JP7087472B2 - Take-out management program, take-out management method, take-out management device and device - Google Patents

Description

The present invention relates to a take-out management program, a take-out management method, a take-out management device and a device.

Conventionally, in order to prevent theft or loss of a portable personal computer or tablet, it has been widely used to fix and install it on a desk or a predetermined place using a security wire. On the other hand, there are many cases where personal computers are taken out and used, and in consideration of measures against information leakage, loss, or theft, the terminal take-out management system is used to take out the terminal and obtain a trail.

As a related prior art, there is a technique related to an anti-theft wire (see, for example, Patent Documents 1 to 3 below).

International Publication No. 2009/0691888 Japanese Unexamined Patent Publication No. 2007-255037 Japanese Patent Application Laid-Open No. 2002-297326

However, in the take-out management system in the prior art, when taking out, locking or unlocking with a security wire, operation of fixing operation to a predetermined place, and application procedure processing to the PC take-out management system become complicated, resulting in omission of work. There is a problem that mistakes are likely to occur.

In one aspect, the present invention aims to improve security and manage take-out.

In one embodiment, in controlling the take-out of the terminal device, the electronic lock operated by the electric power supplied from the terminal device is operated via the terminal provided at one end of the security wire. The locking or unlocking of the electronic lock is controlled based on the input of the password to at least one of the terminal device and the electronic lock, and the taking-out management of the terminal device is performed based on the lock or unlock status of the electronic lock. , A take-out management program, a take-out management method, a take-out management device, and a device provided with the electronic lock.

According to one aspect of the present invention, it is possible to carry out take-out management while improving security.

FIG. 1 is an explanatory diagram showing an example of an outline of a take-out management program, a take-out management method, and a take-out management device according to an embodiment. FIG. 2 is an explanatory diagram showing an example of the appearance of the security wire. FIG. 3A is a block diagram (No. 1) showing an example of a system configuration that realizes a take-out management program, a take-out management method, and a take-out management device according to an embodiment. FIG. 3B is a block diagram (No. 2) showing an example of a system configuration that realizes a take-out management program, a take-out management method, and a take-out management device according to an embodiment. FIG. 4 is a block diagram showing an example of the hardware configuration of the protected / managed personal computer (PC). FIG. 5 is a block diagram showing an example of the hardware configuration of the device. FIG. 6 is a block diagram showing an example of the hardware configuration of the PC take-out management system (Web server). FIG. 7 is a block diagram showing an example of the functional configuration of the protected / managed PC. FIG. 8 is a block diagram showing an example of the functional configuration of the device. FIG. 9 is a flowchart showing an example (No. 1) of the processing procedure of the protected / managed PC. FIG. 10 is a flowchart showing an example (No. 2) of the processing procedure of the protected / managed PC. FIG. 11 is a flowchart showing an example (No. 3) of the processing procedure of the protected / managed PC. FIG. 12 is a flowchart showing an example (No. 1) of the device processing procedure. FIG. 13 is a flowchart showing an example (No. 2) of the device processing procedure. FIG. 14 is a flowchart showing an example (No. 1) of the processing procedure executed by the program for linking the state of the PC take-out management system. FIG. 15 is a flowchart showing an example (No. 2) of the processing procedure executed by the program for linking the state of the PC take-out management system. FIG. 16 is an explanatory diagram showing an outline of the overall operation.

Hereinafter, embodiments of the take-out management program, take-out management method, take-out management device, and device according to the present invention will be described in detail with reference to the drawings.

(Embodiment)
FIG. 1 is an explanatory diagram showing an example of an outline of a take-out management program, a take-out management method, and a take-out management device according to an embodiment. FIG. 1 shows a state of “take-out” and a state of “take-out” of a terminal device (PC (Personal Computer)) such as a personal computer.

In FIG. 1, the state in which the protected / managed personal computer (PC) 100 shown on the upper side is not locked by the security wire 101 (the electronic lock of the device 103 of the security wire 101 is unlocked) is ". It is in the state of "taking out the PC". As can be seen from FIG. 1, in the "PC take-out" state, the device 103 of the security wire 101 is not connected to the security slot 111. Further, the USB terminal 105 connected to the device 103 via the USB connection cable 104 is not connected to the USB (Universal Serial Bus) port 112. In this state, the user can take out the protected / managed PC 100.

On the other hand, the state in which the protected / managed PC 100 is locked by the security wire 101 (the electronic lock of the security wire 101 is locked), which is shown on the lower side of FIG. 1, is the state of “PC take-out”. Locking with the security wire 101 is performed by the following procedure.

Wrap the wire portion 102 of the security wire 101 around a leg such as a desk. Next, the hook of the electronic lock (hook 201 shown in FIG. 2) of the device 103 provided at one end of the security wire 101 is inserted into the security slot 111 of the protected / managed PC 100, and the USB terminal 105 is inserted into the USB port 112. By connecting, power is supplied to the device 103. The USB plug-and-play function displays a PIN code input screen on the protected / managed PC100, and the user inputs the PIN code.

Here, if the correct PIN code is input, the protected / managed PC 100 activates the security wire 101 as a device (device recognition). Along with this, the hook 201 is activated and the security wire 101 cannot be pulled out from the security slot 111. This completes the lock. In the locked state, the user cannot take out the protected / managed PC100.

Further, by detecting that the security wire 101 is in the device recognition state, it is possible to recognize that the protection / management target PC 100 is in the "take-out state" and protect and manage the protection / management target PC 100. ..

In order to return to the "PC take-out" state in the "PC take-out" state, the user causes the protected / managed PC 100 to display the PIN code input screen and inputs the PIN code. When the correct PIN code is input, the protected / managed PC 100 puts the security wire 101 in an invalidated state (device disconnection) as a device. Along with this, the hook 201 operates in the direction opposite to that when it is locked, and the security wire 101 can be pulled out into the security slot 111.

As a result, the lock is released, and the user pulls out the device 103 (hook 201) from the security slot 111 and pulls out the USB terminal 105 from the USB port 112. In this state, the user can take out the protected / managed PC 100.

Further, by detecting that the security wire 101 is in the device detached state, it is possible to recognize that the protected / managed PC 100 is in the "take-out state" and manage the protected / managed PC 100.

In this way, the security wire 101 is device-authenticated (enabled) using the USB port 112 of the protected / managed PC 100 to lock the electronic lock and recognize the take-out state. Further, by disconnecting (invalidating) the device of the security wire 101, the electronic lock is unlocked and the take-out state is recognized. Then, by performing device authentication (validation) and device disconnection (invalidation) using a PIN code, it is possible to more easily protect the protection / management target PC100 such as theft / loss prevention, and also to protect / manage the protection target. Appropriate management of the PC100 can be performed.

(Example of appearance of security wire)
FIG. 2 is an explanatory diagram showing an example of the appearance of the security wire. In FIG. 2, the security wire 101 is provided from the wire portion 102, the device 103 fixed to one end of the wire portion 102 so as not to be removable, and the USB connection cable 104 to which the device 103 and the USB terminal 105 are connected. It is composed.

The wire portion 102 is made of an anti-theft wire, and is made of a metallic material that cannot be easily cut or broken. One end of the wire portion 102 on the opposite side to which the device 103 is fixed has a loop shape. When using the security wire 101, as shown in FIG. 1, after winding the wire portion 102 around a place to be fixed such as a desk leg, the device 103 is passed through the ring portion at the tip of the wire portion 102. After that, connect to the protected / managed PC 100 (security slot 111).

In this way, the protected / managed PC 100 can be connected to the security wire 101 so as not to be separated from the fixed desk. In this state, the protected / managed PC100 cannot be taken out from the spot.

The device 103 includes a hook 201, a display unit 202, and a plurality of key switches 203. Specifically, the hook 201 is composed of a pair of key-shaped members. By operating the key-shaped members so as to be separated from each other, the key-shaped members are configured to be caught in the protruding portion of the security slot 111 and fitted into the security slot 111.

The display unit 202 can display various display contents on the device 103 in addition to the PIN code input screen. Further, the key switch 203 can be used not only for inputting a PIN code but also for inputting various instructions to the device 103.

(System configuration example)
3A and 3B are block diagrams showing an example of a system configuration that realizes a take-out management program, a take-out management method, and a take-out management device according to an embodiment. FIG. 3A shows a state in which the device 103 and the PC take-out management system (Web server) 300 are not connected to the protected / managed PC 100.

In FIG. 3A, the protected / managed PC 100 can be connected to the PC take-out management system (Web server) 300 via the LAN cable 111. Specifically, by inserting the LAN connection terminal 312 connected to the LAN cable 311 into the LAN port 313, the protected / managed PC 100 and the PC take-out management system (Web server) 300 are connected.

The LAN port 313 is a general network connection port for connecting the protected / managed PC 100 to the network, and can be connected to the PC take-out management system 300 on the network (not shown) via the LAN port 313. can.

The PC take-out management system (Web server) 300 is a software system for taking out portable equipment, applying for take-out, and centrally managing the status of the equipment. The PC take-out management system 300 is configured by, for example, a Web server.

The PC take-out management system (Web server) 300 can mainly provide the following functions. For example, by applying from a user of the PC 100, it is possible to take out / take out the PC 100 and manage the state of the PC 100. In addition, the application from the user can be linked with a database such as pre-registered or external organization information and personnel information, and the approval process of the manager can be obtained by a predetermined workflow process. .. In addition, the history of this approval and the validity / invalidity of the application are recorded, and the status is managed. Further, it may have a function of acquiring a list of files in the PC 100 at the time of taking out the PC and at the time of taking out, and checking the difference at the time of taking out.

Specifically, the protected / managed PC 100 is a portable terminal device such as a notebook PC or a tablet terminal device. Further, it may be a tower type PC or other desktop type information processing apparatus.

The protected / managed PC 100 has a LAN port 313, a security slot 111, and a USB port 112, which are also shown in FIG. The security slot 111 is a slot into which the hook 201 is inserted in order to connect and fix the security wire 101.

The USB port 112 is a port for enabling an external USB connection device. Specifically, it is a connection port of a USB interface provided as standard in a PC. By connecting the security wire 101 to the USB port 112, the USB port 112 supplies power to the security wire 101 (device 103).

Further, the protected / managed PC 100 has an operating system software (OS) 301, a Web browser 302, and a PC take-out management system state cooperation program 303.

The operating system software (OS) 301 controls the entire protected / managed PC100 and other programs and drivers. Specifically, the OS 301 is composed of, for example, Windows (registered trademark), Linux (registered trademark), Android (registered trademark), macOS (registered trademark), and the like.

The Web browser 302 is a user agent for using the Web (World Wide Web). Specifically, the Web browser 302 is composed of, for example, Internet Explorer (registered trademark), Microsoft Edge (registered trademark), Google Chrome (registered trademark), and the like.

The PC take-out management system status linkage program 303 cooperates with the PC take-out management system (Web server) 300 to take out the protected / managed PC 100, apply for take-out, and manage the status of the protected / managed PC 100. This is a program that collects information from the above and sends the collected information to the PC take-out management system (Web server) 300 via the LAN cable 311.

By executing the PC take-out management system status linkage program 303, the take-out / take-out of the protected / managed PC 100 is determined by the connection status (mount) of the security wire 101, and the PC take-out management system 300 is notified of the predetermined status. And can be processed.

FIG. 3B shows a state in which the device 103 and the PC take-out management system (Web server) 300 are connected to the protected / managed PC 100. In FIG. 3B, the protected / managed PC 100 includes an operating system software (OS) 301, a Web browser 302, a PC take-out management system status linkage program 303, a security wire key decryption program (PIN setting program) 304, and a driver. It has 305 and.

When the device 103 of the security wire 101 is connected via this port, the USB port 112 recognizes the device as a general-purpose input / output device (similar to a USB keyboard and mouse) by the plug and play function of the OS 301. When the device is recognized, the identification key (PIN information) for unlocking is set and the security wire key decryption program (PIN setting program) 304 and the driver 305 are installed on the protected / managed PC 100 through this port.

Further, in FIG. 3B, the security slot 111 shows a state in which the hook 201 of the electronic lock provided on the device 103 is locked. After the hook 201 is inserted into the security slot 111 in the closed state, the hook 201 is moved in a direction away from each other by the locking operation of the electronic lock so as to be hooked on the claw portion of the security slot 111 and locked. Is done. In this state, the electronic lock cannot be removed from the security slot 111.

In this way, the protected / managed PC 100 recognizes the USB-connected security wire 101 as a device. Then, by executing the security wire key decryption program (PIN setting program) 304, switching between the device recognition (enabled) state and the device disconnection (disabled) state by the input of the PIN coat is controlled. The device 103 of the security wire 101 can control the locking / unlocking of the electronic lock based on the enabled / disabled state of the device recognition.

In addition, by executing the PC take-out management system state linkage program 303, the protection / management target PC 100 in the PC take-out management system (Web server) 300 is taken back based on the enabled / disabled state of device recognition. And manage take-out.

(Hardware configuration example of PC100)
FIG. 4 is a block diagram showing an example of the hardware configuration of the protected / managed personal computer (PC). In FIG. 4, the protected / managed PC 100 includes a CPU (Central Processing Unit) 401, a memory 402, a network I / F (Interface) 403, a USB I / F 404, an input device 405, and a display 406. Have. Further, each component is connected by a bus 400.

Here, the CPU 401 controls the entire protection / management target PC 100. The memory 402 includes, for example, a ROM (Read Only Memory), a RAM (Random Access Memory), a flash ROM, and the like. Specifically, for example, a flash ROM or ROM stores various programs, and RAM is used as a work area of the CPU 401. By loading the program stored in the memory 402 into the CPU 401, the coded process can be executed by the CPU 401.

The network I / F 403 is connected to a network such as the Internet (not shown) through a communication line, and is connected to another device (PC take-out management system (Web server) 300 or the like) via the network. Then, the network I / F 403 controls the interface between the network and the inside of the own device, and controls the input / output of data from other devices. For the network I / F 403, for example, a modem, a LAN adapter, or the like can be adopted.

The USB I / F 404 is an interface based on the bus standard of the universal serial bus for connecting peripheral devices (devices), and controls the interface with the connected device via the USB port 112, from the device. Controls the input and output of data. Further, the USB I / F 404 controls the power supply (power supply) to the connected device.

The input device 405 is used for inputting various information including a PIN code. Specifically, the input device 405 includes various devices such as a keyboard, a pointing device, and a display. In addition, the display 406 displays various information. The display includes a liquid crystal display, an organic EL, and the like.

(Hardware configuration example of device 103)
FIG. 5 is a block diagram showing an example of the hardware configuration of the device. In FIG. 5, the device 103 includes a microcomputer 501, a memory 502, a hook drive mechanism 503, a USB I / F 504, a display 505, and a key switch 506. Further, each component is connected by a bus 500.

The microcomputer 501 controls the entire device 103. The memory 502 includes, for example, a ROM, a RAM, and the like. The microcomputer 501 can execute the process coded by the program stored in the memory 502.

The hook drive mechanism 503 drives the hook. Specifically, the hook is driven only when a drive signal is input by using a gear or a magnetic force, and the hook is fixed so as not to move in other cases.

The USB I / F 504 controls the interface with the connected PC via the USB terminal 105, and controls the input / output of data from the PC. Further, the USB I / F 504 receives power supply (power supply) from the connected PC.

The display 505 constitutes the display unit 202 shown in FIG. The display includes a liquid crystal display, an organic EL, and the like. Further, the key switch 506 constitutes the key switch 203 shown in FIG. Although not shown, the key switch 506 may be realized by a touch panel provided on the display 505.

(Hardware configuration example of PC take-out management system (Web server) 300)
FIG. 6 is a block diagram showing an example of the hardware configuration of the PC take-out management system (Web server). In FIG. 6, the PC take-out management system (Web server) 300 has a CPU 601, a memory 602, a network I / F603, a recording medium I / F604, and a recording medium 605. Further, each component is connected by a bus 600.

Here, the CPU 601 controls the entire PC take-out management system (Web server) 300. The memory 602 includes, for example, a ROM, a RAM, a flash ROM, and the like. Specifically, for example, a flash ROM or ROM stores various programs, and RAM is used as a work area of CPU 601. The program stored in the memory 602 can be loaded into the CPU 601 to cause the CPU 601 to execute the coded process.

The network I / F603 is connected to a network such as the Internet through a communication line, and is connected to another device (protected / managed PC100, other server, database, or other system) via a network (not shown). To. The network I / F 603 controls the interface between the network and the inside of the own device, and controls the input / output of data from other devices. For the network I / F603, for example, a modem, a LAN adapter, or the like can be adopted.

The recording medium I / F 604 controls read / write of data to the recording medium 605 according to the control of the CPU 601. The recording medium 605 stores the data written under the control of the recording medium I / F 604. Examples of the recording medium 605 include a magnetic disk and an optical disk.

The PC take-out management system (Web server) 300 may have various devices such as an SSD (Solid State Drive), a keyboard, a pointing device, and a display, in addition to the above-mentioned components.

(Example of functional configuration of PC100)
FIG. 7 is a block diagram showing an example of the functional configuration of the protected / managed PC. In FIG. 7, the protection / management target PC 100 includes a reception unit 701, a storage unit 702, a PIN code reception unit 703, a determination unit 704, a state change unit 705, a transmission unit 706, and a power supply control unit 707. It is configured to have a connection monitoring unit 708. The control unit of the PC 100 can be configured by each of these components 701 to 708.

The receiving unit 701 receives the driver 305 from the device 103, and sends the received driver 305 to the storage unit 702. Further, the receiving unit 701 receives the PIN setting program 304 from the device 103, and sends the received PIN setting program 304 to the storage unit 702. Further, the reception unit 701 may receive the PIN code sent from the device. Then, at the time of the initial setting, the received PIN code is sent to the storage unit 702. Except for the initial setting, the received PIN code is sent to the judgment unit 704.

Specifically, the receiving unit 701 has a function thereof, for example, by causing the CPU 401 to execute a program stored in the memory 402 or the like shown in FIG. 4, or by using a network I / F403, a USB I / F404, or the like. Can be realized.

The storage unit 702 installs the driver 305 sent from the reception unit 701 and stores it in a predetermined storage area. Further, the storage unit 702 installs the PIN setting program 304 sent from the reception unit 701 and stores it in a predetermined storage area. Further, the PIN code received from the receiving unit 701 may be stored in a predetermined storage area as an authentication PIN code. Specifically, the storage unit 702 can realize its function by, for example, the memory 402 shown in FIG.

The PIN code receiving unit 703 accepts input by the user of the PIN code used as the password of the electronic lock. Specifically, the PIN code receiving unit 703 can realize its function by, for example, the input device 405 shown in FIG.

At the time of initial setting, the PIN code that has received the input is sent to the storage unit 702. Except for the initial setting, the PIN code that accepted the input is sent to the judgment unit 704. The storage unit 702 stores the PIN code sent from the PIN code reception unit 703 in a predetermined storage area of the PIN code for authentication. The authentication PIN code is sent to the transmission unit 706, and the transmission unit 706 transmits the authentication PIN code to the device 103.

The determination unit 704 determines whether or not the PIN code input received by the PIN code reception unit 703 or the PIN code received by the reception unit 701 matches the normal PIN code stored in the storage unit 702. To judge. Specifically, the determination unit 704 can realize its function by causing the CPU 401 to execute the program stored in the memory 402 or the like shown in FIG. 4, for example.

The state change unit 705 can change the state of the device 103 equipped with the electronic lock from the available state (recognition state) to the detached state or from the detached state based on the determination by the determination unit 704 that the device 103 matches. Change to the state. Then, the information regarding the changed state of the device 103 is stored (retained). It should be noted that the storage may be stored in a predetermined area of the storage unit 702. Specifically, the state changing unit 705 can realize its function by causing the CPU 401 to execute the program stored in the memory 402 or the like shown in FIG. 4, for example.

More specifically, the state changing unit 705 holds the current state of the device 103, and if the held current state of the device 103 is available, the state changing unit 705 shifts to the disconnected state when receiving the matching signal. change. On the other hand, if the current state of the device 103 is the disconnected state, when the matching signal is received, the device 103 is changed to the usable state. In this way, each time a matching signal is received, the available state and the disconnected state are switched.

When the state of the device is changed by the state change unit 705, the transmission unit 706 transmits a signal to that effect to the device. As the signal to be transmitted, either "available → change to detachable" or "disconnect → change to available" is transmitted. Alternatively, the signal "changed" may be simply transmitted. The device may be configured to simply invert the hook state by receiving a "changed" signal.

Specifically, the transmission unit 706 has a function thereof, for example, by causing the CPU 401 to execute a program stored in the memory 402 or the like shown in FIG. 4, or by using a network I / F403, a USB I / F404, or the like. Can be realized.

The power supply control unit 707 controls power supply to the connected device. Specifically, the power supply control unit 707 can realize its function by causing the CPU 401 to execute the program stored in the memory 402 or the like shown in FIG. 4, for example.

The power supply control unit 707 starts power supply when the USB terminal 105 is connected to the USB port 112, and ends power supply when the USB terminal 105 is removed from the USB port 112. Further, the power supply control unit 707 may control the start and end of power supply based on the state of the protected / managed PC 100 even when the USB terminal 105 is connected to the USB port 112.

The connection monitoring unit 708 monitors whether or not the power supply control unit 707 is supplying power to the device 103, specifically, whether or not the USB terminal 105 is disconnected from the USB port 112. Then, the monitoring result is sent to the judgment unit 704. Specifically, the connection monitoring unit 708 can realize its function by causing the CPU 401 to execute the program stored in the memory 402 or the like shown in FIG. 4, for example.

The determination unit 704 refers to the monitoring result sent from the connection monitoring unit 708 when determining whether or not the PIN code matches the normal PIN code stored in the storage unit 702. Then, the above determination may be made on the premise that the power supply control unit 707 is supplying power to the device 103 (the USB terminal 105 is connected to the USB port 112).

The state monitoring unit 709 monitors the state of the device 103 in the state changing unit 705 at a predetermined cycle. Then, when the device 103 is in a usable state in the terminal device 100, it is determined that the terminal device 100 is in a take-out state. Further, when the device 103 is in the detached state from the terminal device 100, it is determined that the terminal device 100 is in the taken-out state. The transmission unit 706 transmits information regarding the state determined by the condition monitoring unit 709 to the Web server.

Specifically, the state monitoring unit 709 causes the CPU 401 to execute a program stored in the memory 402 or the like (for example, a program for linking the state of the PC take-out management system) shown in FIG. 4, for example. The function can be realized.

(Example of functional configuration of device 103)
FIG. 8 is a block diagram showing an example of the functional configuration of the device. The device 103 includes an electronic lock control unit 800, an electronic lock 801, a storage unit 802, a transmission unit 803, a reception unit 804, a power supply control unit 805, a display control unit 806, and a display screen 807. It is composed. The control unit of the device 103 can be configured by each of these component units 801 to 807.

The electronic lock control unit 800 controls the operation of the electronic lock 801 as well as the control of the entire device 103, that is, the locking / unlocking of the electronic lock 801. For example, the electronic lock control unit 800 receives power from the connected terminal device (protected / managed target 100) via the USB terminal 105, and the device 103 becomes available in the protected / managed target 100. In that case, the electronic lock 801 is controlled to set the locked state.

Further, the electronic lock control unit 800 is, for example, from a state in which the device 103 can be used in the protected / managed PC 100 in a state where power is supplied from the connected destination protected / managed PC 100 via the USB terminal 105. When the state of disconnection from the protection / management target 100 is entered, the electronic lock 801 is controlled and set to the unlocked state. Specifically, the electronic lock control unit 800 can realize its function by causing the microcomputer 501 to execute the program stored in the memory 502 or the like shown in FIG. 5, for example.

The electronic lock 801 drives the hook 201 under the control of the electronic lock control unit 800 to lock / unlock the electronic lock. Specifically, the electronic lock 801 can realize its function by, for example, the hook 201 and the hook drive mechanism 503 shown in FIG.

The storage unit 802 stores the driver 305 that makes the device 103 recognizable so that it can be provided to the connected PC 100. Further, the storage unit 802 can provide a program for controlling the locking / unlocking of the electronic lock 801, specifically, a security wire key decryption program (PIN setting program) 304 to the connected protected / managed PC 100. Remember. Specifically, the storage unit 802 can realize its function by, for example, the memory 502 shown in FIG.

The transmission unit 803 transmits the driver 305 and the PIN setting program 304 stored in the storage unit 802 to the protected / managed PC 100 based on the control of the electronic lock control unit 800. Specifically, the transmission unit 803 can realize its function by, for example, the USB I / F 504 shown in FIG.

The receiving unit 804 receives information from the connection-destination protected / managed PC 100 indicating that the device 103 is available in the protected / managed PC 100, and sends the information to the electronic lock control unit 800. Specifically, the receiving unit 804 can realize its function by, for example, the USB I / F 504 shown in FIG.

When the electronic lock control unit 800 receives information from the reception unit 804 indicating that the device 103 is available in the protected / managed PC 100, the electronic lock control unit 800 controls the electronic lock 801 to set the locked state.

Further, the receiving unit 804 receives information from the connection-destination protected / managed PC 100 indicating that the device 103 has been disconnected from the protected / managed PC 100, and sends the information to the electronic lock control unit 800. Then, when the electronic lock control unit 800 receives information from the receiving unit 804 indicating that the device 103 has been disconnected from the protected / managed PC 100, the electronic lock control unit 800 controls the electronic lock 801 to set the unlocked state. ..

The power supply control unit 805 receives power from the protected / managed PC 100 (or a release PC described later, which is not shown) via the USB terminal 105, and controls the power supply to each component unit. Specifically, the power supply control unit 805 can realize its function by causing the microcomputer 501 to execute the program stored in the memory 502 or the like shown in FIG. 5, for example.

The display control unit 806 controls the display screen 807 to display a screen related to the operation content of the device, a PIN code input screen, and other notification screens. Specifically, the display control unit 806 can realize its function by causing the microcomputer 501 to execute the program stored in the memory 502 or the like shown in FIG. 5, for example. Further, specifically, the display screen 807 can realize its function by, for example, the display 505 shown in FIG.

The PIN code input unit 808 accepts the input of the PIN code. The PIN code is input according to, for example, the operation content displayed on the display screen 807. Specifically, the PIN code input unit 808 can realize its function by, for example, the key switch 506 shown in FIG.

Normally, in this system, the authentication PIN code is received by the PIN code receiving unit 703 of the protected / managed PC 100 and stored in both the protected / managed PC 100 and the device 703, as shown in FIG. .. Instead, the transmission unit 803 transmits the PIN code input in the PIN code input unit 808 of the device 103 to the protection / management target PC 100, so that this PIN code is used as the authentication PIN code and is the protection / management target. It may be stored in both the PC 100 (storage unit 702) and the device 703 (storage unit 802).

Further, the determination unit 704 of the protection / management target PC 100 is protected / managed by the transmission unit 803 of the device 103 in place of the PIN code input accepted by the PIN code reception unit 703 or in addition to the PIN code. Using the PIN code transmitted to the PC 100 and received by the receiving unit 701 of the protected / managed PC 100, it is determined whether or not the PIN code matches the normal PIN code stored in the storage unit 702. You may do it.

In this way, when the protected / managed PC 100 and the device 103 are connected by the USB connection cable 104, the PIN code is input from either the protected / managed PC 100 side or the device 103 side. be able to. Further, in order to enhance security, it may be performed from both the protected / managed PC100 side and the device 103 side, and it may be possible to collate whether the two match.

Thereby, the locking / unlocking of the electronic lock can be controlled based on the input of the password (PIN code) to at least one of the terminal device (protected / managed PC 100) and the electronic lock (device 103).

Further, the electronic lock control unit 800 is in a state where power is supplied via the USB terminal 105 by, for example, a terminal device other than the protection / management target PC 100 of the connection destination (for example, a release PC (not shown)). When the input of the PIN code is received from the PIN code input unit 808, the input PIN code is compared with the authentication PIN code stored in the storage unit 802. Then, if both match, the electronic lock 801 may be controlled to be set to the unlocked state. This is performed, for example, as an emergency measure when the protected / managed PC 100 fails (see the flowchart of FIG. 13 described later).

(Procedure for processing the protected / managed PC100)
9 to 11 are flowcharts showing an example of the processing procedure of the protected / managed PC. Here, the flowchart of FIG. 9 shows the contents of the process at the time of the initial setting of the device 103.

In the flowchart of FIG. 9, it is determined whether or not the device 103 (USB terminal 105) is connected to the USB port 112 (step S901). Here, waiting for the device 103 to be connected (step S901: No), and when connected (step S901: Yes), power supply to the device 103 is started (step S902). Then, the plug-and-play function starts synchronization with the device 103 (step S903).

Next, it is determined whether or not there is setting information of the device 103 (step S904). Here, if there is setting information of the device 103 (step S904: Yes), the process proceeds to step S1103 of the flowchart of FIG. 11 to be described later. On the other hand, when there is no setting information of the device 103 (step S904: No), it is determined whether or not the driver 305 transmitted by the device 103 has been received for the initial setting (step S905).

In step S905, waiting for the driver 305 to be received (step S905: No), if the driver 305 is received (step S905: Yes), the received driver 305 is installed (step S906). Next, it is determined whether or not the device-specific information transmitted by the device 103 has been received (step S907). Here, in the case of waiting for receiving the device-specific information (step S907: No) and receiving the device-specific information (step S907: Yes), the received device-specific information is provided in advance. Store in the device setting information area (step S908).

Next, it is determined whether or not the security wire key decryption program (PIN setting program) 304 transmitted by the device 103 has been received (step S909). Here, waiting for the PIN setting program 304 to be received (step S909: No), and when the PIN setting program 304 is received (step S909: Yes), the received PIN setting program 304 is installed (step S910). ). Then, as soon as the installation is completed, the installed PIN setting program 304 is started (step S911).

When the PIN setting program 304 is started, it prompts the initial registration of PIN information including the operation of inputting a PIN code (step S912). Specifically, a screen prompting the initial registration can be displayed on the display 406 to encourage the user to perform the initial registration. Then, it is determined whether or not the PIN code has been input by the user (step S913). Here, waiting for the PIN code to be input (step S913: No), and when the PIN code is input (step S913: Yes), the registration of the initial setting is confirmed (step S914).

Here, the confirmation process includes a process of registering an authentication PIN code by storing the input PIN code information in a predetermined area, and a process of setting the state of the device 103 to the device recognition state (validation state). included.

Next, the registered PIN code information is transmitted to the device 103 (step S915). As a result, the device 103 can know the PIN code information input by the user, and the PIN code information is stored in the storage unit 802 of the device 103 (see step S1207 of the flowchart of FIG. 12 described later). .. Further, the device authentication signal is transmitted to the device 103 (step S916). After that, the process proceeds to step S1001 in the flowchart of FIG.

The flowchart of FIG. 10 shows the contents of the process when the registration of the initial setting of the device 103 is completed and the protected / managed PC 100 in the take-out state is changed to the take-out state.

In the flowchart of FIG. 10, it is determined whether or not the device 103 (USB terminal 105 of the device 103) is disconnected from the USB port 112 (step S1001). Here, when the device 103 is not disconnected (step S1001: No), it is next determined whether or not the power of the protected / managed PC 100 is turned off (step S1002). Here, when the power of the protected / managed PC100 is turned off (step S1002: Yes), after that, if nothing is done (because the power is turned off, nothing can be done), the protected / managed target The series of processes on the PC 100 is completed.

If the power of the PC is not turned off in step S1002 (step S1002: No), it is next determined whether or not there is a request to start the PIN setting program 304 (step S1003). Here, if there is no move request for the PIN setting program 304 (step S1003: No), the process returns to step S1001. On the other hand, when there is a request to start the PIN setting program 304 (step S1003: Yes), the PIN setting program 304 is started (step S1004).

Next, it is determined whether or not the PIN code has been input (step S1005). Here, when the PIN code is input (step S1005: Yes), it is nextly determined whether or not the input PIN code matches the registered authentication PIN code (step S1006). Here, when both match (step S1006: Yes), the state of the device 103 is changed to the device disconnection state (step S1007). Then, a device disconnection signal indicating that the device has been disconnected is transmitted to the device 103 (step S1008). This ends a series of processes.

On the other hand, if the input PIN code does not match the registered authentication PIN code in step S1006 (step S1006: No), error processing is executed (Tep S1009), and then a series of processing is terminated. do. Specifically, in the error processing, the PIN code is repeatedly input a predetermined number of times. If the input matches, the process proceeds to step S1007. If none of them match as a result of repeated input a predetermined number of times, an error message is displayed on the display 406 as authentication has failed.

In addition, in order to prevent unauthorized removal of the protected / managed PC100, no further processing is performed. Therefore, the device is not changed to the detached state, thereby maintaining the locked state of the electronic lock 801. In that case, for example, it is advisable to perform the unlocking process of the electronic lock 801 by a response by an administrator or the like.

When the device 103 (USB terminal 105) is disconnected from the USB port 112 in step S1001 (step S1001: Yes), it is next determined whether or not the device 103 is connected to the USB port 112 (step S1001: Yes). Step S1010). Here, waiting for the device 103 to be connected to the USB port 112 (step S1010: No), if connected (step S1010: Yes), the power supply to the device 103 is started (step S1011), and then. , Return to step S1001.

The process of steps S1010 to S1011 is, for example, when the USB terminal 105 is inadvertently disconnected from the USB port 112, and then reconnected to the same terminal device (protected / managed PC100). It is assumed that it can be restored to its original state. Further, in step S1010, if the device is not connected to the USB port of the same terminal device, or if it is connected to the USB port of another terminal device, there is a possibility of an illegal take-out operation. Do not do it. Therefore, the device 103 is not changed to the device detached state, and the electronic lock 801 of the device 103 maintains the locked state.

In step S1005, when the device 103 (USB terminal 105) is disconnected from the USB port 112 in a state where the PIN code is not input (step S1005: No) (step S1012: Yes), the process proceeds to step S1010. After that, the processes of steps S1010 to S1011 are executed.

If the device 103 is not disconnected from the USB port 112 of the terminal device in step S1012 (step S1012: No), it is next determined whether or not the power is turned off (step S1013). If the power is not turned off (step S1013: No), the process returns to step S1005. On the other hand, when the power is turned off (step S1013: Yes), the series of processes is ended without doing anything thereafter.

The flowchart of FIG. 11 shows the contents of the process when the protected / managed PC 100 in the take-out state is changed to the take-out state.

In the flowchart of FIG. 11, it is determined whether or not the device 103 (USB terminal 105 of the device 103) is connected to the USB port 112 (step S1101). Here, waiting for the device 103 to be connected (step S1101: No), and when connected (step S1101: Yes), power supply to the device 103 is started (step S1102).

Then, the plug-and-play function starts synchronization with the device 103, and transmits a signal indicating the presence of setting information to the device 103 (step S1103). As a result, the driver 305 and the security wire key decryption program (PIN setting program) 304 are not transmitted from the device 103.

Next, it is determined whether or not the device 103 (USB terminal 105 of the device 103) is disconnected from the USB port 112 (step S1104). Here, when the device 103 is not disconnected (step S1104: No), it is determined whether or not there is a request to start the already installed PIN setting program 304 (step S1105). Here, if there is no request to start the PIN setting program 304 (step S1105: No), the process returns to step S1104. On the other hand, when there is a request to start the PIN setting program 304 (step S1105: Yes), the PIN setting program 304 is started (step S1106).

Then, it is determined whether or not the PIN code has been input (step S1107). Here, when the PIN code is input (step S1107: Yes), it is nextly determined whether or not the input PIN code matches the registered authentication PIN code (step S1108). Here, when both match (step S1108: Yes), the state of the device 103 is changed to the device recognition state (step S1109). Then, a device recognition signal indicating that the device recognition state has been reached is transmitted to the device 103 (step S1110). As a result, a series of processes is completed, and the process proceeds to step S1001 in the flowchart of FIG.

On the other hand, if the input PIN code does not match the registered authentication PIN code in step S1108 (step S1108: No), error processing is executed (step S1111), and then a series of processing is terminated. do. The error processing may be performed in the same manner as in step S1009 of the flowchart of FIG.

Further, in order to prevent unauthorized take-out of the protected / managed PC 100 (for example, an act of secretly returning the PC 100 that has succeeded in illegal take-out in some way to the original take-out state), the subsequent processing is not performed. Therefore, the device is not changed to the recognition state, thereby maintaining the unlocked state of the electronic lock and not locking it.

In step S1104, when the device 103 (USB terminal 105 of the terminal device) is disconnected from the USB port 112 of the terminal device (step S1104: Yes), next, whether or not the device 103 is connected to the USB port 112 is determined. Determine (step S1112). Here, it waits for the device 103 to be connected to the USB port 112 (step S1112: No), and if it is connected (step S1112: Yes), the process returns to step S1102.

The processing of steps S1104 and S1112 is, for example, when the USB terminal 105 is inadvertently disconnected from the USB port 112, and then by reconnecting to the same terminal device (protected / managed PC100). It is assumed that it can be restored to its original state. Further, in step S1112, if the USB port of the same terminal device is not connected, or if the USB port of another terminal device is connected, there is a possibility of an illegal take-out operation, so the subsequent processing is performed. Do not do it. Therefore, the device 103 is not changed to the device recognition state, and the electronic lock 801 of the device 103 maintains the unlocked state.

In step S1107, when the device 103 (USB terminal 105) is disconnected from the USB port 112 in a state where the PIN code is not input (step S1107: No) (step S1113: Yes), the process proceeds to step S1112. do. On the other hand, if the device 103 is not disconnected from the USB port 112 of the terminal device in step S1113 (step S1113: No), it is next determined whether or not the power is turned off (step S1114). If the power is not turned off (step S1114: No), the process returns to step S1107. On the other hand, when the power is turned off (step S1114: Yes), the series of processes is ended without doing anything thereafter.

(Procedure for processing device 103)
12 and 13 are flowcharts showing an example of the procedure for processing the device. Here, the flowchart of FIG. 12 shows the contents of the processing at the time of initial setting of the device 103 and the processing at the time of taking out the protected / managed PC 100.

In the flowchart of FIG. 12, it is determined whether or not the power is supplied from the protected / managed PC 100 (step S1201). Here, after waiting for power supply (step S1201: No) and when power supply is performed (step S1201: Yes), next, whether or not a signal indicating that setting information is available is received from the protected / managed PC 100. (Step S1202).

When a signal indicating the presence of setting information is received in step S1202 (step S1202: Yes), registration of the initial setting is unnecessary, so the process proceeds to step S1208. On the other hand, when the signal indicating that the setting information is present is not received (step S1202: No), the driver 305 is transmitted to the protected / managed PC 100 in order to register the initial setting (step S1203). Further, the device-specific information is transmitted to the protected / managed PC 100 (step S1204). Then, the PIN setting program 304 is transmitted to the protected / managed PC 100 (step S1205).

Next, it is determined whether or not the PIN code information has been received from the protected / managed PC 100 (step S1206). Here, waiting for the PIN code information to be received (step S1206: No), and when the PIN code information is received (step S1206: Yes), the PIN code information setting process is performed based on the received PIN code information. (Processing such as registering the received PIN code as an authentication PIN code) is performed (step S1207).

Next, it is determined whether or not the device authentication signal has been received from the protected / managed PC 100 (step S1208). Here, waiting for the device authentication signal to be received (step S1208: No), and when the device authentication signal is received (step S1208: Yes), the electronic lock 801 is locked (step S1209). After that, the process proceeds to step S1301 in the flowchart of FIG.

The flowchart of FIG. 13 shows the contents of the processing when the protected / managed PC 100 is taken out and the processing when the protected / managed PC 100 fails.

In the flowchart of FIG. 13, it is determined whether or not the power supply from the protected / managed PC 100 is turned off (step S1301). Here, when the power supply is not turned off (step S1301: No), it is next determined whether or not the device disconnection signal is received from the protected / managed PC 100 (step S1302).

If the device disconnection signal is not received in step S1302 (step S1302: No), the process returns to step S1301 and waits for the device disconnection signal to be received. Then, when the device disconnection signal is received (step S1302: Yes), the electronic lock 801 is unlocked (step S1303). This ends a series of processes.

When the power supply is turned off in step S1301 (step S1301: Yes), it is nextly determined whether or not the power supply is turned on (step S1304). Here, since the device 103 cannot operate as long as there is no power supply, if the power supply is turned on (step S1304: No) and the power supply is turned on (step S1304: Yes), the device 103 cannot operate. It is determined whether or not the power supply is from the protected / managed PC 100 (step S1305).

In step S1305, when the power supply is from the protected / managed PC 100 (step S1305: Yes), the process proceeds to step S1302. In this case, the power of the protected / managed PC 100 is turned off, or the USB terminal 105 is inadvertently disconnected from the USB port 112, and the power supply is turned on to return to the original state. It is assumed that it can be restored.

In step S1305, when the power supply is not from the protected / managed PC 100 (step S1305: No), it is determined whether or not the power supply is the PC for releasing the electronic lock 801 (step S1306). The identification information of the unlocking PC of the electronic lock 801 is registered in advance, and it can be determined whether or not the electronic lock 801 is the unlocking PC based on the identification information.

If it is determined in step S1306 that the PC is not a release PC (step S1306: No), it is determined that there is a possibility of illegal removal, and a series of processes is terminated. On the other hand, in the case of the release PC (step S1306: Yes), the protected / managed PC 100 cannot operate due to a failure or the like, and instead, an attempt is made to operate the device 103 by supplying power from the release PC. It can be determined that there is. Therefore, on the display unit 202 of the device 103, the display screen to the effect that the PIN code is input in order to release the electronic lock is turned on (step S1307).

Then, it is determined whether or not the PIN code has been input (step S1308). Here, if the PIN code is waited for to be input (step S1308: No) and the PIN code is input (step S1308: Yes), the input PIN code is registered in the device for authentication. It is determined whether or not it matches with (step S1309). Here, when both are matched (step S1309: Yes), the electronic lock 801 is unlocked (step S1310).

After that, since it is determined that the protected / managed PC 100 has failed, the registered contents are reset (step S1311), and a series of processes is terminated.

On the other hand, if the input PIN code does not match the registered authentication PIN code in step S1309 (step S1309: No), error processing is executed (step S1312), and then a series of processing is terminated. do. Specifically, the error processing is performed by repeatedly inputting the PIN code a predetermined number of times, as in step S1009 of the flowchart of FIG. If the input matches, the process proceeds to step S1310. If none of them match as a result of repeated input a predetermined number of times, an error message is displayed on the display unit 202 as authentication has failed.

(Procedure for processing the program for linking the status of the PC take-out management system)
14 and 15 are flowcharts showing an example of the processing procedure executed by the PC take-out management system state cooperation program.

The flowchart of FIG. 14 shows the contents of the process related to the confirmation of the device information in the driver setting information area in the OS 301 by the PC take-out management system state cooperation program 303.

In the flowchart of FIG. 14, it is determined whether or not the predetermined timing (cycle) has been reached (step S1401). Here, waiting for a predetermined timing (step S1401: No), and when the predetermined timing is reached (step S1401: Yes), the driver setting information area in the OS 301 is confirmed (step S1402). Then, it is determined whether or not there is device information in the area (step S1403).

If there is device information in step S1403 (step S1403: Yes), information about the protected / managed PC 100 and information about the device 103 are transmitted to the PC take-out management system (Web server) 300 (step S1404). This ends a series of processes. On the other hand, when there is no device information (step S1403: No), a series of processes is terminated without doing anything.

The flowchart of FIG. 15 shows the contents of the process related to the confirmation of the change of the device information (USB device state) in the driver setting information area in the OS 301 by the PC take-out management system state cooperation program 303.

In the flowchart of FIG. 15, it is determined whether or not the predetermined timing (cycle) has been reached (step S1501). Here, waiting for a predetermined timing (step S1501: No), and when the predetermined timing is reached (step S1501: Yes), the USB device connection status in the OS 301 is confirmed (step S1502). Then, it is determined whether or not there is a change in the USB device connection state (whether there is a change in which the device connection is enabled (device recognition state)) (step S1503).

Here, if there is a change such that the device connection is enabled (step S1503: Yes), it is determined that the protected / managed PC 100 is in the take-out state (step S1504). Then, the take-out application process of the PC take-out management system (Web server) 300 is executed (step S1505). As a result, the PC take-out management system (Web server) 300 manages that the protected / managed PC 100 is in a take-out state.

If there is no change in step S1503 so that the device connection is enabled (step S1503: No), the process proceeds to step S1506 without doing anything.

Next, in step S1506, it is determined whether or not there is a change in the USB device connection state (whether there is a change in which the device connection is disabled (device disconnection state)) (step S1506). Here, if there is a change such that the device connection is disabled (step S1506: Yes), it is determined that the protected / managed PC 100 is in the take-out state (step S1507). Then, the take-out application process of the PC take-out management system (Web server) 300 is executed (step S1508). As a result, the PC take-out management system (Web server) 300 manages that the protected / managed PC 100 is in the take-out state.

In step S1506, if there is no change such that the device connection is disabled (step S1506: No), that is, if there is no change in the USB device connection state, the series of processes is terminated without doing anything. ..

In this way, the PC take-out management system state linkage program 303 determines the take-out / take-out state of the protected / managed PC 100 from the change in the state by checking the USB device connection state in the OS 301. Then, based on the determination result, the PC take-out management system (Web server) 300 can manage the take-out / take-out of the protected / managed PC 100.

(Overview of overall operation)
FIG. 16 is an explanatory diagram showing an outline of the overall operation. In FIG. 16, the processing items are "1. at the time of initial use", "2. registration of the decryption key (PIN) for unlocking the electronic lock", "3. at the time of taking out the PC", "4. at the time of taking out the PC", It consists of "5. Abnormal processing".

Operation details in "1. Initial use" (1) Physically fix the security wire 101. Specifically, wrap it around the legs of a desk. Then, the protected / managed PC100 is started. At this time, the state of the electronic lock is "OPEN", that is, the hook 201 is in a state of being close to each other as shown in FIGS. 2 and 3A. Further, the state of the device on the protected / managed PC 100 is an "invalid" state. In addition, the state of the PC take-out management system 300 is "invalid (not managed)".

(2) Connect the USB connection cable 104 (USB terminal 105) to the USB port of the protected / managed PC100. At this time, the state of the electronic lock is the "OPEN" state. Further, the state of the device on the protected / managed PC 100 is an "invalid" state. In addition, the state of the PC take-out management system 300 is "invalid (not managed)".

(3) Install the driver 305. At this time, the state of the electronic lock is the "OPEN" state. Further, the state of the device on the protected / managed PC 100 is an "invalid" state. In addition, the status of the PC take-out management system 300 is "added to the management target".

Operation contents in "2. Registration of decryption key (PIN) for unlocking electronic lock" (1) Connect the security wire 101 (hook 201) to the security slot 111. At this time, the state of the electronic lock is "OPEN". Further, the state of the device on the protected / managed PC 100 is an "invalid" state. Further, the state of the PC take-out management system 300 is "before take-out".

(2) Set the PIN code information. Accepts the input of PIN code information and uses it as the PIN code for authentication. At this time, the state of the electronic lock is "OPEN". Then, the state of the device on the protected / managed PC 100 becomes the "valid" state. In addition, the state of the PC take-out management system 300 is "take-out".

(3) The PIN code information is transmitted to the device 103. At this time, the state of the electronic lock is "CLOSE", that is, the hooks 201 are separated from each other as shown in FIG. 3B. The state of the device on the protected / managed PC 100 is "valid", and the state of the PC take-out management system 300 is "take-out".

Operation details in "3. When taking out the PC" (1) Start the PIN setting program 304 and receive the PIN code input. The state of the electronic lock at this time is "CLOSE". Further, the state of the device on the protected / managed PC 100 is the "valid" state, and the state of the PC take-out management system 300 is the "take-out" state.

(2) Then, change to the "device detached state (enabled)". The state of the electronic lock at this time is "CLOSE". In addition, the state of the device on the protected / managed PC 100 is "invalid". In addition, the state of the PC take-out management system 300 is "take-out".

(3) The device 103 receives the disconnection signal. The state of the electronic lock at this time is "OPEN". Further, the state of the device on the protected / managed PC 100 is the "invalid" state, and the state in the PC take-out management system 300 is the "take-out" state.

Operation details in "4. Take-out PC" (1) Connect the security wire 101 (hook 201) to the security slot 111, and connect the USB connection cable 104 (USB terminal 105) to the USB port of the protected / managed PC 100. .. The state of the electronic lock at this time is "OPEN". Further, the state of the device on the protected / managed PC 100 is the "invalid" state, and the state in the PC take-out management system 300 is the "take-out" state.

(2) Start the PIN setting program 304 and receive the input of the PIN code. The state of the electronic lock at this time is "OPEN". Further, the state of the device on the protected / managed PC 100 is the "invalid" state, and the state in the PC take-out management system 300 is the "take-out" state.

(3) Then, change to "device recognition state (disabled)". The state of the electronic lock at this time is "OPEN". Further, the state of the device on the protected / managed PC 100 is the "valid" state. In addition, the state of the PC take-out management system 300 is "take-out".

(4) The device 103 receives the recognition signal. The state of the electronic lock at this time is "CLOSE". Further, the state of the device on the protected / managed PC 100 is the "valid" state, and the state of the PC take-out management system 300 is the "take-out" state.

Operation details in "5. Abnormal handling" (1) When the security wire 101 is fixed to the security slot 111 and only the USB connection cable 104 is disconnected, the state of the electronic lock is "CLOSE", that is, the current state. Further, the state of the device on the protected / managed PC 100 remains in the "invalid" state. In addition, the state of the PC take-out management system 300 also maintains the original state (the state of "take-out").

(2) When the power of the protected / managed PC 100 is turned off (suspended state) while the security wire 101 is fixed to the security slot 111, the state of the electronic lock is "CLOSE", that is, the current state. Further, both the state of the device on the protected / managed PC 100 and the state of the PC take-out management system 300 remain in the original state (the state of "take-out").

(3) If the protected / managed PC 100 fails while the security wire 101 is fixed to the security slot 111, the state of the electronic lock is "CLOSE", that is, the current state. In addition, neither the state of the device on the protected / managed PC 100 nor the state of the PC take-out management system 300 will function.

(4) Then, when the device 103 receives power from the release PC and receives the PIN code input from the Keith switch 203, the state of the electronic lock becomes "OPEN" and the security wire 101 can be pulled out from the security slot 111. become able to.

As described above, the state of the device on the PC changes depending on each operation content, and the state of the electronic lock 801 (hook 201) changes accordingly, and the state of management in the PC take-out management system 300 also changes. In this way, the locking or unlocking of the electronic lock can be controlled based on the device state on the protected / managed PC 100, and the protection / managed PC 100 can be taken out and managed by the PC take-out management system 300. You can do it.

As described above, according to the present embodiment, when controlling the take-out of the terminal device (protected / managed PC 100), the terminal device 100 is connected to the terminal device 100 via the USB terminal 105 provided at one end of the security wire 101. When the electronic lock 801 operated by the supplied electric power is operated, the locking or unlocking of the electronic lock 801 is controlled based on the input of the password to at least one of the terminal device 100 and the electronic lock 801. In addition, the terminal device 100 is managed to be taken out based on the lock or unlock status of the electronic lock 801.

More specifically, based on the input of the password, the state of the device 103 provided with the electronic lock 801 is changed from the available state in the terminal device 100 to the detached state from the terminal device 100, or from the terminal device 100. The detached state is changed to the available state in the terminal device 100.

Then, when the device 103 is in a usable state in the terminal device 100, it is determined that the terminal device 100 is in a take-out state. Further, when the device 103 is in the detached state from the terminal device 100, it is determined that the terminal device 100 is in the taken-out state.

This makes it possible to operate the security wire 101 as a general-purpose USB port device. Therefore, it is not necessary to send and receive communication protocols and information that can be used by a predetermined software application between the PC 100 and the device 103. Therefore, it is possible to localize the risk of infringing the locking or unlocking of the device 103 by setting the PC 100 side or tampering with the program.

Further, when there is already a management system for determining the take-out / take-out of the PC, it is possible to realize the take-out / take-out determination using the anti-theft wire with the minimum necessary modification.

Further, by automatically controlling the locking or unlocking of the security port when the USB device of the OS is connected, it is possible to detect and recognize the operation failure or deficiency due to human error or erroneous recognition.

Further, according to the present embodiment, information regarding the PIN code can be used as the password. Thereby, the locking or unlocking of the electronic lock 801 can be controlled more easily and surely.

Further, according to the present embodiment, the device 103 provided with the electronic lock 801 is connected to the USB terminal 105 capable of receiving power supply from the connection destination, and the USB terminal 105 is connected to the connection destination terminal device 100. It is provided with a control unit 800 that controls the electronic lock 801 to set the locked state when the device 103 becomes available in the terminal device 100 by receiving power from the USB port 112 via the terminal 105. ..

The control unit 800 receives power from the USB port 112 via the terminal 105 by the connected terminal device 100, and when the device 103 becomes available in the terminal device 100, the control unit 800 controls the electronic lock 801. Although it is set to the locked state, when power is supplied from the USB port 112 via the terminal 105 by the terminal device 100 to be connected, the device 103 can be used in the terminal device 100. good.

The fact that the device 103 becomes available in the terminal device 100 means that, for example, not only the power supply but also the preparation process for use is completed. Further, when the terminal 105 is connected and power is supplied from the connected terminal device 100 via the terminal 105, controlling the electronic lock 801 to set the locked state is, for example, simply operated by power supply. It shows that it does.

By configuring in this way, the electronic lock 801 can be controlled and set to the locked state simply by receiving power without inputting a password. Therefore, the password input process can be omitted when the locked state is set. As a result, the user can more easily and surely perform the operation when taking out the PC.

Further, the control unit 800 controls and locks the electronic lock 801 when, for example, receives information from the connection destination terminal device 100 indicating that the device 103 is in a usable state in the terminal device 100. Can be set to state.

Further, the control unit 800 is in a state where power is supplied from the terminal device 100 to be connected to the device 103 via the USB terminal 105, and the device 103 is disconnected from the terminal device 100 from the state in which the device 103 can be used in the terminal device 100. In the case of transition, the electronic lock 801 can be controlled and set to the unlocked state.

The control unit 800 can control the electronic lock 801 to set the unlocked state when, for example, the control unit 800 receives information indicating that the device 103 has been disconnected from the terminal device 100 of the connection destination. ..

Thereby, the security wire 101 can more reliably and easily control the locking or unlocking of the electronic lock 801.

Further, according to the present embodiment, the device 103 includes a driver 305 that makes the device recognizable, or a program (security wire key decryption program (PIN setting program) 304) that controls locking or unlocking of the electronic lock. A storage unit 802 that can be provided and stored in the connected terminal device 100 is provided.

As a result, simply by connecting the USB terminal 105, the plug-and-play function synchronizes with the device 103, and a program that controls the locking or unlocking of the electronic lock can be automatically installed, which is a burden on the user. Can be further reduced.

As described above, according to the present embodiment, the security of the protected / managed PC 100 can be improved, and the take-out management of the protected / managed PC 100 can be performed more easily.

The take-out management method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. The take-out management program can be read by a computer such as a hard disk, a flexible disk, a CD (Compact Disk) -ROM, an MO (Magnet-Optical Disk), a DVD (Digital Versaille Disk), a flash memory, and a USB (Universal Serial Bus) memory. It is recorded on a recording medium and executed by being read from the recording medium by a computer. Further, the take-out management program may be distributed via a network such as the Internet.

The following additional notes are further disclosed with respect to the above-described embodiment.

(Appendix 1) A take-out management program that controls the take-out of terminal devices.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
The terminal device is taken out and managed based on the lock or unlock status of the electronic lock.
A take-out management program characterized by having a computer execute processing.

(Appendix 2) Based on the input of the password, the state of the device equipped with the electronic lock is changed from the available state in the terminal device to the detached state from the terminal device, or the detached state from the terminal device. Change from state to available state in the terminal device,
The take-out management program described in Appendix 1, which is characterized by the above.

(Appendix 3) The take-out management program according to Appendix 2, wherein when the device is in a usable state in the terminal device, it is determined that the terminal device is in a take-out state.

(Supplementary Note 4) The take-out management program according to Appendix 2 or 3, wherein when the device is in a detached state from the terminal device, it is determined that the terminal device is in a take-out state.

(Supplementary Note 5) The take-out management program according to any one of Supplementary note 1 to 4, wherein the terminal is a USB terminal, and the USB terminal is connected to a USB port of the terminal device.

(Appendix 6) The take-out management program according to any one of the appendices 1 to 5, wherein the password is information related to a PIN code.

(Appendix 7) This is a take-out management method for controlling the take-out of a terminal device.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
The terminal device is taken out and managed based on the lock or unlock status of the electronic lock.
A take-out management method characterized by a computer performing processing.

(Appendix 8) A take-out management device that controls the take-out of the terminal device.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
The terminal device is taken out and managed based on the lock or unlock status of the electronic lock.
A take-out management device characterized by having a control unit.

(Appendix 9) A device equipped with an electronic lock,
Terminals that can receive power from the connection destination and
When the terminal is connected and power is supplied from the connection destination terminal device via the terminal and the device becomes available in the terminal device, or when the terminal is connected and the connection destination terminal is connected. When power is supplied from the device via the terminal, a control unit that controls the electronic lock to set it in the locked state, and a control unit.
A device characterized by being equipped with.

(Appendix 10) When the control unit receives information from the connection-destination terminal device indicating that the device is in a usable state in the terminal device, the control unit controls the electronic lock to lock the device. Set to,
The device according to Appendix 9, wherein the device is characterized by the above.

(Appendix 11) The control unit is in a state where power is supplied from the terminal device to the connection destination via the terminal, and the device is disconnected from the terminal device from the state in which the device can be used in the terminal device. When the transition occurs, the electronic lock is controlled and set to the unlocked state.
The device according to Appendix 9 or 10, wherein the device is characterized by the above.

(Appendix 12) When the control unit receives information indicating that the device has been disconnected from the terminal device to which the connection destination is connected, the control unit controls the electronic lock to set the unlocked state.
The device according to Appendix 11, wherein the device is characterized by the above.

(Supplementary Note 13) A storage unit is provided which stores a driver that makes the device recognizable so that it can be provided to the connected terminal device.
The device according to any one of the appendices 9 to 12, characterized in that.

(Appendix 14) The storage unit can store a program for controlling locking or unlocking of the electronic lock in the connected terminal device so as to be able to provide the program.
The device according to Appendix 13, wherein the device is characterized by the above.

(Supplementary Note 15) The device according to any one of Supplementary note 9 to 14, wherein the terminal is a USB terminal.

100 Terminal devices (protected / managed personal computers (PCs))
101 Security wire 102 Wire part 103 Device 104 USB connection cable 105 USB terminal 111 Security slot 112 USB port 201 Hook 202 Display part 203 Key switch 300 PC take-out management system (Web server)
301 Operating System Software (OS)
302 Web browser 303 PC take-out management system status linkage program 304 Security wire key decryption program (PIN setting program)
305 Driver 311 LAN cable 312 LAN connection terminal 313 LAN port 701 Reception unit 702 Storage unit 703 PIN code reception unit 704 Judgment unit 705 Status change unit 706 Transmission unit 707 Power supply control unit 708 Connection monitoring unit 800 Electronic lock control unit 801 Electronic lock 802 Storage unit 803 Transmitter unit 804 Receiver unit 805 Power supply control unit 806 Display control unit 807 Display screen

Claims (12)

It is a take-out management program that controls the take-out of terminal devices.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
Based on the input of the password, the recognition state of the device provided with the electronic lock in the terminal device is changed from the available state in the terminal device to the detached state from the terminal device, or from the terminal device. Change from the detached state to the usable state in the terminal device,
It manages to take out the terminal device based on the recognition state .
A take-out management program characterized by having a computer execute processing. The take-out management program according to claim 1 , wherein when the device is available in the terminal device, it is determined that the terminal device is in a take-out state. The take-out management program according to claim 1 or 2 , wherein when the device is in a detached state from the terminal device, it is determined that the terminal device is in a take-out state. The take-out management program according to any one of claims 1 to 3 , wherein the terminal is a USB terminal, and the USB terminal is connected to a USB port of the terminal device. The take-out management program according to any one of claims 1 to 4 , wherein the password is information related to a PIN code. It is a take-out management method that controls the take-out of terminal devices.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
The terminal device is taken out and managed based on the lock or unlock status of the electronic lock.
A take-out management method characterized by a computer performing processing. It is a take-out management device that controls the take-out of terminal devices.
Input of a password to at least one of the terminal device and the electronic lock when the electronic lock operated by the electric power supplied from the terminal device is operated through the terminal provided at one end of the security wire. Controlling the locking or unlocking of the electronic lock based on
The terminal device is taken out and managed based on the lock or unlock status of the electronic lock.
A take-out management device characterized by having a control unit. A device equipped with an electronic lock
Terminals that can receive power from the connection destination and
When the terminal is connected and power is supplied from the connected terminal device via the terminal, the recognition state in the terminal device becomes a state in which the device can be used in the terminal device, or the terminal. Is connected, and when power is supplied from the terminal device to the connection destination via the terminal, a control unit that controls the electronic lock and sets it in the locked state, and
A device characterized by being equipped with. When the control unit receives information from the connection-destination terminal device indicating that the device is in a usable state in the terminal device, the control unit controls the electronic lock to set the locked state.
The device according to claim 8. The control unit is in a state where power is supplied from the terminal device to the connection destination via the terminal, and the recognition state of the terminal device is changed from the state in which the device can be used in the terminal device from the terminal device. When the state shifts to the detached state, the electronic lock is controlled and set to the unlocked state.
The device according to claim 8 or 9 . When the control unit receives information indicating that the device has been disconnected from the terminal device to which the device is connected, the control unit controls the electronic lock to set the unlocked state.
10. The device of claim 10 . A storage unit that can provide a driver that makes the device recognizable to the connected terminal device is provided.
The device according to any one of claims 8 to 11 .

Images