CN102089765A

CN102089765A - Authentication for access to software development kit for a peripheral device

Info

Publication number: CN102089765A
Application number: CN200980127311.1A
Authority: CN
Inventors: 严梅; 杨介豪; 巴曼.卡瓦米; 法西德.萨比特-沙吉; 帕特里夏.德怀尔; 袁珀
Original assignee: SanDisk Corp
Current assignee: SanDisk Corp
Priority date: 2008-05-21
Filing date: 2009-04-30
Publication date: 2011-06-08
Also published as: KR20110033112A; WO2009142689A1; EP2294528A1; TW201003457A; JP2011523481A

Abstract

A set of code for a peripheral device is installed on a host device. The set of code is used to control access to the peripheral device from the host device. The set of code also contains one or more subsets of code that can be used by software entities on the host device for access to the peripheral device. A software entity on a host device must be successfully authenticated with the set of code installed on the host device. Once the software entity is successfully authenticated, the set of code will provide access to the one or more subsets of code specific to the software entity. The one or more subsets of code can be used by the software entity to access the peripheral device.

Description

Checking to the visit of the software development kit of peripherals

Technical field

The present invention relates to the technology of safe peripherals.

Background technology

Along with technical progress, preventing has become bigger concern to the unauthorized access of safety peripherals.The example of safe peripherals can be a storage component part, must be protected not by unauthorized use because comprise the storage component part of secure content.

Semiconductor memory has become and more has been widely used in the various electronic equipments.For example, nonvolatile semiconductor memory is used in cell phone, digital camera, mobile media player, personal digital assistant, mobile computing device, non-moving computing equipment and other equipment and uses.

The content that protection is stored on Nonvolatile semiconductor memory device has become key character, is especially relating to protection when the material of copyright (copyrighted) is arranged.For example, the user can be by the content that copyright is arranged of electronic equipment purchase such as music.Content owner generally only wants to allow the buyer use content, and may require the content bought only by the mandate on the electronic equipment use, such as be used for buying content should be used for play.

Can use and carry out safely canned data such as the various resist technologies of encrypting and protect with unauthorized use at secure content.The application of attempting to visit on the equipment of encrypted content must use encryption key to come decryption content before content can be read.The application that is authorized to visit encrypted content will have the suitable encryption key that is used for decryption content.Unauthorized application may still can be visited encrypted content, but does not have suitable encryption key, and unauthorized application can not reading of content.Yet, obtaining encryption key if use, unauthorized application can be read shielded content.Existence is to the needs of the mode of the improvement that prevents the protected content on the unauthorized application access safety peripherals on the electronic equipment, simplification and safety.

Summary of the invention

Technology described herein is the checking about the application on the main process equipment, application launcher (launcher) or other software entitys, to prevent the unauthorized access to safety peripherals.Use any authentication mechanism, utilize the incompatible verifying software entity of code set on the main process equipment.Code collection is associated with peripherals, and is installed on the main process equipment with the visit of control to peripherals.Code collection also comprises the code that software entity on the main process equipment can be used for carrying out being associated with peripherals of task.In case software entity is by good authentication, the code that code collection just will make software entity can be used for carrying out being associated with peripherals of task can be used software entity.

An embodiment comprises the process that relates to the code collection that installation is associated with safe peripherals on main process equipment, and wherein this code collection comprises the code that is used for operation peripherals on main process equipment, as is used for the code of device driver.This code collection is used to verify first software entity on the main process equipment.This process also comprises if first software entity by good authentication, appears the part of code collection to first software entity, comprises appearing the code that allows first software entity to communicate by letter with peripherals.

An embodiment of proof procedure comprises: the user of first software entity from the main process equipment receives the first task request that is associated with safe peripherals.Send certificate (credential) from first software entity to the code collection of on main process equipment, installing at peripherals.This process also comprises if certificate is effective, and the part of fetcher code set comprises that visit is associated with first software entity, as to allow first software entity execution first task code.This code collection comprises the code of the task that the one or more software entitys execution on the permission main process equipment are associated with peripherals.First software entity uses the part of this code collection to send the information that is associated with first task.

An embodiment of proof procedure comprises: when the first software entity request accessed peripheral on the main process equipment, send one or more verification options to first software entity.These one or more verification options are sent to first software entity from the code collection of installing at peripherals on main process equipment.This code collection comprises the code that is associated with one or more software entitys on the main process equipment.This code collection is from the first software entity acceptance certificate.Certificate is associated with one of one or more verification options.This process also comprises if certificate is effective, and the visit to the first code that is associated with first software entity is provided.First code allows accessed peripheral, and is the part of code collection.

An embodiment comprises: safe peripherals and the main process equipment of communicating by letter with peripherals.This main process equipment comprises and is applicable to the one or more processors of control to the visit of peripherals.These one or more processors are also managed the code collection of installing at peripherals by control to the visit of code collection on main process equipment, wherein this code collection allows in peripherals and the communication between the one or more software entitys on the main process equipment.These one or more processors are confirmed the certificate from first software entity on the main process equipment, and if certificate effective, appear sub-set of codes to first software entity from this code collection, wherein sub-set of codes is associated with first software entity.

An embodiment comprises: cipher engine and with main process equipment that cipher engine is communicated by letter on one or more processors.Cipher engine is confirmed the certificate from first software entity on the main process equipment.One or more processor interceptions are to the visit of safety peripherals.These one or more processors also receive the certificate from first software entity, and if certificate effective, appear the code that is associated with first software entity.When this one or more processor run time version, these one or more processors allow the first software entity accessed peripheral.

An embodiment comprises the one or more processor readable mediums that have the processor readable code respectively, and wherein the processor readable code makes one or more processor manners of execution.This method comprises: when the first software entity request accessed peripheral on the main process equipment, send one or more verification options to first software entity, comprise from the code collection of on main process equipment, installing sending one or more verification options that wherein code collection comprises the code that is associated with one or more software entitys on the main process equipment to first software entity at peripherals.This code collection is from the first software acceptance certificate.This certificate is associated with one of one or more verification options.This method also comprises if certificate is effective, and the visit to the first code that is associated with first software entity is provided.This first code allows the visit to peripherals, and is the part of code collection.

Description of drawings

Fig. 1 is the block diagram of the main process equipment before the SDK that is used for safe peripherals is mounted.

Fig. 2 is a process flow diagram of describing a processing that is used to dispose the SDK that is associated with safe peripherals.

Fig. 3 has described the example of safe peripherals SDK.

Fig. 4 describes the process flow diagram that is used for safety peripherals is loaded into a processing of main process equipment.

Fig. 5 is the block diagram that is depicted in the embodiment that the SDK main process equipment afterwards that is used for safe peripherals has been installed.

Fig. 6 is the block diagram that is depicted in the embodiment that the code main process equipment assembly before that is used for the safe storage device is installed.

Fig. 7 is the block diagram of an embodiment of describing the assembly of main process equipment and safe storage device.

Fig. 8 is the block diagram of the embodiment of storage component part SDK.

Fig. 9 is a block diagram of describing an embodiment of safe storage device.

Figure 10 is the block diagram of an embodiment of describing to be used for the firmware module of safe storage device.

Figure 11 has described an example of the subregion in the safe storage device.

Figure 12 is an example that is used for the application API that the SDK of storage component part comprises.

Figure 13 is a process flow diagram of describing a processing that is used for access security peripherals.

Figure 14 describes the process flow diagram that is used for an embodiment of the processing of registration software entity on main process equipment.

Figure 15 A-C is the process flow diagram of the different verification methods that can carry out of SDK.

Figure 16 has described an example of registration process.

Figure 17 has described an example of the software entity that success is registered on main process equipment.

Figure 18 describes the process flow diagram that is used for an embodiment of the processing of storage protected content on storage component part.

Figure 19 is a process flow diagram of describing an embodiment of the processing that is used for the protected content on the reference-to storage device.

Figure 20 is a process flow diagram of describing an embodiment of the processing be used for nullifying (unregister) software entity.

Embodiment

Disclosed technology provides the secure access to peripherals by realize security features on main process equipment.Peripherals can be any equipment via the main process equipment operation, as storage component part, printer, keyboard etc.The software that is used for peripherals must be installed in main process equipment, so that operate peripherals on main process equipment.This software is the code collection of installing on main process equipment that is used for software development kit (sdk), as dynamic link library (DLL) or static library (LIB), is used for maybe should being used for operating peripherals via the one or more software entitys on the main process equipment.Many times, for example, depend on the authority of function and application of type, the application of application, the different application on the main process equipment will need different API to visit peripherals.When the user via using when main process equipment sends task requests and this task requests and relates to visit to peripherals, the SDK that is used for this peripherals will verify (authenticate) this application, and confirm that (verify) this application is authorized to visit this peripherals.If be proved to be successful, then SDK will only appear those API that (expose) is used for this application-specific.SDK will not appear the API that uses uncommitted visit.Application can use the specific API that is appeared that is used for this application to send and the request of executing the task.This has increased the security of peripherals, and prevents the unauthorized access of other application to API.

Fig. 1 has described an example of the main process equipment 255 before the code collection of the SDK that is used for peripherals is mounted.Main process equipment 255 has application 105, storer 260 and host CPU 165.Main process equipment 100 can be any electronic equipment, as cell phone, PC, digital camera, mobile media player, personal digital assistant, mobile computing device, non-moving computing equipment and other equipment.Using 105 can be any software entity that uses on main process equipment, as calendar, document viewer, media player or the like.Using 105 also can be any software entity that is used for starting application.Storer 260 can be the storer of main process equipment 255 any kind that may need.Host CPU 165 can be the processor that is used for any kind of operating host equipment 255.

When the software developer at will create SDK the time by the peripherals operated such as the main process equipment of the main process equipment 255 that Fig. 1 painted, can maybe should be used for disposing SDK software at each software entity that will need accessed peripheral on the main process equipment.Many times, the software entity on the main process equipment may be had or created by the particular customer with various demands and preference.Can be based on each software entity/application or client's demand and preference, dispose SDK such as the authority preference or the function of client's application.Be based on Fig. 2 different application and/or customer demand and preference dispose the process flow diagram of a processing of the code collection that is used for SDK.In step 190, will dispose the specific SDK software that is used for each application and/or client based on application and/or client's specific requirement by the SDK software developer.For example, the code collection that is used for the SDK by client's application access peripherals generally need be with the API that uses with the peripherals interfaces.Can such as being configured to, SDK for example before the peripherals quilt, need application verification based on customer priorities for using the SDK software that configuration particularly is used to visit these API.SDK is configured to determine which API each application will require to visit.In step 195, will dispose the SDK software that is used to operate peripherals based on the specific desired API of SDK software that is used for each application/client that in step 190, carries out.This can comprise for example needed any SDK software modification of the desired any safety features of each application/client.In case disposed the SDK software that is used to operate peripherals, SDK just will use in step 190 for all softwares (for example, verifying desired security software) of each application and/or client's configuration and on main process equipment required any other software of operation peripherals, be included in the software of customization in the step 195 and suitably work.

Fig. 3 has described to be used for an example of the code collection of the peripherals SDK that disposes according to the processing described in Fig. 2.Peripherals SDK 330 comprises such as safe floor 125, be used to use the sub-set of codes of API and the device driver 140 of 1-3.The code collection that is used for SDK can be dynamic link library (DLL) or static library (LIB).Safe floor 125 comprises the software that is used to verify the different application of attempting accessed peripheral.Safe floor 125 can be the part of the SDK software that disposes as described in the step 195 of Fig. 2.For example, if be used to use 1 the extra checking feature of API262 needs, then can dispose safe floor 125.Safe floor 125 will discuss in more detail in the back.The API that is used to use 1-3 is that each application must make and is used for the API that communicates by letter with peripherals.Can dispose these API based on the customer priorities of each application, as described in the step 190 of Fig. 2.For example, being used for using 1 API 262 can be API for application 105 customizations of the main process equipment 255 of Fig. 1.Device driver 140 is the software that allows peripherals suitably to operate on main process equipment.

Fig. 4 describes the process flow diagram that is used for the processing of the SDK shown in the installation diagram 3 on main process equipment.In the step 170 of Fig. 4, safe peripherals is connected to main process equipment.When safety peripherals was connected to main process equipment, the SDK that is used for handling safety peripherals was loaded and is installed to main process equipment (step 175).This SDK can be stored in the storer of safe peripherals.SDK comprise be used for to the host CPU on main process equipment programming in case handling safety peripherals software, make to prevent unauthorized access.In case the SDK code collection is suitably loaded and is installed on the main process equipment, just can utilize safe peripherals operating host equipment (step 180).

Note, in certain embodiments, only during concrete safe peripherals is connected to main process equipment for the first time to this concrete safe peripherals execution in step 175.In case SDK is installed on the main process equipment during connect the first time of safety peripherals, then the SDK of this concrete peripherals need not to install once more when reconnecting to main process equipment at every turn.In other embodiments, when being connected to main process equipment, each safe peripherals loads and installs SDK.

In one embodiment, before operating system is installed on the main process equipment, on main process equipment, load and install in advance the SDK that is used for handling safety peripherals.In the case, can be by using SDK through operating system activation or selection SDK.Thereby step 175 need not to carry out as the part of the processing of Fig. 4.In another embodiment, after the operating system that main process equipment has been installed, load and install in advance the SDK that is used for handling safety peripherals.Equally, in the case, step 175 need not to carry out as the part of the processing of Fig. 4.

Fig. 5 is illustrated in an embodiment who has the main process equipment 255 of safe peripherals 145 after the code collection of the SDK 330 that Fig. 3 has been installed.Main process equipment 255 comprises the assembly (safe floor 125, be used to use API and the device driver 140 of 1-3) of original component shown in Figure 1 (use 105, storer 260 and host CPU 165) and SDK 330 shown in Figure 3.When the user of main process equipment 255 relates to the task of safe peripherals 145 via 105 requests of using, safe floor 125 will make host CPU 165 checkings use 105.Use 105 if utilized safe floor 125 good authentications, then safe floor will appear the specific child group that is used to use 105 API, if be to use 1 such as using 105, then appear and will be used to use 1 API 262.Using 105 then can use this subclass of SDK code collection via device driver 140 task requests is sent to safe peripherals 145.Using 105 also can use those API to carry out user's task requests.

In order more specifically to describe the SDK process of accessed peripheral safely by being used for peripherals, with the example of storage component part safe in utilization as peripherals.Yet, notice that peripherals can be any peripherals, and is not limited to the example of storage component part described below.

Fig. 6 is illustrated in the embodiment that the SDK that is used for the safe storage device is mounted the assembly of main process equipment 100 before.Usually, the content of the user of main process equipment 100 by on main process equipment 100, storing such as the software entity visit of using 105.Examples of applications on the main process equipment 100 is included on the main process equipment 100 media player preserved, calendar, address book or the like.Application also can be the executable code on the main process equipment, is used for being enabled in the application (just media player, calendar, address book or the like) of storing in the position different with the executable code on the main process equipment 100.For example, application can be used for being enabled in the media player applications that preserve or that preserve in the different piece of storer of main process equipment 100 on the peripherals that is connected to main process equipment 100 in main process equipment.The contents of using application 105 visits or preserving can comprise the content such as application, medium, schedule information or contact details etc.

Use 105 use host stores manager 110 on the operating system of main process equipments 100 to visit or storage host equipment 100 or any other peripherals, such as the content on the removable storage component part.Host stores manager 110 be main control system equipment 100 visit and memory function, be included in the main process equipment 100 and the component software on the operating system of visit between any peripherals and storage, as will be described in more detail below.

Fig. 6 also illustrates host stores manager 110 and as the host file system 130 of the assembly of host stores manager 110 management.Host stores manager 110 uses host CPU 165 visit host file system 130.Host file system 130 is stored in the storer on the main process equipment 100, and is used for locating and being stored on the main process equipment 100 and the content of storing in any peripherals.As user during from main process equipment 100 request contents, host stores manager 110 will use host file system 130 these contents of location.When the user asks memory contents, host stores manager 110 will use host file system 130 to store this content in position.

In addition, the content of storage can be encrypted to protect on the main process equipment 100.Main process equipment can comprise host cryptographic engine 185, and it can have random number generator and can support cipher processor such as the cryptographic algorithm of symmetric cryptography (being AES, DES, 3DES or the like), cryptographic Hash function (being SHA-1 etc.), asymmetric encryption (PKI, key to generate etc.) or any other cryptographic methods.

Fig. 7 is illustrated in the code collection that is used for peripherals 330 has been utilized the main process equipment 100 of safe storage device 145 work after suitably loading and be installed on the main process equipment 100 a example.In one embodiment, safe peripherals is removable memory device, is used for storing the content in security partitioning that can be stored in the safe storage device or the public partition that can be stored in the safe storage device.The safe storage device can be the storage component part of any kind, as mass storage device, non-volatile flash memory device etc.The safe storage device is protected at the unauthorized access of the content of storing in the security partitioning of safe storage device.If the content of storing in the public part of safe storage device is protected, the safe storage device can also be protected at the unauthorized access of this content.If content is encrypted, then in the safe storage device, protect content.If content is not encrypted and be stored in the public partition, then in the safe storage device, do not protect this content.If main process equipment has the due authority that is associated with content on the safe storage device, such as allowing to encrypt or the authority of decryption content, this content can be visited and store to main process equipment.

In Fig. 7, main process equipment 100 physically is connected to safe storage device 145 by physical interface 142.Use 105, host CPU 165, main process equipment cipher engine 185, host stores manager 110 and host file system 130 are the component software on as shown in Figure 6 the main process equipment 100.Peripherals SDK 330 is code collections of installing on main process equipment 100, and is used for utilizing main process equipment 100 handling safety peripherals 145.Peripherals SDK 330 peripherals API 120 safe in utilization, peripherals SDK safe floor 125, host file system 130, registration form 285, SDK cryptographic libraries 168 and secure file system 135 are managed access to content and the storage for safe storage device 145.Safe peripherals API 120, peripherals SDK safe floor 125, registration form 285, SDK cryptographic libraries 168, secure file system 135 and device driver 140 are to load and be installed to component software on the main process equipment from the code collection of the SDK of safe storage device 145, as described in the step 175 of Fig. 4.Open channel 150 and safe lane 155 are the data buss that are used for transmitting content between main process equipment 100 and safe storage device 145.

Safe storage device 145 use at safe storage device 145 on main process equipment 100 installed software control to the visit and the storage of content.This software comprises the storehouse described in the step 175 of Fig. 2, and perhaps they can be preassembled storehouses on main process equipment.Be loaded and be installed in SDK storehouse on the main process equipment and can be dynamic link library (DLL) or static library (LIB) in the operating system that can be integrated on the main process equipment.The code collection of SDK is provided to the hook (hook) in the host stores manager 110, is used for the safe operation of safe storage device 145.For example, can be inserted into the call chain that is used for calling host file system 130 from the sub-set of codes in the code collection of peripherals SDK, how 165 controls visit and memory contents thereby this code makes host CPU.In Fig. 7, peripherals SDK safe floor 125, safe peripherals API 120, secure file system 135, registration form 285, SDK cryptographic libraries 168 and device driver 140 are to use on main process equipment 100 installed device driver 140 to offer the sub-set of codes of main process equipment by the code collection that is used for safe peripherals SDK.

As shown in Figure 7, the user can be by the content of storing in safe storage device 145 such as the software entity visit of the application on the main process equipment 105.For the protected content of storage in safe storage device 145, at first need checking use 105 before can accessed content, as described in more detail below.

Use 105 use host stores manager 110 on the operating system of main process equipments to visit or storage security storage component part 145 in content.The visit and the memory function of host stores manager 110 main control system equipment are included in visit and storage in main process equipment and the safe storage device 145.

Usually, the host file system 130 main control system equipment on the operating system of host stores manager 110 uses main process equipment as described in Figure 6 or the visit and the memory function of any peripherals.Host file system 130 can be any standard file system, as FAT12, FAT16, FAT32, NTFS etc.Yet, for safe storage device 145, the peripherals SDK 330 of safe storage device 145 uses visit and memory function on the peripherals SDK safe floor 125 main control system equipment by using secure file system 135 at safe storage device 145.Use 105 and only allow when the good authentication visit to secure file system 135 is controlled in the specific visit that is used to use 105 API by checking.These API allow the suitable interface of secure file system 135.Secure file system 135 is installed in and is used for safe storage device 145 on the main process equipment 100, and is the file system at the content of storage in safe storage device 145.Secure file system 135 can be any standard file system, as FAT12, FAT16, FAT32, NTFS etc.

Load and install the software that is used for peripherals SDK safe floor 125 as the part of the SDK that in the step 175 of Fig. 2, loads and install.Peripherals SDK safe floor 125 makes host CPU 165 checkings use 105.Use 105 by good authentication after, use 105 and will be registered in the registration form 285.Peripherals SDK safe floor 125 also provides application handle (handler) to using 105.Use handle indication application 105 and be allowed to visit which API.To describe below about the checking carried out by peripherals SDK safe floor 125 and the more details of enrollment process.

When the user asks accessed contents by application 105, peripherals SDK safe floor 125 will provide after good authentication from the required proper A PI of safe storage device 145 accessed contents, as safety peripherals API 120.Use the API that is visited, use 105 and can be received in the content of storing in the safe storage device 145 by the permission (permission) that visit is associated with content.For protected content; head (header) is stored with content, and the head content metadata that comprises the information that is associated with content such as the domain information relevant with the contents encryption key that is used for the encryption and decryption content (CEK) and can indicate the content of having stored what type.

Safe peripherals API (application programming interfaces) 120 among the peripherals SDK 330 be used in content accessed or when storage with safe peripherals 145 with use 105 interfaces.Safe peripherals API 120 is parts of the SDK that installed, and can call by using 105 during by good authentication using 105.Safe peripherals API 120 is the interface bridge between peripherals SDK safe floor 125 and the secure file system 135.

In case content (file) in file system safe in utilization 135 location or filing, just can use device driver 140 on the main process equipment on safe storage device 145, to visit or memory contents in place.This carries out by the physical interface 142 that has physically connected main process equipment 100 and safe storage device 145.Can channel 155 safe in utilization or open channel 150 visit or memory contentss.Peripherals SDK 330 determines channel 155 safe in utilization still to be that open channel 150 transmits content between safety peripherals 145 and main process equipment.

When the user by using 105 request storages not during shielded content, peripherals SDK330 will use host file system 130 to store these contents.If the user asks the storage should be in safety peripherals 145 during protected content, peripherals SDK 330 is with file system 135 these contents of storage safe in utilization.

Safe peripherals API (application programming interfaces) 120 among the peripherals SDK 330 be used at protected content accessed or when storage with safe peripherals 145 with use 105 interfaces.Safe peripherals API 120 is parts of the SDK that installed, and can call by using 105 during by good authentication using 105.Safe peripherals API 120 is the interface bridge between peripherals SDK safe floor 125 and the secure file system 135.

In case use host file system 130 or secure file system 135 location or filing (file) content, just can use device driver 140 on the main process equipment on safety peripherals 145, to visit or memory contents in place.This carries out by the physical interface 142 that physically connects main process equipment 100 and safe storage device 145.Can channel 155 safe in utilization or open channel 150 visit or memory contentss.Peripherals SDK safe floor 125 determines channel 155 safe in utilization still to be that open channel 150 transmits content between safety peripherals 145 and main process equipment.

Session key is to be used for the encryption key of before transmitting content between main process equipment and safe storage device encrypted content.If content need not by the safe lane transmission, then can be the session key that be associated with content, perhaps the session key that is associated with this content can be indicated and be need not to encrypt.

If content and indication should be safe in utilization channel 155 session key that transmits contents be associated, then will before transmitting contents, use the session key content by safe lane 155.In case transmitted encrypted content, just will use identical session key to decipher this content.Use SDK cryptographic libraries 168 on main process equipment 100, to encrypt or decryption content.SDK cryptographic libraries 168 comprises random number generator and is used for cipher function (function) such as the encryption of symmetric cryptography (being AES, DES, 3DES etc.), cryptographic Hash function (being SHA-1 etc.), asymmetric encryption (PKI, key to generate etc.) or any other cryptographic methods.Safe peripherals 145 has its cipher engine, is used for encrypting on safe storage device 145 before or after transmitting content, as being described in more detail at Figure 11.If session key indication should use open channel 150 to transmit contents, then transmit content and do not encrypt this content.

For the main process equipment that does not have installing peripherals SDK, main process equipment may can be visited the content of storing in public partition.If content is protected, though equipment may can be visited this content so, if this content is encrypted, equipment can not correctly read this content.If content is stored in the security partitioning, then equipment can not be visited this content.

Fig. 8 illustrates the example of the software that comprises in the peripherals SDK 330 that peripherals is installed when being as shown in Figure 7 safe storage device on main process equipment 100.Equally, peripherals is not limited to the example of storage component part.Peripherals SDK 330 is the storehouses of installing on main process equipment 100, and comprise the software that is used for operation safe storage device 145 on main process equipment 100, as peripherals API260, peripherals SDK safe floor 125, device driver 140, secure file system 135, SDK cryptographic libraries 168 and registration form 285.Yet peripherals SDK 330 is not limited only to this software.

Using API 260 is API that any application by the application in Fig. 7 105 is used.These API comprise the API that is used to verify, in case and they also comprise and are used for will using when good authentication is used and secure file system 135 interfaces visit the API of the content on the safe storage device 145, such as the safe peripherals API 120 among Fig. 7.Use API 260 and can comprise specific this concrete API that uses that is used for.For example, using the API that uses by one may not be used by Another Application.Application by 125 good authentications of peripherals SDK safe floor can be by the protected content in the safe peripherals API120 access secure memory device 145.Discuss safe peripherals API 120 in more detail at Figure 12 below.

Peripherals SDK safe floor 125 as shown in Figure 7 is installed on the main process equipment, being provided to the hook in the host stores manager 110, and make host CPU 165 controls how to visit with storage security storage component part 145 on content.Hosts file operation on the code of peripherals SDK safe floor 125 " stick-up (the hijack) " main process equipment 100 makes and can verify application before the content on the access security peripherals 145.

The software of device driver 140 as shown in Figure 7 can be loaded and be installed in (step 175 of Fig. 4) on the main process equipment after safe storage device 145 is connected to main process equipment 100, perhaps be installed in advance on this operating system before or after the operating system at main process equipment 100 is installed on the main process equipment.

Secure file system 135 is to comprise the file system that is used for visiting with the filing data of the content of storage security storage component part 145, as shown in Figure 7.

SDK cryptographic libraries 168 is to comprise the storehouse that can be used at the cryptography scheme of safe lane 155 encryptions or decryption content.This cryptography scheme can be any known arrangement, as AES, DES, 3DES, SHA-1, PKI, key to generating etc.SDK cryptographic libraries 168 will be based on the permission that is associated with content, encrypt or decryption content such as session key.

Registration form 285 is to make the table that is used for administering and maintaining application verification state and relevant information by peripherals SDK safe floor 125.This table can comprise the information such as verification algorithm, application ID, enrollment time, expired time, enrollment status etc.More details about registration form 285 will be discussed below.

Continue the example of safe storage device, Fig. 9 has described an embodiment of safe peripherals 145 shown in Figure 7.Safe periphery or storage component part 145 comprise firmware module 210, CPU 220, peripherals cipher engine 160 and system partitioning 400.System partitioning 400 comprises public partition 240 and security partitioning 250.Firmware module 210 uses CPU 220 visits and is stored in the public partition 240 of system partitioning 400 or the content in the security partitioning 250.Storage component part cipher engine 160 is used for encrypting or deciphering the protected content of the accessed or storage in safe storage device 145.

Firmware module 210 comprises and is used at the visit of the content on security partitioning 250 and the public partition 240 control safe storage devices 145 and the hardware and software of storage.Firmware module, from which partial memory visit or memory contents as determining, and whether content is protected to carry out visit and memory function to CPU 220 programmings.More details about firmware module 210 will be discussed at the description of Figure 10 below.

Public partition 240 is memory partitions of the visible and main process equipment 100 detectable safe storage devices 145 of user.Safe storage device 145 can have one or more public partition.Public partition 240 can comprise the public content that can open accessing to user or main process equipment 100.Public partition 240 can also be stored the protected content that uses contents encryption key (CEK) to encrypt.Can use the domain information of in the content headers that comprises the information that is associated with content, storing to generate CEK.Encrypted content and store public content not.

Security partitioning 250 is concealing memory subregions of the invisible and undetectable safe storage device 145 of main process equipment of user.Safe storage device 145 can have one or more security partitionings.Security partitioning 250 can comprise the protected content that can not open accessing to user or main process equipment 100.Can use CEK to encrypt protected content.Verifying of suitable permission with accessed content used the content of storing in the addressable security partitioning 250.Information that is associated with CEK and the permission that is associated with content are stored in the content headers that comprises the information that is associated with content.In one embodiment, the public partition 240 of system partitioning 400 and security partitioning 250 are stored in the flush memory device that comprises controller and one or more flash arrays.

Because security partitioning 250 is the undetectable hidden partitions of user or main process equipment,, comprises right object, use certificate etc. so security partitioning 250 may comprise the software that is used for operation safe storage device 145 on main process equipment 100.

Peripherals cipher engine 160 is used for using the CEK in safe storage device 145 or session key is encrypted or decryption content.Storage component part cipher engine 160 comprises random number generator and can support cipher processor such as the cryptographic algorithm of symmetric cryptography (being AES, DES, 3DES etc.), cryptographic Hash function (being SHA-1 etc.), asymmetric encryption (PKI, key to generate etc.) or any other cryptographic methods.

Figure 10 has described the details of an embodiment of firmware module 210.Firmware module 210 comprises peripheral interface module 144, flash manager 310, protected content access manager 320, cipher engine storehouse 235 and DRM (digital copyright management) module 315.Peripheral interface module 144 comprises and is used for via main process equipment physical interface 142 hardware and software of safe storage device 145 with main process equipment 100 interfaces.The nextport hardware component NextPort that is used for peripheral interface module 144 can comprise the assembly that is used for any kind interface, as USB (universal serial bus) (USB), secure digital (SD) or compact flash (CF) interface.Flash manager 310 comprises the not protected content that makes in CPU 220 visit or the storage public partition 240 and can be so that CPU 220 uses DRM modules 315 to visit software with memory contents based on permission.Protected content access manager 320 comprises makes CPU 220 use permission at protected content to visit or store protected content and can be so that CPU 220 uses the software of DRM modules 315 based on permits access and storage protected content.The protected content access manager 320 engine storehouse 235 that can also access to your password, session or the required information of CEK encrypted content are used in these cipher engine storehouse 235 storages.Both are used for the content of main process equipment flash manager 310 and protected content access manager 320 by 140 visits of the device driver on the main process equipment and storage.

If do not need protection, then flash manager 310 is used visit and the storage of CPU 220 controls to the not protected content in the safe storage device 145.When receiving when preserving not protected requests for content from main process equipment 100 by device driver 140, flash manager 310 will be preserved this content in place according to host file system 130.When receiving the not protected requests for content of visit via device driver 140 by main process equipment file system 130, flash manager 310 will use host file system 130 from suitable position accessed content.When use 105 attempt in the access secure memory device 145 protected content the time, flash manager 310 also provides the visit to protected content access manager 320.

Protection if desired, then protected content access manager 320 uses the visit and the storage of the protected content in the CPU 220 control safe storage devices 145.Protected content access manager 320 to or from DRM module 315 storage or obtain the permission that is associated with protected content.Protected content access manager 320 uses secure file system 135 shown in Figure 7 to visit or store protected content.For example; when by device driver 140 when main process equipment 100 receives the request of preserving protected content; if should send protected content by safe lane 155; then peripherals SDK safe floor 125 will use SDK cryptographic libraries 168, encrypt this protected content to use the session key that is associated with this content.The content of Jia Miing is sent to safe storage device 145 by safe lane 155 then, and deciphers at safe storage device 145 places use session key with from the suitable cryptography scheme in key engine storehouse 235.Xie Mi content is used the CEK at this content to encrypt by peripherals cipher engine 160 then.According to secure file system 135, the content of CEK encryption is used in middle in place preservation then.

For the protected content that sends by open channel, execution is used to transmit the similar approach of content, but is not used for the session key of safe lane 155.When by device driver 140 from main process equipment 100 receive the visit protected content request the time; protected content access manager 320 from suitable position accessed content, and provides content by the host stores manager 110 of open channel 150 on main process equipment 100 with file system 135 safe in utilization.In case determined suitable permission by protected content access manager 320, protected content access manager 320 just will be by flash manager 310 visit and memory contentss.

Protected content access manager 320 can also use DRM module 315 so that the visit that provides content to be provided based on the permission that is associated with content, such as for example copyright.DRM module 315 can be supported any concrete DRM technology, as OMADRM, MS DRM etc.

Cipher engine storehouse 235 comprises the cryptography scheme that can be used for utilizing CEK or session key content in safe storage device 145.When should in safe storage device 145, encrypting or during decryption content, protected content access manager 320 will be visited the suitable cryptography scheme from cipher engine storehouse 235.Cryptography scheme can be any known arrangement, as AES, DES, 3DES, SHA-1, PKI, key to generating etc.

Figure 11 has described the example of the system partitioning 400 of safe storage device 145.System partitioning 400 comprises all memory partitions in the safe storage device 145.That is, system partitioning 400 is made of public partition shown in Figure 9 240 and security partitioning 250.Safe storage device 145 can have the public or security partitioning of arbitrary number.As previously mentioned, public partition is detectable and can opens accessing to user or main process equipment.The not protected content of storing in the public partition can be accessed and need not checking.Yet the protected content of storing in the public partition must be only accessed after good authentication.Security partitioning is the undetectable hidden partition of user or main process equipment.Any application that the content in the security partitioning is opened in trial must at first be verified.

When protected content was saved to safe storage device 145, protected content access manager 320 came organising content according to the permission that is associated with this content, then by flash manager 310 these contents of storage.Public and security partitioning can have the territory or the logical groups of the group that has comprised the protected content with identical CEK.Each territory or logical groups be used for from this territory or group decryption content or the CEK of content-encrypt to this territory or group be associated.Any application with the suitable permission that is used for opening the content in territory or the group also may be able to be opened the other guide of same domain or group storage.

Public partition P0410 among Figure 11 comprises two logical groups, territory 1 and territory 2.All the elements of storage will use a CEK to come the encryption and decryption content in the territory 1.All the elements of storage will use another CEK to come the encryption and decryption content in the territory 2.The software entity of any in these groups of trial visit need be able to verified before the reading of content.Because public partition P0 be not hide and can open accessing, so the protected content that comprises can be in sight and might be accessed in the group, but content cannot be read, unless use appropriate C EK to decipher this content rightly.Thereby possible is, the content in the group may be misapplied by unauthorized user, but this content cannot be read.

File A 440 among the public partition P0410 is not comprised in the group, so it does not have CEK associated therewith.Thereby file A 440 can be visited and read to Any user.

Security partitioning P1420 include file E and file F.File E and file F can be any files that need protect in security partitioning.For example, file E or file F can make the security information that is used for storing such as content licenses or any internal management data by SDK.Yet security partitioning P1420 is not limited to only store the file of these types.Security partitioning P1420 can store any secure file.

Security partitioning P2430 include file G and file H, both are in territory 3490.Territory 3 is associated with the CEK that is used for the encryption and decryption content.For example, if use the file G that attempts in the access domain 3, then this application must at first be verified.In case be verified, use and just can use the CEK in territory 3 to visit file G, and also can access domain 3 interior file H.

Security partitioning P3450 shows the empty blocks that can be used for storing any protected content.

Figure 12 shows the example of the application API 260 that comprises among the peripherals SDK 330.Use API260 and comprise that standard and safe storage API 340, checking API 350, provisioning API 360, DRMAPI 370 and user may need to be used for operating the API 380 of any other customization of safe storage device 145 on main process equipment 100.Among the dissimilar API each can specificly be used for software entity, as using or application launcher 105.In one embodiment, the API that is used for each application is stored as logical groups, such as the territory.For example, the API 262 that is used for APP 1 is stored in the group of separating with the API that is used for other application.In one embodiment, each group only comprises one type the API that is used for an application.For example, the safe storage API that is used for APP 1262 can be taken as a group.

The API 262 that is used for APP 1 shows the child group that is used to use whole group the API of 1 API from specific.SDK be configured to allow by use 1 when the good authentication visit be used for the API 262 (seeing Fig. 2, step 190) of APP 1.In one embodiment, the API 262 that is used for APP 1 is the subclass from the code of the code collection of the SDK that can be called by one or more different application.In another embodiment, the API 262 that is used for APP 1 can only call by using 1 software entity.The API 262 that is used for APP 1 comprises the API of safe storage API, provisioning API, DRM API and customization.Yet the API 262 that is used for APP 1 is not limited only to these API.

Standard and safe storage API 340 comprise and use or application launcher 105 obtains and is stored in content on the safe storage device 145, sets up secured session or carries out the required API of any other type operations of the visit and the storage that relate to the content on the safe storage device 145.For example, standard or safe storage API 340 allow application 105 to send the API of the path position of the institute's request content that is used to visit to host file system 130 or secure file system 135.Use 105 and can when the visit public content, from the group of standard and safe storage API 340, call standard A PI, and can be utilizing peripherals SDK safe floor 125 to verify to use after 1 group to call safe API, such as safe peripherals API 120 shown in Figure 7 from the API 262 that is used for APP 1.

Checking API 350 is used for verifying using 105 API, and it is open to all application, and the proof procedure that does not need to be used to visit checking API 350.Checking API 340 calls by using 105.When checking API 340 is called by application 105, use 105 and can use checking API 340 equipment SDK safe floor 125 transmission certificates to the periphery.Whether peripherals SDK safe floor 125 will be confirmed by using 105 effective by the certificate of checking API 340 transmissions then.Certificate can be to be used for the certificate of any kind of verifying software entity, proves (certificate), PIN, key, password etc. such as response, PKI to inquiry (challenge)/response verification algorithm.Under the situation of inquiry/response verification, checking API350 can be used for sending inquiry to using 105.Can use same checking API 340 from using the response of 105 equipment SDK safe floor 125 transmissions to the periphery then to this inquiry.

Provisioning API 360 is the API that are used for allowing to use 105 configuration safe storage devices 145 or obtain the information relevant with the configuration of safe storage device 145.This may be only takes place when having suitable authority and doing like this using 105.For example, provisioning API 360 can be called by application-specific 105 and obtain about using information with free memory space on the safe storage device 145, perhaps creates new security partitioning after by good authentication using 105.

DRMAPI 370 can be called by application 105 and visit permission or the digital right that is associated with content, and the visit to this content is provided under the effective situation of right.The affirmation of these rights will occur in the DRM module 315 of firmware module 210 of safe storage device 145.In one embodiment, DRM API 370 can specificly be used for concrete using 105, shown in the child group of the API 262 of APP 1.

The API 380 of customization can be that the user may need to be used for any other API at main process equipment 100 handling safety storage component parts 145.The API 380 of customization can specificly be used for concrete using 105, shown in the child group of the API 262 of APP 1.

Figure 13 is described in peripherals SDK can how to utilize safe peripherals to come the process flow diagram of the example of operating host equipment (step 180 of Fig. 4) after being installed in rightly on the main process equipment.More specifically, Figure 13 describes process how to carry out the task requests that is associated with safe peripherals and sent by the application on the main process equipment by the user.For example, task requests can be the requests for content on visit or the storage security peripherals, it (for example comprises visit and storage file, music, application etc.), the information that is associated with safe peripherals of visit (for example, the amount of free memory space), change the content or the visit DRM information (for example, digital rights object) of the configuration that is used for the safe storage device.The user can ask this task via should be used on the main process equipment.In following example, the safe storage device will be used as safe peripherals.Yet, notice that safe peripherals is not limited to so provided purposes of this example or configuration.

In the step 505 of Figure 13, the user can send task requests to the application on the main process equipment 100 105.Receive this task requests (step 505) at peripherals SDK safe floor 125 places from using 105.

In step 515, peripherals SDK safe floor 125 will be carried out the registration (registration) to using 105) process.Enrollment process is to be used for verifying application 105 and to use 105 process in internal registration table 285 (shown in Figure 7) registration under situation about being proved to be successful.If register successfully, then peripherals SDK will send indication to using 105.This indication points out that the specific API that is used for the application 105 of being registered is appeared.Peripherals SDK safe floor 125 also sends the application handle to using 105.This application handle is used as additional security means.When each application 105 uses the API that is appeared to communicate by letter with peripherals 145, use 105 and must also use handle via API equipment transmission to the periphery.To the more details of relevant enrollment process be described in Figure 14.

If the enrollment process of step 515 success then during enrollment process, is used one or more among 105 API that will pass through to be appeared and is come to the periphery that equipment SDK 330 sends task requests (step 520).During enrollment process, task requests must send together with the application handle of using 105.

In step 525, peripherals SDK 330 will use the specific son that is appeared that is used to use 105 API to organize the request of executing the task.Figure 18 has described example how to carry out this step at storage protected content in the safe storage device.Figure 19 has described the example how protected content of storing at visit carries out this step in the safe storage device.

The request in case finish the work in step 525, in step 530, peripherals SDK safe floor 125 is just nullified (unregister) application 105 in the registration form 285 internally.Figure 20 has described how to carry out this step in more detail.

How Figure 14 carries out the process flow diagram of an example of enrollment process (step 515 of Figure 13) for being associated with protected content of task if being an illustration.In step 700, after using 105 transmission task requests, use 105 and will from the tabulation of verification method option, choose verification method the user.The tabulation of verification method option is offered by checking API by peripherals SDK safe floor 125 and uses 105.For example, the API of the tabulation that is used to provide such can be defined as:

void?ListAuthenMethod(char*AppID，char*AuthList)。

ListAuthenMethodAPI equipment SDK safe floor 125 to the periphery provides and uses 105 application ID (char*AppID).Using ID is and application 105 associated unique identification symbol.Peripherals SDK safe floor 125 will return the tabulation (char*AuthList) of the verification method that peripherals SDK 125 supported.Use 105 and will be programmed the verification method of use based on application 105 then, from the tabulation that peripherals SDK safe floor 125 provides, choose the verification method that will use.

In step 705, use 105 and will carry out selected verification method by obtaining at the suitable certificate of selected verification method.For example, if, then using 105 based on PKI, selected verification method will carry out verification method as its certificate by obtaining its PKI proof.If selected verification method is an inquiry/response verification method, then using 105 will be by calling with verifying that inquiry/response API that API 350 is stored among the storage component part SDK 330 carries out verification method.Using 105 will use inquiry/response API to receive inquiry from peripherals SDK safe floor 125.Inquiry can be the random number that is generated by host cryptographic engine 185 or storage component part cipher engine 160.Use 105 then and will calculate appropriate response to this inquiry as its certificate.More details how to carry out different verification methods are discussed in the description of Figure 15 A-C.

In step 710, use 105 will be by calling registration API to the periphery equipment SDK safe floor 125 send register informations.For example, the API that is used to register application can be defined as:

uchar?RegisterApplication(char*AppID，char*AuthMethod，uchar*credential，uchar?credentialLen)。

RegisterApplication API can allow to use 105 use RegisterApplication API to the periphery equipment SDK safe floor 125 be sent in its that obtain in the step 705 and use ID (char*AppID), selected verification method (char*AuthMethod), certificate (uchar*credential) and certificate length (uchar credentialLen).The different certificate length of certificate length to support that different verification methods may need should be provided.

In step 715, peripherals SDK safe floor 125 will be checked to check whether certificate is effective.If certificate is invalid, then peripherals SDK safe floor 125 will return mistake (step 720) to using 105.

If certificate is effective, then in step 722, peripherals SDK safe floor 125 is used to use 105 application handle with generation.The application handle is to use the unique random number such as any predefined cryptographic algorithm generation of for example HASH.To generate the application handle in the predefined cryptographic algorithm by occurrence is imported.These occurrences can be and use 105 and/or use any value that 105 register information is associated, and use time of 105, can register and use 104 time quantum or enrollment status such as for example using ID, registration.All peripherals SDK API comprise the input parameter that is used to use handle.In one embodiment, can generate and use the default application handle at all being used open API.Yet as previously mentioned, checking API 350 uses open for all, and does not need to use handle and visit the API that these are used to verify.

In case generated the application handle, peripherals SDK safe floor 125 just will registration be used 105 (steps 725) in by the internal registration table 285 of peripherals SDK safe floor 125 management.Internal registration table 285 comprises the application that is used for having verified and the information of application launcher.For application and the application launcher of utilizing 125 good authentications of peripherals SDK safe floor, peripherals SDK safe floor 125 will write down in internal registration table 285 such as using application that handle, indication verified can remain the expiring the period of application 105 (for example, enrollment time+time quantum that applications can be registered), application 105 API that can visit or any other information of registered time quantum in internal registration table 285 information.Internal registration table 285 is used for keeping following the tracks of application and the application launcher of having verified, make when the application of having verified and application launcher are registered in the proof list, needn't again verify application and application launcher that those verified when receiving task requests at every turn.

In step 730, peripherals SDK safe floor 125 checks whether use 105 successfully is registered in the internal registration table 285.Successfully be not registered in the internal registration table 285 if use 105, then peripherals SDK safe floor 125 will return mistake (step 735) to using 105.

Successfully be registered in the internal registration table 285 if use 105, then peripherals SDK safe floor 125 will return the application handle (step 738) that generates to using 105 via checking API in step 722.Peripherals SDK safe floor 125 also will return to application 105 and point out to register successful indication, as status_ok (step 740).Status_ok indication makes that using 105 learns and specificly be used to use 105 and execute the task API group required and will be appeared to using 105 and use.

In step 745, peripherals SDK safe floor 125 will appear to using 105, such as child group 262 shown in Figure 12 from the API group of peripherals SDK 330 then.This API group will allow application 105 and safe peripherals 145 to communicate.Yet, after checking, provide effective application handle if use 105, only allow this partial code of visit.This API group allows to use 105 requests of executing the task by set up suitable link between application 105 and safe peripherals 145.

Figure 15 A-C shows the example (step 710 of Figure 14 and 715) of the process that is used to carry out the dissimilar verification method of being supported by peripherals SDK safe floor 125.Figure 15 A is the process flow diagram of execution based on an example of the process of the checking of password.The password that utilization can be used to verify is to using 105 programmings.In the step 535 of Figure 15 A, use 105 access application 105 and be programmed the password that uses.Using 105 will be via verifying API equipment SDK safe floor 125 these passwords of transmission to the periphery.Peripherals SDK safe floor 125 then will be by checking to check whether password effectively continues the process (step 715 of Figure 14) of Figure 14.

Figure 15 B is the process flow diagram of execution based on an example of the process of the checking of inquiry-response.In step 545, use 105 via verifying that API receives inquiry from peripherals SDK safe floor 125.For example, the form of API can be void GetChallenge (char*AppID, uchar*challenge, uchar*challengeLen).API GetChallenge can allow to use 105 to the periphery equipment SDK safe floor 125 provide it to use ID (char*AppID).Peripherals SDK safe floor 125 can be to using 105 length (uchar*challengeLen) of returning inquiry (uchar*challenge) and inquiring then.

In step 500, use 105 and will be input to by the inquiry that will be received and use 105 and be programmed in the cipher function of use and come calculated response.In step 555, use the response that 105 equipment SDK safe floor 125 transmissions are to the periphery calculated.Peripherals SDK safe floor 125 also will use identical inquiry to come calculated response (step 560) in identical cipher function, and the response that will calculate and compare from the responses of using 105 receptions (step 565).This comparison step is whether effectively how peripherals SDK safe floor 125 check certificate (for example, coming the response of self-application 105) (step 715 of Figure 14).The enrollment process of Figure 14 can continue based on this certificate.

Figure 15 C is used to carry out use 105 the process flow diagram based on an example of the process of the checking of PKI.In step 570, use 105 equipment SDK safe floor 125 transmissions to the periphery and prove (certificate).Prove a part with the certificate of using 105 storages.Using 105 is programmed to provide this proof by checking API.

In step 575, peripherals SDK safe floor 125 will be confirmed this proof.In step 580, if proof effectively, then peripherals SDK safe floor 125 will utilize the PKI of obtaining from use the proof that sends to encrypt and generate number (step 570) at random.Can use SDK cryptographic libraries 168 to generate and encrypted random number.The random number of Jia Miing is sent to from peripherals SDK safe floor 125 and is used 105 (steps 585) then.

In step 590, use 105 and will use the private key that is associated with peripherals SDK safe floor 125 employed PKIs to decipher from the random number of the encryption of peripherals SDK safe floor 125 receptions.The application that is authorized to can decrypt encrypted random number because they have correct private key.In step 590, the random number of using 105 equipment SDK safe floor 125 transmission deciphering to the periphery is used for checking (step 715 of Figure 14).At this moment, the process of Figure 14 can continue.

Figure 16 has described the block diagram of example of the enrollment process of Figure 12.Use 1107 and will at first use the verification method of in the step 700 of Figure 14, from the tabulation that peripherals SDK safe floor 125 provides, choosing to carry out verification method (step 705 of Figure 12), and equipment SDK 330 interior peripherals SDK safe floors 125 send register informations (step 710) to the periphery.If peripherals SDK safe floor 125 is determined certificate effectively (step 715), then peripherals SDK safe floor 125 is used to use 1 application handle (step 722) with generation, 1107 (steps 725) are used in registration in internal registration table 285, and appear the API 262 son groups (step 745) that are used for APP 1 to using 1107.

Figure 17 has described the example of software layer of the several application of having verified of request access secure memory device 145.Described in the step 190 of Fig. 2, can visit different API based on how disposing SDK at each application.For example, after utilizing peripherals SDK safe floor 125 good authentications application 1107 and being registered in it in internal registration table 285, use 1107 and can visit the API 262 son groups that are used for APP 1.For example, use 1107 and can call those API, dispose safe storage device 145 etc. with the protected content on storage and the access secure memory device 145 safely.The API 262 that is used for APP 1 will provide appropriate interface, make use 1 tasks requested that can carry out at protected content by secure file system 135 and device driver 140.Using under 1107 the situation, SDK is configured to be provided for visit the repertoire collection (seeing the step 190 of Fig. 2) of each API of APP 1.

Use 2 and to use 3 be to have utilized file system filter 125 good authentications and be registered in other examples of applications in the internal registration table 285.Use and 2 can use the API group of APP 2, such as safe storage API and DRM API, by secure file system 135 and device driver 140 visits with store protected content, and can use the provisioning API among the SDK to dispose safe storage device 145.Yet, use 2 any customization API that may not visit in the SDK.Allow to use the API of 2 visits based on disposing as the described SDK of the step 190 of Fig. 2.Similarly, use 3 and can use API of APP 3 to organize, by secure file system 135 and device driver 140 visits and storage protected content.Yet, use 3 configuration, DRM and the customization API that can not visit in the SDK, because SDK is not configured to allow to use 3 these API of visit in the step 190 of Fig. 2.

Continue with the example of safe storage device as peripherals, Figure 18 describes the process flow diagram how peripherals SDK 330 carries out an example storing protected content (step 525 of Figure 13) in safe storage device 145.In step 900; in case one or more task requests that sent among the API that is appeared are finished and used to the enrollment process of Figure 13, the secure file system 135 that peripherals SDK 330 just will instruct safe storage device 145 is used for the position of in safe storage device 145 storage protected content with the location.Use 105 and can be invoked at one of API in the API group that appears in the step 745 of Figure 14, to be provided for the expectation memory location of secure file system 135.

In step 905, peripherals SDK 330 will visit the permission that is associated with the memory location that will store protected content, such as the session key that is used to set up safe lane 155.In step 910, peripherals SDK 330 will determine whether and transmit protected content by channel safe in utilization based on the permission of visit in step 905.

Should channel safe in utilization if peripherals SDK 330 determines not, then will be by the host stores manager 110 of open channel 150 from the main process equipment 100 to safe storage device 145 transmission protected contents (step 915).Use 105 and can transmit this content by one of API in the API group that appears in the step 745 that is invoked at Figure 14.Protected content access manager 320 and guides peripherals cipher engine 160 to use this CEK and cipher engine storehouse 235 to encrypt this content (step 920) CEK of access needle to the memory location.Then protected content access manager 320 will be in suitable memory location the protected content (step 925) of storage encryption.

If determine should channel 155 safe in utilization for peripherals SDK 330 in step 910; then one of API in the peripherals SDK 330 API group that will pass through to be appeared comes from using 105 received contents, and instructs SDK cipher engine 168 to use session keys and suitable cryptography scheme to encrypt protected content (step 930) in the main process equipment 100.In step 935, will transmit the content of encrypting from the host stores manager 110 on the main process equipment 100 to safe storage device 145 by safe lane 155.Peripherals cipher engine 160 will be deciphered the protected content (step 940) that is transmitted then in safe storage device 145 and cipher engine storehouse 235.

In step 920, protected content access manager 320 will be visited the CEK of the memory location that will store protected content, and guide peripherals cipher engine 160 to use this CEK and cipher engine storehouse 235 encrypted contents.Then protected content access manager 320 will be in suitable memory location the protected content (step 925) of storage encryption.

Figure 19 describes how peripherals SDK safe floor 125 carries out the task (step 525 of Figure 13) of the protected content that visit stores in safe storage device 145 the process flow diagram of an example.In step 800; in case one or more task requests that sent among the API that is appeared are finished and used to the enrollment process of Figure 13, peripherals SDK safe floor 125 just will instruct secure file system 135 to locate the protected content of being asked in the correct position of safe storage device 145.Use 105 and can be invoked at one of API in the API group that appears in the step 745 of Figure 14, to be provided for the expectation memory location of secure file system 135.

The permission that 320 visits of protected content access manager are associated with the position of protected content comprises CEK and session key (step 805).The position visit protected content (step 810) of secure content storage manager 320 from safe storage device 145 and guides peripherals cipher engine 160 to use CEK and cipher engine storehouse 235 decryption contents (step 815) then.

In step 820, protected content access manager 320 determines whether should channel safe in utilization protected content to be delivered to host stores manager 110 on the main process equipment 100 then.If the indication of the session key of visit should use open channel 150 to transmit protected content in step 805, then protected content access manager 320 will transmit content (step 825) by the host stores manager 110 of open channel 150 on main process equipment 100.

If in step 820; protected content access manager 320 determines and transmit protected contents by the host stores manager 110 of channel 155 safe in utilization on main process equipment 100, and then protected content access manager 320 will instruct peripherals cipher engine 160 to use session keys to be encrypted in protected content (step 830) in the safe storage device 145.Protected content access manager 320 will transmit the protected content of encrypting (step 835) by the host stores manager 110 of safe lane 155 on main process equipment 100 then.In case transmitted protected content, just will use SDK cryptographic libraries 168 to decipher protected content (step 840) to use identical session key.

Successfully transmitted (step 825 and step 835) and decrypted if necessary (step 840) afterwards at protected content, use 105 and will receive the protected content (step 850) of being asked.Application 105 will use one of API in the API group that appears in the step 745 of comfortable Figure 14 to receive the protected content of being asked.

Figure 20 describes the process flow diagram of nullifying an example using 105 (steps 530 of Figure 13) in the internal registration table 285 from peripherals SDK safe floor 125 how.In step 945, peripherals SDK safe floor 125 will check with the task of checking whether finish.If task is finished, then peripherals SDK safe floor 125 will be cleared up from registration form 285 and the 105 any information (step 970) that are associated of application.Peripherals SDK safe floor 125 is nullified application 105 (steps 975) in the registration form 285 internally then.For example, can carry out the step of nullifying application 105 by the proper A PI that calls such as uchar UnRegisterApplication (char*AppID).This API will nullify and use 105 by removing application corresponding ID in the registration form 285 internally.Finish to carry out the process (step 980) of institute's tasks requested then.

If task is not also finished, when executing the task request (step 525), peripherals SDK safe floor 125 is checked to check whether application 105 has been registered and reach the time quantum (step 950) of indicating at expiring the period in internal registration table 285.Period passes by if expire, and then peripherals SDK safe floor 125 will be cleared up from registration form 285 and the 105 any information (step 955) that are associated of application.Peripherals SDK safe floor 125 will ask checking again to use 105 (steps 960) then.The proof procedure that is similar to Figure 14 can be used to use 105 checking again.Peripherals SDK safe floor 125 will determine to verify again whether success (step 965).If be proved to be successful again, then task will continue to carry out (step 525).If checking is unsuccessful again, then peripherals SDK safe floor 125 will by call proper A PI, such as uchar UnRegisterApplication (char*AppID), nullify in the registration form 285 internally and use 105 (steps 975).This API will nullify and use 105 by removing application corresponding ID in the registration form 285 internally.The process of carrying out institute's tasks requested then finishes (step 980).

If in step 950, the period that expires in peripherals SDK safe floor 125 definite internal registration tables 285 does not also pass by, and then peripherals SDK safe floor 125 will continue the request of executing the task in step 525.

The detailed description of aforementioned various embodiment be not intended to be limit or limit the invention to disclosed precise forms.According to above-mentioned instruction, many modifications and variations are possible.Select described embodiment so that explain principle of the present invention and application in practice thereof best, make those skilled in the art to utilize the present invention best in various embodiments and by the various various modifications that are suitable for desired concrete use thus.Therefore aforementioned description is not intended to limit thus the scope of the present invention by the claims statement.

Claims

1. one kind is used to provide the method to the visit of safety equipment, comprising:

The code collection that is associated with peripherals is installed on main process equipment, and described code collection comprises the code that is used for the described peripherals of operation on described main process equipment;

Use first software entity on the described code collection checking main process equipment; And

If described first software entity by good authentication, then appears the part of described code collection to described first software entity, comprise appearing the code that allows described first software entity to communicate by letter with described peripherals.

2. according to the process of claim 1 wherein:

Described code collection comprises device driver code, application programming interface code and Validation Code; And

This part of described code collection comprises the code section from described application programming interface code and described Validation Code.

3. according to the method for claim 1, also comprise:

Receive task requests at described code collection place from described first software entity; And

Use this part of described code collection to carry out described task requests.

4. according to the process of claim 1 wherein that the step of checking comprises:

From the described first software entity acceptance certificate; And

Confirm described certificate, this confirms to be carried out by described code collection.

5. according to the method for claim 4, also comprise:

Provide one or more verification options to described first software entity, this provides by described code collection and carries out; And

Receive the response of indicating one of described one or more verification options from described first software entity, the step of affirmation comprises based on the described certificate of described response confirmation.

6. according to the method for claim 1, also comprise:

If described first software entity not by good authentication, returns mistake to described first software entity.

7. according to the method for claim 1, also comprise:

If described first software entity by good authentication, then uses the identifier that is associated with described first software entity to generate the software entity handle in cipher function.

8. according to the method for claim 7, also comprise:

Send described software entity handle to described first software entity, described software entity handle provides the visit to first code.

9. according to the method for claim 7, also comprise:

If described first software entity by good authentication, then uses described code collection to register described first software entity, be included in the described software entity handle of registration in the table of the software entity of having verified.

10. according to the method for claim 9, also comprise:

Transmission appears the indication of this part of described code collection, comprises if described first software entity is successfully registered, and then sends described indication to described first software entity.

11. the method according to claim 10 also comprises:

When described first software entity is registered, allow described first software entity to carry out being associated of task, comprise allowing described first software entity to use described software entity handle to carry out described task by this part of described code collection with described peripherals.

12. according to the method for claim 9, wherein:

The step of registration comprises the permission that is associated with described first software entity of registration, and one or more parts of the described code collection that described first software entity can visit are indicated in described permission.

13. the method according to claim 9 also comprises:

Reach the schedule time amount of indicating in the described table if described first software entity is registered in described table, then nullify described first software entity.

14. the method according to claim 9 also comprises:

Receive task requests from described first software entity;

Use the part of described code collection to carry out described task requests; And

After having carried out described task requests, use described code collection from described table, to nullify described first software entity.

15. according to the process of claim 1 wherein:

Described peripherals is flush memory device.

16. the method according to claim 1 also comprises:

Be received in the request of memory contents in the group of described peripherals, be included in described code collection place and receive described request from described first software entity;

If described first software entity by good authentication, is then visited and described group of encryption key that is associated;

Use the described content of described encryption keys; And

Use this part of described code collection in described group, to store described content.

17. the method according to claim 1 also comprises:

Receive the requests for content of visit in the group of described peripherals, be included in described code collection place and receive described request from described first software entity;

Use described encryption key to decipher described content; And

Use this part of described code collection to visit described content.

18. one kind is used to provide the method to the visit of equipment, comprises:

The user of first software entity from the main process equipment receives the first task request that is associated with peripherals;

Send certificate from described first software entity to the code collection of on described main process equipment, installing at described peripherals;

If described certificate is effective, then visit the part of the code collection that is associated with described first software entity, comprise that visit allows described first software entity to carry out the code of first task, described code collection comprises the code of the task that the one or more software entitys execution on the described main process equipment of permission are associated with described peripherals; And

Use this part of described code collection to send the information that is associated with described first task, transmission information is carried out by described first software entity.

19. the method according to claim 18 also comprises:

Choose verification method from the selection of verification method, send described certificate based on described verification method, this is chosen by described first software entity and carries out.

20. the method according to claim 18 also comprises:

Use this part of described code collection to send the information that is associated with second task and do not send second certificate, this sends by described first software entity and carries out.

21. one kind is used to provide the method to the visit of safety equipment, comprises:

In response to request from the reference-to storage device of first software entity on the main process equipment, send one or more verification options to described first software entity, obtain described one or more verification option from the code collection of installing at described storage component part on described main process equipment, described code collection comprises the code that is associated with one or more software entitys on the described main process equipment;

From the described first software entity acceptance certificate, described certificate is associated with one of described one or more verification options; And

If described certificate is effective, the visit to the first code that is associated with described first software entity then is provided, described first code allows the described storage component part of visit, and described first code is the part of described code collection.

22. the method according to claim 21 also comprises:

If described certificate is effective, then use the identifier calculation software entity handle that is associated with described first software entity; And

Send described software entity handle to described first software entity, described software entity handle is used by described first software entity and visits described first code.

23. the method according to claim 22 also comprises:

If described certificate is effective, then described first software entity of registration in the table of the software entity of having verified is included in the described software entity handle of registration in the described table; And

When described first software entity is registered in the described table, allow described first software entity to carry out the one or more tasks that are associated with described storage component part, comprise allowing described first software entity to use described software entity handle to carry out described one or more task by described first code.

24. the method according to claim 23 also comprises:

When finishing described one or more task, from described table, nullify described first software entity.

25. the method according to claim 23 also comprises:

Described software entity in described table, register reach the schedule time amount of indicating in the described software entity handle after, from described table, nullify described first software entity.

26. a system that is used for access security equipment comprises:

Peripherals; And

The main process equipment of communicating by letter with described peripherals, described main process equipment comprises and is applicable to the one or more processors of control to the visit of described peripherals, described one or more processor is applicable to the code collection that management is installed at described peripherals on described main process equipment, described code collection allows the communication between the one or more software entitys on described peripherals and the described main process equipment, described one or more processor is applicable to the certificate of affirmation from first software entity on the described main process equipment, described one or more processor is applicable to if described certificate is effective, to appear from the sub-set of codes in the described code collection to described first software entity, described sub-set of codes is associated with described first software entity.

27. according to the system of claim 26, wherein:

Described one or more processor receives task requests from described first software entity; And

When utilizing described sub-set of codes that described one or more processors are programmed, described one or more processors are carried out described task requests.

28. according to the system of claim 26, wherein:

Described one or more processor provides one or more verification options to described first software entity; And

Described one or more processor receives the response of indicating one of described one or more verification options from described first software entity, and described one or more processors are based on the described certificate of described response confirmation.

29. according to the system of claim 26, wherein:

If described certificate is invalid, then described one or more processors return mistake to described first software entity.

30. according to the system of claim 26, wherein:

If described certificate is effective, then described one or more processors use the identifier that is associated with described first software entity to generate the software entity handle in cipher function.

31. according to the system of claim 30, wherein:

Described one or more processor sends described software entity handle to described first software entity.

32. according to the system of claim 30, wherein:

If described certificate is effective, then described one or more processors are registered described first software entity in the table of the software entity of having verified; And

If described certificate is effective, then described one or more processors are registered described software entity handle in described table.

33. according to the system of claim 32, wherein:

If described software entity is successfully registered, then described one or more processors send indication to described first software entity, and described indication points out that described sub-set of codes is appeared.

34. according to the system of claim 33, wherein:

If utilize described sub-set of codes to described one or more processor programmings, then when described first software entity was registered in the described table, described one or more processors allowed described first software entity to use described software entity handle to carry out being associated with described peripherals of task.

35. according to the system of claim 32, wherein:

Described one or more processor is registered the permission that is associated with described first software entity in described table, the one or more subclass in the described code collection that described first software entity can visit are indicated in described permission.

36. according to the system of claim 32, wherein:

Reach the schedule time amount of indicating in the described table if described first software entity is registered in described table, then described one or more processors are nullified described first software entity.

37. according to the system of claim 32, wherein:

Described one or more processor receives task requests from described first software entity;

When utilizing described sub-set of codes that described one or more processors are programmed, described one or more processors are carried out described task requests; And

After having carried out described task requests, described one or more processors are nullified described first software entity from described table.

38. according to the system of claim 26, wherein:

Described peripherals is flush memory device.

39. according to the system of claim 26, wherein:

Described one or more processor is received in the request of memory contents in the group of described peripherals, receives described request from described first software entity;

If described certificate is effective, then described one or more processor access and described group of encryption key that is associated; And

Described peripherals comprises one or more peripherals processors, and described one or more peripherals processors use described encryption key to encrypt described content, and stores described content in described group.

40. according to the system of claim 26, wherein:

Described one or more processor receives the requests for content of visit in the group of described peripherals, receives described request from described first software entity;

If described certificate is effective, then described one or more processor access and described group of encryption key that is associated;

Described peripherals comprises one or more peripherals processors, and described one or more peripherals processors use described encryption key to decipher described content; And

If utilize described sub-set of codes to described one or more processor programmings, the described content of then described one or more processor access.

41. a system that is used for access security equipment comprises:

Cipher engine, described cipher engine is confirmed the certificate from first software entity on the main process equipment; And

One or more processors of communicating by letter on described main process equipment with described cipher engine, described one or more processor interception is for the visit of the storage component part of communicating by letter with described main process equipment, described one or more processor receives the certificate from described first software entity, if described certificate is effective, then described one or more processors appear the code that is associated with described first software entity, when utilizing described code that described one or more processors are programmed, described one or more processors allow described first software entity to visit described storage component part.

42. according to the system of claim 41, wherein:

Described one or more processor provides one or more verification options to described first software entity;

Described one or more processor is from the selection of described first software entity reception to described one or more verification options; And

Described cipher engine is confirmed described certificate based on described selection.

43. according to the system of claim 41, wherein:

When described first software entity was registered in the described table, described one or more processors allowed the communication between described first software entity and described storage component part.