JP2008269198A - Thin client operating system, thin client device, server-thin client system, and execution method of thin client operating system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a secure thin client OS using a general-purpose PC. <P>SOLUTION: The thin client OS including a control means, a main storage means, and a network connection means further includes a basic file means, a thin client file means and a file system virtualization means. The thin client file means includes an activation control means and a full screen task switching prevention means. The file system virtualization means accesses a file group contained in the thin client file means with substantially the same file name as a file group contained in the basic file means. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention particularly relates to a thin client operating system, a thin client device, a server thin client system, and a method of executing the thin client operating system.

In recent years, networks for data communication have progressed dramatically.
For example, as a network using a fixed line, so-called broadband connection such as ADSL or optical fiber has been realized.
For this reason, an environment in which an application program is installed in a server and a server / client (terminal) system in which a user operates the application program from a remote terminal is more comfortable than before.

As the above terminal, for example, a normal PC (personal computer) such as a so-called PC / AT (registered trademark) compatible machine or Macintosh (registered trademark), or a normal one such as Windows (registered trademark) XP (manufactured by Microsoft Corporation) is used. A general-purpose OS (operating system) for personal computers is installed, and a client program for accessing a server is further installed to be used as a terminal.
However, in a normal personal computer equipped with a general-purpose OS, the user can change the storage contents of an external storage device that is a fixed disk device.
Therefore, a so-called malicious program such as a back door or a trojan horse may be set on the external storage device without being detected by the user by an attached file of an e-mail or file exchange software installed by the user. As a result, confidential information downloaded from the server to the external storage device of the terminal may leak out, which is a social problem.

Therefore, a thin client device that is a dedicated terminal for accessing the server as a server / client system that is more secure (which means that security is strong against attacks from malicious persons) There is a server / thin client system using.
As this thin client device, a dedicated device different from a normal PC is used. In addition, in this specially designed thin client device, a reduced OS different from that for normal PC / AT compatibility is stored in an external storage device such as a flash memory, and it is difficult for the user to change the contents of the flash memory. . For this reason, it becomes secure.
The above-described reduced OS requires advanced knowledge for operations such as network setting.
For this reason, for example, in the following Patent Document 1 (hereinafter referred to as Prior Art 1), in a dedicated thin client device, a thin client device and a network setting configuration that can be easily set in a network and stored in a flash memory The method is described.

Further, for example, in the following Patent Document 2 (hereinafter referred to as Prior Art 2), a general-purpose OS is used as a normal server / client system, and a server / accessible server can be accessed by a full-screen web browser. A client system has been devised.
JP 2005-216292 A International Publication No. 2006/041122 Pamphlet

However, although the thin client device of the prior art 1 has an advantage that it is secure and the configuration of the network setting is simplified, the thin client device is originally expensive because it is a dedicated design.
Although the server / client system of the prior art 2 is less expensive than a dedicated device because it can use a normal PC, it uses a general-purpose OS. Therefore, the security level of the general-purpose OS against malicious attacks can be obtained. Become equivalent.
Therefore, it is possible to use a normal PC with a very low price because it is mass-produced by the horizontal division of labor model or an old recycled PC, and a thin client dedicated OS that is as secure as a dedicated thin client device is required. It was said.

  This invention is made | formed in view of such a condition, and makes it a subject to eliminate the above-mentioned subject.

The thin client operating system of the present invention is a thin client operating system comprising control means, main storage means, and network connection means, comprising basic file means, thin client file means, and file system virtualization means, The thin client file means includes start control means and full screen task switching prevention means.
The thin client operating system according to the present invention is characterized in that the file group included in the basic file means is created from a file group included in the general-purpose operating system.
In the thin client operating system of the present invention, the file system virtualization unit accesses the file group included in the thin client file unit with the same file name as the file group included in the basic file unit. Features.
In the thin client operating system according to the present invention, the file group included in the thin client file means includes a file group independent of the server operating system and a file group dependent on the server operating system. Features.
In the thin client operating system according to the present invention, the file group included in the thin client file means is encrypted or compressed when stored in the storage medium, and the main storage means is activated when the thin client is activated. It is characterized in that it is decrypted when it is read.
The thin client operating system according to the present invention is characterized in that the file groups of the basic file means and the thin client file means are stored in a storage medium that cannot be additionally written.
The operating system for a thin client according to the present invention is characterized in that an identification code is further stored for each storage medium in the non-appendable storage medium.
The thin client operating system according to the present invention is characterized in that the non-appendable storage medium is an optical disk.
The thin client operating system according to the present invention is characterized in that the activation control unit identifies and decrypts the storage medium that cannot be additionally written.
The thin client operating system of the present invention further includes basic file means and / or update difference file means of the thin client file means, and the file system virtualization means converts the file group included in the update difference file means to Access is made with the same file name as the file group of the basic file means and / or the thin client file means.
The thin client operating system according to the present invention is characterized in that the file group of the update difference file means is stored in a storage medium whose storage contents can be changed.
The thin client operating system according to the present invention is characterized in that the storage medium capable of changing the storage contents further stores an identification code for each storage medium.
The thin client operating system according to the present invention is characterized in that the storage medium whose storage contents can be changed is a flash storage medium.
The thin client operating system according to the present invention is characterized in that the activation control means performs decryption using an identification code of the storage medium whose storage contents can be changed.
The thin client operating system according to the present invention is characterized in that only the main storage means is used after the start-up is completed.
The thin client operating system of the present invention is characterized in that virtual memory is created in the external storage means of the thin client further including external storage means.
The thin client operating system of the present invention is characterized in that virtual storage is created in the storage medium capable of changing the storage contents.
The thin client operating system according to the present invention is characterized in that the main storage means is not used after the activation is completed, and the storage medium capable of changing the stored contents is used as a temporary storage means.
The thin client operating system according to the present invention is characterized in that, instead of the thin client main storage means, the storage contents changeable storage medium further includes main storage means.
In the thin client operating system according to the present invention, the activation control means is an activation control means for preventing a character or a cursor from being displayed on the screen as an activation sequence of the operating system and displaying a graphic image. .
In the thin client operating system according to the present invention, the full-screen task switching prevention means allows the user to operate the thin client only from a task displayed by a graphical user interface on the full screen of the display means connected to the thin client. It is characterized by.
The thin client operating system of the present invention is characterized in that the thin client is a personal computer.
The thin client device of the present invention is characterized by executing the above-described thin client operating.
The thin client device according to the present invention is characterized in that the thin client operating system is executed by a personal computer.
The gateway apparatus according to the present invention includes the identification code of the non-appendable storage medium connected between the server apparatus and the thin client operating system according to any one of claims 7 and 22. In addition, the identification code of the storage medium capable of changing the stored content is authenticated as a secret key.
The server / thin client system of the present invention comprises a server device on which a server operating system is executed, a network means, and a thin client device. In the thin client device, a basic file means and a thin client file means are provided. And a file system virtualization means, wherein the thin client file means executes a thin client operating system characterized by including a start control means and a full screen task switching prevention means. .
The thin client operating system execution method of the present invention starts from a storage medium that cannot be additionally written at the time of startup, and an additional or differential file stored in a storage medium whose contents can be changed by a file system virtualization means. It is characterized by accessing with the same file name.
According to the thin client operating system execution method of the present invention, an installer installs a thin client file group included in a non-appendable storage medium into an external storage unit of the thin client, and installs into the external storage unit at the time of startup. Starting from the file group for thin clients, the external storage means is not used after starting.
According to the thin client operating system execution method of the present invention, an installer can install a thin client file group included in a non-appendable storage medium into an external storage unit of the thin client, and contents can be changed in the external storage unit The installer further installs additional or differential files using a new storage medium, starts up from a storage medium that cannot be added at the time of startup, and then starts up the thin client file group installed in the external storage means, so that no additional recording is possible. A user authentication with a server is performed using an identification code of a possible storage medium.

  According to the present invention, it is possible to provide a secure thin client OS that can use a widely available general-purpose PC as a thin client device.

<First Embodiment>
The thin client OS according to the first embodiment of the present invention will be described below with reference to the drawings.
FIG. 1A is a conceptual diagram of a thin client / server system for executing the thin client OS according to the first embodiment of the present invention.
The server thin client system X according to the first embodiment of the present invention includes a server 10 on which a server OS such as Windows (registered trademark) server 2003 and Linux (registered trademark) is operating, and Terminals 20-1 to 20-n that are PCs such as general PC / AT compatible machines on which the thin client OS according to the embodiment is operating are connected through a network unit 5 such as the Internet. .

FIG. 1B is a diagram showing a configuration of a terminal Y which is one of these terminals according to the first embodiment of the present invention and is a normal PC.
The terminal Y is, for example, a PC having the functions of a PC / AT compatible machine. However, the terminal Y may be a thin client that is not a dedicated design in which the minimum necessary functions as a PC / AT compatible machine are assembled from general-purpose products. The terminal Y mainly includes a CPU 21 that is a control unit of a PC, for example, a CPU (Central Processing Unit) such as Pentium (registered trademark) manufactured by Intel or Athlon (registered trademark) manufactured by AMD, and a DRAM or the like. A memory controller that exchanges data for reading / writing memory contents between the storage unit 22 and the CPU 21 and the main storage unit 22 (in the case of AMD, the CPU has a built-in memory controller) and I / O control A chip set 23 that is an integrated circuit that performs the above, an optical disk device 24 such as a CD-ROM or a DVD-ROM, an HDD 25 that is a fixed disk device such as a hard disk drive (HDD), a video card 26, and a network connection unit 27. Including. Further, the chipset 23 is connected to a keyboard 40 and a pointing device 45 which are input units for a user to operate the PC.

The video card 26 is provided in the form of an expansion board (card or board) and is a part used for display of a PC, which is connected to the chip set 23 through a bus interface such as PCI-Express or AGP. Functions equivalent to the video card 26 may be integrated into the on-board video chip or chip set 23. A display unit 50 such as a CRT display or a liquid crystal display is connected to the video card 26.
The network connection unit 27 is a wired LAN or wireless LAN interface such as a LAN card, and can connect the terminal Y to a network such as the Internet. This network connection unit may also be integrated into the chipset 23.

The terminal Y may or may not have the HDD 25 built therein, but it is required that the PC can be started from the optical disk device 24.
However, even if the PC cannot be started from the optical disk device 24, the thin disk according to the first embodiment of the present invention is started from the optical disk device 24 after starting from a bootable FDD (flexible disk drive) (not shown). A client OS can be executed.
If these terminals have the HDD 25, it is possible to start only from the HDD 25 by performing an installation described later. Further, a flash memory can be used instead of the optical disk.

Next, the configuration of the thin client OS according to the first embodiment of the present invention will be described with reference to the drawings.
The thin client OS according to the first embodiment of the present invention is created using Linux (registered trademark), which is a general-purpose OS compatible with UNIX (registered trademark) for PC. Specifically, for example, a file including a program necessary for hardware recognition and network connection, data attached thereto, a setting file, and the like is selected from knoppix which is a kind of Linux booted from a CD-ROM. Files such as programs, data, and setting files necessary for the client OS are independently incorporated as separate files. That is, since only necessary files are selected from the general-purpose OS, security holes (security weaknesses) can be reduced.

FIG. 2 shows that, for example, CD-ROM, DVD-ROM or CD-R, DVD-R, etc. cannot be added once after being physically and chemically stored on the medium (hereinafter referred to as “not appendable”). FIG. 3 is a diagram showing a configuration of a thin client OS according to the first embodiment of the present invention stored in a storage medium C that is an optical disk.
In this storage medium, a file group is stored in a state mainly divided into a basic file unit 100, a thin client file unit 200, a file system virtualization unit 300, and a manual unit 400. Further, an identification code unit 500 is stored in the storage medium.

The basic file unit 100 is a part that stores general-purpose file groups other than files necessary for a thin client of a general-purpose OS.
This is to display a startup file for booting from the optical disk device, a boot file unit 110 that is a set of files for an OS kernel program and a basic file system, and an option menu at boot time. And a start-up menu section 120 including the program, image data, and the like.
Further, a virtual memory processing unit 130, which is a program necessary for performing processing for virtual memory, is further included.

  The thin client file unit 200 creates a full-screen window on the window manager and the activation control unit 210 that controls the file system in conjunction with the file system virtualization unit 300 after the activation file unit 110 is activated. A full-screen task switching prevention unit 220 that executes a single application that accesses the server on the full-screen window, a splash image unit 230 that is a program or data for displaying a graphic image during startup, And a server OS dependent unit 240 that implements a communication / drawing function according to the OS. The activation control unit 210 and the full-screen task switching prevention unit 220 are placed in a file group that does not depend on the server OS.

Furthermore, the file system virtualization unit 300 includes a program group for realizing file system virtualization.
The manual section 400 includes product manuals in PDF format, HTML format, man (UNIX (registered trademark) manual) format, and the like.

  The identification code part 500 is a key for decryption described later, which is stored in a storage medium at a location that cannot be referred to by a normal file system reference method. Further, information specific to each storage medium C such as network settings may be written.

Here, with reference to FIG. 10, the file structure of the optical disc as the storage medium C in which the thin client OS according to the first embodiment of the present invention is stored will be described.
First, the storage medium C is created in a standard format such as ISO 9660 (Romeo extensions) format. For this reason, for example, when this optical disc is read by a PC on which Microsoft Windows XP (registered trademark) is mounted, the file can be referred to.
However, the file group included in the above-described thin client file unit 200 can be referred to only as a few files compressed and encrypted in an archive format by, for example, bzip etc., except for the activation control unit 210.
These several files exist as “IZE1” to “IZE3” in the “/ IZE” directory including the thin client file unit 200, respectively.

For example, “IZE1” is an archive file that includes a special kernel for a thin client, a basic daemon, and the like. “IZE2” is an archive file that includes files that do not depend on the OS of the server. It is assumed that the archive file includes a file depending on the server OS.
“IZE3” is “Type WT” when the corresponding server OS is Windows (registered trademark) server 2003 made by Microsoft Corporation, and “Type BR” when it is Linux (registered trademark).

The file groups of the splash image unit 230 and the full screen task switching prevention unit 220 are stored in “IZE2” and “IZE3” according to functional necessity. In addition, the file group of the server OS dependent unit 240 is substantially included in “IZE3”.
These huge files of “IZE1” to “IZE3” are decrypted and expanded with reference to the identification code unit 500 when they are read into the main storage unit 22 of the thin client when the thin client OS is started, as will be described later. .
Note that “IZE” is an abbreviation for “Identified by Zero-based Endorsement”.

  Next, when the user inserts the storage medium C storing the thin client OS according to the first embodiment of the present invention into the optical disk device 24 of the PC and turns on the power of the PC, The operation will be described with reference to the drawings.

FIG. 3 is an overall flowchart illustrating a procedure until the thin client OS is activated. Hereinafter, the flow until activation will be described with reference to this flowchart.
First, in step S101, the CPU 21 has a BIOS (Basic Input Output System), an EFI (Extensible Firmware Interface), or the like built in a NOR type flash memory or the like that is mounted on a mother board (main board) (not shown) of the PC as a standard. Run the firmware program.
As a result, the CPU 21 recognizes the microcode (machine language code) of the CPU 21 and the like to prepare for activation, and starts activation (boot) from the optical disk device 24. As a result, the startup process of the thin client OS according to the first embodiment of the present invention is started.

  In step S102, the startup menu section 120 of the thin client OS displays several startup options on the screen. As shown in FIG. 6A, this screen is created based on GRUB, which is a Linux standard boot manager, for example, but it is possible to use sysline. “TRANSPORTER” is a product name of the operating system for the thin client according to the first embodiment of the present invention.

Here, the user can select the activation option from several types in the menu by operating the up / down or page up / down keys of the keyboard 40 of the PC or by the input means such as the pointing device 45.
The activation options that can be selected are “TRANSPORTER (1280 × 1024)” to “Internal HDD 2” in the screen frame. The selected activation option can be confirmed by the user by a cursor display such as the background color of the field changing.
Among the activation options, “TRANSPORTER (1280 × 1024)” to “TRANSPORTER (800 × 600)” respectively correspond to the resolution of the screen after activation. As a result, it is possible to use an old PC that does not support high-resolution screen display.
In addition, “TRANSPORTER (substandard)” is a mode in which the resolution changes depending on the success of automatic hardware recognition, rather than specifying the resolution first, and the display unit 50 of the PC supports plug-and-play. (For example, when the VESA standard is supported by digital connection such as DVI), the optimum resolution can be automatically selected at the time of activation. For example, if the PC display supports a high resolution of 1280 × 1024 dots or more, this can also be selected. In the case of “TRANSPORTER (substandard)”, since the activation mode is different, step S107 is skipped and no splash is displayed. Furthermore, when resolution detection fails, the device can be traditionally activated on a standard graphic screen (VGA (Video Graphics Array in the case of a PC / AT compatible machine)).
Note that the option “TRANSPORTER (1024 × 768)” is selected as a standard at the time of activation.

  Furthermore, when the activation menu is displayed, for example, by pressing the “p” key on the keyboard, it is possible to specify and input options at the time of activation on the command line. For example, a debug mode, a mode in which a specific device driver is not read, a mode in which the video card 26 is not compatible with Linux, a mode that is activated in a minimum compatible screen environment (VESA SVGA, etc.), and a specific setting file The mode to read / skip can be selected.

Another startup option “InternalHDD1” is displayed by the startup menu unit 120 only when the HDD is built in the PC.
“InternalHDD1” is a boot option for booting an OS installed in the HDD 25 such as Microsoft Windows (registered trademark) XP.
When the user selects “Internal HDD 1”, the thin client OS according to the first embodiment of the present invention is terminated, and is normally installed in the first partition of the first HDD set by the firmware of the PC. The OS is executed.
“InternalHDD2” is assumed to be a PC made by a major PC manufacturer such as US DELL. That is, when data for product recovery or the like is stored in the first partition, the system starts from the second partition of the same HDD as “Internal HDD 1”.

Furthermore, another installation option “Install TRANSPORTER to hard disk” will be described.
If this option is selected, the user must first input the password written in the manual of the thin client OS document from the keyboard. Thereby, it is possible to prevent the OS of the built-in HDD 25 from being overwritten by mistake.
Further, when the user correctly inputs this password, installation in which a file group of the storage medium C is copied is performed in the installation process in step S104 described later.
With this installation, the startup time can be shortened, and the thin client OS according to the first embodiment of the present invention can be installed according to the environment of a specific PC.
As described above, even if the option is activated, the syncline OS according to the first embodiment of the present invention normally does not write at all after the activation of the HDD 25 after activation.

Here, when installing, in the case of a PC having a small capacity of the main storage unit 22, it is possible to create and use a virtual storage in the HDD 25. Even in this case, the installed file is not changed at all, but the HDD operates after activation.
In addition, in order to prevent data from leaking out by reading this virtual memory, the virtual memory processing unit 130 can be used by being read or written on the virtual memory after being compressed or encrypted by an algorithm such as an encryption zip. It is. For this encryption, a secret key written in the thin client file part 200 or the identification code part 500 is used.

Next, the activation menu unit 120 displays when the user selects an activation option, when the “p” key of the keyboard 40 is pressed, or when there is no user input from the keyboard 40 for a certain time (for example, 5 seconds). The process proceeds to the next step S103.
In step S103, the activation menu unit 120 determines whether to perform installation. That is, when the user selects “Install TRANSPORTER to hard disk” as the activation option, the process proceeds to the next step S104 as “Yes”. In other cases, the processing in the next S105 and subsequent steps proceeds according to the activation menu selected in step S102.

In step S104, the following installation processing is performed by the installer included in the startup menu unit 120 and the startup file unit 110.
First, the installer reads the minimum kernel and file system related files for performing installation processing from the common file unit 100, and displays a text screen for installation.
6B, which is the text screen, first, when there are a plurality of HDDs of the HDD 25, the startup menu unit 120 displays those HDDs and the current partition configuration information.
Next, the activation menu unit 120 displays a dialog for selecting the HDD to be installed. Here, a dialog asking whether the user accepts HDD erasure is displayed, and when the user inputs “yes” correspondingly, the following dialog is displayed.
Next, the installer lets the user set installation options.
Options for this installation include (1) whether to completely erase the HDD (can write 0 to each sector of the HDD, write a random number, erase the NSA (National Security Agency) recommended method, etc.) , (2) Whether to install in the existing partition or (3) Install a part of the existing partition separately can be selected from the dialog.
Further, (4) whether to create a virtual storage file, a swap partition, or the like can be set regardless of whether or not the thin client OS according to the first embodiment of the present invention is installed in the HDD. It is.

When the user's option setting is completed, the installer erases the HDD, creates a minimum partition necessary for installing the thin client OS, and copies the contents of the storage medium C. When using virtual memory, this partition or file is created. At this time, the activation menu unit 120 displays the progress of installation on the screen. FIG. 6B is an example of a screen displayed during the installation.
When the installation is finished, the installer finishes the process. Thereby, the activation menu unit 120 advances the processing to step S105.
Normally, the file on the installed HDD does not have the identification code portion of the storage medium C and does not have a mechanism for starting directly, so the storage medium C is loaded into the optical disk device 24 and read at the time of startup. It needs to be in a state. However, a configuration in which the identification code part of the storage medium C is directly installed in the HDD and the storage medium C is started without being inserted into the optical disk device 24 is also possible.
When the installation is performed on the HDD, the startup menu unit 120 sequentially searches the HDDs installed in the HDD 25 at the next startup and detects the first installed file without displaying the startup menu. Start from the specified file.

  In step S105, the boot file unit 110, the boot control unit 210, and the file system virtualization unit 300 are the features of the thin client OS according to the first embodiment of the present invention. Initialize the method for managing recorded files. The details are shown in the flowchart of FIG.

First, in step S <b> 1051, the Linux kernel for activation of the activation file unit 110 creates a file system on the main storage unit 22. For example, a program called tmpfs can be used to create this file system.
Hereinafter, this file system is referred to as a root file system. Next, the root file system is mounted (mounting means an operation for allowing the OS to recognize the file system and read / write a file in the file system). Furthermore, necessary files such as device drivers (drivers, programs and modules for operating hardware from the OS) and daemons (service programs executed in the background) in the startup file unit 110 are expanded on this root file system. To do. Then, the activation control unit 210 is executed to take over the process.

In step S1052, the activation option input by the user in step S102 is read on the root file system, and a necessary setting file or the like is selected.
Next, in step S1053, the activation control unit 210 adds “IZE1” to “IZE3” that are other files for the thin client file unit 200 from the storage medium C according to the option specified by the activation file unit 110. Search and mount. Further, a file system (hereinafter referred to as an ISE * file system) necessary for expanding these “IZE1” to “IZE3” is created and mounted.

Next, in step S1054, the activation control unit 210 executes the file system virtualization unit 300 for the root file system and the IZE * file system created in step S1051.
The file system virtualization unit 300 is a program module that can virtualize and mount a file system such as unionfs.
This unionfs adjusts i-node or the like, which is file index information in the UNIX (registered trademark) file system. As a result, the file system can be read in duplicate (overlapped).
That is, it is possible to create a new file system in the main memory with overlapping directory structures and access a directory or file with the same name from this file system.
When there are directories and files with the same name between the stacked file systems, the directories and files in any one of the file systems are accessed with priority. In the case of a file that is not in the preferred file system but only in the other file system, the file can be accessed.

The specific state of this file system will be described with reference to FIG. 11. There are a kernel and a basic file system on the root file system, and the files expanded from “IZE1” to “IZE3” Can be seen.
Here, the stacked file system is realized as a symbolic link below “/ UNIONFS” on “/” (system root) of the root file system.
For example, after this step, if a program such as various scripts executed on the user or the OS tries to refer to “/ bin”, the contents of “/ UNIONFS / bin” can be viewed. Further, the contents of “/ UNIONFS / bin” are contents obtained by superimposing “/ bin” of a directory of a file obtained by expanding “IZE1” to “IZE3” in the ISE * file system.
That is, in the size * file system, files are preferentially accessed in the order of “size3”->“size2”-> “size1”. (Deleted about hierarchy)
By superimposing such file systems, the thin client OS according to the first embodiment of the present invention accesses necessary files with substantially the same file name as that of a normal Linux (registered trademark) file system. It becomes possible to do.
As a result, the same file can be accessed even if the product versions are different, so that a security hole or the like can be avoided. In addition, it is possible to prevent the file from becoming inaccessible due to the difference in the directory structure. As a result, the stability of the OS is improved and the system becomes more secure.

Next, in step S1055, the activation control unit 210 reads “IZE1” to “IZE3” from the storage medium C according to the option specified by the activation file unit 110 in step S1051, and decodes them by the identification code unit 500. The file is expanded on the doubled ISE * file system of the main storage unit 22. As a result, the thin client OS according to the first embodiment of the present invention can be accessed from a file developed on the ISE * file system.
Also, since the kernel on the root file system remains on the root file system, even if the kernel-related file is damaged due to some kind of failure, the kernel-related file on the root file system can be accessed. Can do. That is, even if a file is damaged and deleted, the file can be accessed by referring to the file system in the hierarchy below “/ UNIONFS”, so that the robustness is improved. Furthermore, when it can be determined on the file system that the file is abnormal, it is possible to delete the abnormal file and similarly access the file system in the lower hierarchy. That is, the file is not broken when the OS is executed. Thereby, stability can be ensured.

Next, in step S1056, various setting files are initialized in the ISE * file system according to the activation option read in step S1051.
This completes step S105 relating to file system initialization.

After the initialization of the file system is completed, the thin client OS according to the first embodiment of the present invention can perform the following steps shown in step S106 and step S107 at the same time.
In step S106, various types of hardware recognition and initialization are performed. In the meantime, the startup sequence is displayed in normal Linux, but this is not familiar to general users, and the appeal effect as a product is lowered because it gives an inorganic feeling.
Therefore, in the thin client OS according to the first embodiment of the present invention, a module that displays a graphic screen is activated in step S106. Next, while recognizing and initializing the hardware in step S106, an image is displayed on the screen in step S107. Let this image be a splash.
This splash prevents the user from being bored while waiting for activation, improves the appearance, and enhances the appeal effect as a product.
Hereinafter, these two steps will be described.

First, the hardware recognition in S106 will be described with reference to FIG.
In step S1061, the activation control unit 210 reads various device drivers with reference to the activation file unit 110 based on the setting file read in the previous step, and performs device settings. At this time, first, the video card 26 is worked, the display resolution selected by the user in step S102 is changed, and preparation for starting the splash in the next step S107 is performed. If it is not possible to change to the resolution selected by the user, the resolution is automatically recognized in the same manner as “TRANSPORTER (substandard)” in step S102, and step S107 is not executed.
As this device driver, a device driver group prepared for Linux, which is a general-purpose OS, can be used. Therefore, it is possible to deal with PC / AT compatible machines having various configurations for each model.
In addition, since the thin client OS according to the first embodiment of the present invention is an OS specialized for the thin client, it is not necessary to read device drivers for a large number of devices. Examples of the device driver include various I / O drivers for the chipset 23, IDE drivers for accessing the HDD 25, network drivers, USB (Universal Serial Bus) drivers, drivers for audio output units (not shown), and the like. Only is needed. Further, a PC card driver or the like can be read as necessary.

Next, in step S1062, the activation control unit 210 performs network setting. As this network setting, an IP address is set by DHCP, and a firewall (IP filter, jail, etc.) is also set.
Further, when the network setting is stored in the identification code unit 500, the network setting is performed according to this. This makes it more secure because it cannot be connected to a network other than a specific location or environment.

In step S1063, a wallpaper file is detected and read from the thin client file unit 200 of the ISE * file system. Since the wallpaper file is displayed on the display unit 50 from step S108 to before the full-screen task switching prevention unit 220 activated in step S109 is activated, the appeal effect to the user can be enhanced.
This completes step 106 relating to hardware recognition.

In step S107, after the VGA driver is started in the initial stage of step S106, a splash screen as shown in FIG. 7 is first displayed. After this, the screen displayed on the display unit 50 is sometimes changed to the text display mode, such as a sequence of characters displayed as an activation sequence as in normal Linux, or as seen in Microsoft Windows (registered trademark). The cursor will blink and the user will not feel anxious about not starting halfway.
In the splash screen of FIG. 7, the activation control unit 210 displays an animation 1500 in which the character moves to the lower right. In addition, the state of step 106 is monitored, and the state of the progress bar 1510 is updated according to how much the device driver has been activated. According to this update, the color of the progress bar in the form of a graph extends toward the right.
Regarding the state of the progress bar 1510, the data measured for a considerable number of device drivers with respect to the average startup time of the device driver and the device is built in the startup file unit 110. For this reason, the display of the degree of progress is more accurate than a progress bar at the time of startup such as normal Windows (registered trademark).

In step S108, the GUI (image processing interface) is initialized. The GUI according to the first embodiment of the present invention is UNIX (registered trademark) or a high-resolution graphics environment for this compatible OS, for example, X Window System (registered trademark, hereinafter referred to as X-Window). Or a compatible GUI thereof.
Specifically, in this step S108, the activation control unit 210 reads a series of device drivers and setting files for activating the X-Window in the activation file unit 110, and activates the X-Window.

With respect to the screen resolution of the X-Window, the screen is started according to the resolution set by the user in the previous step S101. As an X-Window window manager, it is preferable to use a TWM or the like that uses a small amount of memory because only one full-screen display application is activated later.
Further, in this step, the activation control unit 210 displays the wallpaper file read in step S1063. As a result, the wallpaper is displayed seamlessly from the splash.
A state of the screen of the display unit 50 on which the wallpaper file is displayed is shown in FIG. 8A. Since the GUI is activated, it can be seen that an arrow (pointer) is displayed at the center of the screen.

Next, in step S109, the full screen task switching prevention unit 220 activates the full screen display application. This full-screen display application operates as a “desktop” screen displayed on the entire surface of the display unit 50, and has the ability to prevent the user from switching to another task other than the full-screen display application.
Then, the full-screen task switching prevention unit 220 activates a series of programs of the server OS dependent unit 240, which is an application dependent on the server OS, on the full-screen display application.

When the OS of the server 10 is a Windows (registered trademark) server 2003 made by Microsoft Corporation, the server OS dependent unit 240 uses a program that functions in the same manner as a program such as VNC. This configuration is referred to as “Type WT” as described above.
That is, in “Type WT”, the program of the server OS dependent unit 240 displays the desktop screen of the Windows (registered trademark) server 2003 on the display unit 50 of the terminal Y, and the network connection unit 27 relates to the remote desktop function. Send and receive packets that compress the desktop screen from the port to be used. As a result, the user can operate the server 10 using the Windows (registered trademark) remote desktop function.
A login screen to the server 10 in “Type WT” is shown in FIG. When the user is authenticated by the server 10 by entering the user name and password, various applications installed on the server 10 can be used.
In this case, unlike remote desktop connection using a normal PC and a general-purpose OS, the function of the terminal Y is specialized to display the server screen, so information from the server is sent to the terminal Y. The possibility of being pulled out and stolen becomes extremely low.

Further, when the OS of the server 10 is a UNIX (registered trademark) OS, the server OS dependent unit 240 executes a remote desktop connection program based on Adobe's FLASH and thereby connects to the server 10. Can do. This configuration is referred to as “Type BR” as described above.
In the case of “Type BR”, since the difference portion of the desktop is transmitted in the XML format, the operation becomes lighter and the user can use it comfortably.

When the user finishes the work using the PC, it is only necessary to turn off the power. In “Type WT”, it is better to log off, but since the server 10 is set to automatically log off if there is no access from the terminal Y for a certain time, there is no problem even if the power is turned off directly. Few. When the power is turned off, the contents of the main storage unit 22 become completely random, so that information is not stolen by analyzing this.
If virtual storage is set, when the user presses the power button of the PC, the full-screen task switching prevention unit 220 erases the virtual storage file or partition and then performs a shutdown process. If the user directly unplugs the power outlet or the like, the virtual memory is not erased, but there is no problem if encryption is also used.

When the user performs a logoff process on the server OS, the full-screen display application is terminated and the wallpaper screen as shown in FIG. 8A is returned.
In this state, when the user right-clicks the pointing device 45 (in the case of normal specifications), a menu as shown in FIG. 8B is displayed. The user can perform various operations by selecting an item in this menu and left-clicking (in the case of normal specifications).
A “logon” is an item that can once again access a defined server.
“Logon (redirect)” is a function for connecting a device (for example, USB memory or sound) connected to the client to the server. For example, when a USB memory connected to the terminal Y is used as a network drive on the server, or when an audio file (for example, an MP3 file) is played on the server, it is possible to play a sound through a speaker connected to the terminal Y. become. In addition, it supports printers, serial ports, clipboards, and plug and play devices. Note that “logon (redirect)” is not displayed depending on the configuration (customer requirements).
“Restart” is an item for restarting the PC, and “End” is an item for shutdown.
In addition, when the user starts up the PC again immediately without performing logoff processing, the server 10 can be accessed in a state where the work is interrupted.

With the above configuration, a secure thin client OS that can use a general-purpose PC as a thin client device can be provided.
This makes it possible to prevent data in the server from leaking by using a secure server / thin client system.
In addition, the thin client OS according to the first embodiment of the present invention can prevent reverse engineering and the like by encrypting files necessary for the thin client OS. It is highly effective in preventing server data from leaking due to weak points such as OS security holes.

  In addition, the thin client OS according to the first embodiment of the present invention includes a file that is necessary for the thin client OS, and a portion that depends on the server OS and other portions are collected as separate files. Therefore, there is an effect that it can be easily handled by simply replacing the file corresponding to the variation of the server OS. Thereby, even when the server OS is updated, the difference file of the server OS dependent unit 240 need only be replaced. In addition, when a portion that does not depend on the server OS is updated, it is easy to maintain this file (for example, replace it with a file to which a security patch is applied).

  In addition, since the thin client OS according to the first embodiment of the present invention is an OS specialized for the thin client, it is not necessary to read device drivers for a large number of devices, so that the operation of the OS is stabilized. And high compatibility can be obtained. Furthermore, since extra device drivers are not read, it is effective in improving security. For example, by not loading a traditional serial bus driver, it becomes impossible to extract internal information through this.

Further, when the network setting is stored in the identification code unit 500, the network setting is performed according to the network setting, so that it is not possible to connect to the network in a specific place, environment, or other than the same model, thereby improving the security. .
Further, if the information for setting the network specialized for the terminal Y is stored in the identification code unit 500, the terminal Y can be immediately connected to the network without having to perform the setting of the wireless LAN, for example. An effect is produced. This makes it possible to save the user's effort even more than the technique of the prior art 1.

  In addition, the thin client OS of the present invention includes only the files necessary for the thin client, except for the code on the general-purpose OS that has the identification code unit 500 and can be a security hole (a weak point in security). This is a dedicated OS for thin clients. For this reason, it is possible to construct a server / client system that is more secure than the server / client system of prior art 2 that uses a general-purpose OS (although a general-purpose PC is used). .

The identification code unit 500 of the thin client OS according to the first embodiment of the present invention can be stored in the storage medium C so that it can be referred to in a file format. Even in this case, it is desirable that the activation control unit 210 has its own decompression algorithm and the program decryption part is encrypted so that the contents of the syncline file unit 200 cannot be immediately decoded by the identification code unit 500. .
The identification code unit 500 can also process and change the ISO image file of the optical disc. In this case, there is an effect that the manufacture of the thin client OS according to the first embodiment of the present invention becomes easy.

  In addition, the thin client OS according to the first embodiment of the present invention does not depend on a specific window manager because it only executes a full-screen display application upon user input after startup.

Furthermore, the thin client OS according to the first embodiment of the present invention automatically shuts down the PC when the user illegally switches to another task during the full-screen display application during or after startup. It is also possible to include a function for performing. At this time, if virtual storage is performed in the HDD 25, the virtual storage processing unit 130 can shut down after erasing this file or partition. As a result, it is possible to prevent data from being leaked by reading the storage contents of the virtual storage file or partition by another OS after the shutdown.
In addition, in this case, when a problem occurs in the OS and the task is switched, the server 10 is set to access the server 10 immediately after rebooting. The thin client OS according to the first embodiment of the present invention can be used without being aware of work interruption.

It should be noted that the syncline OS installed in step S107 can also be set to start directly from the HDD 25. That is, it can be set to start without the storage medium C being inserted into the optical disk device 24.
At this time, it is necessary to copy the identification code portion 500 of the storage medium C to the HDD 25 and set the HDD to be startable (active). In addition, a program for checking case intrusion or the like is added to the thin client file unit 200, or a PC case with a key is used so that the stored contents of the HDD are not tampered with, so that it can be made more secure. .

  Further, in the terminal Y according to the first embodiment of the present invention, it is also possible to start from this flash memory by using a flash memory that has been processed incapable of being additionally written instead of the storage medium C. The flash memory can be connected to an interface (not shown) such as an IDE (Hard Disk Interface) such as a USB (Universal Serial Bus) or CF (Compact Flash) card of the terminal Y. In this case as well, it is necessary to perform processing so that the contents of the flash memory are not falsified. Further, it is necessary to include a file for starting from the flash memory instead of the optical disk in the start file unit 110.

Furthermore, one or more types of gateway devices may be included between the server 10 and the terminal Y used by the user. This gateway device can be securely connected to the terminal Y using VPN (PPTP or SSL-VPN) as a gateway.
This gateway device is a VPN server and requires VPN authentication in order to connect to the server 10. Since the VPN account information (password) is not notified to the user and is stored in the identification code unit 500, a VPN session is automatically created at startup. As a result, a configuration is possible in which a terminal other than a terminal on which the thin client OS according to the embodiment of the present invention is installed cannot be connected.
Further, this gateway device receives the information of the identification code unit 500 from the terminal Y before authentication with the server 10, and if the thin client OS of the terminal Y is falsified or illegal, this gateway device The access can be disconnected and the administrator of the server 10 can be notified.
Further, it is possible to add a function of transmitting a code for stopping the OS for the thin client of this terminal through the network, and the falsified terminal Y in which the program module corresponding to the stop code remains is remotely connected. It is possible to shut down from the environment. Thereby, it becomes possible to give a strong resistance to a DoS (denial of service) attack.

<Second Embodiment>
Next, a thin client OS according to the second embodiment of the present invention will be described with reference to FIG.
The thin client OS according to the second embodiment of the present invention is different from the thin client OS according to the first embodiment in that a security hole is eliminated and a function is added after optical media is provided to the user. This is an embodiment intended to provide a file securely.
The server thin client system according to the second embodiment of the present invention is the same as the server thin client system according to the first embodiment of the present invention. That is, the CPU 31 is the CPU 21, the main storage unit 32 is the main storage unit 22, the chip set 33 is the chip set 23, the optical disc device 34 is the optical disc device 24, the HDD 35 is the HDD 25, the video card 36 is the video card 26, The network connection unit 37 is the same as the network connection unit 27. The keyboard 41 is the same as the keyboard 40, the pointing device 46 is the same as the pointing device 45, and the display unit 51 is the same as the display unit 50.
However, referring to FIG. 12, the terminal Z, which is a normal PC, further has a connection terminal such as a USB, and can read and write the flash storage medium.
The flash memory connection unit 38 is used as an interface for reading and writing the flash storage medium. The flash memory connection unit 38 is a USB, IDE interface, or the like, and can connect a corresponding flash storage medium. For example, if the flash memory connection unit 38 is USB, a flash storage medium that is a so-called “USB memory” of USB connection can be connected, and if it is an IDE interface, a flash disk, a CF card, or the like can be connected.

13A and 13B are diagrams showing the configuration of the thin client OS according to the second embodiment of the present invention.
The thin client OS according to the second embodiment of the present invention is composed of a file group such as a program and data stored separately in a storage medium D and a storage medium E. The storage medium D is an optical disk that cannot be additionally written, such as a CD-ROM, a DVD-ROM, a CD-R, or a DVD-R. The flash storage medium E is a storage medium including a flash memory such as an SD memory card, a USB memory, a CF card, or a flash memory drive.

In the storage medium D of the thin client OS according to the second embodiment of the present invention, the basic file unit 101, the basic file unit 100, the thin client file unit 201, and the present invention according to the first embodiment of the present invention. The thin client file unit 200, the file system virtualization unit 301 and the file system virtualization unit 300, the manual unit 401 and the first unit of the present invention according to the first embodiment of the present invention. The manual part 400, the identification code part 501 according to the embodiment and the identification code part 500 according to the first embodiment of the present invention are corresponding parts. Similarly, the files under the basic file unit 101 and the thin client file unit 200 are the same as the corresponding parts in the first embodiment.
In addition, the storage medium D includes a medium input / output unit 601. The medium input / output unit 601 performs operations related to reading and writing of the storage medium E at the time of activation.

The flash storage medium E of the thin client OS according to the second embodiment of the present invention includes a basic file update unit 701, a thin client file update unit 801, an update control unit 901, and an identification code unit 1001. included.
Among these, the basic file update unit 701 and the thin client file update unit 801 are each an aggregate of the basic file and various update files of the thin client file. This set of update files may be placed in a directory (for example, “IZE4 / bin”, “IZE4 / etc”, etc.) corresponding to a single file, or may be in an archive file format.
Furthermore, the update control unit 901 is a program module for updating the update file. The identification code portion 1001 serves as an identification code for the update file.
Here, except for the update control unit 901, the file group of the flash storage medium E may be compressed or / and encrypted.

Here, the file structure of the storage medium D and the flash storage medium E in which only the update file exists will be described with reference to FIG.
The storage medium D has the same file configuration as the storage medium C according to the first embodiment.
The flash storage medium E can be configured in the FAT32 format, the ext3 format, or the like, and in the example of this figure, only the IZE4 file that is a compressed / encrypted archive file exists in the “/ IZE” directory. When the flash storage medium E is, for example, an SD memory card, the identification code portion 1001 exists in a protected area that cannot be accessed by a normal file system access method. Note that the identification code unit 1001 can also be configured using output data of the fingerprint authentication device or an encrypted partition.

Hereinafter, with reference to the drawings, the operation at the time of starting the thin client OS according to the second embodiment of the present invention will be described.
First, the procedure until the thin client OS is started according to the second embodiment of the present invention is the same as the entire flowchart described in FIG.
However, the initialization of the file system corresponding to the process S105 in FIG. 3 is different because the file of the flash storage medium E is read.
Hereinafter, the file system initialization when the storage medium D and the flash storage medium E are used in combination will be described with reference to the flowchart of FIG.

First, in step S2051, a root file system is created in the same manner as in step S1051 in FIG. At this time, if the capacity of the main storage unit 32 of the terminal Z is small (for example, less than 64 megabytes) and the capacity of the flash storage medium E is set to be writable and writable, a virtual storage file is stored in the flash storage medium E. Create and use swap partitions. The virtual storage file and the swap partition can be encrypted by the identification code unit 501 or the identification code unit 1001.
Further, when the flash storage medium is a flash storage medium in consideration of security, it is possible to create a virtual storage in a part that can be accessed only by the thin client OS in the flash memory.

In step S2052, the activation option selected by the user is read in the same manner as in step S102 of FIG.
Next, in step S2053, similarly to step S1053 in FIG. 4, “IZE1” to “IZE3” are searched from the storage medium D and mounted. In addition, an IZE * file system necessary for developing “IZE1” to “IZE3” is created and mounted.
Next, in step S2054, similarly to step S1054 in FIG. 4, the activation control unit 211 executes the file system virtualization unit 301 for the root file system and the IZE * file system created in step S2051.
Next, in step S2054, as in step S1055 of FIG. 4, the activation control unit 211 reads “IZE1” to “IZE3” from the storage medium D, decodes them by the identification code unit 501, and duplicates the main storage unit Deploy on 22 ISE * file systems.

In step S2056, the medium input unit 601 searches for the file on the flash storage medium E and mounts it as “/ media”. Further, it is verified whether the mounted file is a regular differential file group.
In this verification, it can be verified by checking whether the information related to the key in the information of the identification code portion 501 and the content of the identification code portion 1001 of the flash storage medium E is the same when the hash function is used. That is, the identification code part 1001 contains a hashed capacity or checksum of the flash medium using the key of the identification code part 501, and this is recognized by the medium input part 601 and the identification code part 1001. It is possible to verify whether or not the contents of the flash storage medium E have been tampered with by decrypting together with additional keywords included in the above.

  Next, it is determined in step S2057 whether or not the flash storage medium E has been successfully mounted. If “YES” here, that is, if the mounting is successful and the file on the flash storage medium E is a regular file, the activation control unit 211 advances the process to the next step 2058. However, if “NO”, that is, the flash storage medium E is not present, or the file content of the flash storage medium E is not a regular one and has been falsified, the activation control unit 211 performs the process in step S2060. In the same manner as in the first embodiment of the present invention, the process starts only from the file of the storage medium D such as an optical disk medium.

In step S2058, a file system (hereinafter referred to as “media file system”) for expanding the file on the flash storage medium E is created and mounted. In the media file system, “size4” is expanded. Further, the file system virtualization unit 301 is executed for this file system. Thereafter, the file system can be accessed in the hierarchical order of “media file system”-> “IZE * file system”.
In step S2059, the update control unit 901 expands the basic file update unit 701 and the thin client file update unit 801 in the corresponding directories of the media file system. Here, when the file of the flash storage medium E is compressed or / and encrypted, the content of the identification code unit 1001 and / or the content of the identification code unit 501 can be used for decryption. .

Thereafter, in step S2060, various setting files are initialized. In this initialization, the original file of the setting file in the flash storage medium E is naturally used with priority.
This completes the steps related to the file system initialization of the thin client OS according to the second embodiment of the present invention.

  The subsequent startup and OS operation are the same as the startup of the thin client OS according to the first embodiment of the present invention.

With the configuration described above, it is possible to realize a thin client OS in which an update program is further incorporated by using the storage medium D such as an optical disk as a key.
In other words, it is not possible to eliminate security holes such as the latest security patch and add functions such as an update corresponding to the latest OS update by using only the storage medium D. However, this can be achieved by adding the difference file of the flash storage medium E.
This difference file may be distributed directly to the user by the OS vendor, or may be downloaded from a server on the Internet after user authentication.

The update of the thin client OS according to the second embodiment of the present invention described above is more secure because the storage medium D has the identification code unit 501 and the flash storage medium E has the identification code unit 1001. Is possible.
In addition, when the thin client OS decrypted by the identification code unit 501 and the identification code unit 1001 is connected to the server, it is possible to further authenticate the server, and thus the modified difference Even if a file group is available, it is possible to immediately take measures such as connection prohibition.

Further, by using an optical medium such as a CD-ROM and a flash storage medium in combination, it is not necessary to update the storage medium distributed by the CD-ROM so far every year. In particular, in the present invention, since the optical medium has a configuration close to a custom made with an identification code portion, the effect of reducing the cost of manufacturing the storage medium is great. Furthermore, since unnecessary media is not required, it contributes to environmental protection.
In addition, in the first embodiment of the present invention, the storage medium C can be a flash storage medium such as a USB memory. However, in the case of an old PC, it may not be possible to start from the USB memory. is there. Here, in the thin client OS according to the second embodiment of the present invention, by using it together with the storage medium D such as a CD-ROM, it can be booted from a PC that cannot be USB booted. Furthermore, user convenience can be improved.

  Further, in the case of a PC with a small amount of memory, by creating a virtual memory in a flash storage medium, it is possible to use the thin client OS more securely than when creating a virtual memory in a fixed disk device of the PC. That is, by removing the flash storage medium E after use of the PC and placing it in a safe place, no data is lost from the contents of the virtual storage. Furthermore, even when a virtual memory is created in a part accessible only by the thin client OS in the flash memory, data loss from the contents of the virtual memory can be prevented.

As an application for creating the virtual memory in the flash storage medium described above, after startup, only the virtual memory in the flash memory is used as user data or memory for the application, and the main storage unit 22 of the terminal Z is not used. An OS for a memoryless thin client can be created. In this case, the flash storage medium is desirably a high-speed storage medium such as a flash disk or a high-speed SD card. In addition, since the flash memory has a limited number of times of writing, it is desirable to manage when a part of the flash storage medium is damaged.
Further, since the flash memory does not have a high writing speed, it is possible to incorporate a high-speed RAM such as a DRAM and this control circuit exclusively for virtual storage in the flash storage medium. In this case, the flash storage medium is preferably connected to a high-speed bus such as a PCI-EXPRESS bus.
As a result, all the exchanges between the user and the server can be performed through a secure route, so that the outflow of information can be reduced to the utmost in a thin client system using a general-purpose PC as a terminal.

In addition, in the thin client OS according to the second embodiment of the present invention, the version management of the kernel, other modules, etc. is extremely possible by reading the difference file using the file system virtualization on the flash storage medium. The advantage is that it can be easily performed. Thereby, the update by the difference file can be performed without worrying about the dependency of various files. In other words, for example, it is possible to partially update the file including the system file without breaking the dependency relationship of the package, which is not good with Linux (registered trademark). Further, for example, even a program that depends on a so-called distribution can be used and updated without much awareness of the file tree.
Further, since the original thin client OS file is a storage medium that cannot be additionally written, there is a possibility that the state of the file has been updated by the user and changed as with a normal OS installed in an HDD or the like. There is no need to consider. Therefore, it is easy for the OS provider to verify the update, and the stability of the thin client OS can be further improved.
The above-described mechanism can be applied to all programs such as anti-virus software that write an identification code on a bootable optical medium and read a difference file using this as a key.

  In addition, when displaying the startup menu, a configuration in which the startup menu stored in the flash storage medium is displayed instead of the optical medium such as a CD-ROM is also possible. Furthermore, activation can be performed from the flash storage medium.

FIG. 17 shows an example of the file structure of the storage medium when starting from the flash storage medium. Referring to FIG. 17, in addition to “size4”, files necessary for activation from the flash memory in addition to files on the optical medium are stored in a part including “/ boot”. Even in this case, the file can be expanded using the identification part of the optical storage medium as a key.
Further, even in this case, similarly to the case where activation is not performed from the flash storage medium, file access after UNIFS adaptation can be hierarchically accessed in the order of “media file system”-> “IZE * file system”.
In order to speed up startup, it is conceivable that only the decryption key is read from the optical medium and all the remaining files are expanded from the files in the flash storage medium. The “file system” is almost empty.

  Furthermore, when only a single flash storage medium is used, for example, the partition is divided into two or more, the basic file is read-only, stored in the first partition, and the differential file can be written. A configuration in which the data is stored in the second partition is also possible. In other words, the contents stored in the above-described optical medium are stored in the first partition, and the contents stored in the flash storage medium are stored in the second partition.

  Also, in step S2056 in which the flash storage medium is mounted and the update file is searched and verified, if the flash storage medium E cannot be mounted or if it is a tampered update file, the PC is set to shut down or stop. It is also possible to do. As a result, the flash storage medium E can be used like a USB dongle (physical key for preventing unauthorized copying), for example.

Further, when expanding the flash media E, it is possible to directly expand the file on the IZE * file system without using the media file system. This case is particularly effective when it is desired to reduce the memory usage.
Further, as a variation related to the mounting of the flash medium E described above, when the contents of the storage medium E are expanded to the ISE * file system (step S *), the contents of the identification code portion 1001 may be decrypted as a key. Is possible. In this case, the development of the “IZE1” to “IZE3” files in the ISE * file system in step S2054 is after the search and mount (steps S2056 to S20 *) of the flash storage medium E. Here, it is desirable that the files on the flash storage medium E be expanded after the “IZE1” to “IZE3” files are expanded. However, when the media file system is used, it can be performed in the same manner as the above-described flowchart.

  Also in the second embodiment of the present invention, it is possible to install a gateway device between a server (not shown) and the terminal Z. In this case, the gateway device has an identification code unit 501 and an identification code. The contents of the unit 1001 can be checked at the same time, which makes it more secure.

  Furthermore, regarding the thin client OS according to the first embodiment and the second embodiment of the present invention, it has been described that public key encryption may be used for encryption of a storage medium. Since there is a case where it operates with one medium and the implementation becomes simple, it is possible to use a common key encryption.

  Note that the configuration and operation of the above-described embodiment are examples, and it is needless to say that the configuration and operation can be appropriately changed and executed without departing from the gist of the present invention.

It is a conceptual diagram of the server thin client system based on the 1st Embodiment of this invention. It is a block diagram of the terminal Y based on the 1st Embodiment of this invention. It is a block diagram of OS for thin clients based on the 1st Embodiment of this invention. It is a flowchart of the whole starting procedure of OS for thin clients based on the 1st Embodiment of this invention. It is a flowchart of the file system initialization based on the 1st Embodiment of this invention. It is a flowchart of the hardware recognition based on the 1st Embodiment of this invention. It is a figure which shows the starting menu screen based on the 1st Embodiment of this invention. It is a figure which shows the installation screen based on the 1st Embodiment of this invention. It is a figure which shows the screen of a splash based on the 1st Embodiment of this invention. It is a figure which shows the screen as which the wallpaper file based on the 1st Embodiment of this invention was displayed. It is a figure which shows the option after completion | finish of a full-screen display application based on the 1st Embodiment of this invention. It is a figure which shows the login screen connected with a server in WT structure based on the 1st Embodiment of this invention. It is a figure which shows the file structure on the optical media C based on the 1st Embodiment of this invention. It is a figure which shows the file structure at the time of performing file system virtualization based on the 1st Embodiment of this invention. It is a figure which shows the structure of the terminal Z based on the 2nd Embodiment of this invention. It is a block diagram of the storage medium D of OS for thin clients based on the 2nd Embodiment of this invention. It is a block diagram of the flash storage medium E of OS for thin clients based on the 2nd Embodiment of this invention. It is a flowchart of the file system initialization based on the 2nd Embodiment of this invention. It is a figure which shows the file structure on the flash storage medium based on the 2nd Embodiment of this invention. It is a figure which shows the file structure at the time of performing file system virtualization based on the 1st Embodiment of this invention. It is a figure which shows the file structure at the time of starting from a flash storage medium based on the 2nd Embodiment of this invention.

Explanation of symbols

5 Network unit 10 Servers 20-1 to 20-n Terminals 21, 31 CPU (control means)
22, 32 Main memory (Main memory)
23, 33 Chipset 24, 34 Optical disk device 25, 35 HDD
26, 36 Video card 27, 37 Network connection unit (network connection means)
38 Flash memory connection unit 40, 41 Keyboard 45, 46 Pointing device 50, 51 Display unit 100, 101 Basic file unit (basic file means)
110, 111 Startup file part 120, 121 Startup menu part 130, 131 Virtual storage processing part 200, 201 Thin client file part (Thin client file means)
210, 211 Start control unit (start control means)
220, 221 Full-screen task switching prevention unit 230, 231 Splash image unit 240, 241 Server OS dependent unit 300, 301 File system virtualization unit (file system virtualization means)
400, 401 Manual unit 500, 501 Identification code unit 601 Medium input unit 701 Basic file update unit 801 Thin client file update unit 901 Update control unit 1001 Identification code unit 1500 Animation 1510 Progress bar X Server / thin client system Y, Z terminal (Thin client)
C, D Storage media (optical disc)
E Flash storage media (Flash storage media)

Claims (29)

An operating system for a thin client comprising control means, main storage means, and network connection means,
Basic file means,
Including thin client file means and file system virtualization means,
The thin client file means includes:
Start control means;
An operating system for a thin client, comprising: full-screen task switching prevention means. The file group included in the basic file means is:
2. The thin client operating system according to claim 1, wherein the operating system is created from a file group included in the general-purpose operating system. By the file system virtualization means,
The file group included in the thin client file means is
3. The thin client operating system according to claim 1, wherein access is made with the same file name as a file group included in the basic file means. The file group included in the thin client file means is:
Files independent of the server operating system,
4. The thin client operating system according to claim 1, further comprising a file group depending on a server operating system. The file group included in the thin client file means is:
Encrypted or compressed when stored on storage media,
5. The thin client operating system according to claim 1, wherein decryption is performed when reading into the main storage unit when the thin client is activated.   6. The thin client operating system according to claim 1, wherein a file group of the basic file means and the thin client file means is stored in a storage medium that cannot be additionally written.   7. The thin client operating system according to claim 6, wherein an identification code is further stored for each storage medium in the non-addable storage medium.   The thin client operating system according to claim 6 or 7, wherein the non-recordable storage medium is an optical disk.   The thin client operating system according to any one of claims 6 to 8, wherein the start control means identifies and decrypts the storage medium that cannot be additionally written. It further includes an update difference file means of a basic file means and / or a thin client file means,
By the file system virtualization means,
10. The file group included in the update difference file unit is accessed with the same file name as the file group of the basic file unit and / or the thin client file unit. Operating system for thin clients as described in.   11. The thin client operating system according to claim 10, wherein the file group of the update difference file means is stored in a storage medium capable of changing storage contents.   12. The thin client operating system according to claim 10 or 11, wherein the storage content changeable storage medium further stores an identification code for each storage medium.   13. The thin client operating system according to claim 12, wherein the storage medium whose storage contents can be changed is a flash storage medium.   14. The thin client operating system according to claim 12, wherein the activation control unit performs decryption using an identification code of the storage medium whose storage contents can be changed.   15. The thin client operating system according to claim 1, wherein only the main storage means is used after the start-up is completed.   16. The thin client operating system according to claim 11, wherein virtual storage is created in the external storage means of the thin client further including external storage means.   16. The thin client operating system according to claim 11, wherein a virtual storage is created on the storage medium capable of changing the storage content.   18. The thin client operating system according to claim 16 or 17, wherein the main storage means is not used after the activation is completed, and the storage medium capable of changing the stored contents is used as a temporary storage means.   19. The thin client according to claim 11, further comprising a main storage unit in the storage medium in which the storage contents can be changed instead of the main storage unit of the thin client. For operating system. The activation control means includes
20. The thin client according to claim 1, wherein the thin client is a start control means for preventing a character or a cursor from being displayed on a screen as a start sequence of an operating system and displaying a graphic image. operating system.   The full-screen task switching preventing means enables a user to operate the thin client only from a task displayed by a graphical user interface on a full screen of a display means connected to the thin client. 21. The thin client operating system according to any one of 1 to 20.   The thin client operating system according to any one of claims 1 to 21, wherein the thin client is a personal computer.   23. A thin client device that executes the thin client operating system according to any one of claims 1 to 22.   24. The thin client device according to claim 23, wherein the thin client operating system is executed by a personal computer.   23. The identification code and / or the stored contents of the storage medium that cannot be additionally written are connected between the server device and the thin client operating system according to any one of claims 7 to 22. A gateway device that authenticates an identification code of a simple storage medium as a secret key. A server device running a server operating system; and
Network means;
A thin client device,
In the thin client device,
Basic file means,
Including thin client file means and file system virtualization means,
The thin client file means includes:
Start control means;
A server / thin client system characterized by executing a thin client operating system including a full-screen task switching prevention means. Starts from a storage medium that cannot be appended at startup,
A method for executing an operating system for a thin client, characterized in that an additional or differential file stored in a storage medium capable of changing contents is accessed by a file system virtualization means with the same file name. The installer installs the thin client files included in the storage medium that cannot be added to the external storage means of the thin client,
When starting up, it starts up from the file group for thin clients installed in the external storage means,
A method for executing an operating system for a thin client, wherein the external storage means is not used after startup. The installer installs the thin client files included in the storage medium that cannot be added to the external storage means of the thin client,
In the external storage means, the installer further installs an additional or differential file using a storage medium whose contents can be changed,
Start from a storage medium that cannot be appended at startup,
Next, start the thin client file group installed in the external storage means,
A method for executing an operating system for a thin client, characterized in that user authentication with a server is performed using an identification code of a storage medium that cannot be additionally written.

Images