JPH11328035A - Storage device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make data in a device preventible from being illegally read out by performing control so that transmission and reception of data to and from other equipment are quit when adequacy is not confirmed by a cipher data confirming means. SOLUTION: A SPC 10 controls a SCSI bus 20 through a SCSI interface 25 to function as the interface of a fixed disk unit 1 together with the SCSI interface 25 and exchanges commands and data including a password as cipher data with a host computer 30 connected to the fixed disk unit 1. The adequacy of cipher data from other equipment is confirmed by exchanging the cipher data and when the adequacy is not confirmed, control is so performed as to quit the transmission and reception of data to and from the said equipment. Thus, the data in the storage device can be prevented from being illegally read out.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a storage device such as a hard disk drive, and more particularly, to a storage device that secures data security.

[0002]

2. Description of the Related Art In recent years, personal computers and the like are equipped with a fixed disk device (hereinafter referred to as a hard disk) which is almost small, and many information devices other than personal computers have a large capacity. Products having a built-in hard disk as a storage medium are generally distributed. These hard disk devices have been downsized and increased in capacity, and at the same time, standardization and unitization have progressed, so that high compatibility is secured in many hard disk products.

[0003] That is, as an interface for connecting a hard disk device and a CPU of another device, a standard that is predominant for ensuring compatibility is, for example, IDE (Integrated Drive Electronic).
s) and SCSI (Small Computer System Interface)
Etc.

In hard disk drives manufactured and sold in accordance with such a common interface, differences between products are limited in terms of data storage capacity and performance, and in other respects, hard disk devices of any manufacturers Can also have almost the same function, and thus the hard disk device provided in the information equipment can be used interchangeably, without being limited to its model or the like.

[0005]

However, due to the above-mentioned features, when the hard disk device is used by being incorporated in various products such as information equipment, a problem arises in the security of data stored in the device. .

That is, as described above, when the hard disk drive incorporated in the product is taken out by a third party due to the high compatibility of the hard disk drive,
By connecting the hard disk device to another product, data stored in the device can be easily read and taken out.

Therefore, when contents such as literary works are stored in the hard disk devices, there is a high possibility that the contents are illegally copied.

For example, in a music synthesis type karaoke apparatus based on storing a large number of electronic musical pieces on a hard disk and playing them on a synthesizer or the like, a karaoke musical piece which is a very large number of works is stored in the hard disk apparatus. It is a very serious problem that such data is illegally copied because it is remembered.

[0009] Even when software and program codes necessary for the operation of the connected information equipment are stored in the hard disk drive, if the data is illegally read out, the software which is the basis of the product is replaced. The ease of analysis can jeopardize the confidentiality of the product.

[0010] Such a problem is that when hard disk devices are incorporated into more and more diverse products, illegal imitation of products and illegal imitation of contents are widespread, which may hinder the development of a healthy information society. Occurs.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problem, and has as its object to provide a storage device capable of preventing data in the device from being illegally read.

[0012]

In order to achieve this object, a storage device according to a first aspect of the present invention includes a password data storage means for storing password data, and a password stored in the password data storage means. Password data exchange means for exchanging password data with another device based on the password data, and exchange of the password data by the password data exchange unit, thereby confirming the validity of the password data from the other device. Password data confirmation means, and data transfer control means for controlling so as to stop transmission / reception of data with the other device when the validity is not confirmed as a result of the confirmation by the password data confirmation means. It is characterized by.

In the storage device thus configured, the password data storage means stores the password data, and the password data exchange means communicates with another device based on the password data stored in the password data storage means. Exchanges password data. Then, the password data confirmation means confirms the validity of the password data from another device by exchanging the password data by the password data exchange means, and if the validity is not confirmed as a result of the confirmation, the data transfer control is performed. The means controls to stop transmitting / receiving data to / from another device.

Therefore, when the storage device configured as described above is incorporated into another device, the storage device is configured to transmit the password data exchange means based on the password data stored in the provided password data storage means. To exchange password data such as requesting password data to another device. Then, the transmitted password data is collated by the password data confirmation unit. As a result, if the validity of the password data is not confirmed, the data transfer control means stops data read, write command exchange, and the like.

That is, data is not exchanged with the storage device unless correct password data is transmitted from the device incorporating the storage device.

Therefore, even if the storage device incorporated in a certain device is removed and connected to another device, the password data confirmation means checks the validity of the password data. Cannot be accessed, so that the data in the storage device can be prevented from being read illegally.

Therefore, for example, product-specific data and copyrighted data stored in the storage device can be protected.

Further, a storage device according to a second aspect is directed to the storage device according to the first aspect, and particularly includes a password data updating unit that updates the password data.

In the storage device thus configured, the password data updating means updates the password data.

Therefore, by appropriately or periodically updating the password data, the possibility that the password data exchanged between the device and the storage device is decrypted by a third party is reduced, and the storage data in the storage device is reduced. Data security can be further enhanced.

A storage device according to a third aspect is directed to the storage device according to the first or second aspect, and in particular, a release that unconditionally permits data transfer with the other device. Means are provided.

In the storage device configured as described above, the release means unconditionally permits data transfer with another device.

Therefore, the password data confirmation work performed when data is transferred between the device and the storage device is omitted, and the storage device is made to function as a normal storage device, thereby reducing the versatility and convenience of the storage device. Can be enhanced.

That is, for example, when the data transfer is unconditionally permitted by the release means, the release means is activated when the security of the data is required while the data is normally handled in the same manner as a general storage device. By not allowing the authentication, the authentication of the password data is required, so that the compatibility and convenience of the storage device are not lost and the flexible operation can be performed.

A storage device according to a fourth aspect is directed to the storage device according to any one of the first to third aspects, and in particular, the password data storage means is constituted by a nonvolatile storage medium. It is characterized by being.

In the storage device thus configured, the password data is stored in the non-volatile storage medium, so that the password data is erased even if the power of the device incorporated in the storage device is cut off. And security of the data in the storage device can be maintained.

That is, it is possible to prevent inadvertent erasure of password data that requires authentication in data exchange of the storage device, and to maintain security even when the power of the system is turned off.

A storage device according to a fifth aspect is directed to the storage device according to any one of the first to fourth aspects, and particularly includes a SCSI interface for connecting to the other device. It is characterized by the following.

Since the storage device thus configured is connected to another device via the SCSI interface, the security of the data in the storage device is ensured and the compatibility between the storage devices is maintained. It becomes possible.

A storage device according to a sixth aspect is directed to the storage device according to any one of the first to fifth aspects. In particular, when exchanging password data by the password data exchange means, a vendor unique command is used. It is characterized by having been.

The storage device configured as described above uses a vendor-unique command, which is an area that can be freely set by the user, in a protocol between the device and the storage device when setting the secret data. In the exchange of commands between the device and the device, the content of the password data can be set freely within a predetermined frame.

[0032]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing a configuration in which the storage device of the present invention is connected to another device.

As shown in FIG. 1, a fixed disk device 1 as a storage device has a configuration as a general hard disk device, and includes a magnetic disk, a spindle motor, a head, a seek mechanism, a sealed housing, and the like. It has a disk medium 14 inside and a control board is arranged on the magnetic disk medium 14.

On the control board, a magnetic disk controller 13 and an SPC (SCSI Protocol Controller)
10, a CPU 11, a flash memory 12, and a SCSI interface 25.

The fixed disk device 1 is connected to a host computer 3 as another device via a SCSI interface 25 and a SCSI bus 20 according to the SCSI standard.
0 is connected.

The magnetic disk medium 14 is a mechanical unit in a well-known hard disk drive, and is controlled by the magnetic disk controller 13 to execute input / output to a desired track / sector and READ / WRITE.

The SPC 10 controls the SCSI bus 20 via the SCSI interface 25, functions as an interface of the fixed disk device 1 together with the SCSI interface 25, and exchanges a password with the host computer 30 connected to the fixed disk device 1. Exchange commands and data including passwords as data. In this sense, the SCSI interface 25, the SCSI bus 20, and the SPC 10 constitute a password data exchange unit in the present invention.

The CPU 11 is connected to the above-mentioned magnetic disk controller 13 and SPC 10, and plays a role of controlling these. The CPU 11 is also connected to a flash memory 12.
Stores program codes to be executed by the CPU 11. Also, a password for enabling data exchange with the host computer 30 is stored.
In that sense, the flash memory 12 corresponds to a password data storage unit in the present invention. The reason for using a rewritable flash memory as the password data storage means is to enable updating of the stored password.

Since the flash memory 12 is also a non-volatile storage medium, the set password can be kept stored even if the power of the fixed disk device 1 is cut off. it can. Therefore,
As long as it is a nonvolatile storage medium and can be rewritten, it may be, for example, an EPROM or an EEPROM.

The host computer 30 connected to the fixed disk device 1 may be any information device that stores the fixed disk device 1. For example, it may be a karaoke apparatus that stores karaoke song data on a disc, or a personal computer that stores application software.

Next, a procedure of a password exchange protocol exchanged between the fixed disk 1 and the host computer 30 via the SCSI interface 25 and the SCSI bus 20 will be described with reference to FIG.

In FIG. 2, when a password is previously set in the flash memory 12 in the fixed disk device 1 and the password is valid with the host computer 30, a command such as B01 is issued. Transmission and reception are performed.

That is, as shown in FIG. 2, for example, when the host computer 30 issues a READ command to the fixed disk device 1 (C1), the fixed disk device 1 rejects the command (C2), It is returned to the host computer 30 as a status error (C3). This is because data exchange is refused because the password is in a valid state.

The host computer 30 checks the error signal transmitted from the fixed disk device 1 (C
4).

This sequence B01 is a case where it is assumed that the fixed disk device 1 in which the password is set has been used illegally.

On the other hand, as for the transmission and reception of a command for enabling the fixed disk device 1 to exchange data with the host computer 30, a command as shown in B02 is transmitted and received.

That is, as shown in FIG. 2, first, a command for releasing the password is issued from the host computer 30 (C5). Then, the fixed disk device 1
Receives the command (C6), it sends a signal requesting transmission of the password to the host computer 30 (C7).

The host computer 30 that has received the password request command from the fixed disk device 1 transmits a password that has been previously set valid with the fixed disk device 1 (C8). Then, the fixed disk device 1 receives the password transmitted from the host computer 30, and checks the password against a password preset in the device 1 (C9).

If the result of the comparison is that the password is correct, a status normal reply is returned (C10). If the password is incorrect, a status error is returned.

The host computer 30 confirms that the password has been released by receiving the normal status sent from the fixed disk device 1 (C1).
1).

As shown in B02, if the password is correct as a result of the transmission / reception of the command, the transmission / reception of the command as shown in B03 becomes possible.

That is, as shown in FIG. 2, after the password is released, the host computer 30 can exchange normal data with the fixed disk device 1. For example, when a READ command is issued (C12), The fixed disk device 1 receives the command (C13), reads out the target data specified in the command, and returns the data to the host computer 30 (C14). Then, the host computer 30 receives the data sent from the fixed disk device 1 (C
15).

Thus, the fixed disk device 1 executes a normal operation with the host computer 30.

The sequences B01 and B02
Assumes that the fixed disk device 1 to which the password is set is officially used.

Next, an internal operation of the fixed disk device 1 according to the present embodiment will be described with reference to FIGS. Note that the fixed disk device 1 in the present embodiment is assumed to be a hard disk device in which a storage medium is integrated with the device.

In this flowchart, the description of the basic function unit as the hard disk device will be simplified, and the processing contents in the implementation part of the password mechanism as the password data exchange mechanism according to the present invention will be described in detail.

When the fixed disk device 1 is turned on or reset (Step 01; hereinafter, the steps are simply referred to as S), the CPU 11 in the device executes the program code stored in the flash memory 12. Is started, and various initialization processes as a hard disk device are performed (S02).

Here, the CPU 11 sets the variable psw_enable (P2
0). This variable is a variable for setting ON / OFF of the password mechanism of the fixed disk device 1, and is stored in the flash memory 12, so that the variable is held even when the power of the fixed disk device 1 is cut off.

As a result of referring to the variable psw_enable,
If psw_enable = ON is set (S0
3: YES), the CPU 11 sets the variable cmd_disab
le is set to ON (S04).

The variable cmd_disable
Is a variable generated when the CPU 11 expands the program in the work area, and is a variable for rejecting a command issued by the fixed disk 1 from the host computer 30.

On the other hand, when the variable psw_enable stored and set in the flash memory 12 is OFF (S03: NO), the CPU 11 sets the variable cmd_di to
"sable" is set to OFF (S05).

Thereafter, the fixed disk device 1 waits for reception of a command from the host computer 30 (S0).
6).

The fixed disk device 1 does not issue a command from the host computer 30 (S06: N
O) While continuing to wait, if a command is issued (S)
06: YES), the command is received, and it is determined whether or not the command is a password release command (S07).

In S07, if the received command is not the password release command (S07: NO), then a branch is made with reference to cmd_disable (S07).
08). As a result, if cmd_disable = ON (S08: YES), a status error is returned, and the command is returned as an error (S18). That is,
In this case, the password has not been authenticated,
All commands except data exchange, including data exchange, will be rejected. After that, the operation returns to the operation from S06, that is, the command reception standby state.

On the other hand, as a result of the reference in S08, cmd
If _disable = OFF (S08: NO),
Perform command processing according to the content of the received command.
In this case, the mode is such that data can be exchanged without password authentication, or the password authentication has already been completed. The processing in S19 will be described later with reference to the flowchart of FIG. After the processing in S19, the process returns to the operation from S06, that is, the command reception standby state.

As described above, the fixed disk drive 1
Is in a command rejected state, that is,
As long as the variable cmd_disable = ON is set, commands other than the password release are continuously rejected. Therefore, the CPU 11 functions as a data transfer control unit in the present invention.

On the other hand, if the CPU 11 receives a password release command from the host computer 30 in S07 (S07: YES), the host computer 3
0 is requested for password data (S09).

Thereafter, the CPU 11 receives password data from the host computer 30 via the SCSI bus 20 and the SPC 10 (S10). And CPU1
1 is stored in a variable input_pwd (see P12).

The variable input_pwd is password data exchanged with the host computer 30, and is, for example, a character string of several to several tens of characters.

After receiving the password data, the CPU 11 compares the password data with the registered password save_pwd (see P13) stored in the flash memory 12 (S11). As a result, if both data match (S
14: YES), the cmd_disable variable is set to OF
F (S16), and returns status normal to the host computer 30 to terminate the command normally (S17). Thereafter, the operation from S06 is repeated again, that is, the command reception waiting state from the host computer 30 is repeated. Thereafter, data can be exchanged between the host computer 30 and the fixed disk device 1.

From the above description, if the rejected state of the command from the host computer 30 has been released in S06, that is, psw_enable = OFF is stored in the flash memory 12 in S03, and cmd_disable = OFF in S05.
Or the password data is compared in S14,
If md_disable has been changed to OFF, all commands received thereafter can be processed.

On the other hand, if the received password data does not match the registered password in S14 (S1
(4: NO), the status error is returned to the host computer 30, and the process is terminated. That is,
The process returns to the standby state of S6.

The status returns to the standby state after returning the status error in S18 and S15. In these cases, data exchange becomes possible, for example, when a normal password release command is received again.

Next, command processing between the fixed disk device 1 and the host computer 30 will be described with reference to the flowchart in FIG.

As shown in FIG. 4, the CPU 11 of the fixed disk device 1 determines whether the command received from the host computer 30 is a password setting command (S51).

If it is determined that the command is a password setting command (S51: YES), parameter data relating to the setting command is received from the host computer 30 (S53).

Note that the parameter data here relates to whether or not password authentication is performed when data is exchanged between the fixed disk device 1 and the host computer 30. Specifically, the parameter data is Enabling and disabling the mechanism (Disable)
Data for switching e).

Then, the CPU 11 determines the received parameter (S55), and the parameter is enabled.
If (S55: Enable), the above-mentioned psw_e
The enable variable is set to ON (S57), and status normal is returned (S61). As a result, the exchange of data between the fixed disk device 1 and the host computer 30 requires password authentication.

On the other hand, if the received parameter is Disabl
If it is e (S55: Disable), psw_en
The variable "able" is set to OFF (S59), and the status is returned as normal (S61). In this case, the exchange of data between the fixed disk device 1 and the host computer 30 does not require password authentication.

As described above, when the host computer 30 issues the password setting command, the entire password mechanism of the fixed disk device 1 can be set or released.

Incidentally, the operation in S59 corresponds to the releasing means in the present invention.

In S51, if the command received from the host computer 30 is not a password setting command (S51: NO), the CPU 11 determines whether it is a password change command (S6).
3). As a result, if it is a password change command (S63: YES), the CPU 11 receives new password data from the host computer 30 (S6).
5), save it in the variable save_pwd (P5) (S6)
7).

Since save_pwd is held in the flash memory 12, data is not erased even when the power is turned off.

Thereafter, the status is made normal and the command is terminated (S69).

As described above, when the host computer 30 issues the password change command, the entire password mechanism of the fixed disk device 1
You can change your password to a new one.

The operation in S67 corresponds to the password data updating means in the present invention.

Incidentally, in the above-mentioned password setting and changing processing, as shown in the flowchart of FIG.
In order to normally receive the password setting command and the password change command issued by, the password must be released in advance. That is, unless a regular password is exchanged with the host computer 30 in advance, a new password cannot be set or the setting of the entire password mechanism cannot be canceled.

If the received command is not a password change command in S63 (S63: NO),
It is determined whether the command is a WRITE command (S7).
1).

As a result, if a WRITE command is received (S71: YES), WRITE data is received (S73), the received data is written to a disk medium (S75), and the command is terminated (S77).

On the other hand, if the received command is not a WRITE command (S71: NO), the CPU 11 determines that the received command is a RE command.
It is determined whether the command is an AD command (S79).

As a result, if the received command is a READ command (S79: YES), data is read from the disk medium (S81), the read data is transmitted to the host computer 30 (S83), and the command ends. (S85).

The processing for the WRITE command and the READ command is well known as a hard disk device.

If the command received in S79 is not a READ command (S79: NO), processing for another command (eg, SEEK command) is executed (S87).

After the above-mentioned command processing is completed,
Each returns to the processing described in the flowchart in FIG.

The embodiment of the present invention has been described above.
The present invention is not limited to such specific examples, and various changes can be made without departing from the spirit of the invention.

For example, in the present embodiment, a writable non-volatile storage medium such as a flash memory is used as a medium for storing a password, but a non-writable non-volatile storage medium, for example, a mask RO
When M is used, the configuration may be as follows.

That is, the firmware of the magnetic disk device 1 is stored in the mask ROM, and the password that needs to be rewritten can be updated by using a specific area in the magnetic disk. In this case, the password cannot be verified unless the data in the mask ROM is read, so that the security of the data in the magnetic disk device 1 is maintained.

Although the password data in this embodiment is a character string of several to several tens of characters, it may be a character string of more digits. Also, instead of a character string, it may be composed of a string of alphabets and numbers.

For example, in the specific example, all commands other than the password release are invalidated unless the password is released. However, not all commands are rejected, but the stored contents stored in the hard disk drive are rejected. Commands for performing operations on, ie, READ and WRI
A configuration is also conceivable in which a command such as TE is rejected, and other basic functions of the hard disk device, for example, rotation control of a spindle motor, are made effective. in this case,
What is necessary is just to add to the processing flow in the case where the password has not been released, a process for branching to a command which permits execution even in a state where the password has not been released and a process for branching to a command which is not permitted. Further, in the embodiment, a method of defining a dedicated vendor unique command for exchanging a password is employed, but it is considered that an interface between the hard disk device and the host computer can be observed by using a protocol analyzer or the like. , Exchange passwords in a more obscure, concealed way,
Security can be further improved. For example, R for a specific cluster in a hard disk drive
The password may be exchanged by performing EAD / WRITE. Further, instead of performing a command rejection constantly for all storage areas inside the hard disk, password exchange may be required only when accessing a cluster area within a certain range.
In this way, the confidentiality of the storage contents inside the hard disk,
A configuration in which levels are divided is also conceivable.

In the embodiment, the hard disk device using the SCSI interface has been described as an example.
The interface may use other standards,
The present invention is not limited to a hard disk drive, but can be implemented by a fixed storage device in which a storage medium and a control mechanism are integrated.

[0102]

As apparent from the above description, according to the storage device of the first aspect, the password data storage means stores the password data, and the password data exchange means stores the password data in the password data storage means. The password data is exchanged with another device based on the password data. Then, the password data confirmation unit confirms the validity of the password data from another device by exchanging the password data by the password data exchange unit, and when the validity is not confirmed as a result of the confirmation,
Since the data transfer control means controls to stop transmitting / receiving data to / from another device, even if a storage device built in one device is removed and connected to another device, the password data confirmation Since the validity of the data is confirmed, another connected device cannot access the storage device, so that the data in the storage device can be prevented from being read illegally. Therefore, for example, product-specific data and copyrighted data stored in the storage device can be protected.

According to the storage device of the present invention, the password data exchanged between the device and the storage device can be updated by a third party by appropriately or periodically updating the password data. The possibility of decryption is reduced, and the security of data in the storage device can be further increased.

Further, according to the storage device of the third aspect, since the release means unconditionally allows data transfer with another device, the data transfer is executed between the device and the storage device. Omit the password data confirmation work performed when
By functioning as a normal storage device, versatility and convenience of the storage device can be improved.

That is, for example, when the data transfer is unconditionally permitted by the release means, the data is normally handled in the same manner as a general storage device. By not allowing the authentication, the authentication of the password data is required, so that the compatibility and convenience of the storage device are not lost and the flexible operation can be performed.

According to the storage device of the fourth aspect, since the password data is stored in the non-volatile storage medium, even if the power supply of the device incorporated in the storage device is cut off, the password data is stored. Is not erased, and the security of the data in the storage device can be maintained.

That is, it is possible to prevent inadvertent erasure of password data that requires authentication in data exchange of the storage device, and to maintain security even when the power supply of the system is cut off.

According to the storage device of the present invention, since the connection with other devices is made via the SCSI interface, the compatibility between the storage devices is ensured while ensuring the security of the data in the storage device. It is also possible to maintain the nature.

Further, according to the storage device of the present invention, in setting the personal identification data, the protocol between the device and the storage device uses a vendor unique command which is an area which can be freely set by the user side. Thus, in the exchange of commands between the storage device and the device, the content of the password data can be set freely within a predetermined frame.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a system configuration including a storage device according to an embodiment.

FIG. 2 is a diagram showing a data sequence between a fixed disk device and a host computer in the embodiment.

FIG. 3 is a flowchart showing an operation of the fixed disk device in the embodiment.

FIG. 4 is a flowchart showing an operation of the fixed disk device in the embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Fixed disk device 11 CPU 12 Flash memory 13 Magnetic disk controller 14 Magnetic disk medium 25 SCSI interface 30 Host computer

Claims (6)

[Claims] A password data storage unit for storing password data; a password data exchange unit for exchanging password data with another device based on the password data stored in the password data storage unit; By the exchange of the secret data by the secret data exchange means, the secret data confirmation means for confirming the validity of the secret data from the other device, as a result of the confirmation by the secret data confirmation means, if the validity is not confirmed, A storage device, comprising: data transfer control means for controlling transmission and reception of data with the other device to be stopped. 2. The storage device according to claim 1, further comprising a password data updating unit that updates the password data. 3. The storage device according to claim 1, further comprising a release unit that unconditionally permits data transfer with the other device. 4. The secret data storage means is constituted by a non-volatile storage medium.
The storage device according to claim 3. 5. A SCSI for connecting to another device.
The storage device according to claim 1, further comprising an interface. 6. The storage device according to claim 1, wherein a vendor unique command is used when exchanging password data by said password data exchange means.