CN1512360A - Safety authentication method for movable storage device and read and write identification device - Google Patents
Safety authentication method for movable storage device and read and write identification device Download PDFInfo
- Publication number
- CN1512360A CN1512360A CNA021594848A CN02159484A CN1512360A CN 1512360 A CN1512360 A CN 1512360A CN A021594848 A CNA021594848 A CN A021594848A CN 02159484 A CN02159484 A CN 02159484A CN 1512360 A CN1512360 A CN 1512360A
- Authority
- CN
- China
- Prior art keywords
- read
- identification equipment
- storage device
- movable storage
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The safety authentication method for movable storage device and read/write identification device includes setting one storing space for saving unique identification information in the movable storage device and setting safety mechanism memory area and safety enciphering data area; providing the movable storage device and the read/write identification device with combined electric interface and separated but matched safety authentication algorithm; and identifying the storage device for authentication by the read/write identification device in configuring the storage device onto the read/write identification device before performing corresponding operation to the safety enciphering data area of the storage device. By means of the built-in safety mechanism in the movable storage device and the read/write identification device, the present invention realizes the mutual device identification, identity verification, authority management and data safety and specific service mechanism.
Description
Technical field
The present invention relates to the authentication mechanism of a kind of movable storage device and this equipment read-write equipment, especially a kind of by the interior security mechanism that is built in mobile storage and read-write recognition function equipment, the identification mutually of realization equipment, authentication, rights management, data security, and mechanism at the specific service content of this movable storage device and read-write recognition function equipment is provided.Belong to field of computer technology.
Background technology
Increasing along with consumption electronic product, especially the use of portable electronic product in people's daily life day by day popularized, such as: e-dictionary, palm PC, PDA, MP3, recording pen, digital camera ... the use of these products is simple day by day, relevant service content also day by day increases.And almost used portable type electronic product all has some same characteristics: these products are using different storage modes (Compact Flash card, MMC, SD, Memory stick, built-in Nand Flash), though the type of these movable storage devices is varied, use therein basic unit of storage is similar, the flash media that all adopts.
These products are more and more higher to the requirement of memory device, no longer be limited to capacity require increasing, for the requirement of the security of memory contents functions such as (copyright protection, data) maintaining secrecy also in continuous enhancing.For example, copyright management all is to manage by simple cipher control etc. all the time, and this method is usually by bad eliminating, and not better technology address this problem.
Have plenty of by different interface standards between the memory device of prior art and the read-write equipment of difference in functionality and finish specific coupling; What have has a general standard interface; Or be wholely set with read-write equipment.Because as general memory device, increasing function device has had in conjunction with the memory device expansion interface, perhaps the function read-write equipment is also peeled off away memory device more and more, and these memory devices just can obtain using more widely.Memory device universalization day by day just is attached on the different read-write equipments for realizing different functions, and its interface is open public standardization.For example, audio player all has CF movable storage device expansion mouth or USB flash disk interface; Portable PDA not only has the USB interface that connects USB flash disk, socket that also has various memory cards that has or the like.
Based on the said goods structural form and application, often people " carry " more should be movable storage device, USB flash disk for example, CF cards etc. utilize different read-writes and function device, realize the more and more concrete function in " off-line " environment.
At this situation, the authentication identification between movable storage device and read-write and the function device, data security, rights management, service such as provide just very urgent at the realization of content.And in the prior art, these management only are to have relied on simple Password Management pattern, are difficult to satisfy copyright protection like this, or for the management of application-specific or service provision.
Summary of the invention
Fundamental purpose of the present invention provides a kind of movable storage device and the safety certifying method of reading and writing identification equipment, has interface generality, but have the movable storage device of unique recognition feature and different read-write recognition function equipment combinations, and can discern mutually, authentication.
Still a further object of the present invention provides the safety certifying method of a kind of movable storage device and read-write identification equipment, and the mode by the hardware and software combination realizes identification and authentication.
Another object of the present invention provides a kind of movable storage device and the safety certifying method of reading and writing identification equipment; it can guarantee the security and the validity of canned data on the movable storage device; realize copyright protection; the data security access; the data equipment room is shared, rights management, user identity identification, other work such as affirmations grade of subscriber service class.
The logical following technical scheme of the present invention realizes the foregoing invention purpose: a kind of movable storage device and the safety certifying method of reading and writing identification equipment, be provided with the electric interfaces of mutual coupling between movable storage device and the read-write identification equipment, both are by the interface Data transmission, on the read-write identification equipment central control unit is set, be used to read, the data on the write storage device, central control unit connects establishes the function treatment device; At movable storage device the unique identifying information that one storage space is deposited is set, and offers security mechanism memory block and safety encipher data field; Movable storage device has the electric interfaces that combines with the read-write identification equipment, both are respectively equipped with the security certificate algorithm of mutual coupling, when storage device configurations is on the read-write identification equipment, read-write identification equipment identification memory device, and carry out authentication, behind authentication, corresponding operation is implemented in the safety encipher data field of memory device.And the authentication between memory device and the read-write identification equipment is two-way in the present invention, and memory device is according to the authenticating result to the read-write identification equipment, and open corresponding storage space is read or write operation for the read-write identification equipment; The read-write identification equipment is according to the authentication to memory device, for memory device provides corresponding service.
For guaranteeing safety, the read-write identification equipment is provided with the IC chip, is used for security certificate algorithm or the key depositing unique identifying information at least or deposit the security mechanism memory block.Simultaneously, preferably, memory device is provided with the IC chip, the security certificate algorithm that is used for depositing unique identifying information at least or deposits the security mechanism memory block.
Further, the safety encipher district of memory device is one or more; Wherein at least one safety encipher district is provided with private and encrypts memory block and public encryption memory block; wherein private is encrypted the data confidentiality that the memory block is used to manage application-specific or service, and public encryption memory block is used to read and write the shared and authority protection of data of identification equipment.And security mechanism district internal memory is placed with the version header, and whether the read-write identification equipment has security algorithm according to version header checking memory device; If have, then start safety certification and handle, if do not have, then do not start safety certification and handle.
Memory device security mechanism district internal memory is placed with customer identification information, and the read-write identification equipment is according to customer identification information identification memory device user's legitimacy, so that activate memory device.Customer identification information activates the movable storage device password for the user.
Memory device security mechanism district internal memory is placed with equipment purview certification information, have the super key of opening memory device equipment purview certification information in the read-write identification equipment, the read-write identification equipment is determined the rights of using of read-write identification equipment for memory device according to equipment purview certification information.Particularly, equipment purview certification information comprises authentication document version, date and time information, is used to indicate the version and the date of authentication document; Equipment purview certification information comprises the public safety encipher of equipment room data field access keys, and the read-write identification equipment obtains private key according to the private key table, utilizes the data of the public safety encipher of this secret key decryption equipment room data field; Or equipment purview certification information comprises the public safety encipher of equipment room data field access right, is used to indicate the authority that the read-write identification equipment is visited the data of public safety encipher data field; When the authority information of reading and writing identification equipment and this information matches, addressable this memory device of read-write identification equipment.Have, equipment purview certification information comprises private safety encipher data field access right again, and whether be used to indicate read-write equipment has authority visit private safety encipher data field.
In addition, all with the form storage of file, read-write equipment all carries out with the form of file the data manipulation of memory device all data in the memory device.
In the present invention, the enciphered message in the memory device is specific service provider joining procedure or password or copyright protection information.
Be provided with the private key table of application-specific or service in the read-write identification equipment.Specific service application or service which comprises at least private key and indicate for having the application program of corresponding authority, and this is used used private key and indicates, and accesses by the private key table; The free space title; The free space size.
Therefore, when data in the public safety encipher of the memory device district are read in read-write identification equipment application access, the built-in super key of read-write identification equipment, the equipment authority of depositing in the deciphering memory device security mechanism district; The read-write identification equipment reads this document, confirms that whether the read-write identification equipment has access right to public safety encipher district, if do not have, then stops; If have, then obtain the public safety encipher data field access keys of preserving in the memory device purview certification file, use this key to finish data manipulation in public safety encipher data field.
When reading and writing the private safety encipher district of identification equipment application access memory device, the read-write identification equipment is obtained built-in super key, the equipment power authentication document that deposit in deciphering movable storage device security mechanism district; Read-write identification equipment fetch equipment power authentication document confirms whether this read-write identification equipment has access rights to private safety encipher district; As do not have corresponding authority, stop; If any authority, then check application program whether to have the application authorization certificate; As not having, stop; If any, then this certificate is authenticated; As not being legal certificate, stop; Legal certificate is obtained corresponding secret key according to the certificate content in the private key table of read-write identification equipment in this way; Obtain the addressable data segment of application program according to the certificate content; Use this key to finish data manipulation in private safety encipher data field.
For the memory device that does not have security authentication mechanism, can set up by the read-write identification equipment.When the read-write identification equipment is confirmed not set up security authentication mechanism in the memory device, in this equipment, write earlier safety certification version header, the user imports activating pin or obtains the purview certification certificate data from machine-processed provider, after using super secret key encryption, be stored in the specific region of equipment, format public encrypted data region, private encrypted data region and conventional data district according to user's selection or default value, finish the process of making the memory device security authentication mechanism.
Wherein reading and writing identification equipment is different keyboards, MP3, PDA, electronic dictionary, digital telephone, digital camera, recording pen.
According to the technique scheme analysis as can be known, the present invention has following obvious advantage:
Utilize movable storage device and read-write recognition function equipment to have built-in security mechanism; be used to guarantee the security and the validity of canned data on the movable storage device; solution such as copyright protection; the data security access; the data equipment room is shared, rights management, user identity identification, other work such as affirmations grade of subscriber service class.
On movable storage device, have specific equipment purview certification file and shielded data content; simultaneously on the read-write recognition function equipment of movable storage device, have corresponding data content recognizer; mechanism by appointment; read-write recognition function equipment carries out purview certification according to equipment purview certification file; determine to have authority and just can correctly discern shielded data content on the movable storage device, just can provide corresponding service according to the data content of being discerned by the information Recognition algorithm.
Same movable storage device can be by different read-write recognition function equipment read-writes, and different read-write recognition function equipment can obtain to provide corresponding service simultaneously to the effective data content of this read-write recognition function equipment by the information Recognition algorithm.And a common read-write recognition function equipment that does not possess authority or information Recognition algorithm cannot correctly be discerned shielded data content on the movable storage device.
Specific application or service (application program with corresponding authority) can be by shielded data contents on the read-write recognition function device access movable storage device.
Description of drawings
Fig. 1 is the system architecture synoptic diagram of movable storage device of the present invention with the read-write identification equipment;
Fig. 2 is the safety certification built-in machine-processed block diagram of movable storage device of the present invention with the read-write identification equipment;
Fig. 3 for the present invention a kind of on memory device data security access structure schematic flow sheet;
Fig. 4 is the IC mutual identifying procedure figure of memory device of the present invention with the read-write identification equipment;
Fig. 5 is the process flow diagram in the public safety encipher district of application access memory device of the present invention;
Fig. 6 is the process flow diagram in the private safety encipher district of application access memory device of the present invention;
Fig. 7 reads and writes the process flow diagram of identification equipment at the memory device set-up mechanism for the present invention.
Embodiment
Below in conjunction with accompanying drawing and specific embodiments the present invention is done detailed description further.
As shown in Figure 1, 2, have specific customer identification information on the movable storage device, the specific fetch equipment of movable storage device is called read-write recognition function equipment.Movable storage device has storage and authentication function; Read-write recognition function equipment can be read and write this movable storage device, and realizes certain specific function, for example voice playing, take pictures etc.Flashbroad among each figure is a memory device; Flash broad Reader is the read-write identification equipment.
Further, read-write identification equipment structure and characteristics are as follows:
The read-write identification equipment is embodied in different electronic products, can be: keyboard read-write identification, MP3 read-write identification, PDA read-write identification, STB read-write identification, disk read-write identification (as Fig. 6), Smart PDA read-write identification, electronic dictionary, digital telephone, digital camera, recording pen ... or the like.The read-write identification equipment has the flag information of self:
1, unique device id number, each read-write identification equipment have unique device id number.
2, the sign of device type, the read-write identification equipment comprises Mp3, PDA, electronic dictionary, digital camera, types such as recording pen, each type are segmented again becomes different models, different manufacturers, and the read-write identification equipment of same model, same manufacturer is same classification.
Have again, have the super key that is used for opening movable storage device equipment purview certification file in the read-write identification equipment, be used for deciphering the equipment purview certification file of movable storage device;
Read-write is had the key list that adds, decipher private information in the identification equipment, is used to add, decipher the information in the private safety encipher district that the safety encipher district of movable storage device stores;
The read-write identification equipment has the functional module that can finish encryption and decryption, finish the authentication of equipment purview certification information and can understand the equipment purview certification information that deposit in the security mechanism district of movable storage device, and authenticates the rights of using of this read-write identification equipment to this movable storage device.The read-write identification equipment can utilize the mode of software or hardware independence or combination, carries out encrypting and decrypting work for the information on the movable storage device.Such encrypting and decrypting, purview certification algorithm can be qualified any algorithm (for example: DES, RSA, PKI mechanism).
The read-write identification equipment can be understood the enciphered message of depositing in the movable storage device according to corresponding authority, and carries out respective handling.When reading movable storage device, can read following information such as: MP3 type read-write identification equipment: unique sign, have the song of copyright protection, some particular network service supplier's access username and password.Information type according to after the deciphering provides corresponding service: if unique sign can utilize these to indicate the number of the account of serving as the user's download relevant payment; If have the song of copyright protection, song can be read and play; If specific network service supplier's access username and password when the user gets involved in network, can provide a specific service of user automatically as authentication card.
On the other hand, movable storage device structure and characteristics are as follows:
1, has security mechanism district and one or more safety enciphers district in the movable storage device.
2, version header, customer identification information and equipment purview certification information have been deposited by the security mechanism district of movable storage device.
3, the version header comprises the essential information of security mechanism in this movable storage device, is to be used to verify whether this movable storage device has one of sign of security mechanism;
4, customer identification information is used to discern this movable storage device user's legitimacy, can be that a user activates the movable storage device password;
5, equipment purview certification file is used to authenticate the rights of using of read-write identification equipment to this movable storage device, equipment purview certification information is one section ciphered data, all read-write identification equipments can utilize super key to understand this one piece of data, and determine the rights of using of read-write identification equipment to this movable storage device by authentication.
Particularly, equipment power authentication document comprises following content:
1, authentication document version, date: indicate this authentication document version, date;
2, the public safety encipher of equipment room data field access keys: the data that are used for public safety encipher data field between decryption device;
3, the public safety encipher of equipment room data field access right: whether the read-write identification equipment that indicates each classification (the read-write identification equipment of same model and manufacturer is same classification) has the right to visit public safety encipher data field;
4, private safety encipher data field access right: whether the read-write identification equipment that indicates each classification has the right to visit private safety encipher data field.
At the safety encipher district of movable storage device canned data all is that these information only have the read-write identification equipment of corresponding authority and just can decipher and correctly read through the data of encryption.The safety encipher district is divided into private safety encipher district and public safety encipher district again, wherein:
1, the characteristics in private safety encipher district: capacity is little, the safety coefficient height.Ciphered data leaves private safety encipher district in the private key table, is used for the realization of the data confidentiality of application-specific or service.
2, the characteristics in the public safety encipher of equipment room district: capacity is big, and safety coefficient is lower than private safety encipher district, and data content wherein is readable, (data content that can limit when movable storage device has IC wherein is not reproducible).Can be used for reading and writing that data between the identification equipment is shared and the realization of copyright protection.
Safety encipher district in the movable storage device can be a Zone Full, also can be specific subregion, if Zone Full, then: all information just can read after all must be decrypted, all within shielded scope; If the subregion then except the safety encipher district, also has common data area.
Movable storage device can have an IC and protect its security mechanism and safety encipher district not to be destroyed by other fetch equipment of non-read-write identification equipment.If movable storage device is not with IC; can guarantee the security and the validity of canned data on the movable storage device equally; other fetch equipment of non-read-write identification equipment can't correctly be read and write shielded data content on the movable storage device, but might destroy these data contents.
Movable storage device has file management system:
1, all data are all stored with the form of file in the movable storage device;
2, the read-write identification equipment also all carries out with the form of file the data manipulation of movable storage device;
3, file layout is identical;
Enciphered message on the movable storage device can be the joining procedure or the password of characteristic service provider; also can be information protected by copyright ... if there is not the customizing messages of these encryptions; to not become movable storage device; if non-moving memory device satisfies basic demand simultaneously, can be configured to movable storage device by particular device.
And specific application or service involved in the present invention refer to have the application program of corresponding authority more.These application authorization files comprise following content at least:
1, private key ID: this uses used private key ID, can check in private key by the private key table;
2, free space title: this uses free space title (Access Filename);
3, free space size: this uses the free space size;
In sum, in concrete implementation procedure, have following several situation:
| The read-write identification equipment | Memory device | Whether memory device has IC | |
| A1 | Mechanism is arranged | Mechanism is arranged | Have |
| A2 | Mechanism is arranged | Mechanism is arranged | Do not have |
| B1 | Mechanism is arranged | There is not mechanism | Have |
| B2 | Mechanism is arranged | There is not mechanism | Do not have |
| C | There is not mechanism | Mechanism is arranged | Have |
Embodiment one:
The IC of movable storage device read-write identification and the IC of movable storage device authenticate mutually that (authentication comprises various possible authentication modes, for example: inter-device authentication, on-line authentication), find that the other side has mechanism and this moment the IC that the movable storage device read-write is discerned is made as leading IC; As shown in Figure 4.
When application program will be visited the public safety encipher district of movable storage device, the IC of movable storage device read-write identification finished following steps, as shown in Figure 5:
The read-write identification equipment is obtained built-in super key, the equipment purview certification file that deposit in deciphering movable storage device security mechanism district;
Read-write identification equipment fetch equipment purview certification file confirms whether this read-write identification equipment has access rights to public safety encipher district.As do not have corresponding authority, stop.
As this read-write identification equipment the safety encipher district there are access rights, then obtain the public safety encipher data field access keys of preserving in the equipment purview certification file.
Use public safety encipher data field access keys to finish data manipulation in public safety encipher data field.
When application program will be visited the private safety encipher district of movable storage device, the IC of movable storage device read-write identification finished following steps, as shown in Figure 6:
The read-write identification equipment is obtained built-in super key, the equipment power authentication document that deposit in deciphering movable storage device security mechanism district;
Read-write identification equipment fetch equipment power authentication document confirms whether this read-write identification equipment has access rights to private safety encipher district.As do not have corresponding authority, stop.
As this read-write identification equipment private safety encipher district there are access rights, then check application program whether to have the application authorization certificate.As not having, stop.
Have the application authorization certificate as application program, this certificate is authenticated.As not being legal certificate, stop.(authentication comprises various possible authentication modes, for example :)
Legal certificate is obtained corresponding secret key according to the certificate content in the private key table of read-write identification equipment in this way.
Obtain the addressable data segment of application program according to the certificate content.
Use this key to finish data manipulation in private safety encipher data field.
Embodiment two:
The version header that deposit in movable storage device security mechanism district is read in movable storage device read-write identification, judges that movable storage device meets security mechanism.
Embodiment three:
The position that the version header is deposited in movable storage device security mechanism district is read in movable storage device read-write identification, judges that movable storage device does not meet security mechanism.
The IC of movable storage device read-write identification finishes following steps:
Set-up mechanism (being equivalent to make card) calls the card program of making, and version header, customer identification information and equipment purview certification information is write movable storage device, as shown in Figure 7.
This moment, movable storage device met security mechanism, and other is with embodiment one.
Movable storage device read-write identification does not meet security mechanism, must the install software bag (realize all mechanism by software, needs are online to obtain authentication, verifying software and hardware whether be legal copy).
The IC of movable storage device finds that movable storage device read-write identification does not meet security mechanism.This moment, whether the read-write identification of IC checking movable storage device and institute's installed software bag thereof of movable storage device were legal.As not being to stop.
As movable storage device read-write identification and institute's installed software bag thereof is legal, and when application program will be visited the public safety encipher district of movable storage device, the related software in the software package was finished following steps:
1,, obtains built-in super key, the equipment power authentication document that deposit in deciphering movable storage device security mechanism district according to the setting of software package;
2, fetch equipment power authentication document confirms whether this read-write identification equipment has access rights to public safety encipher district.As do not have corresponding authority, stop.
3, as this read-write identification equipment the safety encipher district there are access rights, then the public safety encipher data field access keys of preserving in the acquisition equipment power authentication document.
4, use public safety encipher data field access keys to finish data manipulation in public safety encipher data field.
When application program will be visited the private safety encipher district of movable storage device, the related software in the software package was finished following steps:
1, obtains built-in super key, the equipment power authentication document that deposit in deciphering movable storage device security mechanism district;
2, fetch equipment power authentication document confirms whether this read-write identification equipment has access rights to private safety encipher district.As do not have corresponding authority, stop.
3, as this read-write identification equipment private safety encipher district there are access rights, then check application program whether to have the application authorization certificate.As not having, stop.
4, have the application authorization certificate as application program, this certificate is authenticated.As not being legal certificate, stop.(authentication comprises various possible authentication modes, for example :)
5, legal certificate is in this way obtained corresponding secret key according to the certificate content in the private key table of read-write identification equipment.
6, obtain the addressable data segment of application program according to the certificate content.
7, use this key to finish data manipulation in private safety encipher data field.
Data security access embodiment, as shown in Figure 3:
Read-write identification equipment device A is arranged.At the demand of the application program of device A, can data encrypt the safety encipher district (the public safety encipher of private safety encipher district or equipment room district) that back safety deposit movable storage device in; Also encrypted data deciphering back safety can be read.
Concrete steps:
1, the user activates movable storage device;
2, the IC of device A checks the version header, judges that movable storage device meets security mechanism;
3, the IC of device A obtains built-in super key, and the equipment power authentication document of deciphering movable storage device is confirmed the access rights of device A to the safety encipher district;
4, if there are access rights in the public safety encipher of equipment room district, data can be encrypted with the general shared key among the IC and deposit public safety encipher district in, have only the read-write identification equipment could visit these data;
5,, data can be used the encrypted private key that obtains through IC deciphering application authorization certificate can deposit private safety encipher district in if there are access rights in private safety encipher district;
6, data in the public safety encipher district can be read with the general shared key deciphering among the IC;
7, data in the private safety encipher district can be read through the private key deciphering that IC deciphering application authorization certificate obtains.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (23)
1, a kind of movable storage device and the safety certifying method of reading and writing identification equipment, be provided with the electric interfaces of mutual coupling between movable storage device and the read-write identification equipment, both are by the interface Data transmission, on the read-write identification equipment central control unit is set, be used to read, the data on the write storage device, central control unit connects establishes the function treatment device; It is characterized in that: at movable storage device the unique identifying information that one storage space is deposited is set, and offers security mechanism memory block and safety encipher data field; Movable storage device has the electric interfaces that combines with the read-write identification equipment, both are respectively equipped with the security certificate algorithm of mutual coupling, when storage device configurations is on the read-write identification equipment, read-write identification equipment identification memory device, and carry out authentication, behind authentication, corresponding operation is implemented in the safety encipher data field of memory device.
2, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment, it is characterized in that: the authentication between memory device and the read-write identification equipment is two-way, memory device is according to the authenticating result to the read-write identification equipment, open corresponding storage space is read or write operation for the read-write identification equipment; The read-write identification equipment is according to the authentication to memory device, for memory device provides corresponding service.
3, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment is characterized in that: the security mechanism on the read-write identification equipment comprises identifying algorithm or identifying information or super key.
4, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment is characterized in that: the security mechanism on the memory device comprises the activating pin of data storage version header and/or authentication document memory block and/or user's input.
5, the safety certifying method of movable storage device according to claim 4 and read-write identification equipment is characterized in that: the authentication document memory block comprises the version of authentication document and date, the public domain access right of decision device classification, public domain access keys, private area access right.
6, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment is characterized in that: when memory device inserted the read-write identification equipment, super key was used to separate the safety encipher data field on the memory device.
7, movable storage device according to claim 6 and the safety certifying method of reading and writing identification equipment is characterized in that: the read-write identification equipment utilizes super key, the equipment authority of depositing in the deciphering memory device security mechanism district; The read-write identification equipment reads this document, confirms that whether the read-write identification equipment has access right to public safety encipher district, if do not have, then stops; If have, then obtain the public safety encipher data field access keys of preserving in the memory device purview certification file, use this key to finish data manipulation in public safety encipher data field.
8, according to claim 6 or 7 described movable storage devices and the safety certifying method of reading and writing identification equipment, it is characterized in that: the safety encipher data field on the memory device comprises public encryption memory block and/or private encryption memory block.
9, movable storage device according to claim 8 and the safety certifying method of reading and writing identification equipment, it is characterized in that: the safety encipher district of memory device is one or more; Wherein at least one safety encipher district is provided with private and encrypts memory block and public encryption memory block; wherein private is encrypted the data confidentiality that the memory block is used to manage application-specific or service, and public encryption memory block is used to read and write the shared and authority protection of data of identification equipment.
10, movable storage device according to claim 7 and the safety certifying method of reading and writing identification equipment, it is characterized in that: memory device security mechanism district internal memory is placed with the version header, and whether the read-write identification equipment has security algorithm according to version header checking memory device; If have, then start safety certification and handle, if do not have, then do not start safety certification and handle.
11, according to claim 1 or 7 described movable storage devices and the safety certifying method of reading and writing identification equipment, it is characterized in that: the read-write identification equipment has the private key table, according to private key ID and the private key in this private key table, the private of the memory device of performing fighting out is encrypted the memory block.
12, movable storage device according to claim 10 and the safety certifying method of reading and writing identification equipment, it is characterized in that: the read-write identification equipment is from this locality or from the long-range authentication document form that is signed and issued to application-specific that obtains, comprising ID or the free space title or the free space size of private key, according to the also renewable private key table of this information.
13, movable storage device according to claim 8 and the safety certifying method of reading and writing identification equipment, it is characterized in that: the private of memory device is encrypted storage area stores specific service provider's joining procedure or password or copyright protection information.
14, movable storage device according to claim 13 and the safety certifying method of reading and writing identification equipment, it is characterized in that: specific service application or service are for having the application program of corresponding authority, which comprises at least private key indicates, this is used used private key and indicates, and accesses by the private key table; The free space title; The free space size.
15, according to claim 12 or 13 or 14 described movable storage devices and the safety certifying method of reading and writing identification equipment, it is characterized in that: read-write identification equipment fetch equipment power authentication document, confirm whether this read-write identification equipment has access rights to private safety encipher district; As do not have corresponding authority, stop; If any authority, then check application program whether to have the application authorization certificate; As not having, stop; If any, then this certificate is authenticated; As not being legal certificate, stop; Legal certificate is obtained corresponding secret key according to the certificate content in the private key table of read-write identification equipment in this way; Obtain the addressable data segment of application program according to the certificate content; Use this key to finish data manipulation in private safety encipher data field.
16, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment, it is characterized in that: memory device security mechanism district internal memory is placed with customer identification information, the read-write identification equipment is according to customer identification information identification memory device user's legitimacy, so that activate memory device.
17, movable storage device according to claim 16 and the safety certifying method of reading and writing identification equipment, it is characterized in that: customer identification information activates the movable storage device password for the user.
18, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment, it is characterized in that: the read-write identification equipment is provided with the IC chip, is used for security certificate algorithm or the key depositing unique identifying information at least or deposit the security mechanism memory block.
19, movable storage device according to claim 1 and the safety certifying method of reading and writing identification equipment, it is characterized in that: memory device is provided with the IC chip, is used for security certificate algorithm or the access rights depositing unique identifying information at least or deposit the security mechanism memory block.
20, according to claim 18 or 19 described movable storage devices and the safety certifying method of reading and writing identification equipment, it is characterized in that: when memory device inserted the read-write identification equipment, the IC chip of two equipment was discerned mutually, judged that memory device has or not security mechanism; If memory device has, read-write equipment IC is set to leading IC, carries out the safety certification step; If memory device does not have security mechanism, then on memory device, create security mechanism.
21, movable storage device according to claim 20 and the safety certifying method of reading and writing identification equipment, it is characterized in that: when the read-write identification equipment is confirmed not set up security authentication mechanism in the memory device, in this equipment, write earlier safety certification version header, the user imports activating pin or obtains the purview certification certificate data from machine-processed provider, after using super secret key encryption, be stored in the specific region of equipment, format public encrypted data region according to user's selection or default value, private encrypted data region and conventional data district finish the process of making the memory device security authentication mechanism.
22, described movable storage device of above-mentioned arbitrary right and the safety certifying method of reading and writing identification equipment, it is characterized in that: all with the form storage of file, read-write equipment all carries out with the form of file the data manipulation of memory device all data in the memory device.
23, described movable storage device of above-mentioned arbitrary right and the safety certifying method of reading and writing identification equipment is characterized in that: the read-write identification equipment is different keyboards, MP3, PDA, electronic dictionary, digital telephone, digital camera, recording pen.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02159484 CN1280737C (en) | 2002-12-31 | 2002-12-31 | Safety authentication method for movable storage device and read and write identification device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02159484 CN1280737C (en) | 2002-12-31 | 2002-12-31 | Safety authentication method for movable storage device and read and write identification device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1512360A true CN1512360A (en) | 2004-07-14 |
| CN1280737C CN1280737C (en) | 2006-10-18 |
Family
ID=34237496
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02159484 Expired - Fee Related CN1280737C (en) | 2002-12-31 | 2002-12-31 | Safety authentication method for movable storage device and read and write identification device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1280737C (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100385423C (en) * | 2004-10-18 | 2008-04-30 | 三星电子株式会社 | Image forming apparatus to restrict use of hard disc drive and method thereof |
| CN101494647A (en) * | 2008-01-21 | 2009-07-29 | 日本电气株式会社 | Content asset management system, method and control program |
| WO2010060319A1 (en) * | 2008-11-29 | 2010-06-03 | 成都市华为赛门铁克科技有限公司 | Store equipment, authentication device and control method of the store device |
| CN101840476A (en) * | 2010-05-07 | 2010-09-22 | 江苏新广联科技股份有限公司 | OTP-SD electronic publication encryption method |
| CN101192199B (en) * | 2006-11-30 | 2011-01-12 | 华腾微电子(上海)有限公司 | Portable safe memory apparatus and its access control method |
| CN102043644A (en) * | 2009-10-12 | 2011-05-04 | 中兴通讯股份有限公司 | Upgrading method and device for line card main program |
| CN101009566B (en) * | 2006-01-23 | 2011-06-01 | 北京金远见电脑技术有限公司 | System and method for information download of the embedded system device |
| CN102081943A (en) * | 2010-04-06 | 2011-06-01 | 李勇 | Portable storage device with digital watermark function |
| CN102202057A (en) * | 2011-05-18 | 2011-09-28 | 株洲南车时代电气股份有限公司 | System and method for safely dumping data of mobile memory |
| CN102307075A (en) * | 2011-08-09 | 2012-01-04 | 深圳科立讯电子有限公司 | Voice transmission encryption method of DMR (digital mobile radio) communication terminal |
| CN101553798B (en) * | 2005-09-30 | 2012-07-18 | 洛克威尔自动控制技术股份有限公司 | device and method for utilizing data view graph in control system and production management systems |
| CN101464932B (en) * | 2007-12-19 | 2012-08-22 | 联想(北京)有限公司 | Cooperation method and system for hardware security units, and its application apparatus |
| CN102736993A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Data equipment type identification method and system |
| CN103065102A (en) * | 2012-12-26 | 2013-04-24 | 中国人民解放军国防科学技术大学 | Data encryption mobile storage management method based on virtual disk |
| CN101510332B (en) * | 2008-12-25 | 2013-04-24 | 北京握奇数据系统有限公司 | Method and apparatus for managing memory space of smart card |
| CN103189874A (en) * | 2010-10-29 | 2013-07-03 | 三星电子株式会社 | Storage device, and authentication method and authentication device of storage device |
| CN101484903B (en) * | 2006-07-07 | 2013-09-25 | 桑迪士克科技公司 | System and method for controlling information supplied from memory device |
| CN103729604A (en) * | 2013-11-18 | 2014-04-16 | 北京奇虎科技有限公司 | User access area method and device |
| CN104598947A (en) * | 2015-02-11 | 2015-05-06 | 成都布林特信息技术有限公司 | Electronic tag data processing method |
| CN105141614A (en) * | 2015-09-07 | 2015-12-09 | 北京北信源软件股份有限公司 | Method and device for controlling access permission of mobile storage device |
| CN105446656A (en) * | 2014-09-22 | 2016-03-30 | 株式会社东芝 | Information processing device |
| CN110321302A (en) * | 2019-06-28 | 2019-10-11 | 兆讯恒达微电子技术(北京)有限公司 | A kind of embedded system data memory area management method |
| CN110879890A (en) * | 2019-11-29 | 2020-03-13 | 广州供电局有限公司 | Anti-virus immune monitoring method, device and system for mobile medium and mobile medium |
| CN111007783A (en) * | 2019-12-28 | 2020-04-14 | 广东电科院能源技术有限责任公司 | Safety management and control system and method |
| CN112491800A (en) * | 2020-10-28 | 2021-03-12 | 深圳市东方聚成科技有限公司 | Real-time authentication method for encrypted USB flash disk |
| CN113221121A (en) * | 2021-05-20 | 2021-08-06 | 国网江苏省电力有限公司信息通信分公司 | External device application method and device, external device and electronic terminal |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2019133345A (en) * | 2018-01-30 | 2019-08-08 | 東芝メモリ株式会社 | Data accumulating device, data processing system and data processing method |
-
2002
- 2002-12-31 CN CN 02159484 patent/CN1280737C/en not_active Expired - Fee Related
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100385423C (en) * | 2004-10-18 | 2008-04-30 | 三星电子株式会社 | Image forming apparatus to restrict use of hard disc drive and method thereof |
| CN101553798B (en) * | 2005-09-30 | 2012-07-18 | 洛克威尔自动控制技术股份有限公司 | device and method for utilizing data view graph in control system and production management systems |
| CN101009566B (en) * | 2006-01-23 | 2011-06-01 | 北京金远见电脑技术有限公司 | System and method for information download of the embedded system device |
| CN101484903B (en) * | 2006-07-07 | 2013-09-25 | 桑迪士克科技公司 | System and method for controlling information supplied from memory device |
| CN101192199B (en) * | 2006-11-30 | 2011-01-12 | 华腾微电子(上海)有限公司 | Portable safe memory apparatus and its access control method |
| CN101464932B (en) * | 2007-12-19 | 2012-08-22 | 联想(北京)有限公司 | Cooperation method and system for hardware security units, and its application apparatus |
| CN101494647A (en) * | 2008-01-21 | 2009-07-29 | 日本电气株式会社 | Content asset management system, method and control program |
| CN101753532B (en) * | 2008-11-29 | 2013-09-25 | 华为数字技术(成都)有限公司 | Method for controlling storage equipment, verifying device and storage device |
| WO2010060319A1 (en) * | 2008-11-29 | 2010-06-03 | 成都市华为赛门铁克科技有限公司 | Store equipment, authentication device and control method of the store device |
| CN101510332B (en) * | 2008-12-25 | 2013-04-24 | 北京握奇数据系统有限公司 | Method and apparatus for managing memory space of smart card |
| CN102043644A (en) * | 2009-10-12 | 2011-05-04 | 中兴通讯股份有限公司 | Upgrading method and device for line card main program |
| CN102081943A (en) * | 2010-04-06 | 2011-06-01 | 李勇 | Portable storage device with digital watermark function |
| CN101840476A (en) * | 2010-05-07 | 2010-09-22 | 江苏新广联科技股份有限公司 | OTP-SD electronic publication encryption method |
| CN101840476B (en) * | 2010-05-07 | 2013-03-13 | 江苏新广联科技股份有限公司 | OTP-SD electronic publication encryption method |
| CN103189874B (en) * | 2010-10-29 | 2016-06-22 | 三星电子株式会社 | The verification method of storage device and storage device and checking equipment |
| US9230090B2 (en) | 2010-10-29 | 2016-01-05 | Samsung Electronics Co., Ltd. | Storage device, and authentication method and authentication device of storage device |
| CN103189874A (en) * | 2010-10-29 | 2013-07-03 | 三星电子株式会社 | Storage device, and authentication method and authentication device of storage device |
| CN102202057B (en) * | 2011-05-18 | 2013-11-27 | 株洲南车时代电气股份有限公司 | System and method for safely dumping data of mobile memory |
| CN102202057A (en) * | 2011-05-18 | 2011-09-28 | 株洲南车时代电气股份有限公司 | System and method for safely dumping data of mobile memory |
| CN102307075A (en) * | 2011-08-09 | 2012-01-04 | 深圳科立讯电子有限公司 | Voice transmission encryption method of DMR (digital mobile radio) communication terminal |
| CN102736993A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Data equipment type identification method and system |
| CN103065102B (en) * | 2012-12-26 | 2015-05-27 | 中国人民解放军国防科学技术大学 | Data encryption mobile storage management method based on virtual disk |
| CN103065102A (en) * | 2012-12-26 | 2013-04-24 | 中国人民解放军国防科学技术大学 | Data encryption mobile storage management method based on virtual disk |
| CN103729604B (en) * | 2013-11-18 | 2016-11-23 | 北京奇虎科技有限公司 | A kind of method and apparatus in customer access area territory |
| CN103729604A (en) * | 2013-11-18 | 2014-04-16 | 北京奇虎科技有限公司 | User access area method and device |
| CN105446656B (en) * | 2014-09-22 | 2018-08-14 | 株式会社东芝 | Information processing unit |
| CN105446656A (en) * | 2014-09-22 | 2016-03-30 | 株式会社东芝 | Information processing device |
| CN104598947B (en) * | 2015-02-11 | 2017-10-31 | 成都布林特信息技术有限公司 | A kind of electronic tag data processing method |
| CN104598947A (en) * | 2015-02-11 | 2015-05-06 | 成都布林特信息技术有限公司 | Electronic tag data processing method |
| CN105141614A (en) * | 2015-09-07 | 2015-12-09 | 北京北信源软件股份有限公司 | Method and device for controlling access permission of mobile storage device |
| CN105141614B (en) * | 2015-09-07 | 2019-05-21 | 北京北信源软件股份有限公司 | A kind of access right control method and device of movable storage device |
| CN110321302A (en) * | 2019-06-28 | 2019-10-11 | 兆讯恒达微电子技术(北京)有限公司 | A kind of embedded system data memory area management method |
| CN110879890A (en) * | 2019-11-29 | 2020-03-13 | 广州供电局有限公司 | Anti-virus immune monitoring method, device and system for mobile medium and mobile medium |
| CN111007783A (en) * | 2019-12-28 | 2020-04-14 | 广东电科院能源技术有限责任公司 | Safety management and control system and method |
| CN112491800A (en) * | 2020-10-28 | 2021-03-12 | 深圳市东方聚成科技有限公司 | Real-time authentication method for encrypted USB flash disk |
| CN113221121A (en) * | 2021-05-20 | 2021-08-06 | 国网江苏省电力有限公司信息通信分公司 | External device application method and device, external device and electronic terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1280737C (en) | 2006-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1280737C (en) | Safety authentication method for movable storage device and read and write identification device | |
| CN1276363C (en) | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device | |
| CN1208925C (en) | Open secret-key base system, method, apparatus and programme | |
| CN101443758B (en) | Digital rights management method and apparatus | |
| US8763110B2 (en) | Apparatuses for binding content to a separate memory device | |
| CN1914603A (en) | Use authentication method, use authentication program, information processing device, and recording medium | |
| JP4861423B2 (en) | Information processing apparatus and information management method | |
| CN1860471A (en) | Digital rights management structure, portable storage device, and contents management method using the portable storage device | |
| CN1350670A (en) | Public cryptographic control unit and system therefor | |
| CN1541391A (en) | System, method, and device for playing back recorded audio, video or other content from non-volatile memory cards, compact disks or other media | |
| CN1534655A (en) | Method and apparatus for encrypting input and output of data to be hidden | |
| CN101030243A (en) | Portable storage and method for managing data thereof | |
| CN1602600A (en) | Content processing apparatus and content protection program | |
| CN1786867A (en) | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof | |
| CN1934564A (en) | Method and apparatus for digital rights management using certificate revocation list | |
| WO2004042516A2 (en) | Digital-rights management system | |
| CN1689361A (en) | Robust and flexible digital rights management involving a tamper-resistant identity module | |
| US8689009B2 (en) | Authentication-secured access to a data carrier comprising a mass storage device and chip | |
| CN1889419A (en) | Method and apparatus for realizing encrypting | |
| US20080115211A1 (en) | Methods for binding content to a separate memory device | |
| EP2410456A1 (en) | Methods and apparatuses for binding content to a separate memory device | |
| US20130019110A1 (en) | Apparatus and method for preventing copying of terminal unique information in portable terminal | |
| CN101578608A (en) | Methods and apparatuses for accessing content based on a session ticket | |
| CN1842759A (en) | Portable storage device and method of managing files in the portable storage device | |
| CN1877593A (en) | Digital copyright management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: TAIJUN TECHNOLOGY(SHENZHEN) LTD. Free format text: FORMER OWNER: TAIJUN INDUSTRIAL CO., LTD. Effective date: 20050429 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20050429 Address after: 518106, No. 23, third industrial zone, down village, Gongming Town, Shenzhen, Guangdong, Baoan District Applicant after: Taiguen Technology (Shenzhen) Co., Ltd. Address before: Taoyuan County of Taiwan province Zhongli City Ring Road No. 400 10F 7 Applicant before: Taijun Industry Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: MAISHIYA (BEIJING) SCIENCE AND TECHNOLOGY CO., LTD Free format text: FORMER OWNER: TAI GUEN TECHNOLOGY (SHENZHEN) CO., LTD. Effective date: 20141217 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518106 SHENZHEN, GUANGDONG PROVINCE TO: 100086 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20141217 Address after: 100086, 23 floor, block B, digital building, No. 2 South Avenue, Beijing, Haidian District, Zhongguancun Patentee after: Maishiya (Beijing) Science and Technology Co., Ltd. Address before: 518106, No. 23, third industrial zone, down village, Gongming Town, Shenzhen, Guangdong, Baoan District Patentee before: Taiguen Technology (Shenzhen) Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061018 Termination date: 20151231 |
|
| EXPY | Termination of patent right or utility model |