JP5524122B2 - Information processing apparatus and information processing method - Google Patents

Description

  The present invention relates to an information processing apparatus and an information processing method, and more specifically, even when data in which plaintext data and ciphertext data are mixed is handled by a hard disk drive, encryption or decryption is appropriately performed according to the type of data. TECHNICAL FIELD

  As an encryption method for encrypting data in units of blocks, when initial data is encrypted, a preset initial vector (IV) is used, and for data other than the initial data, the data immediately before that data is used. There is known a block encryption method that performs encryption by using CES, that is, an AES (Advanced Encryption Standard) CBC (Cipher Block Chaining) mode.

  When data stored in a hard disk drive (HDD) is encrypted or decrypted using the AES CBC mode, an initial vector is preset for each sector (also referred to as a sector address) of the hard disk drive. It is known how to keep it. Thus, when accessing a predetermined sector of the hard disk drive in order to execute data writing or reading, the initial vector set in the sector is used to encrypt the data to be written or read. Or it can be decrypted.

  By the way, a hard disk drive device corresponding to NCQ (Native Command Queuing) of SATA (Serial Advanced Technology Attachment) has a buffer for queuing 32 commands, and when multiple commands are queued, access efficiency is increased. So that the execution order of commands for accessing sectors is automatically changed on the hard disk drive side.

  For example, when the hard disk drive receives a write command to the hard disk drive in the order of sectors 0, 1, 2, and 3, the execution order of the write command is changed to, for example, sectors 2, 1, 0, and 3 with the highest access efficiency. Change in the order. Further, when the hard disk drive receives a read command to the hard disk drive again in the order of sectors 0, 1, 2, and 3 in order to read data written in a predetermined sector, the execution order of the read command is changed to: For example, the sectors are changed in the order of sectors 1, 0, 3, and 2 where the access efficiency is highest. At this time, the execution order of the write command and the execution procedure of the read command are different. As described above, the number order of the sectors designated by the write command or the read command is different from the execution order of the write command or the read command by the hard disk drive.

  When the AES CBC mode is adopted in the hard disk drive corresponding to the SATA NCQ, the number order of the sectors indicated by the write command or the read command, and the write command or the read command by the hard disk drive Therefore, even if the encryption is performed in the CBC mode of the AES using the initial vector preset in the sector before accessing the predetermined sector, the actually accessed sector is different, There was a problem that data could not be encrypted or decrypted properly.

In order to solve the problem, for example, Japanese Patent Application Laid-Open No. 2009-187646 (Patent Document 1) queues a plurality of commands for requesting data transfer to and from the memory and queued commands. An encryption / decryption device for a hard disk drive that determines the execution order of the above is disclosed. In the encryption / decryption device, in response to a plurality of commands queued in the hard disk drive, sector address information indicating a sector address of the hard disk drive specified by each command and the transfer in the memory are transmitted. And an information table for storing the address range of the requested data in association with each other. The encryption / decryption device first receives an access request from the hard disk drive and outputs an address for accessing the memory. Next, the encryption / decryption device searches the address range including the address output from the control unit with reference to the information table, and based on the sector address information corresponding to the found address range Get the sector address. The encryption / decryption device uses the initial vector generated based on the acquired sector address when encrypting the head data when encrypting the data in block units. Further, the encryption / decryption device encrypts data other than the head data by using data immediately before the data, and encrypts data to be transferred from the memory to the hard disk drive. The encryption / decryption device decrypts data encrypted by the block encryption method when it is transferred from the hard disk drive to the memory using an initial vector generated based on the information table. Turn into.

  With this configuration, the sector address is acquired based on the sector address information specified for each command and the address range of the information table, and an initial vector is generated based on the sector address. Therefore, even if the order of the sector numbers designated for each command and the execution order in which the commands are executed are different, the information table can correctly correspond the predetermined initial vector to the predetermined sector address. It is possible to encrypt or decrypt appropriately.

JP 2009-187646 A

  However, the technique described in Patent Document 1 is applicable when a plurality of queued commands are commands related to all encrypted data (ciphertext data). For example, the plurality of commands However, there is a problem that it cannot be applied when the command related to the ciphertext data and the command related to unencrypted data (plaintext data) are mixed. That is, in the technique disclosed in Patent Document 1, when the encryption / decryption device corresponding to the AES CBC mode receives a plurality of data from the hard disk or a predetermined memory, it determines whether the data is ciphertext data or plaintext data. Therefore, there is a problem that encryption or decryption cannot be appropriately performed according to the type of received data.

  Further, when the hard disk drive is compatible with the NCQ that changes the execution order of the received plurality of commands, the types of the plurality of data transmitted from the hard disk drive based on the plurality of commands transmitted to the hard disk drive. It becomes more difficult to specify (whether it is plaintext data or ciphertext data). Therefore, when a command related to plaintext data and a command related to ciphertext data coexist, the encryption / decryption device corresponding to the AES CBC mode and the hard disk drive corresponding to the NCQ cannot be used together. There's a problem.

  Therefore, the present invention has been made to solve the above problem, and even when data in which plaintext data and ciphertext data are mixed is handled by a hard disk drive, encryption is appropriately performed according to the type of data. It is an object of the present invention to provide an information processing apparatus and an information processing method that can be converted or decoded.

  In order to solve the above-described problems and achieve the object, the present invention provides an information processing apparatus including a SATA host controller and a hard disk drive device. When the SATA host controller receives an access request for accessing a sector address indicating a predetermined memory area of a storage medium of the hard disk drive device, the SATA host controller transmits a command corresponding to the access request to the hard disk drive device. When the hard disk drive receives a plurality of commands, the hard disk drive device changes the execution order of the commands based on the sector address designated for each command.

  The hard disk drive device corresponds to NCQ (Native Command Queuing), for example.

  The information processing apparatus includes a partition information storage unit, an access request determination unit, and a divided transmission unit. The partition information storage means stores the sector address and partition information indicating whether the data stored in the sector address is plaintext data or ciphertext data as a partition information table. Further, the access request determination means, when the access request is transmitted to the SATA host controller, collates the sector address included in the access request with the sector address of the partition information table, thereby It is determined whether all the sector addresses included in the data are a mixture of a plaintext data sector address and a ciphertext data sector address, or only a plaintext data or ciphertext data sector address. In addition, when all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, the divided transmission means sends the access request as one access request designating one sector address. Each unit access request is divided and transmitted to the SATA host controller for each divided unit access request.

  With this configuration, when all the sector addresses included in the access request are a mixture of plaintext data sector addresses and ciphertext data sector addresses, that is, a plurality of commands to be issued by the SATA host controller are issued. If the command related to plaintext data and the command related to ciphertext data are mixed, the access request is divided into a plurality of unit access requests and transmitted to the SATA host controller. Therefore, it is possible to avoid a situation in which the type of data received by the encryption / decryption means is a mixture of ciphertext data and plaintext data in response to the access request. That is, it is not necessary for the encryption / decryption means to determine the type of data. As a result, even when data in which plaintext data and ciphertext data are mixed is handled by a hard disk drive device that changes the execution order of multiple commands, it is appropriately encrypted or decrypted according to the type of data. It becomes possible.

  Further, when all the sector addresses are plaintext data or ciphertext data sector addresses, it is possible to adopt a configuration including a simultaneous transmission means for transmitting the access request to the SATA host controller.

  Furthermore, when the command transmitted to the hard disk drive device by the SATA host controller is a command related to ciphertext data, the data transferred by the command is divided into a plurality of data blocks, and among the divided data blocks, A cipher that encrypts or decrypts a head data block using a predetermined initial vector, and encrypts or decrypts a data block other than the head data block using data immediately before the data block. A configuration including encoding / decoding means can be employed.

  The encryption / decryption means corresponds to, for example, an AES (Advanced Encryption Standard) CBC (Cipher Block Chaining) mode.

  The information processing apparatus can be applied to an image processing apparatus.

  In addition, the present invention can be provided as an information processing method of an information processing apparatus including the SATA host controller and the hard disk drive device. That is, in the information processing method, when the access request is transmitted to the SATA host controller, the sector address and partition information indicating whether the data stored in the sector address is plaintext data or ciphertext data. It has a reference step for referring to the partition information storage means for storing in association with the partition information table. The information processing method collates the sector address included in the access request with the sector address of the referenced partition information table, so that all the sector addresses included in the access request are the plaintext data sector address and ciphertext. There is an access request determination step for determining whether the data is mixed with the sector address of data or only the sector address of plaintext data or ciphertext data. In the information processing method, when all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, the access request is a unit that is one access request that designates one sector address. There is a divided transmission step of dividing the access request and transmitting the divided unit access request to the SATA host controller. Even with this configuration, the same effect as described above can be obtained.

  Further, the present invention can be provided as a program for causing a computer to circulate individually via a telecommunication line or the like. In this case, the central processing unit (CPU) realizes the control operation in cooperation with each circuit other than the CPU according to the program of the present invention. Each means realized by using the program and the CPU can also be configured by using dedicated hardware. The program can also be distributed in a state where it is recorded on a computer-readable recording medium such as a CD-ROM.

  According to the information processing apparatus and the information processing method of the present invention, even when data in which plaintext data and ciphertext data are mixed is handled by the hard disk drive, it is appropriately encrypted or decrypted according to the type of data. It becomes possible.

1 is a conceptual diagram illustrating an overall internal configuration of a multifunction peripheral according to an embodiment of the present invention. It is an enlarged view of the image reading part which concerns on embodiment of this invention. It is a conceptual diagram which shows the whole structure of the operation part which concerns on embodiment of this invention. It is a figure which shows the structure of the control system hardware of the multifunctional device and information processing part which concern on embodiment of this invention. 2 is a functional block diagram of a multifunction peripheral and an information processing unit in the embodiment of the present invention. FIG. It is a flowchart for showing the execution procedure which concerns on embodiment of this invention. The figure (FIG. 7 (A)) which shows an example of the mail transmission function screen displayed on the touchscreen which concerns on embodiment of this invention, and the 1st figure (FIG. 7) which shows an example of the access request which concerns on embodiment of this invention 7 (B)). FIG. 8 is a diagram (FIG. 8A) illustrating an example of a partition information table according to the embodiment of the present invention, and a second diagram (FIG. 8B) illustrating an example of an access request according to the embodiment of the present invention. FIG. 9A shows an example of an access request according to the embodiment of the present invention (FIG. 9A), and FIG. 9B shows an example of an access request according to the embodiment of the present invention. It is.

  In the following, an embodiment of an image processing apparatus provided with an information processing apparatus of the present invention will be described with reference to the accompanying drawings for understanding of the present invention. In addition, the following embodiment is an example which actualized this invention, Comprising: The thing of the character which limits the technical scope of this invention is not. In addition, the alphabet “S” added in front of the numbers in the flowcharts means steps.

<Image processing apparatus and information processing apparatus>
Hereinafter, an image processing apparatus (for example, a multifunction peripheral) including the information processing apparatus (for example, an information processing unit) according to the present invention will be described.

  FIG. 1 is a conceptual diagram showing an overall internal configuration of a multifunction machine according to the present invention. However, details of each part not directly related to the present invention are omitted.

  The multifunction peripheral 100 of the present invention corresponds to, for example, a printer, a single scanner, or a multifunction peripheral including a printer, a copy, a scanner, a fax machine, and the like. As an example, the operation of the multifunction device 100 when providing a document copy function using the multifunction device will be briefly described.

  When the user uses the multifunction peripheral 100 to copy, for example, a document P, the document P is placed on the document table 101 or the table 102 shown in FIG. 1 and the operation unit 103 provided near the document table 101 is operated. Enter the copy conditions and instruct the copy. The configuration of the operation unit 103 will be described later. When there is an instruction for copying, printing is performed by the following units (drive units) operating.

  That is, as shown in FIG. 1, the multifunction peripheral 100 of the present invention includes a main body 104 and a platen cover 105 attached above the main body 104. A document table 101 is provided on the upper surface of the main body 104, and the document table 101 is opened and closed by a platen cover 105. The platen cover 105 is provided with an automatic document feeder 106, a placement table 102, and a sheet discharge table 107.

  The automatic document feeder 106 includes a document conveyance path 108 formed in the platen cover 105, a pickup roller 109 and conveyance rollers 110A and 110B provided in the platen cover 105, and the like. The document conveyance path 108 is a document conveyance path that leads from the mounting table 102 to the paper discharge table 107 via a reading position X where reading is performed by the image reading unit 111 provided in the main body 104.

  The automatic document feeder 106 pulls out documents one by one from a plurality of documents placed on the table 102 to the inside of the conveyance path 108 by a pickup roller 109, and passes the document drawn by the conveyance rollers etc. through the reading position X. Then, the paper is discharged onto the paper discharge tray 107 by the transport roller 110B. When the document passes through the reading position X, the document is read by the image reading unit 111.

  The image reading unit 111 is provided below the document table 101, and its details are shown in FIG. The image reading unit 111 includes a first light source 112 that illuminates the document table 102 in the main scanning direction, a slit 113 that selectively allows light from the document table to pass, and a mirror 114 that guides light from the document table. , The second moving carriage 117 including mirrors 116A and 116B that reflect the reflected light from the first moving carriage 115 again, and a lens group 118 that optically corrects the light guided by the mirror, An image sensor 119 that receives light corrected by the lens group 118, an image data generation unit that converts light received by the image sensor 119 into an electrical signal, and performs correction processing, image quality processing, compression processing, and the like as necessary. 120.

  When reading a document on the automatic document feeder 106, the light source 112 moves to a position where the reading position X can be irradiated and emits light. Light from the light source 112 is reflected by a document that passes through the document table 101 and passes through the reading position X, and is guided to the image sensor 119 by the slit 113, mirrors 114, 116A, and 116B, and the lens group 118. The image sensor 119 converts the received light into an electrical signal and transmits it to the image data generation unit 120. The light received by the image sensor 119 is input to the image data generation unit 120 as analog electrical signals of R (red), G (green), and B (blue), where analog-digital conversion is performed. Digitized. Further, the image data generation unit 120 uses the sequentially converted digital signal as unit data, and generates image data including a plurality of unit data by performing correction processing, image quality processing, compression processing, and the like on the unit data.

  Further, the image reading unit 111 can read not only a document conveyed by the automatic document feeder 106 but also a document placed on the document table 101. When reading the document placed on the document table 101, the first carriage 114 moves in the sub-scanning direction while emitting the light source 112, so that the optical path length from the light source 112 to the image sensor 119 is constant. The second moving carriage 117 moves in the direction of the image sensor 119 at a half speed of the first moving carriage 115.

  The image sensor 119 electrically outputs the light from the document placed on the document table 101 based on the light guided to the mirrors 114, 116 A, and 116 B, as in the case of the document conveyed to the automatic document feeder 106. The signal is converted into a signal, and based on this, the image data generation unit 120 generates image data and stores it in the storage unit 120B.

  Image data stored in the storage unit 120B is to be printed by an image forming unit 121 described later, or a terminal device (personal computer) connected to the MFP 100 and a network 120A such as a LAN by a communication unit 120C. It is transmitted to other multifunction devices, other copiers, printers, facsimiles and other terminal devices. The transmission function is, for example, a fax function (facsimile transmission function), an electronic mail transmission function, or the like.

  Further, the image data stored in the storage unit 120B is stored in a storage medium (hard disk) of the hard disk drive device 120E mounted inside the information processing unit 120D according to the type of data. In response to an instruction from the operation unit 103, the information processing unit 120D stores predetermined image data in the storage medium of the hard disk drive device 120E, and reads data from the storage medium. The hard disk drive device 120E is connected to the information processing unit 120D via a SATA (Serial Advanced Technology Attachment) host controller (not shown), and a predetermined memory of a storage medium according to a command from the SATA host controller. An area (sector address, also referred to as LAB) is accessed. In addition to the image data, the data stored in the storage medium also stores the transmission destination (address, destination) of the terminal device used for the transmission function described above, and the name / company name associated with the address. Is done. The information processing unit 120D is provided with an encryption / decryption unit (not shown) that encrypts specific data transmitted / received (transferred / exchanged) between the information processing unit 120D and the hard disk drive device 120E. It is configured to generate or decode. The data to be encrypted / decrypted is, for example, image data such as a transmission destination, a name / company name, and a confidential document that are personal information. The data that is not subject to encryption / decryption is image data such as a normal document. Details will be described later.

  An image forming unit 121 that prints image data is provided below the image reading unit 111 of the main body 104. The image data that can be printed by the image forming unit 121 is generated by the image data generating unit 120 as described above or received from the terminal connected to the network 120A.

  As a printing method performed by the image forming unit 121, an electrophotographic method is used. That is, the photosensitive drum 122 is uniformly charged by the charger 123, and then a latent image is formed on the photosensitive drum 122 by irradiating the photosensitive drum 122 with a laser 124, and toner is attached to the latent image by the developing device 125. In this method, a visual image is formed and the visible image is transferred to a transfer medium by a transfer roller.

  In a multi-function device that supports full-color images, the developing device (rotary developing device) 125 is rotated in the circumferential direction around a rotation axis that is configured in a direction perpendicular to the paper surface of FIG. The developing unit storing the toner is disposed at a position facing the photosensitive drum 122. In this state, the latent image on the photosensitive drum 122 is developed with toner stored in the developing device 125 and transferred to the intermediate transfer belt 126A. The developing unit 125 includes four developing units 125 (Y), (C), (M), and yellow (Y), cyan (C), magenta (M), and black (K), respectively. (K). By repeating the transfer to the intermediate transfer belt 126A for each color, a full-color image is formed on the intermediate transfer belt 126A.

  A transfer medium on which a visible image is printed, that is, a sheet, is placed on a sheet feeding tray such as a sheet feeding cassette 132, 133, or 134.

  When the image forming unit 121 performs printing, one transfer medium is pulled out from any one of the paper feed trays by using the pickup roller 135, and the transferred transfer medium is intermediate transfer belt by the transport roller 136 or the registration roller 137. It is fed between 126A and the transfer roller 126B.

  When the visible image on the intermediate transfer belt 126A is transferred to the transfer medium fed between the intermediate transfer belt 126A and the transfer roller 126B, the image forming unit 121 uses the conveyance belt 127 to fix the visible image. The transfer medium is sent to the fixing unit 128 (fixing device). The fixing unit 128 includes a heating roller 129 with a built-in heater and a pressure roller 130 pressed against the heating roller 129 with a predetermined pressure. When the transfer medium passes between the heating roller 129 and the pressure roller 130, the visible image is fixed to the transfer medium by heat and a pressing force to the transfer medium. The fixed transfer medium is discharged to a discharge tray 131.

  Through the above procedure, the multi-function device 100 provides the user with a copy function process.

  FIG. 3 is a conceptual diagram showing the overall configuration of the operation unit according to the present invention.

  The user uses the operation unit 103 to input setting conditions and the like for the image processing as described above, and to confirm the input setting conditions and the like. When the setting conditions and the like are input, a touch panel 301 (operation panel), a touch pen 302, and operation keys 303 provided in the operation unit 103 are used.

  The touch panel 301 employs an analog resistance film method, and has a structure in which a translucent upper film and a lower glass substrate are overlapped via a spacer, and each of the upper film and the lower glass substrate. A transparent electrode layer made of ITO (Indium Tin Oxide) or the like is provided on the opposing surface. Further, when the upper film is pressed by the user, the transparent electrode layer on the upper film side and the transparent electrode layer on the lower glass substrate side corresponding to the pressed position are in contact with each other. By applying a voltage to the upper film or the lower glass substrate and taking out a voltage value corresponding to the pressed position from the lower glass substrate or the upper film, a coordinate value (pressed position) corresponding to the voltage value is detected. When the detected pressing position is included in a display area such as a setting condition key in the screen displayed on the touch panel, the setting condition or the like is input.

  In addition, a display unit such as an LCD (Liquid Crystal Display) is provided below the lower glass substrate, and the display unit displays a screen such as an initial screen, for example, so that a specific screen is displayed on the touch panel. Is displayed. Thereby, the touch panel 301 has both a function for inputting setting conditions and the like and a function for displaying the screen.

  In addition, a touch pen 302 is provided in the vicinity of the touch panel 301. When the user touches the touch pen 301 with the tip of the touch pen 302, the coordinate value corresponding to the contact position (pressed position) is the same as described above. The user can press and select the displayed key or the like with the touch pen 302.

  Further, a predetermined number of operation keys 303 are provided in the vicinity of the touch panel 301, and for example, a numeric keypad 304, a start key 305, a clear key 306, a stop key 307, a reset key 308, and a power key 309 are provided.

  Next, the configuration of the control system hardware of the MFP 100 and the information processing unit 120D will be described with reference to FIG. FIG. 4 is a diagram illustrating a configuration of control system hardware of the multifunction peripheral 100 and the information processing unit 120D according to the present invention. However, details of each part not directly related to the present invention are omitted.

  In the control circuit of the multifunction peripheral 100, a CPU (Central Processing Unit) 401, a ROM (Read Only Memory) 402, a RAM (Random Access Memory) 403, and a driver 404 corresponding to each drive unit are connected by an internal bus 405. For example, the CPU 401 uses the RAM 403 as a work area, executes a program stored in the ROM 402 or the like, and exchanges data and instructions from the driver 404 and the information processing unit 120D based on the execution result. The operation of each driving unit shown in FIG. 1 is controlled.

  An internal interface 406a is also connected to the internal bus 405 of the control circuit, and the internal interface 406a connects the control circuit of the information processing unit 120D and the control circuit of the multi-function device 100. The CPU 401 receives a command signal from a control circuit such as the information processing unit 120D via the internal interface 406a, or transmits a command signal, data, or the like to the control circuit such as the information processing unit 120D.

  A communication interface 406b is also connected to the internal bus 405 of the control circuit, and the communication interface 406b is connected to the network 120A via a communication cable. The network 120A is connected to a terminal which is a device different from the multifunction peripheral 100, and the CPU 401 transmits (image) data to the terminal connected to the network 120A via the communication interface 406b. Receive data from the terminal.

  The control circuit of the information processing unit 120D includes an internal bus 407, a CPU 408, a ROM 409, a RAM 410, an internal interface 411, and a hard disk drive device 120E (HDD (Hard Disk Drive)). When the CPU 408 receives an instruction or data from the CPU 401 of the multifunction peripheral 100 via the internal interface 411, the CPU 408 transmits an instruction to the hard disk drive device 120E via the SATA host controller 506 based on the instruction. The data is stored (written) in the storage medium of the hard disk drive device 120E, and the data is read (obtained) from the storage medium. The functions of the CPU 408, ROM 409, and RAM 410 are the same as described above, and the respective means (shown in FIG. 5) described later are realized by the CPU 408 executing programs. The ROM 409 stores programs and data for realizing each means described below.

  Further, the hard disk drive device 120E is provided with a control unit 412 for controlling transmission / reception of data to / from the storage medium, and the control unit 412 receives from the information processing unit 120D via the SATA host controller. For example, the execution order of the plurality of instructions (commands) is changed and executed so as to increase the access efficiency to the storage medium. The control unit 412 performs the same processing when reading data from the storage medium and when writing data to the storage medium.

<Embodiment of the present invention>
Next, the configuration and execution procedure according to the embodiment of the present invention will be described with reference to FIGS. FIG. 5 is a functional block diagram of the MFP 100 and the information processing unit 120D of the present invention. FIG. 6 is a flowchart for illustrating the execution procedure of the present invention.

  First, when the user turns on the power of the multifunction device 100, the display receiving unit 501 of the multifunction device 100 displays a preset initial screen (for example, a function selection screen, not shown) on the touch panel 301.

  When the user selects the (electronic) mail transmission key displayed on a predetermined tab in the function selection screen while looking at the function selection screen, the display reception unit 501 receives the selection of the mail transmission key. The mail transmission function screen is displayed on the touch panel (FIG. 6: S101).

  In the mail transmission function screen 700, as shown in FIG. 7A, a message “Please enter the e-mail transmission conditions.” 701 indicating the mail transmission function and the destination (for example, e-mail) Address book 702 capable of selecting an address), a folder 703 capable of selecting an attached image (image data), an attached image preview key 704 for displaying the attached image as a preview image, an OK key 705, and a cancel key 706. Is displayed.

  Here, the user selects a predetermined transmission destination (for example, transmission destination “A” 702a) of the address book 702 while viewing the mail transmission function screen 700, and also determines predetermined image data (for example, the transmission destination “A” 702a). When the image data “document A” 703a) is selected and the OK key 705 is selected, the display receiving unit 501 receives the selection of the OK key 705 and notifies the function execution unit 502 (FIG. 6: S102 YES). ). When the transmission destination “A” 702a and the image data “document A” 703a are stored in the hard disk drive 120E, the function execution unit 502 that has received the notification transmits the transmission destination “A” 702a and the image. An access request for acquiring the data “document A” 703a from the hard disk drive device 120E is generated (FIG. 6: S103).

  As shown in FIG. 7B, the generated access request 707 includes an instruction “read” 708 for reading the transmission destination “A” 702a and the hard disk drive device in which the transmission destination “A” 702a is stored. A sector address “0052” 709 corresponding to the memory area of the storage medium 508 (hard disk) of 120E, an instruction “read” 710 for reading the image data “document A”, and a sector address “0780” of the image data “document A” 711.

  When the function execution unit 502 generates the access request 707, the function execution unit 502 notifies the access request determination unit 503 to that effect, and the access request determination unit 503 that has received the notification is stored in the partition information storage unit 504 in advance. The partition information table is referred to (FIG. 6: S104).

  As shown in FIG. 8A, the partition information table 800 includes a sector address 801 (for example, “0000-01FF” 801a and “0600-07FF” 801b indicating a predetermined range of sector addresses) of the storage medium 508. And partition information 802 (for example, “plaintext” 802a, “ciphertext” 802b, etc.) indicating whether the data stored in the sector address 801 is plaintext data or ciphertext data is stored in association with each other.

  Here, the partition information table 800 is created based on the storage medium 508 of the hard disk drive device 120E. In the memory area of the storage medium 508 corresponding to the sector address 801 of the partition information table 800, data (plaintext data or ciphertext data) corresponding to the partition information 802 of the partition information table 800 is stored.

  For example, in the memory area of the storage medium 508 corresponding to the sector address “0000-01FF” 801a of the partition information table 800, the destination “A” 702a, which is ciphertext data, is stored in the sector address “ 0052 ”709. Further, in the memory area of the storage medium 508 corresponding to the sector address “0600-07FF” 801b of the partition information table 800, the image data “document A” 703a which is normal data, that is, plaintext data, has a sector address “0780”. ”711.

  The access request determination unit 503 refers to the partition information table 800 to obtain a sector address (for example, “0052” 709) included in the access request 707, and uses the obtained sector address in the partition information table 800. The sector address 801 (for example, “0000-01FF” 801a) is collated. As a result of the collation, the access request determination unit 503 refers to the partition information 802 (eg, “ciphertext” 802b) corresponding to the sector address 801 of the collated partition information table 800, and uses the referenced partition information 802. Then, the sector address type (for example, “0052” 709) of the plaintext data or the ciphertext data is specified (step S105 in FIG. 6).

  The access request determination unit 503 executes the specification of the sector address type for all the sector addresses included in the access request 707, and when the specification of the sector address type for all the sector addresses is completed. Then, it is determined whether all of the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, or only plaintext data or ciphertext data sector addresses (FIG. 6: S106).

<When all sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses>
Here, as described above, the sector address “0052” 709 of the transmission destination “A” 702a is the sector address “0000-01FF” 801a of the ciphertext data corresponding to the “ciphertext” 802b of the partition information 802, The sector address “0780” 711 of the image data “document A” 703a is the sector address “0600-07FF” 801b of plaintext data corresponding to “plaintext” 802a of the partition information 802. Therefore, the access request determination unit 503 determines that all the sector addresses included in the access request 707 are a mixture of a plaintext data sector address and a ciphertext data sector address (FIG. 6: S106 YES).

  When the access request determination unit 503 makes the determination, the access request determination unit 503 notifies the division transmission unit 505 to that effect. Receiving the notification, the division transmission unit 505 divides the access request 707 into unit access requests which are one access request designating one sector address (FIG. 6: S107).

  In the above case, as shown in FIG. 8B, the access request 707 includes an instruction “read” 803 for reading the transmission destination “A” 702a of the ciphertext data and the sector address of the transmission destination “A” 702a. A unit access request 805 composed of “0052” 804 (referred to as a ciphertext unit access request), an instruction “read” 806 for reading the image data “document A” 703a of plaintext data, and the image data “document A” Are divided into unit access requests 808 (referred to as plaintext unit access requests) composed of sector addresses “0780” 807 of “703a”.

  When the divided transmission unit 505 divides the access request 707 into two unit access requests, the divided transmission unit 505 transmits the divided unit access requests to the SATA host controller 506 (FIG. 6: S108).

  In the above case, first, the divided transmission means 505 transmits a ciphertext unit access request (unit access request regarding the destination “A” 702a) to the SATA host controller 506 (FIG. 6: S108), and the ciphertext Upon receiving the unit access request, the SATA host controller 506 sends one command (a command related to ciphertext data and a ciphertext command) corresponding to the ciphertext unit access request in accordance with the SATA AHCI (Advanced Host Controller Interface) protocol. Issued (FIG. 6: 109).

  Then, the SATA host controller 506 transmits the issued ciphertext command to the control unit 507 of the hard disk drive device 120E, and the control unit 507 that has received the ciphertext command receives the ciphertext command based on the ciphertext command. Access to 508 is executed (FIG. 6: S110).

  Here, the split transmission unit 505 causes the SATA host controller 506 to transmit one ciphertext command corresponding to the unit access request to the control unit 507 of the hard disk drive 120E. Therefore, the control unit 507 accesses the sector address of the storage medium 508 specified by the received one ciphertext command without executing NCQ (Native Command Queuing) described later, and instructs the corresponding one command. In accordance with “Read”, the data stored in the sector address (here, encrypted transmission destination “A”) is read. Then, the control unit 507 transmits the read data to the SATA host controller 506. In response to the ciphertext command received earlier, the SATA host controller 506 that has received the data notifies the encryption / decryption means 509 to that effect (FIG. 6: S111 YES). The means 509 decrypts the data (FIG. 6: S112), and the decrypted data (transmission destination “A” 702a) is provided in advance in the information processing unit 120D corresponding to the hard disk drive device 120E. The data is stored in a predetermined memory 510.

  Here, when the encryption / decryption means 509 supports the CBC (Cipher Block Chaining) mode of AES (Advanced Encryption Standard), the data (encrypted destination “A”) is converted into a plurality of data blocks. The first data block is decoded using a predetermined initial vector among the plurality of divided data blocks, and the data block other than the first data block is used using the data immediately before the data block. To decrypt. As a result, the data is decrypted.

  In the case of data encryption, the encryption / decryption means 509 obtains unencrypted data stored in the memory 510 and executes encryption corresponding to the above-described AES CBC mode. Then, the data is transmitted to the hard disk drive device 120E via the SATA host controller 506. The initial vector may be any initial vector, for example, an initial vector determined in advance corresponding to a sector address specified by a command.

  When the decrypted data is stored in the memory 510, the SATA host controller 506 notifies the split transmission means 505 to that effect. Here, since the divided unit access request (plaintext unit access request) still exists (FIG. 6: S113 NO), the divided transmission means 505 that has received the notification sends the plaintext unit access request to the SATA host controller 506. And repeats transmission of the unit access request to the SATA host controller 506 (FIG. 6: S108).

  The SATA host controller 506 that has received the plaintext unit access request issues one command corresponding to the plaintext unit access request (a command relating to plaintext data, a plaintext command) according to the AHCI protocol (FIG. 6: S109). The SATA host controller 506 transmits the issued plain text command to the control means 507. The control means 507 that has received the plaintext command receives data from the sector address of the storage medium 508 specified by the plaintext command according to the instruction “read” corresponding to the plaintext command (here, the image data “document A” of the plaintext data). 703a) is read (command is executed) (FIG. 6: S110), and the read data is transmitted to the SATA host controller 506. The SATA host controller 506 that has received the data stores the data in the memory 510 as it is in response to the plaintext command received earlier (FIG. 6: S111 NO). Thus, the ciphertext data transmission destination “A” 702a and the plaintext image data “document A” 703a are appropriately acquired from the hard disk drive 120E.

  As described above, even if the access request 707 by the function execution unit 502 includes a mixture of a plaintext access request for accessing plaintext data and a ciphertext access request for accessing ciphertext data, the access request 707 may be a plurality of unit accesses. Since it is divided into requests, plaintext data or ciphertext data is handled for each unit access request. For this reason, even the encryption / decryption means 509 (in the AES CBC mode) that cannot determine whether the data is ciphertext data or plaintext data can appropriately decrypt (or encrypt) only the ciphertext data. It becomes possible. Further, even when the hard disk drive 120E (corresponding to NCQ) that changes the execution order of the plurality of commands upon receiving a plurality of commands corresponding to the access request, the access request is divided for each unit access request. Therefore, it is possible to avoid a situation in which the order of the ciphertext data and the plaintext data is changed, and it is possible to appropriately decrypt (or encrypt) only the ciphertext data.

  In S113, if the unit access requests to be transmitted are lost as a result of the sequential transmission of unit access requests (FIG. 6: S113 YES), the divided transmission means 505 confirms that there is no unit access request to be transmitted. The function execution unit 502 is notified of this. Upon receiving the notification, the function execution unit 502 executes the e-mail transmission function using the data stored in the memory 510, that is, the transmission destination “A” 702a and the image data “document A” 703a ( FIG. 6: S114).

  Specifically, the function execution unit 502 acquires the transmission destination “A” 702a and the image data “document A” 703a from the memory 510, and stores in advance a destination column of an e-mail stored in a predetermined format. The transmission destination “A” 702a is inserted into the e-mail, and the image data “document A” 703a is attached to the e-mail. Next, the function execution means 502 creates the e-mail by inserting additional information such as a predetermined title (for example, “attachment of document”) and date (A year B month C day) into the e-mail. To do. When the function execution unit 502 creates the electronic mail, the electronic mail is transmitted to the terminal device corresponding to the transmission destination “A” 120a via the network 120A. Thereby, the e-mail transmission function is executed.

<When all sector addresses are ciphertext data sector addresses>
Next, a case where all the sector addresses are the ciphertext data sector addresses will be described.

  In S101, when the user selects the transmission destination “A” 702a of the address book 702 and the encrypted image data “confidential document A” 703b of the folder 703, and selects the OK key 705, the display acceptance is performed. The means 501 accepts the selection of the OK key 705 (FIG. 6: S102 YES), and the function execution means 502 sends the transmission destination “A” 702a and the image data “confidential document A” 703b to the hard disk drive 120E. An access request for obtaining from is generated (FIG. 6: S103).

  As shown in FIG. 9A, the generated access request 901 includes an instruction “read” 902 for reading the transmission destination “A” 702a, a sector address “0052” 903 of the transmission destination “A” 702a, An instruction “read” 904 for reading the image data “confidential document A” 703a and a sector address “0520” 905 of the image data “confidential document A” 703a are configured.

  When the function execution unit 502 generates the access request 901, the access request determination unit 503 refers to the partition information table 800 (FIG. 6: S104), and the sector address included in the access request 901 is plaintext data. The sector address of the ciphertext data is specified (FIG. 6: S105). When all the sector addresses included in the access request are specified as plaintext data sector addresses or ciphertext data sector addresses, the access request determination unit 503 determines that all the sector addresses are plaintext data sector addresses. And the sector address of ciphertext data, or only the sector address of plaintext data or ciphertext data is determined (FIG. 6: S106).

  In the above case, the sector address “0052” 903 of the transmission destination “A” 702a is the sector address “0000-01FF” 801a of the ciphertext data corresponding to the “ciphertext” 802b of the partition information 802, and the image data “ The sector address “0520” 905 of the confidential document A ”703b is also the sector address“ 0400-05FF ”of the ciphertext data. Therefore, the access request determination unit 503 determines that all the sector addresses included in the access request 901 are all the sector addresses of ciphertext data (FIG. 6: S106 NO), and notifies the simultaneous transmission unit 511 accordingly. To do. Upon receiving the notification, the simultaneous transmission unit 511 transmits the access request 901 as it is to the SATA host controller 506 (FIG. 6: S115), and the SATA host controller 506 that has received the access request 901 responds to the access request 901. A corresponding command is issued (FIG. 6: S116).

  Here, as shown in FIG. 9A, the access request 901 includes a ciphertext access request 906 related to the destination “A” 702a and a ciphertext access request 907 related to the image data “confidential document A” 703b. It consists of. Therefore, the SATA host controller 506 issues two ciphertext commands corresponding to each access request simultaneously in accordance with the SATA AHCI protocol.

  The SATA host controller 506 that has issued the two ciphertext commands transmits the two ciphertext commands to the control unit 507, and the control unit 507 that has received the two ciphertext commands is designated for each command. Based on the sector address, the command execution order is changed, and each ciphertext command is executed.

  More specifically, the control unit 507 changes the execution order of the two received commands to an execution order that improves the access efficiency to the storage medium 508 (FIG. 6: S117). For example, the sector address of the transmission destination “A” 702a corresponding to the first ciphertext command is “0052” 903, and the sector address of the image data “confidential document A” 703b corresponding to the next ciphertext command is “0520”. 905, and the order of the sector addresses from which the access efficiency is improved is the order from “0520” to “0052”, the control means 507 determines the execution order of the two commands from the order received (from “0052”). The order is changed from “0520” to the order in which the access efficiency is improved (from “0520” to “0052”). This corresponds to the NCQ. Thereby, the access efficiency to the storage medium 508 increases, and the time required for the access is shortened.

  Then, the control means 507 accesses each sector address corresponding to the order in which the access efficiency is improved, and sequentially reads the data stored in the sector address according to the command instruction “read” corresponding to each sector address. (FIG. 6: S118). The order of the read data is the order of the image data “confidential document A” 703b with the sector address “0520” 905 and the transmission destination “A” 702a with the sector address “0052” 903.

  Further, the control means 507 changes the data order to the order in which the command is received (original order), which is the order of the transmission destination “A” 702a and the image data “confidential document A” 703b. (FIG. 6: S119), the read data is sequentially transmitted to the SATA host controller 506. The SATA host controller 506 that has sequentially received the data notifies the encryption / decryption means 509 to that effect in response to the ciphertext command received earlier (FIG. 6: S120 YES), and the encryption / decryption that has received the notification. The conversion unit 509 decodes the sequentially received data (FIG. 6: S121).

  Here, the encryption / decryption means 509 corresponds to the above-described AES CBC mode without discriminating the data type (ciphertext data or plaintext data) from the two data received sequentially. Although each data is decrypted, since the two data are all ciphertext data, they are appropriately decrypted. That is, even if the encryption / decryption means 509 cannot determine whether the received data is ciphertext data or plaintext data, the ciphertext data can be appropriately decrypted. The encryption / decryption means 509 stores a plurality of decrypted data in a predetermined memory 510.

  When the decrypted data is stored in the memory 510, the SATA host controller 506 notifies the simultaneous transmission means 511 to that effect, and the simultaneous transmission means 511 that has received the notification notifies the hard disk drive device. After confirming that there is no need for further access to 120E, the function execution means 502 is notified of this. Upon receiving the notification, the function execution unit 502 executes the e-mail transmission function using the data (transmission destination “A” 702a, image data “confidential document A” 703b) stored in the memory 510 (FIG. 6: S114). Thus, when the access request 901 is a ciphertext access request for accessing all ciphertext data, it is possible to use both the NCQ of the hard disk drive device and the AES CBC mode.

<When all sector addresses are plaintext data sector addresses>
A case where all sector addresses are plaintext data sector addresses will be described.

  In S101, the user simply selects two unencrypted image data “Document A” 703a and “Document B” 703c from the folder 703 in order to confirm a plurality (for example, two) of image data. When the attached image preview key 704 is selected, the display accepting unit 501 accepts the selection of the attached image preview key 704 (FIG. 6: S102 YES), and the function executing unit 502 selects the two image data “document”. An access request for acquiring “A” 703a and “document B” 703b from the hard disk drive 120E is generated (FIG. 6: S103).

  As shown in FIG. 9B, the generated access request 908 includes an instruction “read” 909 for reading the image data “document A” 703a and a sector address “0780” 910 of the image data “document A” 703a. And an instruction “read” 911 for reading the image data “document B” 703c and a sector address “0250” 912 of the image data “document B” 703c.

  When the function execution unit 502 generates the access request 908, the access request determination unit 503 refers to the partition information table 800 (FIG. 6: S104), and all sector addresses included in the access request are plaintext. Whether the sector address of data or the sector address of ciphertext data is specified (FIG. 6: S105). The access request determination unit 503 determines whether all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, or only plaintext data or ciphertext data sector addresses. Determination is made (FIG. 6: S106).

  In the above case, the sector address “0780” 910 of the image data “document A” 703a is the sector address “0600-07FF” 801b of the plaintext data, and the sector address “0250” 912 of the image data “document B” 703c is also the same. The sector address of plaintext data is “0200-03FF”. Therefore, the access request determination unit 503 determines that all the sector addresses are plaintext data sector addresses (FIG. 6: S106 NO), and notifies the simultaneous transmission unit 511 accordingly. Upon receiving the notification, the simultaneous transmission unit 511 transmits the access request 908 as it is to the SATA host controller 506 (FIG. 6: S115), and the SATA host controller 506 that has received the access request 908 responds to the access request 908. A corresponding command is issued (FIG. 6: S116).

  Here, as shown in FIG. 9B, the access request 908 includes a plaintext access request 913 relating to the image data “document A” 703a and a plaintext access request 914 relating to the image data “document B” 703c. Composed. Therefore, the SATA host controller 506 issues two plaintext commands corresponding to each access request simultaneously according to the SATA AHCI protocol.

  The SATA host controller 506 that issued the two plaintext commands transmits the two plaintext commands to the control unit 507, and the control unit 507 that has received the two plaintext commands executes the execution order of the two plaintext commands, That is, the execution order of the received two plaintext commands (order from “0780” to “0250”) is changed to an execution order (order from “0250” to “0780”) that improves the access efficiency to the storage medium ( FIG. 6: S117). This corresponds to the NCQ described above. Then, the control means 507 accesses each sector address corresponding to the changed order, and sequentially reads the data stored in the sector address (FIG. 6: S118). The order of the read data is the order of the image data “document B” 703c with the sector address “0780” and the image data “document A” 703a with the sector address “0780”.

  Then, the control means 507 changes the order of the read data to the order of the image data “document A” 703a and the image data “document B” 703c, which is the order in which the command is received (FIG. 6: S119). The SATA host controller 506 sequentially transmits the data to the SATA host controller 506, and stores the data in the memory 510 as it is in response to the plaintext command received earlier (FIG. 6: S120 NO). Let

  When the data is stored in the memory 510, the simultaneous transmission unit 511 confirms that there is no need to further access the hard disk drive device 120E, and notifies the function execution unit 502 to that effect. Upon receiving the notification, the function execution unit 502 acquires data (image data “document A” 703a, image data “document B” 703c) stored in the memory 510, and acquires the acquired image data “document A” 703a, The image data “document B” 703c is displayed as a preview image on the e-mail transmission function screen 700, respectively, and the preview function is executed (FIG. 6: S114). Accordingly, when the access request 908 is a plaintext access request for accessing all plaintext data, the NCQ of the hard disk drive device 120E can be used.

  As described above, the information processing unit 120D of the present invention includes the SATA host controller 506 and the hard disk drive device 120E corresponding to the SATA NCQ, and whether the sector address and the data stored in the sector address are plaintext data. A partition information storage unit 504 is provided for storing the partition information indicating the ciphertext data in association with the partition information table 800. Further, when the access request is transmitted to the SATA host controller 506, the information processing unit 120D checks the sector address included in the access request with the sector address of the partition information table 800, thereby Access request determination means 503 for determining whether all sector addresses included in the access request are a mixture of a plaintext data sector address and a ciphertext data sector address or only a plaintext data or ciphertext data sector address. Is provided. Then, when all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, the information processing unit 120D sends the access request as one access request that designates one sector address. Are divided into unit access requests, and divided transmission means 505 for transmitting the divided unit access requests to the SATA host controller 506 is provided.

  As a result, when all the sector addresses included in the access request are a mixture of plaintext data sector addresses and ciphertext data sector addresses, that is, a plurality of commands to be issued by the SATA host controller 506 are issued. If the command relating to plaintext data and the command relating to ciphertext data are mixed, the access request is divided into a plurality of unit access requests and transmitted to the SATA host controller 506. Therefore, it is possible to avoid a situation in which the type of data received by the encryption / decryption means 509 is a mixture of ciphertext data and plaintext data in response to the access request. That is, the encryption / decryption unit 509 does not need to determine the type of data. As a result, even when data in which plaintext data and ciphertext data are mixed is handled by the hard disk drive device 120E that changes the execution order of a plurality of commands, it is appropriately encrypted or decrypted according to the type of data. It becomes possible to do.

  For example, when commands related to plaintext data and commands related to ciphertext data coexist, the information processing unit 120D of the present invention uses the encryption / decryption means 509 corresponding to the AES CBC mode and the hard disk drive corresponding to the NCQ. The device 120E can be used together.

  In the embodiment of the present invention, the generated access request is an access request related to data reading at a predetermined sector address. However, other access requests, for example, an access request related to data writing at a predetermined sector address. Even if it exists, it is possible to obtain the same effect.

  In the embodiment of the present invention, the generated access request is composed of two access requests. For example, the maximum number 32 is set so that the generated access request corresponds to the SATA AHCI protocol. Even if the access request is composed of individual access requests, the same effect can be obtained.

  In the information processing unit 120D according to the embodiment of the present invention, the electronic mail transmission function (email transmission service) of the multi-function device 100 is adopted. It can also be adopted. Furthermore, in the embodiment of the present invention, the case where the information processing unit 120D is applied to the multifunction peripheral 100 has been described. However, various image processing devices, various image processing devices, and various types including the information processing unit 120D (information processing device) are described. Even when applied to an image display device or the like, the same effects can be obtained.

  In the embodiment of the present invention, the information processing unit 120D is configured to include each unit. However, the program that realizes each unit may be stored in a storage medium and the storage medium may be provided. . In this configuration, the information processing unit 120D or the multi-function device 100 reads the program, and the information processing unit 120D or the multi-function device 100 implements the respective units. In that case, the program itself read from the recording medium exhibits the effects of the present invention. Furthermore, it is possible to provide a method for storing the steps executed by each means in a hard disk.

  As described above, the information processing apparatus and the information processing method according to the present invention are useful not only for multifunction peripherals but also for copying machines, printers, and the like, and in the case where data in which plaintext data and ciphertext data are mixed is handled by a hard disk drive. Even so, it is effective as an information processing apparatus and information processing method capable of appropriately encrypting or decrypting according to the type of data.

DESCRIPTION OF SYMBOLS 100 MFP 120D Information processing part 120E Hard disk drive apparatus 501 Display reception means 502 Function execution means 503 Access request determination means 504 Partition information storage means 505 Division transmission means 506 SATA host controller 507 Control means 508 Storage medium 509 Encryption / decryption means 510 Memory 511 Simultaneous transmission means

Claims (7)

When an access request for accessing a sector address indicating a predetermined memory area of a storage medium of the hard disk drive device is received, a SATA host controller that transmits a command corresponding to the access request to the hard disk drive device, and a plurality of commands When received, in an information processing device comprising a hard disk drive device that changes the execution order of commands based on the sector address specified for each command
Partition information storage means for storing the sector address and partition information indicating whether the data stored in the sector address is plaintext data or ciphertext data as a partition information table;
When the access request is transmitted to the SATA host controller, the sector address included in the access request is collated with the sector address of the partition information table, so that all the sector addresses included in the access request are plaintext. Access request determination means for determining whether the sector address of data and the sector address of ciphertext data are mixed, or only the sector address of plaintext data or ciphertext data;
When all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, the access request is divided into unit access requests which are one access request designating one sector address; An information processing apparatus comprising: a division transmission unit configured to transmit to the SATA host controller for each divided unit access request. The information processing apparatus according to claim 1, further comprising a simultaneous transmission unit configured to transmit the access request to the SATA host controller when all the sector addresses are sector addresses of plaintext data or ciphertext data. Furthermore, when the command transmitted to the hard disk drive device by the SATA host controller is a command related to ciphertext data, the data transferred by the command is divided into a plurality of data blocks, and among the divided data blocks, the head of the data block, and encryption or decryption using a predetermined initial vector, the data blocks other than the head of the data block, by using the previous data of the data block, encryption or decodes The information processing apparatus according to claim 1, further comprising an encryption / decryption unit.   An image processing apparatus comprising the information processing apparatus according to claim 1. When an access request for accessing a sector address indicating a predetermined memory area of a storage medium of the hard disk drive device is received, a SATA host controller that transmits a command corresponding to the access request to the hard disk drive device, and a plurality of commands In the information processing method of the information processing apparatus comprising the hard disk drive device that changes the execution order of the commands based on the sector address designated for each command,
When the access request is transmitted to the SATA host controller, the sector address and partition information indicating whether the data stored in the sector address is plaintext data or ciphertext data are associated and stored as a partition information table. A reference step for referring to the partition information storage means;
By comparing the sector address included in the access request with the sector address of the referenced partition information table, all the sector addresses included in the access request are obtained by comparing the sector address of plaintext data and the sector address of ciphertext data. An access request determination step for determining whether it is mixed or only a sector address of plaintext data or ciphertext data;
When all the sector addresses are a mixture of plaintext data sector addresses and ciphertext data sector addresses, the access request is divided into unit access requests which are one access request designating one sector address; A divided transmission step of transmitting the divided unit access requests to the SATA host controller for each divided unit access request.   A program for causing a computer to execute the information processing method according to claim 5. A computer-readable storage medium storing the program according to claim 6.

Images