CN101103404A - Method and portable storage device for allocating secure area in insecure area - Google Patents
Method and portable storage device for allocating secure area in insecure area Download PDFInfo
- Publication number
- CN101103404A CN101103404A CNA2006800021730A CN200680002173A CN101103404A CN 101103404 A CN101103404 A CN 101103404A CN A2006800021730 A CNA2006800021730 A CN A2006800021730A CN 200680002173 A CN200680002173 A CN 200680002173A CN 101103404 A CN101103404 A CN 101103404A
- Authority
- CN
- China
- Prior art keywords
- safety zone
- data
- host apparatus
- security application
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000003860 storage Methods 0.000 title claims abstract description 52
- 238000013500 data storage Methods 0.000 claims description 24
- 238000013507 mapping Methods 0.000 claims description 17
- 230000008859 change Effects 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 6
- 230000005055 memory storage Effects 0.000 claims 17
- 238000001514 detection method Methods 0.000 abstract 1
- 230000008569 process Effects 0.000 description 21
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 241001269238 Data Species 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000014759 maintenance of location Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000006386 neutralization reaction Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
Abstract
A digital rights management (DRM) device and method are provided. The DRM device includes a storage module which stores a rights object (RO) having predetermined meta information, a control module which provides meta information of ROs stored in the storage module when an RO detection request is input, and an integrity check module which maintains integrity of the meta information.
Description
Technical field
The present invention relates to a kind of portable memory, more particularly, relate to a kind of method and portable memory thereof that is used in portable memory expansion safety zone.
Background technology
Portable memory is storage and moves movable fixture such as the data of the various digital devices of mobile phone, computing machine and digital camera.Portable memory comprises the part that is used to store section data and is used for executable operations and control.Multimedia card (MMC) is a portable memory of storing the multi-medium data that will use in various digital devices, and it has surmounted the restriction of conventional hard and compact disk.In addition, MMC comprises non-existent operation part in the conventional storage media, thereby except the storage data, MMC can also carry out control, encrypt and authentication.As a result, MMC is suitable for storing a large amount of various multi-medium datas.Recently, by adding security feature to MMC, developed the safe MMC that realizes copyright protection and security and digital content transmissions in the storer, therefore, the protection of digital content has become possibility.Introducing along with to the notion of the digital copyright management (DRM) of digital content need be used for the security feature and the encryption feature of right objects, and the demand to the portable memory that safety and encryption feature are provided occur.Hereinafter, the digital device such as digital camera, mobile phone, computing machine and digital camera is called as host apparatus.
Portable memory comprises the safety zone, and the safety zone is used to protect the data of storage, and prevents unauthorized user or application access or change data.Fig. 1 shows the structure of conventional portable storage device 10.Conventional portable storage device 10 comprises system realm 20, safety zone 30 and non-safety zone 40.System realm 20 storing system informations, version information etc.Safety zone 30 is formatted according to the special file system, and non-safety zone 40 is formatted according to the ordinary file system.
Disclosure of the Invention
Technical matters
Traditionally, the size of safety zone is fixed and can not be changed.As a result, when the amount that will be stored in the secure data in the safety zone is big, all secure datas all can not be stored in the safety zone.In order to overcome the restriction of safety zone, changed the size of safety zone by format with fixed size.For this operation, the storage area of portable memory is divided into safety zone and non-safety zone.The safety zone is formatted so that security feature to be provided according to the special file system, and non-safety zone is formatted according to ordinary file system (as file allocation table (FAT) 16 or New Technology File System (NTFS)).Carry out reformatting to change the size of safety zone.
Yet, because need before the size of safety zone changes, carry out format, so need data be duplicated or move to portable memory at Backup Data before the format and after format.
Technical scheme
Therefore, a kind of method and portable memory thereof that need not expansion safety zone, data backup process ground of expectation exploitation.
The invention provides a kind of method and portable memory of easily expanding the safety zone at portable memory.
The present invention also provides a kind of restriction that is not subjected to the safety zone size, distributes method and the portable memory of safety zone with the data in the protection safety zone in non-safety zone.
According to an aspect of the present invention, provide a kind of method of in the non-safety zone of portable memory, distributing the safety zone.Described method comprises: divide to be used in the safety zone of storage with received data in non-safety zone; To send to host apparatus about the positional information of the safety zone in non-safety zone, distributed; From the security application receiving position information of host apparatus with will be stored in data the safety zone; With described data are encrypted, and position-based information with described data storage in non-safety zone.
According to an aspect of the present invention, provide a kind of method of in the non-safety zone of portable memory, distributing the safety zone.Described method comprises: receive the data that will be stored in the safety zone from the security application of host apparatus; Guarantee in non-safety zone, to be used to store the safety zone of data, described data encrypted, and with described data storage in the safety zone; Send to main frame with the result that will store described data.
According to an aspect of the present invention, provide a kind of portable memory that is used for distributing in non-safety zone the safety zone, described portable memory comprises: storage area comprises non-safety zone and safety zone; Transmitter will send to host apparatus about the positional information of the safety zone of storage area; Receiver is from the host apparatus receiving position information with will be stored in data the safety zone; And security application, to described data encryption, and position-based information with described data storage in storage area.
Description of drawings
By the detailed description of with reference to the accompanying drawings exemplary embodiment of the present being carried out, above and other aspect of the present invention will become clearer, wherein:
Fig. 1 shows the structure of conventional portable storage device;
Fig. 2 shows the structure of the portable memory that has the non-safety zone that comprises the safety zone according to an exemplary embodiment of the present invention;
Fig. 3 shows according to an exemplary embodiment of the present invention with the process of data storage in the safety zone of pocket memory;
Fig. 4 shows the structure of the mapping table that exists in the portable memory according to an exemplary embodiment of the present invention;
Fig. 5 shows the process that stops according to an exemplary embodiment of the present invention the unauthorized access of safety zone;
Fig. 6 is the functional block diagram of portable memory according to an exemplary embodiment of the present invention;
Fig. 7 is the process flow diagram of storing and visiting the method for the data in the portable memory according to an exemplary embodiment of the present invention; With
Fig. 8 is the storage of another exemplary embodiment according to the present invention and the process flow diagram of visiting the method for the data in the portable memory.
Mode of the present invention
By with reference to the detailed description and the accompanying drawings of following exemplary embodiment, advantage of the present invention and characteristics and realize that method of the present invention can more easily be understood.Yet the present invention can many different forms be implemented, and should not be construed as limited to the exemplary embodiment of setting forth here.On the contrary, these exemplary embodiments are provided so that the disclosure is comprehensive and complete, and fully pass on notion of the present invention to those skilled in the art, and the present invention only is defined by the claims.Run through instructions, identical label is represented identical parts.
Hereinafter, with reference to the flow chart description of method according to an exemplary embodiment of the present invention according to the portable memory that in the non-safety zone of portable memory, distributes the method for safety zone and this method is provided of the present invention.Should be appreciated that each square frame of process flow diagram and the combination of the square frame in the process flow diagram can be realized by computer program instructions.These computer program instructions can be provided for the processor of multi-purpose computer, special purpose computer or other programmable data processing device with generation equipment, thereby the device of the function that is used for being implemented in a flowchart block or a plurality of flowchart block appointments is created in the instruction carried out of the processor of machine or other programmable data processing device as calculated.
These computer program instructions also can be stored in can instruct computing machine or other programmable data processing device with the computing machine of ad hoc fashion work can with or computer-readable memory in so that be stored in computing machine can with or computer-readable memory in instruction production comprise the product of execution command device of the function of appointment in a flowchart block or a plurality of flowchart block.
Computer program instructions also can be written into computing machine or other programmable data processing device so that the sequence of operations step is performed producing the process that computing machine is carried out on computing machine or other programmable devices, thereby the instruction of carrying out on computing machine or other programmable devices is provided for being implemented in the step of the function of appointment in a flowchart block or a plurality of flowchart block.
Each square frame of process flow diagram can represent to comprise module, code segment or the partial code of the executable instruction of one or more realization specified.Be to be further noted that the function of representing in the square frame may take place in reverse order in some other implementations.For example, functional according to what relate to, two square frames that show may be carried out basically simultaneously continuously, carry out with opposite order when perhaps having.
Fig. 2 shows the structure of the portable memory 100 that has the non-safety zone 400 that comprises the safety zone according to an exemplary embodiment of the present invention.Portable memory 100 is connected to host apparatus 900.Host apparatus 900 can be notebook, mobile phone, PDA(Personal Digital Assistant) or MP3 player, communicates by letter with portable memory 100 by security application 950.Portable memory 100 comprises security application 500, system realm 200, read-only safety zone 300 and non-safety zone 400.System realm 200 storages are about the information of system.Read-only safety zone 300 only can be by the application access of portable memory 100 authentications.When portable memory 100 is manufactured or before portable memory 100 was put on market, the data relevant with security were stored in the read-only safety zone 300 usually.Described data can not be changed or remove.
Data can freely be stored in the non-safety zone 400 or freely and read from non-safety zone 400.Non-safety zone 400 comprise a plurality of readable/can write safety zone 311,312 and 313.Therefore, by security application 500, can in non-safety zone 400, create safety zone and can be in described safety zone with data storage.Can read data in the safety zone that is stored in the non-safety zone 400 by security application 500.
The operation of according to an exemplary embodiment of the present invention secure data storage being carried out when secure data is read in non-safety zone 400 in 400 neutralizations of non-safety zone is described now with reference to Fig. 2.In operation 11, host apparatus 900 is by the mechanism of security application 950 according to the file system of non-safety zone 400, guarantees the space in the non-safety zone 400 of portable memory 100.This operation is with identical in the operation of file allocation table (FAT) 16/32 with data storage.That the space of guaranteeing becomes is readable/can write the safety zone.In operation S12, security application 950 receives the address value in the space of guaranteeing.
In operation S13, the security application 950 of host apparatus 900 is with address value and will be stored in the security application 500 that data in the safety zone send to portable memory 100.The security application 500 of portable memory 100 can comprise that the address value that is used for safety zone that non-safety zone 400 is existed is mapped as the table of security application 500 discernible relative address values.In operation S14, security application 500 arrives corresponding address with the data storage that receives.Before the storage data, by coming protected data such as the resist technology of encrypting.
The data that are stored in the safety zone of guaranteeing in the non-safety zone 400 by operation S11 to S14 can be read, remove or upgrade by security application 500.
The security application 950 of host apparatus 900 will read, upgrade or remove and be stored in the readable/order that can write the data in the safety zone 312 and send together with the sign of described data.When the security application 950 of host apparatus 900 is normally authenticated, security application 500 visit of portable memory 100 have described sign readable/can write safety zone 312, and read, upgrade or remove readable/can write the data in the safety zone 312.Because the data of storage are encrypted,, then the data that read are sent to host apparatus 900 so when reading described data, carry out deciphering.
The operation that secure data storage is carried out in non-safety zone 400 time of according to the present invention another exemplary embodiment is described now with reference to Fig. 3.The operation of creating secure data in non-safety zone 400 is identical with the operation shown in Fig. 2.Different with the operation shown in Fig. 2, in operation S21, host apparatus 900 sends to portable memory 100 to data to be stored and the information that the described data of indication will be stored in the safety zone.In operation S22, portable memory 100 is searched for the space (for example, readable/as can to write safety zone 312) that can store data in non-safety zone 400, and stores the data that receive.With data storage before the safety zone, data are encrypted.In operation S23, portable memory 100 notice host apparatus 900, data are stored in the safety zone.
As mentioned above, the data that are stored in the safety zone of creating in the non-safety zone 400 by operation S21 to S23 can be read, remove or upgrade by security application 500.
For when with reference to described order and the safety of data that enters data into the safety zone of creating in the non-safety zone 400 or send and receive during from described safety zone output data of Fig. 2 and Fig. 3, the encryption method or the key of agreement are encrypted described order and data between the security application 950 that can be by using host apparatus 900 and the security application 500 of portable memory 100.
Fig. 4 shows the structure of the mapping table 510 that exists in the portable memory according to an exemplary embodiment of the present invention.Mapping table 510 comprises the cryptographic hash and the document location of data identifier, document location.The host apparatus that visit is stored in the data in the safety zone needs data identifier.When the application-specific of host apparatus sent data identifier, security application verified whether described application-specific is certified.After the described application-specific of authentication,, and can be stored in data in the safety zone in the non-safety zone based on the location information access that extracts from the position that the document location item extracts the data of storage data identifier indication.Because when data storage has been encrypted data in the safety zone time, so need deciphering send to host apparatus with visit data and with described data.Forbid external reference about the information of document location, and when data storage is encrypted data in the safety zone time, thereby can protect the data in the safety zone to exempt from outside undelegated visit.
Send cryptographic hash in the mode identical with file identification.Cryptographic hash stops the physical address of host apparatus identification storage data, thereby prevents the direct visit of host apparatus.In Fig. 2, the positional information that sends to the security application 950 of host apparatus 900 can be a cryptographic hash.In this case, the security application 950 of host apparatus 900 sends to portable memory 100 with cryptographic hash and data to be stored.Then, the security application 500 of portable memory 100 can obtain and the corresponding positional information of cryptographic hash from mapping table 510.
Fig. 5 shows the process that stops according to an exemplary embodiment of the present invention the unauthorized access of safety zone.The data of non-security application 990 in can not authenticated accessing safety zone 311,312 or 313.Non-security application 990 can be randomly or is visited safety zone 311,312 or 313 in the non-safety zone 400 by extract location information.Yet, that even non-security application 990 is attempted visiting by use location information is readable/can write the data in the safety zone 311, because readable to being stored in/data that can write in the safety zone 311 encrypt, so non-security application 990 can not reading of data.As a result, non-security application 990 can not visit be stored in the non-safety zone 400 readable/can write the data in the safety zone 311.
Different is, when non-security application 990 is stored in data identifier in the safety zone or security application 950 the data identifier that receives of the security application 500 by portable memory 100 has attempted visiting data in the non-safety zone 400 by use, non-security application 990 can not recognition data the position, therefore can not visit data.Can use data identifier or cryptographic hash to come the recognition data position by the security application 500 of portable memory 100.Yet non-security application 990 can not be communicated by letter with the security application 500 of portable memory 100, therefore, that non-security application 990 can not be visited is readable/can write the data in safety zone 311,312 or 313.
Fig. 6 is the functional block diagram of portable memory according to an exemplary embodiment of the present invention.The meaning of term used herein " module " is, but is not limited to, and the software and hardware assembly is such as field programmable gate array (FPGA) or the special IC (ASIC) of carrying out particular task.Module can be configured to easily and reside on addressable storage medium, and can be configured on one or more processors and carry out.Therefore, for instance, module can comprise: such as assembly, process, function, attribute, process, subroutine, program code segments, driver, firmware, microcode, circuit, data, database, data structure, table, array and the variable of component software, OO component software, class component and task component.The function that provides in assembly and module can be combined into assembly and module still less, perhaps can further be separated into other assembly and module.In addition, assembly and module can be implemented by this way, move on their one or more CPU in communication system.
Safety zone storage area 300 optionally is provided.As above described with reference to Fig. 2 and Fig. 3, when the safety zone is positioned at non-safety zone, can independently read-only data be stored in the safety zone storage area 300.In addition, but some readable/write datas can be stored in the safety zone storage area 300.When no longer including the space in the safety zone storage area 300, in the non-safety zone of storage area 410, guarantee the space, and this space is used as the safety zone.For example, safety zone storage area 300 can have the space of 50M byte, and storage area 410 can have the space of 500M byte, and safety zone storage area 300 can comprise read-only safety zone and readable/can write the safety zone.In this case,, can in storage area 410, guarantee the safety zone when safety zone storage area 300 no longer has when being used to store the vacant space of data, and with data storage in this safety zone.
Ratio between non-safety zone and the safety zone and how non-safety zone and safety zone are set can be according to exemplary embodiment and different, the invention is not restricted to the exemplary embodiment that this instructions is described.
Fig. 7 is the process flow diagram of storing and visiting the method for the data in the portable memory according to an exemplary embodiment of the present invention.Process flow diagram shown in Figure 7 is carried out with reference to the described operation of Fig. 2.At operation S101, receive order from host apparatus.If determine that described order is not about the safety zone in operation S103, then in operation S105, request and the method handled for non-safety zone finish.If in operation S108, determining that described command request is guaranteed the space of data storage in the safety zone, then in operation S111, security application is searched for the positional information about the safety zone in non-safety zone, wherein, the related data with specific size will be stored in the described safety zone.In operation S112, location information is carried out the Hash operation or positional information is stored in the mapping table, to prevent the directly corresponding position of visit of outside unauthorized user.In operation S113, being used in the mapping table searched the information of positional information or the positional information of hashed sends to host apparatus.
When order does not comprise information about size of data, determine in operation S120 whether described order asks visit data.When the host apparatus that receives positional information in operation among the S113 sends positional information and the data that will be stored in corresponding position together, determine that described order does not have the request msg visit.Therefore, in operation S121, the data that receive from host apparatus are encrypted.In operation S122, in the corresponding zone of the positional information that ciphered data is stored in and receives.Can obtain to store the physical location of the safety zone of data with reference to Hash table or mapping table from the positional information that receives.
If in operation S120, determine described command request data access, then will carry out the required deciphering of data in the access security zone.For deciphering, in operation S125, extract data from the safety zone of positional information appointment.Because can use Hash table or mapping table to change positional information, so by using Hash table or mapping table can obtain the physical location of safety zone.In operation S126, the data of extracting from described position are decrypted.In operation S127, data are carried out described order.
For with data storage in the safety zone or the data in the access security zone, can add verification process.Can carry out verification process by the security application in the host apparatus.
Fig. 8 is the storage of another exemplary embodiment according to the present invention and the process flow diagram of visiting the method for the data in the portable memory.Process flow diagram shown in Fig. 8 is carried out the operation of describing with reference to Fig. 3.In operation S151, receive order from host apparatus.If determine that described order is not about the safety zone in operation S153, then in operation S155, request and the method handled for non-safety zone finish.If in operation S158, determine described command request with data storage in the safety zone, then in operation S161, security application is guaranteed in the non-safety zone space as the safety zone.In operation S162, data are encrypted and it is stored in the space as the safety zone of guaranteeing.In operation S163, the result who stores data is sent to host apparatus.Event memory can comprise the positional information about the safety zone of storing data.When sending positional information, can use hash function or mapping table to change positional information, to prevent the directly corresponding position of visit of undelegated application program.
Do not ask to store data if in operation S158, determine described order, then will carry out the operation of visit data.Can use information to visit data about data.When the information about data comprises positional information, in operation S171, the data in the zone of extract location information appointment.As mentioned above, when using hash function or mapping table to change positional information, can use original positional information to visit the safety zone.When the information about data is not positional information, but during data identifier, can use the mapping table 510 shown in Fig. 4 to come recognizing site information.In operation S172, the data with the corresponding position of positional information are decrypted.In operation S173, decrypted data is carried out described order.
For with data storage in the safety zone or the data in the access security zone, can add verification process.Can carry out verification process by the security application in the host apparatus.
Utilizability on the industry
According to the present invention, can in portable memory, easily expand the safety zone.
In addition, can be in non-safety zone with the data storage that requires security, and can protect the data that are stored in the non-safety zone to exempt from unauthorized access.
It will be apparent to those skilled in the art that under situation about not departing from the scope of the present invention with spirit and can carry out various modifications and change.Therefore, should be appreciated that above-mentioned exemplary embodiment is not restrictive in all respects, but illustrative.Scope of the present invention is defined by the claims, rather than is limited by detailed description of the present invention.All modifications and change that the scope and spirit of accessory rights requirement and equivalent thereof obtain all should be interpreted as comprising within the scope of the invention.
Claims (23)
1, a kind of method of in the non-safety zone of memory storage, distributing the safety zone, described method comprises:
In non-safety zone, divide and be used in the safety zone of storage received data;
To send to host apparatus about the positional information of the safety zone in non-safety zone, distributed;
From the security application receiving position information of host apparatus with will be stored in data the safety zone; With
Described data are encrypted, and position-based information with described data storage in non-safety zone.
2, the method for claim 1, wherein distribute the step of safety zone to comprise:
From the information of host apparatus reception about the size of data; With
The safety zone of in non-safety zone, distributing enough sizes with the described data of storage.
3, the method for claim 1 also comprises: use Hash table or mapping table to change positional information.
4, the method for claim 1 also comprises: carry out the authentication to the security application of host apparatus.
5, the method for claim 1 also comprises:
Receive the request of visit data from the security application of host apparatus;
Described data are extracted in safety zone from non-safety zone, and described data are decrypted; With
Decrypted data is sent to host apparatus.
6, method as claimed in claim 5, wherein, the step that sends decrypted data comprises:
Use is encrypted decrypted data with the predetermined encryption method that the security application of host apparatus is reached agreement; With
Ciphered data is sent to host apparatus.
7, a kind of method of in the non-safety zone of memory storage, distributing the safety zone, described method comprises:
Receive the data that will be stored in the safety zone from the security application of host apparatus;
Guarantee in non-safety zone, to be used to store the safety zone of data, described data encrypted, and with described data storage in the safety zone; With
The result of the described data of storage is sent to host apparatus.
8, method as claimed in claim 7, wherein, the result who stores described data comprises: about the positional information of the safety zone of the described data of storage in non-safety zone.
9, method as claimed in claim 8 also comprises: use Hash table or mapping table to change positional information.
10, method as claimed in claim 7 also comprises: carry out the authentication to the security application of host apparatus.
11, method as claimed in claim 7 also comprises:
Receive the request of visit data from the security application of host apparatus;
Described data are extracted in safety zone from non-safety zone, and described data are decrypted; With
Decrypted data is sent to host apparatus.
12, method as claimed in claim 11, wherein, the step that sends decrypted data comprises:
Use is encrypted decrypted data with the predetermined encryption method that the security application of host apparatus is reached agreement; With
Ciphered data is sent to host apparatus.
13, a kind of memory storage that is used for distributing the safety zone in non-safety zone, described memory storage comprises:
Storage area comprises non-safety zone and safety zone;
Transmitter will send to host apparatus about the positional information of the safety zone of storage area;
Receiver is from the host apparatus receiving position information with will be stored in data the safety zone; With
Security application, to described data encryption, and position-based information with described data storage in storage area.
14, memory storage as claimed in claim 13, wherein, security application uses Hash table or mapping table to change positional information.
15, memory storage as claimed in claim 13, wherein, security application is carried out the authentication to host apparatus.
16, memory storage as claimed in claim 13, wherein, the security application of receiver from be included in host apparatus receives the request of visit data, be included in the safety zone of security application from non-safety zone in the described memory storage and extract described data and described data are decrypted, and transmitter sends to host apparatus with decrypted data.
17, memory storage as claimed in claim 16, wherein, the security application use that is included in the described memory storage is encrypted decrypted data with the predetermined encryption method that host apparatus is reached agreement, and transmitter sends to host apparatus with ciphered data.
18, a kind of memory storage that is used for distributing the safety zone in non-safety zone, described memory storage comprises:
Storage area comprises non-safety zone and safety zone;
Receiver receives data the safety zone will be stored in storage area from host apparatus;
Security application is guaranteed to be used in the space of the required safety zone of storage area storage data described data to be encrypted, and with described data storage in the safety zone; With
Transmitter, the result that will store described data in storage area sends to host apparatus.
19, memory storage as claimed in claim 18, wherein, the result who stores described data comprises: about the positional information of the safety zone of the described data of storage in non-safety zone.
20, memory storage as claimed in claim 19, wherein, security application uses Hash table or mapping table to change positional information.
21, memory storage as claimed in claim 18, wherein, security application is carried out the authentication to host apparatus.
22, memory storage as claimed in claim 18, wherein, receiver is from the request of host apparatus reception visit data, and the safety zone of security application from non-safety zone extracted described data and described data are decrypted, and transmitter sends to host apparatus with decrypted data.
23, memory storage as claimed in claim 22, wherein, the security application use is encrypted decrypted data with the predetermined encryption method that host apparatus is reached agreement.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US64315005P | 2005-01-13 | 2005-01-13 | |
| US60/643,150 | 2005-01-13 | ||
| KR1020050042622 | 2005-05-20 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101103404A true CN101103404A (en) | 2008-01-09 |
Family
ID=37173383
Family Applications (5)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006800021726A Pending CN101103346A (en) | 2005-01-13 | 2006-01-13 | Apparatus and method for digital rights management |
| CNB2006800021800A Active CN100524283C (en) | 2005-01-13 | 2006-01-13 | Method and device for consuming rights objects having inheritance structure |
| CNA2006800021730A Pending CN101103404A (en) | 2005-01-13 | 2006-01-13 | Method and portable storage device for allocating secure area in insecure area |
| CNA2006800021798A Pending CN101103591A (en) | 2005-01-13 | 2006-01-13 | Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device |
| CN2006800021815A Active CN101103628B (en) | 2005-01-13 | 2006-01-13 | Host device, portable storage device, and method for updating meta information regarding right objects stored in portable storage device |
Family Applications Before (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006800021726A Pending CN101103346A (en) | 2005-01-13 | 2006-01-13 | Apparatus and method for digital rights management |
| CNB2006800021800A Active CN100524283C (en) | 2005-01-13 | 2006-01-13 | Method and device for consuming rights objects having inheritance structure |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006800021798A Pending CN101103591A (en) | 2005-01-13 | 2006-01-13 | Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device |
| CN2006800021815A Active CN101103628B (en) | 2005-01-13 | 2006-01-13 | Host device, portable storage device, and method for updating meta information regarding right objects stored in portable storage device |
Country Status (2)
| Country | Link |
|---|---|
| KR (5) | KR100736099B1 (en) |
| CN (5) | CN101103346A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270182A (en) * | 2011-07-04 | 2011-12-07 | 济南伟利迅半导体有限公司 | Encrypted mobile storage equipment based on synchronous user and host machine authentication |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101443612B1 (en) * | 2006-08-08 | 2014-09-23 | 엘지전자 주식회사 | Method and terminal for authenticating between drm agents for moving ro |
| KR101366277B1 (en) * | 2006-09-07 | 2014-02-20 | 엘지전자 주식회사 | Method and terminal for verifying membership in order to move rights object in domain |
| KR100948384B1 (en) | 2006-11-29 | 2010-03-22 | 삼성전자주식회사 | Method for moving rights object and device that is moving rights object and portable storage device |
| KR100897449B1 (en) * | 2007-05-04 | 2009-05-14 | (주)케이티에프테크놀로지스 | Portable terminal and method of providing an encryption function |
| KR100911556B1 (en) * | 2007-08-06 | 2009-08-10 | 현대자동차주식회사 | Method for Transmission and Playback of DRM Content |
| KR100973576B1 (en) | 2008-03-26 | 2010-08-03 | 주식회사 팬택 | Method and device for generating right object, method and device for transferring right object and method and device for receiving right object |
| US9491184B2 (en) | 2008-04-04 | 2016-11-08 | Samsung Electronics Co., Ltd. | Method and apparatus for managing tokens for digital rights management |
| KR20100088051A (en) * | 2009-01-29 | 2010-08-06 | 엘지전자 주식회사 | Method for installing rights object for content in memory card |
| KR101167938B1 (en) | 2009-09-22 | 2012-08-03 | 엘지전자 주식회사 | Method for using rights to contents |
| KR101681587B1 (en) * | 2010-07-02 | 2016-12-01 | 엘지전자 주식회사 | Method and device for managing digital rights using activation of rights |
| KR102007929B1 (en) * | 2011-11-02 | 2019-08-07 | 에스케이플래닛 주식회사 | Portable Device For Security Information Management And Operating Method thereof |
| US20140282886A1 (en) * | 2013-03-14 | 2014-09-18 | TollShare, Inc. | Content list sharing |
| US9147084B2 (en) | 2013-05-31 | 2015-09-29 | Openpeak Inc. | Method and system for isolating secure communication events from a non-secure application |
| KR101384550B1 (en) * | 2013-11-26 | 2014-04-14 | (주)피타소프트 | Apparatus for record of moving picture file, system and method for detecting change of moving picture file |
| EP3084668A4 (en) * | 2013-12-19 | 2017-08-23 | Intel Corporation | Technologies for supporting multiple digital rights management protocols on a client device |
Family Cites Families (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6141656A (en) * | 1997-02-28 | 2000-10-31 | Oracle Corporation | Query processing using compressed bitmaps |
| JP2996938B2 (en) | 1997-12-01 | 2000-01-11 | 技術研究組合新情報処理開発機構 | Method of storing time-series data and recording medium |
| US6671803B1 (en) | 1998-10-06 | 2003-12-30 | Koninklijke Philips Electronics N.V. | Method and system for consumer electronic device certificate management |
| US20020012432A1 (en) | 1999-03-27 | 2002-01-31 | Microsoft Corporation | Secure video card in computing device having digital rights management (DRM) system |
| JP2002203070A (en) | 2000-10-17 | 2002-07-19 | Hitachi Ltd | Metadata distribution method |
| JP2002163235A (en) | 2000-11-28 | 2002-06-07 | Mitsubishi Electric Corp | Access authorization transfer device, shared resource management system and access authorization setting method |
| CA2430062A1 (en) * | 2000-12-08 | 2002-07-18 | Matsushita Electric Industrial Co., Ltd. | Distribution device, terminal device, and program and method for use therein |
| JP2002297154A (en) | 2001-03-30 | 2002-10-11 | Minolta Co Ltd | System and device for data provision, system for data acquisition, and terminal device |
| KR100859922B1 (en) * | 2001-07-05 | 2008-09-23 | 마츠시타 덴끼 산교 가부시키가이샤 | Recording apparatus, and medium, method |
| JP3842664B2 (en) | 2002-02-13 | 2006-11-08 | 日本電信電話株式会社 | Network system and network system control method |
| JP2003258786A (en) | 2002-02-27 | 2003-09-12 | Nippon Telegr & Teleph Corp <Ntt> | Public key certificate searching apparatus, public key certificate searching method, computer program, and recording medium with computer program recorded thereon |
| KR20050024353A (en) * | 2002-06-19 | 2005-03-10 | 팔로마 메디칼 테크놀로지스, 인코포레이티드 | Method and apparatus for treatment of cutaneous and subcutaneous conditions |
| JP4040424B2 (en) | 2002-10-16 | 2008-01-30 | Kddi株式会社 | Software license management method, software license management system, and computer program |
| JP4323163B2 (en) | 2002-11-25 | 2009-09-02 | 三菱電機株式会社 | Server device |
| JP2004302817A (en) | 2003-03-31 | 2004-10-28 | Matsushita Electric Ind Co Ltd | License management system |
| JP2004303111A (en) | 2003-04-01 | 2004-10-28 | Hitachi Ltd | Portable terminal with license management function |
| KR20040107602A (en) | 2003-06-05 | 2004-12-23 | 삼성전자주식회사 | License Management System And Method for Playing Contents in Home Network |
| US7047390B2 (en) | 2003-06-17 | 2006-05-16 | International Business Machines Corporation | Method, system, and program for managing a relationship between one target volume and one source volume |
| US7136974B2 (en) * | 2003-06-19 | 2006-11-14 | Pillar Data Systems, Inc. | Systems and methods of data migration in snapshot operations |
| KR100643278B1 (en) * | 2003-10-22 | 2006-11-10 | 삼성전자주식회사 | Method and Apparatus for managing digital rights of portable storage device |
| KR100608585B1 (en) * | 2004-07-12 | 2006-08-03 | 삼성전자주식회사 | Method and apparatus for searching rights objects stored in portable storage device using object location data |
| KR100608605B1 (en) * | 2004-09-15 | 2006-08-03 | 삼성전자주식회사 | Method and apparatus for digital rights management |
| KR100678893B1 (en) * | 2004-09-16 | 2007-02-07 | 삼성전자주식회사 | Method and apparatus for searching rights objects stored in portable storage device using object identifier |
-
2006
- 2006-01-11 KR KR1020060003329A patent/KR100736099B1/en active IP Right Grant
- 2006-01-11 KR KR1020060003327A patent/KR100678927B1/en not_active IP Right Cessation
- 2006-01-11 KR KR1020060003330A patent/KR100736101B1/en active IP Right Grant
- 2006-01-11 KR KR1020060003331A patent/KR100736100B1/en not_active IP Right Cessation
- 2006-01-11 KR KR1020060003328A patent/KR100755707B1/en not_active IP Right Cessation
- 2006-01-13 CN CNA2006800021726A patent/CN101103346A/en active Pending
- 2006-01-13 CN CNB2006800021800A patent/CN100524283C/en active Active
- 2006-01-13 CN CNA2006800021730A patent/CN101103404A/en active Pending
- 2006-01-13 CN CNA2006800021798A patent/CN101103591A/en active Pending
- 2006-01-13 CN CN2006800021815A patent/CN101103628B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270182A (en) * | 2011-07-04 | 2011-12-07 | 济南伟利迅半导体有限公司 | Encrypted mobile storage equipment based on synchronous user and host machine authentication |
| CN102270182B (en) * | 2011-07-04 | 2014-04-23 | 济南伟利迅半导体有限公司 | Encrypted mobile storage equipment based on synchronous user and host machine authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20060082805A (en) | 2006-07-19 |
| KR20060082806A (en) | 2006-07-19 |
| KR100736099B1 (en) | 2007-07-06 |
| KR20060082807A (en) | 2006-07-19 |
| KR20060082804A (en) | 2006-07-19 |
| KR100736101B1 (en) | 2007-07-06 |
| CN101103628B (en) | 2011-10-12 |
| KR100755707B1 (en) | 2007-09-05 |
| CN101103348A (en) | 2008-01-09 |
| CN101103346A (en) | 2008-01-09 |
| CN100524283C (en) | 2009-08-05 |
| CN101103628A (en) | 2008-01-09 |
| KR100736100B1 (en) | 2007-07-06 |
| CN101103591A (en) | 2008-01-09 |
| KR100678927B1 (en) | 2007-02-06 |
| KR20060082808A (en) | 2006-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101103404A (en) | Method and portable storage device for allocating secure area in insecure area | |
| AU2006205315B2 (en) | Method and portable storage device for allocating secure area in insecure area | |
| US9811478B2 (en) | Self-encrypting flash drive | |
| CN100464313C (en) | Mobile memory device and method for accessing encrypted data in mobile memory device | |
| CN101765845A (en) | System and method for digital content distribution | |
| KR20150041095A (en) | Method and devices for selective ram scrambling | |
| US9660986B2 (en) | Secure access method and secure access device for an application program | |
| CN103106372A (en) | Lightweight class privacy data encryption method and system for Android system | |
| CN103824032A (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| CN101685425A (en) | Mobile storage device and method of encrypting same | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| US20100070518A1 (en) | Method for protecting private information and computer-readable recording medium storing program for executing the same | |
| EP2361416A1 (en) | Secure storage device | |
| CN105095945A (en) | SD card capable of securely storing data | |
| CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
| CN111177773A (en) | Full disk encryption and decryption method and system based on network card ROM | |
| CN105512520B (en) | Anti-cloning vehicle-mounted system and working method thereof | |
| KR101255204B1 (en) | Storage reader apparatus having security features and the method thereof | |
| CN103370718A (en) | Data protection using distributed security key | |
| US20150200777A1 (en) | Data securing method, data securing system and data carrier | |
| US8320570B2 (en) | Apparatus and method for generating secret key | |
| US20220277088A1 (en) | System on chip and operating method thereof | |
| CN103154967A (en) | Modifying a length of an element to form an encryption key | |
| CN102129535A (en) | Encryption method of nonvolatile computer system based on hardware and computer | |
| TWI791995B (en) | Software protection method and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080109 |