1. Field of the Invention
The present invention relates to an expansion unit on which an information processing system, such as a personal computer, is mounted to expand its functions and, in particular, to an expansion unit that provides a LAN connection environment for an information processing system. More specifically, the present invention pertains to an expansion unit that provides a WOL (Wake-up On LAN) function that ensures security (prevention from illegal access through a network) for an information processing system.
2. Prior Art
Recently, the term xe2x80x9cnetwork computingxe2x80x9d is frequently appearing in a variety of media, such as newspapers and magazines.
xe2x80x9cNetwork computingxe2x80x9d as is literally defined, is an environment wherein a plurality of computers and peripheral devices are connected through a communication medium (either by wire or wireless). The xe2x80x9cnetworkxe2x80x9d is a communication network for exchanging data between computers. The form of network varies from a local network, such as a LAN (Local Area Network), to a wide range network, such as a public switched telephone network (PSTN), and to the xe2x80x9cInternet,xe2x80x9d which is a huge, global network as the result of the interconnection of servers. A computer system that serves as DTE (Data Terminal Equipment) is connected to a network through a DCE (Data Circuit Terminal Equipment). The DCE is a modem (Modulator/Demodulator) for an analog network, such as the PSTN, or a TA (Terminal Adapter) for an ISDN (Integrated Services Digital Network), or a LAN adapter (e.g., an ethernet card or a token ring card) for a LAN. The DTE is a dedicated terminal connected to the network through the DCE, or may be a general purpose computer system (e.g., IBM PC/AT compatible machine [xe2x80x9cPC/ATxe2x80x9d is a trademark of IBM Corp]).
A LAN is a network that is voluntarily managed by an independent association, such as a university or an institute, and is a minimum network unit covering only a relatively small area, such as an in-house area. As LANs have been supported by reductions in prices of communication devices and the enhancement of communication software, which have been accompanied by the developments of semiconductor techniques, LANs have come to be widely employed in the development and research environments for the sharing of computer resources and the sharing and distribution of information.
There are two forms of LANs: a peer-to-peer-based LAN and a client-server-based LAN. For a peer-to-peer-based LAN, The DTEs that are linked together are equals and can share their resources; a user at a specific DTE can use a disk or a printer owned by another LAN user. For a client-server-based LAN, one machine on the LAN serves as a dedicated server and is used in common by other LAN users (i.e., clients). In a client-server-based LAN, a server that provides a service and a client that receives the service perform synchronized processing by using a remote procedure call (RPC).
Lately, the client-server-based method, whereby general-purpose computers (PCs) are linked together, has become the main computing network system, partially because of the following advantages it offers.
(1) Since necessary software is installed for each client PC, individual users can perform their desired jobs.
(2) Data or files to be used in common are loaded in a server, and use of a printer connected to the server can be shared by the users on the network.
(3) Software, such as groupware, is installed in a server, and a process can be performed corresponding to that performed by a workgroup.
However, since information is excessively distributed on the client side (i.e., the sizes of the clients are too much increased), a problem has arisen in that on the client side an enormous amount of money is required for the maintenance and the management of the system. For example, each time the version of an OS or an application is upgraded, much time and effort must be expended for the installation and setup of each PC. A reduction in the general costs associated with a network; i.e., the total cost of ownership (TCO), is an urgent necessity.
To reduce the TCO, one idea is to centralize at the server; the management of the software resources on the network. In this case, for example, only a program located at the server would have to be updated in order to automatically update programs used by the clients. By centralizing the management at the server, the occurrence of problems due the operating errors of clients can be prevented, and the management costs; i.e., the TCO, can be reduced.
A method by which to reduce the TCO involves the employment of a WOL; i.e., a xe2x80x9cWake-up ON LANxe2x80x9d to control the system configuration of clients through a network. At night, when an office is unoccupied, individual client systems on a network that are in the power-off state are automatically activated, so that new applications can be installed in the individual systems and old applications can be updated or replaced.
To implement the WOL, a DCE to be linked with a network; i.e., a LAN, must include the WOL function. When a DTE, a user""s terminal, is a general-purpose computer, the DCE is provided in the form of a LAN adapter card. The adapter card can generally be plugged into one of the bus slots on a computer (motherboard). Implementation of the WOL function is accomplished by another function that automatically activates a computer system through a network; i.e., through the LAN.
As the employment of computer systems has spread, attention has come to be focused on the security problem. While various types of electronic apparatuses, such as notebook PCs, are now more compactly made and are light and more easily carried, as a side effect of those advantages, the apparatuses are more susceptible to theft and illegal use. To prevent physical theft, various locking mechanisms are provided for the apparatuses. A mechanism using a so-called xe2x80x9cKensington lockxe2x80x9d is a typical example. The xe2x80x9cKensington lockxe2x80x9d is disclosed in, for example, U.S. Pat. No. 5,381,685 (Japanese Patent Publication No. Hei 6-511297), but since the locking is not directly related to the present invention, no further explanation for it will be given.
The security problem with computer systems is not only at the physical level, but has been expanded and now also constitutes a software problem not recognized or addressed in the prior art, in that data are illegally copied or destroyed as the result of unauthorized system accesses. When the above described WOL function is employed, for example, an unauthorized skillful user could arbitrarily enter a client system by remote control during a time period in which an office is unoccupied, and use the computer system illegally. In other words, for security, a computer system incorporating the WOL function requires another function for limiting the automatic activation of the system through the LAN.
It is, therefore, one object of the present invention to provide a superior expansion unit that provides a LAN connection environment for an information processing system mounted thereon, and an information processing system to be mounted on such an expansion unit.
It is another object of the present invention to provide a superior expansion unit that provides a WOL (Wake-up On LAN) function that ensures the security (the protection from unauthorized access through a network) of an information processing system, and an information processing system to be mounted on such an expansion unit.
It is an additional object of the present invention to provide a superior expansion unit that implements a WOL security function for notebook PCs in a multi-user environment wherein one expansion unit is used in common by an unspecified number of notebook PCs, and an information processing system to be mounted on such an expansion unit.
It is a further object of the present invention to provide an expansion unit that implements a WOL security function at a low cost in a multi-user environment wherein one expansion unit is used in common by an unspecified number of notebook PCs, and an information processing system to be mounted on such an expansion unit.
To achieve the above objects, according to a first aspect of the present invention, an expansion unit for expanding the function of an information processing system mounted thereon, comprises: (a) a network adapter, connected to a network, for asserting a wake signal in response to the receipt of a wake-up packet through the network; (b) a wake status register for storing a status attesting to whether or not a wake-up through the network is permitted, the wake status register being accessible to the information processing system mounted on the expansion unit; (c) a logic circuit for, in response to the assertion of the wake signal, instructing that the information processing system be powered on when the wake-up through the network is permitted, and for ignoring the assertion of the wake signal when the wake-up through the network is inhibited; and (d) a power unit for providing constant power supply to the network adapter and the logic circuit.
A value indicating that the wake-up through the network is permitted may be set for the wake status register either when the information processing system is detached from the expansion unit, when the logic circuit is initialized, or when the information processing system accesses writing.
According to a second aspect of the present invention, an expansion unit for expanding the function of an information processing system mounted thereon, comprises: (a) a LAN adapter, being connected to a LAN, for asserting a WOL signal in response to the receipt of a wake-up packet through the LAN; (b) a WOL status register for storing a status attesting to whether or not a wake-up (WOL) through the LAN is permitted, the wake status register being I/O accessible by the information processing system mounted on the expansion unit; (c) a logic circuit for, in response to the assertion of the WOL signal, instructing that the information processing system be powered on if the WOL through the LAN is permitted, and for ignoring the assertion of the WOL signal if the WOL through the LAN is inhibited; and (d) a power unit for providing a constant power supply to the LAN adapter and the logic circuit.
A value indicating that the WOL through the LAN is permitted may be set for the WOL status register either when the information processing system is detached from the expansion unit, when the logic circuit is initialized, or when the information processing system performs I/O writing.
According to a third aspect of the present invention, the information processing system, which can be mounted on the expansion unit according to the first aspect, comprises: a nonvolatile, security status storage device for storing a network security level imposed on the system; and security operation sequence means for referring to the security status storage device in response to a power-on instruction from the expansion unit, and for performing a power-on sequence in accordance with the power-on instruction when the security level is released, or for ignoring the power-on instruction and halting the sequence if the security level is set.
According to a fourth aspect of the present invention, the information processing system, which can be mounted on the expansion unit according to the first aspect, comprises: a processor for executing a software program; a memory for temporarily storing program code or data currently processing; an external storage device; a user entry device; an output device for outputting processed data; a nonvolatile, security status storage device for storing a network security level imposed on the system; and security operation sequence means for referring to the security status storage device in response to a power-on instruction from the expansion unit, and for performing a power-on sequence according to the power-on instruction when the security level is released, or for ignoring the power-on instruction and halting the power-on sequence if the security level is set.
In the information processing system according to the third or the fourth aspect, when the power-on sequence is halted in response to when the security level in the security status storage device being set, the security operation sequence means may write, in the wake status register of the expansion unit, a value for inhibiting the wake-up.
According to a fifth aspect of the present invention, the information processing system, which can be mounted on the expansion unit according to the second aspect, comprises: a nonvolatile, security status storage device for storing a WOL security level imposed on the system; and security operation sequence means for referring to the security status storage device in response to a power-on instruction from the expansion unit, and for performing a power-on sequence in accordance with the power-on instruction when the security level is released, or for ignoring the power-on instruction and halting the power-on sequence if the security level is set.
According to a sixth aspect of the present invention, the information processing system, which can be mounted on the expansion unit according to the second aspect, comprises: a processor for executing a software program; a memory for temporarily storing program code or data currently processing; an external storage device; a user entry device; an output device for outputting processed data; a nonvolatile, security status storage device for storing a WOL security level imposed on the system; and security operation sequence means for referring to the security status storage device in response to a power-on instruction from the expansion unit, and for performing a power-on sequence according to the power-on instruction when the security level is released, or for ignoring the power-on instruction and halting the power-on sequence if the security level is set.
In the information processing system according to the fifth or the sixth aspect, when the power-on sequence is halted in response to when the security level in the security status storage device being set, the security operation sequence means may perform an I/O access to the WOL status register of the expansion unit, to write a value for inhibiting the wake-up.
According to a seventh aspect of the present invention, provided is a method for controlling the information processing system that can be mounted on the expansion unit according to the first aspect and that includes a nonvolatile, security status storage device for storing a network security level imposed on the system, the method comprising the steps of: (a) referring to the security status storage device in response to a power-on instruction from the expansion unit while the power supply is halted; (b) performing a power-on sequence in accordance with the power-on instruction when the security level is released; and (c) ignoring the power-on instruction and halting the power-on sequence when the security level is set.
When step (c) is performed, a step (d) at which the security operation sequence means writes, in the wake status register of the expansion unit, a value for inhibiting a wake-up.
According to an eighth aspect of the present invention, provided is a method for controlling the information processing system that can be mounted on the expansion unit according to the second aspect and that includes a nonvolatile, security status storage device for storing a WOL security level imposed on the system, the method comprising the steps of: (a) referring to the security status storage device in response to a power-on instruction from the expansion unit while the power supply is halted; (b) performing a power-on sequence in accordance with the power-on instruction when the security level is released; and (c) ignoring the power-on instruction and halting the power-on sequence when the security level is set.
When step (c) is performed, a step (d) at which the security operation sequence means performs an I/O access to the WOL status register of the expansion unit, to write a value for inhibiting a wake-up.
According to a ninth aspect of the present invention, an expansion unit, which provides a network connection function for an external computer system comprises: (a) a connecter for an electrical connection with the external computer system; (b) a network adapter connected to the network, for asserting a wake signal in response to a wake-up packet received from the network, the network adapter having an automatic activation function effected through the network; (c) a logic circuit for issuing a power-on instruction to the external computer system in response to the assertion of the wake signal; and (d) masking means for, in accordance with a setup by the external computer system, masking an operation performed in response to the wake signal issued by the logic circuit.
According to the tenth aspect of the present invention, an expansion unit, which provides a LAN connection function for an external computer system, comprises: (a) a connecter for an electrical connection with the external computer system; (b) a LAN, adapter, connected to the LAN, for asserting a WOL signal in response to a wake-up packet received from the LAN, the LAN adapter having a WOL function; (c) a logic circuit for issuing a power-on instruction to the external computer system in response to the assertion of the WOL signal; and (d) masking means for, in accordance with a setup by the external computer system, masking an operation performed in response to the WOL signal issued by the logic circuit.
Other objects, features and advantages of the present invention will become apparent during the course of the following detailed description of the preferred embodiment, given while referring to the accompanying drawings.