CN101120356A - Control structure for versatile content control and method using structure - Google Patents
Control structure for versatile content control and method using structure Download PDFInfo
- Publication number
- CN101120356A CN101120356A CNA2005800482747A CN200580048274A CN101120356A CN 101120356 A CN101120356 A CN 101120356A CN A2005800482747 A CNA2005800482747 A CN A2005800482747A CN 200580048274 A CN200580048274 A CN 200580048274A CN 101120356 A CN101120356 A CN 101120356A
- Authority
- CN
- China
- Prior art keywords
- access
- acr
- key
- memory
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 238000003860 storage Methods 0.000 claims abstract description 60
- 238000005192 partition Methods 0.000 claims description 182
- 238000004883 computer application Methods 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 57
- 230000004044 response Effects 0.000 abstract description 27
- 238000004422 calculation algorithm Methods 0.000 description 56
- 238000007726 management method Methods 0.000 description 23
- 229910003460 diamond Inorganic materials 0.000 description 17
- 239000010432 diamond Substances 0.000 description 17
- 238000013475 authorization Methods 0.000 description 14
- 230000008859 change Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000013316 zoning Methods 0.000 description 11
- 101000619805 Homo sapiens Peroxiredoxin-5, mitochondrial Proteins 0.000 description 10
- 102100022078 Peroxiredoxin-5, mitochondrial Human genes 0.000 description 10
- 238000004891 communication Methods 0.000 description 10
- 230000014759 maintenance of location Effects 0.000 description 10
- 238000012546 transfer Methods 0.000 description 9
- 230000009471 action Effects 0.000 description 8
- 230000001413 cellular effect Effects 0.000 description 8
- 238000009826 distribution Methods 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 101100161875 Arabidopsis thaliana ACR2 gene Proteins 0.000 description 2
- 101100495264 Arabidopsis thaliana CDC25 gene Proteins 0.000 description 2
- 101100380266 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) ARR2 gene Proteins 0.000 description 2
- 101150004068 acrB gene Proteins 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 230000002045 lasting effect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000003278 mimic effect Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 238000011282 treatment Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 101100161882 Caenorhabditis elegans acr-3 gene Proteins 0.000 description 1
- 101000952227 Drosophila melanogaster Sphingolipid delta(4)-desaturase DES1 Proteins 0.000 description 1
- 241000600169 Maro Species 0.000 description 1
- 102100037416 Sphingolipid delta(4)-desaturase DES1 Human genes 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
- G06F21/805—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors using a security table for the storage sub-system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.
Description
Technology
The present invention relates generally to memory systems and, more specifically, relates to a content control feature common storage
Memory system.
BACKGROUND
Calculating means towards the mobile market is a storage device includes a content stored for exchange of data by generating more
Increase the average income direction. This means that the contents of removable storage medium is required for the computing device
Protection of the content. Including valuable data, this can be in addition to the manufacture or sale of a person outside of the storage device
Data owned groups.
In U.S. Patent No. 6,457,126 describes a storage device with encryption capabilities. However, the device referred to in
For very limited capacity. Therefore, the need to provide a more common feature of the memory content control system.
SUMMARY OF THE INVENTION
Move the storage medium may involve encrypted media content protection of the data, so that only authorized users or applications
Access sequence used to encrypt the data stored in the media key. In some existing systems, the number used to encrypt and decrypt
According to a key stored in the mobile device of the external storage medium. In such cases, with the contents of a public ownership interest
Company or individual may use the content in the media is not a lot of control. As for the encrypted media key data in the presence
Outside the media, and thus can not control the way content owners this key from one device to another installation
Position. According to a feature of the present invention, if the encryption - decryption key is stored in the media itself and not by an external substantially
Device access, then equity owners will occupy control access to media content in a better position.
...
Move the storage medium may involve encrypted media content protection of the data, so that only authorized users or applications
Access sequence used to encrypt the data stored in the media key. In some existing systems, the number used to encrypt and decrypt
According to a key stored in the mobile device of the external storage medium. In such cases, with the contents of a public ownership interest
Company or individual may use the content in the media is not a lot of control. As for the encrypted media key data in the presence
Outside the media, and thus can not control the way content owners this key from one device to another installation
Position. According to a feature of the present invention, if the encryption - decryption key is stored in the media itself and not by an external substantially
Device access, then equity owners will occupy control access to media content in a better position.
...
In order to enhance the storage media stored in the mobile content business value, need content owners ownership interest
Licensing can be different for different entities to access the content. Accordingly, another feature of the present invention is based on the recognition
Knowledge: Can be stored for different licensing authority (for example, to different authorized entities) to access data stored in the media
Access policies. Incorporating a combination of the two above-mentioned features of the system is particularly advantageous. On the one hand, content owners or
Owner has substantially the external device by using the key is not accessible to the ability to control access to the content, and also with
There are authorized to access media content for different licensing capability. Therefore, even in the case of an external device to obtain access
Next, the access can still be recorded in the storage medium by the content owner or owner of the settings in the license control.
...
In order to enhance the storage media stored in the mobile content business value, need content owners ownership interest
Licensing can be different for different entities to access the content. Accordingly, another feature of the present invention is based on the recognition
Knowledge: Can be stored for different licensing authority (for example, to different authorized entities) to access data stored in the media
Access policies. Incorporating a combination of the two above-mentioned features of the system is particularly advantageous. On the one hand, content owners or
Owner has substantially the external device by using the key is not accessible to the ability to control access to the content, and also with
There are authorized to access media content for different licensing capability. Therefore, even in the case of an external device to obtain access
Next, the access can still be recorded in the storage medium by the content owner or owner of the settings in the license control.
...
Many storage device does not know the file system, and many computer host device as a file read and write data.
According to another feature, the host device to provide the key reference or ID, rather than the memory system in response to said generated key ID
Associated key value, wherein the key value is used to deal with the key ID password associated data in the file.
The key ID and the host to be processed by the memory system password file association. Therefore, the key ID from the calculation
Devices and memory is used as a handle, the handle keeps the memory used by the cryptographic key value generation and the
With the complete and exclusive control of the host to maintain control of the document.
...
Such as smart cards in some mobile storage device, the card controller management file system. For example, flash memory,
Disk or CD-ROM many other types of removable storage device, the device controller does not know the file system; instead, installed
Controllers rely on a host device is set (for example, personal computers, digital cameras, MP3 players, personal digital assistants,
Cellular telephone) to manage the file system. Various aspects of the present invention can be easily incorporated into some type of storage device to this
In which said device does not know the file system. This means that in a variety of existing mobile storage device Practice
The various features of the present invention, without the need to re-design of these devices means that such devices in the controller becomes known and
Able to manage the file system.
...
Such as smart cards in some mobile storage device, the card controller management file system. For example, flash memory,
Disk or CD-ROM many other types of removable storage device, the device controller does not know the file system; instead, installed
Controllers rely on a host device is set (for example, personal computers, digital cameras, MP3 players, personal digital assistants,
Cellular telephone) to manage the file system. Various aspects of the present invention can be easily incorporated into some type of storage device to this
In which said device does not know the file system. This means that in a variety of existing mobile storage device Practice
The various features of the present invention, without the need to re-design of these devices means that such devices in the controller becomes known and
Able to manage the file system.
...
To enhance the storage medium supplied by the mobile business value, to the removable memory device can simultaneously support one
These applications. When two or more applications are simultaneously access a portable storage device, it may be important
Able to separate two or more of the operation of the application, so that it will not referred to herein as the phenomenon of crosstalk
Interfere with each other. Accordingly, another feature of the present invention is based on the following understanding: available preferably two or classification
Above the tree to be used to control access memory. Each tree contains nodes at different levels in order to control the number of the corresponding group entities
Data access, where each node in the tree corresponding to said one or more designated entity for accessing a memory data
Or more licenses. In each node of the tree at the one or more licenses in the same tree with higher or lower levels of
Another node in one or more permissions in a predetermined relationship. Preferably, at least two of said tree does not exist between
Crosstalk.
...
Based on the above, It will be apparent that the tree is available for a strong structure of content security. Provided an important control
System is the control tree creation. Thus, according to another feature of the present invention, the mobile storage device may have to create at least
A hierarchical tree (which is included at the node at different levels for the respective entity controls access to the number stored in the memory
According to) the system agents. Each node of the tree corresponding to one or more physical memory data for accessing one or
Multiple licenses. In each node of the tree at the one or more licenses in the same tree with a higher or lower or the same as other
Level node to one or more license in a predetermined relationship. Therefore, you can not create any tree in the case of issue
Removable storage device, so that means buyers are free to create hierarchical tree, the hierarchical tree for buyers
The considered application. Alternatively, in the case where the tree has been created release removable memory device, so that the purchaser does not
Create the tree will experience trouble. In both cases, preferably, the specific functionality of the tree after the device is made to become
Fixed, so that further changes or modifications not described functionality. This provides content owners access to content on the device
The strong control. Thus, in one embodiment, the agent may preferably disable the system, so as not to create an additional
Trees.
...
Based on the above, It will be apparent that the tree is available for a strong structure of content security. Provided an important control
System is the control tree creation. Thus, according to another feature of the present invention, the mobile storage device may have to create at least
A hierarchical tree (which is included at the node at different levels for the respective entity controls access to the number stored in the memory
According to) the system agents. Each node of the tree corresponding to one or more physical memory data for accessing one or
Multiple licenses. In each node of the tree at the one or more licenses in the same tree with a higher or lower or the same as other
Level node to one or more license in a predetermined relationship. Therefore, you can not create any tree in the case of issue
Removable storage device, so that means buyers are free to create hierarchical tree, the hierarchical tree for buyers
The considered application. Alternatively, in the case where the tree has been created release removable memory device, so that the purchaser does not
Create the tree will experience trouble. In both cases, preferably, the specific functionality of the tree after the device is made to become
Fixed, so that further changes or modifications not described functionality. This provides content owners access to content on the device
The strong control. Thus, in one embodiment, the agent may preferably disable the system, so as not to create an additional
Trees.
...
In some applications, it can be more easily enables users to log in using an application memory system, and then
The ability to use different applications to access protected content without having to log in again. In such cases, the user wants
Access to all the contents in this way can be associated with the first account, so via different applications (eg, audio
Music player, e-mail, cellular communication) to access all of this content without multiple logins. Then you can not
Same group authentication information used to log in with the first account to access a different account of the protected content, even if the different
Account for the same user or entity.
% E5% 9C% A8% E5% AD% 98% E5% 82% A8% E7% B3% BB% E7% BB% 9F% E4% B8% AD% E5% 8F% AF% E5% 8D% 95% E7 % 8B% AC% E4% BD% BF% E7% 94% A8% E4% B8% 8A% E8% BF% B0% E7% 89% B9% E5% BE% 81% E6% 88% 96% E5% 8F % AF% E4% BB% A5% E4% BB% BB% E4% BD% 95% E7% BB% 84% E5% 90% 88% E6% 9D% A5% E7% BB% 84% E5% 90% 88 % E4% B8% 8A% E8% BF% B0% E7% 89% B9% E5% BE% 81% EF% BC% 8C% E4% BB% A5% E6% 8F% 90% E4% BE% 9B% E5 % 86% 85% E5% AE% B9% E6% 8B% A5% 0A% 20% 20% 20% 20% E6% 9C% 89% E8% 80% 85% E7% 9A% 84% E6% 8E% A7 % E5% 88% B6% E5% 92% 8C% 2F% E6% 88% 96% E4% BF% 9D% E6% 8A% A4% E7% 9A% 84% E8% BE% 83% E5% BC% BA % E9% 80% 9A% E7% 94% A8% E6% 80% A7% E3% 80% 82
BRIEF DESCRIPTION
Figure 1 is a view for explaining the present invention will communicate with the host device block diagram of a memory system.
Figure 2 is a different memory partition and stored in different partitions of the unencrypted and encrypted files a schematic view,
Access to specific partitions and file encryption and authentication procedures by the access control policy, the schematic diagram to illustrate the present invention is implemented
Example.
Figure 3 is a memory, a memory in different partitions FIG.
Figure 4 is shown in Figure 3 for different partitions of a memory file location table diagram, wherein said partition
Some files have been encrypted to an embodiment of the present invention.
Figure 5 is a group of records to access a controlled access control records and the associated key reference schematic view for said
Embodiments of the present invention will.
Figure 6 is controlled by the access log record group and controlled access tree structure diagram form, which is used to illustrate the
Embodiments of the invention.
FIG 7 is a group of records to access a controlled three hierarchical tree of the tree diagram for explaining the shape of the tree
Into the process.
8A and 8B are illustrated by the host device and the memory device (e.g., using the system for creating and access control
Record memory card) flowchart of a process performed.
Figure 9 is an explanatory system access control record to create a group of records to access a controlled process flowchart with
To illustrate the present invention.
FIG 10 is a record for creating access control flowchart of a process.
Figure 11 is a view for explaining the hierarchical tree can be application-specific access control record of the two groups of Fig.
FIG 12 is used to authorize specific rights flowchart of a process.
Figure 13 is an access controlled record groups and access control records diagram of Figure 12 to illustrate its authorization process.
14 is an explanatory diagram for creating for encryption and / or decryption key purpose flowchart of a process.
FIG 15 is used to cancel the controlled record to the access rights of access and / or permission for the data access over
Process flow chart.
Figure 16 is an explanatory view when accessing rights and / or access permissions have been removed or have expired when the flow of the process of requesting access
Figure.
17A and 17B are used for authentication rules described structure and is used to authorize access to a cryptographic key organizational strategy
The schematic view for explaining another embodiment of the present invention.
Figure 18 illustrates some of the dialogue when opening dialogue authentication and access flowchart.
Figure 19-22 illustrates a flowchart of a different certification process.
To simplify the description, in the case of this application, the same elements with the same numerals.
Specific embodiments
The block diagram in Figure 1 which may be implemented with various aspects of the invention, an exemplary memory system. Shown in Figure 1,
Memory system 10 includes a central processing unit (CPU) 12, the buffer management unit (BMU) 14, host interface module
Block (HIM) 16 and a flash interface module (FIM) 18, flash memory 20 and the peripheral access module (PAM) 22.
Memory system 10 via the host interface bus 26 and ports 24 communicate with the host device 26a. NAND type can be
Type flash memory 20 is a host device 24 provides data storage. CPU 12 can also be software code stored in the flash
Memory 20. FIM 18 via the flash interface bus 28 and the port 28a connected to the flash memory 20. HIM 16
Adapted for connection to such as digital cameras, personal computers, personal digital assistants (PDA), digital media players, MP-3
Player, cellular phone or other digital device host system. Peripheral access module 22 selects example FIM, HIM
And the BMU appropriate controller module for communication with the CPU 12. In one embodiment, the system may be dotted
All components in a system 10 such as a memory card or stick 10 'in a single cell and preferably to seal it.
...
The block diagram in Figure 1 which may be implemented with various aspects of the invention, an exemplary memory system. Shown in Figure 1,
Memory system 10 includes a central processing unit (CPU) 12, the buffer management unit (BMU) 14, host interface module
Block (HIM) 16 and a flash interface module (FIM) 18, flash memory 20 and the peripheral access module (PAM) 22.
Memory system 10 via the host interface bus 26 and ports 24 communicate with the host device 26a. NAND type can be
Type flash memory 20 is a host device 24 provides data storage. CPU 12 can also be software code stored in the flash
Memory 20. FIM 18 via the flash interface bus 28 and the port 28a connected to the flash memory 20. HIM 16
Adapted for connection to such as digital cameras, personal computers, personal digital assistants (PDA), digital media players, MP-3
Player, cellular phone or other digital device host system. Peripheral access module 22 selects example FIM, HIM
And the BMU appropriate controller module for communication with the CPU 12. In one embodiment, the system may be dotted
All components in a system 10 such as a memory card or stick 10 'in a single cell and preferably to seal it.
...
The buffer management unit 14 includes a host direct memory access (HDMA) 32, a flash direct memory access
(FDMA) 34, an arbiter 36, a buffer random access memory (BRAM) 38 and a cryptographic engine 40. Arbiter
A shared bus arbiter 36, so that only one master apparatus or initiator (which may be HDMA 32, FDMA 34
Or the CPU 12) can work at any time, and the target device is a slave device, or BRAM 38. Arbiter responsible
Suitable initiator requests directed to BRAM 38. HDMA 32 and FDMA 34 responsible for HIM 16, FIM 18 and
BRAM 38 or CPU random access memory (CPU RAM) 12a between the transferred data. HDMA 32 and FDMA
34 is a conventional operation, and does not require a detailed description herein. BRAM 38 for storing in the host device 24 and the fast
Transfer between the flash memory 20 data. HDMA 32 and FDMA 34 responsible for HIM 16/FIM 18 and BRAM 38
CPU RAM 12a or transfer data and instructions between sectors is completed.
...
Stored in the memory 20 for the content improve security, the memory system 10 is generated for the encryption and / or solutions
Secret key value, where this value is substantially not the host device 24, for example, by an external device access. However, generally one by one
To encrypt and decrypt the file, as the host device in the form of documents to read data and write data to the memory system
10. Like many other types of memory devices, the memory device 10 does not know the file or the file system. Although the memory
20 stores the logical address to identify the file in which the file allocation table (FAT), but generally the FAT from the host device 24
And not by the controller 12 to access and manage. Therefore, in order to encrypt data in a specific file, the controller 12 will have
Rely on a host device to send a file in the memory 20 of the logical address, so that the system 10 can be found
Particular file system 10 uses only the data and the availability of key values to encrypt and / or decrypt.
...
In order for the host device 24 and the memory system 10 provides a handle to reference both for the password to handle files
The same key data, the host device 10 provided by the system for each key generated by the reference value, wherein the reference to
Simply is the key ID. Therefore, the host system 10, 24 will be handled password for each file with the key ID of the relevant
Union, and the system 10 will be used to handle the password each key value data provided by the host key ID to associate.
Therefore, when the host requests the password to process the file, it will have a request, together with the key ID to be taken from the memory 20
Or stored in a memory 20 of the logical address of the data to the system 10. System 10 generates a key value, and by the
24 provides the host ID of the key associated with this value, and the cryptographic processing is performed. In this manner, the memory does not require
10 operating system, and also allows complete control over its use key encryption processing (including exclusive access to the key value) of the square
Style make changes. In other words, the system continues to allow the host 24 through 10 has a pair of proprietary control to manage the FAT file
Pieces, and its generation and management maintain key value for password handling proprietary control. Host device 24 does not participate in generating
And managing the password for data processing key value.
...
In order for the host device 24 and the memory system 10 provides a handle to reference both for the password to handle files
The same key data, the host device 10 provided by the system for each key generated by the reference value, wherein the reference to
Simply is the key ID. Therefore, the host system 10, 24 will be handled password for each file with the key ID of the relevant
Union, and the system 10 will be used to handle the password each key value data provided by the host key ID to associate.
Therefore, when the host requests the password to process the file, it will have a request, together with the key ID to be taken from the memory 20
Or stored in a memory 20 of the logical address of the data to the system 10. System 10 generates a key value, and by the
24 provides the host ID of the key associated with this value, and the cryptographic processing is performed. In this manner, the memory does not require
10 operating system, and also allows complete control over its use key encryption processing (including exclusive access to the key value) of the square
Style make changes. In other words, the system continues to allow the host 24 through 10 has a pair of proprietary control to manage the FAT file
Pieces, and its generation and management maintain key value for password handling proprietary control. Host device 24 does not participate in generating
And managing the password for data processing key value.
...
To make the user or application access to the system 10 or the area protected content, will be required to use a pre-
System 10 registered certificates to authenticate. Certificates and certificate in order to give specific users or applications access rights binding.
In the pre-registration process, the system 10 stores the identity of the user or application records and certificates as well as by the user or application
Program to determine and provided by the host 24 This identification and certificates associated access rights. Upon completion of the pre-registration process
, When the user or application program requests the data into the memory 20, the host device will need to provide their identity and
Certificate key ID used to encrypt data and the encrypted data stored in the logical address. The system 10 generates a key value,
And this value is provided by the host device to associate the key ID, and is used to encrypt the data to be written secret key value
Key ID stored in its application for this user or records or tables. And the subsequent encrypted data encrypted data stored
Stored in the address specified by the host, and storage which produces a key value.
...
To make the user or application access to the system 10 or the area protected content, will be required to use a pre-
System 10 registered certificates to authenticate. Certificates and certificate in order to give specific users or applications access rights binding.
In the pre-registration process, the system 10 stores the identity of the user or application records and certificates as well as by the user or application
Program to determine and provided by the host 24 This identification and certificates associated access rights. Upon completion of the pre-registration process
, When the user or application program requests the data into the memory 20, the host device will need to provide their identity and
Certificate key ID used to encrypt data and the encrypted data stored in the logical address. The system 10 generates a key value,
And this value is provided by the host device to associate the key ID, and is used to encrypt the data to be written secret key value
Key ID stored in its application for this user or records or tables. And the subsequent encrypted data encrypted data stored
Stored in the address specified by the host, and storage which produces a key value.
...
Certificate by the encryption processing and key management for separation, then the certificate can not share the case
The right to share access to data. Therefore, a group with a different certificate user or application access for accessing phase
The same data in the same key, and this is not accessible to users outside the group. While one group for all users or applications
Order to access the same data, but it may still have different rights. Therefore, some may have read-only access, while the other can
A write-only access, and some may have both. Because the system 10 to maintain the user or application identity and certificates, which
Access to the key ID and key ID for each access rights associated records, and thus the system 10 can be increased or
Delete key ID and changed for specific users or applications associated with these key ID access rights, so that kept
Take the right user or application to each other authorization, or even delete or add a user or application for recording
Or table, which all actions are duly authenticated host device to control. Records stored Require secure channel can be specified
To access a specific key. Can use symmetric or asymmetric algorithms and password for authentication.
...
Particularly important is the memory system 10 secure content portability. Since the key value is produced by the memory system
Students and substantially external system is not available, so when the memory system or integrated into a storage device from said system
An external system to the other one, the contents stored therein to maintain security, and the external system does not exist
Take this content, unless it has been totally controlled manner by the memory system certification. Even in such a certification,
Access is controlled entirely by the memory system and the external system can only be based on the preset memory system recording control
Ways to access. If the request does not comply with these records, it will reject the request.
...
In order to provide greater flexibility to protect the content, conceived only by duly authenticated users or applications access
Hereinafter referred to as the memory partition in some areas. When used with key-based data encryption feature combinations above, the Department of
Data system 10 to provide greater protection. Figure 2 shows, the flash memory 20 may be divided into a number of storage capacity
Zoning: Zoning and custom user area or district. P0 user area or partition without certification in all cases by the use
Users and applications to access. Although by any application or user reads or writes are stored in the user data area
The value of all the bits, but if the data read is encrypted, then the decryption authority without the user or application can not be accessed
Stored in the user area by the bit value of the information represented. This is done by (e.g.) P0 stored in the user area of the document
102 and 104 illustrate. Also stored in the user area of the well unencrypted file (eg 106), all of which can be
Applications and users to read and understand. Therefore, the way symbols, such as a file with the file 102 and 104
To show the associated latching encrypted files.
...
In order to provide greater flexibility to protect the content, conceived only by duly authenticated users or applications access
Hereinafter referred to as the memory partition in some areas. When used with key-based data encryption feature combinations above, the Department of
Data system 10 to provide greater protection. Figure 2 shows, the flash memory 20 may be divided into a number of storage capacity
Zoning: Zoning and custom user area or district. P0 user area or partition without certification in all cases by the use
Users and applications to access. Although by any application or user reads or writes are stored in the user data area
The value of all the bits, but if the data read is encrypted, then the decryption authority without the user or application can not be accessed
Stored in the user area by the bit value of the information represented. This is done by (e.g.) P0 stored in the user area of the document
102 and 104 illustrate. Also stored in the user area of the well unencrypted file (eg 106), all of which can be
Applications and users to read and understand. Therefore, the way symbols, such as a file with the file 102 and 104
To show the associated latching encrypted files.
...
Figure 2 shows the same, a variety of user or application program can access the files in memory 20. Thus, in Figure 2 show
1 and 2 show the user and the application 1 to 4 (running on the device). These entities are allowed to access the memory 20
Protected content, these entities by the authentication process with the first way to authenticate as explained below. In this process,
Need to identify the host side entity requesting access to perform a task-based access control. Therefore, the entity requesting access
First, by providing for example, "I was 2, and I want the application to read the file a" message from my identification. Controller
12 Next, the identity, authentication information and requests stored in the memory 20 or controller 12 records matched. As
If all requirements are met, then followed this entity authorized to access. Figure 2 illustrates that allows users 1 From the partition P1
File 101 to read or write to a file 101, but in addition to the user a right to have unlimited files from P0 106
Reads and writes to the file 106, the file 102 can only read and 104. On the other hand, does not allow users to access two
File 101 and 104, but the user can read and write files 2 102. Figure 2 indicates that users 1 and 2 have the same
Log algorithm (AES), and the application 1 and 3 have different log-algorithms (e.g., RSA, and 001001), the
Algorithm is also different from the user 1 and 2 those algorithms.
...
Figure 2 shows the same, a variety of user or application program can access the files in memory 20. Thus, in Figure 2 show
1 and 2 show the user and the application 1 to 4 (running on the device). These entities are allowed to access the memory 20
Protected content, these entities by the authentication process with the first way to authenticate as explained below. In this process,
Need to identify the host side entity requesting access to perform a task-based access control. Therefore, the entity requesting access
First, by providing for example, "I was 2, and I want the application to read the file a" message from my identification. Controller
12 Next, the identity, authentication information and requests stored in the memory 20 or controller 12 records matched. As
If all requirements are met, then followed this entity authorized to access. Figure 2 illustrates that allows users 1 From the partition P1
File 101 to read or write to a file 101, but in addition to the user a right to have unlimited files from P0 106
Reads and writes to the file 106, the file 102 can only read and 104. On the other hand, does not allow users to access two
File 101 and 104, but the user can read and write files 2 102. Figure 2 indicates that users 1 and 2 have the same
Log algorithm (AES), and the application 1 and 3 have different log-algorithms (e.g., RSA, and 001001), the
Algorithm is also different from the user 1 and 2 those algorithms.
...
Definitions, acronyms & abbreviations
ACR | Access control records |
AGP | ACR Group |
CBC | Chain block cipher |
CEK | A content encryption key |
ECB | Electronic Codebook |
ACAM | ACR property management |
PCR | Admission Control Record |
SSA | Safe storage applications |
Entity | Sign in SSA and therefore has to use its functionality real and separate existence (host side) either What things |
SSA System Description
Data security, integrity, and access control is the main task of the SSA. The data will simply be stored in the original
In certain types of large-capacity files on the storage device. SSA system is located on the storage system and increases for the stored master
Machine files layer of security.
SSA's main task is to manage the memory stored (and safe) different rights associated with the content. Deposit
Memory applications require multiple users and content rights management to multiply the stored content. From its side, the host
Applications such applications to see visible drives and partitions and manage storage devices and describe the stored text
Member for the location file allocation table (FAT).
In this case, the storage device is divided into multiple partitions using NAND flash chips, but can also be used other mobile
Movable storage means and these other devices within the scope of this invention. These partitions are logical addresses continuous thread, wherein
Start and end addresses define its boundaries. Thus, if desired, it can access the hidden partition with restrictions, which
Such restrictions with such means of the boundary associated with the address of the software (for example, stored in the memory 20 of the soft
Pieces) to carry out. Partitions can be entirely logical address SSA through its borders (by the SSA management) to identify. SSA system
Using partitions to physically protect data from unauthorized access host applications. For the host, the partition is to define
Ownership of space to store data files mechanism. These partitions can be shared, including access to any storage device
People can see and know the presence of partitions on the device, or a partition can be as private or hidden, which only selected
The host application can access the storage device and know the presence of partitions.
...
In this case, the storage device is divided into multiple partitions using NAND flash chips, but can also be used other mobile
Movable storage means and these other devices within the scope of this invention. These partitions are logical addresses continuous thread, wherein
Start and end addresses define its boundaries. Thus, if desired, it can access the hidden partition with restrictions, which
Such restrictions with such means of the boundary associated with the address of the software (for example, stored in the memory 20 of the soft
Pieces) to carry out. Partitions can be entirely logical address SSA through its borders (by the SSA management) to identify. SSA system
Using partitions to physically protect data from unauthorized access host applications. For the host, the partition is to define
Ownership of space to store data files mechanism. These partitions can be shared, including access to any storage device
People can see and know the presence of partitions on the device, or a partition can be as private or hidden, which only selected
The host application can access the storage device and know the presence of partitions.
...
Private partition (eg P1, P2 or P3) hidden within its file access. By preventing the host access
Partition, flash devices (eg, flash cards) to provide data on the partition file protection. However, such protection through
Over on accessing stored in the sub-region data at the logical address restrictions to engulf reside in the hidden partition
There are files. In other words, the restriction of a range of logical addresses. Able to access all of the partitions
User / host will be able to unrestricted access to all of its internal documents. In order to different files - or groups of documents - separated from each other
Away, SSA system uses the keys and key references or key ID for each file - or groups of documents - provide another level of
Security and integrity. Can be used to encrypt a different access point address of the data key value of the key specific reference or
Key ID likened to a container containing the encrypted data or the fields. For this reason, in Figure 4, the reference or secret key
Key ID (for example, "Key 1" and the key "2") to graphically demonstrate the use of key ID associated with the key value
The area around the encrypted file.
...
Referring to Figure 4, for example, file A by all physical access without any authentication, because the file A, the exhibition
Not shown is surrounded by either the key ID. Even if the utility partition file B by all entities to read or rewritten, file B
Also included are having ID "key 1" key to encrypt the data so that the file B of the information is not contained in the
Physical access, unless the entity can access this key. In this way, using the key values and key reference or mention only the key ID
Logic for protection, which is provided by the protection of the partition type opposite. Therefore, access to partitions (public or private)
Any host to read or write the data in the partition, including the encrypted data. However, since the data is
Encryption, and thus the unauthorized user can only be destroyed. It is preferably not detected in the case without changing the data
Or use the data. By restricting encryption and / or decryption key access, this feature can only be used by authorized entities
Data. P0 may also be used in a key ID "Key 2" key to encrypt the file B and C.
...
Referring to Figure 4, for example, file A by all physical access without any authentication, because the file A, the exhibition
Not shown is surrounded by either the key ID. Even if the utility partition file B by all entities to read or rewritten, file B
Also included are having ID "key 1" key to encrypt the data so that the file B of the information is not contained in the
Physical access, unless the entity can access this key. In this way, using the key values and key reference or mention only the key ID
Logic for protection, which is provided by the protection of the partition type opposite. Therefore, access to partitions (public or private)
Any host to read or write the data in the partition, including the encrypted data. However, since the data is
Encryption, and thus the unauthorized user can only be destroyed. It is preferably not detected in the case without changing the data
Or use the data. By restricting encryption and / or decryption key access, this feature can only be used by authorized entities
Data. P0 may also be used in a key ID "Key 2" key to encrypt the file B and C.
...
Not all of the data in the partition by different keys to encrypt and is associated with a different key ID. Public or user documentation
Parts or operating system area (i.e., FAT) some of the logical address may not refer to any key or keys associated
By itself and therefore accessible to any entity to get the partition.
% E8% A6% 81% E6% B1% 82% E8% 8E% B7% E5% BE% 97% E5% 88% 9B% E5% BB% BA% E5% AF% 86% E9% 92% A5% E5 % 92% 8C% E5% 88% 86% E5% 8C% BA% E4% BB% A5% E5% 8F% 8A% E5% B0% 86% E6% 95% B0% E6% 8D% AE% E5% 86 % 99% E5% 85% A5% E5% 88% 86% E5% 8C% BA% E6% 88% 96% E4% BB% 8E% E5% 88% 86% E5% 8C% BA% E8% AF% BB % E5% 8F% 96% E6% 95% B0% E6% 8D% AE% E6% 88% 96% E4% BD% BF% E7% 94% A8% E5% AF% 86% E9% 92% A5% E7 % 9A% 84% E8% 83% BD% E5% 8A% 9B% 0A% 20% 20% 20% 20% E7% 9A% 84% E5% AE% 9E% E4% BD% 93% E9% 9C% 80 % E8% A6% 81% E9% 80% 9A% E8% BF% 87% E5% AD% 98% E5% 8F% 96% E6% 8E% A7% E5% 88% B6% E8% AE% B0% E5 % BD% 95 (ACR)% E7% 99% BB% E5% BD% 95% E8% 87% B3SSA% E7% B3% BB% E7% BB% 9F% E3% 80% 82SSA% E7% B3% BB% E7% BB% 9F% E4% B8% AD% E7% 9A% 84ACR% E7% 9A% 84% E7% 89% B9% E6% 9D% 83% E8% A2% AB% 0A% 20% 20% 20% 20% E7% A7% B0% E4% B8% BA% E5% 8A% A8% E4% BD% 9C% E3% 80% 82% E6% AF% 8F% E4% B8% AAACR% E5% 8F% AF% E5% 85% B7% E6% 9C% 89% E7% 94% A8% E4% BB% A5% E6% 89% A7% E8% A1% 8C% E4% BB% A5% E4% B8% 8B% E4% B8% 89% E4% B8% AA% E7% A7% 8D% E7% B1% BB% E7% 9A% 84% E5% 8A% A8% E4% BD% 9C% E7% 9A% 84% E8% AE% B8% E5% 8F% AF% EF% BC% 9A% E5% 88% 9B% E5% BB% BA% E5% 88% 86% E5% 8C% BA% E5% 92% 8C% E5% AF% 86% E9% 92% A5% 2F% E5% AF% 86% 0A% 20% 20% 20% 20% E9% 92% A5ID% E3% 80% 81% E5% AD% 98% E5% 8F% 96% E5% 88% 86% E5% 8C% BA% E5% 92% 8C% E5% AF% 86% E9% 92% A5% E4% BB% A5% E5% 8F% 8A% E5% 88% 9B% E5% BB% BA% 2F% E6% 9B% B4% E6% 96% B0% E5% 85% B6% E5% AE% 83ACR% E3% 80% 82
ACR are organized into groups called ACR or AGP group. Once the ACR has been successfully authenticated, SSA system will
Open dialogue, through the dialogue perform any ACR action.
User partition
SSA one or more system management utility partition (also called user partition). This partition exists in the storage device
On, and is a standard storage device can read and write the command to access the partition. Obtain information about the partition size as well as its storage
That the information on the device to the host system is preferably not hidden.
SSA system makes it possible to read and write commands or via standard SSA commands to access this (these) partition. Accordingly,
Access partition preferably not be confined to specific ACR. However, SSA system allows the host device can restrict users
Partition access. Can be individually enable / disable read and write access. Allow all four combinations (eg, write-only, read-only
(Write-protected), reading and writing as well as non-accessible).
ACR SSA system allows the user the ability to partition key ID associated with the file and use those key ID
Associated with each key to encrypt the file. Command groups using the SSA (SSA commands on a detailed description, please refer to
Appendix A - In the appendix, key ID called a "domain") to be accessed by the user partition encrypted files and settings
Given access rights to said partition. These characteristics also apply to unorganized data into a file.
SSA district
These are accessed only by the SSA commands to the hidden (the host operating system or OS hidden) partition. In addition to
Log on to the ACR by the established dialogue (described below) in addition, SSA system will not allow the host device is preferably kept
Take SSA partition. Similarly, SSA is preferably SSA will not provide the presence of partitions, size, and access permissions of the letter
Interest, unless the request came from the dialogue established.
ACR license to export from the partition access rights. Once logged into the SSA ACR system, which can be its
It ACR (described below) shared partition. When you create a partition, the host provides a reference for the partition name or ID
(E.g., Figures 3 and 4 of the P0-P3). This reference is used to further partition of said read and write commands.
Partition the storage device
Preferably, the device is assigned to all of the available storage capacity of the user partition and the current partition configuration SSA. Accordingly,
Any re-zoning operation may involve reconfiguration of the existing partitions. Installed capacity (total size of all partitions) of
Net change will be zero. Defined by the host system memory space partition device's ID.
Host system can be an existing partition into two smaller partitions repartitioning, or two existing partitions (can be
Adjacent or non-adjacent) into one. Determined by the host, can be erased by the division or merge partition data or make it
Unaffected.
Since the storage device can cause data loss and re-partition (or because of its logical address space of the storage device
Be erased or moved around), so by the SSA system management for the re-zoning of the strictly limited. Allow only reside in
Root AGP (explained below) of the ACR issue commands to repartition and its only reference to its own partition. Because SSA
System does not know how to organize data into partitions (FAT or other file system structure), which is responsible for the device host
Any time repartition rebuild these structures.
User partition will change the host OS repartition saw this partition size and other attributes.
In the re-zoning, the host system is responsible for ensuring that any ACR SSA system without reference to non-existing partition.
If the ACR is not properly deleted or updated, then the system will detect and deny access to non-existing partition future efforts
Force (in the name of these ACR). For deleted key and key ID, similar care.
Key, key ID and logical protection
When the file is written to a specific hidden partition, hiding it to the public. However, once the entity (hostile or enemy
Right) to get this partition awareness and access to documents will become available and easy to see. To further protect files,
SSA can be encrypted in a hidden partition, which is used to access the key used to decrypt the file a certificate preferably Unlike
The partition is used to access those certificates. SSA because the file is not known (fully controlled and managed by the host) things
Fact, the CEK be associated with the file is a problem. SSA will file link to know something - Key ID-
Adjust this. Therefore, when the SSA to create a key, the master key that will be used for this key ID used by the SSA with
Creating a key to encrypt the data association.
...
Key value and key ID provides logical security. Use the same content encryption key (CEK) (its reference name or
Key ID when it is created by the host application only provider) to encrypt with a given key ID associated with all data
Regardless of its location. If the entity to gain access to the hidden partition (via certified through ACR), and you want to read
Or write to this partition encrypted file, then the need to be able to access the keys associated with the file ID. When an authorized deposit
Take the key for this key ID when, SSA loaded with this key ID associated CEK the key value, and in the number of
Before the data is sent to the host or to decrypt the data is written into the flash memory 20 before it is encrypted. With the key ID
CEK associated with the key values randomly created by the SSA system once and then its maintenance. SSA outside the system did not
There are means to know or access CEK in this key value. Provision and use of external reference or only key ID, rather than CEK
The key value. Fully managed by the SSA key value and only accessible by SSA.
...
Key value and key ID provides logical security. Use the same content encryption key (CEK) (its reference name or
Key ID when it is created by the host application only provider) to encrypt with a given key ID associated with all data
Regardless of its location. If the entity to gain access to the hidden partition (via certified through ACR), and you want to read
Or write to this partition encrypted file, then the need to be able to access the keys associated with the file ID. When an authorized deposit
Take the key for this key ID when, SSA loaded with this key ID associated CEK the key value, and in the number of
Before the data is sent to the host or to decrypt the data is written into the flash memory 20 before it is encrypted. With the key ID
CEK associated with the key values randomly created by the SSA system once and then its maintenance. SSA outside the system did not
There are means to know or access CEK in this key value. Provision and use of external reference or only key ID, rather than CEK
The key value. Fully managed by the SSA key value and only accessible by SSA.
...
Block mode - the data is divided into blocks, each of them separately encrypted. This mode is generally considered less secure and
Vulnerable to dictionary attacks. However, it will allow the user data block random access to any one of.
Chain model - the data is divided into blocks, which are linked in the encryption process. The next block is used for each encrypted block
An input process. Despite that this model is more secure, but this mode requires sequentially from beginning to end is always written to and read
Access to data, resulting in not always accepted by the users overhead.
Hash - can be used to verify data integrity with a summary of the data created with an extra chain model
ACR and access control
SSA is designed to handle multiple applications, where each application is represented as a node in the system database
Trees. By ensuring that no crosstalk between the tree branches to implement mutual exclusion between applications.
In order to obtain access to the system the SSA, entities need via the system of one of the ACR to establish a connection. By the SSA
System embedded in the user-selected according to the ACR in connection with the definition of the program to manage the log.
ACR is the SSA system each logon point. ACR holds the login credentials and authentication methods. Also residing in mind
The SSA also recorded within the system login permissions, in which the license is to read and write privileges. This is to say in Figure 5
Ming, Figure 5 illustrates the same n-AGP ACR. This means that the n ACR to share at least some of the phase
With key access. Therefore, ACR # 1 and ACR # n having the shared key ID "Key 3" access key,
Wherein ACR # 1 and ACR # n is ACR ID, and "Key 3" is used for the encryption and "Key 3" is associated
The key data in the key ID. Can also use the same key to encrypt and / or decrypt data in multiple files or groups.
SSA system supports several types of login to the system, including authentication algorithms and user certificates may be changed, with
Once the user has successfully logged its kind in the system of privilege can also be changed. Figure 5 again illustrate the different algorithms and login credentials.
ACR # 1 algorithm requires a password login and password for the certificate, and the ACR # 2 requires PKI (Public Key Infrastructure)
Login algorithms and public key for the certificate. Therefore, in order to log in, the entity will be required to produce a valid ACR ID and positive
Algorithms and correct login credentials.
Once you log in to the SSA system entity ACR, the ACR will be associated with the admission control record (PCR)
Defined in the permit (SSA command their use rights). In Figure 5, the display according to the PCR, ACR # 1 right and
"Key 3" read-only data associated with granting licenses and ACR # 2 right and "Key 5" Give read data associated
And write permission.
ACR can share different systems (for example, used for reading and writing in the key) common interests and privileges.
For this purpose, will have in common the ACR grouped AGP (ACP group). Therefore, ACR # 1 and ACR
# n shared right has a key ID "Key 3" key access.
Organized in a hierarchical tree AGP and therein ACR, and so in addition to creating a safe to keep sensitive data secure secret
Key outside; ACR may preferably also created corresponding to the key ID / partition other ACR entities. These ACR offspring
Will have its parent (creator) the same or less than their permission, and can be given for the creation of its own parent ACR
A license key. Needless to say, ACR get their offspring to create any key access permissions. This is illustrated in Figure 6.
Therefore, AGP 120 all the ACR created by the ACR 122, and two of these ACR ACR 122 inherits from right
And "Key 3" access to data associated with a license.
AGP
By specifying the ACR AGP and AGP to log on to SSA system.
Each AGP has a unique ID (reference name), which for its entrance in the SSA database index. When you create
Build the AGP, AGP name to SSA system. If the provided AGP name already exists in the system,
Then the SSA will refuse to create operation.
For authorization to use AGP to manage access and manage licensing restrictions, as will be described in the following sections. Figure 6
The functionality provided by one of the two trees is managed by a completely separate entity (for example, two different applications or two non-
With computer users) access. For such purposes, it is substantially independent of each other for (i.e., substantially no crosstalk)
The two access process is important, even if the two processes occur simultaneously. This means that each tree certification, Xu
Can and the creation of additional ACR and AGP is not connected to those of other tree does not depend on those of other trees. Accordingly,
When using the SSA in the memory system 10, which allows the memory system 10 simultaneously serve multiple applications. It can also
Allowing each of the two applications to access two separate groups independently of the data (for example, a group of photos and a group of songs).
This is illustrated in Figure 6. Therefore, for through the top portion of Figure 6 in the tree node (ACR) for access,
The application or the user of the "Key 3", "Key X" and "Key Z" may include data associated with pictures. And for
Through the bottom portion of Figure 6 in the tree node (ACR) for access to the application or the user's "Key 5", and
"Key Y" may include data associated with the song. ACR entity only if the AGP is not created when the AGP ACR
That has the permission to remove it.
...
For authorization to use AGP to manage access and manage licensing restrictions, as will be described in the following sections. Figure 6
The functionality provided by one of the two trees is managed by a completely separate entity (for example, two different applications or two non-
With computer users) access. For such purposes, it is substantially independent of each other for (i.e., substantially no crosstalk)
The two access process is important, even if the two processes occur simultaneously. This means that each tree certification, Xu
Can and the creation of additional ACR and AGP is not connected to those of other tree does not depend on those of other trees. Accordingly,
When using the SSA in the memory system 10, which allows the memory system 10 simultaneously serve multiple applications. It can also
Allowing each of the two applications to access two separate groups independently of the data (for example, a group of photos and a group of songs).
This is illustrated in Figure 6. Therefore, for through the top portion of Figure 6 in the tree node (ACR) for access,
The application or the user of the "Key 3", "Key X" and "Key Z" may include data associated with pictures. And for
Through the bottom portion of Figure 6 in the tree node (ACR) for access to the application or the user's "Key 5", and
"Key Y" may include data associated with the song. ACR entity only if the AGP is not created when the AGP ACR
That has the permission to remove it.
...
SSA system ACR licensed entities described a way to log on to the system. Log on to the system when the entity in SSA
, It will need to specify the corresponding certification process to be executed ACR. ACR including licensing control record (PCR),
Once the PCR Description User accredited (ACR illustrated in Figure 5 is defined) can be performed by authorized action.
All host-side entities ACR data fields.
When an entity has successfully logged on to the ACR, the entity will be able to ask all the ACR partitions and key access permissions and
ACAM license (explained below).
ACR ID
When the SSA system entities initialization login process, its need to specify the method corresponds to login ACR ID (such as when
Create ACR provided by the host), so that when you have met all the login request will establish the correct algorithm SSA and
Select the correct PCR. When creating the ACR, the SSA system ACR ID.
Login / authentication algorithm
Authentication algorithm specified entity will use what kind of certificate login program and the need to provide proof of identity of the user.
SSA system supports several standard login algorithm, which is based on symmetric or asymmetric password never procedures (with and without certificates) and
Password-based program to the two-way authentication protocol.
Certificate
Entity's certificate corresponds to the login algorithm and use by the SSA to verify and authenticate the user. Examples of the certificate may be used
On password authentication password / PIN number for the AES-certified AES keys and so on. Certificate type / format (i.e., PIN,
Symmetric keys, etc.) derived from pre-defined and authentication mode; when creating ACR, it will provide it to the SSA system. SSA
System is not involved in the definition of the allocation and management of these certificates, PKI-based authentication in addition to outside, which may use the device (case
For example, flash cards) to generate an RSA key pair and can be used to output the public key to generate the certificate.
License Control Record (PCR)
PCR demonstrated in the physical log on to SSA system and successfully passed the certification process ACR awarded to an entity after it.
There are three types of license types: for the partition and create license keys, and keys to access the partition licensing and use
Attribute in the entity-ACR management licenses.
Access Division
This section contains the PCR entity after the successful completion of Phase ACR accessible partition (using its available to SSA
System ID) of the list. For each partition, the type of access may be restricted to only write or read-only, or you can specify all
Write / read access rights. Thus, in Figure 5 can access the partition ACR # 1 # 2 # 1 rather than the partition. The PCR
Specified restrictions apply to SSA partition and utility partition.
SSA system led by the device (e.g., flash card) in the normal read and write commands or command SSA
Access public partition. When the root ACR (explained below) as having been created to limit the utility partition permission, he may
The license will be passed down to his offspring. ACR may preferably be limited only conventional read and write commands to access a public partition.
ACR SSA system may only be restricted in terms of its creation. Once the ACR has to read / write common partition
Licensing, it is preferable that it can not be removed.
Access Key ID
This section contains the PCR login process when the entity has complied with ACR strategy physical access key ID column
Table (such as provided by the host system to the SSA) data associated. The specified key ID and reside there for PCR
The partition is associated with one or more files. Since the key ID is not the device (e.g., flash card) the logic
Address is not associated, so when more than one partition is associated with a particular ACR, the file in any one of the partition.
PCR key specified in the ID to each of which has a different set of access rights. Access the data pointed to by the key ID can be
Limited write-only or read-only, or you can specify all the write / read access rights.
ACR Property Management (ACAM)
This section describes how to change under certain circumstances ACR system properties.
SSA can be permitted in the system ACAM action is:
Create / delete / update AGP and ACR.
Create / delete partitions and keys.
Grant access rights to the key and partition
Preferably, the parent can not edit ACAM ACR license. This will preferably be required to remove and re-create the ACR. With
Sample, preferably not removed from the ACR created the key ID of the access permission.
Create / delete / update AGP and ACR
ACR ACR may have to create additional capacity and AGP. ACR can also be created by means of their creation grant
Owned by the ACAM licensed for some or all. ACR has permission to create the means used to having
Under the action of License:
1 Definitions and edit offspring certificate - preferably once created by ACR authentication method setting can not be programmed
Series. Has been defined in the authentication algorithm for the offspring changed within the boundaries of the certificate.
2 Delete ACR.
Three would be granted permission to create offspring ACR (so it has grandchildren).
Have to create other ACR ACR has permission to be granted permission to unlock the promise that it creates ACR
Can (although it probably does not have permission to unlock ACR). Parent ACR ACR will be placed in their offspring
Unlock by reference.
ACR is a parent for permission to delete their sole offspring ACR ACR. When ACR delete it creates
ACR lower level, then lower level thus produced all ACR ACR also be automatically deleted. When ACR
Is deleted, then it creates all the key ID and the partition is removed.
ACR can thus exist update their own records two exceptions:
Although the password / PIN ACR set by the creator, but only by including the ACR to update.
ACR can be the root of its own and kept it in the AGP deleted.
Grant access rights to the key and partition
The ACR and the composition of its AGP-level tree, where the root AGP and its ACR is located within the top of the tree (for example,
Figure 6 root AGP 130 and 132). In the system there may be a number of SSA AGP tree, although it is fully separated from each other.
AGP within the ACR may be granted permission to access their keys in their AGR all the same, and by the ACR
It creates all ACR. Used to create keys for granting permission preferably includes a license to use access keys Xu
Available.
The license key will be divided into three categories:
1 Access - This defines the access permissions for the key, the read, write.
(2) Ownership - create a key to the ACR by definition is its owner. You can use this ownership from an ACR
Granted to another ACR (as long as its the same AGP or AGP in the offspring). Ownership of the key will be provided for
Remove the license and to grant licenses.
3 access rights granted - ACR able to grant this license allows the holder the right to
ACR can be granted access permission to create this partition as well as its access permissions have other partitions.
By the partition name and key ID to specify the ACR grants permission to perform PCR. Grant access keys
License may be required by the key ID or through authorized access permissions for all ACR keys are created to carry.
ACR blockade and unlock
ACR may have blocked counter, the entities in the system for the ACR accreditation process is unsuccessful increments. When reached
To a specific maximum number of unsuccessful authentication (MAX) when, ACR blocked by the SSA system.
The blockade ACR ACR unlocked by another, its blockade by the ACR by reference. For unlocking ACR
Reference set by its creator. Unlock blocked by ACR ACR preferably with the creator, and is located in the same AGP
With the "unlock" license.
No other system can be unlocked through the blockade ACR ACR. ACR has blocked counter can be configured without
Unlocker ACR. In this case, if the ACR is blocked, then it can not be unlocked.
Root AGP-create the application database
SSA system is designed to handle multiple applications and isolate each application's data. AGP system tree node
Structure is used to identify and isolate the main tool-specific data. AGP located in the application root tree tip SSA database
And observe slightly different rules of conduct. The system can be configured in a number of SSA root AGP. In Figure 6 shows two roots
AGP 130 and 132. Obviously, fewer or more can be used AGP, and which within the scope of the present invention.
By the new AGP / ACR tree added to the apparatus to carry out the process to the device (e.g., flash card) Note
Register new applications of the device and / or a new application to issue certificates.
SSA system supports three different modes of root AGP creation (as well as all of the root AGP ACR and its licensors):
1 Open: Not requested certification of any kind to any user or entity or by the system ACR (explained below) recognize
Authenticated user or entity can create a new root AGP. The model makes it possible to open without any security measures and at the same
In an open channel (ie, the release of the organization's security environment) for data transfer in the case of all create the root AGP,
Or via ACR certification systems (ie, air (OTA) and post-release programs) to establish a secure channel to create
Root AGP.
If you do not configure the system ACR (which is an optional feature) and root AGP creation mode is set to open, then only
Open channel selection available.
(2) Controlled: Only ACR accredited entities through the system to create a new root AGP. If you do not configure the system ACR,
SSA system will then not be set to this mode.
3 Lock: Disable root of AGP and can not be added to the system to create additional root AGP.
This feature two SSA control commands (these commands can be used for any user / entity without certification):
1 method configuration command - used to configure the system to use the SSA three roots of any AGP creation mode
One person. Allow only the following mode change: Open -> controlled, controlled -> Lock (ie, if the current system the SSA
Configured as a managed, then it can only be changed to lock).
2 ways to configure the lock command - used to disable the method configuration commands and permanently lock the current method of choice.
When you create a root AGP, it has a special initialization mode, the mode to achieve its ACR creation and configuration (the
AGP used for the creation of the same root access restrictions). AGP configuration process at the root end, when an entity explicitly
Switching to operating mode, no longer able to update the existing ACR and is no longer able to create additional ACR.
Once placed in the root AGP standard mode, only available through them by assigning useful for permission to remove the root AGP
Its an ACR log into the system to remove it. In addition to special initialization modes, which is another root AGP
One exception; which preferably have to be removed contain its own license to the ACR AGP only AGP, which
The next level in the tree opposite AGP.
ACR ACR criteria between root and the third and last difference is that, which is available in the system having means for
Create and delete partitions license only AGP.
SSA system ACR
ACR system can be used for the following two SSA operations:
1 within a hostile environment created under the protection of the safe passage of ACR / AGR trees.
(2) identification and authentication leading SSA system devices.
Preferably, there is only one in the SSA system ACR, and once it has been defined, it will preferably not be changed.
When you create a system ACR does not require certification system; requires only SSA command. Create a system ACR feature can be disabled (category
Create the root characteristics similar to AGP). After you create a system ACR, ACR create a system command has no effect, because the gifted
Alternatively, the system allows only one ACR.
When in the creation process, the system does not operate ACR. When finished, you need to publish a special command to instruct the system
ACR can be created and ready for operation. At this point, the system ACR preferably not be updated or replaced.
SSA system created in the root ACR ACR / AGP. Having to add / change the root level until it meets the host and
Host will block until its license. Blockade cut off the root AGP essentially connected with the system, ACR, and the result of its anti-
Interference. At this point, no one of change / edit their roots AGP and the ACR. This command through the SSA. Ban
Create a root AGP with a lasting and irreversible effects. Illustrated in Figure 7 above involve system ACR features. System ACR
Used to create three different root AGP. In creating these some time after, SSA commands sent from the host to blockade
ACR from the system's root AGP, AGP features to create the root is disabled, the system shown in Figure 7 will be connected to the root AGP ACR
The dashed line indicates. This is the root cause of the three anti-interference AGP. In blockade root AGP before or after the three root AGP
AGP can be used to create offspring to form three separate trees.
...
SSA system created in the root ACR ACR / AGP. Having to add / change the root level until it meets the host and
Host will block until its license. Blockade cut off the root AGP essentially connected with the system, ACR, and the result of its anti-
Interference. At this point, no one of change / edit their roots AGP and the ACR. This command through the SSA. Ban
Create a root AGP with a lasting and irreversible effects. Illustrated in Figure 7 above involve system ACR features. System ACR
Used to create three different root AGP. In creating these some time after, SSA commands sent from the host to blockade
ACR from the system's root AGP, AGP features to create the root is disabled, the system shown in Figure 7 will be connected to the root AGP ACR
The dashed line indicates. This is the root cause of the three anti-interference AGP. In blockade root AGP before or after the three root AGP
AGP can be used to create offspring to form three separate trees.
...
Is designed to serve multiple applications of the products will have a number of identification key. Products can be "first release" (in the hair
During the manufacture of the goods before storing keys) or "post-release" (after adding a new key in the delivery). For after the release, the
The memory device (e.g., memory card) is used to identify a type containing allowed to add application of the apparatus
The dominant physical device or device class keys.
% E4% B8% 8A% E8% BF% B0% E7% 89% B9% E5% BE% 81% E4% BD% BF% E5% BE% 97% E4% BA% A7% E5% 93% 81% E8 % 83% BD% E5% A4% 9F% E7% BB% 8F% E9% 85% 8D% E7% BD% AE% E4% BB% A5% E5% 90% AF% E7% 94% A8% 2F% E7 % A6% 81% E7% 94% A8% E5% 90% 8E% E5% 8F% 91% E5% B8% 83% E3% 80% 82% E5% 8F% A6% E5% A4% 96% EF% BC % 8C% E5% 8F% AF% E5% 9C% A8% E5% 8F% 91% E8% B4% A7% E4% B9% 8B% E5% 90% 8E% E5% AE% 89% E5% 85% A8 % E5% 9C% B0% E8% BF% 9B% E8% A1% 8C% 0A% 20% 20% 20% 20% E5% 90% 8E% E5% 8F% 91% E5% B8% 83% E9% 85 % 8D% E7% BD% AE% E3% 80% 82% E5% 8F% AF% E5% B0% 86% E8% A3% 85% E7% BD% AE% E4% BD% 9C% E4% B8% BA % E9% 9B% B6% E5% 94% AE% E4% BA% A7% E5% 93% 81% E6% 9D% A5% E8% B4% AD% E4% B9% B0% EF% BC% 8C% E5 % 85% B6% E4% B8% AD% E5% 9C% A8% E8% A3% 85% E7% BD% AE% E4% B8% 8A% E9% 99% A4% E4% BA% 86% E4% B8 % 8A% E8% BF% B0% E4% B8% BB% E5% AF% BC% E8% A3% 85% E7% BD% AE% E6% 88% 96% E8% A3% 85% E7% BD% AE % E7% AD% 89% 0A% 20% 20% 20% 20% E7% BA% A7% E5% AF% 86% E9% 92% A5% E4% B9% 8B% E5% A4% 96% E6% B2 % A1% E6% 9C% 89% E5% 85% B6% E5% AE% 83% E5% AF% 86% E9% 92% A5% EF% BC% 8C% E4% B8% 94% E6% 8E% A5 % E7% 9D% 80% E7% 94% B1% E6% 96% B0% E6% 8B% A5% E6% 9C% 89% E8% 80% 85% E9% 85% 8D% E7% BD% AE% E6 % 89% 80% E8% BF% B0% E8% A3% 85% E7% BD% AE% E4% BB% A5% E5% 90% AF% E7% 94% A8% E5% 8F% A6% E5% A4 % 96% E7% 9A% 84% E5% 90% 8E% E5% 8F% 91% E5% B8% 83% E5% BA% 94% E7% 94% A8% E7% A8% 8B% 0A% 20% 20 % 20% 20% E5% BA% 8F% E6% 88% 96% E5% B0% 86% E5% 85% B6% E7% A6% 81% E7% 94% A8% E3% 80% 82
Thus, the system ACR feature provides the ability to achieve the above objectives:
- ACR does not have a system memory device will be added to allow unrestricted, controlled application.
- ACR that does not have a memory device may be configured to disable the system ACR create, which means that no square
Method to control the addition of new applications (unless also disable AGP to create a new root features).
- The ACR has a system memory device will only allow controlled via a secure channel to add the application to pass
ACR certificate using the system to create a certification process.
- Add an application either before or after, with the system of ACR memory device may be configured to disable the application
Sequence add features.
Key ID list
ACR for each specific request to create a key ID; however, the memory system 10, the system only by the SSA
These keys ID. When you create a key ID, created by ACR ACR provide or offer to create the following data:
1 Key ID. The ID provided by the entity and used for reference by the host key and read or write at all further
Access into the key used to encrypt or decrypt data.
2 key cryptography and data integrity mode (above blocks, chains and hash mode, and as explained below)
In addition to host provides attributes, by the SSA system maintain the following data:
1 Key ID owner. As owners of the ACR's ID. When you create a key ID, creator ACR is
Its owner. However, the key ID can transfer ownership to another ACR. Preferably, the key ID to allow only the owner
Transfer of ownership of key ID and License Key ID. The access key and the associated license grant these rights may be revoked
Key ID assigned to the owner or any other ACR license to manage. Whenever you try to implement these actions
Of any one person, SSA system will only be authorized when ACR approval requests.
2.CEK. This is used for the encryption key ID is associated with the content or a content key ID pointed CEK.
CEK may be generated by the SSA system AES 128-bit random key.
3.MAC and IV values. Used to link the block cipher (CBC) encryption algorithm in dynamic information (Message Authentication Code
And the initial vector).
Also refer to Figure 8A-16 will be described in the flowchart SSA various features, wherein the step on the left of the "H" means the
Operations performed by the host, and the "C" means the operation performed by the card. In order to create a system ACR, the host to the memory device
The SSA release device 10 to create a system of ACR command (block 202). ACR device 10 inspection system
Already exists to respond (block 204, diamond 206). If it already exists, then the device 10 returns failure
Results and stop (oval 208). If not, then check to see if the memory 10 allows the system to ACR
Create (diamond 210), and if not then return a failure status (block 212). Therefore, the device can exist publisher
ACR does not allow the situation to create the system, for example, have been determined in advance of the required security features so that no lines
ACR system under the condition. If this is not allowed, then the device 10 returns an OK state and waits from the host system
ACR certificate (block 214). SSA Host Checker status and indicates whether the device 10 allows the creation of systems ACR (square
Box 216 and diamond 218). If not, or if the system ACR created already exists, then the host is stopped (Oval
Shaped 220). If the device 10 has instructed allows the creation of systems ACR, then the host sends commands to define their login SSA
Certificate and sends it to the device 10 (block 222). Device 10 with the received certificate to update the system to record and ACR
Return OK state (block 224). Status signal in response thereto, the host system ACR has issued instructions ready SSA
Command (block 226). ACR system by locking means 10 so that it can not be updated or replaced to respond (square
Box 228). This locking feature of the system and its use for the ACR identification means 10 to the host identity.
...
By configuring the device to determine the way these functions are used to create new trees (new root AGP and ACR) is
Process. Figure 9 illustrates the process. Host 24 and 10 both to comply with its memory system. If you completely disable add
New roots AGP, then you can not add a new root AGP (diamond 246). If it is enabled but requires system ACR, that
What host ACR through the system to authenticate and establish a secure channel (diamond 250, block 252), and then create the root issue
AGP command (block 254). If no system ACR (diamond 248), then the host 24 may issue to create the root
AGP command without certification, and proceeds to block 254. If the ACR system exists, if not, the master
Which can be used (not shown in flowchart). If you disable this feature, then the device (for example, flash cards) will reject any
The attempt to create a new root AGP, and if necessary the system ACR, then it will reject the case in the absence of certification creates
Try the new root of AGP (diamond 246 and 250). Block 254 will now be created in the new switch to the AGP and ACR
Modes of operation to the ACR makes these AGP can not be updated or changed, and can not be added to any ACR
(Block 256). Then, as the case locks the system so that you can not create additional root AGP (block 258). Dashed
Frame 258 is indicative of this step is optional conventional manner. This application is a schematic flow chart of a dotted line
All boxes are optional. This allows content owners to block for other illegal purposes apparatus 10 using (its
Mimic legitimate content with real memory device).
...
By configuring the device to determine the way these functions are used to create new trees (new root AGP and ACR) is
Process. Figure 9 illustrates the process. Host 24 and 10 both to comply with its memory system. If you completely disable add
New roots AGP, then you can not add a new root AGP (diamond 246). If it is enabled but requires system ACR, that
What host ACR through the system to authenticate and establish a secure channel (diamond 250, block 252), and then create the root issue
AGP command (block 254). If no system ACR (diamond 248), then the host 24 may issue to create the root
AGP command without certification, and proceeds to block 254. If the ACR system exists, if not, the master
Which can be used (not shown in flowchart). If you disable this feature, then the device (for example, flash cards) will reject any
The attempt to create a new root AGP, and if necessary the system ACR, then it will reject the case in the absence of certification creates
Try the new root of AGP (diamond 246 and 250). Block 254 will now be created in the new switch to the AGP and ACR
Modes of operation to the ACR makes these AGP can not be updated or changed, and can not be added to any ACR
(Block 256). Then, as the case locks the system so that you can not create additional root AGP (block 258). Dashed
Frame 258 is indicative of this step is optional conventional manner. This application is a schematic flow chart of a dotted line
All boxes are optional. This allows content owners to block for other illegal purposes apparatus 10 using (its
Mimic legitimate content with real memory device).
...
Figure 11 shows two AGP, its description can be used for the method of Figure 10 security application tree. Accordingly,
Marketing AGP has a status of m1 to create the ACR ACR's permission. ACR m1 may also have to be
Key is used to read and write with the key ID "Marketing Information" and the data associated with the key ID "price lists" related
A license associated data. By using the method of Figure 10, which create a two ACR sales AGP: s1 and s2,
Its key is used to access and ID "Price List" pricing data associated key rather than access and key ID
"Marketing Information" data associated with the key necessary to read-only permissions. In this way, with the ACR s1 and s2
Entities can only read but can not change pricing data, and will not have access to marketing data. On the other hand, ACR m2 non-
Useful to create the ACR's permission and have access to key used for ID "Price List" and key ID "marketing letter
Information "key to the data associated with a read-only permission.
...
Therefore, the available methods explained above grant access rights, which grant m1 to s1 and s2 pricing for the number of reads
According to the right. This involves a larger marketing and sales group is particularly useful. There is only one or a few at the salesperson
Cases, you may need to use method of Figure 10. Instead, the ACR to be within the same AGP lower or the same as other
Level at ACR grant access rights described in Figure 12. First, the entity via the mainframe in the manner described above,
ACR specified in the tree to enter the AGP tree (block 280). Then, the host will specify the ACR and the grant of
Rights. SSA check whether this ACR ACR trees and has the right to grant the license specified in another ACR (Ling
Shaped 282). If you have, then the grant of rights (block 284); if not, then stop. The results in Fig.
13 instructions. In this case, ACR m1 has read permission granted permission ACR s1, s1 so will be able to
After authorization to use the key to access pricing data. If m1 has access to pricing data for the same or greater rights
Lee and so authorized license, then perform this operation. In one embodiment, m1 to maintain its existence after authorization
Take the right. Preferably, for example, in a limited time, a limited number of access, such as the limited conditions (but not permanently)
Grant access rights.
...
Illustrated in Figure 14 is used to create the key and the key ID of the process. Entities to authenticate via ACR (block 302).
Entity requests created with the ID specified by the host key (block 304). SSA check and see if the specified ACR
Whether permission to do so (diamond 306). For example, if the key should be used to access a particular partition of the
Data, then the SSA will check and see whether ACR access to this partition. If ACR is authenticated, then the memory
Created by the host device 10 is provided with the key ID associated key value (block 308), and the ID is stored in the key
The ACR and the key value stored in its memory (in the memory associated with the controller or the memory 20), and
According to information provided by the entity for distribution rights and licenses (block 310) and modify the distribution with these rights and Xu
This can be of the ACR PCR (block 312). Therefore, the key creator with all available rights, such as reading and
Written permission granted and the other AGP with the same or a lower level at the ACR ACR shared rights and transfer of key
Ownership rights.
...
Illustrated in Figure 14 is used to create the key and the key ID of the process. Entities to authenticate via ACR (block 302).
Entity requests created with the ID specified by the host key (block 304). SSA check and see if the specified ACR
Whether permission to do so (diamond 306). For example, if the key should be used to access a particular partition of the
Data, then the SSA will check and see whether ACR access to this partition. If ACR is authenticated, then the memory
Created by the host device 10 is provided with the key ID associated key value (block 308), and the ID is stored in the key
The ACR and the key value stored in its memory (in the memory associated with the controller or the memory 20), and
According to information provided by the entity for distribution rights and licenses (block 310) and modify the distribution with these rights and Xu
This can be of the ACR PCR (block 312). Therefore, the key creator with all available rights, such as reading and
Written permission granted and the other AGP with the same or a lower level at the ACR ACR shared rights and transfer of key
Ownership rights.
...
In the process, the target will no longer be able to access their access to the data before the process. Figure 16
Shown, the entity may attempt to enter the target at ACR (block 350) and found that the authentication process failed because of preexisting
The ACR ID no longer exists in the SSA, so that the rights of access is denied (diamond 352). Assumption has not been deleted ACR
ID, then the entity designated ACR (block 354), and a specific partition of the key ID and / or data (block 356), and
SSA followed by PCR based on this ACR key ID or check to see whether the request is permitted to access the partition (diamond 358).
If the license has expired or has been deleted, then again refused the request. Otherwise, the authorization request (block 360).
% E4% B8% 8A% E8% BF% B0% E8% BF% 87% E7% A8% 8B% E6% 8F% 8F% E8% BF% B0% E8% A3% 85% E7% BD% AE (% E4% BE% 8B% E5% A6% 82% EF% BC% 8C% E5% BF% AB% E9% 97% AA% E5% 8D% A1)% E5% A6% 82% E4% BD% 95% E7 % AE% A1% E7% 90% 86% E5% AD% 98% E5% 8F% 96% E5% 8F% 97% E4% BF% 9D% E6% 8A% A4% E6% 95% B0% E6% 8D % AE% EF% BC% 8C% E8% 80% 8C% E4% B8% 8D% E7% AE% A1ACR% E5% 92% 8C% E5% 85% B6% 0A% 20% 20% 20% 20PCR% E6 % 98% AF% E5% 90% A6% E5% 88% 9A% E7% 94% B1% E5% 8F% A6% E4% B8% 80ACR% E6% 94% B9% E5% 8F% 98% E6% 88 % 96% E7% BB% 8F% E5% A6% 82% E6% AD% A4% E9% 85% 8D% E7% BD% AE% E4% BB% A5% E5% BC% 80% E5% A7% 8B % E3% 80% 82
Dialogue
SSA system is designed to handle multiple users simultaneously logged. This feature requires each command received by the SSA and
Associated with a particular entity and only used to authenticate this entity ACR have permission for the requested action is executed.
Conceptual support multiple entities through dialogue. Establish a dialogue during the authentication process, and said dialogue system is divided by the SSA
Send dialogue id. The session id internally used to log into the system with the ACR is associated, and have been exported to the entity
SSA for all further commands.
SSA system supports two types of dialogue: open dialogue and security dialogue. As defined in the ACR certified with a specific
Processes associated with the type of dialogue. SSA system will be similar to the implementation of its own way to implement authentication session establishment. By the
Entities defined in the ACR license, so this mechanism allows the system designer to be able to secure tunneling with access to specific key ID
Or call a specific ACR management operations (ie, ACR and settings to create a new certificate) for association.
Open Dialogue
Open dialogue is the dialogue id without bus encryption to identify dialogue all commands and data are unhindered
Delivery. This mode of operation is preferably used in a multi-user or multi-physical environment in which the entity is neither a threat model
Points, nor on the bus eavesdropping.
Although neither protect data transmission, nor is enabled between applications on the host side effective firewall, but
Open dialogue mode allows SSA system to allow access to only allow certified ACR for the current information.
Open dialogue can also be used to partition or key situations in need of protection. However, in an effective certification process, you will save
Take granted all entities on the host. In order to obtain a license certified ACR, a variety of host applications need to share
The only thing is the conversation id. This is illustrated in FIG 17A. Steps on line 400 by the host computer 24 executes the steps. In
For ACR1 certified entity (block 402), its request access memory device 10 associated with the key ID X
Associated files ( boxes 404, 406 and 408). If the PCR ACR1 allow this access, then the device 10 Mandate
Said request (diamond 410). If not, then the system returns to block 402. After authentication is completed, the memory
System 10 only by the assigned conversation id (rather than ACR certificate) to identify the entity that issued the command. Once the ACR
1 in PCR to obtain its associated key ID data access, then the open dialog, any other applications
Program or the user can specify the correct conversation ID (its host 24 shared between different applications) to access the phase
The same data. This feature in which more easily enables users to log in once and can be accessed only through its different and should
Login with program execution account all relevant data applications is beneficial. Thus, the cellular telephone user may be
Be able to access emails stored in memory 20 and listen to music stored in the memory 20 without having to log in multiple times. Other
On the one hand, ACR1 to contain the data inaccessible. Therefore, the same cellular telephone user having a single
Alone account ACR2 access valuable content (such as games and photos). It is he does not want other people to borrow their phone
Access the data, although he does not mind other people through its first account ACR1 access available data. Data will be
Access into two separate accounts, and also allows access to the open dialogue ACR1 provide ease of use and provides a
The protection of valuable data.
...
Open dialogue can also be used to partition or key situations in need of protection. However, in an effective certification process, you will save
Take granted all entities on the host. In order to obtain a license certified ACR, a variety of host applications need to share
The only thing is the conversation id. This is illustrated in FIG 17A. Steps on line 400 by the host computer 24 executes the steps. In
For ACR1 certified entity (block 402), its request access memory device 10 associated with the key ID X
Associated files ( boxes 404, 406 and 408). If the PCR ACR1 allow this access, then the device 10 Mandate
Said request (diamond 410). If not, then the system returns to block 402. After authentication is completed, the memory
System 10 only by the assigned conversation id (rather than ACR certificate) to identify the entity that issued the command. Once the ACR
1 in PCR to obtain its associated key ID data access, then the open dialog, any other applications
Program or the user can specify the correct conversation ID (its host 24 shared between different applications) to access the phase
The same data. This feature in which more easily enables users to log in once and can be accessed only through its different and should
Login with program execution account all relevant data applications is beneficial. Thus, the cellular telephone user may be
Be able to access emails stored in memory 20 and listen to music stored in the memory 20 without having to log in multiple times. Other
On the one hand, ACR1 to contain the data inaccessible. Therefore, the same cellular telephone user having a single
Alone account ACR2 access valuable content (such as games and photos). It is he does not want other people to borrow their phone
Access the data, although he does not mind other people through its first account ACR1 access available data. Data will be
Access into two separate accounts, and also allows access to the open dialogue ACR1 provide ease of use and provides a
The protection of valuable data.
...
Security Dialogue
To add a security layer, use the dialogue id (as shown in Figure 17B). Then the memory 10 also stores the active conversation
Conversation id. In Figure 17B, for example, with the key in order to access the files associated ID X, entities will be required
To access the file before it is allowed also offers dialogue id (for example, the dialogue id "A") (Box 404,406,412
And 414). In this way, unless the requesting entity knows the correct dialogue id, otherwise it can not access memory 10. Since
After the end of the dialogue session id and session id removed for each conversation is different, so it has only entity capable
Gain access numbers for dialogue.
In addition to numbers other than through the use of dialogue, SSA system is no other way to ensure that the command does come from being recognized by the
Permit entities. For where there is an attacker will attempt to use an open channel to send commands malicious application threats
And usage, the host application to use secure conversation (secure channel).
When using a secure channel, the use of a secure channel encryption (dialogue) key to encrypt the session id and the entire command,
And the level of security to the host as high embodiment.
Terminate the dialog
In any one of the following cases, the termination of dialogue and exit ACR:
1 entity to send a clear end the conversation command.
2 communication timeout. No specific entity ACR parameter for defining a time period of an order.
3 In the device (for example, flash cards) reset and / or power cycle after termination of all open dialog.
Data Integrity Service
SSA system validation SSA database (which contains all the ACR, PCR, etc.) integrity. In addition, dense
Key ID mechanism for the entity data to provide data integrity services.
If the hash algorithm used to configure the encryption key ID, then the hash value is stored along with the CEK and IV
In CEK record. During the write operation calculated and stored hash values. During a read operation and re-calculated hash value
It during the write operation in the previous stored value. Each physical access key ID when additional data connections
Connection (encrypted form) to the old data and the updated proper hash value (for reading or for writing).
Since only the master key ID that is associated with the key ID or the data pointed to by the file, and thus the host explicitly
With the following features to manage several aspects of data integrity:
1 from start to finish writing or reading is associated with the key ID or key ID points to a data file. Any deposit
A portion of the file tries to make it confusing, because the SSA system is to use CBC encryption method and generate the entire data
Hash message digest.
(2) is connected to flow without treatment (data stream can be used with other keys Id interleaved data stream and can be split across multiple dialogue)
Data, because the intermediate hash value from the SSA system maintained. However, if the re-start the data stream, the entity will
SSA system needs clear instructions to reset hash value.
3 When you finish reading operation, the host must explicitly requested by SSA system reads the hash with the write operation period
Between the calculated hash values are compared to verify the read hash.
4.SSA system also provides a "virtual read" operation. This feature will allow the data stream through the cryptographic engine, but
It will be sent out to the host. This feature can be used in the actual data from the device (e.g., flash card) reading out the
Former verify data integrity.
Random number generation
SSA system will allow external entities to take advantage of the internal random number generator and random number request line at SSA
Systems for external use. This service can be used for any host without requiring certification.
RSA key pair is generated
SSA systems will enable external users to be able to generate an RSA key pair using the internal features and request an RSA key pair
In SSA systems for external use. This service can be used for any host without requiring certification.
Alternative embodiment
Instead of using the classification method, can be used to achieve a similar result database method, described in Figure 18.
Shown in Figure 18, may be the entity certificate, an authentication method, the maximum number of failed attempts and the need to unlock the certificate
A list of the minimum number of inputs to the memory of the controller 12 or the memory 20 of the database, which makes these certificates
Requirements and database memory 10 by the controller 12 performs a strategy (read, write, access keys and partitions, Ann
Full channel requirements) related. Also stored in the database along with the access key and partitions on the constraints and limitations. Accordingly,
Some entities (e.g., system administrator) may be in the whitelist, which means that these entities may always access to all keys
And partitions. Other entities in the blacklist, and it attempts to access any of the information will be blocked. Limits can be fully
Bureau or keys and / or partition-specific. This means that only certain entities can always access some specific keys and partitions, and
Some entities can not always accessible. Can be bound to the content itself, regardless of the content of the partition or to add it to
Dense or decryption key. Therefore, some data (e.g., songs) can have access to it only by its front five main
Local device to access or other data (e.g., movie) can only be read a limited number (and regardless of which entity for
Access) attributes.
...
Shown in Figure 18, may be the entity certificate, an authentication method, the maximum number of failed attempts and the need to unlock the certificate
A list of the minimum number of inputs to the memory of the controller 12 or the memory 20 of the database, which makes these certificates
Requirements and database memory 10 by the controller 12 performs a strategy (read, write, access keys and partitions, Ann
Full channel requirements) related. Also stored in the database along with the access key and partitions on the constraints and limitations. Accordingly,
Some entities (e.g., system administrator) may be in the whitelist, which means that these entities may always access to all keys
And partitions. Other entities in the blacklist, and it attempts to access any of the information will be blocked. Limits can be fully
Bureau or keys and / or partition-specific. This means that only certain entities can always access some specific keys and partitions, and
Some entities can not always accessible. Can be bound to the content itself, regardless of the content of the partition or to add it to
Dense or decryption key. Therefore, some data (e.g., songs) can have access to it only by its front five main
Local device to access or other data (e.g., movie) can only be read a limited number (and regardless of which entity for
Access) attributes.
...
Password Protection
· Password protection implies the need to produce a password to access the protected area. Unless it can not be more than one password,
Otherwise, for example, a password can be used with read access or read / write access to the different rights associated with it.
· Password protection means devices (eg, flash card) to verify the password provided by the host, that device may also have
A memory device managed by the secure storage area in the password.
Issues and Limitations
· Passwords often suffer from replay attacks. After each show because the password does not change, so it can be similarly
Sent again. This means that if the data to be protected is valuable, and the communication bus can be easily accessible, so according to the present
Appearance can not be used in passwords.
· A password to protect the stored data access, but not to protect the data (not the key)
· In order to increase the security level associated password, the master key can be used to diversify the password, which leads to a
Passwords are black (hack) will not destroy the entire system. Session key based secure communication channel can be used to send password.
FIG 19 is a flowchart of the authentication using a password. Entity to the system 10 (eg, flash memory cards) reported
Account id and password. The system checks to see if the password matches the password in its memory. If they match, then
What return by certification status. Otherwise, the error counter increments for that account, and requires an entity to re-enter the account id
And password. If the counter overflows, the system returns the status of Access Denied.
Challenge Response
Figure 20 is an explanatory challenge / response type authentication method flowchart. Reporting entity account id, and from the system 10
Request question. System 10 to generate random numbers and presents it to the host. Is calculated from the number of the host response, and
Sends it to the system 10. System 10 of the response to the stored value. The remaining steps are similar to Figure 19
Is used to determine whether to authorize access to the steps.
21 is an explanatory diagram of another challenge / response type authentication method flowchart. Figure 21 and Figure 20, the difference
That in addition to the requirements of the host system 10 certification, which also requires the system 10 by a challenge / response authentication, which the system
10 is also a request from the host and returns a response to the question by the host checks.
22 is an explanatory diagram of another challenge / response type authentication method flowchart. In this case, only the system 10
Needs to be authenticated, in which the host sends the challenge to the system 10, the system 10 calculates the response, the response detected by the host
Investigation to determine the system 10 which records match.
Symmetric key
Symmetric key algorithms use the SAME means on both sides for encryption and decryption keys. It means the communication
Before the key must be pre-agreed. Moreover, each side of each reverse algorithm should be implemented, i.e., on the side of the encryption algorithm
While the other side is decryption algorithms. Said side two algorithms necessary to implement the communication.
Authenticate
· Symmetric key authentication means devices (e.g., flash card) share the same host, and with the same encryption key
Algorithm (direct and reverse, such as DES and DES-1).
· Symmetric key authentication means challenge - response (protection against replay attacks). Protected device generates for
Question of another device, and both calculate the response. Authentication device sends back a response, and by the protection device and check the response
Therefore authentication credentials. Authorization and authentication can then be associated rights.
Certification can be:
· External: the device (for example, flash cards) certification outside, ie, device authentication for a given host or application
Certificate
· Each of: generate a challenge on both sides
· Internal: the host application authentication device (e.g., flash card), i.e., for which the host device to be checked
Application whether it is true
To increase the security level of the system (i.e., one of no damage to destroy all)
· Symmetric key can generally be diversified with the use of the master key combination
· Mutual authentication using information from both sides of the question in order to ensure real question is the question
Encryption
Symmetric-key cryptography is used for encryption, because it is very efficient algorithm, i.e., it does not need powerful CPU to
Processing cryptography.
When used to protect communication channels:
· Two devices must know to protect the channel (ie, all outgoing data encryption and decryption of all incoming data)
The conversation key. Usually use a pre-shared secret symmetric key or use the PKI to create this conversation key.
· Two devices must be aware of and implement the same cryptographic algorithm
Signature
Symmetric keys can also be used to sign data. In said case, the signature is encrypted partial results. Results are not maintained
Full Signature allows the number of times required for the key value is not exposed.
Issues and Limitations
Symmetric algorithms are very effective and safe, but which is based on pre-shared secrets. Dynamically secretly released
To share this secret and may be random (as session key). This idea is that the shared secret is difficult to maintain long-term
Safe and almost impossible to share with people.
For enabling this operation, the present invention the public key algorithm, as it allows switching without the secret shared secret.
Public key cryptography
Asymmetric key algorithms typically refers to public key cryptography. Which is very complex and often CPU-intensive mathematics implemented.
The invention is to solve problems with its associated symmetric key algorithms problem of key distribution. It also provides for ensuring data integrity
Of signing capabilities.
Asymmetric key algorithms use are called private key and a public key of the secret private and public elements
Key. Both the private key and the public key is mathematically linked. Public keys can be shared, and the private key
The need for confidentiality. As for the key, asymmetric algorithms use two mathematical functions (one for the private key and one with
On public key) to provide parcels and unlock or signing and verification.
Key exchange and key distribution
By using the PK key exchange algorithm becomes very easy. Device will send its public key to other devices.
Other devices using said public key to wrap the secret key, and the encrypted data back to the first device. First
Device uses its private key to unlock the data and retrieve on both sides and can now know the secret key used to exchange data.
Because symmetric key can be easily exchanged, so it is usually a random key.
Signature
Because of its nature's sake, public key algorithms are usually used only for small amounts of data signing. To ensure data integrity,
Then provide information with its one-way hash function footprint combination.
Private key used to sign the data. Public key (freely available) allows to verify the signature.
Authenticate
Certification typically use Signature: signed and returned the question for verification.
Key is used to validate the common parts. Because anyone can generate a key pair, you need to confirm that the owner of the public key
Owners to prove that this is the right person with the correct key. Party certificate authority to provide certificate and the certificate will be signed package
Including the public key. Certificate signed by an authorized party itself. Then use the public key to verify the signature means trust issue with
Have said key certificate authority to verify the credentials are not yet Fangju hacked, namely, a signed certificate by the authorized parties
A hash is correct; means that the user has authorized party public key certificate and trusted public key certificate of the authorized party.
PK authentication provides the most common approach is to trust the root certificate authority and square or indirect trust given by authorized parties confirmed
All key pair. So certification is by signing and challenge response questions and provide evidence to prove that the private key has
Matters with credentials to match. Then, check the document to ensure that it has not been hacked and whose authorization by a trusted party to sign.
Then, the authentication challenge response. If the certificate is trusted and challenge response is correct, then the authentication is successful.
Devices (eg, flash cards) in the certification means to the device to load the trusted root certificate and the device is able to verify the
And a certificate signed by the challenge response hash.
File Encryption
PK algorithm is not used to encrypt large amounts of data, because it is too CPU-intensive, but the PK algorithm is typically used to protect
To protect the encrypted content generated by randomized encryption / decryption key. For example, SMIME (secure e-mail) generated
Followed by all of the recipient's public key encryption.
Issues and Limitations
Any object can be generated as the key pair, so it must be confirmed to ensure that its source. During the key exchange,
One may want to ensure that the secret key is supplied to the correct device, namely, the need to check the public key provided
Source. Then the security certificate management becomes part because it can be informed about the effectiveness and key is the key
Has been revoked.
While the above has been described with reference to various embodiments of the present invention, but will be appreciated that the present invention may be made without departing from the scope of the situation
Case of the present invention and that various changes and modifications, the scope of the invention should be used only by the appended claims and their equivalents
Defined. All references mentioned herein are incorporated by reference herein.
1 SSA Command
Use standard (for the relevant formats factor agreements) will write and read commands SSA system command passed to the memory card.
Therefore, from the viewpoint of the host, sending really mean SSA command writes data to the memory means as a buffer
Chong file special file. Via the data from the buffer to read the file system to obtain information from SSA. Host application must
Shall ensure that the data is always the first LBA from the buffer file writes and reads. Managing the host OS cache file is exceeded
The scope of this specification.
1.1 Communication with the SSA system
The following section defines how to use the format factor (form factor) standard write / read commands enable SSA related
Commands and data with the SSA system communication.
1.1.1
SSA system to send commands / data
Scanning each of the signature and the first data block write command. If you find the signature, then the data solution
Interpreted as SSA command. If the signature is not found, then the data is written to the specified address.
SSA application-specific write command may include a plurality of sectors transferred, wherein the first sector of the signature and the command to maintain the desired
Arguments and the remaining data blocks remain relevant data (if available).
SSA commands defined in Table ... first piece (as in the standard used in the OS file system, the data block is always 512 characters
Section) format.
Byte Index | Length [Bytes] | Description | Note |
0-31 | 32 | By signing the application Name | Must be ASCII string: "SSTA Pass Through Mode Supported" |
32 | 4 | SSA Application ID | Must be: 0x00000000 |
36 | 4 | SSA session ID | Through the certification process provided by the SSA SSA dialogue system ID. If it is not open to dialogue, then this field will contain the value 0x00000000. When using a secure channel, dense with dialogue Key to encrypt the command argument (starting on a byte offset Shift 64) and the remainder of the data block. |
40 | 24 | Reserved for future The use of | Data is not defined |
64 | 4 | SSA session ID | A second copy of the SSA session ID. This field is used to verify The use of the session key. |
68 | 4 | SSA application life Make operation code | In the following sections describe in more detail the command defined in the SSA |
72 | 4 | SSA number of applications According to the block | The additional number of data blocks. So if unused data blocks To 0. |
76-5 11 | 436 | SSA application life Make arguments | In the following sections describe in more detail the command defined in the SSA |
Table 1: SSA command argument LBA format
1.1.2
The system reads the data from the SSA
Will be divided into two parts, a read command:
1 defined by first sending the read command with all the arguments of a single data block write command to start reading
Take command.
(2) In order to write the card in the correct application settings on the transition state, use the read command to start from
Cards actual data transfer to the host. Read command must be used by a previous write command to the same LBA address. This
Is the card on the host was trying to get SSA data (previously requested) the only indication.
Read / write command must be carefully synchronized. Next dialogue and define how to handle error recovery sequence. As set
Righteousness, SSA system supports multiple hosts may be logged in the user side. Each user expectations independently and asynchronously from
Initial read / write command, so no host OS, any special behavior. From the point of view of the card through the sequence
Column, the writing hemi LBA address used to identify the individual pairs. From the host's point of view, this means that each use
Users must use a different file buffering.
1.1.3
Read / write sequence error
1.2 Command Description
Table 2 provides a general overview of SSA commands.
Command Name column provides a basic description of the command and commands with a detailed description of the index. Command operation code
SSA command for the actual value. Argument length (Arg Len) column defines the order of arguments segment size (zero
The values mean no arguments). Argument is a command-specific and is specified in the detailed command descriptions.
Length of the data associated with a command of the command data in the additional data block size. The value of zero means there is no data,
Value "Var" means the command has a variable data size and the actual size is specified in the command itself. For fixed-size data
Command, the data size stored in the size field. Data direction can be blank (if the command does not have the data (mean Table
1 is specified in the command argument is the byte in the byte 76 in the space between 511 - than this there is room accompanied Command fan
Area data payload)), "write" (if the data from the host to the card (attached to the written arguments in the command block)),
Or "read" (if the data from the card to the host) (as described above in order to provide written arguments after reading life
Order in).
...
Length of the data associated with a command of the command data in the additional data block size. The value of zero means there is no data, Value "Var" means the command has a variable data size and the actual size is specified in the command itself. For fixed-size data Command, the data size stored in the size field. Data direction can be blank (if the command does not have the data (mean Table 1 is specified in the command argument is the byte in the byte 76 in the space between 511 - than this there is room accompanied Command fan Area data payload)), "write" (if the data from the host to the card (attached to the written arguments in the command block)), Or "read" (if the data from the card to the host) (as described above in order to provide written arguments after reading life Order in). ... | Command name | Argument length | Data Length | Data Direction | Explanation | |
ACR / |
||||||
1 | |
1 | 0 | Create a system in the SSA database ACR ACR entry and start system Configuration sequence |
2 | |
0 | 0 | End system configuration sequence and ACR
Make the system |
|
3 | PASSWORD_CREDENT IAL | Write | ACR provides password authentication Certificate data. | ||
4 | SYMMETRIC_CREDEN TIAL | Write | ACR provides authentication using symmetric Certificate data. | ||
5 | ASYMETRIC_CREDEN TIAL | Write | Provides authentication using asymmetric ACR certificate data. | ||
6 | GET_ACR_PUBLI C_KEY | Write | When creating the ACR through the SSA System created CA.ACR RSA Get the key pair used to sign ACR's public key. | ||
7 | SEND_CERTIFIC ATE | Read | Providing a public key |
||
8 | CONFIGURE_AC AM | Write | The ACR's ACAM (ACR Management licenses) records. | ||
9-15 | Reserved for |
||||
16 | CREATE_ROOT_ AGP | Write | SSA database created in the root system AGP entry | ||
17 | |
0 | 0 | Termination of the root AGP configuration process and To be effective | |
18 | |
0 | 0 | Create and configure the system to disable ACR Characteristics | |
19 | |
1 | Created schema defines the root AGP (open Release, controlled or locked) | ||
20 | DISBALE_ROOT_ AGP_CHANGE_ MODE | Disable changing the root AGP creation mode Style characteristics | |||
21-25 | Reserved for |
||||
26 | CREATE_AGP | Write | SSA created in the system database AGP entry | ||
27 | DELETE_AGP | Write | In SSA system |
||
28 | CREATE_ACR | Write | SSA created in the system database ACR entries | ||
29 | CREATE_ACR_D ONE | 0 | 0 | Termination of the creation and configuration of ACR Process and make it effective | |
30 | DELETE_ACR | Write | Remove from the SSA system database ACR entries. | ||
31 | UNBLOCK_ACR | Write | Unlock locked (because authentication failed) The ACR | ||
32-49 | Reserved for future use | ||||
Zoning and domain management command |
50 | CREATE_PARTIT ION | Write | This command will be divided into two partitions Months. It can only be through the root ACR Awarded. | |||
51 | UPDATE_PARTIT ION | Write | Change the size of the two existing partitions. Both the total size of the partition net change Change must be 0. | |||
52 | DELETE_PARTIT ION | Write | The two existing partitions into a single A partition. | |||
53 | RESTRIC_PUBLI C_PARTITION_A CESS | Write | Enable / Disable using the standard (non- SSA) command to access the device's public Partition. | |||
54-59 | Reserved for future use | |||||
60 | CREATE_DOMAI N | Write | In the SSA database to create security domains | |||
61 | DELET_DOMAIN | Write | Remove the SSA database security domain | |||
62-69 | Reserved for future use | |||||
70 | DELEGATE_DO MAIN_PERMISSI ONS | Write | Domain-specific authorization to access ACR Permission and ownership | |||
71 | DELEGATE_PAR TITION_PEIMISS ION | Write | ACR authorization to a specific memory partition Take License | |||
72-99 | Reserved for future use | |||||
System login and authentication command | ||||||
100 | SYSTEM_LOGIN | Write | ||||
101 | |
0 | 0 | |||
102- 109 | Reserved for future use | |||||
110 | SEND_PASSWOR D TO SSA | Write | ||||
111- 119 | Reserved for future use | |||||
121 | | Read | ||||
122 | SEND_SYMETRI C_CHALLENGE | Write | ||||
123 | GET_SYMETRIC_ CHLLENGE_RES PONSE | Read | ||||
124 | SEND_SYMETRI C_CHLLENGE_R ESPONSE | Write | ||||
125- 129 | Reserved for |
|||||
130 | SEND_ASYMETR IC_CHALLENGE | Write | ||||
131 | GET_ASYMTERI | Read |
|
|||||
132 | SEND_USER_CE RTIFICATE | Write | |||
133 | GET_SSA_PRE_M ASTER_SECRETE | Read | |||
134 | GET_ACR_CERTI FICATE | Read | |||
135 | SEND_HOST_PR E_MASTER_SEC RET | Write | |||
136 | START_SERSSIO N | Write | |||
137 | |
0 | 0 | Read | |
138- 199 | Reserved for future use | ||||
Read Write and status commands | |||||
200 | WRITE | Variable | Write | Write Data command | |
201 | READ | Variable | Read | Read Data command | |
202 | COMMAND_STA TUS | Variable | Read | SSA to obtain the current status of the command execution | |
203 | SYSTEM_QUERY | Variable | Read | ACR currently configured to obtain the requested number According to |
Table 2: SSA Command
1.2.1
Create a system ACR
Create a system in the SSA database to create ACR ACR entry system. Once created you can refer from the entry
Given login algorithm to configure a certificate. Finally use CREATE_SYSTEM_ACR_DONE command to terminate the sequence and
ACR makes the system effective.
If the entry already exists or create ACR ACR system feature is disabled, then the system will refuse to create ACR command.
Available only a subset of available login mode to configure the system ACR (details see section 1.3.2). If you use an invalid mode
Type the command will be rejected.
Are given in Table 3 command argument. Byte offset with the start command argument LBA relevant (see section 1.1.1). Lead
Length is given in byte units. Argument name defines the purpose of the argument and the argument can be used as described in detail in the index.
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Sign algorithm | Algorithm can only be used with the following login Set System ACR: · AES, DES, 3DES, Mutual recognition only in the asymmetric mode Card. |
Table 3: Create a system command argument ACR
1.2.2
ACR system created
Created in the system only after the start of ACR send this command. At any other time of the command will be rejected. Send this
Command to terminate the system ACR created, and the current configuration is always left ACR. For this command does not exist arguments.
1.2.3
PASSWORD_CREDENTIAL
Sending the SSA command [28] (CREATE_ACR) after sending the ACR certificate. In this case, the certificate
The password is a certain length (in bytes maximum length of 20).
Byte offset | Argument length | Argument name | Comment |
76 | If the password length in bytes Degree as specified in paragraph cited figures | PASSWORD_CR EDENTIAL | See the section on the format and length of the password phrase Some degree of 1.3.2 |
Table 4: password credentials command argument
1.2.4
SYMMETRIC_CREDENTIAL
When selecting the ACR symmetrical login procedure is based on its subsequent AES, DES or 3DES key is sent in the form ACR
Symmetric certificate. Feature will indicate the algorithm in bytes certificate (key) length. ACR is available in regular and systematic
ACR creation time using this command.
Errors! Reference source not found. Table 13 describes the different types of asymmetric certificate.
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Certificate Type | See Table 13 for type values and symbols Error! Reference source not found. |
78 | 1 | Certificate in bytes Length | |
79 | Such as a certificate in bytes long Specified in the length field | Symmetry certificate |
Table 5: Symmetrical certificate command argument
1.2.5
Asymmetric certificate
For a non-symmetrical login program ACR, there must be passed to the SSA certain certificates. Table 14 below describes
Described the different types of asymmetric Certificate:
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Dialogue ID | Session ID to eliminate the need for ACR ID To. ACR situation created in the system Case, this field remains empty (NULL). |
77 | 1 | Certificate Type | See the code for the type of error! Not Find the reference source. |
78 | 1 | Certificate in bytes Length | |
79 | Such as a certificate in bytes long Specified in the length field | Symmetry certificate |
Table 6: Asymmetric certificate command argument
1.2.6.
Output public key
1.2.7
Enter the certificate
1.2.8
Configuration ACAM
Send this command to configure the ACR management licenses. Only during the creation of the ACR sends the command. For system ACR
Said command is invalid. ACAM types and codes in Table 16: ACAM type described
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Dialogue ID | ACR only when the system login program Effective when used after. |
Otherwise, leave it blank (NULL). | |||
77 | 1 | In bytes AGP Name / ID Length | The maximum length is 20 bytes. |
78 | As in bytes AGP Name / ID Length cited figures Specified in paragraph | AGP name / ID |
Table 7: Configuration ACAM command argument
1.2.9
Create the root AGP
To create a secure channel under the root AGP, the system must be performed by the ACR SSA system registry. After logging in,
Dialogue ID will be created and used to create a sequence. When the system is completed just after the login sequence ACR requesting system command returns
When the session ID is available. Create a root AGP without first logging into the system ACR (to create a secure channel root
AGP) No dialogue ID.
Table 8 reviews the command arguments. ACR system is not in use, the session ID field is left blank (NULL) (NA).
The AGP name / ID in front of its length in bytes.
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Dialogue ID | ACR only when the system login program Effective when used after. Otherwise leave Empty (NULL). |
77 | 1 | In bytes AGP Name / ID Length | The maximum length is 20 bytes. |
78 | As in bytes AGP Name / ID Length cited figures Specified in paragraph. | AGP name / ID |
Table 8: Creating the root AGP Command Arguments
Command structure:
· Command Name / operation code -1 bytes: SSA_CREATE_ROOT_AGP_CMD [3]
· Command Arguments -
1 ID-dialogue need? ? ?
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
1.2.10
Root AGP created
This command completion of the root pass AGP - AGP meant to be created in all of the ACR. This command will lock
AGP is no longer available to create additional ACR.
For this command does not exist arguments.
Command structure:
· Command name / operation code -1 bytes:
SSA_ROOT_AGP_CREATION_DONE_CMD[4]
· Command Arguments -
1 ID-dialogue need? ? ?
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
1.2.11
DISBALE_SYSTEM_ACR_CREATION
Send this command will terminate the ability to create a system of ACR. This command has no arguments.
1.2.12
SET_ROOT_AGP_CREATION_MODE
With SSA Command [19] SET_ROOT_AGP_CREATION_MODE treatments on root AGP created control.
Different mode code is described in Table 9. This command does not require login SSA so no conversation ID.
Mode Name | | Description |
Open | ||
1 | Root AGP created by the system or through formal opening ACR Channels. | |
Controlled | 2 | ACR only by the system to create the root AGP. |
Locking | 3 | You can not create root AGP. |
Table 9: root AGP creation mode
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Root AGP creation mode |
Table 10: Setting the root AGP creation mode command arguments
1.2.13
DISBALE_ROOT_AGP_CHANGE_MODE
This command makes SET_ROO_AGP_CREATION_MODE command inoperable, and it will be rejected SSA
Absolutely. This command has no arguments.
1.2.14
Create AGP
Byte offset | Argument length | Argument name | Comment |
76 | 1 | Dialogue ID | |
77 | 1 | In bytes AGP Name / ID Length | The maximum length is 20 bytes. |
78 | As in bytes AGP Name / ID Length cited figures Specified in paragraph. | AGP name / ID |
Table 11: Creating AGP Command Arguments
Command structure:
· Command Name / operation code -1 bytes: SSA_CREATE_AGP_CMD [5]
· Command Arguments -
A dialogue ID-1 byte
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
1.2.15
Remove AGP
This command is useful for creating the AGP ACR is valid and assumed no ACR.
Command structure:
· Command Name / operation code -1 bytes: SSA_DELETE_AGP_CMD [6]
· Command Arguments -
1.1 Dialogue ID-1 byte
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
1.2.16
Create ACR
Command structure:
· Command Name / operation code -1 bytes: SSA_CREATE_ACR_CMD [7]
· Command Arguments -
1.AGP name / ID-
2.ACR name / ID-
3 Log algorithm -1 bytes
4 key length
5 Unlock ACR name / ID
6 administrative rights (ACAM) -1 bytes number
7.ACAM# 1
8.ACAM#n1.2.17
Update ACR
This command can only be sent by the creator to update ACR progeny ACR. Reside in the root of the ACR because no AGP
ACR has a parent which can not be updated.
Command structure:
· Command Name / operation code -1 bytes: SSA_UPDATE_ACR_CMD [8]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
4 in bytes ACR name / ID byte length -1
5.ACR name / ID-
1.2.18
Delete ACR
This command can only be sent by the creator to remove ACR progeny ACR. Reside in the root of the ACR has deleted AGP
In addition to its own capabilities.
Command structure:
· Command Name / operation code -1 bytes: SSA_DELETE_ACR_CMD [9]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
4 in bytes ACR name / ID byte length -1
5.ACR name / ID-
1.2.19
Unlock ACR
This command can only be expressly permitted ACR with this send to unlock certain ACR.
Command structure:
· Command Name / operation code -1 bytes: SSA_UNBLOCK_ACR_CMD [10]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes AGP name / ID byte length -1
3.AGP name / ID-
4 in bytes ACR name / ID byte length -1
5.ACR name / ID-
1.2.20
Authorization domain license
Command structure:
· Command Name / operation code -1 bytes:
SSA_DELEGATE_DOMAIN_PERMISSION_CMD[11]
· Command Arguments -
A Dialogue ID-1 byte
(2) the number of licenses for authorization -1 bytes
3 authorized license code
4 in bytes domain name / ID byte length -1
5 domain name / ID
1.2.21
Create a partition
This command can only be AGP resides in the root of the ACR sent.
Command structure:
· Command Name / operation code -1 bytes: SSA_CREATE_PARTITION_CMD [12]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes of the partition name / ID byte length -1
3. Partition name / ID
4 sectors partition size [512 bytes] -4 bytes
5 reduction in bytes partition name / ID byte length -1
6 Reduce the partition name / ID
1.2.22
Update the partition
This command can only be AGP resides in the root of the ACR sent.
Command structure:
· Command Name / operation code -1 bytes: SSA_UPDATE_PARTITION_CMD [13]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes of the partition name / ID byte length -1
3. Partition name / ID
4 sectors partition size [512 bytes] -4 bytes
5 reduction in bytes partition name / ID byte length -1
6 Reduce the partition name / ID
1.2.23
Delete partition
This command can only be AGP resides in the root of the ACR sent.
Command structure:
· Command Name / operation code -1 bytes: SSA_DELETE_PARTITION_CMD [14]
· Command Arguments -
6 Dialogue ID-1 byte
7 in bytes of the partition name / ID byte length -1
8 partition name / ID
1.2.24
Restrict access to the public domain
This command is restricted to the public partition to / from public partition (also called user area) regular read / write command (by the
SSA sent by the master and is not part of the command command protocol).
Command structure:
· Command Name / operation code -1 bytes:
SSA_RESTRICT_PAUBLIC_PARTITION_CMD[15]
· Command Arguments -
A Dialogue ID-1 byte
(2) Public zoning restrictions code -1 bytes
1.2.25
Creating a Domain
Command structure:
· Command Name / operation code -1 bytes: SSA_CREATE_DOMAIN_CMD [16]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes of the partition name / ID byte length -1
3. Partition name / ID
4 in bytes domain name / ID byte length -1
5 domain name / ID
1.2.26
Delete Domain
Domain owner can only send this command and delete the domain.
Command structure:
· Command Name / operation code -1 bytes: SSA_DELETE_DOMAIN_CMD [17]
· Command Arguments -
A Dialogue ID-1 byte
(2) in bytes of the partition name / ID byte length -1
3. Partition name / ID
4 in bytes domain name / ID byte length -1
5 domain name / ID
1.2.27
System login
When the host via the user wishes to use ACR in an SSA system issue this command. The command will start
Login / authentication process.
Command structure:
· Command Name / operation code -1 bytes: SSA_SYSTEM_LOGIN_CMD [18]
· Command Arguments -
1 in bytes AGP name / ID byte length -1
2.AGP name / ID-
3 in bytes ACR name / ID byte length -1
4.ACR name / ID-
1.2.28
System Exit
When the host the user wishes to terminate the dialogue with the SSA system works when this command is issued. The command ends the current log
Dialogue all user activity. In this command, the user will need to re-host after the start in order to perform the login process
SSA system further action.
Command structure:
· Command Name / operation code -1 bytes: SSA_SYSTEM_LOGOUT_CMD [19]
· Command Arguments -
1 in bytes AGP name / ID byte length -1
2.AGP name / ID-
3 in bytes ACR name / ID byte length -1
4.ACR name / ID-
1.2.29 Read
Command structure:
· Command Name / operation code -1 bytes: SSA_READ_CMD [20]
· Command Arguments -
A Dialogue ID-1 byte
(2) The name of the partition in bytes byte length -1
3. Partition name
4 domain name length in bytes -1 bytes
5 domain name
6 Subdivision Address (LBA) -4 bytes
7 the number of LBA of the read (sector - sector = 512 bytes) - 4 bytes
1.2.30
Write
Command structure:
· Command Name / operation code -1 bytes: SSA_WRITE_CMD [21]
· Command Arguments -
A Dialogue ID-1 byte
(2) The name of the partition in bytes byte length -1
3. Partition name
4 domain name length in bytes -1 bytes
5 domain name
6 Subdivision Address (LBA) -4 bytes
7 the number of LBA of the read (sector - sector = 512 bytes) - 4 bytes
1.2.31
Command Status
This status command can be sent in order to obtain a command sent before the return status. The state of the command processing
And SSA system state.
Command structure:
· Command Name / operation code -1 bytes: SSA_CMD_STATUS_CMD [22]
· Command Arguments -
A Dialogue ID-1 byte
1.2.32
Asked
Asked command reads the log ACR in the range of SSA information.
Command structure:
· Command Name / operation code -1 bytes: SSA_SYS_QUERY_CMD [23]
· Command Arguments -
A Dialogue ID-1 byte
1.2.33
Password authentication command
1.2.33.1 sent password to SSA
The command is sent to be verified by the SSA actual ACR password. Send Command Status Command (22) will host
Command status can be read and can read when the command completes the certification process of the state - pass / fail.
Command structure:
· Command Name / operation code -1 bytes: SSA_PWD_AUTH SEND PWD_CMD [24]
· Command Arguments -
1 in bytes of the password length -1 bytes
(2) the password data.
1.2.34
Symmetric Authentication Command
1.2.34.1 get questions from SSA
Command structure:
· Command Name / operation code -1 bytes: SSA_SYM AUTH_GET_CHLG_CMD [25]
· Command Arguments -
1.2.34.2 sends a challenge to the SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_SYM_AUTH_SEND_CHLG_CMD[26]
· Command Arguments -
1.2.34.3 challenge response obtained from the SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_SYM_AUTH_GET_CHLG_RES_CMD[27]
· Command Arguments -
1.2.34.4 sends a challenge response from SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_SYM_AUTH_SEND_CHLG_RES_CMD[28]
· Command Arguments -
1.2.35
Asymmetric authentication processing commands
1.2.35.1 sends a challenge to the SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_SEND_CHLG_CMD[29]
· Command Arguments - Question -28 byte random number
1.2.35.2 get questions from SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_GET_CHLG_CMD[30]
· Command Arguments-NA
1.2.35.3 CA certificate sent to SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_SEND_CA_CERT_CMD[31]
· Command Arguments -
1.2.35.4 obtain SSA secrets before leading device
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_GET_PRE_MASTER_SECRET_CMD[32]
· Command Arguments -
1.2.35.5 ACR evidence obtained from SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_GET_CHLG_CMD[33]
· Command Arguments -
1.2.35.6 led the host device before secretly sent to SSA
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_SEND_PRE_MASTER_SECRET_CMD[34]
· Command Arguments -
1.2.35.7 send messages to start a conversation
Command structure:
· Command Name / operation code -1 bytes:
SSA_ASYM_AUTH_SEND_START_SESSION_MSG_CMD[35]
· Command Arguments -
1.PIN options -
(2) the length in bytes of the PIN -
3.PIN string -
1.2.35.8 certified completion message from SSA
Command structure:
· Command Name / operation code -1 bytes: SSA_SYM_AUTH_GET_CHLG_CMD [36]
· Command Arguments -
1.3SSA command argument
1.3.1
Not applicable
In the argument list is defined as not applicable (NA), all fields must be set to 0.
1.3.2
Passwords and PIN structure
Passwords and PIN phrase is 20 bytes long and the binary value for the SSA system. Any shorter than 20 bytes phrase must
Required with the "0" gap.
"0" gap | Phrase | ||||||||||||||||||
MSB 19 | |
||||||||||||||||||
00 | 0 0 | 0 0 | 0 0 | 0 0 | 0 0 | 0 0 | 4 9 | |
7
|
1 5 | |
5 2 | 7 4 | A 1 | E C | 2
|
0 0 | 0 1 | 05 |
1.3.3 Sign algorithm
This argument defines the ACR logic algorithms. Which is 1 byte long. The value can be defined in the following table:
Symbol | | Description |
NONE | ||
0 | Does not require certification. Once awarded this ACR Systems Login command then open dialogue. | |
|
1 | Password-based authentication |
Reserved for future use | 2-9 | |
|
10 | Use one-way symmetric AES algorithm certification. Card Authenticate the user. |
AES_HOST_AUTH_SEC | 11 | Use one-way symmetric AES algorithm certification. Card Authenticate the user. Secure channel can be established and used for This ACR. |
|
12 | Use one-way symmetric AES algorithm certification. Card Authenticate the user. Secure channel can be established and used for This ACR. After the PIN is completed in providing additional recognition Card. |
AES_MUTUAL_AUTH | 13 | Using a two-way symmetric AES algorithm certification. Cards and
Host authenticate each |
AES_MUTUAL_AUTH_SEC | ||
14 | Using a two-way symmetric AES algorithm certification. Cards and Host authenticate each other. Secure channel can be established and Used for this ACR. | |
AES_MUTUAL_AUTH_SEC _PIN | 15 | Using two-factor authentication AES algorithm. Card and Master Machine to authenticate each other. Secure channel can be established and used This ACR. After the completion of the additional PIN Certification. |
Reserved for future use | 16-19 | |
|
20 | In addition to using the DES algorithm similar to the login mode other than The AES group. |
DES_HOST_AUTH_SEC | 21 | |
|
22 | |
DES_MUTUAL_AUTH | 23 | |
|
24 | |
DES_MUTUAL_AUTH_SEC _PIN | 25 |
Reserved for future use | 26-29 | |
3DES_HOST_AUTH | 30 | In addition to using 3DES algorithm similar to the login module outside AES-style group. |
3DES_HOST_AUTH_SEC | 31 | |
3DES_HOST_AUTH_SEC_P IN | 32 | |
3DES_MUTUAL_AUTH | 33 | |
|
34 | |
3DES_MUTUAL_AUTH_SE C_PIN | 35 | |
Reserved for future use | 36-39 | |
|
40 | |
RSA_HOST_AUTH_PIN | 41 | |
RSA_MUTUAL_AUTH | 42 | |
RSA_MUTUAL_AUTH_PIN | 43 | |
Reserved for future use | 44-255 |
Table 12:Sign algorithm type
1.3.4
Certificate symbol symmetry
Symbol | | Description |
SYMMETRIC_KEY | ||
1 | Corresponding to the selected secret symmetric symmetric authentication sequence Key. The selected key authentication sequence will also reflect long Degrees. | |
|
2 | PIN is a 20-byte binary value of the maximum |
Table 13: Symmetric Certificate Type
1.3.5
Asymmetric Certificate Type
Symbol | Value | |
CA_ID | ||
CA_PUBLIC_RSA_KEY | ||
1 | ||
|
2 | |
USER_PIN | 4 |
Table 14: Asymmetric Certificate Type
1.3.6
Partition rights
Partition rights byte bitmap | |||||||
Read | Write | Authorize | Retention | Retention | Retention | Retention | Retention |
1.3.7
Domain rights
Domain rights byte bitmap | |||||||
Read | Write | Authorize | Retention | Retention | Retention | Retention | Retention |
1.3.8
Domain license code
Symbol | | Description |
READ | ||
1 | ||
|
2 | |
|
3 | |
DOMAIN_OWNERSHIP | 4 |
Table 15: Domain License Type
1.3.9
ACAM
Symbol | | Description |
CREATE_AGP | ||
1 | ||
|
2 | Create / delete / update AGP and ACR. |
|
3 | Create / delete partition. |
ACAM_CREATE_DOMAIN | 4 | Create / delete domains. |
|
5 | Grant access rights to the domain - this person is used for each A domain. |
ACAM_DELEGATE_PARTIT ION_rightS | 6 | Unauthorized access to the partition right - this is for those who Each partition. |
UNBLOCK_ACR | 7 |
Table 16: ACAM type
1.3.10
Public zoning restrictions code
Symbol | | Description |
READ_RESTRICTION | ||
1 | ||
|
2 | |
|
3 |
Table 17: Types of public zoning restrictions
1.3.11
Command Status
Field Name | Content | Byte count | |
Dialogue | ID number | 1 | |
Last command operation code | Effective SSA |
1 | |
Last Command Status | ·COMPLETE_OK-0
·COMPLETE_ERROR-1
· |
1 | |
|
1 | ||
Certification status | Command can only be applied to |
1 | |
The number of sectors transferred | Can only be applied to the data transfer command |
1.3.12
SSA inquiry
Field Name | Content | Byte count | |
Dialogue | ID number | 1 | |
Last command operation code | Effective SSA |
1 | |
Last Command Status | ·COMPLETE_OK-0 ·COMPLETE_ERROR-1 ·BUSY-2 | 1 | |
|
1 | ||
SSA version | Version number | ||
Access to a list of partitions | A partition ID, net size and access permissions | ||
Access to the list of domains | Domain ID and access permissions |
1.3.13
Command sequence
1.3.13.1 SSA by mutual symmetric authentication login command sequence
Sequence Index | Command name and operation code | Argument Description | |
1. | SSA_SYSTEM_LOGIN_CMD [18] | ACR and AGP Name | Start login sequence. Act only as a request. |
2. | SSA_CMD_STATUS_CMD [22] | Dialogue ID-NA | To obtain the status of |
3. | SSA_SYM_AUTH_SEND_CH LG_CMD[26] | |
Send questions to the |
4. | SSA_CMD_STATUS_CMD [22] | Dialogue ID-NA | To obtain the status of |
5. | SSA_SYM_AUTH_GET_CHL G_RES_CMD[27] | NA | Read SSA response to |
6. | SSA_CMD_STATUS_CMD [22 | Dialogue ID-NA | To obtain the status of CMD 27. If CMD 27 failed the login sequence is terminated. |
7. | SSA_SYM_AUTH_GET_CHL G_CMD[25] | NA | |
8. | SSA_CMD_STATUS_CMD [22] | Dialogue ID-NA | To obtain the status of CMD 25. If CMD 25 failed the login sequence is terminated. |
9. | SSA_SYM_AUTH_SEND_CH LG_RES_CMD[28] | |
|
10. | SSA_CMD_STATUS_CMD [22] | Dialogue ID-NA | To obtain the status of |
Upon successful completion of this sequence, SSA's ACR login and SSA operation can begin.
1.3.13.2 root AGP used to create the sequence of commands
Via system ACR (ACR its request to the system to perform the login sequence) or abandon the system secure channel and skip
ACR accreditation process to create the root AGP. The command SSA_CREATE_ROOT_AGP_CMD [3] with the root of AGP
Identity sent together.
This command can be SSA_CMD_STATUS_CMD [22] in order to be sure SSA did not reject the command and the
In the above command completed without error in the case. Upon completion of the root AGP and subsequently all its ACR to be created in order to send
Root AGP, it will send SSA_ROOT_AGP_CREATION_DONE_CMD [4] command.
1.3.13.3 sequence of commands used to create the AGP
To create AGP, the user must first demonstrated by performing 1.3.13.1 in the login command sequence to log in SSA.
ACR must establish a new group created before AGP. With AGP name / ID sent with the command
SSA_CREATE_AGP_CMD [5] to create the AGP.
To verify the CMD [5] In the case of no error is received and executed, the user sends
SSA_CMD_STATUS_CMD [22] and read commands sent before a state. When you finish creating the AGP,
Can continue to create ACR or exit from the SSA system.
1.3.13.4 sequence of commands used to create the ACR
To create ACR, the user must first demonstrated by performing 1.3.13.1 in the login command sequence to log in SSA.
Similarly, there must be a new ACR belongs AGP. Then the user with all the new ACR data (name, AGP, Gordon
Recording methods, etc.) sent with the command SSA_CREATE_ACR_CMD [7]. To verify the CMD [7] in the absence of errors
The case is received and executed, the user sends SSA_CMD_STATUS_CMD [22] and a transmission before the read command
State. When you finish creating the ACR, you can continue with other SSA operation or exits from the SSA system.
1.4 Product parameters
· The maximum number of all entities (MAROs, ARCR, parallel dialogue).
· Add the encryption parameters applicable that the definition of the length of the RSA key.
• The need to define each protocol error conditions and messages.
• The need to define the time-out and busy processing.
· Specify the tree progression.
· Limited root MAROS #.
· Offspring (root) # limit on all offspring? Authorization to.
· The CBC context (parallel) there will be a number of limitations, such as 5-10.
· Protocol and product version.
Claims (18)
1 A method for operating a storage system, said system comprising a non-volatile memory and said memory control
The access controller, the controller or the memory for storing at least a first and a second hierarchical tree, said hierarchical tree package
Including nodes in different levels, the node for controlling the first and second group of the corresponding entity stored in said memory
The data memory access, wherein each of said nodes of the tree are designated physical access to one or more respective storage
Is one or more license data, wherein each node of said tree, one or more of the same tree permit
A higher or lower level to another node on one or more licenses in a predetermined relationship; said method
Including:
...
1 A method for operating a storage system, said system comprising a non-volatile memory and said memory control
The access controller, the controller or the memory for storing at least a first and a second hierarchical tree, said hierarchical tree package
Including nodes in different levels, the node for controlling the first and second group of the corresponding entity stored in said memory
The data memory access, wherein each of said nodes of the tree are designated physical access to one or more respective storage
Is one or more license data, wherein each node of said tree, one or more of the same tree permit
A higher or lower level to another node on one or more licenses in a predetermined relationship; said method
Including:
...
According to said first and said second node of a hierarchical tree of one or more permissions to control the first and
The second set of the corresponding entity data access to the memory, wherein said first and second group of the corresponding entity in the memory
Data access no crosstalk.
(2) as claimed in claim 1, wherein said tree of said at least two of the two said memory control
Access to individual data sets, so that the control such that said first and second group corresponding to each group entity
Access to the data set of the two corresponding group.
3 as claimed in claim 2, wherein said control such that said first and second set of the corresponding entity to borrow
Contribute to two separate computer applications to access data.
As claimed in claim 1, wherein each of said nodes of the tree at the instruction of the one or more permissions
Said memory access rights of the data, said access rights to at least the same level of the tree in the lower section
At the point indicated by one or more of the rights of access permitted.
5 as claimed in claim 1, wherein said tree level of at least one of a plurality of nodes in the same shape
Into a group, and wherein said control allows said respective node group by using at least one entity
Public key to access the data in the memory.
As claimed in claim 5, wherein the group nodes of said corresponding one or more licensed entity
Allows the use of at least one public key to access the data in the memory different rights.
As claimed in claim 6, wherein the tree node according to one or more license, said control allows
Xu first entity by using a public key of said at least read access to the data in said memory, and
The second entity by using at least one common key to read and write access to the data in said memory.
As claimed in claim 1, wherein said tree node is used to access one or more licenses for
Encryption and / or decryption of the data in said memory key.
As claimed in claim 1, wherein the tree node according to one or more license, said control allows
Xu accessing said one or more memory partitions.
10 a secure storage system, comprising:
A nonvolatile memory; and
A controller controlling access to said memory, said controller or a memory for storing at least a first and a second
Hierarchical tree, comprises a hierarchical tree nodes at different levels, the node for controlling the first and second phase
Group should be stored in the physical memory of the data access, wherein each of the nodes of the tree are designated a
Or more respective memory data physical access to one or more license, wherein each of said one node of the tree
One or more licenses with the same tree on a higher or lower level to another node with one or more licenses
A predetermined relationship, and wherein at least two of said tree is no crosstalk between.
...
A controller controlling access to said memory, said controller or a memory for storing at least a first and a second
Hierarchical tree, comprises a hierarchical tree nodes at different levels, the node for controlling the first and second phase
Group should be stored in the physical memory of the data access, wherein each of the nodes of the tree are designated a
Or more respective memory data physical access to one or more license, wherein each of said one node of the tree
One or more licenses with the same tree on a higher or lower level to another node with one or more licenses
A predetermined relationship, and wherein at least two of said tree is no crosstalk between.
...
12 as claimed in claim 11, wherein said at least two of said tree by means of two separate machine should
Procedures used to control access.
13 according to claim 10, wherein each of said node of said tree is one or more license means
Shows the data of the memory access rights to at least said access rights from the same lower level in the tree
One or more of the node indicated by the rights of access permitted.
14 as claimed in claim 10, wherein said at least one tree of the plurality of nodes on the same level
Form a group, and the node of said group of one or more of the corresponding entity License allows using
At least one public key to access data in said memory.
15 according to claim 14, wherein the node of said group of one or more of the corresponding entity
Allows the use of said at least one license key to access the common data in the memory different rights.
Method according to claim 15, wherein the group of said one of said nodes in the corresponding entity at the
One or more permissions to allow the first entity by using the public key of at least one of said read-only access
In the data memory and the second entity by using the public key of said at least one read-write access to said memory
The data memory.
17 according to claim 10, wherein said tree node for accessing one or more permissions to use
For encryption and / or decryption key to the data in said memory.
18 according to claim 10, wherein said tree node is used to access one or more of the license
Said memory one or more than one partition.
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US63880404P | 2004-12-21 | 2004-12-21 | |
US60/638,804 | 2004-12-21 | ||
US11/313,536 US20060242151A1 (en) | 2004-12-21 | 2005-12-20 | Control structure for versatile content control |
US11/313,870 US20060242150A1 (en) | 2004-12-21 | 2005-12-20 | Method using control structure for versatile content control |
US11/313,536 | 2005-12-20 | ||
US11/313,870 | 2005-12-20 | ||
PCT/US2005/046793 WO2006069311A2 (en) | 2004-12-21 | 2005-12-21 | Control structure for versatile content control and method using structure |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101120356A true CN101120356A (en) | 2008-02-06 |
Family
ID=36602347
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2005800482747A Pending CN101120356A (en) | 2004-12-21 | 2005-12-21 | Control structure for versatile content control and method using structure |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1836642A2 (en) |
JP (1) | JP2008524757A (en) |
KR (1) | KR20070087175A (en) |
CN (1) | CN101120356A (en) |
TW (1) | TW200700991A (en) |
WO (1) | WO2006069311A2 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7748031B2 (en) | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
EP1934878A2 (en) * | 2005-09-08 | 2008-06-25 | SanDisk Corporation | Mobile memory system for secure storage and delivery of media content |
WO2008013656A2 (en) * | 2006-07-07 | 2008-01-31 | Sandisk Corporation | Content control system and method using certificate chains |
CN101484904A (en) * | 2006-07-07 | 2009-07-15 | 桑迪士克股份有限公司 | Content control system and method using versatile control structure |
WO2008060467A2 (en) * | 2006-11-14 | 2008-05-22 | Sandisk Corporation | Methods and apparatuses for binding content to a seperate memory device |
CN101557499B (en) * | 2008-04-09 | 2011-08-24 | 中兴通讯股份有限公司 | System and method for delivering media and method for renewing resource of media delivering system |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US8713647B2 (en) * | 2009-08-21 | 2014-04-29 | International Business Machines Corporation | End-of-session authentication |
US8713056B1 (en) * | 2011-03-30 | 2014-04-29 | Open Text S.A. | System, method and computer program product for efficient caching of hierarchical items |
AT513782B1 (en) * | 2014-04-11 | 2018-08-15 | Avl List Gmbh | Device and method for transmitting data |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
PE20030375A1 (en) * | 2001-08-13 | 2003-04-12 | Qualcomm Inc | APPLICATION LEVEL ACCESS PRIVILEGE FOR A STORAGE AREA ON A COMPUTER DEVICE |
US20040139021A1 (en) * | 2002-10-07 | 2004-07-15 | Visa International Service Association | Method and system for facilitating data access and management on a secure token |
JP4682498B2 (en) * | 2003-04-09 | 2011-05-11 | ソニー株式会社 | Communication device and memory management method for communication device |
-
2005
- 2005-12-21 JP JP2007548522A patent/JP2008524757A/en not_active Withdrawn
- 2005-12-21 KR KR1020077016646A patent/KR20070087175A/en not_active Application Discontinuation
- 2005-12-21 EP EP05855364A patent/EP1836642A2/en not_active Withdrawn
- 2005-12-21 TW TW094145706A patent/TW200700991A/en unknown
- 2005-12-21 CN CNA2005800482747A patent/CN101120356A/en active Pending
- 2005-12-21 WO PCT/US2005/046793 patent/WO2006069311A2/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2006069311A3 (en) | 2006-11-16 |
EP1836642A2 (en) | 2007-09-26 |
WO2006069311A2 (en) | 2006-06-29 |
TW200700991A (en) | 2007-01-01 |
JP2008524757A (en) | 2008-07-10 |
KR20070087175A (en) | 2007-08-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101238848B1 (en) | Versatile Content Control With Partitioning | |
JP4847967B2 (en) | Memory system with multipurpose content control | |
US8504849B2 (en) | Method for versatile content control | |
US8051052B2 (en) | Method for creating control structure for versatile content control | |
US8601283B2 (en) | Method for versatile content control with partitioning | |
US20070168292A1 (en) | Memory system with versatile content control | |
TWI388985B (en) | A method for controlling access to data in a storage device and a storage device | |
US20060242150A1 (en) | Method using control structure for versatile content control | |
US20060242151A1 (en) | Control structure for versatile content control | |
US20060242066A1 (en) | Versatile content control with partitioning | |
JP2008524753A5 (en) | ||
CN101120356A (en) | Control structure for versatile content control and method using structure | |
JP2008524755A5 (en) | ||
US20060242067A1 (en) | System for creating control structure for versatile content control | |
JP2008524758A5 (en) | ||
KR20090052321A (en) | Content control system and method using versatile control structure | |
KR20090026357A (en) | Content control system and method using certificate chains | |
KR20090028806A (en) | Content control system and method using certificate revocation lists |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |