JPH0793241A - Portable computer system - Google Patents

Abstract

PURPOSE:To specify and limit the use of a device access right based on a password by containing the device access right of an internal SCSI and providing a security function at a SCSI mechanism inside the device. CONSTITUTION:When registering the password, the inputted password for maintenance, password for user, access right (two bytes) and operation password or the like are set to an EEPROM 29 in a prescribed form. When the key input of the password is received and the password input is completed after the access right is set, it is compared whether the inputted password is matched with any one of plural passwords. When it is matched with any password, the access right registered on the matched password is set to a security register SR 100 and an input matching response is outputted to a main CPU 21. When any bit of the security register 100 is set, a gate corresponding to that bit is opened, and access is enabled.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable computer system in which SCSI hardware is always provided inside the system, and more particularly to a portable computer system having a SCSI access right and a portable function having a function of permitting / prohibiting setting of a SCSI function by setup. The present invention relates to a computer system and a portable computer system in which, in addition to a hard disk drive with a specific interface connection, a hard disk drive with a SCSI interface connection can be connected for common use.

[0002]

[Prior art]

(Prior Art of Invention 1) In recent years, personal computers have become smaller and lighter in weight, are more easily carried, and have higher performance and higher functionality. Especially in recent years, HD
Storage devices such as D (hard disk device) and RAM packs have increased in capacity, and battery-operable small personal computers such as laptop type and book type have become widespread.

This type of personal computer is characterized in that it is easy to carry and can be used easily by a simple operation in any place. Therefore, it is necessary to give sufficient consideration to the security function.

As a means for realizing this type of security function, a security mechanism based on password verification has heretofore been widely used. As a kind of this kind of security mechanism, a system having a password registration means capable of setting a plurality of passwords and an access right definition means for defining a unique access right for each of the registered passwords has been developed. The access right includes a system access right for updating a specific memory, a password and a system access right for updating access, and a device access right for specifying a usable device.

On the other hand, in order to enhance the internal functions of the personal computer, a personal computer system has been provided with SCSI hardware (SCSI interface board) for realizing the SCSI function conventionally provided by an option board or the like in the main body of the apparatus. It came to be developed.

At this time, since the personal computer as described above can be easily used by a simple operation in any place, a third party can freely access the device interfaced with the SCSI inside the device. ,
A reliable security function is required to protect valuable information from leakage of confidential information, theft of copies, etc., and destruction.

However, in the conventional system of this type, there is no effective security function for specifying and limiting the use of the device interfaced with the SCSI inside the device.

(Prior Art of Invention 2) Conventionally, as described above, the SCSI hardware is externally supplied as an option board, and when the SCSI is used, the SCSI option board is connected to the main body. However, the SCSI option board was removed from the main unit when not in use. Therefore, frequent use of SCSI /
In the usage mode in which non-use is switched, there is a problem that connection / disconnection of the board occurs each time, which is very troublesome.

(Prior Art of Invention 3) The conventional setup (SET UP) program controls only the hard disk on the system side and does not control the hard disk on the SCSI side. That is, the conventional setup program only determines / displays / selects the so-called hard disk on the system side, which is connected to the system by the IDE interface, etc.
For a so-called SCSI hard disk connected to I hardware, it was not possible to discriminate / display / select even if the hard disk was connected.

As described above, conventionally, the SCSI hard disk does not have the function of discriminating / displaying / selecting the device, and the information of the SCSI hard disk connected to the device is not reflected in the setup program. However, some users cannot determine whether the hard disk of the system is connected to the system side or the SCSI side, and cannot recognize the total capacity of the hard disk and the usage status.

To give a concrete example, for example, in a system having one hard disk on the system side and one hard disk on the SCSI side, when the setup program is started, the hard disk connected to the system by the conventional means described above. Is displayed as one. Although the system actually has two hard disks, the setup program can control only one hard disk.

Further, as another specific example, for example, in a system having two hard disks on the SCSI side without a hard disk on the system side, when the setup program is started, the conventional means is connected to the system. It is displayed that there are no hard disks. Although the system actually has two hard disks, the setup program cannot control the hard disks. As described above, conventionally, there has been a problem that the actual hard disk mounting state cannot be accurately recognized except for some users.

[0013]

[Problems to be Solved by the Invention]

(Problem of Invention 1) As described above, the conventional SCSI
In a personal computer system in which the SCSI hardware that realizes the function is always provided in the main body of the apparatus, there is no effective security function for specifying and limiting the use of the apparatus connected to the SCSI inside the apparatus.

The present invention has been made in view of the above situation,
An object of the present invention is to provide a portable computer system having SCSI hardware in its main body, which has an effective security function for identifying and limiting the use of a device connected to internal SCSI. To do.

(Problem of Invention 2) Further, in the past, SCSI was used.
Since the hardware is supplied as an option board from the outside, it is very troublesome to connect / disconnect the board each time in the usage mode in which SCSI is frequently used / not used. was there.

The present invention has been made in view of the above circumstances,
It is an object of the present invention to provide a permission / prohibition control method of a SCSI function by setup in which a SCSI function is built in a main body and permission / prohibition of the SCSI function can be easily switched.

(Problem of Invention 3) Further, in the past, SCSI was used.
In a system in which a hard disk device can be connected via hardware, the system hard disk and S
There is a problem that the actual hard disk mounting state of the entire system including the CSI side hard disk cannot be accurately recognized except for a specific user.

The present invention has been made in view of the above circumstances,
For hard disks connected to the system,
Even if it is the system hard disk, SC
The same applies to SI hard disks, and the setup program controls the number of hard disks that are actually connected so that all users can accurately recognize the actual hard disk mounting status of the entire system. It is an object of the present invention to provide a portable computer which enables all users to effectively use the system without confusion.

[0019]

[Means for Solving the Problems]

(Means of Invention 1) According to the present invention, SCSI dedicated hardware installed in a system, password registration means capable of setting a plurality of passwords, and password check for collating a password input when the system is used with the above registered password. Means, a control means for specifying a system function according to the type of password that is matched by the means, an access right defining means for defining a unique access right for each registered password, and use of the access rights Security register (access right register) that can cancel / prohibit the SCSI device access right inside the system, which is included in the device access right that specifies the possible device
And a nonvolatile memory such as EEPROM capable of setting the presence or absence of the SCSI device access right, the device access right by the password includes the internal SCSI device access right, and the SCSI mechanism inside the device has a security function. It is characterized by having.

(Means of Invention 2) Further, according to the present invention, the SCSI hardware built in the system and the built-in SCS are provided.
I hardware SCSI / BIOS control program memory, non-volatile memory to store SCSI / BIOS status, and the non-volatile memory according to the contents of the control program memory
And means for prohibiting / permitting access to IOS,
It is characterized in that the SCSI function of the internal SCSI hardware can be selectively enabled / disabled.

The present invention also provides an SC built in the system.
SI hardware, a control program memory for storing the SCSI / BIOS of this built-in SCSI hardware, a setup means for setting the prohibition of SCSI / BIOS, or the selection of the permitted address, and the SC according to the above settings
A non-volatile memory for storing the state of the SI / BIOS, a means for prohibiting / permitting access to the SCSI / BIOS stored in the control program memory according to the contents of the non-volatile memory, and a SCSI / for the SCSI / BIOS according to the contents of the non-volatile memory. And a means for selecting an address area of the BIOS, thereby preventing a collision between the internal SCSI hardware and another option card by controlling access permission / prohibition of the SCSI / BIOS by selecting the address area of the SCSI / BIOS. To do.

(Means of Invention 3) The present invention also provides a SCSI
In a system having built-in hardware, a system side hard disk drive connected to the system by a specific internal interface such as an IDE interface, a system side hard disk control program for controlling this system side hard disk drive, and the above-mentioned SC
SCSI side hard disk drive connected to SI hardware, SCSI side hard disk control program for controlling the SCSI side hard disk drive and having a start address common to the start address of the control program, the system side hard disk control program and the above The hard disk drive total number table controlled by the SCSI hard disk control program and the type of all hard disk drives connected to the system are identified by referring to this table, and the hard disk drive capacity is displayed to set the availability. The setting means for enabling the SCSI hard disk drive is set so that the user can set the SCSI hard disk drive like the system hard disk drive.

[0023]

[Action]

(Operation of Invention 1) In the password registration process, the input maintenance password, user password, access right (2 bytes), operation password, etc. are in a predetermined format in the E2PROM (see reference numeral 29 in FIG. 7). Is set to. At this time, the 2-byte access right that can be set includes a system access right that can update a specific memory, a system access right that can update a power-on password, and a device access right that specifies an available device. , Here, the internal SCS is added to the set device access right.
Includes SCSI device access rights that selectively enable I device usage.

After the access right is set, when the key input of the password is accepted and the password input is completed, the input passwords include a plurality of passwords (# 1 to # 1).
#N) is compared, and the result is compared. When the password matches any of the passwords (# 1 to #n), the access right (see FIGS. 5 and 6) registered in the matched password (#i) is set in the security register (see FIGS. 6 and 7). Set the input match response to the main CPU
Output to. When a bit in the security register is set, the gate corresponding to that bit opens, allowing access to the previously associated device. For example, if the bit for setting the SCSI device access right provided in the security register is set, the SCS
The I gate opens, allowing internal SCSI device access.

(Operation of Invention 2) The user can set the SCSI / BIOS permission / prohibition (SCSI) by the setup screen.
-Access to ROM that stores BIOS) and address area selection for permission The setting state is stored and saved in a non-volatile memory (for example, RTC CMOS memory).

When accessing the device of the built-in SCSI hardware, the nonvolatile memory is read and the set SC is set.
Check permission / prohibition of SI / BIOS. SCSI / BI
If the OS is in the enabled state, the built-in SCSI hardware is set to the operation mode, the read address of the nonvolatile memory is used to check which address (block) is allowed, and the enabled address (built-in SCSI hardware SCSI for the area allocated to the hardware device)
・ Enable BIOS access (ROM SCSI
Enables BIOS access). Also, SCSI / BI
If the OS is in a disabled state, the built-in SC
Disables the operation of SI hardware (SCSI / BIO
The operation of the address comparison circuit that determines the accessibility of the ROM that stores S is prohibited).

Thus, by incorporating the SCSI function in the main body and having the hardware capable of permitting / prohibiting the built-in SCSI function, the user does not have to remove the board when the user wants to use another option card. The SCSI function can be selected by setup.
Further, by making the area of the built-in SCSI hardware selectable, it is possible to eliminate the area conflict with other option cards.

(Operation of Invention 3) Taking a system having one system-side hard disk and one SCSI-side hard disk as an example, the system-side hard disk control program indicates the number of system-side hard disks in the hard disk total number table at system startup. Set to 1 ”.
The SCSI-side hard disk control program that is subsequently started adds "1" to the total number of hard disks on the SCSI side and sets "2". When the setup program is started, the setup program controls the hard disk on the system side as usual. Further, if the SCSI hard disk exists based on the value of the total hard disk table, the SCSI hard disk control program is started to obtain the number of heads, sectors and cylinders of the SCSI hard disk. The capacity of the SCSI hard disk is calculated from these values, and the same processing as for the system hard disk is performed. This allows
All users can accurately recognize the actual hard disk mounting state of the entire system, and all users can effectively handle the system without confusion.

[0029]

Embodiments of the present invention will be described below with reference to the drawings. (First Embodiment) FIG. 1 is a block diagram showing the basic arrangement of the essential parts of a security mechanism according to the first embodiment of the present invention.

In FIG. 1, reference numeral 1 is a password control means having a password registration / management and check function, and a maintenance password (for example, up to two) and a user password (for example, up to four) are registered / registered. It has an update process, a password check process by comparing the registered password with the input password, and a hardware setting process function of an access right associated with the password match.

Reference numeral 2 is management (control) of the password control means 1.
It is a password storage means placed below, and a maintenance password and a user password are registered and updated under the control of the password control means 1. Here, a maximum of two passwords for maintenance, for general users are used. Up to four passwords can be set for each password, and each password is given a unique access right.

In the above structure, the password control means 1
Follows the command (password control command) by receiving the command generated in the setup process or the specific MS-DOS command, for example.
Register, update, or check the maintenance password and user password.

In the registration processing of the maintenance password and the user password according to the password control command, the password control means 1 registers the input maintenance password and user password in the password storage means 2 together with the access right. At this time, a maximum of two maintenance passwords and a maximum of four user passwords can be registered. Each password has its own access right (system password for maintenance password, device access right for user password). ) Is set and given.

The password control means 1 accesses the password storage means 2 in the check processing of the maintenance password and the user password according to the above command, compares the input password with the registered password, Check the validity of the input password.
In this password check, if the password that matches the password is for maintenance, the function setting information (access right for maintenance) that gives a wide range of authority including specific functions specific to the maintenance is passed to the hardware control unit. When the matched password is for the user, the predetermined function setting information (user access right) permitted only to the user is passed to the hardware control unit. The hardware control unit controls the hardware according to the access right, and if the access right is for maintenance, for example, by releasing the memory by the privilege, B
The flash memory storing the IOS can be rewritten, the password and the access right registered in the password storage unit 2 can be updated, and the access right for the user is, for example, HDD, FDD, serial port, printer port. , PCMCIA specification card, SC mounted inside
Various device accesses such as SI (built-in SCSI hardware) are optionally enabled (released).

As described above, since a unique password can be set for each of the maintenance password and the user password, and the system function associated with the maintenance password match and the system password associated with the user password match can be made different. A system function (release function) associated with matching of user passwords can be arbitrarily specified, maintenance can be facilitated, confidential information leakage can be prevented, and a highly reliable security function can be realized.

The security function described above is implemented by SCSI.
2 to 9 are specific examples of implementation of the present invention applied to a laptop type or notebook type portable computer system incorporating (dedicated hardware for implementing the SCSI interface function) (standard equipment). Explain.

FIG. 2 is a block diagram showing a system configuration, FIG. 3 is a block diagram showing a partial bus connection configuration in FIG. 2, and FIG. 4 is a PCMCIA-GA (P shown in FIGS. 2 and 3.
3 is a block diagram showing an internal configuration of a CMCIA gate array) 26. FIG.

In FIG. 2, the password control means 1 shown in FIG. 1 includes a keyboard controller (KBC) 30 and
PCMCIA Gate Array (PCMCIA / GA) 28
The password storage means 2 is implemented by a PCMCIA gate array (PCMCI).
A / GA) 28 via keyboard controller (KB
C) It is realized by the EEPROM 29 directly connected to 30. At this time, the command / parameter transfer from the CPU 21 to the keyboard controller (KBC) 30
And keyboard controller (KBC) 30 to CPU
Transfer of response (data / status) to 21
Status LCD control gate array (SLCD
C / GA) 26 data communication register, PCMCIA gate array (PCMCIA / GA)
Data and addresses are transferred between the EEPROM 28 and the EEPROM 29 via a dedicated line.

The portable computer in this embodiment is a system bus (ISA-BUS) 1 of ISA specification.
1, a peripheral interface bus (PI-BUS) 12 for high-speed graphic transfer, a keyboard interface bus (KBC-BUS) 13, a power supply interface bus (PSC-BUS) 14, and the like.

The system bus (ISA-BUS) 11 includes a CPU 21 and an I / O controller (I / O-C).
ONT) 22 is connected. The CPU 21 controls the entire system and executes the processing target program stored in the system memory 23. Here, a password control command (power-on password status command / power-on password mode command / operation lock password) is used in initialization processing (IRT processing), resume processing, operation lock release processing, etc. accompanying system power-on. (Status command / operation lock password mode command, etc.) is issued, and the keyboard controller (KB) is passed through the data communication register (CR) of the status LCD control gate array (SLDCCC / GA) 26 shown in FIG.
C) Has processing means for sending to 30. The details of the password control command will be described later.

At this time, the CPU 21 sends a password registration confirmation command (power-on password status command) to the status LCD control gate array (SLCDC / GA) shown in FIG. 3 in the initialization processing (IRT processing) at system power-on. ) Keyboard controller (KBC) 3 via 26 data communication register (CR)
Send to 0. When it is confirmed that the password is registered (the number of registered passwords ≠ 0) from the response contents (the number of registered passwords) from the keyboard controller (KBC) 30 accompanying this command issuance, the password input message data is converted to VGA by the BIOS call. Send the password input message to the controller 32 and enter LC
The power-on password mode command is displayed on the D panel 49 and the status LCD control gate array (S
LCDC / GA) 26 data communication register (CR)
Via the keyboard to the keyboard controller (KBC) 30. Then, it waits for the completion of the password input.

For each control of the CPU 21, the keyboard controller (KBC) 30 receives the password registration confirmation command, returns the password registration number to the CPU 21 as a response, and receives the power-on password mode command, the key is input. Password EE
The password registered in the PROM 29 is compared and collated. When the passwords match, an ACK code (actually the matched password position in the EEPROM 29 and the status "00h") is returned. When the passwords do not match, the RESEND code (actually Returns "FFh" as the data and "01h" as the status indicating that there is no matching password, and the password control command processing is ended.

Further, during normal operation, the CPU 21 causes the data communication register (CR) of the status LCD control gate array (SLCDC / GA) 26 by an SMI interrupt which will be described later, in association with the operation of the hot key (Fn + F1). When the operation lock password mode command is received via the status LCD control gate array (SL).
It is issued to the power supply controller (PSC) 46 and the keyboard controller (KBC) 30 via the data communication register (CR) of the CDC / GA) 26. When the keyboard controller (KBC) 30 receives the above command, it prohibits transmission of the scan code (key input data) to the CPU 21. In addition, the power controller (PS
C) 46 stops power supply for screen display.

In this way, the operation lock control is executed in which the input of the keyboard, the mouse, etc. is ignored, the entire screen display is erased, and the system is made unusable.

This operation lock can be released by inputting a password from the keyboard (KB) 51. At this time, the processing of the operation lock release notification is executed by the keyboard controller (KBC) 30. That is, when releasing the operation lock,
After inputting the password character string from the keyboard (KB) 51, the specific function key (here, the "Enter" key) is operated. Keyboard controller (KBC) 3
When 0 detects the input of the "Enter" key, it compares and collates the key-entered password with the password registered in the EEPROM 29, and when the passwords match or the password is not registered, the operation lock release notification is issued. The data is transmitted to the CPU 21 (specifically, when the passwords match, the EEPROM 29 that matches the data)
Registered password position in, "00h" as status
To return to normal key input processing. When there is no registration password, "00h" is sent as data and "00h" is sent as status to return to normal key input processing).

As a result, the CPU 21 releases the operation lock. That is, the operation lock release command is sent to the status LCD control gate array (SLC
The data is sent to the power supply controller (PSC) 46 and the keyboard controller (KBC) 30 via the data communication register (CR) of the DC / GA) 26, and the keyboard,
Resume accepting mouse input and restore the screen display.

Further, the CPU 21 has a power management function for low power consumption such as powering down various I / Os at idle. This power management function is executed by an interrupt process called a system management interrupt (SMI).

Interrupts included in the CPU 21 include a non-maskable interrupt (NMI) and a maskable interrupt (INTR) in addition to the SMI. SMI is a type of non-maskable interrupt, but it is a hardware interrupt of the highest priority, which has a higher priority than NMI and INTR described above.
It is activated by activating the interrupt request input SMI of the CPU 21. Similarly, the non-maskable interrupt and the maskable interrupt are also activated by activating interrupt request inputs NMI and INTR (not shown) of the CPU 21.

The SMI interrupt is used not only for the operation lock function by the hot key operation described above, but also for executing the processing related to other hot key operations and the processing for power management.

The I / O controller 22 is a dedicated logic for realizing the support function of I / O, memory, etc., and controls the I / O equipment connected to the serial port 41 and the printer port (EPP). It controls the external printer connected to 43. The I / O controller 22 includes a DMA controller for direct memory access control and an interrupt controller (PI).
C), timer (PIT), serial I / O controller (SIO), real-time clock (RTC), etc. are built in. The real-time clock is a clock module that has its own battery for operation, and is a CMOS static RAM (CM
OS memory). This CMOS memory is used to store setup information indicating the system configuration.

Communication between the CPU 21 and the I / O controller 22 is executed via the system bus (ISA-BUS) 11 or a dedicated interface line provided between the CPU 21 and the I / O controller 22. It C
The interface signal between the PU 21 and the I / O controller 22 includes, for example, a signal for controlling the SMI function of the CPU 21.

That is, the interrupt request input SM of the CPU 21
For I, the I / O controller 22 or the status LCD control gate array (SL) is connected via the AND gate G1.
Active low S output from CDC / GA) 26
The MI signal is supplied. The SMI signal from the status LCD control gate array (SLCDC / GA) 26 is generated when the CPU 21 is requested to perform hot key processing, which will be described later, and the SMI signal from the I / O controller 22 is timed by the timer. I / O by monitoring
This occurs when the need for powering down is detected.

Here, the hot key is a key for directly requesting the CPU 21 to execute a special function such as setting / changing the system operating environment, and the keyboard 51.
The specific keys above are assigned as their hotkeys. When this hot key is operated, the CPU
Some functions related to setting / changing the system operating environment provided by 21 are directly called and executed. In this hot key processing, the system bus (ISA-
SMI is issued to the CPU 21 without performing normal key data transmission via the (BUS) 11 and via the keyboard interface bus (KBC-BUS) 13 and the status LCD control gate array (SLCDGA).
The key data of the hot key is transmitted to the CPU 21 at high speed.

C which can be called by the hot key
Functions of the PU 21 include a power save mode switching function, a resume / boot mode switching function, and an L function.
There are a CD / CRT display switching function, an LCD panel black / white inversion display function, and the like, but description of these functions will be omitted here.

The system bus (ISA-BUS) 1
A BIOS-ROM 25 is connected to 1. The BIOS-ROM 25 is composed of a flash memory (FLASH / MEM) so that the program can be rewritten. The basic input / output programs include a program for initialization processing at power-on, a driver program for controlling various input / output devices, and a program for performing processing related to hot key operation. ing.

The flash memory (FLASH / MEM) that constitutes the BIOS-ROM 25 is a PCMCIA.
Initialization is possible only when maintenance privilege is set as an access right in the security register of the gate array (PCMCIA / GA) 28, and its control will be described later.

The system bus (ISA-BUS) 11 further includes a status LCD control gate array (SLCD).
C / GA) 26, floppy disk controller (F
DC) 27, PCMCIA gate array (PCMCIA
・ GA) 28, keyboard controller (KBC) 3
0, an expansion connector 31 to which an expansion unit (Desk Station) can be attached, and a hard disk drive (HDD) 4
2 and the like are connected, and dedicated hardware (hereinafter referred to as built-in SCSI hardware) 53 that realizes a SCSI interface is connected.

Status LCD control gate array (SL
CDC / GA) 26 controls the display of the status LCD 44, communicates with the keyboard controller (KBC) 30,
And communication with the power supply controller (PSC) 46.

PCMCIA Gate Array (PCMCIA
-GA) 28 is a PCMC that is optionally installed in slots A and B of the PCMCIA port 48 as a main function.
It controls the read / write of the IA card and communicates with the keyboard controller (KBC) 30.

Further, this PCMCIA gate array (P
The CMCIA / GA) 28 also includes an interface logic with the EEPROM 29 in which a password is registered and a logic for realizing a security function. This PCMCIA gate array (PCMCIA
The specific configuration of the GA) 28 will be described later with reference to FIGS. 3 and 4.

This PCMCIA gate array (PCMC
Among the slots A and B of the two PCMCIA ports 48 connected to the IA / GA) 28, the slot A supports all types of PCMCIA cards and the slot B is
Supports two types of PCMCIA cards, type 2 and type 1. The PCMCIA card with a small size of 5.0 mm or 3.3 mm is used as a security card.

PCMCIA Gate Array (PCMCIA
・ GA) 28 security functions include the security code and EE read from the security card of PCMCIA specifications.
It includes a processing function of verifying the personal identification number of the PROM 29, and permitting the system to be started only when they match.

Further, the PCMCIA gate array (PCMC
The security function of the IA / GA) 28 includes an operation lock called instance security and its unlocking function. The instance security function by this operation lock is provided by a predetermined hot key (Fn + Fn) from the keyboard controller (KBC) 30.
1) It is realized by turning off the display screen of the LCD panel 49 or key-locking the keyboard 51 in response to an instruction accompanying the operation.

PCMCIA Gate Array (PCMCIA
The GA 28 communicates with the keyboard controller (KBC) 30 via the keyboard interface bus (KBC-BUS) 13 in order to receive an instruction to operate the hot key (Fn + F1).

Status LCD control gate array (SL
CDC / GA) 26 and keyboard controller (KB
C) 30 and communication between the PCMCIA gate array (PCMCIA GA) 28 and the keyboard controller (KBC) 30 are the control information between the CPU 21 and the keyboard controller (KBC) 30, respectively. It realizes a path for executing the transfer at high speed, and a dedicated keyboard interface bus (KBC-BUS) 13 is used for the communication.

That is, the status LCD control gate array (SLCDC / GA) 26 has an I / O register group for holding control information exchanged between the CPU 21 and the keyboard controller (KBC) 30. The controller (KBC) 30 reads / writes the register group via the keyboard interface bus (KBC-BUS) 13. The CPU 21 reads / writes these register groups via the system bus 11. This register group includes a data communication register (C
R), a register having a bit for supplying the SMI signal to the AND gate G1, a keyboard controller (KB
C) A hot key register for holding key data of hot keys transmitted from 30 is included.

Keyboard controller (KBC) 30
Is for controlling the built-in keyboard (KB) 51, which is standard equipment, and scans the key matrix of the built-in keyboard 51 to receive a signal corresponding to a pressed key and convert it into a predetermined key code. At this time, the built-in keyboard 51
The key code corresponding to the hot key provided above is the keyboard interface bus (KBC-BU
S) 13 to the status LCD control gate array (SLDC / GA) 26. On the other hand, key codes other than the hot key are transmitted to the CPU 21 by handshake serial communication via the system bus (ISA-BUS) 11 as usual. The keyboard controller (KBC) 30 also has a function of controlling a mouse 52 and an external keyboard 52b which are optionally connected.

The keyboard controller (KBC) 3
0 is a processor that realizes the security function,
It has various password control functions including password check.

This password control function has a CPU 21
Includes execution of various password control commands from the computer and transmission of their responses. Execution of password control commands includes setting / updating / releasing the power-on password, access right, and operation lock password, inputting and checking each password. , Access right control (setting /
Update / cancellation, etc.), response transmission control, etc., and access control of the EEPROM 29 for setting / updating / cancelling each password and access right. These controls will be described later.

Status LCD control gate array (SL
CDC / GA) 26 and power supply controller (PSC) 46
To communicate with the CPU21 and power supply controller (PS
C) Dedicated power supply interface bus (PSC-BUS) 1 for realizing high-speed transfer of various control information between 46
4 are provided.

Floppy disk controller (FD
C) 27 incorporates a variable frequency oscillator (VFO) and controls a floppy disk drive (FDD) 45.
Expansion connector 31 is an expansion unit (Desk Station)
It is used for function expansion by connecting the.

Hard Disk Drive (HDD) 42
Has an IDE interface and is directly access-controlled by the CPU 21. A display controller (VGA controller) 32 conforming to the VGA specification is connected to the peripheral interface bus (PI-BUS) 12. The VGA controller 32 is used in the LCD panel 4
9 and a color CRT 50 for optional connection are displayed and controlled. Peripheral interface bus (PI-BU
The image data received from the CPU 21 via (S) 12 is drawn in the image memory (VRAM) 33.

The power supply controller (PSC) 46 is a CP
It is for controlling the supply of power supply voltage from the power supply circuit 47 to each unit in response to an instruction from U21.
21 is connected to the power interface bus (PS
C-BUS) 14 and the status LCD control gate array (SLCDC / GA) 26 through the data communication register (CR). The power supply circuit 47 generates an internal power supply of a predetermined voltage value to be supplied to each unit from an external power supply supplied via a battery or an AC adapter built in the computer main body, and
When the power is off, backup power (BK) is generated and supplied to a predetermined unit.

The EEPROM 29 is a dedicated line 15 for accessing the EEPROM, which includes address and data lines in a PCMCIA gate array (PCMCIA.GA) 28.
Keyboard controller (KBC)
It is accessed under the control of 30. Here, 2 passwords for maintenance, 4 passwords for users, and a maximum of 6 power-on passwords, access rights, and operation passwords can be registered. Each of these passwords can be registered. The characteristics of the access right will be described later.

Initialization and writing to the EEPROM 29 are performed by the PCMCIA gate array (PCMCI).
When the supervisor privilege is set as the access right in the security register of A / GA) 28, all passwords and access right areas can be accessed for setting / updating / deleting. When set, it has access to update its own password. These controls will be described later.

Among the input / output devices described above, the serial port 41, the hard disk drive (HDD) 42, the printer port (EPP) 43, the floppy disk drive (FDD) 45, the PCMCIA port 48, and the built-in SCSI hardware 53 are , The access right associated with the power-on password (device access right)
Be subject to.

Next, the PCMCIA gate array (PC
MCIA / GA) 28 specific configuration example shown in FIGS.
Shown in. PCMCIA Gate Array (PCMCIA ・ G
A) 28 includes security registers (SR) and EEPRs to which access rights are set, as shown in FIGS.
Dedicated register group 20 including a plurality of EEPROM access control registers (MR) for controlling access to the OM 29
1. ISA-BUS interface logic 202 coupled to system bus (ISA-BUS) 11; KBC-BUS interface logic 20 coupled to keyboard interface bus (KBC-BUS) 13
3, E connected to the dedicated line 15 of the EEPROM 29
Under the control of the EPROM interface logic 204 and the keyboard controller (KBC) 30, the dedicated register group 201, the password control logic 205 for controlling the interface logics 202, 203, 204, etc. are provided.

The ISA-BUS interface logic 202 controls the interface with the system bus (ISA-BUS) 11, and controls read / write of the dedicated register group 201 in response to a request from the CPU 21. CPU 2 via system bus 11
Address enable signal (AEN) supplied from 1
Dedicated register designation signal (SPREG), system address signal (SA0), I / O read signal (IORD), I
The / O write signal (IOWR) and the 8-bit system data bus (SD) data in the system bus 11 are used.

The KBC-BUS interface logic 203 controls the read / write operation of the dedicated register group 201 in response to a request from the keyboard controller (KBC) 30.
Read / write signal (R) supplied from the keyboard controller (KBC) 30 via the BC-BUS) 13.
/ W), strobe signal (STROB), and K in the keyboard interface bus (KBC-BUS) 13.
The address / data on the BC data line (KBS-DATA) is used. Further, the KBC-BUS interface logic 203 uses the data contents of the register set by the CPU 21 as a keyboard controller (KBC).
In order to notify 30, the request signal (REQUES) is sent to the keyboard controller (KBC) 30 via the keyboard interface bus (KBC-BUS) 13.
T) is output.

EEPROM interface logic 2
Reference numeral 04 denotes an address (Address) and a read / read operation according to the setting of the EEPROM access control register (MR) under the control of the keyboard controller (KBC) 30.
Write signal (R / W) EEPRO via dedicated line
It is sent to M29, and the data (password character string) is read from and written to the EEPROM 29.

The contents and structure of the password and access right stored in the EEPROM 29 are shown in FIGS. 5 and 6, and the PCMCIA gate array (PCMCIA.G) is shown.
FIG. 7 shows an example of the access right control mechanism set in the security register (SR) 100 of A) 28.

The access right is as a device access right.
HDD access right, FDD access right, serial port access right, printer port access right, PCMCIA
In addition to access rights, built-in SCSI hardware 5
There is a SCSI access right for 3.

Here, the security register (SR) 1
00 is a 2-byte access right register 100a, 10
0b, and the bit b1 of the access right register 100b is used for the device access right of the built-in SCSI hardware 53.

The password check process hidden from the system side, that is, the keyboard controller (KBC) 3
8A and 8B show each processing procedure on the CPU 21 side and the keyboard controller (KBC) 30 side in the password check processing executed via the back bus under the control of 0.
FIG. 8B shows the procedure for setting the access right associated with the password check (power-on password check) (see FIG. 8).
The details of step S15) are shown in FIG.
FIG. 10 shows a control processing procedure for permitting / prohibiting the use of the hardware 53.

Here, the features of the security function by the password check in the embodiment of the present invention will be described with a specific example. In the embodiment of the present invention, operators who use the system body (portable computer body) are divided into ranks (groups), different passwords are given to the respective operators, and a unique device access right can be defined for each password. By providing appropriate system usage environments according to rank classification, we are working to enhance security functions.

Here, the password support and password control command in the above embodiment will be described.
In this embodiment, the security function has a security function with a power-on password and a security function with an operation lock password.

These passwords are the access control of the keyboard controller (KBC) 30 and the EEPROM 2 directly connected to the keyboard controller (KBC) 30.
9 is stored. Check the password (character comparison, judgment) and set the access right also using the keyboard controller (K
BC) 30. The password registered in the EEPROM 29 cannot be read from the system due to the back bus function described above.

For password processing, a "password control command" is provided here. The "password control command" is a status LCD control gate array (SLD
C / GA) 26 data communication register (CR), CPU 21 to keyboard controller (KBC)
Sent to 30.

The CPU 21 uses the keyboard controller (K
The command / parameter issued to the BC) 30 is a dedicated register group (PCMCIA gate array 28) provided in the status LCD control gate array (SLDC / GA) 26.
(Corresponding to the dedicated register group 201) of the first data communication register (CR-a). To inform the keyboard controller (KBC) 30 of this, CP
The U21 sets a predetermined bit of the second data communication register (CR-b) to "1", thereby sending a request signal (REQUES) to the keyboard controller (KBC) 30.
Issue T).

At this time, the command / parameter distinction is
It is performed with the value of a predetermined bit of the third data communication register (CR-c). Keyboard controller (KB
Upon receiving the request signal (REQUEST), the C) 30 receives the status LCD control gate array (SLDC).
.GA) 26 third data communication register (CR-c)
The value (command / parameter) stored in the first data communication register (CR-a) is read by determining whether it is a command or a parameter from the value of the predetermined bit. Then, the second data communication register (C
The predetermined bit of R-b) is cleared to "0" and the reception ends. When there are multiple bytes, the above data reading procedure is repeated.

The transmission of the response (parameter) from the keyboard controller (KBC) 30 to the CPU 21 is
1 byte of "data" and 1 byte of "status" are set.

For transmission, "data" is written to the fourth data communication register (CR-d) in the dedicated register group (corresponding to 201) provided in the status LCD control gate array (SLDC / GA) 26, and " Status "
Each of the data communication registers (CR-e) is written, and the predetermined bit of the sixth data communication register (CR-f) is set to "1" to notify the CPU 21 of this.

When the predetermined bit of the sixth data communication register (CR-f) is "1", the CPU 21 uses the fourth data communication register (CR-d) and the fifth data communication register. The value (data status) of the register (CR-e) is read, and the predetermined bit of the sixth data communication register (CR-f) is cleared to "0".

In this way, data communication is performed between the CPU 21 and the keyboard controller (KBC) 30. In the EEPROM 29 accessed by the keyboard controller (KBC) 30, as shown in FIG. 6, a maximum of six power-on passwords, two for maintenance and four for user registration, can be registered.

On the setup screen, it is possible to select whether the power-on password is checked or not, and register / update / delete the password. At this time, when "no password check" is set, the system starts up like a normal system without a password check function. When "password is checked", the password is requested to be input at the time of initialization processing upon power-on and at the time of resume processing, and if the input password is correct, the system is started up.

When "password check" is set in the above setup, the power-on password registered in the EEPROM 29 is referred to in the password check process in the initialization process at the time of power-on. If the password entered by key input does not match this registered password, the system will not start up. However, when the user password is not registered, the power-on password check is not performed (at this time, "supervisor privilege" is given as an access right).

Of these power-on passwords, a maximum of four passwords used by the user can be registered (the same password cannot be defined multiple times). At this time, the first is for supervisors and the second and later are for general users. Register / update power-on password by using this user
Deletion is done with a special utility.

As shown in FIGS. 5 to 7, each power-on password can be given an access right. The access right defines the range in which the user can operate when it is started up by the password data.

The access right includes supervisor privilege, password update right, HDD access right, FDD access right,
There are serial port access rights, printer port access rights, PCMCIA access rights, and SCSI access rights. In addition, there are maintenance privileges that are generally not released.

The power-on password has the following restrictions depending on the access right. (1) Maintenance privilege (bit 7 of the register 100a) This is a privilege for all operations including rewriting of the EEPROM 29 and initial setting of the EEPROM 29, and is given only to the maintenance password.

The maintenance privilege is the BIOS-ROM2.
Rewrite 5 and all other rights. This right is not released to general users (maintenance only). Up to two power-on passwords with privilege for maintenance can be defined. This setting is performed by a dedicated program (T & D, etc.). If the user does not have this maintenance privilege, the write signal of the BIOS-ROM 25 is gated.

(2) Supervisor privilege (register 100
Bit 6 of a) This is the right to set, update, and delete all user passwords and access rights, including yourself. This includes all rights except maintenance privileges.

The user password initially set is given supervisor privilege by the utility. Two
Supervisor privileges can be set for the second and subsequent passwords. Those with supervisor privilege can register / update / delete all user passwords. That is, the supervisor privilege is the BIOS-R configured by the flash memory (FLASH / MEM).
Has all rights except rewriting of OM25. You can also set passwords and access rights for others.

(3) Password update right (register 100
Bit 5 of a) Give the right to update your password. You cannot update other passwords. The password update right is a right to allow or not allow the update of the power-on password,
If not permitted, the user's own password cannot be updated by setup or power-on password update (the keyboard controller (KBC) 30 rejects the corresponding command).

Those who have neither supervisor privilege nor password update right are not allowed to set, update, or delete the password. When the password update right is given by the access right, the password can be updated for the first time by inputting the registered password to be updated and describing the new password after "/". At this time, the passwords are compared by the power-on password check command included in the password control command.

(4) HDD access right (register 100
Bit 4 of a) (5) FDD access right (bit 3 of register 100a) (6) Serial port access right (bit 2 of register 100a) (7) Printer port access right (bit 1 of register 100a) (8) PCMCIA Access right (bit 0 of register 100a) (9) SCSI access right (bit 0 of register 100b).

Among the above access rights, HDD access right, FDD access right, serial port access right, printer port access right, PCMCIA access right, S
The CSI access right is a right as to whether or not access to each unit is permitted. Unauthorized units are inaccessible (also excluded from the system configuration list). Security register (SR) 100 (100
In the hardware control by a, 100b), when the HDD access right is not permitted (when "1" is not set in bit 4 (b4) of the register 100a), all chip select of the hard disk drive (HDD) 42 is performed. To gate. When the FDD access right is not granted (when "1" is not set in bit 3 (b3) of the register 100a), the floppy disk drive (F
DD) Gate the motor-on signal of 45. When the serial port access right is not granted (register 10
When "1" is not set in bit 2 (b2) of 0a), the transmission data SD and the reception data RD of the SIO of the serial port 41 are gated. When the printer port access right is not permitted (when "1" is not set in bit 1 (b1) of the register 100a), the chip select of the control chip of the printer port 43 is gated. When the PCMCIA access right is not permitted (“1” in bit 0 (b0) of register 100a)
(When is not set), the chip select of the control chip of the PCMCIA port 48 is gated. or,
When the SCSI access right is not granted (when "1" is not set in bit 1 (b1) of the register 100b), the SCSI port of the built-in SCSI hardware 53 is disabled and controlled.

In the above device access right, the HDD access right and the FDD access right are the HDD and FDD.
HDD access right, FDD
Make sure that one of the access rights is granted the usage right,
Check with the utility.

Keyboard controller (KBC) 30
When the password check of the power-on password is found, the access right corresponding to the password is given to the PCMCIA gate array (PCMCIA.
GA) 28 security register (SR) 100. At this time, keyboard controller (KBC)
30 indicates to the CPU 21 that the data is “matched password position” and the status is “00h (normal end)”
Is transmitted, and after transmitting this data and status, it returns to the normal key input processing.

If there is no matching password, the entered password character string is cleared and "FFh (abnormal end)" is sent as data and "01h (no matching password is found)" is sent as status. However, after sending, it will be again waiting for the password input. That is, the normal key input is not restored until the password input is normally completed.

As shown in FIGS. 6 and 7, the operation lock password (operation password) is stored in the EEPROM 29 together with the power-on password and the access right.

Four operation passwords can be set in correspondence with the power-on password for the user. The operation password can be set even when the power-on password is not set.

When the power-on password is set, by default, the data (character string) of the power-on password is used as it is as the operation password. In the password check for unlocking the operation lock, if the operation password and the power-on password are different, only the operation password is checked and the power-on password is invalid.

In the password check, the operation password is first compared with the input password, and if the operation password is not defined, the power-on password is next compared with the input password.

As for the response to the CPU 21, when no password (including the power-on password) is defined, the operation lock is released only by pressing the "Enter" key. If the matching password does not exist, the input buffer is cleared and the password input waiting state is entered again. If a matching password exists, the CPU 21 instructs the CPU 21 that the matched "password position" and the status is "00".
"h (normal end)" is transmitted, and normal key input processing is resumed.

The security of the built-in SCSI hardware 53 is targeted here, and other security functions and commands are described in Japanese Patent Application No. 4-24.
Since I am familiar with No. 8355 (portable computer),
The description is omitted here.

Now, the operation of the first embodiment of the present invention will be described with reference to the flow charts shown in FIGS. 8A and 8B show the CPU 21 side and the keyboard controller (KB) at the time of password check processing.
C) is a flowchart showing each processing procedure on the side of 30.

In the process on the CPU 21 side shown in FIG. 8A, S1 is a step of issuing a password input command to the keyboard controller (KBC) 30 and informing the keyboard controller (KBC) 30 to check the password. is there.

S2 is a keyboard controller (KBC)
This is a step of checking whether or not the result of password comparison on the side of 30 is returned. After the response from the keyboard controller (KBC) 30 side, S3 checks whether or not the password comparison is in agreement. If they are in agreement, the processing is terminated (to the next initialization processing). If they are not in agreement, the password is input again. This is the step of shifting to the process of performing.

In the processing on the keyboard controller (KBC) 30 side shown in FIG. 8B, S11 is a step of checking whether or not a command is issued from the CPU 21 side to the keyboard controller (KBC) 30.

S12 is a step for checking whether or not the command from the CPU 21 side is a password input command. Steps S13 and S14 are steps of reading the password key input.

S15 is a step of comparing whether or not the input password matches the registered password. S16 is a step of returning a non-match response to the CPU 21 when the result of step S15 is non-match.

S17 is a step of returning a coincidence response to the main CPU 21 when the result of step S15 is coincidence. FIG. 9 is a flowchart showing the procedure for setting the access right associated with the password check (power-on password check) (details of step S15 in FIG. 8).

In FIG. 9, S23 to S25 and S31 to S
33 is a diagram for explaining the details of step S15 in FIG.
Reference numeral 23 is a step of comparing the entered password with the registered password # 1. S24 is a step of comparing the entered password with the registered password # 2. S25 is a step of comparing the entered password with the registered password #n.

S31 is a step of setting the access right of password # 1 in the security register 100. S
32 is a step of setting the access right of password # 2 in the security register 100. S33 is a step of setting the access right of the password #n in the access right register.

The security mechanism in the first embodiment of the present invention comprises three operations of password registration, password input, and password check. In the password registration process, the input maintenance password, user password, access right (2 bytes), and operation password are set in the EEPROM 29 in the format shown in FIG.

Security register 100 (100a,
Of the 2-byte access right set in 100b),
As device access rights, HDD access rights, FDD access rights, serial port access rights, printer port access rights, PCMCIA access rights, and built-in SCS
There is a SCSI access right for the I hardware 53, and the bit 1 of the security register 100b is set (= "1") to set the SCSI access right.

FIG. 8 shows the password input and check processing.
And FIG. 9 will be described. First, when the system is started up, the CPU 21 will display a keyboard controller (KBC).
A password input command is issued to the keyboard controller 30 (step S1 in FIG. 8) to notify the keyboard controller (KBC) 30 side that there is a password input, and waits for a response from the keyboard controller (KBC) 30 side (steps S2 and S3 in FIG. 8). ).

When the keyboard controller (KBC) 30 knows that there is a command from the CPU 21 (step S11 in FIG. 8), it checks whether the command is a password command input (step S12 in FIG. 8).

In the case of the password command, the key input of the password is accepted (step S13 in FIG. 8), and when the password input is completed (step S14 in FIG. 8), the input password matches any one of the passwords # 1 to #n. Or compare (step S15 in FIG. 8; steps S23 to S in FIG. 9).
26).

Here, the passwords are passwords # 1 to #n.
If any of the passwords matches the password #n, the access right (see FIG. 6) registered in the matched password #n is set in the security register 100 (100a, 100b) (steps S31 to S33 in FIG. 9), and the input matching response is set to the CPU 21.
(Step S16 in FIG. 8).

The security register 100 (100a,
When the bit indicating permission / prohibition of the access right is set in 100b), the gate corresponding to the permission (= “1”) bit is opened, and the device having the access right corresponding to the permission bit is made accessible. For example, security register 100
When bit 1 (b1) of b is set (= "1"), S
CSI gate opens, built-in SCSI hardware 5
3 can be accessed.

If the passwords do not match, a non-matching response is output to the CPU 21 (step S17 in FIG. 8).
Wait for next password. When the CPU 21 receives the unmatched response (step S3 in FIG. 8), it continues to wait for the next response until the passwords match.

As described above, according to the first embodiment of the present invention, in the password system having the security mechanism, when the SCSI hardware is standardly installed in the system, the built-in SCSI hardware 53 is installed. By setting the access right, it is possible to specify and limit the use of a device interfaced with the built-in SCSI hardware 53 to provide an effective security function.

The above-described embodiment can be applied to other devices such as an external FDD and an external expansion box. (Second Embodiment) Next, a second embodiment of the present invention will be described with reference to FIGS.

The second embodiment is characterized in that a SCSI function is built in the main body and permission / prohibition (usability) of this built-in SCSI function can be easily set by setup. Further, in addition to this function, the area of the built-in SCSI hardware can be selected to eliminate the area conflict with other option cards.

FIG. 10 is a flow chart showing the permission / prohibition control procedure of the built-in SCSI hardware (SCSI H / W) of the second embodiment, and FIG. 11 is a block diagram showing the functional configuration of the main part of the same embodiment. is there. FIG. 12 is a diagram showing an example of permission / prohibition of SCSI / BIOS and address area selection at the time of permission in the setup.

In the second embodiment, SCSI / BIOS
Program is stored in the BIOS-ROM 25 shown in FIG. Also, SCSI / B set in the setup
The state of the IOS configures the nonvolatile memory, and the clock module (RT) in the I / O controller 22 shown in FIG.
It is stored and saved in a static RAM (CMOS memory) provided in C), which is always supplied with power and has a CMOS structure.

The built-in SCSI hardware (SCSI H / W) shown in FIG. 11 is the built-in SCSI shown in FIG.
Corresponding to hardware 53, set SCSI / BI
The enable / disable control of built-in SCSI hardware (SCSI H / W) and the address comparison of SCSI / BIOS according to the contents of OS (permission / prohibition) are shown in FIG.
It is realized by the I / O controller 22 shown in FIG.

In FIG. 10, S31 is a step of reading a non-volatile memory (a CMOS memory in the I / O controller 22). S32 is permission / prohibition (usability) of the built-in SCSI hardware (SCSI H / W) based on the contents of SCSI / BIOS read from the non-volatile memory.
Is a step of determining. Step S33 is a step of setting the built-in SCSI hardware (SCSI H / W) to a permitted (usable) state. S34 reads the non-volatile memory that stores the SCSI / BIOS status to
This is a step of designating an area (address) of the I / BIOS. S35 disables (disables) the operation of the built-in SCSI hardware (SCSI H / W) when SCSI / BIOS is selected in the disabled state (see FIG. 12).
It is the step to make.

The operation of the second embodiment will be described here. The user specifies on the setup screen whether to allow any address of SCSI / BIOS or prohibit the built-in SCSI function, and stores the state in the non-volatile memory.

SCSI in the setup at this time
FIG. 12 shows an example of BIOS permission / prohibition (accessibility of the ROM storing the SCSI / BIOS) and address area selection at the time of permission.

Under the setting conditions registered in the above-mentioned non-volatile memory, referring to the flowchart of FIG. 10, the control operation at the time of device access of the built-in SCSI hardware (SCSI H / W) will be described.

First, the nonvolatile memory is read (see FIG. 10).
Step S31), SCSI / BIOS permission / prohibition (S
The accessibility of the ROM storing the CSI / BIOS is checked (step S32 in FIG. 10).

If the SCSI / BIOS is enabled, the built-in SCSI hardware (SCSI H / W) is enabled (step S33 in FIG. 10), and the read CM
From the OS memory, it is checked which address is permitted, and SCSI / BIOS is permitted (step S34 in FIG. 10).

If the SCSI / BIOS is disabled (disabled), the built-in SCSI hardware (S
CSI H / W) is prohibited (step S in FIG. 10).
35).

At this time, the SCSI / BIOS permission / prohibition control is performed by permitting / prohibiting the operation of the address comparison circuit which determines whether the ROM storing the SCSI / BIOS can be accessed.

As described above, by incorporating the SCSI function in the main body and having the hardware capable of enabling / disabling the SCSI function, the board can be removed when the user wants to use another option card. Without doing so, the selection operation can be easily performed by selecting the SCSI function by setup. Further, by making the use area of the SCSI hardware selectable in the setup, it is possible to eliminate the collision with other option cards by a simple operation.

(Third Embodiment) Next, a third embodiment of the present invention will be described with reference to FIGS. FIG. 13 is the third
FIG. 3 is a block diagram showing components of essential parts in the system in an example.

In FIG. 13, 80 is a CPU 81 and RO
It is a system bus that interconnects each component in the system such as M84, RAM 87, and various I / O. Reference numeral 81 denotes a CPU that controls the entire system. Here, the processing shown in FIG. 14 is executed according to the control program in the ROM when the system power is turned on.

Reference numeral 82 denotes a system side hard disk device (hereinafter referred to as system side HDD) connected to the system by an IDE interface, for example. 83 is SC
A SCSI hard disk device (hereinafter referred to as SCSI HDD) interface-connected to the system via SI hardware and a SCSI bus.

Reference numeral 84 denotes a ROM, which stores a system side HDD control program 85 and a setup program 86. Reference numeral 85 is a system-side HDD control program in the ROM 84, and the system-side HDD 8
2 and the HDD total number table 83 are controlled. 86 is a set-up program, which is the H side of the system.
Information (presence / absence, capacity, etc.) of the DD 82 and the SCSI HDD is displayed.

A RAM 87 stores a SCSI HDD control program 88 and a HDD total number table 89. 88 is a SCSI side HDD control program,
It controls the SCSI side HDD 83 and the HDD total number table 89. 89 is a total HDD table, which is on the system side H
This shows the total number of DD 82 and SCSI HDD 83.

FIG. 14 is a flow chart showing the flow of processing of the fourth embodiment. In FIG. 14, S41 is a step of setting the number of system-side HDDs 82 in the HDD total table 89 by the system-side HDD control program 85 immediately after the system is started.

After the step of S41, S42 is set to SCSI.
The HDD on the SCSI side by the HDD control program 88 on the HDD side
This is a step of adding the number of machines of 83 to the HDD total table 89.

Step S43 is a step showing that the setup program 86 has been started up during an arbitrary period during system startup. S44 relates to the system side HDD 82,
This is a step in which the setup program 86 performs processing such as capacity display.

S45 is a step of judging whether or not the SCSI HDD 83 exists. In step S46, if the SCSI-side HDD 83 exists, the SCSI-side HDD 8 is executed by executing the SCSI-side HDD control program 88.
This is a step of obtaining various kinds of information of 3 (number of heads, number of sectors, number of cylinders, etc.).

Step S47 is a step for performing processing for the SCSI HDD 83 as well as the system HDD 82 based on the information obtained in S46. Here, the operation of the fourth embodiment will be described with reference to the flow chart shown in FIG.

When the system is started, the system-side HDD control program 85 which operates immediately after the system is started checks the number of system-side HDDs 82, and the result is H
The DD total number table 89 is stored (step S4 in FIG. 14).
1).

Subsequently, the SCSI HDD control program 88 checks the number of SCSI HDDs 83 and adds the result to the HDD total table 89 (step S42 in FIG. 14).

At this point, the total HDD table 89 contains
The total number of system-side HDDs 82 and SCSI-side HDDs 83, that is, the total number of HDDs actually connected to the system is stored.

Then, when the setup program 86 is activated (step S43 in FIG. 14), the setup program 86 first controls the system-side HDD 82 in the conventional manner (step S44 in FIG. 14).

Thereafter, the number of HDDs 82 on the system side and H
By comparing the values in the DD total number table 89 (see FIG.
4 step S45), it is possible to know whether or not the SCSI HDD 83 exists.

If the SCSI HDD 83 exists, the function of the SCSI HDD control program 88 can be executed to obtain the number of heads, sectors, and cylinders of the SCSI HDD 83 (step S4 in FIG. 14).
6).

Based on the information obtained by this processing, the capacity is displayed in the same manner as in the case of the system HDD 82 (step S47 in FIG. 14). As a result, the SCSI HDD
Confirm the existence of 83, if there is, obtain the capacity,
The same processing as the system-side HDD 82 is performed, and as a result, the system-side HDD 82 and the SCSI-side HDD 83 can be handled without distinction, so that all users can accurately recognize the actual hard disk mounting state of the entire system, and all users can be confused. You can handle the system effectively.

[0166]

As described in detail above, according to the present invention, SCSI-dedicated hardware mounted inside the system,
Password registration means that can set multiple passwords,
Password checking means that compares the password entered when the system is used with the registered password, control means that identifies the system function according to the type of password that matches the registered password, and the registered password that has unique access rights And a security register (access right register) capable of canceling / prohibiting the SCSI device access right inside the system, which is included in the device access right for specifying the usable device among the above access rights. ) And a non-volatile memory such as EEPROM capable of setting the presence / absence of the SCSI device access right.
SC inside the device including device access right of internal SCSI
By adopting a configuration in which the SI mechanism is provided with a security function, it is possible to realize an effective security function for identifying and limiting the use of the device connected to the internal SCSI.

Further, according to the present invention, the SCSI hardware built in the system, the control program memory for storing the SCSI / BIOS of the built-in SCSI hardware, and the non-volatile memory for storing the status of the SCSI / BIOS are provided. , A means for prohibiting / permitting access to the SCSI / BIOS stored in the control program memory according to the contents of the non-volatile memory.
With the configuration that enables / disables the SCSI function of the I hardware selectively, the internal SCSI function can be selected by setup without removing the board when the user wants to use another option card. It will be possible.

Further, according to the present invention, the SCSI hardware built in the system, the control program memory for storing the SCSI / BIOS of the built-in SCSI hardware, the inhibition of the SCSI / BIOS, or the selection of the permission address are selected. Setup means for setting, a non-volatile memory for storing the status of the SCSI / BIOS according to the above setting, means for prohibiting / permitting access to the SCSI / BIOS stored in the control program memory according to the contents of the non-volatile memory, By adopting a configuration including means for selecting the SCSI / BIOS address area according to the contents of the nonvolatile memory, the SCSI / B
The access permission / prohibition control of SCSI / BIOS by selecting the address area of IOS can eliminate the conflict between the internal SCSI hardware and other option cards.

Further, according to the present invention, in a system incorporating SCSI hardware, a system side hard disk drive connected to the system by a specific internal interface such as an IDE interface and the system side hard disk drive are controlled. A system-side hard disk control program, a SCSI-side hard disk drive connected to the SCSI hardware, and a SCSI-side hard disk control program that controls the SCSI-side hard disk drive and has a start-up address common to the start-up address of the control program; Referring to this table, the total number of hard disk drives controlled by the system side hard disk control program and the SCSI side hard disk control program The hard disk drive connected to the system is provided with a setting means for determining the type of all hard disk drives, displaying the hard disk drive capacity, and enabling / disabling the setting, and the SCSI hard disk drive as the system hard disk drive. Similarly, by allowing the user to set the usage, all users can accurately recognize the actual hard disk mounting state of the entire system, and all users can effectively handle the system without confusion.

[Brief description of drawings]

FIG. 1 is a diagram for explaining a basic configuration in a first embodiment of the present invention, (a) is a block diagram showing a basic configuration of a main part of the present invention, and (b) is an operation example. FIG.

FIG. 2 is a block diagram showing a system configuration according to the first embodiment of the present invention.

FIG. 3 is a block diagram showing a configuration of a main part of the embodiment shown in FIG.

FIG. 4 is a block diagram showing an internal configuration of the PCMCIA gate array shown in FIG.

5 is a diagram for explaining the contents and structure of a password and an access right stored in the EEPROM shown in FIGS. 2 and 3. FIG.

FIG. 6 is a diagram for explaining the contents and structure of a password and access right stored in the EEPROM shown in FIGS. 2 and 3;

FIG. 7 is a diagram showing a control mechanism unit of an access right set in a security register (SR) of the PCMCIA gate array shown in FIGS. 2 to 4;

FIG. 8 is a CPU side and a keyboard controller (K) in the password check process in the first embodiment.
The flowchart which shows each processing procedure of the BC side.

9 is a flowchart showing the password check shown in FIG. 8 and the access right setting processing procedure associated with the password check.

FIG. 10: Built-in SCSI in the second embodiment of the present invention
The flowchart which shows the control-processing procedure of hardware use permission / prohibition.

FIG. 11 is a block diagram showing a functional configuration of essential parts of the second embodiment.

FIG. 12 is a diagram showing an example of SCSI / BIOS permission / prohibition at the time of setup and an address area selection at the time of permission in the second embodiment.

FIG. 13 is a block diagram showing a configuration of a main part in a system according to a third embodiment of the present invention.

FIG. 14 is a flowchart showing the flow of processing of the fourth embodiment.

[Explanation of symbols]

1 ... Password control means, 2 ... Password storage means, 1
1 ... System bus (ISA-BUS), 12 ... Peripheral interface bus (PI-BUS; PeripheralInterfac)
e BUS), 13 ... Keyboard interface bus (K
BC-BUS), 14 ... Power supply interface bus (P
SC-BUS), 15 ... EEPROM access dedicated line, 21 ... CPU, 22 ... I / O controller (I / O)
-CONT), 23 ... system memory, 24 ... DRAM
Card, 25 ... BIOS-ROM, 26 ... PCMCIA
-GA (PCMCIA gate array), 27 ... Floppy disk controller (FDC), 28 ... PCMCI
A gate array (PCMCIA / GA), 29 ... EEP
ROM, 30 ... Keyboard controller (KBC), 3
1 ... Expansion connector, 32 ... Display controller (VGA controller), 33 ... Image memory (VRAM), 41 ...
Serial port, 42 ... Hard disk drive (HD
D), 43 ... Printer port (EPP), 44 ... Status LCD, 45 ... Floppy disk drive (FD)
D), 46 ... Power supply controller (PSC), 51 ... Keyboard (KB), 52 ... Mouse, 53 ... External keyboard, 100 ... Security register (SR), 201 ...
Dedicated register group, 202 ... ISA-BUS interface logic, 203 ... KBC-BUS interface logic, 204 ... EEPROM interface logic, 205 ... Password control logic, 80
... system bus, 81 ... CPU, 82 ... system-side hard disk device (system-side HDD), 83 ... SCSI
Side hard disk drive (SCSI side HDD), 84 ... R
OM, 85 ... System side HDD control program, 86 ...
Set up program, 87 ... RAM, 8
8 ... SCSI side HDD control program, 89 ... HDD total number table.

Claims (4)

[Claims] 1. A dedicated hardware for SCSI installed in the system, a password registration means capable of setting a plurality of passwords, a password check means for checking the password input when the system is used with the registered password, and the same means. The control means that identifies the system function according to the type of password that matches the password, the access right definition means that defines the access right unique to each of the registered passwords, and the usable device of the access rights is specified. A password-based device is provided with a register included in the device access right to enable / disable the SCSI device access right inside the system and a non-volatile memory capable of setting the presence or absence of the SCSI device access right. Access right includes internal SCSI device access right,
A portable computer system characterized in that the SCSI mechanism inside the device has a security function. 2. The SCSI hardware built into the system and SCSI B of the built-in SCSI hardware
Control program memory for storing IOS, SCSI
A non-volatile memory for storing the status of the BIOS, and means for prohibiting / permitting access to the SCSI / BIOS stored in the control program memory according to the contents of the non-volatile memory are provided.
A portable computer system characterized by being able to selectively enable / disable the SI function. 3. The SCSI hardware built into the system and the SCSI / B of this built-in SCSI hardware
Control program memory for storing IOS, SCSI
Setup means for setting BIOS inhibition or permission address selection, and SCSI BIOS according to the above settings
A non-volatile memory for storing the status of the non-volatile memory, means for prohibiting / permitting access to the SCSI / BIOS stored in the control program memory according to the content of the non-volatile memory, and SCSI / BI according to the content of the non-volatile memory.
Means for selecting an address area of the OS,
SCSI / BI by selecting I / BIOS address area
A portable computer system characterized by eliminating collision between internal SCSI hardware and other option cards by controlling access permission / prohibition of the OS. 4. A system hard disk drive connected to the system through a specific internal interface in a system incorporating SCSI hardware,
The system side hard disk control program for controlling this system side hard disk drive, and the above SCSI
A SCSI hard disk drive connected to hardware, a SCSI hard disk control program that controls the SCSI hard disk drive and has a common start address with the start address of the control program, the system hard disk control program, and the SCSI. Hard disk drive total number table controlled by the side hard disk control program,
The SCSI hard disk drive is equipped with a setting means for determining the type of all hard disk drives connected to the system by referring to this table and displaying the hard disk drive capacity to enable / disable setting. A portable computer system that can be used and set by the user in the same manner as the system hard disk drive.