JP5371105B2 - Installer, information processing apparatus, installation method, and program - Google Patents

Description

  The present invention relates to an installer for installing a new operating system in an information processing apparatus in which an operating system is installed.

  The file system of a personal computer (hereinafter abbreviated as “PC”) has an encryption function that encrypts files and folders and, when authenticated, releases the encryption so that it can be used. (For example, refer to Patent Document 1).

JP 2008-123049 A

  In some cases, confidential information is stored in the hard disk of the PC. Such confidential information is protected by being encrypted or setting a password regardless of whether it is the owner's intentional work or automatic processing. A file whose use is restricted by encryption or the like cannot be restored and referenced without a certificate file (key file), for example.

  If the PC is not in good condition, the OS may be reinstalled. However, when encryption and password calculation elements depend on OS-specific information, the key file and the like are lost when the OS is reinstalled. For this reason, unless the key file or the like is backed up, even if the same user is registered and the same OS is reinstalled, data may not be restored / referenced again.

  This is the same even if the data file is stored in a separate disk drive separately from the OS. It is unexpected for the user that the re-installation of the OS makes it impossible to use a data file stored in another disk drive.

  Since the key file cannot be created from a normal GUI (graphic user interface), it is very troublesome. For this reason, there are many users who have not created a key file.

  Also, some old confidential information may have been forgotten by the user. If the OS is reinstalled without taking any action on such confidential information, the confidential information cannot be accessed thereafter.

  The present invention has been made in view of the above circumstances, and provides an installer, an information processing apparatus, an installation method, and a program that can prevent information whose use is restricted from being used due to installation of an OS. The purpose is to do.

In order to achieve the above object, an installer according to the first aspect of the present invention provides:
An installer that installs a second operating system in an information processing apparatus in which the first operating system is installed,
When installing the second operating system, a detection unit that detects information whose use is restricted from among a plurality of information managed by the first operating system;
A process execution unit that executes a predetermined process for using the information whose use is restricted after installation when the detection unit detects the information whose use is restricted;
Is provided.

In this case, the first operating system and the second operating system are the same,
The process execution unit
When the detection unit detects information whose use is restricted, the specific data necessary for using the information whose use is restricted is ported to the second operating system.
It is good as well.

The second operating system is an operating system compatible with the first operating system;
The process execution unit
When the information whose use is restricted is detected by the detection unit, the use restriction of the use-restricted information is canceled using the function of the first operating system prior to the installation. A release part;
After the installation of the second operating system, a restriction unit that restricts the use of information whose use restriction has been removed using the function of the second operating system;
Comprising
It is good as well.

In addition, the process execution unit
When the detection unit detects the information whose use is restricted, the information whose use is restricted is included in the plurality of information managed by the first operating system. To the user,
It is good as well.

In addition, the process execution unit
When the information whose use is restricted is detected by the detection unit, the user includes information whose use is restricted among the plurality of information managed by the first operating system. Warning that
It is good as well.

In addition, the use restricted information is information encrypted using a key file managed by the first operating system.
It is good as well.

Further, the information whose use is restricted is information that requires authentication at the time of use, using a specific authentication code managed by the first operating system.
It is good as well.

  The information processing apparatus according to the second aspect of the present invention incorporates the installer of the present invention.

An installation method according to the third aspect of the present invention is as follows.
An installation method for installing a second operating system in an information processing apparatus in which the first operating system is installed,
A detecting step of detecting information whose use is restricted from a plurality of pieces of information managed by the first operating system when installing the second operating system;
A process execution step of executing a predetermined process for using the information whose use is restricted after installation when the use-restricted information is detected in the detection step;
including.

A program according to the fourth aspect of the present invention is:
A program that causes a computer to execute a process of installing a second operating system after the first operating system is installed,
A detection procedure for detecting information whose use is restricted among a plurality of pieces of information managed by the first operating system when installing the second operating system;
In the detection procedure, when the use-restricted information is detected, a process execution procedure for executing a predetermined process for using the use-restricted information after installation;
Is executed on the computer.

  According to the present invention, when it is detected that information that is restricted in use is included in the information managed by the already installed first operating system, the use is performed after the installation. A predetermined process is performed to enable access to information that is restricted. In this way, it is possible to prevent information whose use is restricted from becoming unavailable after the operating system is installed.

It is a block diagram which shows the structure of the computer which concerns on Embodiment 1 of this invention. It is a schematic diagram which shows a file structure. It is a flowchart of the process (OS installation process) of the installer in the computer of FIG. It is a block diagram which shows the structure of the computer which concerns on Embodiment 2 of this invention. 5 is a flowchart of installer processing (OS installation processing) in the computer of FIG. 4. It is a block diagram which shows the structure of the computer which concerns on Embodiment 3 of this invention. 7 is a flowchart of installer processing (OS installation processing) in the computer of FIG. 6.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(Embodiment 1)
First, Embodiment 1 of the present invention will be described. The installer 30 according to the present embodiment is a software program package for installing an operating system (hereinafter abbreviated as “OS”) on a general computer such as a personal computer.

  In FIG. 1, a configuration necessary for installing the OS is mainly shown in the computer 100. In the present embodiment, an OS that is already installed and running on the computer 100 is an “old OS”, and an OS that is newly installed by the installer is a “new OS”. In the present embodiment, the old OS and the new OS may be the same (for example, Windows (registered trademark)) or different (for example, Windows (registered trademark) and Linux (registered trademark)). May be.

  As shown in FIG. 1, a computer 100 that is installed by an installer according to the present embodiment includes an operation unit 1, a display unit 2, an external storage device 3, a file storage unit 4, and a main control unit 5. .

  The operation unit 1 includes a keyboard and a pointing device such as a mouse. The operation unit 1 receives inputs from those operations and outputs them to the main control unit 5.

  The display unit 2 is a display having a display screen. The display unit 2 displays various types of information using graphics configured by a GUI (Graphical User Interface).

  The external storage device 3 is an external storage device that can be connected to the computer 100. For example, a storage device such as a USB (Universal Serial Bus) memory or an optical disk device. The external storage device 3 stores a new OS installer 30 according to the present embodiment.

  The file storage unit 4 is a storage device such as a hard disk that stores programs and data. In FIG. 1, the files stored in the file storage unit 4 are roughly divided into a file group 10 and an old OS 11.

  The file group 10 is a collection of files managed by the old OS 11. The file group 10 includes program files and data files.

  The old OS 11 includes basic functions of the OS such as a file system, an encryption processing procedure 16 for the file group 10, a decryption processing procedure 17, a key file 18 that is a certificate file, and the like. The key file 18 is data unique to the old OS 11 generated based on the identification number (ID) of the old OS 11 and the installation date and time. Of the files in the file group 10, the encrypted file is encrypted by executing the encryption processing procedure 16 using the key file 18.

  The main control unit 5 includes a CPU (Central Processing Unit) 20 and a memory 21 as a procedure storage unit. The programs described in the program files of the old OS 11 and the file group 10 are read into the memory 21 of the main control unit 5 and executed by the CPU 20. In the process, data files included in the file group 10 are used as necessary.

  The hardware configuration of the file storage unit 4 is arbitrary. For example, as shown in FIG. 2, the file storage unit 4 can be composed of two storage devices 40 and 41 such as a hard disk device. In the example illustrated in FIG. 2, the storage device 40 is set as the C drive of the virtual drive, and the storage device 41 is set as the D drive of the virtual drive.

  An old OS 11 or the like (including the key file 18) is assigned to the C drive, and a data file of the file group 10 is assigned to the D drive. Thus, the file storage unit 4 may have a disk drive dedicated to data. However, the present invention is not limited to the hardware configuration shown in FIG.

  As shown in FIG. 2, various files (file group 10 and old OS 11) stored in the file storage unit 4 are stored in folders. Each folder can store a plurality of files. In one folder, about 10 files are stored on average. For example, “file1” and “file2” are stored in Folder A. Folders can have a hierarchical structure. For example, Folder C is stored under Folder B. In FolderC, “file3” and “file4” are stored.

  Each file stores management information 50 in addition to its contents, regardless of whether it is a program file or a data file. As shown in FIG. 2, for example, management information 50 and file contents are also registered in “file 4” stored in Folder C of the D drive.

  The management information 50 includes, for example, a file name (11 bytes), a file attribute (1 byte), a file creation date (4 bytes), a file access date (4 bytes), a file recording cluster (4 bytes), a file size (4 bytes), and the like. ing.

  Further, the file attribute includes a bit (encryption bit) indicating whether or not the file is encrypted. If the encryption bit is 1, the file is encrypted. If the encryption bit is 0, the file is not encrypted. The size of each data shown in FIG. 2 is merely an example and may be changed.

  After the computer 100 is turned on, the old OS 11 is loaded into the memory 21 of the main control unit 5, and the CPU 20 executes other firmware and application programs while executing the program of the old OS 11.

  Further, when the external storage device 3 is connected to the main control unit 5 and the OS installation is instructed via the operation unit 1, the installer 30 is read from the external storage device 3 into the memory 21, and the CPU 20 As a result, the new OS is installed.

  The installer 30 includes a user interface 31, a format check procedure 32, an encrypted file detection procedure 33, a display control procedure 34, a normal installer 35, and a file set 36.

  The user interface 31 is a user interface program for the user to specify installation conditions for the installer 30 via the operation unit 1. If the CPU 20 executes the user interface 31, for example, the OS to be installed can be customized, the installation destination can be specified, and the like.

  The format check procedure 32 is a program for determining whether or not the format of the installation destination is completed in the file storage unit 4. If it is determined that the installation destination has not been formatted, the CPU 20 executes the format check procedure 32 to format the designated installation destination before installing the OS.

  The encrypted file detection procedure 33 detects an encrypted file from a plurality of files (files of the file group 10) managed by the old OS 11. More specifically, the CPU 20 executes the encrypted file detection procedure 33 to search each file stored in the file storage unit 4 and read the management information 50 of the searched file.

  The CPU 20 further executes the encrypted file detection procedure 33 to refer to the encrypted bit in the file attribute included in the management information 50 to determine whether each file is an encrypted file. The CPU 20 detects the encrypted file based on the determination result.

  In the display control procedure 34, when an encrypted file is detected by the CPU 20 executing the encrypted file detection procedure 33, a plurality of files (files of the file group 10) managed by the old OS 11 are included. A program for notifying the user that an encrypted file is included. More specifically, by executing the display control procedure 34, the CPU 20 displays a cancellation dialog on the display unit 2 for inquiring the user whether to cancel the installation because the encrypted file is included. Display.

  The normal installer 35 copies the file set 36 of the new OS to the file storage unit 4. Further, the normal installer 35 performs various setting processes for executing the new OS. The file set 36 is an entity of the new OS.

  Next, the processing procedure of the installer 30 according to the present embodiment, that is, the processing executed by the CPU 20 when installing a new OS will be described.

  As shown in FIG. 3, first, the CPU 20 designates an installation destination (step S1). More specifically, in response to a user operation via the operation unit 1, the CPU 20 inputs information such as an installation destination designated by the user by executing the user interface 31.

  Subsequently, the CPU 20 detects the connected hard disk drive (HDD) (step S2). Subsequently, the CPU 20 executes a format check procedure 32 to perform a format check of the installation destination (step S3), and determines whether or not the installation destination has been formatted (step S4). If it is not formatted based on the detection result (step S4; No), the CPU 20 formats the designated installation destination (step S5).

  After step S5, the CPU 20 continues the new OS installation process. In this installation process, the CPU 20 stores the file set 36 in the file storage unit 4 by executing the normal installer 35 of the new OS, and performs various setting processes for executing the new OS.

  On the other hand, if it has been formatted (step S4; Yes), the CPU 20 searches for the designated installation destination and detects the encrypted file (step S6). More specifically, the CPU 20 checks the encryption bit of the file attribute of the management information 50 in each file of the file group 10 stored in the file storage unit 4 by executing the encrypted file detection procedure 33. It is checked whether each file is an encrypted file.

  Subsequently, the CPU 20 further executes an encrypted file detection procedure 33 to determine whether or not there is an encrypted file (step S7). If it is determined that there is no encrypted file (step S7; No), the CPU 20 continues the new OS installation process as described above.

  On the other hand, when it is determined that there is an encrypted file (step S7; Yes), the CPU 20 displays a stop dialog on the display unit 2 (step S8). More specifically, the CPU 20 displays the stop dialog on the display unit 2 by executing the display control procedure 34. In the cancellation dialog, for example, characters such as “Do you want to cancel the installation? (Yes), (No)” are displayed. As a result, the user is notified that the encrypted file is included in the plurality of files managed by the old OS 11. The user can specify Yes and No via the operation unit 1.

  Subsequently, the CPU 20 determines whether or not to cancel the installation (step S9). Here, the determination is performed based on the contents (Yes, No) designated via the operation unit 1. When Yes is designated, this determination is affirmed (step S9; Yes), and the CPU 20 ends the process. This completes the installation.

  On the other hand, if No is designated, this determination is denied (step S9; No), and the CPU 20 continues the new OS installation process as described above. Such determination may be made when the encrypted file is unnecessary in the future.

  As described in detail above, according to the present embodiment, when it is determined that an encrypted file managed by the old OS 11 exists when the new OS is installed, the CPU 20 displays a stop diagram on the display unit 2. By displaying the log, the fact is notified to the user. In this way, the user who sees this display can recognize that the encrypted file exists.

  If the user designates installation cancellation, the CPU 20 ends without performing installation. In this way, it is possible to prevent the encrypted file from becoming unavailable after the new OS is installed.

  In addition, since the user notices the presence of the encrypted file at the time of installation, the installation is temporarily stopped, and after taking measures such as releasing (decrypting) the encryption, the new OS is installed again. Can take measures. The decrypted file may be encrypted again under the new OS.

(Embodiment 2)
Next, Embodiment 2 of the present invention will be described in detail with reference to the drawings.

  In the installation method according to the present embodiment, the old OS 11 running on the PC is in a bad condition, and the same OS (for example, the same version of Windows (registered trademark) → Windows (registered trademark)) is reinstalled (repair installation). Applies to In this case, porting (backup and restore) of the key file 18 from the old OS 11 to the new OS is possible. In the present embodiment, if the key file 18 is not damaged, the key file 18 is automatically ported from the old OS 11 to the new OS.

  As shown in FIG. 4, the present embodiment is different from the first embodiment in that the installer 30 further includes a key file processing procedure 37.

  The key file processing procedure 37 is a program that searches the key file 18 in the old OS 11 and transplants the key file 18 when the key file 18 exists.

  Next, the operation of the installer 30 according to this embodiment will be described.

  As shown in FIG. 5, the processing procedure of the installer 30 according to the present embodiment is different from that of the first embodiment in the case where it is determined that there is an encrypted file (step S7; Yes).

  If it is determined that there is an encrypted file (step S7; Yes), the CPU 20 searches the key file 18 of the old OS 11 by executing the key file processing procedure 37 (step S10).

  Subsequently, the CPU 20 further executes the key file processing procedure 37 to determine whether or not the key file 18 is present (step S11). When there is the key file 18 (step S11; Yes), the CPU 20 transplants the key file 18 from the file storage unit 4 to the memory 21 (step S12). Thereafter, the CPU 20 continues the OS installation process as in the above embodiment.

  On the other hand, when there is no key file 18 (step S11; No), the CPU 20 displays the cancellation dialog on the display unit 2 by executing the display control procedure 34 (step S8). The subsequent processing is the same as in the first embodiment.

  As described above in detail, according to the present embodiment, when the encrypted file is included, the CPU 20 stores the key file 18 that is specific data necessary for using the encrypted file, as a file storage unit. 4 to the memory 21.

  Since the key file 18 is transplanted before the new OS is installed, the key file 18 can be prevented from being lost. In this way, the encrypted file can be decrypted even after the installation of the new OS, thereby preventing the encrypted file from being inaccessible. The installation method according to the present embodiment is a method that utilizes the fact that if the same OS is reinstalled, the encrypted file can be decrypted using the backed up and restored key file 18.

  In the present embodiment, when the key file 18 is not found (step S11; No), the display unit 2 displays a cancellation dialog. If the user who sees this display designates cancellation, the CPU 20 ends the installation of the new OS. In this way, it is possible to prevent the encrypted file from being decrypted by installing the new OS. Also, if the old OS 11 has been started and the key file 18 has been backed up, the repair installation can be resumed after the encryption is once canceled using the backed up key file 18. it can.

(Embodiment 3)
Next, Embodiment 3 of the present invention will be described in detail with reference to the drawings.

  The installation method according to the present embodiment is applicable when performing upgrade installation of different versions of the same OS (for example, Windows XP (registered trademark) → Windows Vista (registered trademark)).

  As shown in FIG. 6, the present embodiment is different from the first embodiment in that the installer 30 includes a key file processing procedure 37, a decryption processing procedure 38, and an encryption processing procedure 39.

  The decryption processing procedure 38 uses the key file 18 managed by the old OS 11 stored in the file storage unit 4 prior to the installation of the new OS, when the encrypted file is included, to encrypt the encrypted file. This is a program for performing the decryption. Since the new OS and the old OS 11 are compatible, the encryption file can be decrypted using the key file 18 by executing the decryption processing procedure 38 of the installer 30.

  The encryption processing procedure 39 uses a new key file (newly generated key file from the new OS ID, HDD ID, date, etc.) in the file set 36 of the new OS. It is a program that performs encryption.

  Next, the operation of the installer 30 according to this embodiment will be described.

  As shown in FIG. 7, the processing procedure of the installer 30 according to the present embodiment is different from the first embodiment in the processing after it is determined that there is an encrypted file (step S7; Yes).

  If it is determined that there is an encrypted file (step S7; Yes), the CPU 20 searches the key file 18 of the old OS 11 by executing the key file processing procedure 37 (step S10). Subsequently, the CPU 20 further executes the key file processing procedure 37 to determine whether or not the key file 18 exists (step S11).

  When the key file 18 is present (step S11; Yes), the CPU 20 executes the decryption processing procedure 38 to decrypt the encrypted file using the key file 18 (step S13). Subsequently, the CPU 20 re-encrypts the decrypted file using the key file (new key) of the new OS by executing the encryption processing procedure 39 (step S14). Thereafter, the CPU 20 continues the OS installation process as in the above embodiments.

  On the other hand, when there is no key file 18 (step S11; No), the CPU 20 displays the cancellation dialog on the display unit 2 by executing the display control procedure 34 (step S8). The subsequent processing is the same as in the first embodiment.

  As described above in detail, according to the present embodiment, the new OS is compatible with the old OS 11, and therefore the decoding algorithm of the old OS 11 is known. For this reason, by executing the decryption processing procedure 38 read by the main control unit 5 in the installed file set, the key file 18 is used to decrypt (decrypt) the file, and thereafter By executing the encryption processing procedure 39, it is possible to re-encrypt the file using the key file newly generated from the new OS ID, HDD ID, date, and the like.

  In the new OS, since a new function (enhancement of encryption strength, etc.) may be added to encryption, it is desirable to perform the above processing in this embodiment. Thus, the installation method according to the present embodiment is suitable when the OS is upgraded.

  Also in the present embodiment, when the key file 18 is not found (step S11; No), the display unit 2 displays a cancellation dialog. If the user who sees this display designates cancellation, the CPU 20 ends the installation of the new OS. In this way, it is possible to prevent the encrypted file from being decrypted by installing the new OS. If the old OS 11 is activated and the key file 18 has been backed up, the repair installation can be restarted after the encryption is once canceled using the backed up key file 18.

  As described above, according to each of the embodiments described above, when it is determined that an encrypted file is included, predetermined processing for enabling access to the encrypted file is performed. In this way, it is possible to prevent the encrypted file from being unavailable due to the installation of the OS.

  In the case where the old OS 11 and the new OS are completely different, the installation method according to the first embodiment is preferable. In addition, when the old OS 11 and the new OS are the same, the installation method according to the second embodiment is preferable. In addition, when the new OS is an upgraded version of the old OS 11, the installation method according to the third embodiment is preferable.

  In each of the above embodiments, when an encrypted file is included, the cancellation dialog is simply displayed. However, for example, an encrypted file is included by generating a buzzer sound. You may make it warn that it exists. In this way, the user can be surely recognized that the encrypted file is included.

  In each of the above-described embodiments, the case has been described in which the encrypted file is targeted and the encrypted file can be used even after installation. Note that the present invention can also be applied to a file that requires authentication by a password or the like when used. In this way, files that require authentication can be used continuously. In this case, what corresponds to the key file is a file including a password, an identification code such as image data, and the like.

  In each of the above embodiments, a large number of files in the PC are searched. If the physical position of the file in the hard disk is known, access is performed so that the seek time of the hard disk head is minimized. A file or folder arranged in the vicinity of the selected file may be set as the next search target. In this way, the operating speed can be increased and the burden on the PC can be reduced.

  In the above-described embodiment, since it is easy to understand if it is conceptually regarded as file-based encryption, the case where the encryption target is a file, that is, the case where processing is performed in file units has been described. However, the present invention is not limited to this. The present invention can also be applied to cases where use of data in a specific section in a file (for example, some categories in the address book and some virtual folders in the mail reception history) is restricted.

  As in the above embodiments, the program executed by the computer 100, that is, the installer 30, is a flexible disk, CD-ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto-Optical). It is desirable to store and distribute in a computer-readable recording medium such as a disk) or USB memory.

  However, the installer 30 may be stored in a disk device or the like of a predetermined server device on a communication network such as the Internet, and may be downloaded, for example, superimposed on a carrier wave.

  In each of the above-described embodiments, a computer such as a PC has been described as an example. .

  The present invention is suitable for security management of information stored in an information processing apparatus. In particular, it is suitable for security management of old confidential information that the user has forgotten.

  DESCRIPTION OF SYMBOLS 1 ... Operation part, 2 ... Display part, 3 ... External storage device, 4 ... File storage part, 5 ... Main control part, 10 ... File group, 11 ... Old OS, 16 ... Encryption process procedure, 17 ... Decryption process Procedure 18 ... Key file 20 ... CPU 21 ... Memory 30 ... Installer 31 ... User interface 32 ... Format check procedure 33 ... Encrypted file detection procedure 34 ... Display control procedure 35 ... Normal installer 36 ... File set, 37 ... Key file processing procedure, 38 ... Decryption processing procedure, 39 ... Encryption processing procedure, 40, 41 ... Storage device, 50 ... Management information, 100 ... Computer

Claims (10)

An installer that installs a second operating system in an information processing apparatus in which the first operating system is installed,
When installing the second operating system, a detection unit that detects information whose use is restricted from among a plurality of information managed by the first operating system;
A process execution unit that executes a predetermined process for using the information whose use is restricted after installation when the detection unit detects the information whose use is restricted;
An installer with The first operating system and the second operating system are the same;
The process execution unit
When the detection unit detects information whose use is restricted, the specific data necessary for using the information whose use is restricted is ported to the second operating system.
The installer according to claim 1. The second operating system is an operating system compatible with the first operating system;
The process execution unit
When the information whose use is restricted is detected by the detection unit, the use restriction of the use-restricted information is canceled using the function of the first operating system prior to the installation. A release part;
After the installation of the second operating system, a restriction unit that restricts the use of information whose use restriction has been removed using the function of the second operating system;
Comprising
The installer according to claim 1. The process execution unit
When the detection unit detects the information whose use is restricted, the information whose use is restricted is included in the plurality of information managed by the first operating system. To the user,
The installer according to any one of claims 1 to 3. The process execution unit
When the information whose use is restricted is detected by the detection unit, the user includes information whose use is restricted among the plurality of information managed by the first operating system. Warning that
The installer according to claim 4. The use restricted information is information encrypted using a key file managed by the first operating system.
The installer according to any one of claims 1 to 5, wherein: The use-restricted information is information that requires authentication at the time of use using a specific authentication code managed by the first operating system.
The installer according to any one of claims 1 to 5, wherein:   An information processing apparatus in which the installer according to any one of claims 1 to 7 is incorporated. An installation method for installing a second operating system in an information processing apparatus in which the first operating system is installed,
A detecting step of detecting information whose use is restricted from a plurality of pieces of information managed by the first operating system when installing the second operating system;
A process execution step of executing a predetermined process for using the information whose use is restricted after installation when the use-restricted information is detected in the detection step;
Including installation method. A program that causes a computer to execute a process of installing a second operating system after the first operating system is installed,
A detection procedure for detecting information whose use is restricted among a plurality of pieces of information managed by the first operating system when installing the second operating system;
In the detection procedure, when the use-restricted information is detected, a process execution procedure for executing a predetermined process for using the use-restricted information after installation;
A program that causes a computer to execute.

Images