JP6049042B2 - Storage unit and thin client system - Google Patents

Description

The present invention relates to a storage unit and a thin client system in which an OS (operating system) of a computer device is stored . In particular, the present invention includes a connection port to which an authentication system can be externally attached. The present invention relates to a storage unit and a thin client system that can be activated and can be authenticated by a predetermined authentication system.

  In recent years, computer devices are also used to create and store highly confidential information in companies, etc., and therefore, computer devices are used by third parties who are not allowed to steal or originally use computer devices. In order to prevent a situation where information leaks, various methods have been proposed as security measures for computer devices and networks.

  In addition, teleworking has been promoted within companies, and work styles have been introduced that work not only within the company but also at satellite offices and homes. Thin client systems and thin client terminals are used as a mechanism that allows internal IT resources (servers, information processing terminals, etc.) to be used securely from outside the company in order to work in the same environment as possible within the company.

  Usually, a thin client terminal (computer device) used in a thin client system is configured to convert an information processing terminal used by employees outside the company into a dedicated thin client terminal by using a personal authentication key. For example, in the following Patent Document 1 (Japanese Patent No. 3918827), in order to function as a thin client terminal, a storage device having a tamper-resistant storage function storing authentication information and the like is inserted, and remote from the server. A secure remote access system adapted to be operated is disclosed.

  As a security measure for a computer device, for example, the following Patent Document 2 (Japanese Patent Laid-Open No. 2008-176729) discloses a computer activation method using a removable memory unit such as a USB memory stick. In this computer startup method disclosed in Patent Document 2, a removable memory unit that can be detached from a computer main body has an OS startup program and a processing module equivalent to a hard disk device in which the OS is installed, as in a normal computer device, and an owner. Is configured so that the OS can be started by permitting access to the processing module when authentication is established by the fingerprint authentication unit.

  In this way, the OS boot program or the OS itself is not installed in the computer device, and the computer device is provided only with input means such as a display means and a keyboard and a removable memory unit connection means such as a USB port, and the removable memory unit is not connected. It can be configured not to function as a computer device in the state.

  In a computer device that takes such security measures, an MBR (Master Boot Record) is stored in a 512-byte area from the start address of the processing module. When the computer device is turned on, the BIOS (Basic) is stored. (Input Output System) is started, and the MBR is read by the BIOS. Since the MBR stores the address of the storage area in which the OS is stored, initial display screen information, and the like, the BIOS can display the initial screen on the display means and start the OS.

  In this way, an OS and a hard disk are not required in the computer apparatus main body, and no data remains in the computer apparatus main body, so that information leakage can be completely shut out. Furthermore, since this USB memory unit (also referred to as a memory stick type client device) is combined with an authentication system, it can have a higher level of individual security.

  By the way, when combining an authentication system with a removable memory unit as a security measure as shown in Patent Document 2 above, what kind of authentication system is connected to a computer device and used depends on each company. Preferably there is no dependency on the type of system.

  For example, a company using an IC card as an employee card avoids introducing a new authentication system if the IC card can be used together with security measures for a computer device located at each office. It can greatly reduce the costs for system development.

  In the following Patent Document 3 (Japanese Patent Laid-Open No. 2010-211406), a removable memory unit such as a USB memory storing the OS of the computer device is connected to the thin client terminal (computer device), and the OS is installed on the removable memory unit. A removable memory unit that activates the server to become a thin client terminal is disclosed. In the invention of the removable memory unit, the USB memory unit is connected to an input / output unit connected to a computer device and a memory unit, and a master boot record stored in the memory unit is read out by a BIOS mounted on the computer device. The OS is started based on the master boot record, an authentication system for authenticating a legitimate user is connected to the connection port, and the input / output unit and the connection port are connected to perform authentication. Is.

  That is, the invention disclosed in Patent Document 3 is configured to perform individual authentication using an authentication system externally attached by a connection port and to start an OS stored in a removable memory unit by a computer device. The dependency on the type of authentication system is reduced.

Japanese Patent No. 3918827 JP 2008-176729 A JP 2010-211406 A

  In the thin client system disclosed in the above Patent Documents 2 and 3, the OS stored in the removable memory unit operates after being authenticated and deployed in the removable memory unit, or a thin client terminal (PC). And is expanded on the internal RAM and operates. In any case, since the file accessed during the operation of the OS is viewed and processed through the browser of the thin client server, the file does not remain in the thin client terminal, and after the operation of the OS ends, the thin client terminal The OS expanded on is also deleted. Therefore, the thin client terminal is connected to the thin client server by itself without using the removable memory unit and is not illegally used.

  By the way, the OS is stored in the removable memory unit, and after the authentication, it is expanded and operated in the removable memory unit, or is read into a thin client terminal (PC) and expanded on the internal RAM to be a computer. When a device (PC) is made into a thin client terminal, how to update and upgrade the OS becomes a problem.

  Usually, the OS of a computer device is composed of a kernel (kernel program) consisting of basic functions of the OS and an OS body (OS program). The kernel (kernel program) includes programs for performing initial functions of various device drivers (driver modules) that operate hardware resources of the computer device and for ensuring that the computer device operates normally. Yes.

  In general OSs that are not generally built-in, procedures such as a root file system for associating various device drivers (drivers / modules) when a kernel is changed are set in advance. Therefore, in a general OS that is not a built-in type, even if the kernel is changed, a new kernel is automatically started when the OS is started next time, so there are few problems. In the case of the embedded type, the kernel and the driver / module are stored separately, and there are no procedures such as a root file system to support various device drivers (drivers / modules) when changing the kernel. When changing the kernel and replacing the OS main body, the next startup is not possible unless the kernel is also replaced at the same time.

  Replacing the OS is necessary when the OS is upgraded. Since the removable memory units of Patent Document 2 and Patent Document 3 belong to the latter, there is a possibility that when the OS stored in the removable memory unit is used to perform operations such as replacing the OS main body, nothing can be operated. There is a problem of being risky. In such a state, there is a problem that it takes time and effort for the user, such as sending a removable memory unit to the manufacturer and requesting an OS upgrade operation.

The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a storage unit and a thin client system configured to easily cope with a version upgrade of the OS. It is.

Storage unit according to the present invention is connected to a thin client terminal, the storage unit Ru provided with a thin client OS, the thin client OS includes a rollback unit, and the kernel and OS body and the said kernel OS and a maintenance OS you update the new kernel and new OS body of the new version, the thin the said kernel memory device of the client terminal OS body is expanded, is activated, the the new kernel the new OS body after the door has been downloaded, is started before Symbol maintenance OS is, and the kernel and the OS body, said been updated to the new kernel said the new OS body, and the difference between the new kernel and the kernel, the OS The difference between the main body and the new OS main body is stored in the rollback unit, and is stored in the maintenance OS. Therefore, the new kernel and the new OS main body can be reproduced to the kernel and the OS main body based on the differences .

In the storage unit, wherein the new kernel and the new OS body, from a predetermined server, and wherein the Rukoto are downloaded.

Thin client system according to the present invention, a thin client terminal storage unit to connect with a thin client OS, in the thin client thin client system terminal Ru and a thin client server to connect the thin client OS is has a roll-back unit, and the kernel and OS body and a maintenance OS you update the new kernel and new OS body of the OS and the new version of the kernel, the the memory of the thin client terminal said the kernel OS body is expanded, is launched, it said the new kernel after the new OS body is downloaded, is started before Symbol maintenance OS is, and the kernel and the OS body, the new kernel and the new Updated to the OS itself, the kernel and the new The difference between the kernel and the difference between the OS main body and the new OS main body are stored in the rollback unit, and the maintenance OS sets the new kernel and the new OS main body based on the differences. It can be played back to the kernel and the OS main body .

In the thin client system, wherein the new kernel and the new OS body, from a predetermined server, and wherein the Rukoto are downloaded.

In the storage unit according to the present application , a maintenance OS that can be called an auxiliary engine and a rollback unit are provided. When the maintenance OS is started and the kernel and the OS main body are updated, the update history (difference) of the old and new OS is rolled back. The configuration is stored in the unit. According to such a configuration, when the updated kernel and the device driver cannot be matched, and the new version of the OS main body cannot be started, the old OS can be reproduced using the maintenance OS.

In the thin client system according to the present application , it is possible to configure a thin client system using a thin client terminal to which a storage unit is connected.

It is a figure which shows the structure of the thin client system using the removable memory unit concerning the Example of this invention. It is a figure which shows the structure of the thin client terminal using the removable memory unit concerning the Example of this invention. It is a schematic diagram which shows the structure of the content memorize | stored in the removable memory unit of FIG. It is a flowchart which shows the procedure of the process which updates the thin client OS memorize | stored in the removable memory unit concerning the Example of this invention (version upgrade). It is a flowchart which shows the process sequence following the process sequence of FIG.

  Hereinafter, specific examples of the present invention will be described in detail with reference to examples and drawings. However, the embodiment described below exemplifies a removable memory unit and a thin client system for embodying the technical idea of the present invention, and the present invention is specified to the removable memory unit and the thin client system. It is not intended, and is equally applicable to removable memory units and thin client systems of other embodiments within the scope of the claims.

  FIG. 1 is a diagram showing a configuration of a thin client system using a removable memory unit according to an embodiment of the present invention. As shown in FIG. 1, the thin client system according to the embodiment of the present invention includes a plurality of thin client terminals 30 (30a to 30c) connected to the thin client server 20 via a network NW such as the Internet. The

  A user such as the thin client terminals 30a to 30c in the thin client system attaches a removable memory unit storing an OS to a personal computer device as disclosed in Patent Documents 2 and 3, for example, and performs predetermined authentication. After being authenticated by the means, the OS is started.

  FIG. 2 is a block diagram showing a configuration of the thin client terminal 30. As shown in FIG. 2, the thin client terminal 30 includes a power switch 31, a BIOS (basic input / output system) 32, a storage device 34, and a hardware unit 36. The hardware unit 36 includes a CPU 37 such as a microprocessor, a memory 38 such as a RAM, an input / output device 39 that performs input / output to a printer, a display device, or a network.

  The thin memory OS 341 and the application 342 are stored in the removable memory unit (semiconductor storage device) 34a, and the thin client OS and application are read from the removable memory unit 34a and loaded on the storage device 34, and the thin client terminal 30 is installed. It is supposed to work. The thin client OS 341 is an OS for causing a terminal such as a PC to operate as the thin client terminal 30, and various application programs such as a communication processing program that operates under the thin client OS 341 are stored in the application 342. .

  The power switch 31 is a power switch of the thin client terminal 30. When the power switch 31 is turned on, power is supplied to each unit. When the power switch 31 is turned on, a BIOS (Basic Input Output System: basic input / output system) 32 is activated.

  The BIOS 32 reads out the thin client OS 341 from the removable memory unit 34a and develops it on the storage device 34, reads out the master boot record (MBR) from the head area, and displays the desktop screen on the display screen. As a result, a terminal device such as a PC operates as the thin client terminal device 30. The processing procedure during this period and the processing operation such as authentication are the same as those of the thin client systems of Patent Document 2 and Patent Document 3.

  Next, the configuration of contents such as an OS stored in the removable memory unit 34a in the present embodiment will be described with reference to FIG. The thin client OS 341 includes a maintenance OS unit 341a, a kernel 341b, and an OS 341c, and includes a rollback unit 341d. The maintenance OS stored in the maintenance OS unit 341a is an OS dedicated to maintenance of the OS 341c, and is started when the kernel and the OS main body are updated to a new version of the kernel and OS. The maintenance OS stores, for example, the current version of the kernel and the program portion that performs the minimum function as the OS among the OS main body. Examples of the program part that performs the minimum function include a file reading function, a file compression and decompression function, and a file encryption and decryption function.

  The kernel 341b and the OS 341c store the current version of the kernel and the OS main body, respectively. The rollback unit 341d has a version upgrade of the kernel and the OS body, and the user downloads a new version of the kernel and the OS body from a predetermined server (for example, a thin client server) and updates (updates, rewrites). In this case, the history (difference) of the old and new versions of the kernel and OS is written.

  In the present invention, there is a version upgrade of the kernel and the OS main body stored in the kernel 341b and OS 341c, and the user uses the current thin client OS (the kernel and the OS main body stored in the kernel 341b and OS 341c) to update the new version. After downloading the kernel and the OS from a predetermined server, the kernel and the OS are updated using the maintenance OS stored in the maintenance OS unit 341a. When updating by the maintenance OS, the old and new versions of the kernel and OS history (difference) are written in the rollback unit 341d. As a method of switching and starting the thin client OS and the maintenance OS, the invention method of the thin client computer device of Japanese Patent Application No. 2010-175194 filed by the applicant of the present application can be applied.

  Thereafter, the maintenance OS is shut down, and the updated and updated OS body is started. Since the maintenance OS is a minimum program, it can function even with a character-based user interface (CUI) and does not increase in size. In addition, since it is unlikely that the maintenance OS can be booted at all, if the updated kernel and OS itself are not booted normally, the maintenance OS is booted again to the rollback unit 341d. It is possible to reproduce the old version of the OS body from the stored old and new versions of the kernel and OS history (difference).

  Next, a procedure for updating (upgrading) the thin client OS stored in the removable memory unit according to the embodiment of the present invention will be described with reference to the flowcharts shown in FIGS. 4 and 5, the removable memory unit 34a is mounted on a computer device (for example, the thin client terminal 30a in FIG. 1), the OS main body stored in the OS 341c is started, and then the new version kernel and OS The processing procedure after the procedure of logging in to a predetermined server that provides The server is, for example, the thin client server 20 of FIG.

  First, in step S101, the thin client terminal 30a logs in to the thin client server 20. If authentication is received in step S102 and authentication is obtained, login to the thin client server 20 is completed (step S103). If the authentication is not successful, the process returns to step S101 and the login process is performed again. The authentication method and means may be the methods and means disclosed in Patent Document 2 and Patent Document 3. In step S104, a communication method is selected and communication connection is performed (step S105). If the communication connection is unsatisfactory for some reason, the process returns to step 104, and the communication method is selected again. When there is only one communication method in which the communication method between the terminal and the server is specified, these procedures can be omitted.

  Next, the user of the thin client terminal 30a selects whether or not to download a new version of the kernel and OS body in the process of step S106. If download is selected, the process proceeds to step S107, and a new version of the kernel and OS main body are downloaded from the thin client server 30 (step S108). In subsequent step S109, the kernel and the OS are shut down (YES in step S109), and the process proceeds to step S201 in the flowchart of FIG.

  In step S201, the user of the thin client terminal 30a activates the maintenance OS stored in the area 341a of the removable memory unit 34a. In step S202, the maintenance OS renames and saves the old kernel and the OS main body. Next, the maintenance OS stores the old new kernel and the OS main body in the rollback 341d (step S203). The old new kernel and the OS main body are stored in the rollback unit 341d by storing the difference between the update histories of the new and old kernels and the OS main body.

  When the storage in the rollback unit 341d is completed, the process proceeds to step S204, and the maintenance OS updates (updates) the new version of the kernel and the OS main body by overwriting or rewriting the 341b kernel and the 341c OS. . When the update is completed (YES in step S205), the maintenance OS is shut down (step S206), the process proceeds to step S207, the updated kernel and OS are activated, and the update of the kernel and OS is completed. Thereafter, if there is no processing as the thin client terminal 30a, the user is logged out from the thin client server 20 and the user processing is terminated.

  If the updated new version of the kernel and OS are not started normally, the maintenance OS is restarted, and the old and new versions of the kernel and OS history (difference) stored in the rollback unit 341d are used. It is possible to reproduce the old version of the OS main body and perform user processing using the old version of the OS.

  As described above in detail, according to the removable memory unit according to the present invention, when the maintenance OS that can be called the auxiliary engine and the rollback unit are provided, the maintenance OS is started, and the kernel and the OS main body are updated. The update history (difference) of the old and new OS is stored in the rollback unit. According to such a configuration, when the updated kernel and the device driver cannot be matched, and the new version of the OS main body cannot be started, the old OS can be reproduced using the maintenance OS.

20... Thin client servers 30 a to 30 c... Thin client terminal 31... Power switch 32.
34... Storage device 36... Hardware part 37.
38... Memory 39... I / O device 34 a... Removable memory unit 341... Thin client OS storage unit 341 a .. Maintenance OS unit 341 b. OS
341d ... Rollback unit 342 ... Application

Claims (4)

Is connected to the thin client terminal, the storage unit Ru provided with a thin client OS,
The thin client OS is, has a roll-back unit, and the kernel, and OS body and a maintenance OS you update to the new kernel and the new OS the body of the new version and said with the kernel OS,
After the kernel and the OS main body are expanded and activated in the storage device of the thin client terminal, and the new kernel and the new OS main body are downloaded,
Is started before Symbol maintenance OS is, and the kernel and the OS body, said the new kernel is updated to the new OS body, and the difference between the new kernel and the kernel, and the OS main body and the new OS body Is stored in the rollback unit,
The storage unit , wherein the maintenance OS can reproduce the new kernel and the new OS main body into the kernel and the OS main body based on the differences . Wherein the new kernel and the new OS body, from a predetermined server, the storage unit according to claim 1, characterized in Rukoto are downloaded. A thin client terminal storage unit comprising a thin client OS is to connect, in a thin client system Ru and a thin client server said thin client terminal to connect,
The thin client OS includes a rollback unit , a kernel ,
Has a OS body and a maintenance OS you update to the new kernel and the new OS the body of the new version and said with the kernel OS,
After the kernel and the OS main body are expanded and activated in the storage device of the thin client terminal, and the new kernel and the new OS main body are downloaded,
Is started before Symbol maintenance OS is, and the kernel and the OS body, said the new kernel is updated to the new OS body, and the difference between the new kernel and the kernel, and the OS main body and the new OS body Is stored in the rollback unit,
A thin client system , wherein the maintenance OS can reproduce the new kernel and the new OS main body into the kernel and the OS main body based on the differences . Wherein the new kernel and the new OS body, a thin client system according to claim 3 from the thin client server, wherein Rukoto are downloaded.

Images