an internal power source that supplies power for operating the electronic device 1.

  When the electronic apparatus 1 is connected to the external PC 3 via the USB port 106, the electronic apparatus 1 can be operated by receiving power supply from the external PC 3 via the USB port 106. At this time, the storage battery 108 may be charged.

  In addition, a power jack may be provided at a predetermined location and an AC adapter plug may be connected to enable power supply from an external power source and charging of the storage battery 108 as an internal power source.

  The storage portion 12b is a space for storing the hard disk drive 4 and has a connector 109 for connecting to the connector 110 on the hard disk drive 4 side on the bottom surface. When the hard disk drive 4 is inserted into the storage unit 12b, the electronic device 1 and the hard disk drive 4 include a connector 109 provided on the bottom surface of the storage unit 12b of the electronic device 1 and a connector 110 provided on the hard disk drive 4. The electronic device 1 functions as a storage device.

  The hard disk drive 4 is an IDE device that exchanges data through an IDE interface and writes and reads data to and from a disk coated with a magnetic material as a storage medium.

  The hard disk drive 4 is provided with a connector 110 for allowing data communication with the electronic device 1. The connector 110 on the hard disk drive 4 side and the connector 109 on the electronic device 1 side are connected to form an integral unit. Composed.

  The USB key 5 is used to block the function of the open / close sensor 104 or the pressure sensor 105 when a person with a legitimate access authority pulls out the hard disk drive 4 from the storage unit 12 b and is connected to the USB port 106. It has a possible USB connector, and stores an authentication code for authenticating access authority. The USB key 5 is small and easy to carry, and is managed only by a person having a proper access authority.

  The USB key 5 used for authenticating whether or not the person has the authority to extract the hard disk drive 4 may be a button having a fingerprint authentication function. Further, authentication using an IC card has the same effect. The IC card is obtained by embedding a memory and a CPU in a thin plastic card, for example. Authentication information can be stored in a memory in the IC card and inserted into an IC card reader provided in the electronic apparatus. As shown in FIG. 3, a stopper 13 for attaching the electronic device 1 to the belt 2 is provided on the back surface of the main body 12.

  By passing the belt 2 through the stopper 13, the belt 2 and the electronic device 1 are integrated, and the electronic device 1 can be carried.

  Next, FIG. 4 is a diagram for explaining each functional block mounted on the printed circuit board 107.

  On the printed circuit board 107, a CPU 201, a RAM 202, a ROM 203, and a controller 204 are connected to each other via a bus.

  The CPU 201 executes computer programs and file systems stored in the RAM 202 and ROM 203, and controls the operation of the control unit in an integrated manner.

  Further, data transferred from the external PC 3 via the USB port 106 is written and stored in the hard disk drive 4, or the stored data is read and transferred to the external PC 3 via the USB port 106.

  The RAM 202 is a volatile memory and forms a work area for the CPU 201.

  The ROM 203 is a non-volatile memory that stores a program necessary for the operation of the CPU 201 and provides it.

  The USB controller 204a controls data transfer between the external PC 3 and the USB key 5 and the electronic apparatus 1 performed via the USB port 106 based on the USB protocol.

  The disk controller 204b operates according to an instruction of a program executed by the CPU 201, and controls the hard disk drive 4 via the connector 109 based on a predetermined protocol.

  The sensor controller 204c controls signals received from the open / close sensor 104 and the pressure sensor 105 based on a predetermined protocol.

  Next, the configuration of the control unit realized by the CPU 201 executing the computer program will be described.

  The CPU 201 executes predetermined computer control units such as a data communication unit, a split key storage unit, an information control processing unit, an encryption / decryption processing unit, a key data erasing unit, a sensor monitoring unit, and a sensor blocking unit by executing a computer program. Constitute.

  Based on the output request from the external PC 3, the data communication unit extracts the requested data from the hard disk drive 4 and transmits it to the external PC 3. Further, based on an input request from the external PC 3, data received from the external PC 3 is recorded in the hard disk drive 4. The split key storage unit stores one of the split keys generated by splitting the secret key on the RAM 202.

  When the information control processing unit receives a signal from the extraction sensor that detects the extraction state of the hard disk drive 4, the information control processing unit sounds the warning buzzer and calculates the time elapsed since the warning buzzer started to sound. When it is calculated that a predetermined time has elapsed, the key data erasure unit is operated to erase the divided key data stored on the RAM in the electronic device 1. Specifically, the RAM can be erased by stopping energization.

  On the other hand, when the USB key 5 having an authentication code that matches the authentication code stored in the electronic device 1 is inserted, the sensor shut-off unit is operated to hold the divided key data on the RAM 202.

  The encryption / decryption processing unit generates a secret key from the split key of the secret key received from the external PC 3 by the data communication unit and the split key on the RAM 202 when communicably connected to the external PC 3, and generates the generated secret The profile information and business data stored in the hard disk drive 4 are encrypted with the key, and the encrypted data received from the external PC 3 is decrypted.

  The key data erasing unit volatilizes and erases the divided keys stored on the RAM 202 of the electronic device 1 by stopping energization of the RAM in response to a command from the information control processing unit.

  The sensor monitoring unit detects signals from the open / close sensor 104 and the pressure sensor 105, and transmits a signal indicating whether or not the hard disk drive 4 is inserted into the storage unit 12b to the information processing control unit.

  The sensor blocking unit blocks signals from the open / close sensor 104 and the pressure sensitive sensor 105 in response to a command from the information control processing unit.

  FIG. 5 shows functional blocks of the external PC 3.

  The external PC 3 includes a hard disk device 301, a RAM 302, an execution processing unit 303, and a communication processing unit 304 as shown in FIG.

  The hard disk device 301 stores an operating system program and predetermined application programs (for example, a document creation computer program, a spreadsheet computer program, and other predetermined business computer programs).

  Further, profile information necessary for starting the operating system and business data created by the user by executing these computer programs can be stored.

  In the present embodiment, profile information and business data created by the execution processing unit 303 are stored in the hard disk drive 4 of the electronic apparatus 1, and are not stored in the hard disk apparatus 301.

  The hard disk device 301 stores logical address information of profile information stored in the hard disk drive 4 of the electronic device 1 as location information of the file.

  The RAM 302 is a memory for developing a computer program to be executed by the execution processing unit.

  The execution processing unit 303 executes a predetermined program by executing a computer program, and can be configured by a CPU and a computer program.

  The execution processing unit 303 can create a business file by executing an application program stored in the hard disk device 301. At this time, if the user requests to save the created business file, the execution processing unit 303 transmits the created business file data to the electronic device 1 without storing the created business file data in the hard disk device 301. To come to remember.

  The execution processing unit 303 reads and processes a business file stored in the hard disk drive 4 of the electronic device 1 without reading from the hard disk device 301 when a user requests to read the business file. To do.

  Further, the execution processing unit 301 transmits the business file stored in the hard disk device 301 and the profile information necessary for starting the operating system to the electronic device 1 and stores them in the hard disk drive 4. Yes.

  The processing of the external PC 3 will be described with reference to FIG.

  First, as an initial setting when using the electronic apparatus 1, profile information and a computer program are stored in the hard disk drive 4, and these are set by the program so that they cannot be stored in the external PC 3.

  First, when the power of the external PC 3 is turned on, the execution processing unit 303 reads out address information in which OS profile information is stored from the hard disk device 301, and uses the read address information via the communication processing unit 304. The electronic device 1 is notified to request reading of the profile information (S301).

  Here, since the OS profile information is stored in the hard disk drive 4 of the electronic apparatus 1, the address information is address information in which the profile information is stored in the hard disk drive 4.

  The execution processing unit 303 determines whether the profile information has been read from the electronic device 1 via the communication processing unit 304.

  As a result of the determination, when profile information cannot be read, that is, when communication with the electronic device 1 is not possible, or when the electronic device 1 does not have a paired secret key, profile information is falsified, etc. In this case, an error message indicating that the OS cannot be started is displayed, and the process is terminated.

  If the profile information can be read out as a result of the determination, the execution processing unit 303 activates the OS stored in the hard disk device 301 based on the read profile information (S303).

  In response to an instruction from the user, an application program stored in the hard disk drive device 301 is activated (S304).

  When updating previously created business data, the execution processing unit 303 acquires the business data stored in the hard disk drive 4 of the electronic apparatus 1 via the communication processing unit 304 (S305). Note that this processing is not necessary when new business data is created.

  The execution processing unit 303 creates business data in response to a user input (S306). When the creation of the business data is completed from the user and the business data storage request is accepted, the hard disk device 301 is excluded from the drive capable of storing the business data (S307), and the execution processing unit 303 stores the business data. The hard disk drive 4 of the electronic device 1 is selected as a possible drive, business data is transmitted to the electronic device 1, and the business data is stored in the hard disk drive 4 (S309).

  When the business data is subsequently created and stored, the above process is repeated.

  When the external PC 3 is to be terminated, when the user instructs the OS of the external PC 3 to terminate (S310), the execution processing unit 303 reads the OS profile information stored in the hard disk device 301, and performs communication processing. The profile information transmitted to the electronic device 1 via the unit 304 and the transmission completed from the hard disk device 301 is deleted (S312).

  When the profile information received by the electronic device 1 is stored in the hard disk drive 4 and the stored logical address is transmitted to the external PC 3, the execution processing unit 303 receives this via the communication processing unit 304, and the electronic device 1 Is stored in the hard disk device 301 (S312), and the process is terminated.

  Next, processing when using the electronic apparatus 1 configured as described above will be described.

  First, a secret key for encrypting and decrypting data to be transmitted to and received from the electronic device 1 is created in the external PC 3. The created secret key is split into a pair of split keys using SSS. Specifically, the secret key is divided by dividing a secret key indicated by a fixed bit arrangement into two divided keys having a fixed bit arrangement by a predetermined algorithm. One of the divided keys is stored in the main body of the external PC 3 and the other is stored in the RAM 202 area of the electronic apparatus 1. The division key stored in the RAM area 202 can be kept held by a spare battery such as a button battery, for example.

  Further, when the hard disk drive 4 is extracted, an authentication code for authenticating whether or not it has a legitimate authority is stored in the USB key 5 and the electronic device 1.

  Thus, the data communication unit can transmit and receive data between the external PC 3 and the electronic device 1. The encrypted profile information stored in the hard disk drive 4 of the electronic device 1 and the division key on the RAM 202 are transmitted to the external PC 3. Then, the external PC 3 having the corresponding split key generates a secret key from the received split key and the split key held by the external PC 3, decrypts the encrypted profile information, and uses the profile information. Start the OS. As a result, the external PC 3 can perform data processing by the computer program stored in the hard disk device 301.

  Since data communication between the external PC 3 and the electronic device 1 is performed by encrypting data with a secret key, the split key received from the external PC 3 by the encryption / decryption processing unit in the electronic device 1 and the electronic device A secret key is generated from the split key on the one RAM, and the data transmitted to the external PC 3 is encrypted using the secret key, and the encrypted data received from the external PC 3 is decrypted.

  Subsequently, information that is a control process performed by the CPU 201 in order to prevent leakage of information stored in the hard disk drive 4 in response to an act of illegally extracting the hard disk drive 4 from the electronic device 1 in which the hard disk drive 4 is mounted. The leakage prevention process will be described.

  FIG. 7 is a flowchart illustrating an example of information leakage prevention processing of the CPU 201.

  In a state where the hard disk drive 4 is stored in the electronic apparatus 1, the information control processing unit identifies whether or not the USB key 5 is inserted into the USB port 106 (S101).

  When it is identified that the USB key 5 is inserted into the USB port 106, the information control processing unit uses the authentication code stored in the USB key 5 and the authentication code stored in the electronic device 1. If they match (S102), if they match, a command is issued to the sensor shut-off unit to shut off the signals from the open / close sensor 104 and the pressure-sensitive sensor 105, and the series of operation flow is terminated.

  When the information control processing unit determines that the USB key 5 is not inserted into the USB port 106, and the authentication code stored in the inserted USB key 5 and the authentication stored in the electronic device 1 If it is determined that the codes do not match, the information control processing unit waits for reception of a signal from the sensor monitoring unit (S103).

  In a state where no signal is transmitted from the sensor monitoring unit, it is assumed that communication with the hard disk drive 4 is performed by a user having a legitimate access authority, and the use of the user is permitted.

  When the open / close sensor 104 recognizes that the lid 11 of the electronic device 1 has been opened, and when the pressure sensor 105 recognizes that the pressing force by the hard disk drive 4 cannot be detected, the sensor monitoring unit A signal is detected and transmitted to the information control processing unit.

  On the other hand, the information control processing unit sounds a warning buzzer (S104) and measures an elapsed time from the warning buzzer sounding.

  The information control processing unit waits to accept the insertion of the USB key 5 into the USB port 106 (S105). When the information control processing unit recognizes the insertion of the USB key 5, the authentication code stored in the USB key 5; The authentication codes stored in the electronic device 1 are compared (S106), and if they match, a command is issued to the sensor shut-off unit to shut off the signal from the open / close sensor 104 or the pressure sensor 105. As a result, the information control processing unit that has stopped detecting the signal from the open / close sensor 104 or the pressure sensor 105 stops the warning buzzer (S107) and ends the series of operation flow.

  On the other hand, if the USB key 5 is not inserted or authentication of the inserted USB key 5 fails, it is determined whether a predetermined time has elapsed since the alarm buzzer sounded (S108).

  If the predetermined time has not elapsed, it waits to accept the insertion of the USB key 5 continuously.

  In addition, when the signal from the open / close sensor 104 or the pressure sensor 105 is continuously detected and it is determined that a predetermined time has elapsed, the key data erasure unit erases the divided key stored in the RAM 202 area. The operation flow of is terminated.

  In this embodiment, the data communication between the electronic apparatus 1 and the external PC 3 is performed by wired communication using USB, but this may be performed by wireless communication such as Bluetooth.

  In the present embodiment, the external PC 3 configured to be able to perform data communication with the electronic device 1 is a personal computer. However, the external PC 3 can be configured as a mobile phone that stores information in a hard disk drive.

  Further, the hard disk drive 4 in the present embodiment may be a memory such as a non-volatile semiconductor such as a flash memory or a RAM disk.

  Although the electronic device 1 has been described above, the electronic device 1 has a high risk of being stolen or lost when the user removes the belt 2 and leaves it. Therefore, in carrying out the present invention, a belt suitable for mounting the electronic device 1 is proposed, and this is shown in FIG.

  Fig.8 (a) is a front view of the belt 2, FIG.8 (b) shows sectional drawing in (a)-(b) of Fig.8 (a).

  As shown in FIG. 8A, the belt 2 includes a belt skin 401, a retaining hole 402, a buckle 403, a stopper 404, a stopper 405, and a sensor 406.

  The belt skin 401 is made of leather or fiber, and a conductive wire is embedded in the belt skin 404 in parallel with the belt skin 404.

  The stopper hole 402 is a hole for inserting the stopper metal 404, and the belt 2 is tightened by inserting the stopper 404 into the stopper hole 402.

  The buckle 403 is made of an electrical conductor and stops the belt skin 401.

  The stopper 404 is made of an electrical conductor, and the belt 2 is tightened by inserting the stopper 404 into the stopper hole 402.

  The stopper 405 is a ring for passing a portion of the belt skin 401 that contacts the other end of the buckle 403, and is fixed at the position.

  The sensor 406 is a sensor that detects whether the belt 2 is fastened.

  In the belt 2 configured as described above, the conductive wires embedded in the belt skin 401 are in conductive contact with the buckle 403 and the clasp 404 at both ends thereof, as shown in FIG. As shown, the belt 2 is tightened to bring the buckle 403 and the clasp 404 into contact with each other, so that the conductor inside the belt skin 401, the buckle 403, and the clasp 404 constitute an electrical closed circuit. The current flowing through the circuit configured as described above is detected by the sensor 406 to detect whether or not the belt 2 is fastened.

  The apparatus 1 is configured so that the signal from the sensor 406 can be received when the belt 2 is fastened, and the open / close sensor 104 detects the opening of the lid portion 11 as a signal indicating that the conductive state has been released, or If the electronic device 1 receives the same signal as when the pressure sensor 105 detects the removal of the hard disk drive 4, it can detect whether or not the belt 2 is in a worn state, thereby inadvertently detecting the electronic device. It is possible to monitor that the device 1 is not detached from the belt 2.

  For example, the signal transmission / reception between the sensor 406 and the electronic device 1 is performed by embedding a conductive wire in the stopper 13 of the electronic device 1 and exposing the conductive wire at the conductive wire in the belt skin 401 and the attachment position of the electronic device 1. Can be carried out by contact. Alternatively, a battery may be provided at a predetermined portion of the belt 2, a current from the battery may be detected by the sensor 406, and a signal indicating a conductive state may be transmitted from the sensor to the electronic device 1 wirelessly.

  The sensor 406 that detects the conductive state may be configured as a tension sensor that detects the tension applied to the belt 2 when the belt 2 tightens the body. Can be detected. In addition, the sensor that detects the conductive state may be configured as an angle sensor that detects an angle of the buckle 403 and the coupling portion of the clasp with respect to the buckle 403. In this case, the angle is larger than a predetermined angle. Thus, it is possible to detect that the belt 2 has been removed.

  If the belt 2 having the above-described configuration is used in combination with the electronic device 1, the electronic device 1 attached to the belt 2 is not limited to unauthorized removal of the hard disk drive 4. It is possible to prevent it from being removed.

  A second embodiment of the present invention will be described. In the second embodiment, the electronic device 1 that can be carried by a user (user) attached to the belt 2 or the like is an electronic device that stores the data of the business file created in the external PC 3 in the first embodiment. On the other hand, the second embodiment is greatly different in that the information management server 54 is used as an electronic device for storing data of these business files.

  First, FIG. 9 is a system configuration diagram showing an overall image of an information processing system according to the second embodiment to which the present invention is applied.

  The information processing system according to the second embodiment includes an information management server 54 that functions as an electronic apparatus according to the present invention, and the information management server 54 that is connected to the information management server 54 via a network 55 so that data communication is possible. And a notebook personal computer 51 as an information device.

  The information management server 54 according to the second embodiment is a server control unit (not shown) that is a first program execution unit of the present invention, which includes a CPU (Central Processing Unit), a RAM (Random Access Memory), and a ROM (Read Only Memory). ), A server storage unit (not shown) serving as a storage unit in the present invention for storing various data, and a server communication unit (not shown) that transmits and receives data via a network 55 such as a LAN (Local Area Network) or the Internet. (Not shown). A general server computer can be suitably used as the information management server 54 used in the second embodiment.

  The notebook personal computer 51, which is the information device of the present invention used in the second embodiment, is a control functioning as an execution processing means of the present invention comprising a CPU (Central Processing Unit), RAM (Random Access Memory), and ROM (Read Only Memory). Unit (not shown) and an internal storage device (not shown) serving as information device side storage means of the present invention, such as a hard disk drive, and data transmission / reception via a network 55 such as a LAN (Local Area Network) or the Internet. A communication unit (not shown) serving as a communication unit of the present invention and a USB interface unit 53 including a connector to which the USB memory 52 is attached and a USB communication unit that transmits and receives data to and from the USB memory 52 are included. .

  As the notebook personal computer 51 used in the second embodiment, a general personal computer including an input device such as a display and a keyboard capable of displaying various kinds of information can be suitably used.

  In the notebook personal computer 51, a display driver (not shown) is released to output (display) data on a display, or data is output (transmitted) to a network via a communication unit (not shown). It is possible to output (print) data to a printer via the USB interface unit 53 (not shown). Furthermore, the data is output to various applications such as word processors and spreadsheets, processed to create new post-processing data, and the post-processing data is external devices of the present invention such as a display, a network, and a printer. Can also be output. The driver, the communication unit, and the USB interface unit 53 for outputting to the external output device are external output means.

  As shown in FIG. 9, the USB memory 52 connected to the USB interface unit 53 of the notebook personal computer 51 is a storage medium having a square bar shape in cross section, and a flash memory (not shown) that is a nonvolatile memory is included therein. ) Is installed.

  As shown in FIG. 9, there are two types of places where the notebook computer 51 is used: inside the company where the user is employed (inside the company) and as shown in FIG. 10 where there are other places (outside).

  As shown in FIG. 9, when used in the office, the notebook computer 51 is connected to the in-house network 55, and the user stores data stored in the information management server 54 connected to the network 55. Can be displayed on the notebook personal computer 51, printed, processed using an application, or stored in the USB memory 52. Some of the data acquired from the information management server 54 is confidential, and it is necessary to manage the data output environment so that such data is not leaked to a third party.

  On the other hand, as shown in FIG. 10, when the notebook personal computer 51 is connected to a network 55 ′ capable of data communication with the information management server 54 at home or outside, the user can use the network. The data stored in the information management server 54 connected to 55 'is acquired and displayed on the notebook computer 51, displayed, printed, processed using an application, or a USB memory. 52 can be stored.

  Note that the network 55 ′ for connecting to the information management server 54 from home or outside includes, specifically, the Internet, depending on the line to which the server communication unit (not shown) of the information management server 54 is connected. These can be suitably used depending on whether the mobile phone network or the public line network is connected.

  In the second embodiment, data that needs to manage the data output environment so as not to be leaked to a third party in this way, specifically, file data of a business file and the like are managed as data to be managed in the second embodiment. Collectively.

  As shown in FIG. 12, the information management server 54 of the second embodiment stores management target data, user data for appropriately controlling the output environment of the management target data, and output environment restriction data. Yes.

  The user data and the output environment restriction data are XML data described in an XML (eXtensible Markup Language) description format, as shown in FIGS.

  As shown in FIGS. 11 (a) and 11 (b), the user data includes an ID that is user identification information, a password, and a group name that is a group name as identification information of the group to which the user belongs ( Multiple settings are possible). The group name is predetermined.

  For example, FIG. 11A describes user data with an ID “user_1”, a password “PASSWORD_1”, and a group “general user”. FIG. 11B describes user data having an ID of “user_2”, a password of “PASSWORD_2”, a group of “general user”, and “administrator”.

  As shown in FIGS. 12 and 13, the output environment restriction data includes management target data information that is specific information of management target data that is subject to output environment restriction, and restrictions that serve as a method for restricting the output environment of the management target data. It consists mainly of rules (multiple settings are possible).

  First, the management target data information will be described. As shown in FIG. 12, the management target data information includes a server position, an external position, and an apparent position.

  As the server position, data serving as a storage position of management target data in the information management server 54 is stored. The external location is data stored when the management target data is management target data acquired from the in-house information management server 54 (see FIG. 9) and stored in the USB memory 52. Data that is the storage position of the target data is stored. In the apparent position, data that is an apparent storage position for the user to access the management target data stored in the information management server 54 is stored.

  For example, in the apparent position, a “personal folder” determined in advance so that the user can select with few operations in the OS (Operating System) of the notebook personal computer 51 is stored. Based on this information, the user can access the management target data stored in the external location by a simple operation of selecting “personal folder”.

  Next, the restriction rule (multiple settings are possible) will be described. As shown in FIGS. 12 and 13, the restriction rule is composed of application conditions and restriction contents. In the second embodiment, the restriction rule is called a restriction rule in the sense that when the application condition is satisfied, the restriction content is applied to the management target data.

  The application condition includes a user to be applied (multiple settings are possible), a group to be applied (multiple settings are possible), and a location to be applied (multiple settings are possible). When all the conditions regarding the user, group, and place that constitute the application condition are satisfied, the restriction rule is selected as an application target. If you want to apply regardless of the user, group, or location, you do not have to describe the items you do not want to be related.

  In the user, the ID of the user to be applied is described. In addition, all registered users are defined as special IDs, which conform to the IDs of all users. In the group, a group name to be applied is described. In the place, a place name is described as identification information of a place to be applied. The place name is predetermined.

  The restriction content includes restriction content of the user interface, restriction content of the device, and restriction content of the permitted application, and corresponds to the access permission output permission / prohibition state of the present invention.

  The user interface describes whether to permit output of management target data to the desktop and whether to permit output to the screen for each item registered in advance in the menu.

  Whether to allow the device to output (transmit) the management target data to a communication unit (not shown) for data communication via the network, or permit the management target data to be output (printed) to the printer. Whether to allow output (save) of management target data to an internal storage device (not shown), output of management target data to a medium writing device loaded with a writable medium (writing) ) Is permitted or not.

  Note that the network item constituting the output environment restriction data only sets whether to permit output (transmission) to the network, but the data of a specific server (server name) It may be possible to set whether to permit output, output of specific data (other than management target data), and output of data to a specific network (a predetermined range of IP addresses).

  In the permitted application, identification information of all applications permitted to output the management target data is described. Outputting to these applications means that the display and change of the management target data is permitted and the post-processing data (business file) of the present invention is created.

  With the items as described above, as shown in FIG. 12, it is possible to describe a restriction rule that applies loose restrictions when the location is in the company. Specifically, as an application condition, when access to the management target data is desired, the user of the notebook computer 51 is a registered user registered in advance as a user and belongs to the general user group. It is described that the location of the notebook computer 51 is in-house. In addition, as restricted contents, output of management target data to the desktop, output of all menus, output of management target data to the network, output of management target data to an external storage device (USB memory 52 in the second embodiment) Describes that the output of the management target data to the specified application is permitted. On the other hand, in consideration of being a general user group rather than an administrator, output of management target data to a printer, output of management target data to an internal storage device, output of management target data to a medium writing device, Is described as prohibition.

  FIG. 13 exemplifies a restriction rule that applies strict restrictions when the location is outside the company. Specifically, as an application condition, when access to the management target data is desired, the user of the notebook computer 51 is a registered user registered in advance as a user and belongs to any group, and It is described that the location of the notebook computer 51 is outside the company, that is, all registered users. In addition, as a restriction content, it is described that output of a part of menus such as e-mails and output of management target data to an external storage device are permitted. On the other hand, output of management target data to the desktop, output of most menus, output of management target data to the network, output of management target data to the printer, output of management target data to the internal storage device, medium writing device It is described that the output of management target data to and the output of management target data to applications are prohibited.

  FIG. 14 is a diagram illustrating an example of restriction contents according to a location. In this example, the inside and outside of the company are defined first, and also in the company, a case where there are a section that handles confidential information (confidential section) and a section that does not handle confidential information (general section) is defined. Confidential areas are, for example, development areas for new products. In these confidential areas, many employees are highly aware of information leaks, and there are many cases where measures are taken. There is no need. Even when there are three sections with different restriction contents to be applied in this way, if the restriction rule description method according to the second embodiment is used, the loosest restriction contents (for example, only mail prohibition) are applied to the confidential section. The general section is not as loose as the confidential section, but the necessary and sufficient restrictions (for example, e-mail prohibition, printing prohibition, installation prohibition) are necessary for business, and outside the company, severe restrictions (for example, applications) Restriction rules that apply (restriction, copy prohibition, network prohibition) can be described.

  In the second embodiment, the location is set as in-house or outside, but the present invention is not limited to this, and can be determined (specified) by location-location information acquisition (specific) processing described later. Any setting may be used. For example, a necessary number of homes, stations, business partners, etc. may be set as appropriate.

  The notebook computer 51 used in the second embodiment includes the computer program of the present invention that provides a function for limiting the output environment of the management target data based on the above-described output environment restriction data shown in FIGS. A dedicated application program (hereinafter referred to as a restriction application) is installed and is always executed. This restriction application constantly monitors the access to the management target data, the output of the management target data to the network, the output to the printer, and the output to the output destination described in the output environment restriction data. The output is restricted according to the output environment restriction data.

  In addition, although it is set as the structure which always performs the application for a restriction | limiting, this invention is not limited to this, every time it accesses the management object data (business file) predetermined in the output environment restriction data, or A configuration may be adopted in which a restriction application is incorporated into the OS so that it is executed only when necessary to output to the output destination.

  The processing content of the restriction application of the second embodiment will be described based on the sequence diagram of FIG. 17 and the screen diagram of FIG.

  The notebook personal computer 51, which is an information device, can output data to a network 55 and a printer. Various internal applications are stored in the internal storage device, and a USB memory 52, which is an external storage device, is provided. It is connected.

  A plurality of management target data (business files) are stored in the information management server 54 connected so as to be capable of data communication via the network 55, and a plurality of output environment restriction data is stored in association with these management target data. ing. Further, a plurality of user data of users who can use the information management server 54 are stored.

  For example, one output environment restriction data for management target data consisting of a folder containing four files, one output environment data for management target data consisting of a folder containing five files, and one management target consisting of one file The data is stored in association with one output environment restriction data.

  In the second embodiment, as shown in FIG. 12, output environment restriction data for management target data whose apparent position is “personal folder” is stored as output environment restriction data. It is also assumed that output environment restriction data for management target data having other apparent positions, for example, “contract document folder” is also stored.

  Here, when the user inputs an ID and password in the notebook computer 51 and performs a login operation, the restriction application transmits authentication data including the ID and password to the information management server 54. The authentication data is stored in an internal storage device (not shown).

  The information management server 54 performs authentication data acquisition processing and acquires authentication data. Then, an authentication process for determining whether user data in which an ID and a password included in the authentication data are associated is stored is performed, and the determination result is transmitted to the notebook computer 51.

  If the control application of the notebook computer 51 that has received the determination result of the authentication process is a determination result indicating that the authentication process is stored, the log-in is permitted and a predetermined login process is performed. If it is, login is refused.

  In the state where the login is permitted, the restriction application accepts an access operation from the user to the management target data (business file) stored in the information management server 54 (S101). For example, in the screen of FIG. 15, when the “private document 1” stored in the “personal folder” corresponding to the apparent position of the management target data is double-clicked with the mouse, the data is displayed for the word processor application. Is accepted to output.

  The restriction application performs the output environment restriction data acquisition process (S102), and the authentication data stored in the internal storage device (not shown) in the information management server 54 is information that can identify the management target data received ( A file name “external secret document 1”) is transmitted.

  The information management server 54 performs authentication data acquisition processing (S111) and acquires authentication data.

  The information management server 54 that has acquired the authentication data performs an authentication process (S112), and determines whether user data in which an ID and a password included in the authentication data are associated with each other is stored (OK).

  The information management server 54 that has performed the authentication process performs a determination process (S113) to determine whether the result of the authentication process is OK or NG. Send to app.

  If the information management server 54 determines that the result of the authentication process is OK in S113, the information management server 54 performs the output environment restriction data transmission process (S114), and registers “personal folder” as the apparent position of the management target data. The output environment restriction data is specified, and the output environment restriction data is transmitted to the restriction application of the notebook personal computer 51.

  That is, the information management server 54 transmits that the result of the authentication process is NG or the output environment restriction data to the restriction application of the notebook computer 51.

  As described above, the output environment restriction data in the second embodiment associates the management target data with the ID of the user who is permitted to access the management target data. The user data associates an ID of a user who is allowed to access the management target data with a password for authenticating the user.

  When the information management server 54 transmits that the result of the authentication process is NG, the restriction application that performs the output environment restriction data acquisition process (S102) does not perform the subsequent process. A message indicating that access is prohibited or that the management target data is absent is output (displayed).

  When the information management server 54 transmits the output environment restriction data, the restriction application receives the output environment restriction data transmitted based on the execution of the output environment restriction data acquisition process (S102). To do.

  Also, the location information acquisition (identification) processing is performed (S103), and the location is identified. In the second embodiment, if output to the network is enabled, that is, if it is connected to the network, it is specified as in-house, and if output to the network is impossible, it is specified as outside.

  The location may be acquired (specified) by connecting the GPS device to the notebook computer 51. In this case, the GPS information is acquired from the GPS device by the location information acquisition (specific) processing. Then, it is only necessary to acquire (specify) the location.

  In addition, if an RFID (Radio Frequency IDentification) reader / writer is mounted on the notebook computer 51 and an RFID tag that can identify the location is attached to the location, the location can be read by reading the RFID tag from the notebook computer 51. Can be specified. In this case, the location information may be acquired (specified) by acquiring information of the RFID tag in the location information acquisition (specification) processing.

  Then, the restriction application specifies output environment restriction data to be applied based on the user data and the location (S104). Specifically, among the multiple restriction rules included in the output environment restriction data in which “personal folder” is registered as the apparent position of the management target data, the user data of the currently logged-in user and the specified location Identify restriction rules with applicable conditions that fall under. If there is no applicable application condition, no restriction rule is specified.

  The restriction application that specified the restriction rule performs output permission / prohibition state transition processing (S105), and sets the output permission / prohibition state of various output environments according to the restriction contents included in the restriction rule. As a result, for example, the menu is restricted as shown in FIG. 15, or output to the printer is prohibited. In S104, if no restriction rule is specified, an output permission state is set in which all outputs are rejected.

  In the output permission / prohibition state transition process (S105), the control content of the restriction application is set so that execution of the application is permitted or rejected based on the setting value of the permitted application that constitutes the restriction content.

  In the output permission / prohibition state transition process (S105), the control content of the restriction application is set so that the output of data to the network is permitted or rejected based on the setting value of the network constituting the restriction content. . As a result, the control content of the restriction application is set so that data output from any application to the network is permitted or denied.

  Even when data output to the network is prohibited by the control application, an output environment restriction data acquisition process for determining whether to allow access to the management target data from the control application ( It is assumed that the output of data targeted for transmission / reception by the information management server 54 in S102) is allowed.

  Further, in the output permission / prohibition state transition process (S105), the restriction application is configured so that the output (storage) of data to the internal storage device is permitted or rejected based on the setting value of the internal storage device that constitutes the restriction content. Is set. As a result, the control content of the restriction application is set so that output of data from any application to the internal storage device is permitted or denied (prohibited). When the output (storage) of data to the internal storage device is rejected (prohibited), the management target data (business file) whose storage is rejected (prohibited) is transmitted to the information management server 54. And stored in the information management server 54.

  That is, when the setting value of the internal storage device is a setting value for refusing output (storage) of data to the internal storage device, it is stored in the notebook computer 51 and can be activated by the restriction application. Storage of the management target data (business file) created by the permitted application in the internal storage device serving as the information device side storage means is prohibited by the control application, and the management target data (business file data) is transmitted to the communication unit. The information is transmitted to the information management server 54 (electronic device) via (communication means) and stored in the server storage unit (storage means) of the information management server 54 (electronic device).

  The restriction application that sets the output permission status of various output environments according to the restriction contents of the output environment restriction data performs the management object data acquisition process (S106), and the management object data acquisition request that the user tried to access in S101. Is transmitted to the information management server 54, the management target data is acquired from the information management server 54, and an output process corresponding to the user's access is performed. If the output corresponding to the user's access is not permitted in the output enabled / disabled state, the management target data acquisition process (S106) is not performed and the access is prohibited or the management target Output (display) a message that data is absent.

  As described above, based on the output environment restriction data, the output environment of the management target data is restricted according to the user and the location.

  In the notebook personal computer 51 or the information management server 54 used in the second embodiment, a dedicated application program (hereinafter referred to as a creation application) for creating the output environment restriction data shown in FIGS. 12 and 13 is provided. Installed.

  The processing contents of the creation application of the second embodiment will be briefly described based on the screen diagram of FIG. As described above with reference to FIGS. 12 and 13, the output environment restriction data is mainly composed of management target data information and restriction rules (multiple settings are possible) that serve as a method for limiting the output environment of the management target data. Is done. The restriction rule is composed of application conditions and restriction contents.

  The upper part of FIG. 16 is an input area for management target data information, and the lower part of FIG. 16 is an area for inputting one restriction rule. The lower part of FIG. 16 further includes an application condition input area and restriction content input areas (three).

  As an input procedure, the user inputs the managed data information, and operates the “Add restriction rule” button located at the bottom of the input area of the managed data information. In order to start editing a new restriction rule associated with the data information, the application condition and the input contents of the restriction contents are initialized (for example, all are not restricted).

  Then, when the user inputs the application condition and the restriction content and operates the “Register editing rule” button arranged at the bottom of the input area of the management target data information, the creation application A restriction rule composed of the input contents of restriction contents is newly associated with the management target data information, and output environment restriction data is generated and stored.

  In addition, a plurality of restriction rules can be associated with the management target data information. However, when the “rule list” button arranged at the lower part of the input area of the management target data information is operated, it is associated with the management target data information. A rule list screen (not shown) that displays the list of the restricted rules that can be selected is output. When the user selects one restriction rule on the rule list screen, the application condition and restriction contents of the selected restriction rule are reflected in the application condition and restriction contents input in the lower part of FIG.

  In this situation, the application for creation is output by the user entering the applicable conditions and restrictions, and operating the “Register editing rule” button located at the bottom of the input area of the managed data information. A restriction rule composed of application conditions and restriction contents registered in association with the management target data information in the environment restriction data is updated based on the input contents.

  On the other hand, when the user operates the “Delete rule being edited” button located at the bottom of the input area of the management target data information, the creation application is registered in association with the management target data information. Delete restriction rules consisting of conditions and restriction contents from the output environment restriction data.

  As described above, according to the second embodiment, as described above, the setting of the restricted application is set so as to prohibit storage in the internal storage device. Since the notebook personal computer 51 can be physically separated into a “part that receives a human operation and has a predetermined calculation function” and a “part that stores the created information”, it becomes an information device temporarily. Even if the notebook computer 51 is lost or stolen, it is possible to prevent information such as business files that are management target data created (changed) using the notebook computer 51 from being leaked.

  Further, in addition to these effects, in the second embodiment, an information management server 54 that is connected to a computer network that is a data communication network so as to be able to perform data communication, and stores management target data including management target information to be managed; ,

  Data communication means for performing data communication with the information management server 54 via the computer network (data communication network), and the management target data or post-processing data after processing the management target data can be output to an external device A notebook personal computer 51 (information device) that includes at least an external output unit, accesses the management target data stored in the information management server 54 through the data communication unit, and performs information processing on the accessed management target data The information management server 54 can identify an access permission output permission / non-permission state that is an output permission / non-permission state of the external output means for permitting access to the management target data in association with the management target data. In addition to storing output environment restriction data, the notebook computer 51 (information device) Output environment restriction data transmission means for transmitting output environment restriction data corresponding to the management target data to be accessed to the notebook personal computer 51 (information equipment) in response to access from the personal computer, the notebook personal computer 51 (information equipment) By providing an output permission / prohibition state transition means for shifting the output permission / prohibition state in the external output means to the access permission output permission / prohibition state specified from the received output environment restriction data in response to reception of the output environment restriction data. The output environment restriction data corresponding to the management target data is transmitted to the notebook personal computer 51 (information device) as the access target, and the notebook personal computer 51 (information device) enters the access permission output permission state specified from the output environment restriction data. ), The output availability status of the external output means will be automatically shifted. Since the information processing related to the data to be managed and the processed data can be performed in the notebook personal computer 51 (information device) only in the access permission output permitting state in which the function of the copy output means is limited, the thin client server system It is also possible to obtain the same effect at a low cost.

It is the schematic which shows the use condition of the electronic device which concerns on Example 1 of this invention. It is a front perspective view which shows the structure of the electronic device which concerns on Example 1 of this invention. 1 is a rear perspective view showing a configuration of an electronic device according to Embodiment 1 of the present invention. It is a figure which shows the functional block of the electronic device which concerns on Example 1 of this invention. It is a figure which shows the functional block of external PC which concerns on Example 1 of this invention. It is a figure which shows the processing flow of the external PC which concerns on Example 1 of this invention. It is a flowchart which shows an example of the information leakage prevention process of the electronic device which concerns on Example 1 of this invention. It is a figure which shows the belt suitable for the electronic apparatus which concerns on Example 1 of this invention. It is a figure which shows the utilization condition in the company of the information equipment in Example 2 of this invention. It is a figure which shows the utilization condition outside the information apparatus in Example 2 of this invention. (A), (b) is a figure which shows the structure of the user data in Example 2 of this invention. It is a figure which shows the structure of the output environment restriction data in Example 2 of this invention. It is a figure which shows the structure of the output environment restriction data in Example 2 of this invention. It is a figure which shows the restriction | limiting condition of the output environment according to the location in Example 2 of this invention. It is a screen figure which shows the restriction | limiting condition of the output environment of the information equipment to which the output environment restriction data in Example 2 of this invention was applied. It is a screen figure which shows the setting screen of the output environment restriction data in Example 2 of this invention. It is a figure which shows the process of the application for output environment restrictions in Example 2 of this invention.

Explanation of symbols

1 ... Electronic device,
2 ... Belt,
3 ... External PC,
4 ... Hard disk drive
5 ... USB key,
11... Lid
12 .... Main body,
12a ... control unit,
12b ... storage part,
13 .... Stopper,
51 .. Notebook PC 1 (information equipment)
52... USB memory 53... USB interface unit 54... Information management server (server computer)
55... Network (data communication network)
101 ... Key,
102 ... keyhole,
103 ... warning buzzer,
104: Open / close sensor,
105 ... Pressure-sensitive sensor,
106: USB port,
107 ... printed circuit board,
108 ... storage battery,
109 ... Connector,
110 ... Connector,
201 ... CPU,
202 ... RAM,
203 ... ROM,
204a ... USB controller,
204b .. Sensor controller,
204c .. disk controller,
401 ... belt leather,
402 .. retaining hole,
403 ... Buckle,
404 ... clasp,
405: Stopper,
406... Sensor

Claims (3)

It is possible to specify the management permission data including the management target information to be managed and the access permission output permission / inhibition state that is associated with each management target data and that is an output permission state of the external output for permitting access to the management target data. output environmental restriction data is the information management apparatus capable of data communication configured with storage means you store, the management object data or the management object data can output an external output the processed data after the processing to the external device Means for accessing the management target data stored in the information management device and capable of performing information processing on the accessed management target data ,
An information device-side storage unit that is provided inside the information device and capable of storing the management target data or post-processing data after processing the management target data ;
Execution processing means for executing a computer program for performing information processing based on the management target data ;
Communication means for transmitting and receiving data to and from the information management device;
Receiving output environment restriction data corresponding to the management target data, which is transmitted before the management target data is transmitted from the information management device in response to access to the management target data, and outputting the data in the external output means Output permission state transition means for shifting the permission state to the access permission output permission state specified from the received output environment restriction data;
Have
The execution processing means is configured to send the management target data or the post- processing when the user requests a storage process of the management target data transmitted from the information management apparatus or the post-processing data after processing the management target data. Prohibiting storage of data in the information device-side storage means, and transmitting the management target data or processed data to the information management apparatus via the communication means and storing the data in the storage means of the information management apparatus Characteristic information equipment. The output environment restriction data is output environment restriction data that can specify an individual access permission output permission / inhibition state corresponding to the location of the information device,
It has a location information acquisition means for acquiring location information that can identify the location of the information device,
The output enable / disable state transition means shifts to the output permission output enable / disable state corresponding to the location specified from the output environment restriction data received from the information management apparatus and the location information acquired by the location information acquisition means. The information device according to claim 1, wherein the information device is transferred. It is possible to specify the management permission data including the management target information to be managed and the access permission output permission / inhibition state that is associated with each management target data and that is an output permission state of the external output for permitting access to the management target data. output environmental restriction data is the information management apparatus capable of data communication configured with storage means you store, the management object data or the management object data can output an external output the processed data after the processing to the external device Means, information device-side storage means capable of storing the management target data or post-processing data after processing the management target data, and communication means for transmitting / receiving data to / from the information management apparatus. The management object data stored in the information management device is accessed and information processing relating to the accessed management object data is performed. Noh computer,
When the management request data transmitted from the information management apparatus or the storage processing of the processed data after processing the managed data is requested by the user, the information device side of the managed data or the processed data Management target data transmission processing means for prohibiting storage in storage means, transmitting the management target data or post-processing data to the information management apparatus and storing it in the storage means of the information management apparatus ;
Receiving output environment restriction data corresponding to the management target data, which is transmitted before the management target data is transmitted from the information management device in response to access to the management target data, and outputting the data in the external output means Output permission state transition means for shifting the permission state to the access permission output permission state specified from the received output environment restriction data;
A computer program characterized by functioning as a computer program.

Images