JP2007316789A - Client system, server system, their control method, control program, data erasure system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily improve data security by integrating in advance an erasure function in such information equipment as a notebook-sized personal computer, and erasing data by communication with a server arranged on a communication network. <P>SOLUTION: When a terminal T such as a notebook computer is lost or stolen, a user logs in a server S to give an erase command. The erasure accepted by an erasure instruction accepting means 54, and stored in an erase command storing means 56, and transmitted to a terminal T by an erase command transmitting means 60. It is desired that the transmission of the erasure instruction is performed by making a response to confirmation access from the terminal T. At the terminal side, an erase command receiving means 20 receives the erase command of the data from the server S through a communication network by a communication means N1. When the erase command is received by the erasure receiving means 20, the data of the user stored in a storage means 88 are erased by a data erasure means 32. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a technique for improving data security in an information device such as a notebook computer.

  In recent years, information devices such as personal computers, especially portable laptop computers, have become widespread, and opportunities to use information access and business support utilizing them have increased dramatically on the go. Convenience of use has greatly increased.

However, on the other hand, along with the increase in the capacity of storage devices such as hard disk drives and the generalization of easy-to-carry laptop computers, laptop computers containing confidential information such as company customer information and sales information are lost or stolen. There was a risk of information leaks, and personal laptops also had the same danger for information that they did not want others to see.
JP 2006-018345 A

  In preparation for unexpected situations such as loss or theft as described above, it is conceivable to encrypt the data in advance (see, for example, Patent Document 1). In this case, the encryption is performed each time the user uses the device. There are significant issues such as the time and effort to cancel or decrypt, the danger of encountering lost or stolen in the state of cancellation or decryption, and the processing load such as re-encryption of update contents in addition to cancellation and decryption. The solution to this problem was eagerly desired.

  The present invention solves the problems of the prior art as described above, and its purpose is to communicate with a server arranged on a communication network by incorporating an erase function in advance in an information device such as a notebook computer as a client system. The data security is easily improved by erasing the data. Another object of the present invention is to support objective verification of a user's data management responsibility by issuing a certificate after completion of data erasure.

  Based on the above object, one aspect of the present invention is a client system including an operation and data input unit, a storage unit for user data, a communication unit with a communication network, and an arithmetic control unit of a computer. The erasure command receiving means for receiving a data erasure command from a predetermined external server system via the communication network by the communication means, and storing the erasure command in the storage means when the command receiving means receives the erasure command. The arithmetic control unit realizes data erasing means for erasing the data that has been stored.

  According to another aspect of the present invention, in a server system having a communication means with a communication network and a calculation control unit of a computer, registration is received in association with a user and a client system and stored in a predetermined registration information storage means. A registration command receiving unit and an erasing command receiving unit that receives an access from the user stored in the registration information storage unit by the communication network and the communication unit to authenticate the user and receive a data erasing command. And an erasing command transmission means for transmitting the erasing command received by the erasing command receiving means to the client system registered by the registration receiving means. And

  In this way, by accepting registration in advance in the server system in association with the client system incorporating the erasure function by a program or the like and its user, by receiving the erasure command from the user and transmitting it to the client system Even when the target device cannot be operated, such as when a laptop computer is lost or stolen, secret data such as business and privacy can be easily and reliably deleted from anywhere at any time.

  According to another aspect of the present invention, in the client system as described above, designation of a target range to be erased by the data erasure means among the data in the storage means can be specified from the input means or from a communication network by the communication means. The calculation control unit realizes a target designation receiving unit that receives and stores in a predetermined setting storage unit, and the data erasing unit erases the data in the target range stored in the setting storage unit It is characterized by that.

  Alternatively, in any of the server systems as described above, designation of a target range to be erased among data on the client system is accepted by communication through the communication network and the communication unit and is stored in a predetermined deletion target storage unit. The arithmetic control unit executes a target designation receiving process, and in the erase command transmission process, the erase target range stored in the erase target storage means is transmitted together with the erase command to a corresponding client system. To do.

  In this way, by accepting the user's designation as to what range of data is to be erased, it is possible to realize effective erasure adapted to the user's individual specific retained data and its properties.

  According to another aspect of the present invention, in the client system as described above, designation of an erasing method by the data erasing unit is received from the input unit or by communication from a communication network by the communication unit, and predetermined setting is performed. The calculation control unit realizes a method designation receiving unit to be stored in a storage unit, and the data erasing unit erases the data according to an erasing method stored in the setting storage unit.

  Alternatively, in any of the server systems as described above, a method for accepting designation of an erasing method for erasing data on the client system by communication through the communication network and the communication means and storing it in a predetermined erasing method storage means The calculation control unit executes a designation receiving process, and in the erasing command transmission process, the erasing method stored in the erasing method storage means is transmitted to the corresponding client system together with the erasing command.

  In this way, by accepting the user's designation for the erasing method, such as the type of zero value or random number writing and the number of times, the user's individual such as whether to give priority to erasure quickness or restoration difficulty Deletion conforming to specific policies and circumstances can be realized.

  According to another aspect of the present invention, in the client system as described above, the erasure command receiving means periodically attempts communication with the predetermined server system through the communication means and the communication network, and When the communication is successful and it is confirmed that the erasure command is registered, and when the communication cannot be performed for a predetermined time or more, it is considered that the erasure command is received.

  In this way, a periodic status check is made through a network connection, and if an erasure command can be confirmed, the status after theft or loss can be promptly deleted by erasing the data even if communication cannot be confirmed for more than a specified time. No matter how they are used, important confidential data can be erased.

  According to another aspect of the present invention, in the server system as described above, the registration receiving unit associates a plurality of user systems for identifying one or a plurality of client systems in association with one user ID for user identification. The machine ID is registered, and the erasure command accepting unit accepts the erasure command by specifying a client system to be erased by the machine ID registered by the registration accepting unit, and the erasure command transmitting unit The erasing command is transmitted to the client system corresponding to the machine ID specified by the erasing command receiving means by the erasing command receiving means.

  As described above, by managing the machine ID in association with each of a plurality of company-use client systems managed by the user based on one user ID, centralized management by one password is facilitated smoothly. It becomes feasible.

  According to another aspect of the present invention, in the server system as described above, confirmation information indicating that all or part of the erasure command is completed is received from the client system that has transmitted the erasure command. Confirmation information receiving means to be stored in the confirmation information storage means, and a certificate proving that all or part of the erasure command has been completed to the client system based on the confirmation information stored in the confirmation information storage means The calculation control unit realizes a certificate issuing unit that issues a certificate.

  In this way, by issuing a data erasure certificate, it is clear and objective that the information management responsibility has been fulfilled by the erasure for customers and related parties of customer information that was on a PC that has been lost, etc. This makes it easy to maintain and recover trust.

  According to still another aspect of the present invention, in the server system as described above, the certificate issuing unit performs electronic certification using public key cryptography for external access via the communication network and the communication unit. The certificate is issued by a certificate method.

  In this way, by issuing the certificate electronically, the parties concerned can obtain the certificate quickly and easily from anywhere at any time, and can immediately confirm its authenticity by decryption with the public key, etc. It is possible to save costs and time.

In another aspect of the present invention, any one of the client systems as described above is combined with any of the server systems as described above.
The method and program are the same as those in the above embodiments.

  As described above, the present invention facilitates data security by incorporating an erasing function in advance in an information device such as a laptop computer as a client system and erasing data by communication with a server arranged on a communication network. It becomes possible to improve.

  Next, the best mode for carrying out the present invention will be described with reference to the drawings. Note that assumptions common to the explanation in the background art and problems are omitted as appropriate.

[1. Constitution〕
This embodiment shows an important data erasure service (hereinafter also referred to as “this service”) that uses this invention to erase important data such as confidential information when a laptop is lost or stolen. FIG. 1 shows the configuration of a data erasing system (hereinafter also referred to as “this system”). In this system, a client network (hereinafter also referred to as “terminal”) T such as a notebook personal computer to be erased and a predetermined server system (hereinafter also referred to as “server”) S are not shown in a communication network such as the Internet. It is a combination through.

  Among these, the terminal T includes operation and data input means (keyboard, pointing device, etc.) 20 and storage means (hard disk drive etc.) 30 for user data, as well as communication means (LAN and A wireless LAN connection function or the like) N, and a computer control unit (CPU or the like) as a general element (not shown), and a large number of terminals T may exist depending on the scale of the service and the number of subjects.

  On the other hand, although the server S may be single, it is specifically free to divide or multiplex as a separate body for each role. The server S includes at least a communication unit N2 such as a backbone line or a connection gateway for accepting access from a terminal, a computer control unit, and the like.

  In the terminal T and the server S, each arithmetic control unit implements each unit (22 to 32, 52 to 64, 72 to 80, etc.) shown in FIG. 1 by a predetermined program. These units will be described later. It is a processing means for realizing and executing such a functional action.

[Outline of effects]
In this system, the registration accepting unit 52 of the server S accepts registration by associating the user with the terminal T, and stores it in a predetermined registration information storage unit 72 (registration accepting process). Thereafter, the erasure command accepting unit 54 accepts access from the user stored in the registration information storage unit 72 by the communication network and the communication unit N2, thereby authenticating the user and issuing a data erasure command. Received and stored in a predetermined erase command storage means 74 (erase command acceptance process).

  Then, the erase command transmission means 60 transmits this erase command to the corresponding terminal T (erase command transmission process). The deletion command may be transmitted by responding to the confirmation access from the terminal, or by actively transmitting information from the server to the terminal using a network address such as an IP address or a messenger ID.

  On the terminal side, the erasure command receiving means 20 receives a data erasure command from the server S via the communication network by the communication means N1 (erase command receiving process). In this way, when the erase command receiving means 20 receives the erase command, the data erase means 32 erases the user data stored in the storage means 30 (data erase processing). For data deletion, it is desirable to actually delete the substance of the file data by overwriting or the like, but it may be made invisible by deletion from a management area such as a directory or attribute change.

In this way, by accepting registration in advance in the server system in association with the client system incorporating the erasure function by a program or the like and its user, by receiving the erasure command from the user and transmitting it to the client system Even when the target device cannot be operated, such as when a laptop computer is lost or stolen, secret data such as business and privacy can be easily and reliably deleted from anywhere at any time.
Hereinafter, it will be described more specifically with reference to the flowchart of FIG.

[Introduction and configuration]
At the start of use of this service, a user installs a client program (data erasure agent, hereinafter also referred to as “agent”) in advance on a terminal T such as a target notebook PC (personal computer). When a user or agent communicates with the server S, individual user IDs are used for user identification and authentication, service license management, various instructions and settings, and the like.

  The user ID is given to the user when making a purchase contract for this service by accessing a distribution package or purchase site, or when providing an agent by downloading (steps S11 and S12). For example, in the case of a corporate user, one user ID is issued to the system administrator, and installation and registration for the number of license contracts are permitted based on the user ID.

〔user registration〕
Such system administrators and individual users access a server setting website (also referred to as “user setting web”) at an appropriate timing such as before and after software installation, and perform user registration and user registration based on the user ID. Then, a password, the number of management PCs, etc. are set (step S13), and after that, setting changes and various instructions are performed as necessary.

  In particular, a company user manages a plurality of terminals with a plurality of machine IDs for a single user ID. In this case, the registration accepting unit 52 of the server S registers a plurality of machine IDs for identifying one or a plurality of terminals in association with one user ID for user identification, The erase command is received by specifying the terminal to be erased by the machine ID registered as described above, and the erase command transmission means 60 transmits the erase command to the terminal corresponding to the machine ID thus identified. To do.

  As described above, by managing the machine ID in association with each of a plurality of company-use client systems managed by the user based on one user ID, centralized management by one password is facilitated smoothly. It becomes feasible.

  The flow of registration and agent installation is arbitrary, and as an example, the user ID, password, machine ID, and the like are requested on the installation screen of the agent installer (step S14). The agent transmits to the server S after the installation is completed, and the server S compares the issued user ID stored in the user database such as the registration information storage unit 72 and the like, and if it is a genuine user ID, the password, machine ID, address / Registration information such as a mail address is stored (step S31). When using multiple PCs, repeat these operations.

  After agent installation and user registration, the user can authenticate with the user ID and password, specify the target PC with the machine ID, and order data erasure. In addition, the above-mentioned user setting web accepts data deletion command OFF (default) / ON switching, password change, machine ID deletion or reissue, other function tests, contract renewal / change / cancellation, etc. .

[Acceptance of Erase Order]
In the unlikely event that the terminal T is lost or stolen, the user can use the user setting web, another predetermined mobile phone website, e-mail, etc. from another terminal X in the office or home, for example. The server S is instructed to erase data by the means described above. At this time, the erasure command accepting unit 54 of the server authenticates the user with a user ID and a password, for example, and in the case of a user who has registered a plurality of devices, the erasure command target receives and specifies the designation of the machine ID. When the erase command is correctly received, the data erase setting flag in the erase command storage means 74 is turned ON for the corresponding user ID or machine ID according to the contents.

[Transmission and deletion of erase command]
Further, the transmission of the erasure command from the server S to the terminal T is specifically performed as follows. That is, the erasure command receiving means 28 of each terminal T periodically tries a status inquiry by communication with the server S through the communication means N1 and the communication network. Then, when it is confirmed that the erasure command is registered after the successful communication, it is considered that the erasure command has been received, and the data erasure unit 32 erases the user data stored in the storage unit 30. Also, if the communication cannot be performed for a predetermined time or longer, it is considered that an erasure command has been received and the same erasure is performed.

  In other words, after authentication is completed, the agent on the PC attaches the machine ID to the inquiry or inquiry about whether to erase data at any time (for example, when the OS starts or at regular intervals) regardless of whether it is lost or stolen. Attempt to send to server S via internet connection. In response to this inquiry, the server erasure command transmission means 60 identifies the agent of the terminal T that is the inquiry source by the machine ID, and replies whether the flag of the data erasure command corresponding to the corresponding machine ID is ON or OFF. When this is ON, it is a data erasure command.

  Upon receiving such a data erasure command from the server S, the agent erases the data. If the agent does not receive the erasure notification, the agent tries the inquiry again in the next cycle, and cannot communicate with the server and tries again. If a state in which communication is not possible continues for a predetermined period or longer, the data is deleted as time is up.

  Specifically, the agent monitors a plurality of types of timer setting values (step S21). One of them is a time limit for making an arbitrary file (for example, a file designated in advance) invisible instead of being deleted if it has not been connected to the Internet for a certain period of time (step S22). If you don't authenticate after the time, use it to hide the file.

  The second is a period in which the server is periodically accessed to perform such authentication. At this time, if there is an erasure command in the server, erasure is started (step S23). The third is a time limit for erasing an arbitrary file (for example, a file designated in advance) when the Internet is not connected for a predetermined long period (for example, one month or more) (step S24).

  These timer setting values and their monitoring functions can be set and changed such as on / off (steps S16 and S21), and the operation is performed from the agent setting screen before the PC is lost (step S16).

  In other words, the above mechanism is to maintain the data without erasing only when it can be confirmed that the erasure command is not registered every predetermined time. It is also important to maintain the data without deleting it only when it is confirmed that the data maintenance command has been registered and updated within the past predetermined time by the same periodic inquiry. It is.

  As described above, check the status periodically over the network connection, and if the deletion command can be confirmed, quickly, even if you can not communicate for more than a predetermined time even if you can not confirm, by deleting the data, after theft or loss No matter what the state or usage, important secret data can be erased.

[Specify deletion target]
The range of data to be deleted can be specified in advance by the agent of the terminal T or by an instruction to the server S. For example, when specifying on the terminal T side, the target designation receiving unit 22 of the terminal T receives from the input unit 20 designation of a target range to be erased by the data erasing unit 32 among the data in the storage unit 30 as described above. (Target specification reception process).

  The target range may be specified by providing the target specification receiving means 56 in the server S. In this case, the deletion target range specified on the user setting web is stored in the deletion target storage means 76, and the deletion command is transmitted together with the deletion command. The means 60 transmits the data to the terminal T via the communication means N2, N1 and the communication network between them, and the data erasing means 32 reflects the erasure in the terminal T via the erasure command receiving means 28.

  The target range can be specified by using one or more conditions such as individual files, directories, file types, date of creation or update, date and time, range, titles, text included in the text, etc. combine.

  In this way, by accepting the user's designation as to what range of data is to be erased, it is possible to realize effective erasure adapted to the user's individual specific retained data and its properties.

  The range of data to be erased is designated before the loss on the agent setting screen or at the time of the order before or after the loss on the user setting web setting screen. The specification method is based on individual files, folders, etc., specified by creation or update date and date range (created within the last month, etc.), or by using a so-called desktop search application program. The name of the folder or file or a keyword included in the text can be freely specified, and folders such as “My Documents” and “Desktop” can be set as standard settings according to the type of OS and directory structure. .

[Erase method specification]
The erasing method can also be specified in advance by the agent of the terminal T or by an instruction to the server S. For example, when designating on the terminal T side, the method designation accepting unit 24 of the terminal T inputs the designation of the erasing method used for erasing in the data erasing unit 32 among the data in the storage unit 30 as described above. 20 on the setting screen (method designation receiving process).

  The designation of the erasing method may be performed by providing the method designation accepting means 58 in the server S. In this case, the method designated on the user setting web is stored in the erasing method storing means 78 and transmitted to the terminal T together with the erasing command. Reflected.

  The data erasing method is specifically free, but for example, as the default erasing method, zero writing method (writing with zero value), random number writing method (writing with random value), random number + zero writing method (random number value) , Write with zero value), US National Security Agency (NSA) method, 3 times write (* default at start of erasure), US Department of Defense (DoD5220.22-M) method (3 times write), US US Army method, US Navy method (US Navy), US Air Force method (Air Force), North Atlantic Treaty Organization method (NATO), US Computer Security Center method (NCSC), Gutmann method (35 times in Gutmann method) And so on.

  Further, as an erasing method designated by the user, it is possible to arbitrarily designate the number of overwrites from once to a maximum of 99 times, designate final write data, select a verify method, and the like.

  In this way, by accepting the user's designation for the erasing method, such as the type of zero value or random number writing and the number of times, the user's individual such as whether to give priority to erasure quickness or restoration difficulty Deletion conforming to specific policies and circumstances can be realized.

  As described above, with respect to the function for accepting designation of the erasure target range and erasure method, when both the terminal T and the server S have the designated contents, the designation contents at the terminal T are applied as default settings. It is desirable to handle such that it is given priority when specified.

  Also, when erasing with the target range and erasing method specified as described above, the file to be erased is opened, values are written with the erasing method described above, the file is closed, and finally the file is deleted. As a result, even if the file is recovered by the data recovery utility, the data is destroyed and it becomes difficult to recover the data. Control around the cluster may be performed like commercially available erasing software.

[Display on terminal]
No special screen display is performed during the above data erasure, but a screen pop-up message is displayed to prompt you to connect to the Internet (for example, “A message has arrived. Please connect to the Internet”). It is possible to do.

  In addition, the agent on the PC operates as an always active (resident) process called a service or the like in an OS such as Windows (registered trademark), so that it can acquire the access right to the file to be deleted and execute the deletion on the login screen. However, a setting screen such as a data erasure target range and method, a timer value such as an inquiry cycle, etc. is received by a program such as an appropriate setting application different from such a process.

[Data deletion completion notification and certificate issuance]
The completion of data erasure as described above can be notified from the terminal to the server (steps S25 and S32), and an erasure certificate can be issued based on the notification. In this case, the confirmation information receiving means 62 of the server S receives confirmation information indicating that the erasure command has been received or executed in whole or in part from, for example, the data erasure means 32 of the terminal T that has transmitted the erasure command. Then, it is stored in the confirmation information storage means 80 (confirmation information reception process).

  Then, based on the confirmation information stored in the confirmation information storage means 80, the certificate issuing means 64 transmits an erasure command to the terminal T, or a data erasure certificate that proves that all or part of the data is issued. It is issued by printing or outputting necessary data (certificate issuing process).

  As a specific example, it is desirable that the data erasure completion notification and certificate include, for example, the erasure date / time, the Tracert (trace route) result up to the server, and the erasure log.

  In this way, by issuing a data erasure certificate, it is clear and objective that the information management responsibility has been fulfilled by the erasure for customers and related parties of customer information that was on a PC that has been lost, etc. This makes it easy to maintain and recover trust.

(Electronic proof)
The issuance and shipping of the written certificate as described above may be performed manually to the address registered at the time of user registration, but can be issued electronically. In this case, the certificate issuing unit 64 issues the certificate by issuing an electronic document or using an electronic certificate method using public key cryptography for communication access such as web reference from the outside.

  In this way, by issuing the certificate electronically, the parties concerned can obtain the certificate quickly and easily from anywhere at any time, and can immediately confirm its authenticity by decryption with the public key, etc. It is possible to save costs and time.

  In the example of FIG. 1, the storage units 72, 74, 76, 78, and 80 are integrally configured to have a tree structure. Specifically, one or more machine IDs are assigned to each user ID. Correspondence is associated with ON / OFF of a deletion command for each machine ID. One deletion command is associated with one or more erasure targets, and an erasure method and confirmation information are associated with each erasure target.

[Others]
When the agent is uninstalled or the OS is reinstalled, necessary processing such as deletion or reissue of the machine ID is performed from the user setting web.

The functional block diagram which shows the structure of embodiment of this invention. The flowchart which shows the process sequence in embodiment of this invention.

Explanation of symbols

T ... Terminal (client system)
S ... Server X ... Other terminal 20 ... Input means 22 ... Target designation receiving means 24 ... Method designation receiving means 26 ... Setting storage means 28 ... Erase command receiving means 30 ... Storage means 32 ... Data erasing means 52 ... Registration accepting means 54 ... Erase command accepting means 56 ... Target designation accepting means 58 ... Method designation accepting means 60 ... Erase instruction transmitting means 62 ... Confirmation information receiving means 64 ... Certificate issuing means 72 ... Registration information storage means 74 ... Erase instruction storage means 76 ... Erase Object storage means 78 ... erasure method storage means 80 ... confirmation information storage means

Claims (26)

Operation and data input means;
Storage means for user data;
Means for communicating with a communication network;
A computer control unit;
In a client system having
An erasure command receiving means for receiving a data erasure command from a predetermined external server system via a communication network by the communication means;
A data erasing unit for erasing the data stored in the storage unit when the erasing command receiving unit receives the erasing command;
Is realized by the arithmetic control unit. Target designation accepting means for accepting designation of a target range to be erased by the data erasing means among data in the storage means from the input means or by communication from a communication network by the communication means and storing it in a predetermined setting storage means Is realized by the arithmetic control unit,
The client system according to claim 1, wherein the data erasure unit erases the data in the target range stored in the setting storage unit. The arithmetic control unit realizes a method designation accepting unit that accepts designation of an erasing method in the data erasing unit from the input unit or by communication from a communication network by the communication unit and stores it in a predetermined setting storage unit. ,
The client system according to claim 1, wherein the data erasing unit erases the data according to an erasing method stored in the setting storage unit. The erasure command receiving means periodically attempts to communicate with the predetermined server system through the communication means and the communication network, and confirms that the erasure command is registered after successful communication. The client system according to any one of claims 1 to 3, wherein the erasure instruction is received when the communication cannot be performed for a predetermined time or more. Means for communicating with a communication network;
A computer control unit;
In a server system having
Registration acceptance means for accepting registration by associating a user with a client system, and storing it in a predetermined registration information storage means;
An erasure command accepting unit for accepting an erasure command for data after authenticating the user by accepting access from the user stored in the registration information storage unit by the communication network and the communication unit;
An erasure command transmission means for transmitting the erasure command received by the erasure command reception means to the client system registered by the registration reception means;
Is realized by the arithmetic control unit. The registration receiving means registers a plurality of machine IDs for identifying one or a plurality of client systems in association with one user ID for user identification,
The erase command accepting unit accepts the erase command by specifying a client system to be erased by the machine ID registered by the registration accepting unit,
6. The server system according to claim 5, wherein the erasing command transmission unit transmits the erasing command to the client system corresponding to the machine ID specified by the erasing command reception by the erasing command receiving unit. . Confirmation information receiving means for receiving confirmation information that all or part of the erasure command has been completed from the client system that has transmitted the erasure instruction, and storing the confirmation information in a predetermined confirmation information storage means;
Certificate issuing means for issuing a certificate proving that all or part of the erasure command has been completed to the client system based on the confirmation information stored in the confirmation information storage means;
The server system according to claim 5 or 6, wherein the arithmetic control unit realizes the above. The certificate issuing means issues the certificate by an electronic certificate method using public key cryptography for external access via the communication network and the communication means. 8. The server system according to any one of 7. A client system according to any one of claims 1 to 4;
A server system according to any one of claims 5 to 8,
A data erasure system characterized by combining them. Operation and data input means;
Storage means for user data;
Means for communicating with a communication network;
A computer control unit;
In the control method of the client system having
An erasure command receiving process for receiving a data erasure command from a predetermined external server system via the communication network by the communication means;
A data erasure process for erasing the data stored in the storage means when the erasure instruction is received in the instruction reception process;
Is executed by the arithmetic control unit. In the erasure command receiving process, communication with the control method of the predetermined server system is periodically tried through the communication means and the communication network, and it is confirmed that the erasure command is registered after the successful communication. The client system control method according to claim 10, wherein the erasure command is received when the communication is not performed and when the communication cannot be performed for a predetermined time or longer. Means for communicating with a communication network;
A computer control unit;
In a method for controlling a server system having
A registration reception process in which a user and a client system are associated with each other and registration is received and stored in a predetermined registration information storage unit;
An erasure command acceptance process for accepting a data erasure command after authenticating the user by accepting access from the user stored in the registration information storage means by the communication network and the communication means;
An erasure command transmission process for transmitting the erasure command received in the erasure command reception process to the client system registered by the registration reception unit;
Is executed by the arithmetic control unit. In the registration acceptance process, a plurality of machine IDs for identifying one or a plurality of client systems are registered in association with one user ID for user identification,
In the deletion command reception process, the deletion command is received by specifying a client system to be deleted with the machine ID registered in the registration reception process,
13. The server system according to claim 12, wherein, in the erase command transmission process, the erase command is transmitted to the client system corresponding to the machine ID specified by the erase command reception in the erase command reception process. Control method. The arithmetic and control unit executes a target designation receiving process for accepting designation of a target range to be erased from data on a client system by communication through the communication network and the communication unit and storing it in a predetermined erase target storage unit,
14. The server system control method according to claim 12 or 13, wherein, in the erasure command transmission process, the erasure target range stored in the erasure target storage means is transmitted to the corresponding client system together with the erasure command. . The calculation control unit executes a method designation accepting process for accepting a designation of an erasing method for erasing data on a client system by communication through the communication network and the communication unit and storing it in a predetermined erasing method storage unit,
The server according to any one of claims 12 to 14, wherein, in the erasing command transmission process, the erasing method stored in the erasing method storage unit is transmitted together with the erasing command to a corresponding client system. How to control the system. Confirmation information reception processing for receiving confirmation information that all or part of the erase command is completed from the client system that has transmitted the erase command and storing it in a predetermined confirmation information storage means;
A certificate issuance process for issuing a certificate proving that all or part of the erasure command has been completed to the client system based on the confirmation information stored in the confirmation information storage unit;
The server control method according to claim 12, wherein the arithmetic control unit executes the following. 13. The certificate issuance process, wherein the certificate is issued by an electronic certificate method using public key cryptography for external access via the communication network and the communication means. The server system control method according to claim 16. A method for controlling a client system according to claim 10 or 11,
A server system control method according to any one of claims 12 to 17,
A data erasing method characterized by combining the above. Operation and data input means;
Storage means for user data;
Means for communicating with a communication network;
A computer control unit;
A client system control program comprising:
An erasure command receiving process for receiving a data erasure command from a predetermined external server system via the communication network by the communication means;
A data erasure process for erasing the data stored in the storage means when the erasure instruction is received in the instruction reception process;
Is executed by the arithmetic control unit. In the erasure command receiving process, communication with the control method of the predetermined server system is periodically tried through the communication means and the communication network, and it is confirmed that the erasure command is registered after the successful communication. 20. The control program for a client system according to claim 19, wherein the erasure command is regarded as having been received and when the communication has failed for a predetermined time or more. Target designation acceptance processing for accepting designation of a target range to be erased by the data erasure means among data in the storage means from the input means or by communication from a communication network by the communication means and storing it in a predetermined setting storage means Is executed by the arithmetic control unit,
The control program for a client system according to claim 19 or 20, wherein, in the data erasure process, the data in the target range stored in the setting storage means is erased. The calculation control unit is caused to execute a method designation receiving process in which the designation of the erasing method in the data erasing process is received from the input unit or by communication from the communication network by the communication unit and stored in a predetermined setting storage unit. ,
The control program for a client system according to any one of claims 19 to 21, wherein, in the data erasing process, the data is erased according to an erasing method stored in the setting storage means. Means for communicating with a communication network;
A computer control unit;
A server system control program comprising:
A registration reception process in which a user and a client system are associated with each other and registration is received and stored in a predetermined registration information storage unit;
An erasure command acceptance process for accepting a data erasure command after authenticating the user by accepting access from the user stored in the registration information storage means by the communication network and the communication means;
An erasure command transmission process for transmitting the erasure command received in the erasure command reception process to the client system registered by the registration reception unit;
Is executed by the calculation control unit. In the registration acceptance process, a plurality of machine IDs for identifying one or a plurality of client systems are registered in association with one user ID for user identification,
In the deletion command reception process, the deletion command is received by specifying a client system to be deleted with the machine ID registered in the registration reception process,
24. The server system according to claim 23, wherein, in the erasure command transmission process, the erasure command is transmitted to the client system corresponding to the machine ID specified in the erasure command reception process in the erasure command reception process. Control program. Confirmation information reception processing for receiving confirmation information that all or part of the erase command is completed from the client system that has transmitted the erase command and storing it in a predetermined confirmation information storage means;
A certificate issuance process for issuing a certificate proving that all or part of the erasure command has been completed to the client system based on the confirmation information stored in the confirmation information storage unit;
25. The server system control program according to claim 23 or 24, wherein the calculation control unit is executed. 24. In the certificate issuance processing, the certificate is issued by an electronic certificate method using public key cryptography for external access via the communication network and the communication means. 25. The server system control program according to any one of 25.

Images