[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2007081007A1 - Computer system, access limit method, and program - Google Patents

Computer system, access limit method, and program Download PDF

Info

Publication number
WO2007081007A1
WO2007081007A1 PCT/JP2007/050422 JP2007050422W WO2007081007A1 WO 2007081007 A1 WO2007081007 A1 WO 2007081007A1 JP 2007050422 W JP2007050422 W JP 2007050422W WO 2007081007 A1 WO2007081007 A1 WO 2007081007A1
Authority
WO
WIPO (PCT)
Prior art keywords
peripheral device
presence information
access
control means
information
Prior art date
Application number
PCT/JP2007/050422
Other languages
French (fr)
Japanese (ja)
Inventor
Osamu Saisho
Original Assignee
Nec Soft, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Soft, Ltd. filed Critical Nec Soft, Ltd.
Publication of WO2007081007A1 publication Critical patent/WO2007081007A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer

Definitions

  • the present invention relates to a computer system, an access restriction method, and a program.
  • An administrator of an organization such as a company records information on the access restriction in a recording device in the computer system.
  • the user connects the peripheral device to the computer, it is determined whether or not the peripheral device is permitted to be accessed. Thereafter, when the user selects access to the peripheral device, only the permitted peripheral device can be accessed, and access to the peripheral device to be restricted is not permitted.
  • Japanese Patent Application Laid-Open No. 7-104882 discloses an access restriction technique in a computer system.
  • the object of the present invention is that when an access is restricted to a peripheral device, an error log generated by the OS is generated when the user accesses the peripheral device with the access restriction. It is to provide an improved computer system, such a method and program that can be prevented.
  • the present invention is a computer system controlled by an operating system (OS),
  • OS operating system
  • a storage device for storing restriction information related to access restriction of peripheral devices; peripheral device control means for acquiring presence information of the peripheral devices such as peripheral device power; and acquiring presence information of peripheral devices from the peripheral device control means;
  • a computer system comprising communication control means for referring to the restriction information and excluding the presence information of the peripheral device whose access is restricted, and issuing the presence information of the peripheral device to the OS.
  • the present invention is also a method of controlling a computer system using an operating system (OS),
  • OS operating system
  • peripheral device control means to obtain presence information of the peripheral device from the peripheral device force
  • the presence information on the peripheral device is stored in the OS by referring to the database storing the access restriction information on the peripheral device and excluding the presence information on the peripheral device whose access is restricted. And obtaining a method characterized by comprising:
  • the present invention is also a program for assisting an operating system (OS) for controlling a computer system,
  • OS operating system
  • the peripheral device control means Using the peripheral device control means, the peripheral device presence information of the peripheral device is obtained.
  • the presence information on the peripheral device is acquired, the presence information on the peripheral device is stored in the OS by referring to the database storing the access restriction information on the peripheral device and excluding the presence information on the peripheral device whose access is restricted.
  • a program characterized by causing a computer to execute the obtaining step is provided.
  • the presence information of the peripheral device for which access is restricted is not notified to the OS, so the user tries to access the peripheral device for which access is restricted. Since the OS error log associated with accessing such peripheral devices is not output, there is no concern for the user. As a result, users can handle computers without being aware of whether access is restricted. In addition, since the OS does not notify the presence information of the peripheral devices, there is an advantage that the device driver automatic installation processing by o S is not started and processing unnecessary for the user is not executed.
  • FIG. 1 is a block diagram showing a configuration of a computer system of the present invention.
  • a computer system includes a computer 10 having an OSl, a communication control means 2, and a peripheral device control means 3, and a storage device for storing programs and files. It comprises a plurality of peripheral devices 5 and a peripheral device use restriction information database (storage device) 4.
  • the OS1 performs control related to the start and termination of a computer, and access to various programs and peripheral devices.
  • the communication control unit 2 mediates communication related to the peripheral device presence information acquisition request issued from the OS 1 for a part of the communication between the OS 1 and the peripheral device control unit 3.
  • Peripheral device control means 3 is a function that transmits a processing request between the application and the peripheral device in response to a control request from OS1, and a function that returns presence information of the peripheral device to OS 1.
  • the peripheral device 5 is a variety of resources connected to the computer, including peripheral devices subject to usage restrictions, and is a peripheral device connected to the computer main body 10.
  • the peripheral device restriction information database 4 is connected to all computers in the organization by a LAN or the like, and information on access restriction to peripheral devices in each computer is registered by an administrator.
  • the access restriction information to be registered for example, a program, a file, or a peripheral device subject to access restriction and a condition for releasing the access restriction are registered correspondingly.
  • the restriction information database 4 can be managed locally, in addition to management on the LAN.
  • PIN personal identification number
  • the peripheral device control means 3 issues a connection notification for notifying the connection to the communication control means 2.
  • the peripheral device control means 3 issues a connection notification for the peripheral device 5 to the OS 1 immediately after the start.
  • the operation of the computer system of the above embodiment will be described by taking as an example a case where a plurality of peripheral devices are already connected to the computer and the OS 1 is subsequently started.
  • the peripheral device presence information is information that can individually identify peripheral devices connected to the computer, for example, ID numbers of the peripheral devices.
  • the communication control means 2 receives the presence information acquisition request from the OS 1, it issues the acquisition request to the peripheral device control means 3.
  • the peripheral device control unit 3 receives the peripheral device presence information acquisition request from the communication control unit 2, the peripheral device control unit 3 responds to the request and returns a list of the currently connected peripheral device presence information to the communication control unit 2.
  • the communication control means 2 refers to the peripheral device use restriction information database 4 and acquires the use restriction information for each connected peripheral device.
  • the communication control means 2 receives the presence information of the plurality of peripheral devices received. To the OS1 except for the presence information of the peripheral devices for which access is restricted. OS1 controls various applications according to the received peripheral device presence information.
  • OS1 displays a screen that prompts the user to input the PIN information, in addition to the presence information acquisition request described above.
  • the user inputs the user's PIN information from an input device such as a keyboard.
  • the communication control means 2 receives the PIN information, it stores it in a register, searches the peripheral device use restriction information database 4 for the release condition using the PIN information as a key, and restricts the access by the user. Get the ID numbers of peripheral devices that can be released. If there is a peripheral device whose access restriction is released, the communication control means 2 notifies the OS 1 of the presence information of the peripheral device. OS1 controls the application accordingly. If the access restriction is changed based on the PIN information, the computer is restarted to make it effective. The OS 1 then displays a list of accessible peripheral devices on the display device, for example, according to the program used, and waits for the user's selection before accessing the peripheral devices.
  • peripheral device control means 3 issues a connection notification for the connected peripheral device 5, and OS1 responds to the connection notification. Issue a presence information acquisition request.
  • the communication control means 2 refers to the peripheral device use restriction information database 4 to restrict access to the connected peripheral device 5. It is determined whether or not the force is applied. The communication control means 2 does not issue the presence information of the connected peripheral device 5 to the OS 1 if the access is restricted, and directs the presence information of the peripheral device to the OS 1 if there is no access restriction. Issued.
  • the peripheral device control means 3 restricts the access by the administrator, including all peripheral devices.
  • the presence information of the peripheral device is returned.
  • the OS cannot access it.
  • the user will feel uneasy about the handling of the computer.
  • the presence information of the peripheral device subject to access restriction is removed from the OS1 presence information list, the access request by the user itself does not occur in the peripheral device to which access is restricted. No error log is issued. This eliminates user anxiety due to the occurrence of error logs.
  • the peripheral device can be automatically accessed, so the user can handle the computer without being aware of the access restriction and whether or not it is removed.
  • the communication control means can be configured by a program incorporated in the OS or by a program that assists the OS. Further, the program storing the method of the present invention can be configured as a program part incorporated in the OS, or can be configured as an independent program that assists the OS.
  • the present invention has been described based on the preferred embodiment, the computer system, the access restriction method, and the program of the present invention are not limited to the configuration of the above embodiment, and are not limited to the configuration of the above embodiment.
  • the structural force that has been variously modified and changed is also included in the scope of the present invention.
  • the present invention can be suitably applied to restrict access to peripheral devices of a personal computer installed in an office of a company or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

When a peripheral device (5) is connected to a computer (10), peripheral device control means (3) acquires the existence information and reports it to communication control means (2). The communication control means (2) references a peripheral device use limit information database (4) containing information on the use limit of peripheral devices. Only when a peripheral device whose use is allowed is connected, the communication control device (2) returns the existence information on the peripheral device to an operating system (1) of the computer (10). When a peripheral device whose use is not allowed is connected, no existence information on the peripheral device is reported to the OS.

Description

明 細 書  Specification
コンピュータシステム、アクセス制限方法、及び、プログラム  Computer system, access restriction method, and program
技術分野  Technical field
[0001] 本発明は、コンピュータシステム、アクセス制限方法、及び、プログラムに関し、特に TECHNICAL FIELD [0001] The present invention relates to a computer system, an access restriction method, and a program.
、コンピュータシステムに接続された周辺デバイスのアクセス制限 (使用制限)に関す る。 , Concerning access restrictions (use restrictions) for peripheral devices connected to a computer system.
背景技術  Background art
[0002] 企業等の組織にぉ 、て、パーソナルコンピュータの普及が進み、電子化された機 密情報や個人情報の漏洩が大きな問題になっている。特に、大容量の小型電子記 録媒体の普及により、簡単に大量の情報を組織外に持ち出せることがこの問題を大 きくしている。また、コンピュータシステムへのコンピュータウィルスの侵入によるシス テム停止は、企業等にとって大きな脅威となっており、コンピュータウィルスの感染経 路として、小型電子記録媒体を用いるディスク装置力 の感染経路が知られて 、る。  [0002] Personal computers have become increasingly popular in organizations such as corporations, and the leakage of computerized confidential information and personal information has become a major problem. In particular, with the widespread use of large-capacity small electronic recording media, this problem has been exacerbated by the ability to easily bring large amounts of information outside the organization. In addition, system stoppage due to the invasion of computer viruses into computer systems has become a major threat to companies and the like, and the infection path of disk devices using small electronic recording media is known as the infection path of computer viruses. RU
[0003] コンピュータシステムでは、ディスク装置などの周辺デバイスに対するアクセスを個 別に制限し、このアクセス制限によって、ファイルの持ち出しや、持ち込みを制限する 手法が知られている。ファイルの持ち出し制限によって、企業情報や個人情報の漏 洩が防止でき、また、ファイルの持ち込み制限によって、小型電子記録媒体からのコ ンピュータウィルスによる感染が防止される。  [0003] In a computer system, a method is known in which access to a peripheral device such as a disk device is individually restricted, and file take-out and carry-in are restricted by this access restriction. By restricting file export, leakage of corporate information and personal information can be prevented, and by restricting file import, infection by computer viruses from small electronic recording media is prevented.
[0004] 企業などの組織の管理者は、上記アクセス制限に関する情報をコンピュータシステ ム内の記録装置に記録しておく。ユーザが、周辺デバイスをコンピュータへ接続する と、アクセスが許可された周辺デバイスカゝ否かが判別される。その後は、ユーザが周 辺デバイスへのアクセスを選択すると、許可された周辺デバイスだけをアクセス可能と し、制限すべき周辺デバイスに対してはアクセスを許可しないことになる。コンビユー タシステムにおけるアクセス制限の技術に関しては、例えば特開平 7— 104882公報 にその記載がある。  [0004] An administrator of an organization such as a company records information on the access restriction in a recording device in the computer system. When the user connects the peripheral device to the computer, it is determined whether or not the peripheral device is permitted to be accessed. Thereafter, when the user selects access to the peripheral device, only the permitted peripheral device can be accessed, and access to the peripheral device to be restricted is not permitted. For example, Japanese Patent Application Laid-Open No. 7-104882 discloses an access restriction technique in a computer system.
[0005] コンピュータシステムにおける従来のアクセス制限では、ユーザが、使用制限がなさ れた周辺デバイスへのアクセスを選択すると、オペレーティングシステム(OS)によつ てエラーログが出力される。このエラーログの出力は、コンピュータシステムの取扱い についてユーザに大きな不安を与えるため、ユーザは、自身の周辺装置へのァクセ ス制限にっ ヽて常に意識しなければならな 、と 、う問題がある。 [0005] In conventional access restrictions in computer systems, when a user chooses to access a restricted peripheral device, the operating system (OS) Error log is output. Since the output of this error log gives great concern to the user about the handling of the computer system, there is a problem that the user must always be aware of the limitation of access to his / her peripheral devices. .
発明の開示  Disclosure of the invention
[0006] 本発明の目的は、上記従来技術の問題に鑑み、周辺デバイスへのアクセス制限に 際し、アクセス制限がなされた周辺デバイスへユーザがアクセスすることによって OS によるエラーログが発生することを防止することが出来るように改良されたコンビユー タシステム、そのような方法及びプログラムを提供することである。  [0006] In view of the above-described problems of the prior art, the object of the present invention is that when an access is restricted to a peripheral device, an error log generated by the OS is generated when the user accesses the peripheral device with the access restriction. It is to provide an improved computer system, such a method and program that can be prevented.
[0007] 本発明は、オペレーティングシステム(OS)によって制御されるコンピュータシステ ムであって、  [0007] The present invention is a computer system controlled by an operating system (OS),
周辺デバイスのアクセス制限に関する制限情報を記憶する記憶装置と、 周辺デバイス力ゝら該周辺デバイスの存在情報を取得する周辺デバイス制御手段と 前記周辺デバイス制御手段から周辺デバイスの存在情報を取得すると、前記制限 情報を参照し、アクセス制限がされた周辺デバイスの存在情報を除いて、周辺デバイ スの存在情報を前記 OSに発行する通信制御手段とを備えることを特徴とするコンビ ユータシステムを提供する。  A storage device for storing restriction information related to access restriction of peripheral devices; peripheral device control means for acquiring presence information of the peripheral devices such as peripheral device power; and acquiring presence information of peripheral devices from the peripheral device control means; There is provided a computer system comprising communication control means for referring to the restriction information and excluding the presence information of the peripheral device whose access is restricted, and issuing the presence information of the peripheral device to the OS.
[0008] 本発明は、また、オペレーティングシステム(OS)を用いて、コンピュータシステムを 制御する方法であって、 [0008] The present invention is also a method of controlling a computer system using an operating system (OS),
周辺デバイス制御手段を用いて、周辺デバイス力ゝら該周辺デバイスの存在情報を 取得するステップと、  Using peripheral device control means to obtain presence information of the peripheral device from the peripheral device force;
前記周辺デバイスの存在情報を取得すると、周辺デバイスへのアクセス制限情報 が記憶されたデータベースを参照し、アクセス制限がされた周辺デバイスの存在情 報を除いて、周辺デバイスの存在情報を OS内に取得するステップと、を有することを 特徴とする方法を提供する。  When the presence information on the peripheral device is acquired, the presence information on the peripheral device is stored in the OS by referring to the database storing the access restriction information on the peripheral device and excluding the presence information on the peripheral device whose access is restricted. And obtaining a method characterized by comprising:
[0009] 本発明は、また、コンピュータシステムを制御するオペレーティングシステム(OS)を 補助するプログラムであって、 [0009] The present invention is also a program for assisting an operating system (OS) for controlling a computer system,
周辺デバイス制御手段を用いて、周辺デバイス力ゝら該周辺デバイスの存在情報を 取得するステップと、 Using the peripheral device control means, the peripheral device presence information of the peripheral device is obtained. A step to obtain,
前記周辺デバイスの存在情報を取得すると、周辺デバイスへのアクセス制限情報 が記憶されたデータベースを参照し、アクセス制限がされた周辺デバイスの存在情 報を除いて、周辺デバイスの存在情報を OS内に取得するステップと、をコンピュータ に実行させることを特徴とするプログラムを提供する。  When the presence information on the peripheral device is acquired, the presence information on the peripheral device is stored in the OS by referring to the database storing the access restriction information on the peripheral device and excluding the presence information on the peripheral device whose access is restricted. A program characterized by causing a computer to execute the obtaining step is provided.
[0010] 本発明のコンピュータシステム、アクセス制限方法及びプログラムでは、アクセス制 限がなされた周辺デバイスの存在情報が OSに通知されないので、ユーザは、ァクセ ス制限がされた周辺デバイスにアクセスを試みることがなぐそのような周辺デバイス へのアクセスに伴う OSのエラーログが出力されないので、ユーザに不安が生じること がない。このため、ユーザは、アクセス制限の有無を意識することなくコンピュータの 取扱いが可能となる。また、周辺デバイスの存在情報が OSに通知されないので、 o Sによるデバイスドライバの自動インストール処理が開始されず、ユーザにとって不要 な処理を実行しな ヽと 、う利点もある。  [0010] In the computer system, access restriction method, and program of the present invention, the presence information of the peripheral device for which access is restricted is not notified to the OS, so the user tries to access the peripheral device for which access is restricted. Since the OS error log associated with accessing such peripheral devices is not output, there is no concern for the user. As a result, users can handle computers without being aware of whether access is restricted. In addition, since the OS does not notify the presence information of the peripheral devices, there is an advantage that the device driver automatic installation processing by o S is not started and processing unnecessary for the user is not executed.
図面の簡単な説明  Brief Description of Drawings
[0011] [図 1]本発明のコンピュータシステムの構成を示すブロック図である。  FIG. 1 is a block diagram showing a configuration of a computer system of the present invention.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0012] 次に、本発明の実施の形態について図面を参照して詳細に説明する。図 1を参照 すると、本発明の実施の形態に係るコンピュータシステムは、 OSl、通信制御手段 2 、及び、周辺デバイス制御手段 3を有するコンピュータ 10と、プログラムやファイルな どを記憶する記憶装置を含む複数の周辺デバイス 5と、周辺デバイス使用制限情報 データベース (記憶装置) 4と、から構成される。  Next, embodiments of the present invention will be described in detail with reference to the drawings. Referring to FIG. 1, a computer system according to an embodiment of the present invention includes a computer 10 having an OSl, a communication control means 2, and a peripheral device control means 3, and a storage device for storing programs and files. It comprises a plurality of peripheral devices 5 and a peripheral device use restriction information database (storage device) 4.
[0013] OS1は、コンピュータの起動や終了、各種プログラムや周辺デバイスへのアクセス に関する制御を行う。通信制御手段 2は、 OS1と周辺デバイス制御手段 3との間の通 信の一部について、 OS1から発行される周辺デバイスの存在情報取得要求に関す る通信を仲介する。  [0013] The OS1 performs control related to the start and termination of a computer, and access to various programs and peripheral devices. The communication control unit 2 mediates communication related to the peripheral device presence information acquisition request issued from the OS 1 for a part of the communication between the OS 1 and the peripheral device control unit 3.
[0014] 周辺デバイス制御手段 3は、 OS1からの制御要求に応じて、アプリケーションと周 辺デバイスとの間の処理要求を伝達する機能や、 OS 1に対して周辺デバイスの存在 情報を返信する機能を有する。 [0015] 周辺デバイス 5は、コンピュータに接続される各種リソースであり、使用制限の対象 となる周辺デバイスを含み、コンピュータ本体 10に接続された周辺デバイスである。 [0014] Peripheral device control means 3 is a function that transmits a processing request between the application and the peripheral device in response to a control request from OS1, and a function that returns presence information of the peripheral device to OS 1. Have The peripheral device 5 is a variety of resources connected to the computer, including peripheral devices subject to usage restrictions, and is a peripheral device connected to the computer main body 10.
[0016] 周辺デバイス制限情報データベース 4は、 LANなどによって、組織内の全てのコン ピュータに接続されており、各コンピュータにおける周辺デバイスへのアクセス制限に 関する情報が、管理者によって登録されている。登録されるアクセス制限情報には、 例えば、アクセス制限の対象となるプログラム、ファイル、或いは、周辺デバイスと、そ のアクセス制限の解除条件とが対応して登録されて 、る。制限情報データベース 4は 、 LAN上の管理にカ卩え、ローカルでも管理できる。アクセス制限の解除条件には、例 えば、周辺デバイス毎に、アクセスが許可される特定のユーザの PIN (personal identi fication number)情報が登録される。  [0016] The peripheral device restriction information database 4 is connected to all computers in the organization by a LAN or the like, and information on access restriction to peripheral devices in each computer is registered by an administrator. In the access restriction information to be registered, for example, a program, a file, or a peripheral device subject to access restriction and a condition for releasing the access restriction are registered correspondingly. The restriction information database 4 can be managed locally, in addition to management on the LAN. In the access restriction release condition, for example, PIN (personal identification number) information of a specific user permitted to access is registered for each peripheral device.
[0017] 次に、本発明の実施の形態における処理の流れについて説明する。コンピュータ システムが稼働中に、コンピュータシステムに新たな周辺デバイスが接続されると、周 辺デバイス制御手段 3は、その接続を通知する接続通知を、通信制御手段 2に向け て発行する。また、周辺デバイス 5が既に接続されているコンピュータでは、 OS1が 起動すると、その起動直後に、周辺デバイス制御手段 3が、周辺デバイス 5の接続通 知を OS1に向けて発行する。以下、複数の周辺デバイスが既にコンピュータに接続 されており、その後に OS1が起動する場合を例として、上記実施形態のコンピュータ システムの動作にっ 、て説明する。  Next, the flow of processing in the embodiment of the present invention will be described. When a new peripheral device is connected to the computer system while the computer system is operating, the peripheral device control means 3 issues a connection notification for notifying the connection to the communication control means 2. In a computer to which the peripheral device 5 is already connected, when the OS 1 is started, the peripheral device control means 3 issues a connection notification for the peripheral device 5 to the OS 1 immediately after the start. Hereinafter, the operation of the computer system of the above embodiment will be described by taking as an example a case where a plurality of peripheral devices are already connected to the computer and the OS 1 is subsequently started.
[0018] OS1は、通信手段 2を経由して、周辺デバイス制御手段 3から周辺デバイスの接続 通知を受け取ると、周辺デバイスの存在情報の取得要求を、通信制御手段 2に向け て発行する。周辺デバイスの存在情報とは、コンピュータへ接続された周辺デバイス を個別に識別できる情報、例えば周辺デバイスの ID番号である。通信制御手段 2は 、 OS 1から存在情報取得要求を受け取ると、その取得要求を周辺デバイス制御手段 3に向けて発行する。周辺デバイス制御手段 3は、通信制御手段 2から周辺デバイス の存在情報の取得要求を受信すると、それに応答し、現在接続されている周辺デバ イスの存在情報のリストを、通信制御手段 2に返す。通信制御手段 2は、周辺デバィ ス使用制限情報データベース 4を参照し、接続されている周辺デバイス毎に使用制 限情報を取得する。通信制御手段 2は、受け取った複数の周辺デバイスの存在情報 から、アクセスが制限されている周辺デバイスの存在情報を除いて、 OS1に向けて発 行する。 OS1は、受け取った周辺デバイスの存在情報に従って、各種アプリケーショ ンを制御する。 When the OS 1 receives a peripheral device connection notification from the peripheral device control unit 3 via the communication unit 2, the OS 1 issues a request for acquiring peripheral device presence information to the communication control unit 2. The peripheral device presence information is information that can individually identify peripheral devices connected to the computer, for example, ID numbers of the peripheral devices. When the communication control means 2 receives the presence information acquisition request from the OS 1, it issues the acquisition request to the peripheral device control means 3. When the peripheral device control unit 3 receives the peripheral device presence information acquisition request from the communication control unit 2, the peripheral device control unit 3 responds to the request and returns a list of the currently connected peripheral device presence information to the communication control unit 2. The communication control means 2 refers to the peripheral device use restriction information database 4 and acquires the use restriction information for each connected peripheral device. The communication control means 2 receives the presence information of the plurality of peripheral devices received. To the OS1 except for the presence information of the peripheral devices for which access is restricted. OS1 controls various applications according to the received peripheral device presence information.
[0019] OS1は、その起動直後には、先に述べた存在情報の取得要求とは別に、ユーザに 対してその PIN情報の入力を促す画面を表示する。ユーザは、キーボードなどの入 力装置から、ユーザの PIN情報を入力する。通信制御手段 2は、 PIN情報を受信す るとそれをレジスタ内に記憶し、その PIN情報をキーとして、周辺デバイス使用制限 情報データベース 4の解除条件を検索し、当該ユーザにっ 、てアクセス制限が解除 できる周辺デバイスの ID番号を取得する。通信制御手段 2は、アクセス制限が解除さ れる周辺デバイスがあれば、その周辺デバイスの存在情報を OS 1に通知する。 OS1 は、それに従って、アプリケーションを制御する。なお、 PIN情報に基づいて、ァクセ ス制限が変更された場合には、これを有効とするために、コンピュータの再起動が行 われる。 OS1は、その後、例えば使用されるプログラムに従って、アクセス可能な周 辺デバイスのリストを表示装置に表示し、ユーザの選択を待って、その周辺デバイス にアクセスする。  [0019] Immediately after the activation, OS1 displays a screen that prompts the user to input the PIN information, in addition to the presence information acquisition request described above. The user inputs the user's PIN information from an input device such as a keyboard. When the communication control means 2 receives the PIN information, it stores it in a register, searches the peripheral device use restriction information database 4 for the release condition using the PIN information as a key, and restricts the access by the user. Get the ID numbers of peripheral devices that can be released. If there is a peripheral device whose access restriction is released, the communication control means 2 notifies the OS 1 of the presence information of the peripheral device. OS1 controls the application accordingly. If the access restriction is changed based on the PIN information, the computer is restarted to make it effective. The OS 1 then displays a list of accessible peripheral devices on the display device, for example, according to the program used, and waits for the user's selection before accessing the peripheral devices.
[0020] OS1が起動した後に、周辺デバイス 5が新たに接続された場合には、周辺デバイス 制御手段 3が、その接続された周辺デバイス 5について接続通知を発行し、 OS1が その接続通知に応答して存在情報取得要求を発行する。周辺デバイス制御手段 3が 、接続された周辺デバイス 5から取得した存在情報を通知すると、通信制御手段 2が 、周辺デバイス使用制限情報データベース 4を参照して、接続された周辺デバイス 5 についてアクセス制限がされている力否かを判別する。通信制御手段 2は、アクセス 制限がされて ヽれば、接続された周辺デバイス 5の存在情報を OS 1に向けて発行せ ず、アクセス制限がなければ、その周辺デバイスの存在情報を OS1に向けて発行す る。  [0020] When peripheral device 5 is newly connected after OS1 is started, peripheral device control means 3 issues a connection notification for the connected peripheral device 5, and OS1 responds to the connection notification. Issue a presence information acquisition request. When the peripheral device control means 3 notifies the presence information acquired from the connected peripheral device 5, the communication control means 2 refers to the peripheral device use restriction information database 4 to restrict access to the connected peripheral device 5. It is determined whether or not the force is applied. The communication control means 2 does not issue the presence information of the connected peripheral device 5 to the OS 1 if the access is restricted, and directs the presence information of the peripheral device to the OS 1 if there is no access restriction. Issued.
[0021] 従来のコンピュータシステムでは、 OSより発行される周辺デバイスの存在情報取得 要求に対して、周辺デバイス制御手段 3からは、管理者によりアクセスが制限されて V、る周辺デバイスも含めて全ての周辺デバイスの存在情報が返信される。ユーザが アクセス制限対象の周辺デバイスにアクセスを試みると、 OSからはアクセス不可を意 味するエラーログが出力されてしまい、ユーザはコンピュータの取扱いに不安を覚え る。本実施形態では、アクセス制限対象の周辺デバイスの存在情報が OS1の存在情 報のリストから除かれるので、アクセス制限がされた周辺デバイスにはユーザによるァ クセス要求自体が発生せず、そのようなエラーログが発行されることがない。このため 、エラーログの発生に起因するユーザの不安が除かれる。また、アクセス制限の解除 力 Sなされると、自動的に周辺デバイスへのアクセスが可能となるので、ユーザは、ァク セス制限及びその解除の有無を意識することなぐコンピュータの取扱いが可能とな る。 [0021] In the conventional computer system, in response to the peripheral device presence information acquisition request issued by the OS, the peripheral device control means 3 restricts the access by the administrator, including all peripheral devices. The presence information of the peripheral device is returned. When a user attempts to access a peripheral device subject to access restrictions, the OS cannot access it. The user will feel uneasy about the handling of the computer. In this embodiment, since the presence information of the peripheral device subject to access restriction is removed from the OS1 presence information list, the access request by the user itself does not occur in the peripheral device to which access is restricted. No error log is issued. This eliminates user anxiety due to the occurrence of error logs. In addition, if the access restriction is released, the peripheral device can be automatically accessed, so the user can handle the computer without being aware of the access restriction and whether or not it is removed. The
[0022] 本発明のコンピュータシステムでは、通信制御手段は、 OS内に組み込まれたプロ グラムによって、或いは、 OSを補助するプログラムによって構成することが出来る。ま た、本発明方法を記憶したプログラムは、 OS内に組み込むプログラム部分として構 成することができ、或いは、 OSを補助する独立のプログラムとして構成することが出 来る。  [0022] In the computer system of the present invention, the communication control means can be configured by a program incorporated in the OS or by a program that assists the OS. Further, the program storing the method of the present invention can be configured as a program part incorporated in the OS, or can be configured as an independent program that assists the OS.
[0023] 以上、本発明をその好適な実施形態に基づいて説明したが、本発明のコンビユー タシステム、アクセス制限方法及びプログラムは、上記実施形態の構成にのみ限定さ れるものではなぐ上記実施形態の構成力も種々の修正及び変更を施したものも、本 発明の範囲に含まれる。  Although the present invention has been described based on the preferred embodiment, the computer system, the access restriction method, and the program of the present invention are not limited to the configuration of the above embodiment, and are not limited to the configuration of the above embodiment. The structural force that has been variously modified and changed is also included in the scope of the present invention.
産業上の利用可能性  Industrial applicability
[0024] 本発明は、企業等のオフィスに設置されるパーソナルコンピュータの周辺デバイス のアクセス制限好適に適用できる。 The present invention can be suitably applied to restrict access to peripheral devices of a personal computer installed in an office of a company or the like.

Claims

請求の範囲 The scope of the claims
[1] オペレーティングシステム(OS)によって制御されるコンピュータシステムであって、 周辺デバイス (5)のアクセス制限に関する制限情報を記憶する記憶装置 (4)と、 周辺デバイス (5)力ゝら該周辺デバイスの存在情報を取得する周辺デバイス制御手 段 (3)と、  [1] A computer system controlled by an operating system (OS), a storage device (4) for storing restriction information regarding access restrictions of the peripheral device (5), and a peripheral device (5) Peripheral device control means (3) to obtain the presence information of
前記周辺デバイス制御手段(3)から周辺デバイスの存在情報を取得すると、前記 制限情報を参照し、アクセス制限がされた周辺デバイスの存在情報を除いて、周辺 デバイスの存在情報を前記 OS (1)に発行する通信制御手段(2)とを備えることを特 徴とするコンピュータシステム。  When the peripheral device presence information is obtained from the peripheral device control means (3), the restriction information is referred to, and the presence information of the peripheral device is obtained by using the OS (1) except for the presence information of the peripheral device whose access is restricted. A computer system characterized by comprising communication control means (2) for issuing to a computer.
[2] 前記通信制御手段(2)は、ユーザによる PIN入力に応答し、前記記憶装置 (4)を 参照して、前記周辺デバイスのアクセス制限を修正する、請求項 1に記載のコンビュ ータシステム。 [2] The computer system according to claim 1, wherein the communication control means (2) corrects an access restriction of the peripheral device with reference to the storage device (4) in response to a PIN input by a user.
[3] オペレーティングシステム(OS)を用いて、コンピュータシステムを制御する方法で あって、  [3] A method of controlling a computer system using an operating system (OS),
周辺デバイス制御手段(3)を用いて、周辺デバイス (5)力ゝら該周辺デバイスの存在 情報を取得するステップと、  Using the peripheral device control means (3), the peripheral device (5) obtains the presence information of the peripheral device from the force,
前記周辺デバイスの存在情報を取得すると、周辺デバイスへのアクセス制限情報 が記憶されたデータベース (4)を参照し、アクセス制限がされた周辺デバイスの存在 情報を除いて、周辺デバイスの存在情報を OS内に取得するステップと、を有すること を特徴とする方法。  When the presence information of the peripheral device is acquired, the presence information of the peripheral device is obtained by referring to the database (4) in which the access restriction information to the peripheral device is stored and excluding the presence information of the peripheral device whose access is restricted. And obtaining in a method.
[4] ユーザによる PIN入力に応答し、前記データベース (4)を参照して、前記周辺デバ イスのアクセス制限を修正するステップを更に有する、請求項 3に記載の方法。  [4] The method according to claim 3, further comprising the step of modifying access restrictions of the peripheral device by referring to the database (4) in response to a PIN input by a user.
[5] コンピュータシステムを制御するオペレーティングシステム(OS)を補助するプログ ラムであって、  [5] A program that assists an operating system (OS) that controls a computer system.
周辺デバイス制御手段(3)を用いて、周辺デバイス (5)力ゝら該周辺デバイスの存在 情報を取得するステップと、  Using the peripheral device control means (3), the peripheral device (5) obtains the presence information of the peripheral device from the force,
前記周辺デバイス (5)の存在情報を取得すると、周辺デバイスへのアクセス制限情 報が記憶されたデータベース (4)を参照し、アクセス制限がされた周辺デバイスの存 在情報を除いて、周辺デバイスの存在情報を OS内に取得するステップと、をコンビュ ータに実行させることを特徴とするプログラム。 When the presence information of the peripheral device (5) is obtained, the presence of the peripheral device with the access restriction is referred to by referring to the database (4) storing the access restriction information to the peripheral device. A program that causes a computer to execute the step of acquiring presence information of peripheral devices in the OS, excluding presence information.
ユーザによる PIN入力に応答し、前記データベース (4)を参照して、前記周辺デバ イスのアクセス制限を修正するステップを更にコンピュータに実行させる、請求項 5に 記載のプログラム。  6. The program according to claim 5, further comprising a step of causing the computer to execute a step of correcting an access restriction of the peripheral device with reference to the database (4) in response to a PIN input by a user.
PCT/JP2007/050422 2006-01-13 2007-01-15 Computer system, access limit method, and program WO2007081007A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006006535A JP2009086695A (en) 2006-01-13 2006-01-13 Peripheral device access control method
JP2006-006535 2006-01-13

Publications (1)

Publication Number Publication Date
WO2007081007A1 true WO2007081007A1 (en) 2007-07-19

Family

ID=38256408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/050422 WO2007081007A1 (en) 2006-01-13 2007-01-15 Computer system, access limit method, and program

Country Status (3)

Country Link
JP (1) JP2009086695A (en)
TW (1) TW200745903A (en)
WO (1) WO2007081007A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010117940A (en) * 2008-11-13 2010-05-27 Ricoh Co Ltd Computer, network information sharing method of recognition information of external storage device of computer, and computer program
JP2010182070A (en) * 2009-02-05 2010-08-19 Mitsubishi Electric Corp Apparatus, method and program for processing information

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000276406A (en) * 1999-03-29 2000-10-06 Hitachi Ltd Fiber channel connection strage subsystem and its access memory
JP2003044297A (en) * 2000-11-20 2003-02-14 Humming Heads Inc Information processing method and device controlling computer resource, information processing system, control method therefor, storage medium and program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000276406A (en) * 1999-03-29 2000-10-06 Hitachi Ltd Fiber channel connection strage subsystem and its access memory
JP2003044297A (en) * 2000-11-20 2003-02-14 Humming Heads Inc Information processing method and device controlling computer resource, information processing system, control method therefor, storage medium and program

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010117940A (en) * 2008-11-13 2010-05-27 Ricoh Co Ltd Computer, network information sharing method of recognition information of external storage device of computer, and computer program
JP2010182070A (en) * 2009-02-05 2010-08-19 Mitsubishi Electric Corp Apparatus, method and program for processing information

Also Published As

Publication number Publication date
JP2009086695A (en) 2009-04-23
TW200745903A (en) 2007-12-16

Similar Documents

Publication Publication Date Title
EP1950682B1 (en) Computer data management method, program, and recording medium
JP4400059B2 (en) Policy setting support tool
AU2007252841B2 (en) Method and system for defending security application in a user's computer
AU2002315565B2 (en) Security system and method for computers
JP4865177B2 (en) Behavior of trust status on computing platforms
WO2010023477A1 (en) Data leak protection application
US20120005722A1 (en) Application Context Based Access Control
WO2001026276A1 (en) Method and system for providing data security in a file system monitor with stack positioning
JP4681053B2 (en) Data management method for computer, program, and recording medium
US20060206487A1 (en) Method for restricting use of file, information processing apparatus and program product therefor
JP2006251857A (en) Method for restricting i/o access of client and program and system
US9009777B2 (en) Automatic role activation
CN110622163A (en) Auxiliary storage device with independent recovery area and equipment suitable for auxiliary storage device
US20050034125A1 (en) Multiple virtual devices
TWI387883B (en) Method, medium and device for overcoming system administration blockage
US8065281B2 (en) Method and apparatus for facilitating distributed processing of database operations
JP4850159B2 (en) External device management system
WO2007081007A1 (en) Computer system, access limit method, and program
JP5310075B2 (en) Log collection system, information processing apparatus, log collection method, and program
JP2002324011A (en) Storage system
JP2009151499A (en) Information processing system, information processor, its control method, and program
JP4314311B2 (en) Information processing apparatus and information processing system
JP2009230587A (en) Data management method of electronic computer, and program therefor
JP2002304231A (en) Computer system
KR20030090568A (en) System for protecting computer resource and method thereof

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07706756

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP