JP2005157542A - Recording medium, and method for restricting access to the medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a means for setting a password for each recording area and restricting access concerning a recording medium having a plurality of recording areas. <P>SOLUTION: The passwords are set for each recording area 108 and held in the recording medium 100. Restriction is set in the recording medium 100 so as to successfully perform a recording area change processing only when the authentication of the password is successfully performed, concerning a recording area change command for changing the recording area 108 to be accessed from a data processor 200. The access of the data processor 200 without recognizing the password to the recording area 108 is restricted. Consequently, data is secured and prevented from being altered. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a recording medium having a plurality of recording areas and a method for restricting access to each recording area for the recording medium.

  There are various types of recording media for recording various digital data (hereinafter referred to as data) such as music content, moving image content, and still image content, such as semiconductor recording media, magnetic disks, optical disks, and magneto-optical disks. Among these, semiconductor recording media are particularly popular in portable devices such as digital still cameras and mobile phone terminals because they are characterized in that they can be reduced in size and weight. Typical semiconductor recording media include memory cards such as SD memory cards, Memory Stick (registered trademark), and CompactFlash (registered trademark).

  Management of data stored in the recording area of these recording media is realized by a file system. In the file system, a recording area is divided into sectors that are minimum access units and clusters that are a set of sectors, and one or more clusters are managed as files.

  A FAT file system is an example of a file system that has been used conventionally (see Non-Patent Document 1 for details). The FAT file system has a feature that the physical storage position of data constituting a file is centrally managed by a table called FAT (File Allocation Table). Since a recording medium managed by such a file system can share files between devices that interpret the same file system, data can be exchanged between devices.

  In addition to the FAT file system, there are file systems such as the FAT32 file system, NTFS (New Technology File System), and UDF (Universal Disk Format), and their characteristics are also various.

  For example, when comparing the FAT file system and the FAT32 file system, the upper limit of the capacity of the recording area that can be managed by the former is 2 GB (2 gigabytes), whereas the latter is 2 TB (2 terabytes). However, the latter has a problem that it is wasteful to manage a small capacity recording area. Therefore, it is necessary to use the file system properly according to the usage such as capacity.

  Currently, the FAT file system is used for many semiconductor recording media. On the other hand, in recent years, the capacity of semiconductor recording media has been rapidly increasing, and there is a high possibility that semiconductor recording media having a recording capacity exceeding 2 GB, which is the maximum management capacity of the FAT file system, will be put into practical use in the near future. . Since it is impossible to manage such a large-capacity semiconductor recording medium by FAT, it is necessary to change the file system of the semiconductor recording medium from FAT to another file system.

  However, if the file system is changed, there is a problem that data cannot be exchanged between devices compatible with the conventional FAT file system.

  Conventionally, as a method for solving this problem, a method of providing an area for storing a plurality of file system management information and an area for storing common file data on a recording medium has been proposed (for example, see Patent Document 1).

However, since this conventional method uses common file data, it is necessary to update multiple file system management information when updating the file data, and the file data cannot be updated by a device that supports only a single file system. There is a problem. Therefore, a method of providing a plurality of recording areas on the recording medium and managing data with a different file system for each recording area can be considered. If this method is used, even if a device supports only a single file system, the file data can be updated in a recording area managed by the file system supported by the device. It becomes possible.
Japanese Patent Laid-Open No. 8-272541 ISO / IEC9293, “Information Technology-Volume and File Structure of Disk Cartridges Information”, 1994. Information Technology Volume and File Structure of Disk Cartridge for Information (1994)

  However, the above technique has the following problems. A host device that can execute a plurality of recording area switching processes and a plurality of file systems can easily switch recording areas and access data stored in each recording area. Here, each recording area is allocated to a plurality of users, and when a plurality of users share a single semiconductor recording medium by properly using the recording area, the recording area can be easily switched, Problems arise such that other users refer to user-specific data, and once written data is accidentally erased or overwritten.

  In the present invention, in view of the above problems, when switching to the file system of each recording area among a plurality of recording areas in the semiconductor recording medium, a restriction is imposed on switching of the recording area, such as setting a password. Accordingly, it is an object of the present invention to provide a recording medium that can implement secret protection and an access restriction method related to switching of recording areas of the recording medium.

  The main feature of the recording medium according to the present invention is that it includes a password information storage unit for storing a password when switching to each recording area.

  The access restriction method relating to recording area switching in the recording medium according to the present invention refers to the information in the password storage unit when switching the recording area, and the recording area depends on whether or not the password matches. The most important feature is that it can be switched.

  Using the recording medium according to the present invention and the access restriction method related to recording area switching in the recording medium, a semiconductor that realizes secret protection because the area cannot be switched unless the password is successfully authenticated. A recording medium can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, it is a matter of course that the technical scope of the present invention is not limited thereto.

(Embodiment 1)
FIG. 1 is a block diagram illustrating a configuration example of a recording medium 100 and a data processing device 200 according to Embodiment 1 of the present invention.

  The recording medium 100 includes a host interface unit 101, an area information storage unit 102, a command processing unit 103, a recording area switching unit 104, a password authentication unit 105, a memory controller 106, and a nonvolatile memory 107.

  The host interface unit 101 is a part that exchanges information with the data processing device 200 that is a host device of the recording medium 100.

  The area information storage unit 102 is a part that stores the start address and area length of each recording area in the nonvolatile memory 107, parameters for address determination, and the like, and is configured by a nonvolatile memory.

  The command processing unit 103 interprets and executes a command from the data processing device 200 received by the host interface unit 101, and performs processing to notify the result to the data processing device 200 via the host interface unit 101 as necessary. Part.

  The recording area switching unit 104 is a part that switches a recording area to be used in response to a request from the data processing device 200.

  The password authentication unit 105 is a part that performs authentication to determine whether the password received from the data processing apparatus 200 via the host interface unit 101 is correct.

  Although not shown in the figure, the command processing unit 103, the recording area switching unit 104, and the password authentication unit 105 are controllers with a CPU (Central Processing Unit) that controls the inside of the recording medium 100. This is the function implemented above.

  The memory controller 106 is a part that controls access to the nonvolatile memory 107.

  The nonvolatile memory 107 is a part for storing data, and is an area where arbitrary data from the data processing device 200 can be read and written. The nonvolatile memory 107 is composed of N (N is a natural number) recording areas 108 (recording area # 1,..., Recording area #N), and data in each recording area corresponds to each recording area. It is assumed that the file is managed by the file system.

  The data processing device 200 includes a recording medium interface unit 202 and an input / output processing unit 201.

  The input / output processing unit 201 is a part that transfers information such as commands and data to the recording medium 100 mounted on the recording medium interface unit 202.

  The recording medium interface unit 202 is hardware for mounting the recording medium 100.

  Details of the access restriction method relating to recording area switching in the present embodiment will be described below.

  FIG. 2 is a diagram showing a data configuration example of the area information storage unit 104 in the present embodiment.

  In the area information storage unit 102, an area identification number that is a number for uniquely identifying each recording area, a start address that indicates the start address of the recording area, an area length that indicates the size of the recording area, and currently valid A valid flag indicating the recording area being stored and a password required for switching the recording area are stored, and the area information including these sets of information corresponds to each recording area 108 in the nonvolatile memory 107. There are as many recording areas as there are recording areas. In the example of FIG. 2, the nonvolatile memory 107 is divided into N recording areas, and the first recording area (recording area # 1) is an area having a size of 100 MB from the top address of the nonvolatile memory 107. . Similarly, the second recording area (recording area # 2) is a 30 MB size area starting from a position shifted by 100 MB from the top of the nonvolatile memory 107, and the third recording area (recording area # 3) is a nonvolatile memory. An area of 8 GB in size starting from a position shifted by 130 MB from the top of 107 and an Nth area become an area of 6 GB in size starting from a position shifted by 10 GB from the top of the nonvolatile memory 107.

  The valid flag indicates which recording area is currently accessible (from the data processing apparatus) among the first to Nth recording areas. In the example of FIG. 2, the first recording area is the current recording area. It is set as accessible.

  The password is a password required when switching to the recording area to be accessed among the first to Nth recording areas. In the example of FIG. 2, the first and third recording areas are used. Since the password is “−”, no password is set, and the user can freely switch to the first and third recording areas. On the other hand, the password for the second recording area is “***”, and the password “***” is required when switching to the second recording area. Similarly, the password of the Nth recording area is “□□□”, and the password “□□□” is required when switching to the Nth recording area.

  FIG. 3A is a diagram illustrating a command format example of a command transmitted from the data processing apparatus 200 to the recording medium 100. In this example, the command has a length of 48 bits (that is, 6 bytes), and includes a 6-bit area for storing the command type and a 32-bit area for storing additional information corresponding to the command. The information stored in the other area is, for example, information for data transfer direction and error correction.

  FIG. 3B shows a LockPass command (lock pass command) for setting a password for each recording area and an UnLockPass command (unlock pass command) for releasing the password set for each recording area. A data configuration example is shown. The command type stores 6-bit information meaning LockPass or UnLockPass. In the additional information part, an area identification number indicating which part of the recording area is to be executed is stored.

  FIG. 3C shows a configuration example of command data for switching the recording area to be accessed in the recording medium 100. In the type of command, 6-bit information “AreaChange” (area change) indicating that the recording area is switched is stored. Similar to (b), the additional information part stores an area identification number indicating which part of the recording area the command is to be executed.

  FIG. 4A is a diagram showing an example of a data format that the data processing apparatus 200 transmits to the recording medium 100 following the command shown in FIG. In the example of FIG. 4A, the header has a length of 3 bytes, and is composed of information indicating a command type, information for identifying an area, information indicating a password length, and the like. When “0” is stored in the area indicating the length of the password, the password may not be input. The password storage area stores the password information.

  FIG. 4B shows a specific configuration example of the data format. FIG. 4B shows data for a command for executing LockPass for the area # 1, the password length is 20 bytes, and the password is “□□... ΔΔΔ ***”. An example of a configuration is shown.

  Note that, as information stored in the header, command type and information for identifying an area are illustrated, but such information may not be included, and the data format and size are particularly limited. Is not to be done.

  Next, the initialization process of the recording medium 100 in the present embodiment will be described. When the recording medium 100 is connected to the data processing apparatus 200, the data processing apparatus 200 transmits an initialization command to the recording medium 100 to initialize the recording medium 100. FIG. 5 is a flowchart showing a flow of initialization processing in the recording medium 100.

  In the initialization process, first, the host interface unit 101 of the recording medium 100 receives an initialization command from the data processing apparatus 200 (step S501).

  Next, each processing unit in the recording medium 100 and the non-volatile memory 107 are initialized to be accessible from the outside of the recording medium 100 (step S502).

  Next, the validity flag included in the first area information among the plurality of area information included in the area information storage unit 102 is set to “1” (valid) (step S503).

  Next, all the valid flags included in the area information other than the first area information are set to “0” (invalid) (step S504).

  Finally, the completion of the initialization process is notified to the data processing apparatus 200 via the host interface unit 110 of the recording medium 100 (S505).

  When the initialization process is completed, the area information storage unit 102 in the recording medium 100 is set with a valid flag only in the first area as shown in FIG. 6, and only the first recording area is accessed from the data processing apparatus 200. It will be ready.

  Next, password setting processing for each recording area in the recording medium according to the present embodiment will be described. As for the password setting process, the password setting command is transmitted from the data processing device 200 to the recording medium 100 by specifying the area identification number of the recording area in which the password is to be set. FIG. 7 is a flowchart showing the flow of password setting processing for each area in the recording medium 100.

  In the password setting process, first, the host interface unit 101 of the recording medium 100 receives a password setting command from the data processing device 200 (step S701). As shown in the example of FIG. 3B, the password setting command stores an area identification number (Num) for which a password is to be set.

  Next, the command processing unit 103 determines whether the recording medium 100 has been initialized (step S702). If not initialized, an error response is transmitted to the data processing device 200 via the host interface 101 of the recording medium 100, and the process is terminated (step S707).

  If it has been initialized, the password authentication unit 105 obtains information for each recording area stored in the area information storage unit 102 from the area designation number designated by the recording area switching command, and the password has been set. It is determined whether or not there is (step S703). If the password has already been set, an error response is transmitted to the data processing device 200 via the host interface 101 of the recording medium 100, and the process is terminated (step S707).

  If no password is set, the password authentication unit 105 transmits a command reception response to the data processing device 200 via the command processing unit 103 and the host interface 101 of the recording medium 100 (step S704).

  Next, the password authentication unit 105 receives data, which is a password to be set, from the host interface unit 101 of the recording medium 100 (step S705). The received password data is stored as a password for the corresponding recording area in the area information storage unit 102.

  Finally, the data processing apparatus 200 is notified via the host interface unit 101 of the recording area 100 that the password setting process for the recording area has been completed (step S706).

  Although an example in which a password can be set for each recording area 108 included in the recording medium 100 is shown here, a method in which a password can be set only for a recording area that is currently in an effective state may be used. More specifically, in the process of step S703 in the flowchart shown in FIG. 7, the area information storage unit 102 is searched and it is determined whether or not a password has been set in the area specified in step S701. A method may be used in which it is determined whether or not the valid flag is in a valid state (a state where the flag is “1”), and a password cannot be set unless the recording area is in a currently valid state.

  Next, password release setting processing for each recording area in the recording medium according to the present embodiment will be described. The password release setting process is executed by transmitting the password release setting command from the data data processing device 200 to the recording medium 100 by designating the area identification number of the recording area to which the password release setting is desired. FIG. 8 is a flowchart showing the flow of password release setting processing for each area in the recording medium 100.

  In the password release setting process, first, the host interface unit 101 of the recording medium 100 receives a password release setting command from the data processing device 200 (step S801). As shown in the example of FIG. 3B, the password release setting command stores an area identification number (Num) for which password release setting is desired.

  Next, the command processing unit 103 determines whether the recording medium 100 has been initialized (step S802). If not initialized, an error response is transmitted to the data processing apparatus 200 via the host interface 101 of the recording medium 100, and the process is terminated (step S808).

  If it has been initialized, the password authentication unit 105 acquires information for each recording area stored in the area information storage unit 102 from the area designation number designated by the password release setting command, and the password has been set. It is determined whether or not there is (step S803). If no password is set, an error response is transmitted to the data processing device 200 via the host interface 101 of the recording medium 100, and the process is terminated (step S808).

  If a password is set, the password authentication unit 105 transmits a command reception response to the data processing device 200 via the command processing unit 103 and the host interface 101 of the recording medium 100 (step S804).

  Next, the password authentication unit 105 receives data as a password from the host interface unit 101 of the recording medium 100 (step S805). The password authentication unit 105 authenticates whether or not the received password data matches the password of the corresponding recording area of the area information storage unit 102 (step S806). If the passwords do not match, an error response is transmitted to the data processing device 200 via the host interface 101 of the recording medium 100, and the process is terminated (step S808).

  If the passwords match, the password authentication unit 105 deletes the password stored in the area information storage unit 102, and indicates that the password deletion process for the recording area is possible. The data processing apparatus 200 is notified via the interface unit 101 (step S807).

  Here, an example has been shown in which a password can be set to be released for each recording area 108 included in the recording medium 100. However, a method in which only a password for a recording area that is currently valid may be released. More specifically, in the process of step S803 in the flowchart shown in FIG. 8, it is determined whether or not a password has been set in the area specified in step S801 in the area information storage unit 102, and at the same time, a valid flag It is possible to determine whether or not the password is in a valid state (a state of “1”), and a method in which password deletion setting processing cannot be performed if the recording area is not currently in a valid state may be used.

  Next, the recording area switching process in the present embodiment will be described. In the recording area switching process, the recording area switching command is transmitted from the data processing capital increase 200 to the recording medium 100 by specifying the area identification number of the recording area to be activated. FIG. 9 is a flowchart showing the flow of the recording area switching process in the recording medium 100.

  In the recording area switching process, first, the host interface unit 101 of the recording medium 100 receives a recording area switching command from the data processing apparatus 200 (step S901). As shown in FIG. 3C, the recording area switching command stores the area identification number (Num) of the area to be switched.

  Next, the command processing unit 103 determines whether or not the recording medium 100 has been initialized (step S902). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S910).

  If it has been initialized, the password authentication unit 105 obtains information for each recording area stored in the area information storage unit 102 from the area designation number designated by the recording area switching command, and the password is set. It is determined whether or not the current area is present (step S903). If no password is set, the process of step S907 described later is performed.

  If a password is set, the password authentication unit 105 transmits a command reception response to the data processing device 200 via the command processing unit 103 and the host interface 101 of the recording medium 100 (step S904).

  Next, the password authentication unit 105 receives password data from the host interface unit 101 of the recording medium 100 (step S905). Authentication is performed as to whether or not the received password data matches the password stored in the area information storage unit 102 (step S906). If the passwords do not match, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S910).

  If the passwords match, the recording area switching unit 104 refers to the area identification number specified by the recording area switching command, and sets the validity flag for the corresponding recording area in the area information storage unit 102 to “1” (valid) (Step S907).

  Next, the recording area switching unit 104 sets all the valid flags included in the area information other than the recording area for which the valid flag is set in step S907 to “0” (invalid) (step S908).

  Finally, the data processing apparatus 200 is notified via the host interface unit 101 of the recording medium 100 that the recording area switching process has been completed (step S909).

  An example of the area information storage unit 102 in the recording medium 100 after the recording area switching process is shown in FIG. FIG. 10 shows an example in which “3” is designated as the area identification number. The valid flag is set to be valid only for the third area, and only the third area can be accessed from the data processing device 200.

  Next, an access procedure to the recording medium 100 in the present embodiment will be described by taking a data reading process as an example. Data reading / writing from the recording medium 100 is executed by transmitting a data reading / writing command, that is, a Read / Write command, to the recording medium 100. FIG. 11 is a flowchart showing a flow of data reading processing of the recording medium 100.

  In the data reading process, first, the host interface unit 101 of the recording medium 100 receives a Read command from the data processing apparatus 200 (step S1101). The Read command has a format in which a reading start address is designated by the first argument Offs and a reading size is designated by the second argument Size as Read (Offs, Size).

  Next, the command processing unit 103 determines whether the recording medium 100 has been initialized (step S1102). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S1110).

  If it has been initialized, the command processing unit 103 searches the region information in the region information storage unit 102 for region information whose validity flag is “1” (valid) (step S1103).

  Next, the area length AS is acquired from the result of S1103 (step S1104).

  Next, the area length AS is compared with the value obtained by adding Size to Offs, and it is confirmed whether or not all the read areas are included in the accessible area (step S1105). If the AS is smaller, the read area exceeds the accessible area, so an error response is transmitted to the data processing apparatus 200 via the host interface unit 101 of the recording medium 100, and the process ends (step S1110).

  When the area length AS is larger or equal, the start address A0 is acquired from the area information of the search result (step S1106).

  Next, Offs ′ obtained by adding the start address A0 to Offs is calculated in order to determine the reading start position of the recording area (step S1107).

  Next, the data for Size is read from the position of Offs', and the data is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100 (step S1108).

  Finally, the data processing apparatus 200 is notified of the completion of the data reading process via the host interface unit 101 of the recording medium 100 (step S1109).

  As described above, the information on the currently effective recording area is managed in the recording medium 100, and the access position designated by the data processing device 200 is converted into the physical address of the currently effective recording area. Thus, it is possible to access a specific recording area among the recording areas divided into a plurality of parts.

  Next, a procedure for changing (setting) the area length of each recording area of the nonvolatile memory 107 in the present embodiment will be described. The area length setting process is executed by transmitting an area length setting command from the data processing device 200 to the recording medium 100 by specifying the area identification number, start address, and size of the recording area to be set. FIG. 12 is a flowchart showing the flow of the area length setting process in the recording medium 100.

  In the area length setting process, first, the host interface unit 101 of the recording medium 100 receives an area length setting command from the data processing apparatus 200 (step S1201). In the area length setting command, an area identification number (Num), a start address (A0), and an area length (Size) to be set are designated. FIG. 13 shows an example of commands for setting these. In the example of FIG. 13, the area designation number (Num) is set with the AreaChange command shown in FIG. 13A, the start address (A0) is set with the SetA0 command shown in FIG. 13B, and FIG. The area length (Size) is set by the SetSize command shown in FIG. 13, and finally the start of the area length setting is instructed by the ChangeAreaSize command shown in FIG. 13 (d).

  Next, the command processing unit 103 determines whether or not the recording medium 100 has been initialized (step S1201). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 110 of the recording medium 100, and the process is terminated (step S1208).

  If it has been initialized, the command processing unit 102 checks whether the recording area specified by A0 and Size is included in a recording area other than the Num-th recording area (step S1203). If the recording area is included, the Num-th recording area after setting the area length overlaps with other recording areas, so an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the processing is performed. Is finished (step S1208).

  If the recording area is not included, area information relating to the Num-th recording area is searched from the area information storage unit 102 (step S1204).

  Next, the start address and area length of the area information related to the Num-th recording area searched in S1204 are changed to A0 and Size, respectively (step S1205).

  Next, the value of the address attribute is determined from the size designated in S1201, and the address attribute of the area information regarding the Num-th area is updated. As a method of determining the address attribute, for example, when it is smaller than a certain threshold (fixed value), it is determined as 0 (byte unit), and when it is larger, it is determined as 1 (sector unit) (step S1206).

  Finally, the data processing apparatus 200 is notified via the host interface unit 101 of the recording medium 100 that the area length setting process has been completed (step S1207).

  In the area length setting process, if the recording area after setting does not overlap with other recording areas, the area length can be set by the above procedure. The address attribute is automatically determined according to the new area length.

  Here, an example has been shown in which the area length of each recording area 108 of the nonvolatile memory 107 can be set by sending an area length setting command, but in order to set these area lengths, area information storage is performed. When a password is stored in the unit 102, a method may be used in which the area length can be set only after the password authentication is successful. On the contrary, a method in which the password is stored in the area information storage unit 102 and the password is invalidated by resetting the area may be used. Furthermore, when the recording area length is set to be smaller, a method of performing a process of erasing data stored in the removed recording area may be used.

  Subsequently, when two recording areas are merged into one recording area among the recording areas of the nonvolatile memory 107 in the present embodiment, the recording area after setting overlaps with the other recording areas. It is necessary to perform the above-described area length setting process after deleting one recording area. Next, the recording area deletion process will be described. FIG. 14 is a flowchart showing the flow of area deletion processing in the recording medium 100.

  In the area deletion process, first, the host interface unit 101 of the recording medium 100 receives an area deletion command from the data processing apparatus 200 (step S1401). As shown in the example of FIG. 15, in the area deletion command, 6-bit information indicating Del Area (delete area) is stored in the command type, and the area identification number (Num) of the area to be deleted is stored in the additional information. ing.

  Next, the command processing unit 103 determines whether the recording medium 100 has been initialized (step S1402). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S1406).

  If it has been initialized, area information relating to the Num-th recording area is searched from the area information storage unit 102 (step S1403).

  Next, both the start address and area length of the area information related to the Num-th recording area searched in S1403 are changed to 0 (step S1404).

  Finally, the data processing apparatus 200 is notified via the host interface unit 101 of the recording medium 100 that the area deletion processing has been completed (step S1405).

  Here, it has been shown that the deletion process of each recording area 108 of the nonvolatile memory 107 can be realized by transmitting an area deletion processing command. However, in order to delete these recording areas, the area information storage unit 102 In the case where the password is stored, the method may be such that it is possible to delete the recording area that is started when the password authentication is successful. Furthermore, a method may be used in which stored data is deleted when the recording area is deleted.

  Subsequently, the recording area of the recording medium is divided into an area that can be accessed by a general user (user area) and an area where data can be stored securely by restricting access by a general user (protect area). The case will be described. The protected area is an area that can be accessed only after successful mutual authentication processing for authenticating that the data processing apparatus 200 and the recording medium 100 are mutually valid devices. Such a protected area is used to realize advanced copyright protection functions. Digital content is encrypted and stored in the user data area, and the key used for encryption is stored in the protected area. Is done.

  FIG. 16 shows an example of information stored in the area information storage unit 102 when the recording area is separated into a user area and a protect area.

  The difference from the example shown in FIG. 2 is that not only the user area management information 1601 but also the protected area management information 1602 is included. Similarly to the user area, the protected area is managed by a plurality of area identification numbers, and an area having a valid flag “1” is an effective area. For example, in FIG. 16, the area of area identification number 2 has a protected area start address of 1 MB, an area length of 2 MB, and the validity flag indicating that this area is valid is “1”. .

  Although not shown, when the recording area is divided into the user area and the protected area as described above, the recording area associated with the area identification number can be managed in each area. Similar to the area, the area can be switched by a protection area switching command.

  In this example, the user area and the protect area are managed by separate area management information. However, the user area and the protect area correspond to each other one-to-one, and the user area and the protect area can be obtained by one type of switching command. A method of switching both may be used.

  According to the first embodiment of the present invention described above, it is possible to switch to a desired recording area by issuing a recording area switching command before accessing data in the recording medium 100. In addition, when a password is set in the recording area, it is possible to switch to a desired recording area after successful password authentication. Therefore, when the nonvolatile memory 107 in the recording medium 100 is divided into a plurality of parts and different file systems are constructed in the respective recording areas, a file system that can be interpreted by the data processing apparatus 200 is constructed. In a recording medium configured to be able to select and access a recording area, it is possible to prevent confidentiality and falsification of data stored in the recording area by setting a password.

  In the embodiment of the present invention, the method for setting a password for each area in the area information storage unit 102 has been described. However, as shown in FIG. 17, password storage for newly storing a password in addition to the configuration of FIG. Section 1701 is provided, and as shown in FIG. 18, the area information storage section 102 is provided with information on the presence / absence of password setting for each recording area, and the password storage section 1701 stores information for each area as shown in FIG. A method for managing passwords may be used. Furthermore, at this time, as shown in FIG. 19B, a method may be used in which a password for each area is stored in the password storage unit 1701 as one type without providing a password for each area. Furthermore, the password may be data input by a user using the data processing device 200, but may be an ID unique to the data processing device 200, and the data structure of the password is not particularly limited. .

  Furthermore, in the embodiment of the present invention, an example in which the command for setting the password and the command for canceling the password setting are different is shown. There may be a method of executing by a command (command for changing a password) or a method of setting / deleting a password as one of additional information in a command for setting an area. Also, a method in which a password is included in an argument of a command that requires a password, such as a password included in an argument of the area switching command, may be used.

  Furthermore, although not shown in the figure, there is a method in which a reset can be executed by providing a command for deleting both the password and the data stored in the recording area where the password is set, and executing the command. Alternatively, a method may be used in which a master password capable of operating passwords recorded in all recording areas is set, and all password operations can be executed by authenticating the master password. In this case, a method capable of realizing acquisition of password information set for each recording area may be used.

(Embodiment 2)
FIG. 20 is a diagram illustrating a configuration example of the recording medium 100 and the data processing device 200 according to Embodiment 2 of the present invention.

  Here, what is different from the configuration shown in FIG. 1 of the first embodiment is that a memory attribute changing unit 2001 is added. Since other configurations are the same, description thereof will be omitted.

  The memory attribute changing unit 2001 is a part that performs processing to change the setting of the memory in the recording area to a readable / writable setting or a setting that allows only reading.

  FIG. 21 is a diagram illustrating a data configuration example of the recording information storage unit 102 according to the second embodiment of the present invention.

  The difference from the configuration shown in FIG. 2 of the first embodiment is that information regarding memory attributes is stored. “R / W” indicating that reading / writing is possible for each recording area and “R” indicating that only reading is possible are stored. For example, the area indicated by the identification number 2 in FIG. 21 is an example showing that the memory attribute is “R” and is a recording area that can only be read.

  Further, the password is a password required when changing the memory attribute among the first to Nth recording areas. In the example of FIG. 21, the passwords of the first and third recording areas are “ Since “-” is set, the password is not set, and the user can freely change the attribute of the recording area. On the other hand, the password for the second recording area is “***”, and the password “***” is required to change the memory attribute from the setting that allows only reading (“R”). It becomes. Similarly, the password of the Nth recording area is “□□□”, and the memory attribute of the Nth recording area is changed from the current readable / writable setting (“R / W”). Requires the password “□□□”.

  FIG. 22 is a diagram illustrating a command format example of a command transmitted from the data processing apparatus 200 to the recording medium 100. FIG. 22C shows a configuration example of command data for changing the memory attribute of the recording area. The command type stores 6-bit information of Set_Attribute indicating that the attribute of the recording area is changed. In the additional information, an area identification number indicating which area the command is executed is stored. The other FIGS. 22A and 22B are the same as the configurations of FIGS. 3A and 3B shown in the first embodiment, and thus the description thereof is omitted here.

  In addition, the password setting for the attribute of each recording area in the present embodiment is the same as the password setting process or the password release setting process in the first embodiment, and the description thereof is omitted here.

  Next, the recording area attribute setting process according to the present embodiment will be described. In the attribute setting process, an attribute setting command is transmitted from the data processing capital increase 200 to the recording medium 100 by specifying the area identification number of the recording area to be activated. FIG. 23 is a flowchart showing the flow of setting the recording area attribute in the recording medium 100.

  In the recording area attribute setting process, first, the host interface unit 101 of the recording medium 100 receives a recording area attribute setting command from the data processing apparatus 200 (step S2301).

  Next, the command processing unit 103 determines whether or not the recording medium 100 has been initialized (step S2302). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S2309).

  If it has been initialized, the password authentication unit 105 obtains information for each recording area stored in the area information storage unit 102 from the area designation number designated by the attribute setting command, and the password is set. It is determined whether or not it is an area (step S2303). If a password is not set, the process of step S2307 described later is performed.

  When a password is set, the password authentication unit 105 transmits a command reception response to the data processing device 200 via the command processing unit 103 and the host interface 101 of the recording medium 100 via the host interface 101 of the recording medium 100. (Step S2304).

  Next, the password authentication unit 105 receives password data from the host interface unit 101 of the recording medium 100 (step S2305). Authentication is performed as to whether or not the received password data matches the password stored in the area information storage unit 102 (step S2306). If the passwords do not match, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S2309).

  If the passwords match, the memory attribute changing unit 2001 refers to the area identification number specified by the attribute setting command, and sets the attribute for the corresponding recording area in the area information storage unit 102 to the attribute specified by the command. (Step S2307).

  Finally, the data processing device 200 is notified via the host interface unit 101 of the recording medium 100 that the recording area attribute setting processing has been completed (step S2308).

  Next, an access procedure to the recording medium 100 in the present embodiment will be described by taking a data writing process as an example. Data reading / writing from the recording medium 100 is executed by transmitting a data reading / writing command, that is, a Read / Write command, to the recording medium 100. FIG. 24 is a flowchart showing a flow of data reading processing of the recording medium 100.

  In the data reading process, first, the host interface unit 101 of the recording medium 100 receives a Write command from the data processing apparatus 200 (step S2401). The Write command has a format in which a write start address is designated by the first argument Offs and a write size is designated by the second argument Size, such as Write (Offs, Size).

  Next, the command processing unit 102 determines whether or not the recording medium 100 has been initialized (step S2402). If not initialized, an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S2411).

  If it has been initialized, the command processing unit 103 searches the region information in the region information storage unit 102 for region information whose validity flag is “1” (valid) (step S2403).

  Next, the area information storage unit 102 determines whether or not a valid recording area is writable from the result of step S2403 (step S2404). If it is not a writable area, an error response is transmitted to the data processing apparatus 200 via the host interface unit 101 of the recording medium 100, and the process is terminated (step S2411).

  If it is a writable area, the area length AS is acquired from the result of S1103 (step S2405).

  Next, AS is compared with the value obtained by adding Size to Offs, and it is confirmed whether or not the read area is included in the accessible area (step S2405). If the AS is smaller, the read area exceeds the accessible area, so an error response is transmitted to the data processing device 200 via the host interface unit 101 of the recording medium 100, and the process ends (step S2411).

  When AS is larger or equal, start address A0 is acquired from the area information of the search result (step S2407).

  Next, Offs ′ obtained by adding A0 to Offs is calculated in order to determine the writing start position of the recording area (step S2408).

  Next, the data for Size from the position of Offs' is received from the data processing apparatus 200 via the host interface unit 101 of the recording medium 100 and written (step S2409).

  Finally, the data processing apparatus 200 is notified via the host interface unit 101 of the recording medium 100 that the data writing process has been completed (S2410).

  According to the second embodiment of the present invention described above, since it is possible to set a password for switching the attributes of the recording area, the data stored in each recording area can be altered or deleted due to an erroneous operation. Prevention can be realized.

  In the embodiment of the present invention, the method for setting a password for each area in the area information storage unit 102 has been described. However, as in the example shown in FIG. 17 of the first embodiment, as shown in FIG. In addition to the configuration of FIG. 20, a password storage unit 1701 for newly storing a password is provided, and information on the presence / absence of password setting is provided as shown in FIG. 26. In the password storage unit 1701, the password storage unit 1701 in FIG. Similarly to the method shown in a), a method for managing a password for each recording area may be used. At this time, as in the case shown in FIG. 19B, a method may be used in which a password for each area is stored in the password storage unit 1701 as one type without providing a password for each area. . Furthermore, the password may be data input by a user using the data processing device 200, but may be an ID unique to the data processing device 200, and the data structure of the password is not particularly limited. .

  Furthermore, in the embodiment of the present invention, an example in which the command for setting the password and the command for canceling the password setting are different is shown. There may be a method of executing by a command (command for changing a password) or a method of setting / deleting a password as one of additional information in a command for setting an area. Also, a method in which a password is included in an argument of a command that requires a password, such as a password included in an argument of an attribute change command, may be used.

  Further, although not shown in the figure, there is a method in which a reset can be executed by providing a command for deleting both the password and the data stored in the recording area where the password is set, and executing the command. Alternatively, a method may be used in which a master password capable of operating passwords recorded in all recording areas is set, and all password operations can be executed by authenticating the master password. In this case, a method capable of realizing acquisition of password information set for each recording area may be used.

  Although not shown, in the present invention, an example of password setting for area switching is shown in the first embodiment, and an example of password setting for area attribute change is shown in this embodiment. The password may be set for both of the attribute change and the attribute change, and the function shown in the first embodiment and the present embodiment may be realized at the same time.

  The recording medium according to the present invention and the access restriction method and the attribute change method for switching the recording area in the recording medium are provided with a function of storing password information for each recording area in the recording medium, and the recording area switching process and the recording area By accompanying the password authentication process to the attribute change, it can be applied to the confidentiality protection and tampering prevention of the stored data.

1 is a block diagram showing a configuration example of a recording medium and a data processing device in Embodiment 1 of the present invention. The conceptual diagram which showed an example of the area | region information storage part in Embodiment 1 Conceptual diagram showing an example of a command format in the first embodiment Conceptual diagram showing an example of a data format in the first embodiment A flowchart showing an example of initialization processing in the first and second embodiments The conceptual diagram which showed an example of the area | region information storage part after the initialization process in Embodiment 1 A flowchart showing an example of password setting processing in the first and second embodiments The flowchart which shows an example of the cancellation | release setting process of the password in Embodiment 1 and 2 A flowchart showing an example of area switching processing in the first embodiment The conceptual diagram which showed an example of the area | region information storage part in Embodiment 1 A flowchart showing an example of data reading processing in the first embodiment A flowchart showing an example of a data area length setting process in the first embodiment Conceptual diagram showing an example of a region length setting command in the first embodiment Flowchart showing an example of area deletion processing in the first embodiment Conceptual diagram showing an example of the area deletion setting command in the first embodiment The conceptual diagram which showed an example of the area | region information storage part in Embodiment 1 FIG. 2 is a block diagram showing a configuration example of a recording medium and a data processing device in the first embodiment The conceptual diagram which showed an example of the area | region information storage part in Embodiment 1 The conceptual diagram which showed the structural example of the password storage part in Embodiment 1 The block diagram which showed the structural example of the recording medium in the same Embodiment 2, and a data processor The conceptual diagram which showed an example of the area | region information storage part in Embodiment 2 Conceptual diagram showing an example of a command format in the second embodiment Flowchart illustrating an example of recording area attribute setting processing in the second embodiment A flowchart showing an example of a data writing process to a recording medium in the second embodiment The block diagram which showed the structural example of the recording medium in the same Embodiment 2, and a data processor The conceptual diagram which showed the structural example of the area | region information storage part in 2 in the embodiment

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Recording medium 101 Host interface part 102 Area information storage part 103 Command processing part 104 Recording area switching part 105 Password authentication part 106 Memory controller 107 Non-volatile memory 108 Recording area 200 Data processing apparatus 201 Input / output processing part 202 Recording medium interface part 230 Data processing unit 1701 Password storage unit 2001 Memory attribute change unit

Claims (16)

A recording medium comprising a nonvolatile memory capable of reading or writing various digital data by access from a data processing device,
The recording medium is
A host interface unit for transmitting and receiving data as an access I / F from the data processing device;
A command processing unit for analyzing commands or data from the data processing device;
Multiple recording areas;
An area information storage unit for storing information for managing the plurality of recording areas;
A recording area switching unit for setting a recording area accessible from the data processing device among the plurality of recording areas;
A password authenticating unit that authenticates whether a password that is arbitrary digital data is valid,
A recording medium switching command for switching the plurality of recording areas of the recording medium accessible from the data processing device is not executed unless the password is valid in the password authentication unit. A recording medium comprising a nonvolatile memory capable of reading or writing various digital data by access from a data processing device,
The recording medium is
A host interface unit for transmitting and receiving data as an access I / F from the data processing device;
A command processing unit for analyzing commands or data from the data processing device;
Multiple recording areas;
An area information storage unit for storing information for managing the plurality of recording areas;
Each recording area of the plurality of recording areas includes a memory attribute changing unit configured to allow only reading or setting enabling both reading and writing for access from the data processing device,
A recording medium, wherein an attribute of a memory that is an individual recording area can be changed by a memory attribute change command that changes an attribute of each of the plurality of recording areas from the data processing device. A recording medium comprising a nonvolatile memory capable of reading or writing various digital data by access from a data processing device,
The recording medium is
A host interface unit for transmitting and receiving data as an access I / F from the data processing device;
A command processing unit for analyzing commands or data from the data processing device;
Multiple recording areas;
An area information storage unit for storing information for managing the plurality of recording areas;
A memory attribute changing unit that sets each of the plurality of recording areas to a setting that allows only reading or reading and writing for access from the data processing device;
A password authenticating unit that authenticates whether a password that is arbitrary digital data is valid,
A memory attribute change command for changing attributes of individual recording areas of the plurality of recording areas from the data processing device is not executed unless the password is valid in the password authentication unit. 4. The recording medium according to claim 1, wherein the password is set for each recording area of the plurality of recording areas. The recording medium according to any one of claims 1 to 3, wherein the password can be set for each recording area of the plurality of recording areas. 4. The recording medium according to claim 1, wherein the password is the same for each recording area of the plurality of recording areas. The recording medium can set the password for each recording area of the plurality of recording areas, and the password set for each recording area of the plurality of recording areas is a password that is arbitrary digital data The recording medium according to claim 1, wherein the recording medium can be set by authenticating. The recording medium receives a password set before each recording area and a command to delete data stored in the recording area from the plurality of recording areas, and executes the command. The recording medium according to claim 1. 4. The recording medium according to claim 1, wherein the recording medium receives a command for setting the password from the data input device, and the password can be set for each of the plurality of recording areas. The recording medium described in 1. 2. The recording medium processes only a command for setting the password for the recording area that is accessible from the data input device among the plurality of recording areas. 4. The recording medium according to any one of 3. The recording medium receives, from the data input device, a command capable of releasing the password set for each recording area of the plurality of recording media, and receives a password for the individual recording area. 4. The recording medium according to claim 1, wherein the recording medium is released. The said recording medium processes only the command which can perform the cancellation | release of the said password with respect to the said recording area which can be accessed from the said data input device among these recording areas. Item 4. The recording medium according to any one of Items 1 to 3. When the recording medium receives and processes a command for expanding each recording area and a command for deleting each recording area with respect to the plurality of recording areas, the password is applied to each recording area. 4. The recording medium according to claim 1, wherein a command for performing the extension or a command for performing the deletion is not executed when “” is set. 5. When the recording medium receives and processes a command for expanding each recording area and a command for deleting each recording area with respect to the plurality of recording areas, the password is applied to each recording area. The password setting is reset when the command for performing the extension or the command for performing the deletion is executed when the password is set. Recording media. A recording area switching method for a recording medium including a nonvolatile memory capable of reading or writing various digital data by access from a data processing device,
A recording area switching step for setting a recording area accessible from the data processing device among a plurality of recording areas;
A password authentication step for authenticating whether or not a password that is arbitrary digital data is valid,
It is determined whether or not the recording area switching command for switching the plurality of recording areas of the accessible recording medium input from the data processing device is executed according to the authentication result of the password in the password authentication step. Recording medium access restriction method. A recording area switching method for a recording medium including a nonvolatile memory capable of reading or writing various digital data by access from a data processing device,
A memory attribute changing step in which each recording area of the plurality of recording areas is set to be readable only or set to be readable and writable for access from the data processing device;
A password authentication step for authenticating whether or not a password that is arbitrary digital data is valid,
Memory medium access command for changing the attribute of each recording area of the plurality of recording areas from the data processing device is determined whether or not to execute the memory attribute change command according to the authentication result of the password in the password authentication step Restriction method.

Images