JPWO2003083678A1 - Access control device and data management device - Google Patents

Abstract

The access control device 1 has a plurality of interface ports A to D to which an external device 2 is connected, and permits access to the hard disk 3 connected to the access ports a to d for each of the interface ports A to D. Can be set. Therefore, since the setting according to the property of the external device 2 connected to each interface port can be performed, it is possible to prevent the shared data stored in the hard disk 3 from being falsified or destroyed due to user's erroneous operation or intention.

Description

Technical field
The present invention relates to an access control device that controls access from an external device such as reading, rewriting, writing, and deleting data to a storage device such as a hard disk that stores data shared by a plurality of users, and a data management device.
Background art
Conventionally, a server device that stores shared data and shared data stored in the server device so that a plurality of users can use data stored in a storage device such as a hard disk (hereinafter referred to as shared data). The management device for the administrator who manages the network and the personal terminal for the user who uses the shared data are connected to the network. In addition, in order to prevent the shared data from being rewritten or destroyed due to user's mistaken operation, etc., many network systems prohibit users from rewriting, writing and deleting shared data. Only reading (downloading) of data is permitted. In particular, in the case of a server device that publishes shared data on the Internet, there are many cases where users are prohibited from rewriting, writing, and deleting shared data because they are accessed by an unspecified number of users. . For example, when rewriting, writing, and deleting shared data with respect to a server device, authentication by a password or the like (a person who is permitted to rewrite, write, or delete shared data with respect to a storage device (shared data By authenticating whether or not the user is an administrator), rewriting, writing, and deletion of shared data is prohibited for a person (user) who does not know the password.
Note that the user does not need to rewrite, write, and delete the shared data, as long as the shared data can be downloaded from the server device and used.
Further, the rewriting referred to here is a change / update of the shared data stored in the server device, and the writing is to add new shared data to the server device.
However, there is an increasing number of crimes that falsify (deliberately rewrite) or destroy the shared data stored in the server device (crimes by hackers). The method of permitting deletion has a problem that the security of shared data is low.
In addition, there is a network system that is operated in an environment in which when shared data read from a storage device is used by a user, new shared data is created or the shared data stored in the storage device changes. is there. For example, in a hospital, a medical chart system in which a medical chart of each patient is stored in a storage device is used. The medical record system is a system for a doctor (user of the medical record system) to perform an appropriate medical action on a patient. The doctor reads the patient's chart from the storage device, confirms the medical history of the patient so far, and determines the contents of the current medical practice for the patient. When the current medical practice for the patient is completed, the doctor must replace the patient's chart stored in the storage device with a chart to which the contents of the current medical practice are added. For this reason, if a medical chart system is comprised with the network system which does not permit rewriting of a medical chart (shared data) with respect to a doctor, the content of the medical practice which the doctor performed with respect to the patient cannot be registered into the patient's medical chart. In this case, there is a high possibility that a medical accident cannot occur properly because the same medical action is performed on the patient in duplicate, and a medical accident occurs. For this reason, the medical record system is configured by a network system that allows a doctor to rewrite the patient's medical record, which is shared data.
As described above, many network systems are operated in an environment in which the user is allowed to rewrite the shared data stored in the storage device. In the network system operated in such an environment, the shared data due to the user's erroneous operation is stored. The shared data was not adequately protected from the useless rewriting of the file or the alteration of the shared data by a malicious person.
An object of the present invention is to prevent the data stored in the storage device from being tampered with or destroyed due to an erroneous operation or intention of the user, and to improve the security of the data, and the data It is to provide a management device.
Disclosure of the invention
The access control device of the present invention
Multiple interface ports to which external devices are connected;
An access port to which a storage device for storing data is connected;
For each interface port, the type of access permitted to the storage device is set, and when an access request to the storage device is input to any interface port, the interface port is permitted. And a control unit that determines whether or not the input access request can be executed based on the type of access.
In this configuration, the type of access permitted to the storage device connected to the access port is set in the control unit for each interface port to which the external device is connected. The external device mentioned here is a personal terminal operated by a user who uses data (shared data) stored in the storage device, or a management device operated by an administrator who manages the shared data stored in the storage device It is.
The type of access is, for example,
(1) Reading shared data stored in the storage device,
(2) Rewriting shared data stored in the storage device
(3) Write shared data to the storage device,
(4) Deletion of shared data stored in the storage device
It is. The control unit performs setting for permitting one or a plurality of (1) to (4) above for each interface port.
In addition, when the access request for the storage device is input to any interface port, the control unit executes the access request input based on the type of access permitted to the interface port. Judgment is made.
For example, in the interface port where the type of access permitted is only the above (1), if the input access request is the above (1), it is determined that the access request can be executed. On the other hand, if the access request input at the interface port is (2) to (4), it is determined that the input request cannot be executed. For this reason, if a user who only allows downloading of shared data stored in the storage device is set to permit only reading of shared data to the interface port connected to the user, the user connected to the interface port It is possible to prevent the erroneous operation of the data and the intentional alteration or destruction of the shared data stored in the storage device.
In addition, it is possible to set the type of access permitted for each interface port so that it can be set by operation on the main unit of the device, and not to be set by remote operation from an external device. Improvement can be achieved.
In addition, the interface port to which the device (external device) operated by the administrator who manages the shared data is connected is set to permit all of the above (1) to (4), so that the administrator can share the interface port. There is no need to manage data. If the above (1) and (3) are permitted for the interface port, the user connected to the interface port can not only read the shared data but also add the shared data. If this setting is used, the shared data can be shown to the user, an impression of the shared data can be obtained from the user, and this can be used as a new shared data, and the system is connected to the interface port of the setting. Since the user cannot rewrite or delete the shared data, the security for the shared data can be sufficiently secured.
Furthermore, each interface port can be set to permit one or more of the above (1) to (4), so that it can be set according to the nature of the user connected to the interface port, and can be used for various purposes. However, the security of shared data can be sufficiently secured.
The invention also provides
An interface port to which an external device is connected;
A plurality of access ports to which storage devices for storing data are connected;
For each access port, the type of access permitted for the connected storage device is set, and a request for access to the storage device connected to one of the access ports is input to the interface port A controller that determines whether or not an input access request can be executed based on a type of access permitted to the access port to which the storage device to which access is requested is connected. ing.
In this configuration, the control unit sets the type of access permitted for the storage device connected to each access port ((1) to (4) described above). In addition, when there is a request for access to a storage device connected to any access port at the interface port, the control unit is input based on the type of access permitted for the access port. It is determined whether or not the access request can be executed.
For example, if the access request input to the storage device connected to the access port whose only permitted access type is (1) is the above (1), this access request It is determined that execution is possible. On the other hand, if the access request input to the storage device connected to the access port is (2) to (4), it is determined that the input request cannot be executed.
In this way, since the type of access permitted for the storage device connected to each access port can be set, the nature of the shared data stored in the storage device, for example, the shared data can be shown to the user. In the case of a system that obtains an impression on the shared data from the user, a type that permits access depending on a storage device that stores the shared data to be presented to the user, a storage device that stores the obtained user's impression Can be set.
For the access port to which the storage device for storing the shared data to be presented to the user is connected, only reading of the shared data needs to be permitted, and the access to which the storage device for storing the obtained user's impression is connected. For the port, only writing of shared data is permitted.
The invention also provides
An interface port to which an external device is connected;
An access port to which the storage device is connected;
The type of access permitted to the storage device connected to the access port is set to data read and new write, and an access request to the storage device input to the interface port is a data read or A control unit that executes an input access request if it is any of new writing, and ignores the input access request if it is a request other than reading of a data file or new writing. .
In this configuration, a storage device that stores data, such as a hard disk, is connected to the access port, and an external device that uses data stored in the storage device is connected to the interface port. If there is a request for reading or writing data from an external device connected to the interface port, the control unit executes the request, but reads the data from the external device connected to the interface port, or Even if there is a request other than new writing, for example, a request to rewrite (overwrite) or delete data, this request is ignored.
Therefore, the data stored in the storage device connected to the access port cannot be rewritten or deleted. As a result, data stored in the storage device connected to the access port can be sufficiently protected from unnecessary rewriting due to a user's erroneous operation or tampering by a malicious person.
Further, when a new data write request to the storage device is input to the interface port, the request is executed. Therefore, the system is used in an environment where the user needs to update the data stored in the storage device. Even so, updated data can be stored in the storage device by newly writing the newly generated data to the storage device.
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, an access control apparatus according to an embodiment of the present invention will be described in detail.
FIG. 1 is a diagram showing a network system to which an access control apparatus according to an embodiment of the present invention is applied. In the figure, reference numeral 1 denotes an access control apparatus according to an embodiment of the present invention. The access control device 1 includes a plurality of (four in this embodiment) interface ports A to D to which external devices 2 (2A to 2D) are connected, and a hard disk 3 (3a to 3d) (a storage device referred to in the present invention). Are connected to each other (four in this embodiment). The external device 2 is a management device for an administrator who manages the shared data stored in the storage device 3 and the personal terminal of the user who uses the shared data. The type of the external device 2 is not particularly limited as long as it is a device having a data communication function, such as a personal computer or a portable terminal. The access control apparatus 1 and the external device 2 may be configured to be directly connected by a cable, or may be configured to be connected via a network such as a LAN or the Internet. The access control device 1 and the hard disk 3 constitute a server device. The server device may be configured such that the access control device 1 and the hard disk 3 are integrated.
FIG. 2 is a diagram showing the configuration of the access control apparatus according to the embodiment of the present invention. The access control device 1 includes a control unit 11 that controls the operation of the main body, an interface controller 12 (12A to 12D) that controls input / output for each interface port A to D to which the external device 2 is connected, and an interface port A. FIFO 13 (13A to 13D) for temporarily storing data input / output for each D, cache controller 15 for controlling the cache memory 14, and access ports a to d to which the hard disk 3 is connected FIFO 16 (16a to 16d) for temporarily storing data to be stored, and a device controller 17 for controlling the hard disk 3 (3a to 3d) connected to each access port a to d. The interface controller 12 controls connection with other devices (external devices) through an interface such as SCSI or IDE. The device controller 17 controls reading and writing of data with respect to the hard disk 3 connected to the access ports a to d.
The access control device 1 sets the type of access permitted for the hard disk 3 connected to the access ports a to d for each of the interface ports A to D. This setting can be changed only by an operation unit (not shown) provided in the access control apparatus 1 and is configured not to be changed by the external device 2 connected to the interface ports A to D.
Each interface port A to D has
(1) Reading shared data stored in the hard disk 3,
(2) Rewriting shared data stored in the hard disk 3 (changing stored shared data),
(3) Writing new shared data to the hard disk 3,
(4) Deletion of shared data stored in the hard disk 3
A setting for permitting one or more of the above is made. When each interface controller 12 receives a request for access to the hard disk 3, the interface controller 12 determines whether the access type is a type permitted by the control unit 11. If the request is accepted and it is determined that the request is not permitted, the request is rejected.
In this embodiment, the interface port A is set to permit only reading of shared data, the interface port B is set to permit reading of shared data and rewrite of shared data, and the interface port C reads shared data. In this example, the interface port D is a setting that permits writing of shared data, and the interface port D is a setting that permits reading of shared data, rewriting of shared data, writing of shared data, and deletion of shared data.
A personal terminal (external device 2A) of a user (general user) who only downloads and uses shared data is connected to the interface port A. A user who not only downloads and uses the shared data but also rewrites the shared data as necessary is connected to the interface port B. A user who not only downloads and uses shared data but also writes new shared data as necessary is connected to the interface port C. Furthermore, a shared data manager who reads, rewrites, writes, and deletes shared data as necessary is connected to the interface port D.
A RAID level 0/1 system is configured by four hard disks connected to the access ports a to d. Specifically, the two hard disks 3a and 3b connected to the access ports a and b function as data storage for storing shared data, and the two hard disks 3c and 3d connected to the access ports c and d. Functions for mirroring the hard disk 3 connected to the access ports a and b, respectively. The shared data divided into blocks of a predetermined size is stored in the two hard disks 3a and 3b connected to the access ports a and b. Specifically, odd-numbered blocks are stored in the hard disk 3a, and even-numbered blocks are stored in the hard disk 3b.
The hard disk 3c for mirroring stores odd-numbered blocks, and the hard disk 3d stores even-numbered blocks.
The hard disk 3c functions as a backup for the hard disk 3a, and the hard disk 3d functions as a backup for the hard disk 3b.
When rewriting or writing shared data, the device controller 17 divides shared data to be rewritten or shared data to be written into blocks of a predetermined size, and stores them in the hard disks 3a and 3b connected to the access ports a and b. Write. At this time, the shared data divided into blocks of a predetermined size is also written to the hard disks 3c and 3d connected to the access ports c and d. The shared data written to the hard disks 3a and 3c is the same block, and the shared data written to the hard disks 3b and 3d is the same block. Further, when deleting the shared data, the device controller 17 sets an area where the corresponding shared data is stored as a free area in the hard disks 3a to 3d connected to the access ports a to d. Further, when reading the shared data, the device controller 17 reads the odd-numbered data divided into blocks of a predetermined size from the hard disk 3a connected to the access port a, and is connected to the access port b. Read even-numbered data divided into block units of a predetermined size from the hard disk 3b, and create shared data by arranging them in order (the shared data divided into blocks of a predetermined size is integrated ).
Hereinafter, the operation of the access control apparatus 1 of this embodiment will be described. FIG. 3 is a flowchart showing the operation of the access control apparatus. Each of the interface controllers 12A to 12D is waiting for an access request to the hard disk 3 that is independently connected to the access ports a to d to be input to the interface ports A to D (s1). The access request input to the interface ports A to D is reading, rewriting, writing, or deletion of shared data.
When an access request for the hard disk 3 is input to the connected interface port, the interface controller 12 determines whether the access request is of a type permitted for the connected interface port. (S2). If the interface controller 12 determines that the type of access request is permitted in s2, the interface controller 12 executes processing based on the request (s3). Conversely, if it is determined that the type is not permitted in s2, an error command is transmitted to the external device 2 that has transmitted the access request (s4).
When completing the process of s3 or s4, the access control device 1 returns to s1 and repeats the above process.
As described above, in the access control device 1 of this embodiment, the type of access permitted for each interface port is set, and when an access request of an unauthorized type is input, the access request is issued. I refuse. Therefore, setting according to the property of the external device 2 connected to the interface port can be performed. For example, if the interface port for connecting the external device 2 of the user who only downloads and uses the shared data stored in the hard disk 3 is set to permit only reading of the shared data, It is possible to prevent the shared data from being falsified or destroyed intentionally. Thereby, the security of shared data can be improved.
Since the user only downloads and uses the shared data, there is no problem even if the rewriting, writing, or deleting of the shared data is prohibited.
Further, by providing an interface port that permits reading and writing of shared data, such as interface port C, a questionnaire method for presenting shared data to the user and obtaining an impression of the presented shared data from the user, etc. It can correspond to. However, the external device 2 connected to the interface port C also denies the access request for rewriting or deleting the shared data, so that the shared data is falsified or destroyed due to user's misoperation or intention. Can be prevented.
Furthermore, for an interface port that permits reading, rewriting, writing, and deletion of shared data, such as the interface port D, an external device 2 that manages the shared data may be connected. Thereby, the administrator can smoothly manage the shared data stored in the hard disk 3.
Note that the security of shared data can be further improved by performing authentication with a password at the time of rewriting or deleting the shared data. On the contrary, if the authentication by the password is eliminated, the workability when rewriting or deleting the shared data can be improved.
The process executed in s3 is any one of reading, changing, adding, and deleting shared data. FIG. 4 is a flowchart showing shared data read processing. The interface controller 12 to which the access request is input transfers the shared data read request to the cache controller 15 (s11). This read request includes data for specifying the shared data to be read.
The cache controller 15 determines whether the shared data (corresponding shared data) requested by the transferred read request is stored in the cache memory 14 (s12). When the cache controller 15 determines that the shared data corresponding to the cache memory is stored in s12, the cache controller 15 notifies the interface controllers 12A to 12D that have transmitted the read request of the completion of reading the shared data (s15). On the other hand, if it is determined in s12 that it is not stored in the cache memory, the device controller 17 is instructed to read the corresponding shared data (s13).
The device controller 17 instructed to read the shared data reads the corresponding shared data from the hard disks 3a and 3b connected to the access ports a and b, and writes it in the cache memory 14 (s14).
As described above, the shared data is divided into blocks of a predetermined size, odd-numbered data is stored in the hard disk 3a connected to the access port a, and even-numbered data is stored in the hard disk 3b connected to the access port b. Is stored. The shared data read from the hard disks 3a and 3b is temporarily stored in the FIFOs 16a and 16b. The device controller 17 alternately retrieves stored shared data from the FIFOs 16a and 16b, and writes them in the cache memory 14 in the order of retrieval. As a result, the shared data divided and stored in blocks of a predetermined size on the hard disks 3a and 3b are integrated (appropriate shared data is created). Further, since the shared data is read from the hard disks 3a and 3b at the same time, the time required for reading the shared data stored in the hard disk 3 is longer than when the shared data is stored in a single hard disk without being divided. About half.
When the device controller 17 completes the reading of the corresponding shared data, it notifies the cache controller 15 to that effect (s15).
When the completion of reading the corresponding shared data is notified from the device controller 17, the cache controller 15 transfers the reading completion to the interface controller 12 that has transferred the shared data read request this time (s16). The cache controller 15 transfers the corresponding shared data stored in the cache memory 14 to the interface controller 12 (s17). The cache controller 15 sequentially reads out the corresponding shared data stored in the cache memory 14 in s17 and records it in the FIFO 13.
The interface controller 12 to which the completion of reading of the shared data is transferred from the cache controller 15 reads the shared data stored in the FIFO 13 in order, and the external that has requested access (reading of shared data) to the hard disk 3 this time. The shared data is output from the interface port to the device 2 (s18).
As a result, the external device 2 connected to the interface port permitted to read the shared data can download and use the shared data.
Next, the shared data rewriting process executed in s3 will be described. FIG. 5 is a flowchart showing shared data rewriting processing. The interface controller 12 transfers the shared data rewrite request to the cache controller 15 (s21). This rewrite request includes data for specifying shared data to be rewritten. Further, the interface controller 12 writes the shared data to be rewritten, which is transmitted from the external device 2 together with the shared data rewrite request, into the FIFO 13 (s22).
The cache controller 15 secures an empty area in the cache memory 14 (s23), reads the shared data to be rewritten from the FIFO 13, and stores it in the reserved empty area (s24). When the cache controller 15 stores the shared data to be rewritten in the cache memory 14, the cache controller 15 instructs the device controller 17 to rewrite the shared data (s25).
The device controller 17 that has been instructed to rewrite the shared data from the cache controller 15 instructs the four hard disks 3a to 3d connected to the access ports a to d to rewrite the shared data (s26). Further, the device controller 17 reads the corresponding shared data (shared data to be rewritten) stored in the cache memory 14 and writes the shared data divided into predetermined block units into the FIFOs 16a and 16b. At this time, the device controller 17 has written the same data as the data written in the FIFO 16a into the FIFO 16c, and has written the same data as the data written into the FIFO 16b into the FIFO 16d.
The hard disks 3a to 3d take in the shared data stored in the FIFOs 16a to 16d, respectively, and rewrite the corresponding shared data (s27).
Next, the shared data writing process executed in s3 will be described. FIG. 6 is a flowchart showing shared data write processing. The interface controller 12 to which the access request is input transfers the shared data write request to the cache controller 15 (s31). This write request includes shared data to be written to the hard disk 3. The interface controller 12 writes the shared data to be written to the hard disk 3 transmitted from the external device 2 together with the shared data write request to the FIFO 13 (s32).
The cache controller 15 secures an empty area in the cache memory 14 (s33), reads the shared data to be written from the FIFO 13, and stores it in the reserved empty area (s34). When the cache controller 15 stores the shared data to be written in the cache memory 14, the cache controller 15 instructs the device controller 17 to write the shared data (s35).
The device controller 17 that has been instructed to write shared data from the cache controller 15 instructs the four hard disks 3a to 3d connected to the access ports a to d to write shared data (s36). Further, the device controller 17 reads the corresponding shared data (shared data to be written) stored in the cache memory 14, divides it into blocks of a predetermined size, writes the odd-numbered block data to the FIFO 16a, and The data of the second block is written into the FIFO 16b. At this time, the device controller 17 has written the same data as the data written in the FIFO 16a into the FIFO 16c, and has written the same data as the data written into the FIFO 16b into the FIFO 16d.
The hard disks 3a to 3d take in the shared data stored in the FIFOs 16a to 16d, respectively, and write the shared data corresponding to the free space (s37).
The time required for writing the shared data is approximately half as compared with the case where the shared data is stored in a single hard disk without being divided.
Furthermore, the shared data deletion process executed in s3 will be described. FIG. 7 is a flowchart showing shared data deletion processing. The interface controller 12 having received the access request transfers a shared data deletion request to the cache controller 15 (s41). This deletion request includes data for specifying shared data to be deleted.
The cache controller 15 transfers the deletion request transferred from the interface controller 12 to the device controller 17 (s42).
The device controller 17 instructs the hard disks 3a to 3d to delete the shared data instructed by this deletion request (s43).
The hard disks 3a to 3d delete the instructed shared data by setting the storage area storing the shared data instructed to be deleted this time to an empty area. Here, the area set as an empty area (the area where the deleted shared data is stored) is used as an area for writing the shared data in the writing process.
Thus, since the RAID level 0/1 is configured by the four hard disks 3a to 3d connected to the access ports a to d, the shared data can be read, rewritten and written at high speed. Even if any one of the hard disks 3a to 3d fails, the shared data stored in the failed hard disk is stored in another hard disk, so that the shared data is not lost.
In the above embodiment, the RAID level 0/1 is configured by the four hard disks 3a to 3d connected to the access ports a to d. However, the present invention is not limited to this, and the RAID level is a different level. The RAID may not be configured.
Next, an embodiment in which the data management devices 1 and 3 in which the access control device 1 and the hard disk 3 of the above embodiment are integrated is applied to a system that publishes shared data on the Internet will be described. FIG. 8 is a diagram showing the configuration of the system according to this embodiment. A personal terminal 2A (external device 2A) of a user who downloads shared data via the Internet 21 is connected via the Web server 23 to the interface port A of the data management devices 1 and 3 that are only allowed to read the shared data. ing. Further, a management server device 24 of an administrator connected to the intranet 22 is connected to the interface port D that is allowed to read, rewrite, write, and delete the shared data. A management device 2D (external device 2D) operated by a manager of shared data is connected to the intranet 22 and accesses the data management devices 1 and 3 via the management server device 24.
A user accesses the data management apparatuses 1 and 3 via the Internet 21 and the Web server 23 and requests download (reading) of shared data. Since the access request to the data management devices 1 and 3 output from the personal terminal 2A operated by the user is input to the interface port A, the user can download and use the shared data as described above. On the other hand, even if the user requests the data management devices 1 and 3 to rewrite, write, and delete the shared data. Therefore, it is possible to prevent the shared data from being falsified or destroyed due to an erroneous operation or intention of a user connected via the Internet 21.
Further, the management device 2D for the manager that manages the shared data includes an interface port D (reading, rewriting, writing, reading of shared data) provided in the data management devices 1 and 3 via the intranet 22 and the management server device 24. And interface ports that are allowed to be deleted). Therefore, the administrator can read, rewrite, write, and delete shared data managed by the data management devices 1 and 3. Therefore, the administrator can manage the shared data smoothly.
Note that the administrator may read, rewrite, write, and delete the shared data in any of the management devices 2D connected to the intranet 22.
Moreover, if the reading and writing of the shared data are permitted to the interface port to which the personal terminal 2A operated by the user is connected (the interface port to which the Web server 23 is connected), the shared data is downloaded. An impression of the downloaded shared data can be obtained as new shared data from the user. Thereby, various systems such as a system in which a plurality of users connected to the data management devices 1 and 3 through the Internet 21 and the Web server 23 interact and a system for conducting a questionnaire to the users can be constructed. . Moreover, since the personal terminal 2 of the user connected via the Internet 21 is not permitted to rewrite or delete the shared data, the shared data may be falsified due to an erroneous operation or intention of the user connected via the Internet 21. It can be prevented from being destroyed.
As described above, since the access control device 1 according to this embodiment is configured to set the type of access permitted for each interface port to which the external device 2 is connected, it can be used for various purposes and can be shared. Sufficient data security can be ensured.
Next, another embodiment of the present invention will be described.
In the above embodiment, the type of access permitted to the hard disks 3a to 3d is set for each interface port A to D. However, in this embodiment, the hard disks 3a to 3d connected to each access port a to d are set. This is an embodiment in which the type of access permitted for a user is set.
here,
(1) The hard disk 3a connected to the access port a is set to permit only reading of shared data.
(2) The hard disk 3b connected to the access port b is set to permit only rewriting of shared data.
(3) The hard disk 3c connected to the access port c is set to permit only writing of shared data.
(4) The hard disk 3d connected to the access port d is set to reject reading, rewriting, writing, and deletion of shared data.
The hard disk 3c connected to the access port c is for backup of the hard disk 3a connected to the access port a.
FIG. 9 is a flowchart showing the operation of the access control apparatus of this embodiment. Each of the interface controllers 12A to 12D waits for an access request to the hard disk 3 connected to the access ports a to d to be input to the interface ports A to D (s51). The access request input to the interface ports A to D is reading, rewriting, writing, or deletion of shared data.
The interface controller 12 determines whether the access request input to the connected interface port is read, rewrite, write, or delete of the shared data (s52 to s54). If it is determined to be read, the shared data read process is executed for the hard disk 3a connected to the access port a (s55). If it is determined that the data is rewritten, the shared data rewriting process is executed for the hard disk 3b connected to the access port b (s56). If it is determined that the data is written, the shared data writing process is executed for the hard disk 3c connected to the access port c (s57). On the other hand, when it is determined to be deleted (when it is determined that none of reading, rewriting, and writing), an error command is transmitted to the external device 2 that has transmitted the access request (s58).
Since the processes of s55, s56, and s57 are substantially the same as the processes shown in FIGS. 4, 5, and 6, respectively, detailed description thereof is omitted here. The only difference is that the shared data is read, rewritten and written to the single hard disk 3.
As described above, according to the access control device 1 of this embodiment, the hard disk on which shared data is rewritten or written is specified, so that the user's erroneous operation or intentional alteration or destruction of the shared data is performed. However, there is no problem because the shared data remains in the hard disk 3a. Even if the hard disk 3a fails, the shared data is not backed up because the shared data is backed up to the hard disk 3d.
In addition, for each interface port A to D, the type of access permitted to each hard disk 3 (the hard disk 3 connected to each access port a to d) may be set. For example, the type of access permitted to each hard disk 3 is set for each interface port A to D using a table (see FIG. 10). For example,
(1) About interface port A
Only read the shared data to the hard disk 3a connected to the access port a,
The access ports b, c, d are set so as not to permit all accesses to the hard disks 3b, 3c, 3d connected.
(2) About interface port B
Only read the shared data to the hard disk 3a connected to the access port a,
Permit only rewriting of shared data to the hard disk 3b connected to the access port b,
Permit only writing of shared data to the hard disk 3c connected to the access port c,
The hard disk 3d connected to the access port d is set not to permit all accesses.
(3) About interface port C
Permit only rewriting of shared data to the hard disk 3a connected to the access port a,
Permit only writing and rewriting of shared data to the hard disk 3b connected to the access port b,
Permit only reading of shared data to the hard disk 3c connected to the access port c,
The hard disk 3d connected to the access port d is set not to permit all accesses.
(4) For interface port D
Only writing shared data to the hard disk 3a connected to the access port a is permitted,
Permit only reading of shared data to the hard disk 3b connected to the access port b,
Permit only rewriting of shared data to the hard disk 3c connected to the access port c,
The hard disk 3d connected to the access port d is set not to permit all accesses.
In this way, the type of access permitted for the hard disk 3 connected to each access port a to d can be set for each interface port A to D. Thereby, the setting according to the property of the external apparatus 2 connected to each interface port AD and the property of the hard disk 3 connected to each access port ad can be performed. As a result, it is possible to deal with various systems and to sufficiently secure the shared data stored in the hard disk 3.
FIG. 11 is a diagram showing a network system to which an access control apparatus according to still another embodiment of the present invention is applied.
In the figure, an access control device 1 includes a plurality of (two in this embodiment) interface ports A and B to which server devices 6 (6A and 6B) are connected, and hard disks 3 (3a to 3d) (referred to in the present invention). A plurality of (four in this embodiment) access ports a to d to which a storage device is connected. The hard disk 3 stores medical records of each patient.
The data storage device referred to in the present invention is one in which the access control device 1 and the hard disks 3a to 3d are integrated.
The interface port A is only allowed to read data (patient chart) to the hard disk 3 connected to the access ports a to d. About new writing, rewriting (overwriting), and deletion of data to the hard disk 3 Is not allowed. The interface port B is a port that allows only new writing of data (patient chart) to the hard disk 3 connected to the access ports a to d, and reads, rewrites and deletes data to the hard disk 3. Is not allowed.
The server device 6A connected to the interface port A is a server device that controls reading of data stored in the hard disk 3 connected to the access ports a to d. The server device 6B connected to the interface port B is a server device that controls new writing of data to the hard disks 3a to 3d connected to the access ports a to d.
Also, 4 shown in FIG. 11 is a network such as a LAN, and 5 is a terminal device such as a personal computer connected to the network 4. The terminal device 5 is an external device operated by a user who reads and uses a medical record stored in the hard disk 3. The terminal device 5 cannot be connected to both the server device 6A and the server device 6B at the same time, but can be selectively connected to either one. A user who operates the terminal device 5 connects to the server device 6A when reading the medical record stored in the hard disk 3, and connects to the server device 6B when writing the medical record to the hard disk 3.
In this embodiment, the terminal device 5 is connected to the interface port of the access control device 1 via the server devices 6A and 6B. However, the interface port of the direct access control device 1 is not connected to the server device 6A and 6B. It may be configured to be connected to A and B.
FIG. 12 is a diagram showing the configuration of the access control apparatus according to the embodiment of the present invention. The access control device 1 includes a control unit 11 that controls the operation of the main body, an interface controller 12 (12A and 12B) that controls input / output for each of the interface ports A and B to which the server devices 6A and 6B are connected, and an interface. FIFO 13 (13A, 13B) that temporarily stores data input / output for each port A, B, cache controller 15 that controls the cache memory 14, and each access port a to d to which the hard disk 3 is connected A FIFO 16 (16a to 16d) that temporarily stores output data and a device controller 17 that controls the hard disks 3 (3a to 3d) connected to the access ports a to d are provided. The interface controller 12 controls connection with the server apparatuses 6A and 6B through an interface such as SCSI or IDE. The device controller 17 controls reading and writing of data with respect to the hard disk 3 connected to the access ports a to d.
Hereinafter, the operation of the embodiment of the present invention will be described by taking as an example a medical record system to which the network system shown in FIG. 11 is applied.
The hard disk 3 stores a medical record for each patient in a text file format. Each patient is given an identification number. The medical record stored in the hard disk 3 is managed by a file name including an identification number of the patient (a feature code as referred to in the present invention) and a serial number of the medical record regarding the patient (a number code as referred to in the present invention). ing. The medical record file name stored in the hard disk 3 is
Patient identification number-serial number. txt
(See FIG. 13). The patient identification number and the serial number are separated by "-". For this reason, if the patient identification number is used as a key, a desired patient chart stored in the hard disk 3 can be searched. Further, when a plurality of desired patient charts are stored in the hard disk 3, the latest chart can be searched by the serial number. In this embodiment, the larger the serial number included in the file name, the newer the chart.
First, the operation of the access control device 1 when a doctor operates the terminal device 5 to read the patient chart stored in the hard disk 3 will be described with reference to FIG.
The doctor operates the terminal device 5 to connect the terminal device 5 to the server device 6A. When the terminal device 5 is connected to the server device 6A, the doctor transmits a medical chart reading request stored in the hard disk 3 to the server device 6A. The server device 6A transfers the request transmitted from the terminal device 5 to the interface port A of the access control device 1.
In this embodiment, when a request for access to the hard disk 3 is received from the terminal device 5 via the network 4, the server device 6A is the type of access request (reading of chart, new writing, rewriting, deleting). Regardless of the request, the request is transferred to the access control apparatus 1.
When an access request to the hard disk 3 is input to the interface port A (s60), the interface controller 12A determines whether the request is a chart reading request (s61). If the interface controller 12A determines in s61 that the request is not a chart reading request (if it is a request for writing, rewriting, or deleting a chart), it ignores the request for access to the current hard disk 3 and terminates this process. To do.
As described above, if the access request to the hard disk 3 input to the interface port A is a request other than the chart reading request, the access control device 1 ignores the request.
The server device 6A determines whether the access request to the hard disk 3 is a medical chart reading request, and when the server device 6A determines that the request is other than the medical chart reading request, the request is transmitted to the interface port A. You may comprise so that it may not transfer to.
If the interface controller 12A determines in s21 that it is a chart reading request, it transfers the chart reading request input this time to the interface port A to the device controller 17 via the cache controller 15 (s62). The chart reading request transferred to the device controller 17 in s22 includes the identification number of the patient reading the chart.
The device controller 17 searches the hard disks 3a to 3d connected to the access ports a to d using the identification number included in the chart reading request transferred in s62 as a key (s63), and the corresponding patient. The chart is read (s64). At this time, the device controller 17 searches the patient's chart stored in the hard disk 3 using the identification number included in the read request, and further uses the file name in the searched chart as a file name. The chart with the largest serial number is read, that is, the latest chart for the patient identified by the identification number.
The medical chart read from the hard disks 3a to 3d in s64 is written in the cache memory 14. When the device controller 17 completes the reading of the chart in s63 (s65), the device controller 17 notifies the cache controller 15 (s66).
When notified of completion of the chart reading from the device controller 17, the cache controller 15 transfers the chart reading completion to the interface controller 12A (s67). Further, the cache controller 15 transfers the corresponding chart stored in the cache memory 14 to the interface controller 12A (s68). The cache controller 15 sequentially reads out the corresponding charts stored in the cache memory 14 in s68 and records them in the FIFO 13A.
The interface controller 12A, to which the completion of reading of the chart from the cache controller 15 has been transferred, sequentially reads the chart stored in the FIFO 13A and outputs it to the server apparatus 6A connected to the interface port A (s69).
The server device 6A transmits the medical chart transmitted from the access control apparatus 1 to the terminal device 5 that has transmitted the medical chart reading request this time via the network 4.
Therefore, the user transmits the medical chart read request stored in the hard disks 3a to 3d to the server apparatus 6A connected via the network 4 in the terminal device 5, thereby identifying the identification number included in the read request. You can get the latest medical records of patients. For this reason, the doctor can easily check the latest medical record of any patient with the terminal device 5.
Next, the operation of the access control apparatus 1 when a patient's medical record for which a medical practice has been completed is newly written to the hard disks 3a to 3d will be described with reference to FIG. When the current medical practice for the patient is completed, the doctor adds the content of the current medical practice to the patient's medical chart previously read out in the terminal device 5. As described above, since the medical chart is a text file, the contents of the current medical practice can be added to the medical chart with a simple operation. When the doctor creates a medical record to which the contents of the current medical practice are added, the doctor connects the terminal device 5 to the server device 6B and transmits a medical record writing request to the hard disk 3. This writing request includes a medical record to which the contents of the current medical practice are added and the identification number of the patient.
The server device 6B transfers the request transmitted from the terminal device 5 to the interface port B of the access control device 1.
In this embodiment, when a request for access to the hard disk 3 is received from the terminal device 5 via the network 4, the server device 6B is the type of access request (data read, new write, rewrite, delete). Regardless of the request, the request is transferred to the access control apparatus 1.
When a request for access to the hard disk 3 is input to the interface port B (s70), the interface controller 12B determines whether the request is a new medical chart write request (s71). If the interface controller 12B determines in s71 that the request is not a new record request (if it is a request related to reading, rewriting, or deleting a chart), the interface controller 12B ignores the current request for access to the hard disk 3 and ends this processing. To do.
As described above, if the request for access to the hard disk 3 input to the interface port B is a request other than the new writing request for the chart, the access control device 1 ignores the request.
The server device 6B determines whether the access request to the hard disk 3 is a medical chart write request, and when the server device 6B determines that the request is a request other than a new write request, the request is interfaced. You may comprise so that it may not transfer to the port B. FIG.
If the interface controller 12B determines that it is a new chart request in s31, it transfers the new chart request to the device controller 17 via the cache controller 15 (s72). At this time, the interface controller 12B sequentially writes the charts to which the contents of the current medical practice input to the interface port B are added to the FIFO 13B. The cache controller 15 sequentially reads the charts written in the FIFO 13B and writes them in the free area secured in the cache memory 14.
The device controller 17 to which the new medical record write request has been transferred from the cache controller 15 searches the hard disks 3a to 3d using the patient identification number included in the new write request as a key, and this time the hard disk 3a to 3d. The file name of the medical record stored in 3d is determined (s73). Specifically, the medical record stored in the hard disks 3a to 3d is searched with the file name including the identification number included in the write request, and further included in the file name among the medical records searched here. Determine the maximum serial number. The device controller 17 determines the serial number of the file name of the medical record stored this time as a value obtained by incrementing the maximum value determined here by one.
The identification number included in the file name is the patient identification number included in the write request.
When the device controller 17 determines the file name of the medical chart to be written to the hard disks 3a to 3d in s73, the medical controller 17 writes the medical chart with the contents of the current medical practice added to the empty areas of the hard disks 3a to 3d (s74). At this time, the device controller 17 sequentially reads out the corresponding charts written in the cache memory 14, and writes them in the FIFO 16 connected to the access ports a to d to which the hard disks 3a to 3d storing the charts are connected. The hard disk 3 stores the charts sequentially read from the FIFO 16 in the free areas of the hard disks 3a to 3d.
As described above, the terminal device 5 can newly write the patient's chart to the hard disks 3a to 3d. That is, the patient's medical chart is first read out, and a new medical practice content added to the medical chart is newly written. In this embodiment, when a chart is newly written to the hard disks 3a to 3d, the patient's chart stored in the hard disks 3a to 3d is not deleted or overwritten (rewritten) on the stored patient's chart. Even if the doctor misoperates the terminal device 5, the medical records already stored in the hard disks 3a to 3d are not destroyed. In addition, since the medical records stored in the hard disks 3a to 3d cannot be deleted or rewritten, the medical records stored in the hard disks 3a to 3d are altered or deleted by unauthorized access by a malicious person. Can also be prevented.
Further, the access control device 1 can read the latest medical record of the patient from the medical records stored in the hard disks 3a to 3d using the patient identification number as a key when reading the medical chart. Sometimes the patient's identification number is used to automatically determine the file name of the chart to be written to the hard disks 3a to 3d, so that the operability of the doctor in the terminal device 5 is not lowered.
Further, since the doctor who operates the terminal device 5 selects the server device 6A or 6B to be connected in consideration of the operation to be performed in the future (when reading the medical charts stored in the hard disks 3a to 3d, the doctor connects to the server device 6A. In addition, when writing medical records on the hard disks 3a to 3d, the medical device is connected to the server device 6B. However, even if an erroneous operation by a doctor occurs, it is possible to prevent the rewriting and deletion of the medical charts stored in the hard disks 3a to 3d as described above. The medical records stored in the hard disks 3a to 3d can be sufficiently protected. In addition, since the doctor's access to the medical chart usually means reading the medical chart and adding and writing the contents of the medical practice, if the terminal 5 performs an access operation to the medical chart (for example, operation of the medical chart button). It is also possible to program to automatically connect to the server device 6A and enter the read state, and then automatically connect to the server device 6B and enter the write state when the chart button is operated again. is there.
Moreover, since all the charts are stored in the hard disks 3a to 3d as the chart update history for each patient, it is possible to determine whether or not the charts have been tampered with.
In the above embodiment, interface port A is only allowed to read charts, and interface port B is only allowed to write new charts. However, both interface ports A and B can read charts and write new charts. Both may be permitted and requests other than reading and writing (rewriting, deleting, etc.) may be ignored. In this case, when an access request to the hard disk 3 is input to the interface ports A and B, the access control apparatus 1 reads the chart or writes a new chart, It is determined whether it is other than reading or new writing. If the medical chart is read, the process after s62 is performed. If the medical chart is newly written, the process after s72 is performed. Other than the above, it may be configured to be ignored.
In the above embodiment, the medical records are stored in the hard disk 3a to 3d in the text file format, but may be stored in the print image format or in another file format. The invention of the present application can also be applied to network systems other than the above chart system.
In the above embodiment, the entire chart is rewritten at the time of writing the chart. However, the contents added by the doctor this time (the contents of the current treatment by the doctor) may be additionally recorded (appended) in the chart of the corresponding patient. . In this way, it is possible to reduce the storage capacity of the hard disks 3a to 3d necessary for storing the patient's chart.
In the above embodiment, the charts stored in the hard disks 3a to 3d cannot be rewritten or deleted. However, a password may be given to an administrator or the like so that the chart can be deleted. In this way, unnecessary charts stored in the hard disks 3a to 3d can be removed, and the storage capacity of the hard disks 3a to 3d necessary for storing the patient charts can be reduced. In this case, however, it is preferable not to perform rewriting.
As described above, according to the present invention, it is possible to prevent the data stored in the storage device from being altered, destroyed, or deleted due to an erroneous operation, intentional operation, or unauthorized access by the user. Thereby, the security of the data memorize | stored in the memory | storage device can be improved.
Industrial application fields
INDUSTRIAL APPLICABILITY The present invention can be applied to an apparatus for preventing illegal tampering with a medical record in which a patient's medical history or medical practice is recorded, hacking to a server connected to a LAN or the Internet, illegal writing by cracking, or the like. it can.
[Brief description of the drawings]
FIG. 1 is a diagram showing a configuration of a network system to which an access control apparatus according to an embodiment of the present invention is applied.
FIG. 2 is a diagram showing the configuration of the access control apparatus according to the embodiment of the present invention.
FIG. 3 is a flowchart showing the operation of the access control apparatus according to the embodiment of the present invention.
FIG. 4 is a flowchart showing shared data read processing in the access control apparatus according to the embodiment of the present invention.
FIG. 5 is a flowchart showing shared data rewriting processing in the access control apparatus according to the embodiment of the present invention.
FIG. 6 is a flowchart showing shared data write processing in the access control apparatus according to the embodiment of the present invention.
FIG. 7 is a flowchart showing shared data deletion processing in the access control apparatus according to the embodiment of the present invention.
FIG. 8 is a diagram showing an example in which the access control apparatus according to the embodiment of the present invention is applied to the Internet.
FIG. 9 is a flowchart showing shared data read processing in the access control apparatus according to another embodiment of the present invention.
FIG. 10 is a diagram illustrating a method of setting the type of access permitted for each interface port A to D and for each access port a to d.
FIG. 11 is a diagram showing a network system to which an access control apparatus according to still another embodiment of the present invention is applied.
FIG. 12 is a diagram showing a configuration of an access control apparatus according to still another embodiment of the present invention.
FIG. 13 is a view showing a file name of a medical record.
FIG. 14 is a flowchart showing the operation of the access control apparatus according to still another embodiment of the present invention.
FIG. 15 is a flowchart showing the operation of the access control apparatus according to still another embodiment of the present invention.

[0003]
There are many network systems that are operated in the permitted environment. In network systems that are operated in such an environment, the shared data can be rewritten unnecessarily by a user's mistaken operation, or the shared data can be altered by a malicious person. Shared data was not well protected.
An object of the present invention is to prevent the data stored in the storage device from being tampered with or destroyed due to an erroneous operation or intention of the user, and to improve the security of the data, and the data It is to provide a management device.
DISCLOSURE OF THE INVENTION The access control device of the present invention comprises:
Multiple interface ports to which external devices are connected;
An access port to which a storage device for storing data is connected;
For each interface port, the type of access permitted to the storage device is set, and when an access request to the storage device is input to any interface port, the interface port is permitted. A control unit that determines whether or not an input access request can be executed based on the type of access, and
The plurality of interface ports include at least one interface port set to read, newly write, rewrite, and delete the types of access permitted to the storage device, and the storage At least one interface port is set so that the type of access permitted to the device is only data reading or only reading and new writing.
In this configuration, the type of access permitted to the storage device connected to the access port is set in the control unit for each interface port to which the external device is connected. External equipment here refers to the storage device.

[0004]
It is a personal terminal operated by a user who uses stored data (shared data) or a management device operated by an administrator who manages shared data stored in a storage device.
The type of access is, for example,
(1) Reading shared data stored in the storage device,
(2) Rewriting shared data stored in the storage device
(3) Write shared data to the storage device,
(4) Deletion of shared data stored in the storage device
It is. The control unit performs setting for permitting one or a plurality of (1) to (4) above for each interface port. At this time, there are included at least one interface port that is set to permit all of the above (1) to (4) and only the above (1), or set to permit the above (1) and (3).
In addition, when the access request for the storage device is input to any interface port, the control unit executes the access request input based on the type of access permitted to the interface port. Judgment is made.
For example, in the interface port where the type of access permitted is only the above (1), if the input access request is the above (1), it is determined that the access request can be executed. On the other hand, if the access request input at the interface port is (2) to (4), it is determined that the input request cannot be executed. For this reason, if a user who only allows downloading of shared data stored in the storage device is set to permit only reading of shared data to the interface port connected to the user, the user connected to the interface port It is possible to prevent the erroneous operation of the data and the intentional alteration or destruction of the shared data stored in the storage device.
Also, set the type of access allowed for each interface port.

[0005]
The security can be further improved by configuring the setting so that it can be set by an operation on the apparatus main body and cannot be set by a remote operation from an external device.
In addition, with respect to the interface port set to permit all of the above (1) to (4), by managing a device (external device) operated by the administrator who manages the shared data, the administrator can manage the shared data. There will be no trouble. If the above (1) and (3) are permitted for the interface port, the user connected to the interface port can not only read the shared data but also add the shared data. If this setting is used, the shared data can be shown to the user, an impression of the shared data can be obtained from the user, and this can be used as a new shared data, and the system is connected to the interface port of the setting. Since the user cannot rewrite or delete the shared data, the security for the shared data can be sufficiently secured.
Furthermore, each interface port can be set to permit one or more of the above (1) to (4), so that it can be set according to the nature of the user connected to the interface port, and can be used for various purposes. However, the security of shared data can be sufficiently secured.
The invention also provides
An interface port to which an external device is connected;
A plurality of access ports to which storage devices for storing data are connected;
For each access port, the type of access permitted for the connected storage device is set, and a request for access to the storage device connected to one of the access ports is input to the interface port A controller that determines whether or not an input access request can be executed based on a type of access permitted to the access port to which the storage device to which access is requested is connected. ing.

[0006]
In this configuration, the control unit sets the type of access permitted for the storage device connected to each access port ((1) to (4) described above). In addition, when there is a request for access to a storage device connected to any access port at the interface port, the control unit is input based on the type of access permitted for the access port. It is determined whether or not the access request can be executed.
For example, if the access request input to the storage device connected to the access port whose only permitted access type is (1) is the above (1), this access request It is determined that execution is possible. On the other hand, if the access request input to the storage device connected to the access port is (2) to (4), it is determined that the input request cannot be executed.
In this way, since the type of access permitted for the storage device connected to each access port can be set, the nature of the shared data stored in the storage device, for example, the shared data can be shown to the user. In the case of a system that obtains an impression on the shared data from the user, a type that permits access depending on a storage device that stores the shared data to be presented to the user, a storage device that stores the obtained user's impression Can be set.
For the access port to which the storage device for storing the shared data to be presented to the user is connected, only reading of the shared data needs to be permitted, and the access to which the storage device for storing the obtained user's impression is connected. For the port, only writing of shared data is permitted.
The invention also provides
An interface port to which an external device is connected;
An access port to which the storage device is connected;
The type of access permitted to the storage device connected to the access port is set to data read and new write, and an access request to the storage device input to the interface port is a data read or A control unit that executes an input access request if it is a new write, and ignores the input access request if it is a request other than data read or new write.
In this configuration, a storage device that stores data, such as a hard disk, is connected to the access port, and an external device that uses data stored in the storage device is connected to the interface port. The control unit

Claims (11)

Multiple interface ports to which external devices are connected;
An access port to which a storage device for storing data is connected;
For each interface port, the type of access permitted to the storage device is set, and when an access request to the storage device is input to any interface port, the interface port is permitted. An access control apparatus comprising: a control unit that determines whether or not an input access request can be executed based on an access type. A plurality of the above access ports
The access control device according to claim 1, wherein the control unit divides and stores data in a plurality of storage devices connected to different access ports. A plurality of the above access ports
The access control device according to claim 1, wherein the control unit stores the same data in a plurality of storage devices connected to different access ports. An access control device according to claim 1;
And a storage device connected to the access port. An interface port to which an external device is connected;
A plurality of access ports to which storage devices for storing data are connected;
For each access port, the type of access permitted for the connected storage device is set, and a request for access to the storage device connected to one of the access ports is input to the interface port A controller that determines whether or not an input access request can be executed based on a type of access permitted to the access port to which the storage device to which access is requested is connected. Access control device. Multiple interface ports to which external devices are connected;
A plurality of access ports to which storage devices for storing data are connected;
For each interface port, the type of access permitted for each storage device is set, and when a request for access to the storage device is input to any of the interface ports, the interface port can access the access port. And a control unit that determines whether or not an input access request can be executed based on the type of access permitted. An interface port to which an external device is connected;
An access port to which the storage device is connected;
The type of access permitted to the storage device connected to the access port is set to data read and new write, and an access request to the storage device input to the interface port is a data read or A control unit that executes an input access request if it is a new write, and ignores the input access request if it is a request other than reading or writing a data file Control device. Multiple interface ports to which external devices are connected;
An access port to which the storage device is connected;
For each interface port, the type of access permitted to the storage device connected to the access port is set to one of data reading or new writing, and the data is input to the interface port permitted to read data. If the access request to the storage device is a data read, the input access request is executed. If the access request is other than the data read, the input access request is ignored and a new data write is performed. If the request for access to the storage device input to the interface port that is permitted to write is a new write of data, the input access request is executed. And a control unit that ignores the requested access. The control unit, for newly written data in the storage device, a file name including a feature code indicating the feature of the data and a number code indicating the number of the same data at the time of the feature code. The access control apparatus according to claim 1, which is given. An access control device according to claim 1;
A storage device connected to the access port of the access control device. A plurality of interface ports to which a chart data reading request from a terminal device operated by a doctor or a new writing request is input;
An access port to which a storage device storing medical chart data is connected;
For each interface port, the type of access permitted to the storage device connected to the access port is set to one of data reading or new writing, and the data is input to the interface port permitted to read data. If the access request to the storage device is a data read, the input access request is executed. If the access request is other than the data read, the input access request is ignored and a new data write is performed. If the request for access to the storage device input to the interface port that is permitted to write is a new write of data, the input access request is executed. And a control unit that ignores the requested access.

Images