JP2001290552A - Security system for information processing equipment - Google Patents

Abstract

(57) Abstract: The present invention provides an information processing apparatus that can prohibit unauthorized use of an information processing apparatus by another person when an operator who directly operates the information processing apparatus is absent. The purpose of the present invention is to provide a security system. SOLUTION: A user carries a transmitter 15 for periodically transmitting second ID information, and a wireless receiving circuit 41 receives the ID information between an IC card reader 25 and a personal computer 21 to transmit the ID information. The same second ID information as EEPR
Registered in the OM 45, the received ID information is compared with the second ID information registered in advance by the control unit 47, and when the two match, the second ID information is periodically received. When the second ID information is not received, the control is performed so that the output of the first ID information is cut off when the second ID information is no longer received. The control unit 47 is provided in the receiver 17.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security system for an information processing apparatus which prohibits unauthorized use of the information processing apparatus by another person when an operator who directly operates the information processing apparatus becomes absent.

[0002]

2. Description of the Related Art Conventionally, as a security system of an information processing apparatus, an IC card is used to prohibit unauthorized use of a personal computer (hereinafter, referred to as a personal computer) when the user is absent. There is a known one that utilizes.

[0003] This system consists of a personal computer and RS232C.
It consists of an IC card reader connected via a cable or a USB cable, and software executed on a personal computer.
The password recorded on the card is read through an IC card reader, and the personal authentication is performed by comparing the password with a password registered in advance on a personal computer. The software on the personal computer performs regular communication with the IC card to monitor the attachment / detachment of the IC card. If the IC card is removed from the IC card reader, the regular communication is interrupted. To prohibit unauthorized use of the PC by others.

In this software, this state is maintained until the password can be read by inserting the IC card again, and acceptance of unauthorized operation using a keyboard or a mouse is prohibited. For example, Secure Tech provides a “growth key”.

In addition, instead of the IC card and IC card reader of the above system, a USB device in which ID information is registered is connected to a USB port provided in a personal computer,
Systems that provide similar functions to the above systems are also known, and examples of such systems include Rainbow Te
"iKey" is provided by chnologies.

[0006] Separately, if a screen saver is started by a timer on a personal computer and a password for canceling the screen saver is set, the above object can be achieved without using a special system. it can.

[0007] Further, although not commercially available at the present time,
A transmitter that periodically transmits ID information wirelessly, a receiver that receives the ID information and notifies software on a personal computer,
It consists of software on a personal computer, performs personal authentication by reading the ID information by the software, and when the regular communication of the ID information is interrupted, the software activates the screen saver and prohibits unauthorized operation using the keyboard and mouse. Methods and systems have been proposed, and examples of such methods are reported in JP-A-9-153016 and JP-A-10-240368.

[0008]

However, the above I
In a system using a C card or a USB device, there is a problem that if a user forgets to remove an IC card or a USB device and temporarily leaves, the unauthorized use of a personal computer becomes possible.

In the method of activating the screen saver by a timer, when the time until the timer is activated is set to be long, another user operates the personal computer before the user temporarily leaves the screen and activates the screen saver. When you put it,
There has been a problem that unauthorized use is possible.
On the other hand, if the time until the timer starts is set short, it is necessary to enter the password every time the operation to the PC is interrupted, which is troublesome and requires the user to frequently enter the password. There is a problem that the possibility of reading the password increases.

Further, Japanese Patent Application Laid-Open No. 9-153016,
In a system as disclosed in Japanese Patent Application Laid-Open No. H10-240368, it is possible to prohibit unauthorized use of a personal computer by a personal computer when a user of the personal computer is absent. Since it is necessary to create advanced software on a personal computer in consideration of all operating environments such as competition with applications, there has been a problem that the system becomes complicated.

[0011] The present invention has been made in view of the above,
It is an object of the present invention to provide a security system for an information processing apparatus that can prohibit unauthorized use of the information processing apparatus by another person when an operator who directly operates the information processing apparatus is absent. is there.

[0012]

According to the first aspect of the present invention,
In order to solve the above problems, a first method for identifying an operator is provided.
An ID information input device for inputting ID information of the first ID information, and an information processing device that continues information processing only when the first ID information can be periodically read from the ID information input device, Receiving means for carrying ID information transmitted from the transmitter between the ID information input device and the information processing device, having a transmitter carried by the operator and transmitting the second ID information periodically; Registration means for pre-registering the same second ID information as the transmitter; comparison means for comparing the ID information received by the reception means with the pre-registered second ID information;
If the ID information received by the receiving means matches the second ID information registered in advance, the second I
When the D information is received periodically, the first ID information is controlled to be continuously output to the information processing apparatus. When the second ID information is no longer received, the first ID information is output. And a control means for controlling the output of the ID information to be cut off.

[0013]

Embodiments of the present invention will be described below with reference to the drawings.

(First Embodiment) FIG. 1 is a diagram showing a configuration of a personal computer system 11 to which a security system for an information processing apparatus according to a first embodiment of the present invention can be applied.

First, the configuration of the personal computer system 11 shown in FIG. 1 will be described.

The user 13 always carries an ID transmitter 15 for periodically transmitting ID information.
Is transmitted to the receiver 17 within the reception area.

The receiver 17 is connected to a personal computer 21 via one RS232C cable 19 and the other R
IC card reader 25 via S232C cable 23
It is connected to the. When the IC card 27 is inserted into the IC card reader 21, the first ID information stored in the IC card 27 becomes readable by the IC card reader 21.

Next, the configuration of the ID transmitter 15 will be described with reference to FIG.

The ID transmitter 15 has an EEPROM 31 for storing second ID information for specifying the user 13;
A control unit 33 that periodically reads out the second ID information from the EEPROM 31 at a predetermined cycle, converts the second ID information into serial data, and outputs the serial data to the wireless transmission circuit 35 as a transmission signal, and controls the amplitude of a carrier wave oscillated at a predetermined frequency. And a radio transmission circuit 35 that modulates with a transmission signal sequentially given from the unit 33 and radiates from an antenna.

Instead of the above-mentioned EEPROM 31, a mechanical memory including a flash memory, a magnetic memory, a dip switch, a solder wire or the like may be used. Further, the control unit 33 includes a RAM for storing control data.
(Not shown), a ROM (not shown) for storing a control program, a CPU (not shown) for controlling the ID transmitter 15 in accordance with the control program, and an interrupt signal INT for measuring a set time and generating an interrupt signal INT. And a timer (not shown) for generating and outputting to the CPU.

Next, the configuration of the receiver 17 will be described with reference to FIG.

When the ID transmitter 15 is in the reception area, the receiver 17 demodulates a signal received via the antenna and outputs the demodulated signal as a reception signal. An ID registration circuit 43 which adds a write command signal to the ID information received by the wireless reception circuit 41 when the
An EEPROM 45 for registering ID information in response to a write command signal given from the D registration circuit 43 and outputting the registered ID information in response to reading from the control unit 47
And the ID information received by the wireless receiving circuit 41 and the EEPR
The control unit 47 is configured to compare and determine whether the ID information read from the OM 45 matches, and to turn on a relay RL1 described later when the ID information matches.

Instead of the above-described EEPROM 45, a flash memory, a magnetic memory, a mechanical memory composed of a dip switch, a solder wire, or the like may be used.

As shown in FIG. 3, the receiver 17 is provided with connectors CN1 and CN5 to which RS232C cables CN3 and CN7 are connected. The transmission data SD and the reception data R
Contact points S1 and S3 are connected only to D and other signal lines and the like are directly connected to each other.

Further, when the control unit 47 outputs an ON control signal to the transistor Tr1, the solenoids of the relay RL1 are excited to close the contacts S1 and S3.

Next, the basic operation of the ID transmitter 15 will be described with reference to FIG.

First, a timer (not shown) built in the control unit 33 has a predetermined transmission cycle time for generating a periodic interrupt signal INT and causing a CPU (not shown) to execute an interrupt process. It is assumed that T1 has been set.

The CPU of the control unit 33 executes the following interrupt processing in response to an interrupt signal INT from the timer. First, ID information is read from the EEPROM 31,
The signal is converted into serial data and output to the wireless transmission circuit 35 as a transmission signal. The radio transmission circuit 35 oscillates at a predetermined frequency only while the transmission signal is being input from the control unit 33, and controls the amplitude of the carrier wave by the control unit 3
3 and radiated from the antenna after being modulated by the transmission signal sequentially given.

Next, referring to FIG.
The registration operation of the D information will be described.

First, as shown in FIG.
Is assumed to be seated in front of the personal computer 21. Here, when the user 13 presses the registration switch provided in the receiver 17, the ID information stored in the ID transmitter 15 is stored in the EEPROM 45 provided in the receiver 17.
Registered in.

That is, the I carried by the user 13
The ID information periodically transmitted from the D transmitter 15 is transmitted to the wireless reception circuit 41 via an antenna provided in the receiver 17.
Is received, the received ID information is input to the ID registration circuit 43. At this time, the user 13
Is pressed, the ID registration circuit 43 is set to the registration mode, and the serially received ID information is converted into parallel data, and a write signal for registration in the EEPROM 45 is generated. Then, a write signal is provided from the ID registration circuit 43 to the EEPROM 45 together with the ID information, and the ID information is registered in the EEPROM 45.

As a result, the EEP provided in the receiver 17
Since the ID information of the user 13 is registered in the ROM 31, the user 13 can log in to the personal computer 21 by inserting the IC card 27 into the IC card reader 21.

Next, the basic operation of the receiver 17 provided in the personal computer system 11 will be described with reference to the flowchart shown in FIG.

First, as shown in FIG.
When the user 13 who is carrying is seated in front of the personal computer 21, the ID information is periodically transmitted from the ID transmitter 15. Here, the user 13 turns on the power to the personal computer system 11 and activates the personal computer 21, the receiver 17, and the IC card reader 21. Then, the IC card 27 is inserted into the IC card reader 21.

In the receiver 17 started by this operation, the CPU provided in the control section 47 starts executing the control processing according to the control programs sequentially read from the control ROM.

In step S10, a timer provided in the control unit 47 is initialized to start measuring the elapsed time t.

In step S20, it is determined whether or not the ID information has been received by the radio receiving circuit 41 via the antenna.
The processing loop of steps S20, S25, and S20 is repeated until the time becomes 2. If a timeout occurs, step S7 is executed.
Go to 0.

Here, in step S25, the elapsed time t measured by the timer is read to determine whether or not a timeout has occurred. That is, it is determined whether or not the elapsed time t is equal to or shorter than the predetermined reception reference time T2.

The ID transmitted from the ID transmitter 15
The information transmission cycle time T1 and the reception reference time T2 used for the timeout determination process have a relationship of T1 <T2.

On the other hand, if the ID information has been received, the process proceeds from step S20 to step S30, where the EEPROM 4
5 is read into the CPU in advance.

Then, in step S40, the elapsed time t measured by the timer is read to determine whether or not a timeout has occurred.

As described above, when the user 13 carrying the ID transmitter 15 is seated in front of the personal computer 21, the ID information is transmitted from the ID transmitter 15 at regular intervals. The process proceeds to step S50.
In step S50, the CPU sets the ID registered in advance.
It is determined whether the information matches the received ID information.

If both ID information match, step S
Proceeding to 60, an on-control signal for turning on relay RL1 is output to transistor Tr1. When an on-control signal is input to the base terminal of the transistor Tr1, the collector-emitter turns on and the relay RL1
And power is supplied to the solenoid to excite the solenoid coil.

As a result, the contacts S1 and S3 provided between the connectors CN1 and CN5 are closed, and communication using the transmission data SD and the reception data RD on the RS232C cables 19 and 23 is enabled.

That is, while the user 13 is seated, the ID information is transmitted from the ID transmitter 15 at regular intervals.
The signal lines of the 232C cables 19 and 23 can be kept connected.

On the other hand, when the user 13 who has been seated leaves the seat, the receiver 17 cannot receive the ID information. Therefore, step S20 is performed until the time t measured by the timer reaches the reception reference time T2. , S25, and S20 are repeated, and then time out and the process proceeds to step S70.

Then, in step S70, the relay RL
An off control signal for controlling off of the transistor 1
Output to r1. When an off control signal is input to the base terminal of the transistor Tr1, the collector and the emitter are turned off, the power supplied to the relay RL1 is cut off, and the solenoid coil is de-energized.

As a result, the contacts S1 and S3 provided between the connectors CN1 and CN5 are opened, and the communication using the transmission data SD and the reception data RD on the RS232C cables 19 and 23 is disabled. Thus, RS
When the signal line of the H.232C is cut off, the regular communication between the IC card reader 21 in which the IC card 27 is inserted and the software running on the personal computer 21 is cut off, and this software activates the screen saver. , Keyboard and mouse operations will not be accepted.

When the user 13 returns to the personal computer 21 and sits down again, the receiver 17 can receive the ID information from the ID transmitter 15.
The signal lines of the cables 19 and 23 are connected, and the IC card reader 21 can be used as usual. That is,
If a password is input from the keyboard, the screen saver is released and the personal computer 21 can be used, and personal authentication, file encryption / decryption processing, and the like can be freely performed on the personal computer 21.

Even if another user who carries an ID transmitter whose ID information has not been registered enters the reception area of the receiver 17, the process proceeds to step S70 by the judgment processing in step S50. The off control is performed, and the communication using the transmission data SD and the reception data RD on the RS232C cables 19 and 23 is held in a disconnected state where communication is not possible.

The effect of the first embodiment of the present invention is that the IC card is combined with an existing security device using an IC card that can be inserted into an IC card reader connected to the RS232C connector, and the IC card is connected via the IC card reader. Unless the user is carrying the transmitter and connected to the receiver, the personal computer cannot be used, so double security can be ensured, and advanced software must be created as in the prior art. In addition, even when the user is temporarily absent, unauthorized use of the personal computer by another person can be prohibited.

(Second Embodiment) FIG. 5 is a diagram showing a configuration of a personal computer system 71 to which a security system for an information processing apparatus according to a second embodiment of the present invention can be applied.

First, the configuration of the personal computer system 71 shown in FIG. 5 will be described. Note that the second embodiment has the same basic configuration as the personal computer system 11 corresponding to the first embodiment shown in FIG. 1, and the same components are denoted by the same reference numerals. , The description of which will be omitted.

The ID information transmitted from the ID transmitter 15 is received by the receiver 73 in the reception area. This receiver 7
Reference numeral 3 denotes an ID key 75 that can be inserted therein, and is connected to the personal computer 21 via a USB cable 77. This receiver 7
When the ID key 75 is inserted into the device 3, the first ID information stored in the ID key 75 can be read.

In order to prevent another person from pulling out the ID key 75 and directly inserting it into the connector CN25,
The ID key 75 may be stored inside the receiver 73.

Next, the configuration of the receiver 73 will be described with reference to FIG.

The feature of the receiver 73 is that it is determined whether or not the ID information received by the radio receiving circuit 41 and the ID information read from the EEPROM 45 match, and when they match, relays RL21 and RL23 described later are used. Is provided with a control unit 79 for turning on the control signal.

As shown in FIG. 6, a connector CN2 to which a USB cable 77 is connected is connected to the receiver 73.
1 and CN25 are provided. This connector CN2
1, between CN25, GND, data +, data-,
VCC is connected via contacts S21 to S27.

Further, when the control section 79 outputs an ON control signal to the transistors Tr21 and Tr23, the solenoid coils of the relays RL21 and RL23 are excited to close the contacts S21 to S27. In addition, the relay RL21,
The on / off procedure of the RL 23 is defined by the USB standard, and will be described later in detail.

Next, the operation of the personal computer system 71 will be described with reference to the flowchart shown in FIG. Note that the flowchart shown in FIG. 7 has the same basic procedure as the flowchart shown in FIG. 4, and the same procedure is denoted by the same reference numeral. 7 is also stored as a control program in the internal ROM of the control unit 79.

In step S50, when both ID information match, the process proceeds to step S260, and first, an ON control signal for controlling ON of the relay RL23 is output to the transistor Tr23. When an on-control signal is input to the base terminal of the transistor Tr23, the collector-emitter turns on, power is supplied to the relay RL23, and the solenoid coil is excited. Next, relay R
An ON control signal for controlling ON of L21 is output to the transistor Tr21. When the ON control signal is input to the base terminal of the transistor Tr21, the collector
Power is supplied to the relay RL21 by turning on between the emitters to excite the solenoid coil.

As a result, the contacts S25 and S27 provided between the connectors CN21 and CN25 are closed, and power is supplied from the USB cable 77 to the ID key 75. Next, the contacts S21 and S23 are closed, and the ID key 75 is ready for communication using data + and data-.

That is, while the user 13 is seated, the ID information is periodically transmitted from the ID transmitter 15, and the receiver 17 receives the ID information and
The signal line of the B cable 77 can be kept connected.

On the other hand, if the two ID information match in step S50, the flow advances to step S270. Further, when the user 13 who has been seated has left, the receiver 17 cannot receive the ID information. Therefore, steps S20, S25, and S25 are performed until the timer time t reaches the reception reference time T2. After repeating the processing loop of S20, a timeout occurs and the process proceeds to step S270.

Then, in step S270, the relay R
An off control signal for turning off L21 is output to the transistor Tr21. When an off control signal is input to the base terminal of the transistor Tr21, the collector
The emitter is turned off, the power supplied to the relay RL21 is cut off, and the solenoid coil is de-energized. Next, an off control signal for turning off the relay RL23 is output to the transistor Tr23. Transistor Tr
When an off control signal is input to the base terminal of the relay 23, the collector and the emitter are turned off, the power supplied to the relay RL23 is cut off, and the solenoid coil is de-energized.

As a result, the contacts S21 and S23 provided between the connectors CN21 and CN25 are opened, and then the contacts S25 and S27 are opened, so that communication using data + and data- on the USB cable 77 becomes impossible. Becomes disconnected. As described above, when the signal line of the USB cable is cut off, the ID key 75 and the periodic communication on the software running on the personal computer 21 are cut off. Will no longer accept operations by

The effect of the second embodiment of the present invention is that the present invention is combined with an existing security device using an ID key that can be inserted into a USB connector, the ID key is inserted into the receiver, and the user carries the transmitter. Unless the computer is not available, double security can be ensured, and without the need to create new advanced software as in the prior art, even if the user is temporarily absent, the personal computer can not be used. Unauthorized use can be prohibited.

Although the above-described embodiment has been described by applying the receivers 17 and 73 to the system in which the receivers 17 and 73 are connected to the personal computer 21, the present invention is not limited to such a case. Instead of the personal computer 21, for example, it is connected to a security sensor that detects an illegal intruder and generates an alarm sound and an alarm display, a table tap with a relay for supplying power to electric devices, and a network such as a LAN. It can also be connected to devices, devices connected to the network that notify the user's presence / absence, and monitoring devices that collect and monitor the presence information from multiple presence detection sensors. Unauthorized use by others can be prohibited even when temporarily absent.

Further, in the above-described embodiment, the case where a radio wave is emitted from the transmitter has been described. The same effect can be obtained as well.

Further, in the above-described embodiment, a case has been described in which ID information is periodically transmitted from a transmitter. However, the present invention is not limited to such a case, and for example, ID information is transmitted to a transmitter. The same effect can be obtained when the receiver periodically transmits a request signal requesting transmission.

[0071]

According to the first aspect of the present invention, an ID information input device for inputting first ID information for specifying an operator, and the first ID information is periodically transmitted from the ID information input device. An information processing device that continues information processing only when the information can be read is provided. The operator carries a transmitter that periodically transmits the second ID information, and transmits the information between the ID information input device and the information processing device. Receiving the ID information transmitted from the transmitter, pre-registering the same second ID information as the transmitter, comparing the received ID information with the pre-registered second ID information, The second I in which ID information is registered in advance
If the second ID information is regularly received when the second ID information is matched with the D information, control is performed such that the first ID information is continuously output to the information processing apparatus.
By providing a receiver that controls the output of the first ID information to be cut off when information is no longer received,
When an operator who directly operates the information processing device is absent, unauthorized use of the information processing device by another person is prohibited, so double security can be ensured.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a personal computer system 11 to which a security system of an information processing device according to a first embodiment of the present invention can be applied.

FIG. 2 is a diagram showing a configuration of an ID transmitter 15;

FIG. 3 is a diagram showing a configuration of a receiver 17;

FIG. 4 shows a receiver 17 provided in the personal computer system 11.
5 is a flowchart for explaining a basic operation of the first embodiment.

FIG. 5 is a diagram showing a configuration of a personal computer system 71 to which a security system for an information processing apparatus according to a second embodiment of the present invention can be applied.

FIG. 6 is a diagram showing a configuration of a receiver 73.

7 is a receiver 73 provided in a personal computer system 71.
5 is a flowchart for explaining a basic operation of the first embodiment.

[Explanation of symbols]

 15 ID Transmitter 17, 73 Receiver 21 Personal Computer 25 IC Card Reader 27 IC Card 41 Wireless Receiving Circuit 43 ID Registration Circuit 47 Control Unit 45 EEPROM 47, 79 Control Unit 75 ID Key RL1, RL21, RL23 Relay

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Hiromitsu Watanabe 8-14-24 Nishi Shinjuku, Shinjuku-ku, Tokyo NTT FANNET SYSTEMS CORPORATION (72) Inventor Kazumi Oshima Tokyo 8-14-24 Nishi-Shinjuku, Shinjuku-ku, NTT FANNET SYSTEMS CO., LTD. F-term (reference) 5B085 AA01 AA08 AE02 AE12

Claims (1)

[Claims] 1. An ID information input device for inputting first ID information for specifying an operator, and information for continuing information processing only when the first ID information can be read periodically from the ID information input device. In a security system of an information processing device provided with a processing device, further comprising a transmitter carried by the operator and periodically transmitting second ID information, wherein a transmitter is provided between the ID information input device and the information processing device. Receiving means for receiving the ID information transmitted from the transmitter; registering means for previously registering the same second ID information as the transmitter; second information registered in advance with the ID information received by the receiving means; Comparing means for comparing the ID information received by the receiving means with the second ID information registered in advance.
When the D information is received periodically, the first ID information is controlled to be continuously output to the information processing apparatus. When the second ID information is no longer received, the first ID information is output. A security system for an information processing apparatus, comprising: a receiver having control means for controlling output of ID information to be cut off.