WO2003083678A1 - Appareil de controle d'acces et appareil de gestion de donnees - Google Patents

Appareil de controle d'acces et appareil de gestion de donnees Download PDF

Info

Publication number
WO2003083678A1
WO2003083678A1 PCT/JP2003/003701 JP0303701W WO03083678A1 WO 2003083678 A1 WO2003083678 A1 WO 2003083678A1 JP 0303701 W JP0303701 W JP 0303701W WO 03083678 A1 WO03083678 A1 WO 03083678A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
request
data
storage device
shared data
Prior art date
Application number
PCT/JP2003/003701
Other languages
English (en)
Japanese (ja)
Inventor
Yoshihisa Hirano
Akira Hirabayashi
Masaru Takeuchi
Masaaki Yasuda
Original Assignee
I-O Data Device, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by I-O Data Device, Inc. filed Critical I-O Data Device, Inc.
Priority to AU2003236132A priority Critical patent/AU2003236132A1/en
Priority to JP2003581033A priority patent/JPWO2003083678A1/ja
Publication of WO2003083678A1 publication Critical patent/WO2003083678A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • G06F3/0635Configuration or reconfiguration of storage systems by changing the path, e.g. traffic rerouting, path reconfiguration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0674Disk device
    • G06F3/0676Magnetic disk device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0658Controller construction arrangements

Definitions

  • the present invention relates to an access control device for controlling an access from an external device such as reading, rewriting, writing, and deleting data to a storage device such as a hard disk that stores data shared by a plurality of users. And data management equipment.
  • shared data is stored in a server device or a server device in which shared data is stored so that a plurality of users can use data stored in a storage device such as a hard disk (hereinafter, referred to as shared data).
  • a management device for the administrator who manages the shared data and a personal terminal for the user who uses the shared data were connected to the network.
  • many network systems rewrite, write, and write the shared data to the user. Deletion is prohibited, and only reading (downloading) of shared data is permitted.
  • the user does not need to rewrite, write, and delete the shared data, as long as the shared data can be downloaded from the server device and used.
  • writing refers to an update of a change in shared data stored in the server device, and the term “writing” refers to adding new shared data to the server device.
  • a network system operated in an environment in which new shared data is created or the shared data stored in the storage device changes due to the use.
  • a chart system that stores the patient's chart in a storage device.
  • the medical chart system is a system that enables doctors (users of the medical chart system) to perform appropriate medical practices on patients.
  • the doctor reads the patient's medical record from the storage device, checks the medical history of the patient so far, and determines the contents of the current medical practice for the patient. After completing the current medical practice for the patient, the physician must replace the patient's medical record stored in the storage device with a medical record in which the contents of the current medical practice have been added.
  • the medical chart system is configured with a network system that does not allow doctors to rewrite medical records (shared data)
  • the contents of medical actions performed by doctors on patients cannot be registered in the patient's medical records.
  • the medical practice cannot be performed properly, for example, the same medical practice is performed repeatedly on the patient, and the possibility of a medical accident increases.
  • the chart system consisted of a network system that allowed doctors to rewrite the patient's chart, which is shared data.
  • the user can rewrite the shared data stored in the storage device.
  • An object of the present invention is to provide an access control device that improves the security of the data by preventing data stored in the storage device from being tampered with or destroyed by a user's erroneous operation or intentional purpose, and a data control device. To provide a management device. Disclosure of the invention
  • the access control device of the present invention includes:
  • a plurality of interface ports to which external devices are connected A plurality of interface ports to which external devices are connected
  • An access port to which a storage device for storing data is connected, and an access type permitted for the storage device are set for each of the interface ports.
  • a control unit that, when input to the port, determines whether or not the input access request can be executed based on the type of access permitted to the interface port.
  • the type of access permitted to the storage device connected to the access port is set in the control unit for each interface port to which an external device is connected.
  • the external device referred to here is a personal terminal operated by a user who uses data (shared data) stored in a storage device, or a pipe operated by an administrator who manages shared data stored in the storage device. It is a physical device.
  • the type of access is, for example,
  • the control unit is one of the above 1 ⁇ 1 for each interface port
  • control unit may determine whether the access request is input based on the type of access permitted to the interface port. It is determined whether the request can be executed.
  • the setting of the type of access allowed for each interface port is configured so that it can be set by operating the device itself, and cannot be set by remote control from external devices.
  • the security can be further improved.
  • each interface port can be set to allow one or more of the above (1) to (4), settings can be made according to the nature of the user connected to the interface port, and shared while supporting various uses. Data security can be sufficiently secured.
  • the invention also provides:
  • a plurality of access ports to which a storage device for storing data is connected, and the type of access permitted to the connected storage device are set for each of the access ports, and any one of the access ports is set.
  • control unit sets the type of access (1 to 1 described above) permitted for the storage device connected to each access port. Further, when there is a request for access to a storage device connected to any one of the access ports at the interface port, the control unit, based on the type of access permitted to the access port, Then, it is determined whether or not the input access request can be executed.
  • the type of access allowed to the connected storage device can be set for each access port, so that the user can display the properties of the shared data stored in the storage device, for example, the shared data to the user. Therefore, if the system obtains the impression of the shared data from the user, the storage device for storing the shared data to be presented to the user, the storage device for storing the obtained impression of the user, etc. Allowed types can be set.
  • the access port to which the storage device that stores the shared data to be presented to the user is connected only needs to permit reading of the shared data, and the storage device that stores the obtained user's impression is connected. Only the writing of the shared data need be permitted for the access port to be used.
  • the invention also provides:
  • An access port to which a storage device is connected is connected
  • the type of access permitted to the storage device connected to the access port is set to data reading and new writing, and the request for access to the storage device input to the interface port is a data request.
  • a storage device that stores data for example, a hard disk
  • an external device that uses data stored in the storage device is connected to the interface port.
  • the control unit If there is a request to read data or write new data from an external device connected to the interface port, the request is executed, but other than reading the above data or writing new data from an external device connected to the interface port For example, if there is a request to rewrite (overwrite) or delete data, this request is ignored.
  • FIG. 1 is a diagram showing a configuration of a network system to which an access control device according to an embodiment of the present invention is applied.
  • FIG. 2 is a diagram showing a configuration of the access control device according to the embodiment of the present invention.
  • FIG. 3 is a flowchart showing the operation of the access control device according to the embodiment of the present invention.
  • FIG. 4 is a flowchart showing a read process of shared data in the access control device according to the embodiment of the present invention.
  • FIG. 5 is a flowchart showing a rewriting process for shared data in the access control device according to the embodiment of the present invention.
  • FIG. 6 is a flowchart showing a write process of the shared data in the access control device according to the embodiment of the present invention.
  • FIG. 7 is a flowchart showing a shared data deletion process in the access control apparatus according to the embodiment of the present invention.
  • FIG. 8 is a diagram showing an example in which the access control apparatus according to the embodiment of the present invention is applied to an Internet.
  • FIG. 9 is a flowchart showing a process of reading shared data in an access control device according to another embodiment of the present invention.
  • FIG. 10 is a diagram for explaining a method of setting the type of access permitted for each of the interface ports A to D and for each of the access ports a to d.
  • FIG. 11 is a diagram showing a network system to which an access control device according to still another embodiment of the present invention is applied.
  • FIG. 12 is a diagram showing a configuration of an access control device according to still another embodiment of the present invention.
  • Figure 13 shows the chart file name.
  • FIG. 14 is a flowchart showing the operation of the access control device according to still another embodiment of the present invention.
  • FIG. 15 is a flowchart showing the operation of the access control device according to still another embodiment of the present invention.
  • FIG. 1 is a diagram showing a network system to which an access control device according to an embodiment of the present invention is applied.
  • reference numeral 1 denotes an access control device according to an embodiment of the present invention.
  • the access control device 1 includes a plurality of (four in this embodiment) interface ports A to D to which external devices 2 (2A to 2D) are connected, and a hard disk 3 (3a to 3d) (this A plurality (four in this embodiment) of access ports to which the storage device of the invention is connected To d.
  • the external device 2 is a personal terminal of a user who uses the shared data or a management device for an administrator who manages the shared data stored in the storage device 3.
  • the type of the external device 2 is not particularly limited as long as the device has a data communication function, such as a personal computer or a portable terminal.
  • the access control device 1 and the external device 2 may be configured to be directly connected by a cable, or may be configured to be connected via a network such as a LAN Internet.
  • the access control device 1 and the hard disk 3 constitute a server device.
  • the server device may be configured such that the access control device 1 and the hard disk 3 are integrated.
  • FIG. 2 is a diagram showing a configuration of the access control device according to the embodiment of the present invention.
  • the access control device 1 includes a control unit 11 that controls the operation of the main unit and an interface controller 12 that controls input and output for each of the interface ports A to D to which the external device 2 is connected.
  • a to 12D a FIFO 13 (13A to 13D) that temporarily stores data input and output for each interface port A to D
  • a cache controller that controls the cache memory 14 15 and a FIFO 16 (16a to 16d) that temporarily stores data input and output for each access port a to d to which the hard disk 3 is connected, and a connection to each access port a to d
  • a device controller 17 for controlling the hard disk 3 (3 a to 3 d).
  • the interface controller 12 controls connection with other devices (external devices) through an interface such as SCS I or I DE.
  • the device controller 17 controls data reading and writing to and from the hard disk 3 connected to the access ports a to d.
  • the access control device 1 sets the type of access permitted to the hard disk 3 connected to the access ports a to d for each of the interface ports A to D. This setting can be changed only on the operation unit (not shown) provided in the access control device 1. It is configured so that it cannot be changed from the external device 2 connected to A to D.
  • Permission is set for one or more of.
  • each interface controller 12 determines whether the type of the access is a type permitted by the control unit 11 and is permitted. If the request is determined, the request is accepted, and if it is determined that the request is not permitted, the request is rejected.
  • interface port A is set to permit only reading of shared data
  • interface port B is set to permit reading of shared data and rewriting of shared data
  • interface port C is set to permit reading of shared data. This setting allows reading and writing of shared data.
  • interface port D is a setting that allows reading of shared data, rewriting of shared data, writing of shared data, and deletion of shared data. Take an example.
  • a personal terminal (external device 2A) of a user (general user) who only downloads and uses the shared data is connected to interface port A.
  • a user who not only downloads and uses the shared data but also rewrites the shared data as necessary is connected to the interface port B.
  • Users who not only download and use shared data but also write new shared data as needed are connected to interface port C.
  • the administrator of the shared data is connected to interface port D.
  • a system of R AID level 0 Z 1 is constituted by four hard disks connected to the access ports a to d.
  • two hard disks 3a and 3b connected to the access ports a and b function as data storage for storing shared data, and are connected to the access ports c and d.
  • One hard disk 3c, 3d functions as a mirror for the hard disk 3 connected to the access ports a, b, respectively.
  • the shared data divided into blocks of a predetermined size is stored in two hard disks 3 a and 3 b connected to the access ports a and b. Specifically, the odd-numbered blocks are stored on the hard disk 3a, and the even-numbered blocks are stored on the hard disk 3b.
  • the hard disk 3c for mirroring stores odd-numbered blocks, and the hard disk 3d stores even-numbered blocks.
  • the hard disk 3c functions as a backup for the hard disk 3a
  • the hard disk 3d functions as a backup for the hard disk 3b.
  • the device controller 17 When rewriting or writing shared data, the device controller 17 divides the shared data to be rewritten or the shared data to be written into blocks of a predetermined size, and hard drives connected to the access ports a and b. Write to 3a, 3b. At this time, the shared data divided into blocks of a predetermined size is also written to the hard disks 3c and 3d connected to the access ports c and d. The shared data written to the hard disks 3a and 3c are the same block, and the shared data written to the hard disks 3b and 3d are the same block. When deleting the shared data, the device controller 17 stores the corresponding shared data in the hard disks 3 a to 3 d connected to the access ports a to d. Set the reserved area as a free area.
  • the device controller 17 when reading the shared data, the device controller 17 reads the odd-numbered data divided into blocks of a predetermined size from the hard disk 3 a connected to the access port a, and performs the access. Read the even-numbered data divided into blocks of a predetermined size from the hard disk 3 b connected to port b, and create a shared data by arranging them in order (for blocks of a predetermined size). Combine the divided shared data.)
  • FIG. 3 is a flowchart showing the operation of the access control device.
  • Each of the interface controllers 12A to 12D waits for an access request to the hard disk 3 connected to the access ports a to d to be input to the interface ports A to D, respectively. Yes (si). Access requests input to interface ports A to D are read, rewrite, write, or delete shared data.
  • the interface controller 12 When a request for access to the hard disk 3 is input to the connected interface port, the interface controller 12 is of a type permitted for the interface port to which the request for access is connected. Judge whether or not (s2). When the interface controller 12 determines that the type of the access request is permitted in s2, the interface controller 12 executes a process based on the request (S3). Conversely, if it is determined in s2 that the type is not permitted, an error command is transmitted to the external device 2 that has transmitted the access request (s4).
  • the access control device 1 When completing the process of s3 or s4, the access control device 1 returns to s i and repeats the above process.
  • the type of access to be permitted is set for each interface port, and when an access request of an unauthorized type is input, Reject the request . Therefore, settings can be made according to the properties of the external device 2 connected to the interface port. For example, if the interface port for connecting the external device 2 of the user who only downloads and uses the shared data stored on the hard disk 3 is set to allow only reading of the shared data, It is possible to prevent the shared data from being falsified or destroyed due to erroneous operation or intention of the user. As a result, the security of the shared data can be improved.
  • interface port C that permits reading and writing of shared data
  • the shared data is presented to the user, and an impression of the presented shared data is obtained from the user. It is possible to correspond to a system such as However, as for the external device 2 connected to this interface port C, the request for access to the rewriting or deletion of the shared data is rejected, so the shared data is falsified by the user's erroneous operation or intentional operation. Or be destroyed.
  • an interface port that permits reading, rewriting, writing, and deleting shared data such as an in-house display D
  • the security of the shared data can be further improved by performing authentication using a password when rewriting or deleting the shared data. Conversely, if the authentication using the password is eliminated, the workability when rewriting or deleting shared data can be improved.
  • FIG. 4 is a flowchart showing the shared data read process It is.
  • the interface controller 12 to which the access request has been input transfers a shared data read request to the cache controller 15 (s 11).
  • This read request includes data for specifying the shared data to be read.
  • the cache controller 15 determines whether or not the shared data (the corresponding shared data) requested by the transferred read request is stored in the cache memory 14 (s12). When the cache controller 15 determines that the shared data corresponding to the cache memory is stored in si 2, the interface controller 12 A to 12 D that transmitted the read request transmits the read request. , The completion of reading of the shared data is notified (si5). Conversely, if it is determined in s12 that the data is not stored in the cache memory, the device controller 17 is instructed to read the corresponding shared data (s13).
  • the device controller 17 instructed to read the shared data reads the corresponding shared data from the hard disks 3 a and 3 b connected to the access ports a and b, and writes the same to the cache memory 14.
  • the shared data is divided into blocks of a predetermined size, the odd-numbered data is stored in the hard disk 3 a connected to the access port a, and the hard disk 3 a is connected to the access port b.
  • Even-numbered data is stored in the hard disk 3 b
  • Shared data read from the hard disks 3 a and 3 b is temporarily stored in the FIFOs 16 a and 16 b. retrieves the stored shared data from the FIFOs 16a and 16b alternately and writes them to the cache memory 14 in the order in which they were retrieved.
  • the shared data that has been divided into blocks of a predetermined size and stored in 3b is integrated (creating an appropriate shared data.)
  • the shared data is simultaneously transferred from the hard disks 3a and 3b. Since the evening is read, the time required to read the shared data stored on the hard disk 3 is about half as compared with the case where the shared data is stored on a single hard disk without being divided.
  • the device controller 17 When completing reading of the corresponding shared data, the device controller 17 notifies the cache controller 15 of the completion (s15).
  • the cache controller 15 When the cache controller 15 is notified of the completion of reading the corresponding shared data from the device controller 17, the cache controller 15 transfers the read completion to the interface controller 12 which has transmitted the read request for the shared data this time. Yes (s16) Also, the cache controller 15 transfers the corresponding shared data stored in the cache memory 14 to the interface controller 12 (s17). The cache controller 15 sequentially reads out the corresponding shared data stored in the cache memory 14 in si 7 and records the same in FIFO 13. '
  • FIG. 5 is a flowchart showing a process of rewriting shared data.
  • the interface controller 12 transfers the shared data rewrite request to the cache controller 15 (s21). This rewrite request includes data for specifying the shared data to be rewritten.
  • the interface controller 12 transmits the shared data rewrite request from the external device 2 together with the request.
  • the cache controller 15 secures an empty area in the cache memory 14 (s23), reads out the shared data to be rewritten from the FI FO 13, and It is stored in the free area secured here (s24).
  • the cache controller 15 instructs the device controller 17 to rewrite the shared data (s25).
  • the controller 17 instructs the four hard disks 3a to 3d connected to the access ports a to d to rewrite the shared data (s26).
  • the device controller 17 reads out the corresponding ⁇ present data (shared data to be rewritten) stored in the cache memory 14 and writes the shared data divided into predetermined blocks into the FIFOs 16a and 16b. Go by.
  • the device controller 17 writes the same data as the data written to the FIFO 16a to the FIFO 16c, and also writes the same data as the data written to the FIFO 16b to the FIFO 16b. Writing to 6 d.
  • the hard disks 3a to 3d take in the shared data stored in the FIFO 16a to 6d, respectively, and rewrite the corresponding shared data (s27)
  • FIG. 6 is a flowchart showing the writing process of the shared data.
  • the interface controller 12 to which the access request has been input transfers the write request of the shared data to the cache controller 15 (s31). This write request includes shared data to be written to the hard disk 3.
  • the interface controller 12 sends an external ⁇ ⁇
  • the shared data written to the hard disk 3 sent from the external device 2 is written to FIF F13 (s32).
  • the cache controller 15 secures an empty area in the cache memory 14 (s33), reads out the shared data to be written from the FIFO 13 and stores it in the empty area secured here (S34).
  • the cache controller 15 instructs the device controller 17 to write the shared data (s 35).
  • the instructed device controller 17 instructs the four hard disks 3a to 3d connected to the access ports a to d to write shared data (s36).
  • the device controller 17 reads out the corresponding shared data (shared data to be written) stored in the cache memory 14 and divides the data into blocks of a predetermined size, thereby obtaining the odd-numbered blocks.
  • the device controller 17 writes the same data as the data written to the FIFO 16a to the FIFO 16c, and also writes the same data to the FIFO 16b as the data written to the FIFO 16b.
  • the hard disks 3a to 3d that are writing to the fetch the shared data stored in the FIFOs 16a to 16d, respectively, and write the shared data corresponding to the empty area (s37).
  • the time required to write this shared data is about half that of storing the shared data on a single hard disk without dividing it.
  • FIG. 7 is a flowchart showing the shared data deletion process.
  • the interface controller 12 to which the access request is input is A request to delete the shared data is transferred to the roller 15 (s41).
  • This deletion request includes data for specifying the shared data to be deleted.
  • the cache controller 15 transfers the deletion request transmitted from the interface controller 12 to the device controller 17 ( s 4 2).
  • the device controller 17 instructs the hard disks 3a to 3d to delete the shared data specified by the deletion request (S43).
  • the hard disks 3a to 3d delete the specified shared data by making the storage area storing the shared data specified to be deleted this time free.
  • the area set as the free area here (the area storing the deleted shared data) is used as the area for writing the shared data in the writing process.
  • the four hard disks 3 a to 3 d connected to the access ports a to d constitute the RAID level 0-1, it is possible to read, rewrite, and write shared data at high speed. Also, even if any one of the hard disks 3a to 3d fails, the shared data stored on the failed hard disk is stored on another hard disk, so that the shared data is not lost. .
  • the four hard disks 3 a to 3 d connected to the access ports a to d constitute the RAID level 0-1.However, the present invention is not limited to this, and the RAID level is different. Or RAID may not be configured.
  • FIG. 8 is a diagram showing a configuration of a system according to this embodiment.
  • Share via Internet 2 1 The personal terminal 2 A (external device 2 A) of the user who downloads the data is connected to the interface port A of the data management devices 1 and 3 that are permitted to read out the shared data only through the web server 23. ing.
  • a management server device 24 of an administrator connected to the intranet 22 is connected to the interface port D permitted to read, rewrite, write, and delete the shared data.
  • the management device 2D (external device 2D) operated by the administrator of the shared data is connected to the intranet 22 and accesses the data management devices 1 and 3 via the management server device 24.
  • the user accesses the data management devices 1 and 3 via the internet 21 and the web server 23 and requests downloading (reading) of shared data.
  • the request for access to the data management devices 1 and 3 output from the personal terminal 2 A operated by the user is input to the interface port A, so that the user downloads the shared data as described above. Can be used.
  • rewriting, writing, and deleting of shared data are rejected even if the user requests the data management devices 1 and 3. Therefore, it is possible to prevent the shared data from being falsified or broken due to erroneous operation or intentional operation of a user connected via the Internet 21.
  • the management device 2D for the administrator who manages the shared data includes an interface D (shared data) provided in the data management devices 1 and 3 via the intranet 22 and the management server device 24.
  • Interface port that is allowed to read, rewrite, write, and delete. Therefore, the administrator can read, rewrite, write, and delete the shared data managed by the data management devices 1 and 3. Therefore, the administrator can manage the shared data smoothly.
  • the administrator only needs to be able to read, rewrite, write, and delete shared data in any of the management devices 2D connected to the intranet 22.
  • the interface port to which the personal terminal 2 A operated by the user is connected (the interface port to which the web server 23 is connected) is allowed to read and write shared data, From the user who downloaded the shared data, the impression of the downloaded shared data can be obtained as new shared data.
  • various systems such as a system in which a plurality of users connected to the data management device 13 via the Internet 21 Web server 23 interact with each other, and a system for conducting a questionnaire to users. it can.
  • the personal terminal 2 of the user connected via the Internet 21 is not permitted to rewrite or delete the shared data. Can be prevented from being tampered with or destroyed. '
  • the access control device 1 has a configuration in which the type of access to be permitted is set for each interface port to which the external device 2 is connected. In addition, the security of the shared data can be sufficiently ensured.
  • the type of access permitted to the hard disk 3a 3d is set for each interface port AD, but in this embodiment, the hard disk 3a connected to each access port ad is set. This is an embodiment in which the type of access permitted for 3d is set.
  • the setting shall be such that reading, rewriting, writing, and deletion of shared data are rejected.
  • the hard disk 3c connected to the access port c is for backup of the hard disk 3a connected to the access port a.
  • FIG. 9 is a flowchart showing the operation of the access control device of this embodiment.
  • Each of the interface controllers 12A to 12D waits for a request for access to the hard disk 3 connected to the access ports a to d to be input to the interface ports A to D (s51). .
  • the access request input to the interface ports A to D is to read, rewrite, write, or delete shared data.
  • the interface controller 12 determines whether the access request input to the connected interface port is reading, rewriting, writing, or deleting shared data (s52 to s 5 4). If it is determined that the data is to be read, the process of reading the shared data is executed for the hard disk 3a connected to the access port a (s55). If it is determined that rewriting is performed, rewriting processing of the shared data is executed for the hard disk 3b connected to the access port b (s56). Further, if it is determined that the data is to be written, the shared data is written to the hard disk 3c connected to the access port c (s57). On the other hand, if it is determined that the access is to be deleted (when it is determined that the access is not any of read, rewrite, and write), an error command is transmitted to the external device 2 that has transmitted the access request (s5). 8).
  • the hard disk on which the shared data is rewritten or written is specified, so that the user is erroneously operated or intentionally falsified or destroyed. Even if the operation is performed, there is no problem because the shared data remains on the hard disk 3a. Even if the hard disk 3a fails, the shared data is backed up on the hard disk 3d, so that the shared data is not lost.
  • the configuration may be such that the type of access permitted to each hard disk 3 (hard disk 3 connected to each access port a to d) can be set for each of the interface ports A to D.
  • the type of access permitted to each hard disk 3 is set for each of the interface ports A to D using a table (see FIG. 10). This allows, for example,
  • Access ports b, c, d Disable all access to connected hard disks 3 b, 3 c, 3 d.
  • each access port a For each of the interface ports A to D, each access port a
  • the type of access allowed to the hard disk 3 connected to ⁇ d can be set. Thereby, the setting according to the property of the external device 2 connected to each of the interface ports A to D and the property of the hard disk 3 connected to each of the access ports a to d can be performed. Thereby, it is possible to cope with various systems, and it is possible to sufficiently secure the security of the shared data stored in the hard disk 3.
  • FIG. 11 shows an access control device according to still another embodiment of the present invention.
  • FIG. 2 is a diagram illustrating a network system to which the present invention is applied.
  • an access control device 1 includes a plurality of (two in this embodiment) interface ports A and B to which server devices 6 (6A and 6B) are connected, and a hard disk 3 (3a to 3d) ( It has a plurality (four in this embodiment) of access ports a to d to which a storage device according to the present invention is connected.
  • the hard disk 3 stores a chart of each patient.
  • the access control device 1 and the hard disks 3a to 3d are integrally configured.
  • interface port A For interface port A, only reading of data (patient's chart) from hard disk 3 connected to access ports a to d is permitted, and new writing, rewriting (overwriting), and deletion of data to hard disk 3 are allowed. Is not allowed.
  • the interface port B is a port that is only allowed to newly write data (patient's chart) to the hard disk 3 connected to the access points a to d. Reading, rewriting, or deleting is not allowed.
  • the server device 6A connected to the interface port A is a server device that controls reading of data stored in the hard disk 3 connected to the access ports a to d.
  • the server device 6B connected to the interface port B is a server device that controls new writing of data to the hard disks 3a to 3d connected to the access ports a to d. is there.
  • 4 shown in FIG. 11 is a network such as a LAN
  • 5 is a terminal device such as a personal computer connected to the network 4.
  • the terminal device 5 is an external device operated by a user who reads out and uses the chart stored in the hard disk 3.
  • the terminal device 5 cannot be connected to both the server device 6A and the server device 6B at the same time, but can be selectively connected to either one of them.
  • the user who operates the terminal device 5 is a hard disk Connect to the server 6A when reading the chart stored in the disk 3 and connect to the server 6B when writing the chart on the hard disk 3.
  • the terminal device 5 is connected to the interface port of the access control device 1 via the server devices 6A and 6B.
  • the terminal device 5 is connected directly to the access control device 1 without passing through the server devices 6A and 6B. It may be configured to be connected to interface A and B.
  • FIG. 12 is a diagram showing a configuration of an access control device according to an embodiment of the present invention.
  • the access control device 1 includes a control unit 11 that controls the operation of the main unit, and an interface controller 12 (12A, 12B) that controls input and output for each of interface ports A and B to which the server devices 6A and 6B are connected. ), A FIFO 13 (13A, 13B) that temporarily stores data input and output for each interface port A and B, and a cache controller 15 that controls the cache memory 14. And FIF 016 (16 a to 16 d) for temporarily storing data input and output for each access port a to d to which the hard disk 3 is connected, and connected to each access port a to d And a device controller 17 for controlling the hard disk 3 (3a to 3d).
  • the interface controller 12 controls connection with the server devices 6A and 6B by an interface such as an SCS I or an IDE.
  • the device controller 17 controls reading and writing of data to and from the hard disk 3 connected to the access ports a to d.
  • the hard disk 3 stores a medical record for each patient in a text file format. Each patient has an identification number.
  • the medical record stored on the hard disk 3 is managed by a file name including the identification number of the patient (feature code according to the present invention) and the serial number of the medical record of the patient (quantity code according to the present invention). ing.
  • Hard disk 3 The file name of the medical record stored in
  • the patient identification number and serial number are separated by a “one”. Therefore, by using the identification number of a patient as a key, a medical record of a desired patient stored in the hard disk 3 can be searched. Further, when a plurality of medical records of a desired patient are stored in the hard disk 3, the latest medical record can be searched by the serial number. In this embodiment, the larger the serial number included in the file name, the newer the chart.
  • the doctor operates the terminal device 5 and connects the terminal device 5 to the server device 6A.
  • the doctor sends a chart reading request stored in the hard disk 3 to the server device 6A.
  • the server device 6A transfers the request transmitted from the terminal device 5 to the interface port A of the access control device 1.
  • the server device 6 A transmits the type of this access request (reading a chart, newly writing, rewriting, deleting, etc.). ) Regardless of, the request is transferred to the access control device 1.
  • the interface controller 12A determines whether the request is a chart reading request (s61). If the interface controller 12A determines in s61 that the request is not a chart reading request (if it is a request related to new writing, rewriting, or deletion of the chart), the access controller 12A of this time accesses the hard disk 3 this time. Ignore the request and end this process As described above, if the access request to the hard disk 3 input to the interface port A is a request other than the chart reading request, the access control device 1 ignores the request.
  • the server 6A determines whether the request for access to the hard disk 3 is a chart reading request. When the server 6A determines that the request is other than a chart reading request, the server 6A interprets the request. It may be configured not to transfer to one spot A.
  • the interface controller 12A determines that the request is for reading a medical record in s21, the interface controller 12A sends the request for reading the medical record input to the interface A this time via the cache controller 15.
  • the data is transferred to the device controller 17 (s62).
  • the request for reading the medical chart transferred to the device controller 17 in s22 includes the identification number ⁇ of the patient whose medical chart is to be read.
  • the device controller 17 requests the reading of the medical chart transferred in s62. Searching for the hard disk 3 a to 3 d connected to the access ports a to d using the identification number contained in the key (s 63), and reading out the patient's chart (s 64) .
  • the device controller 17 searches the medical record of the corresponding patient stored in the hard disk 3 using the identification number included in the read request, and further searches for the file name in the medical record searched here. Read out the chart with the highest serial number, ie, the latest chart for the patient identified by the identification number.
  • the medical records read from the hard disks 3 a to 3 d at s 64 are written to the cache memory 14.
  • the device controller 17 notifies the cache controller 15 of the completion (s66).
  • Cache controller 15 When the completion of reading the chart is notified, the completion of reading the chart is transferred to the interface controller 12A (s67). Further, the cache controller 15 transfers the corresponding chart stored in the cache memory 14 to the interface controller 12A (s68). The cache controller 15 sequentially reads out the corresponding medical records stored in the cache memory 14 at s68 and records them in the FIFO 13A.
  • the interface controller 12A to which the completion of reading the chart has been transferred from the cache controller 15 reads the chart stored in the FIFO 13A in order, and reads the chart connected to the interface port A. Output to the device 6A (s69).
  • the server device 6A transmits, via the network 4, the chart transmitted from the access control device 1 to the terminal device 5 which has transmitted the request for reading the chart this time.
  • the user transmits the request for reading the chart stored in the hard disks 3 a to 3 d to the server device 6 A connected via the network 4 on the terminal device 5, thereby including the request in the read request.
  • the latest medical record of the patient identified by the identification number can be obtained. Therefore, the doctor can easily confirm the latest medical record of any patient with the terminal device 5.
  • the doctor adds the contents of the current medical practice to the patient's medical record read out earlier on the terminal device 5.
  • the medical record is a text file
  • the contents of this medical practice can be added to the medical record with simple operations.
  • the doctor creates a medical record with the contents of the current medical practice added he connects the terminal device 5 to the server device 6B and sends a request to write the medical record to the hard disk 3.
  • This writing request includes the chart and patient to which the content of this medical practice was added. ID number is included.
  • the server device 6B transfers the request transmitted from the terminal device 5 to the interface port B of the access control device 1.
  • the server device 6 B transmits the type of the access request (data read, new write, rewrite, delete ) Regardless of, the request is transferred to the access control device 1.
  • the interface controller 12B determines whether the request is a new medical record write request (S71). ). If the interface controller 1 2 B determines in s 71 that the request is not a new medical record write request (if it is a request related to reading, rewriting, or deleting a medical record), it requests access to the hard disk 3 this time. Is ignored and this process ends.
  • the access control device 1 ignores the request for access to the hard disk 3 input to the interface port B if the request is other than a request to newly write a chart.
  • the server 6B determines whether or not the request for access to the hard disk 3 is a chart writing request. When the server 6B determines that the request is other than a new writing request, the request is determined. May not be forwarded to interface port B.
  • the interface controller 12B determines in S31 that the request is a new chart writing request
  • the new chart writing request input to the interface port B is decompiled via the cache controller 15 this time.
  • the data is transferred to the controller 17 (S72).
  • the interface controller 12B sequentially writes the medical record, to which the contents of the current medical action input to the interface port B are added, into the FIFO 13B.
  • Cash co The controller 15 sequentially reads out the medical record written in the FIFO 13 B and writes it in the empty area secured in the cache memory 14.
  • the device controller 17 to which the new medical record write request has been transferred from the cache controller 15 searches the hard disks 3a to 3d using the patient identification number included in the new write request as a key. This time, the file names of the medical records to be stored in the hard disks 3a to 3d are determined (s73). Specifically, the file name including the identification number included in the write request is searched for the medical records stored on the hard disks 3a to 3d, and further included in the file name in the searched medical records. Determine the maximum value of the serial number. The device controller 17 determines the serial number of the file name of the chart to be stored this time to a value obtained by incrementing the maximum value determined here by one.
  • the identification number included in the file name is the identification number of the patient included in the write request.
  • the device controller 17 determines the file name of the medical record to be written to the hard disk 3a to 3 in s73, the device controller 17 writes the medical record in which the contents of this medical practice are added to the free space of the hard disk 3a to 3d (s 7 4). At this time, the device controller 17 sequentially reads out the corresponding charts written in the cache memory 14 and sends them to the access ports a to d to which the hard disks 3 a to 3 d for storing the charts are connected. Write to the connected FIFO16. The hard disk 3 stores the charts sequentially read from FIF ⁇ 16 in the free space of the hard disks 3a to 3d.
  • the terminal device 5 can newly write the patient's medical record on the hard disks 3.a to 3d. That is, the patient's chart is read first, and a new medical action content is added to the chart.
  • the patient's medical record stored on the hard disk 3a to 3d is written. Will not be deleted or overwritten (rewritten) on the patient's medical record that has been stored, so even if a doctor mistakenly operates the terminal device 5, the medical record already stored on the hard disks 3a to 3d will be destroyed.
  • the charts stored on the hard disks 3a to 3d cannot be deleted or rewritten, and the charts stored on the hard disks 3a to 3d are falsified by unauthorized access by malicious parties. Can be prevented from being deleted or deleted.
  • the access control device 1 can read out the latest medical record of the patient from the medical records stored in the hard disks 3a to 3d by using the identification number of the patient as a key when reading the medical record.
  • the file name of the medical record to be written to the hard disks 3a to 3d is automatically determined using the identification number of the patient, so that the operability of the doctor at the terminal device 5 is not reduced.
  • the doctor operating the terminal device 5 selects the server device 6 A or 6 B to be connected while being aware of the operation to be performed, the data is stored in the hard disks 3 a to 3 d.
  • the server device 6A When reading a medical record, it is connected to the server device 6A, and when writing a medical record on the hard disks 3a to 3d, it is connected to the server device 6B.
  • the frequency of erroneous operations by doctors can be reduced. However, even if a doctor makes an erroneous operation, it is possible to prevent the rewriting or deletion of the chart stored in the hard disks 3a to 3d as described above.
  • the medical records stored on the hard disks 3a to 3d can be sufficiently protected.
  • a doctor's access to a medical record usually means reading out the medical record and adding and writing the contents of the medical practice, so if the terminal 5 performs an access operation to the medical record (for example, an operation of a medical charter), It is also possible to program so that it is automatically connected to the server device 6A to be in the read state, and then, when the chart button is operated again, it is automatically connected to the server device 6B and becomes the write state. is there. ⁇
  • the interface port A is only allowed to read the chart, and the interface port B is only allowed to write a new chart.
  • both the interface ports A and B are used to read the chart and to write a new chart. It may be configured to allow both and ignore requests (rewrite, delete, etc.) other than read and write.
  • the access control device 1 determines whether the access request is for reading a chart or for newly writing a chart. It is determined whether it is other than reading and new writing of the medical chart, and if the reading of the medical chart is performed, the above-described processing of s 62 and above is performed. It may be configured so that it is ignored unless it is other than the 'reading of a medical record' and new writing.
  • the medical records are stored in the hard disk 3a to 3d in a text file format.
  • the medical records may be stored in a print image format or in another file format.
  • the present invention can be applied to a network system other than the above chart system.
  • the entire medical chart is rewritten when writing the medical chart.
  • the content added by the doctor (the current medical treatment by the doctor) is additionally recorded (appended) to the patient's medical chart. Is also good. In this way, the storage capacity of the hard disks 3a to 3d required to store the patient's chart can be reduced.
  • the medical records stored in the hard disks 3a to 3d cannot be rewritten or deleted.
  • a password may be given to an administrator or the like to enable the deletion. In this way, unnecessary medical records stored on the hard disks 3a to 3d can be removed, oo
  • the storage capacity of the hard disks 3a to 3d required for storing the patient's chart can be reduced. However, in this case, it is preferable that rewriting cannot be performed.
  • the present invention is applied to a device that prevents illegal tampering with medical records in which a patient's medical history and medical activities are recorded, hacks to servers connected to LAN and the Internet, and illegally writes by cracking. Can be.

Abstract

L'invention concerne un appareil de contrôle d'accès (1) comprenant une pluralité de ports d'interface (A-D) connectés à des périphériques (2) et permettant de déterminer les types d'accès autorisés aux disques durs (3) connectés aux ports d'accès (a-d) associés à leurs ports d'interface respectifs (A-D). Etant donné que les réglages peuvent être réalisés conformément à la nature des périphériques (2) connectés aux ports d'interface respectifs, il est possible d'éviter que les données partagées stockées dans les disques durs (3) ne soient trafiquées ou détruites intentionnellement ou à cause d'une erreur de manipulation de l'utilisateur.
PCT/JP2003/003701 2002-03-29 2003-03-26 Appareil de controle d'acces et appareil de gestion de donnees WO2003083678A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2003236132A AU2003236132A1 (en) 2002-03-29 2003-03-26 Access control apparatus and data management apparatus
JP2003581033A JPWO2003083678A1 (ja) 2002-03-29 2003-03-26 アクセス制御装置、およびデータ管理装置

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2002-96049 2002-03-29
JP2002096049 2002-03-29
JP2002136028 2002-05-10
JP2002-136028 2002-05-10

Publications (1)

Publication Number Publication Date
WO2003083678A1 true WO2003083678A1 (fr) 2003-10-09

Family

ID=28677582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2003/003701 WO2003083678A1 (fr) 2002-03-29 2003-03-26 Appareil de controle d'acces et appareil de gestion de donnees

Country Status (3)

Country Link
JP (1) JPWO2003083678A1 (fr)
AU (1) AU2003236132A1 (fr)
WO (1) WO2003083678A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005228338A (ja) * 2004-02-11 2005-08-25 Fuji Xerox Co Ltd カスタマイズ文書選択のためのシステムおよび方法
JP2006023966A (ja) * 2004-07-08 2006-01-26 Yokogawa Electric Corp 監査証跡の記録方法、および監査証跡の記録装置
US8307002B2 (en) 2004-04-28 2012-11-06 Canon Kabushiki Kaisha Image forming apparatus, data processing method, computer-readable storage medium on which a program is stored, and program
US8566446B2 (en) 2004-01-28 2013-10-22 Hewlett-Packard Development Company, L.P. Write operation control in storage networks

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04333973A (ja) * 1991-05-10 1992-11-20 Hitachi Ltd 電子カルテシステムの入出力制御方法
JPH10105346A (ja) * 1996-10-01 1998-04-24 Hitachi Ltd ディスク記憶システム
JPH10275106A (ja) * 1997-03-31 1998-10-13 Tsushin Hoso Kiko データ更新方法およびデータ更新システム
JP2001034690A (ja) * 1999-07-22 2001-02-09 Sanyo Electric Co Ltd 電子カルテ装置
JP2002032251A (ja) * 2000-07-13 2002-01-31 Hitachi Ltd データ処理システム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04333973A (ja) * 1991-05-10 1992-11-20 Hitachi Ltd 電子カルテシステムの入出力制御方法
JPH10105346A (ja) * 1996-10-01 1998-04-24 Hitachi Ltd ディスク記憶システム
JPH10275106A (ja) * 1997-03-31 1998-10-13 Tsushin Hoso Kiko データ更新方法およびデータ更新システム
JP2001034690A (ja) * 1999-07-22 2001-02-09 Sanyo Electric Co Ltd 電子カルテ装置
JP2002032251A (ja) * 2000-07-13 2002-01-31 Hitachi Ltd データ処理システム

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566446B2 (en) 2004-01-28 2013-10-22 Hewlett-Packard Development Company, L.P. Write operation control in storage networks
JP2005228338A (ja) * 2004-02-11 2005-08-25 Fuji Xerox Co Ltd カスタマイズ文書選択のためのシステムおよび方法
US8307002B2 (en) 2004-04-28 2012-11-06 Canon Kabushiki Kaisha Image forming apparatus, data processing method, computer-readable storage medium on which a program is stored, and program
JP2006023966A (ja) * 2004-07-08 2006-01-26 Yokogawa Electric Corp 監査証跡の記録方法、および監査証跡の記録装置

Also Published As

Publication number Publication date
JPWO2003083678A1 (ja) 2005-08-04
AU2003236132A1 (en) 2003-10-13

Similar Documents

Publication Publication Date Title
US8301909B2 (en) System and method for managing external storage devices
JP6061170B1 (ja) コンピュータプログラム、秘密管理方法及びシステム
US7376711B2 (en) Smart card enabled mobile personal computing environment system
JP4896054B2 (ja) 個人情報管理装置,個人情報管理プログラムおよび個人情報管理システム
JP2008250779A (ja) 暗号機能を備えた記憶制御装置、データ暗号化方法及び記憶システム
JPWO2004025530A1 (ja) 医療情報管理システム
JP2006079592A (ja) 認証システム及びカード並びに認証方法
JP3735300B2 (ja) アクセス制限可能な情報記録再生システム及びそのアクセス制限方法
JP2008009485A (ja) 仮想ストレージ制御装置及び仮想ストレージ制御プログラム
WO2006031030A1 (fr) Procede et appareil permettant de rechercher des objets lies aux droits numeriques, stockes dans un dispositif de stockage portable, a l'aide d'un identificateur d'objets
JP6238540B2 (ja) 携帯情報端末、その制御方法及びプログラム
WO2003083678A1 (fr) Appareil de controle d'acces et appareil de gestion de donnees
US8368923B2 (en) Image forming apparatus and image forming system
JP2002175210A (ja) データの移動、複製方法及び暗号化、復号方法
JP4431691B2 (ja) キャッシュ無効化処理機能を備えた暗号システム
JP4539240B2 (ja) ファイル管理システム、およびファイル管理サーバ
JP2010191531A (ja) ネットワーク接続ストレージ装置及びその設定方法、並びにネットワーク接続ストレージ設定システム
JPH036639A (ja) ファイル管理方法
JP4468755B2 (ja) ログ管理装置、ログ管理方法及びログ管理プログラム
JP7434877B2 (ja) 電子機器、サーバ装置、データ管理システム、引継方法、引継管理方法、データ管理方法、およびプログラム
JP2010257087A (ja) 情報処理装置、通信システムおよびプログラム
JP2000259476A (ja) ファイル管理システム及びサーバ計算機
US20210150035A1 (en) Data filing method and system
JP2015194888A (ja) データ管理方法及びデータ管理システム
JP2006318037A (ja) ライフサイクル管理システム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2003581033

Country of ref document: JP

122 Ep: pct application non-entry in european phase