The application's case is advocated the rights and interests of 60/819, No. 507 U.S. Provisional Application case of US of application on July 7th, 2006.
The 11/313rd, No. 870 U. S. application case of the application's case and application on Dec 20th, 2005 is relevant; Described application case is advocated the rights and interests of the 60/638th, No. 804 U.S. Provisional Application case of application on Dec 21st, 2004.Please case further be correlated with the 11/314th, No. 411 U.S. patent application case of application on Dec 20th, 2005 in this; The application's case further the 11/314th, No. 410 U.S. patent application case with application on Dec 20th, 2005 is relevant; The application's case further the 11/313rd, No. 536 U.S. patent application case with application on Dec 20th, 2005 is relevant; The application's case further the 11/313rd, No. 538 U.S. patent application case with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 055 U.S. patent application case with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 052 U.S. patent application case with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 053 U.S. patent application case with application on Dec 20th, 2005 is relevant.
The application's case is relevant with following U. S. application case: people such as Holzman applied on November 6th, 2006 is entitled as " using the contents controlling method (Content Control Method Using Certificate Chains) of certificate chain " the 11/557th, No. 028 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the content control system (Content Control System Using Certificate Chains) of certificate chain " the 11/557th, No. 010 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the contents controlling method (Content Control Method Using Certificate Revocation Lists) of certificate revocation lists " the 11/557th, No. 006 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the content control system (Content Control System Using Certificate Revocation Lists) of certificate revocation lists " the 11/557th, No. 026 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the contents controlling method (Content Control Method Using Versatile Control Structure) of general controls structure " the 11/557th, No. 049 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the content control system (Content Control System Using Versatile Control Structure) of general controls structure " the 11/557th, No. 056 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " being used for control from the method (Method for Controlling Information Supplied From Memory Device) of the information of storage arrangement supply " the 11/557th, No. 052 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " being used for control from the system (System for Controlling Information Supplied From Memory Device) of the information of storage arrangement supply " the 11/557th, No. 051 U. S. application case, people such as Holzman applied on November 6th, 2006 is entitled as " using the control method (Control Method Using Identity Objects) of identity object " the 11/557th, No. 041 U. S. application case, and people such as Holzman the 11/557th, No. 039 U. S. application case that is entitled as " control system (Control SystemUsing Identity Objects) of using the identity object " of applying on November 6th, 2006.
The application case of above enumerating is incorporated herein as stating fully in this article in full by reference.
Embodiment
Wherein can implement the example memory system of each side of the present invention by the block diagram illustrating of Fig. 1.As shown in Figure 1, accumulator system 10 comprises CPU (central processing unit) (CPU) 12, buffer management unit (BMU) 14, host interface module (HIM) 16 and flash interface module (FIM) 18, flash memory 20 and peripheral access module (PAM) 22.Accumulator system 10 is communicated by letter with host apparatus 24 with port 26a by host interface bus 26.May provide data storage device for host apparatus 24 for the flash memory 20 of NAND type, host apparatus 24 can be digital camera, personal computer, PDA(Personal Digital Assistant), digital media player (for example, MP-3 player), cellular phone, set-top box or other digital device or utensil.The software code that is used for CPU 12 also can be stored in flash memory 20.FIM 18 is connected to flash memory 20 by flash interface bus 28 and port 28a.HIM 16 is suitable for being connected to host apparatus.Peripheral access module 22 selects suitable controller module (for example, FIM, HIM and BMU) to communicate by letter with CPU 12 being used for.In one embodiment, all component of the system 10 in the frame of broken lines can be enclosed in the single unit (for example, memory card or rod 10 ' in) and preferably be encapsulated.Accumulator system 10 is connected to host apparatus 24 removedly, makes that the content in the system 10 can be by each access of many different host apparatus.
In the following description, accumulator system 10 is also referred to as storage arrangement 10, or is called storage arrangement or device simply.Though reference flash storer explanation the present invention herein, the present invention also can be applicable to the storer of other type, for example disk, optics CD, and the rewritable nonvolatile memory system of all other types.
Buffer management unit 14 comprises main frame direct memory access (DMA) (HDMA) 32, quickflashing direct memory access (DMA) (FDMA) 34, moderator 36, impact damper random access memory (BRAM) 38 and crypto engine 40.Moderator 36 is shared bus moderators, only makes at any time a master control set or initiator (it can be HDMA 32, FDMA 34 or CPU 12) can be to be in active state, and slave unit or target are BRAM 38.Moderator is responsible for suitable initiator request is multiplexed to BRAM 38.HDMA 32 and FDMA 34 are responsible for the data that transmit between HIM 16, FIM18 and BRAM 38 or CPU random access memory (CPU RAM) 12a.The operation of HDMA 32 and FDMA 34 is conventional and does not need herein to describe in detail.BRAM 38 is used for the data of transmission between storage host device 24 and the flash memory 20.HDMA 32 and FDMA 34 are responsible between HIM 16/FIM 18 and BRAM38 or CPU RAM 12a Data transmission and are used to indicate the sector finishing.
In one embodiment, accumulator system 10 produces the key value that is used for encryption and/or deciphering, and wherein this value preferably in fact can not be by for example host apparatus 24 accesses such as external device (ED) such as grade.Perhaps, also can produce key value in system 10 outsides (for example by license server), and send it to system 10.Produce key value howsoever, in case key value is stored in the system 10, just have only the empirical tests entity can the access keys value.Yet, be encrypted and decipher file one by one usually, because host apparatus reads data and writes data into accumulator system 10 with the form of file.As the memory storage of many other types, storage arrangement 10 is management document not.Though storer 20 certain storage file allocation tables (FAT) (wherein identifying the logical address of file), FAT be can't help controller 12 accesses and management usually by host apparatus 24.Therefore, in order to encrypt the data in the specific file, controller 12 must depend on the logical address that host apparatus sends the data in the file in the storer 20, makes system 10 can use the data that only can find and encrypt and/or decipher specific file by the key value that system 10 uses.
For both provide handle to come to handle data in the file with cryptographic methods with the reference same key to host apparatus 24 and accumulator system 10, host apparatus provides the reference at each of the key value that is produced or sent to system 10 by system 10, and wherein this type of is with reference to may simply be key ID.Therefore, main frame 24 will be associated with key ID by each file that system's 10 usefulness cryptographic methods are handled, and system 10 will be associated with the key ID that is provided by main frame for each key value with the cryptographic methods deal with data.Therefore, when host requests during with the cryptographic methods deal with data, its will be described request together with key ID together with treating that the logical address of obtaining or be stored in the data the storer 20 from storer 20 sends to system 10.System 10 produces or receives key value and will be worth therewith by the key ID that main frame 24 provides and is associated, and carries out Cipher Processing.In this way, need not make variation aspect the mode of accumulator system 10 operations, allow it to use key to control Cipher Processing fully simultaneously, comprise the proprietary access to key value.In other words, in case key value is stored in the system 10 or produced by system 10, system just continues to allow main frame 24 to come management document by the proprietary control that has FAT, and it is kept at the proprietary control to the management of the key value that is used for Cipher Processing simultaneously.After key value was stored in the accumulator system 10, host apparatus 24 was irrelevant with the management to the key value of the Cipher Processing that is used for data.
The key ID that is provided by main frame 24 and send to accumulator system or forms two attributes measuring by the key value that accumulator system produces, hereinafter embodiment one in be called " contents encryption key " or CEK.Though main frame 24 can make each key ID be associated with one or more files, main frame 24 also can make each key ID with without the data of tissue or by any way the data of tissue be associated, and be not limited to be organized as the data of complete file.
For user or application program are obtained the protected content in the system 10 or regional access, it will need to use the voucher to system's 10 registered in advance to verify.Voucher interrelates with the access right of granting to specific user or application program with this voucher.In the registered in advance process, the identity of the storage users of system 10 or application program and voucher and determined and the record of the access right that the identity therewith that provides by main frame 24 and voucher are associated by user or application program.After registered in advance is finished, when user or application requests write data into storer 20, it will need its identity and voucher to be provided, to be used for the key ID of enciphered data by host apparatus, and through enciphered data with the logical address that is stored in.System 10 produces or receives key value and this value is associated with the key ID that is provided by host apparatus, and will be stored in it at the key ID of the key value that is used for encryption data to be written at the record of this user or application program or table.It is followed enciphered data and will be stored in through the key value of enciphered data and generation or reception by the address of main frame appointment and locates.
When user or application requests read through enciphered data from storer 20, its with needs its identity and voucher are provided, at the previous key ID that is used for encrypting the key of the data of asking, and the logical address that is stored in through enciphered data.System 10 will be then with user or application identity and the voucher that is provided by main frame and be stored in user in its record or application identity and voucher mate.If their couplings, the key value that is associated with the key ID that is provided by user or application program will then be provided from its storer in system 10 so, use the key value deciphering to be stored in the data of being located by the address of host apparatus appointment, and will send to user or application program through data decryption.
By verifying that voucher separates with management to the key that is used for Cipher Processing, then might be under the situation of not sharing voucher the right of shared access data.Therefore, but the group's access with the user of different vouchers or application program is used for the same key of access identical data, and the user outside this group does not have access right.Though but all users in the group or application program access identical data, it may still have different rights.Therefore, some users or application program may have read-only access right, and other user or application program may only have the access right of writing, and other user or application program may have both.Since system 10 keep user or application identity and voucher, its can access key ID and with the record of each access right that is associated of key ID, so system 10 might at the specific user or application program be added or the deletion key ID also changes the access right that is associated with this type of key ID, weigh to another user or application program authorize access from a user or application program, or even deletion or add to be used for the user or record or the table of application program, all as through the suitable host apparatus of verifying are controlled.The record of storing can be specified needs escape way to be used for some key of access.Can use symmetry or asymmetric algorithm and password to finish checking.
The particularly important is the portability of the secure content in the accumulator system 10.Therein among the access of the key value embodiment by accumulator system control, when accumulator system or when incorporating the memory storage that described system is arranged into and transferring to another external system from an external system, keep the security that is stored in content wherein.No matter key is produced by accumulator system and still is derived from the accumulator system outside, external system this type of content in all can not access system 10 is unless it is with fully by the mode empirical tests of accumulator system control.Even after empirical tests like this, access is also fully by accumulator system control, and the mode access that only can control according to the preset recording in the accumulator system of external system.If this type of record is not observed in request, request will be rejected so.
For the big dirigibility of protection content aspect is provided, some zone of envisioning the storer that hereinafter is called subregion only can be by coming access through user or the application program of suitably checking.When with based on the above-mentioned feature combination of the data encryption of key the time, system 10 provides bigger data protection ability.As shown in Figure 2, flash memory 20 can be divided into its memory capacity some subregions: user area or subregion and customization subregion.User area or subregion P0 can the accesses under situation about not verifying by all users and application program.Can read or write (if the encrypted words of data read) by Any Application or user though be stored in all place values of the data in the user area, not decipher the information that the user of authority or application program can not access be represented by the place value that is stored in the user area.This (for example) is by the file 102 and 104 explanations that are stored among the P0 of user area.Being stored in equally in the user area is unencryption file (for example, 106), and it can be read and understood by all application programs and user.Therefore, symbolically, encrypted document presentation is to have the lock that for example is used for file 102 and 104 associated with it.
Though can't be understood by application program or user without permission through encrypt file among the P0 of user area, this type of application program or user may still can delete or destroy file, and this may be undesirable for some are used.For this purpose, storer 20 also comprises protected customization subregion, for example subregion P1 and P2, and it can be accessed under the situation of checking in advance.Hereinafter explain the proof procedure of permitting among the embodiment in the application's case.
Same as illustrated in fig. 2, but the file in multiple user or the application program access memory 20.Therefore, user 1 and 2 and application program 1-4 (in device operation) in Fig. 2, show.Before the protected content in allowing these entity access memories 20, it is at first verified by proof procedure in the mode of hereinafter explaination.In this process, just asking the entity of access to be identified to realize access control based on the role at host computer side.Therefore, the entity of request access is at first identified himself by for example supplying information such as " I are application program 2, and I wish to read file 1 ".Controller 12 then with identity, authorization information and request and be stored in storer 20 or controller 12 in record mate.If satisfy all requirements, so then grant access right to this entity.As illustrated in fig. 2, allow the file 101 of user 1 from subregion P1 to read and write to it, but file 106 from P0 read and to the not limited right that it writes, user 1 only can read file 102 and 104 except user 1 has.On the other hand, do not allow user's 2 accessing files 101 and 104 but user 2 have file 102 read and write access right.As indicated among Fig. 2, user 1 and 2 has identical login algorithm (AES), and application program 1 and 3 has different login algorithms (for example, RSA and 001001), and it also is different from the login algorithm of user 1 and 2.
Safe storage application program (SSA) is the security application of accumulator system 10, and explanation one embodiment of the invention, and it can be used for implementing the many features in the feature of above-identified.SSA can be presented as software or computer code, and wherein database is stored in the nonvolatile memory (not shown) among storer 20 or the CPU 12, and is read among the RAM12a and by CPU 12 and carries out.The acronym that statement is used with reference to SSA in the following table:
Definition, acronym and abbreviation
ACR |
The access control record |
AGP |
ACR group |
CBC |
The sequence block encryption |
CEK |
Contents encryption key |
ECB |
Electronic codebook mode |
ACAM |
The ACR attribute management |
PCR |
Permission control record |
SSA |
The safe storage application program |
Entity |
Therefore login SSA also utilizes it functionally to have anything of true and individual existence (host computer side). |
The SSA system is described
Data security, integrality and access control are the main effects of SSA.Data are the files that originally can clearly be stored on certain mass storage device.The SSA system is positioned at the top of storage system and is that the Hosts file of storing adds layer of security, and provides security functions by data of safety structure described below.
The main task of SSA be management with storer in store the different rights that the content of (and safety) is associated.Storage application need be managed a plurality of users and to the content rights of a plurality of institutes memory contents.Host application program is seen the visible driver of this type of application program and subregion from its side, and the file allocation table (FAT) of managing and describe the position of stored file on the memory storage.
In the case, memory storage uses and is divided into the NAND flash chip of subregion, but also can use other flash memory device and its within the scope of the invention.These subregions are continuous logical address threads, and wherein start and end address defines its border.Therefore, can be optionally by software (for example, being stored in the software in the storer 20) to the access dielectric imposed limits to hidden partition, described software makes this type of restriction be associated with address in this type of border.SSA can be by distinguishing subregion by the logical address border of the subregion of its management fully.The SSA system uses subregion to come physically, and protected data makes it avoid the influence of unwarranted host application program.For main frame, subregion is to be defined in the wherein mechanism in the special space of storing data files.These subregions can be public, wherein have any existence that can understand and recognize subregion on the device per capita to the access right of memory storage; Perhaps subregion is special-purpose or hides, but wherein only selected host application program access and recognize that it is present in the memory storage.
Fig. 3 be the explanation storer subregion P0, P1, P2 and P3 (obviously, can use be less than or more than four subregions) the synoptic diagram of storer, wherein P0 is can be by the public partition of any entity access under situation about not verifying.
Private partition (for example, P1, P2 or P3) is hidden the access to the file of its inside.By preventing the described subregion of main frame access, flash device (for example, flash cards) gives the protection to the data file of subregion inside.Yet this protection is by having contained the All Files that resides in the hidden partition to the access dielectric imposed limits to the data that are stored in the logical address place in the subregion.In other words, described restriction is associated with a certain ranges of logical addresses.All user/main frames that can the described subregion of access will have the not restricted access power to inner All Files.For different files (or file group) are isolated from each other, the SSA system uses key and key reference or key ID that security and the integrality of another level of every file or file group are provided.Key reference or key ID for the specific key value of encrypting the data of locating the different memory address can be extrapolated to container or the territory of containing through enciphered data.For this reason, in Fig. 4, key reference or key ID (for example, " key 1 " and " key 2 ") are the zone around the file that uses the key value encryption that is associated with key ID with pattern exhibiting.
Referring to Fig. 4, for instance, file A can not sealed by any key ID because it is shown as by the access under situation about not verifying of all entities.Although the file B in the public partition can be read or be rewritten by all entities, the data of secret key encryption of " key 1 " that it contains to have ID make that contained information can not be by the entity access, unless this entity has the access right to this key among the file B.In this way, use the reference of key value and key or key ID that virtual protection only is provided, this forms contrast with the protection type that is provided by above-described subregion.Therefore, but any main frame of access subregion (public or special-purpose) can read or write the data in the whole subregion, comprises through enciphered data.Yet, because data are through encrypting, so unwarranted user only can destroy it.It preferably can not change data under situation about not being detected.By the access right of restriction to encryption and/or decruption key, this feature can only allow authorized entity to use described data.File B and C also use the secret key encryption with key ID " key 2 " in P0.
Can provide data confidentiality and integrality by the symmetric encryption method (every CEK method) of using contents encryption key (CEK).In SSA embodiment, the key value among the CEK is produced or is received by the flash device (for example, flash cards) that only uses in inside, and keeps as secret for the external world.That also can be hash through the data of encrypting or encipher or password by the chain type piecemeal to guarantee data integrity.
And all data in the case of non-partitioned are associated by different secret key encryptions and with different key IDs.In the public or user file or operating system zone (that is, and FAT) some logical address in may be with any key or key with reference to not being associated, but and therefore can be by any entity use of access subregion itself.
Call establishment key and subregion and write and read or use the entity of the ability of key need record (ACR) login SSA system by access control from wherein carrying out data.The privilege of ACR in the SSA system is called action.Each ACR can have permission to carry out the action of following three classifications: create the division and key/key ID, access subregion and key, and create/other ACR of renewal.
ACR organizes with group, is called ACR group or AGP.In case ACR is good authentication, the SSA system just opens a dialogue, can carry out any one of action of ACR by described dialogue.ACR and AGP are for according to the data of safety structure of policy control to the access of subregion and key.
User partition
One or more public partition of SSA system management are also referred to as user partition.This subregion is present on the memory storage, and is to read the subregion that writes the order access by the standard of memory storage.Acquisition about partition size with and the information of existence on device preferably can not hide to host computer system.
The SSA system makes it possible to read by standard and writes this subregion of order or SSA order access.Therefore, the access subregion preferably can not be limited to specific ACR.Yet the SSA system can make host apparatus access can be limited to user partition.Can individually enable/stop using and read and write access.Allow all four combinations (for example, only write, only read (write protection), read and write, and do not have access).
The SSA system can be associated key ID ACR with file in the user partition, and uses the key that is associated with this type of key ID to encrypt respective files.What the access user partition was interior will use the SSA command set to finish through encrypt file and setting to the access right of subregion.Above feature also is applicable to the data that are not organized as file.
The SSA subregion
These are hiding (unauthorized party is hidden) subregions that only can order access by SSA.Except by coming the access SSA subregion by signing in to the dialogue (hereinafter describing) that ACR go up to set up, the SSA system will preferably not allow host apparatus access SSA subregion.Similarly, preferably, SSA will not provide the information about existence, size and the access permission of SSA subregion, unless the dialogue that this request is passed through to set up arrives.
Access right to subregion derives from the ACR permission.In case ACR signs in in the SSA system, its just can with other ACR shared partition (hereinafter describe).When creating the division, main frame provides with reference to title or ID (for example, the P0-P3 among Fig. 3 and 4) for subregion.This further reads and writes order with reference to being used for to subregion.
Cutting apart of memory storage
All available storage of device preferably are assigned to the SSA subregion of user partition and current configuration.Therefore, any cutting operation again may relate to reconfiguring of existing subregion.Net change to installed capacity (the big or small sums of all subregions) will be zero.The ID of the subregion in the device memory space is defined by host computer system.
Host computer system can one be divided into two less subregions or two existing subregions (its may or may not be close to) are merged into one what have subregion now again.Data in the subregion through dividing or merging can be wiped or be remained unaffected by the main frame consideration.
Because cutting apart again of memory storage may cause data degradation (because it is wiped free of or is mobile) everywhere in the logical address space of memory storage, so the strictness restriction of SSA system management to cutting apart again.Order is cut apart in the ACR issue that only allows to reside among the root AGP (hereinafter explaination) again, and it only can be with reference to its subregion that has.Because the SSA system do not know how data are organized (FAT or other file system structure) in subregion, so the responsibility of main frame is in that any time of segmenting device is rebuild these structures again.
Size and other attribute of cutting apart this subregion that change main frame OS is seen again of user partition.
After cutting apart, the responsibility of host computer system is to guarantee that any ACR in the SSA system is not with reference to non-existing subregion again.If these ACR are not suitably deleted or upgrade, attempt and will be detected and refuse by system the future that represents the non-existing subregion of these ACR accesses so.Key and key ID about deletion give similar attention.
Key, key ID and virtual protection
When file was written to a certain hidden partition, it was hidden to general public.But, in case an entity (hostile or not hostile) to be understood and to the access right of this subregion, file just becomes available and sees easily.For further protected file, SSA can be encrypted it in hidden partition, wherein is used for the voucher that access is used for key that file is decrypted and preferably is different from the voucher that those are used for the access subregion.Because file is fully by the fact of host computer control and management, institute is so that associated with the file being unified into of CEK is problem.File chaining will be proofreaied and correct this to a certain content (key ID) that SSA confirms.Therefore, when SSA created key, main frame made the key ID of this key be associated with the data of using the secret key encryption of being created by SSA.If described key is sent to SSA together with key ID, so described key and key ID can easily be associated with each other.
Key value and key ID provide logical security.All data that are associated with given key ID (no matter its position how) are enciphered with the same key value in the contents encryption key (CEK), and the reference title of described CEK or key ID provide when being created by host application program uniquely.If an entity obtain the access right (by via the ACR checking) to hidden partition and wish to read or write in this subregion through encrypt file, it needs the key ID that can access be associated with described file so.When granting at the access of the key of this key ID the time, SSA loads on key value among the CEK that key ID is associated therewith, and before data are sent to main frame, data are decrypted, or before writing data into flash memory 20, data are encrypted.In one embodiment, the key value among the CEK that the SSA system is created at random with key ID is associated once, and by the described key value of SSA system held.SSA system outside do not have the either party to understand or can access CEK in this key value.The external world only provides and uses reference or key ID, rather than the key value among the CEK.Key value is managed by SSA fully and preferably only can be by the SSA access.Perhaps, key can be offered the SSA system.
The data that the SSA system uses any one (the user's definition) in the following cipher mode to protect to be associated with key ID (key value among employed actual cryptographic algorithm and the CEK is by system's control and do not disclose to the external world):
Block mode-data are divided into block, and each block is encrypted through indivedual.This pattern is considered as not too safely and is subjected to easily dictionary attack usually.Yet it will allow in user's Random Access Data block any one.
Linking scheme-data are divided into block, and described block links during ciphering process.Each block is used as an input in the input of the ciphering process of next block.In this pattern (although be considered as comparatively safety), write and read data from start to end in proper order, thereby create the overhead that to be accepted by the user.
Hash-additionally created the chain pattern of the data summarization that can be used for the authentication data integrality.
ACR and access control
To dispose a plurality of application programs, each of wherein said application program is expressed as node tree to SSA in system database through design.There is not the mutual repulsion of crosstalking to realize between the application program by guaranteeing to set between the branch.
In order to obtain the access right to the SSA system, entity need connect via one of the ACR of system.The SSA system selects definition embedded among the connected ACR to come the administrative login program according to the user.
ACR is the indivedual login points that arrive the SSA system.ACR keeps logging on authentication and verification method.Residing on equally in the record is the intrasystem login of SSA permission, wherein is to read and write privilege.This illustrates that in Fig. 5 Fig. 5 illustrates n ACR among the same AGP.This means that among n the ACR at least some can share the access right to same key.Therefore, ACR#1 and ACR#n share the access right to the key with key ID " key 3 ", and wherein ACR#1 and ACR#n are ACR ID, and " key 3 " is the key ID for the key of encrypting the data that are associated with " key 3 ".Same key also can be used for encrypting and/or deciphering a plurality of files, or a plurality of data set.
The SSA system supports the login of the some types in the system, and wherein verification algorithm and user's voucher can change, in case as the user successfully login then the user the privilege in the system can change.Fig. 5 illustrates different login algorithm and voucher again.ACR#1 designated pin login algorithm and password are as voucher, and ACR#2 specifies PKI (Public Key Infrastructure) login algorithm and public keys as voucher.Therefore, in order to login, entity provides effective ACR ID with needs, and correct login algorithm and voucher.
In case entity has signed in among the ACR of SSA system, just in the permission control record (PCR) that is associated with ACR, define its permission (it uses the right of SSA order).In Fig. 5, according to the PCR that shows, ACR#1 grant to the data that are associated with " key 3 " only read permission, and ACR#2 grants the permission of reading and write the data that are associated with " key 5 ".
Different ACR can share common interest and privilege in system, for example in order to common interest and the privilege of the key aspect that reads and write.In order to realize this purpose, the ACR with something in common is grouped into AGP-ACR group.Therefore, ACR#1 and ACR#n share the access right to the key with key ID " key 3 ".
AGP and its inner ACR organize with hierarchical tree, and therefore except creating the safe key that keeps sensitive data safety, ACR can preferably also create other ACR entity corresponding to its key ID/subregion.These ACR filial generations will have identical with its parent (founder) or be less than the permission of its parent, and can be given the permission of the key of creating at parent ACR self.Self-evident, filial generation ACR obtains the access permission to its any key of creating.This illustrates in Fig. 6.Therefore, all ACR among the AGP 120 create by ACR 122, and two permissions of inheriting the data that access is associated with " key 3 " from ACR 122 among this type of ACR.
AGP
By specifying ACR in AGP and the AGP to be accomplished to login in the SSA system.
Each AGP has unique ID (with reference to title), and it is as the index at its clauses and subclauses in the SSA database.When creating AGP, the AGP title is provided to the SSA system.If the AGP title that provides has been present in the system, SSA will refuse creation operation so.
AGP be used for management to as following paragraph with the restriction of the mandate of the access described and management permission.One of function that two trees among Fig. 6 provide is the access of the complete separate entities of management (for example, two different applications, or two various computing machine users).For this type of purpose, may be importantly, two access procedures (that is, do not have in fact and crosstalk) substantially independent of one another are even both take place simultaneously.This means that the establishment of checking, permission and extra ACR and AGP in each tree is free of attachment to and does not rely on the establishment of checking, permission and extra ACR and the AGP of another tree.Therefore, when the SSA system was used for storer 10, this allowed accumulator system 10 to serve a plurality of application programs simultaneously.It also allows two application programs, two independent data sets of access (for example, photograph collection and song book) independently of one another.This illustrates in Fig. 6.Therefore, with at comprising photo via the application program of the node in the tree in the top section of Fig. 6 (ACR) or " key 3 " of user's access, the data that " key X " and " key Z " is associated.Can comprise song with the data that are associated at " key 5 " and " key Y " via the application program of the node (ACR) of the tree in the base section of Fig. 6 or user's access.The ACR that creates AGP has the permission of only deleting described AGP when AGP does not have the ACR clauses and subclauses.
The SSA entrance of entity: access control record (ACR)
ACR description allowance entity in the SSA system signs in to the mode in the system.When entity signed in in the SSA system, it need specify the ACR that is about to the proof procedure of execution corresponding to it.ACR comprises permission control record (PCR), its explanation in case such as among the ACR illustrated in fig. 5 definition and empirical tests user with regard to the executable action of granting.The host computer side entity provides all ACR data fields.
When entity successfully signs in on the ACR, entity can be inquired about subregion and key access permission and the ACAM permission (hereinafter explaination) of all ACR.
ACR?ID
When the SSA system entity opens the beginning during login process, ACR ID (being provided when creating ACR by main frame) corresponding to login method need be provided for it, feasible when satisfying all logins and require SSA correct algorithm will be set and select correct PCR.When creating ACR, ACR ID is provided to the SSA system.
Login/verification algorithm
Verification algorithm specifies the logging program of what kind to be used by entity, and needs the voucher of what kind that the proof of user identity is provided.The SSA system supports some standards login algorithms, is changing in the scope based on symmetrical or asymmetric cryptological bi-directional verification agreement from no program (and not having voucher) with based on the program of password.
Voucher
The voucher of entity is corresponding to the login algorithm, and uses to check and verify the user by SSA.The example of voucher can be for password authentification password/PIN numeral, be used for the AES key of AES checking etc.Type/the form of voucher (that is, PIN, symmetric key etc.) is through pre-defined and derive from Validation Mode; When creating ACR, it is provided to the SSA system.These vouchers of SSA system and definition, distribution and management are irrelevant, and except the checking of PKI, it is right that wherein device (for example, flash cards) can be used for producing the key of RSA or other type, and public keys can be exported to be used for certificate and produces.
Permission control record (PCR)
PCR is illustrated in the content that signs in in the SSA system and successfully afterwards grant entity by the proof procedure of ACR.There is three types permission classification: be used for the establishment permission of subregion and key, at the access permission of subregion and key, and the management permission that is used for entity-ACR attribute.
The access subregion
This paragraph of PCR contains entity the tabulation that completes successfully ACR accessible subregion after the stage (using as be provided to its ID of SSA system).For each subregion, access type can be limited to and only writes or only read, and maybe can specify fully to write/read access right.Therefore, the ACR#1 among Fig. 5 can access subregion #2 rather than subregion #1.The restriction of appointment is applicable to SSA subregion and public partition among the PCR.
Can read and write order or order the access public partition by SSA by the rule that the device (for example, flash cards) of SSA system is managed on behalf of another in arrival.When with the license creation root ACR (hereinafter explaination) of restriction public partition, it can be delivered to its filial generation with described permission.ACR can preferably only limit rule and read and write order access public partition.ACR in the SSA system can preferably only be limited after it is created.In case when ACR had the permission of reading/writing to public partition from public partition, preferably it can not be removed.
Access keys ID
This paragraph of PCR contains the data that the tabulation of the accessible key ID of entity (as be provided to the SSA system by main frame) when having satisfied the ACR strategy with login process when entity is associated.Specified key ID with reside on PCR in file in the subregion that occurs be associated.Because key ID is not associated with the logical address of installing in (for example, flash cards), so when an above subregion was associated with specific ACR, file can be any one in the subregion.Among the PCR key ID of appointment each can have different access right collection.The data that access is pointed to by key ID can be limited to and only write or only read, and maybe can specify fully to write/read access right.
ACR attribute management (ACAM)
This paragraph is described the system property that can how to change ACR in some cases.
The ACAM action that can permit in the SSA system is:
1. create/deletion/upgrade AGP and ACR.
2. create/deletion subregion and key.
3. authorize the access right to key and subregion.
Parent ACR preferably can not edit the ACAM permission.This will preferably need deletion and create ACR again.And, preferably can not be removed to the access permission of the key ID created by ACR.
ACR can have the ability of creating other ACR and AGP.Create ACR and also can mean the some or all of ACAM permissions that had by its founder to its mandate.Have the permission of creating ACR and mean the permission that has for following action:
1. voucher-the verification method of definition and editor's filial generation is preferably in case just can not be edited by creating the ACR setting.Can in the border of the verification algorithm that has defined at filial generation, change voucher.
2. delete ACR.
3. authorize establishment permission to filial generation ACR (therefore have grandson generation).
ACR with permission of creating other ACR has the permission (although it may not have the permission that ACR is lifted a blockade) of authorizing the permission of lifting a blockade to its ACR that creates.Parent ACR will be placed on the reference to its person of lifting a blockade among the filial generation ACR.
Parent ACR is the unique ACR with permission of its filial generation of deletion ACR.When ACR deletes the ACR of lower level of its establishment, the then also deletion automatically of all ACR that produces of lower level ACR thus.When deletion ACR, then delete all key IDs and the subregion of its establishment.
There are renewable himself two exceptions of record of ACR:
1. password/PIN (although being set by founder ACR) only can be upgraded by the ACR that comprises it.
2. root ACR can delete itself and its AGP that resides on.
Mandate is to the access right of key and subregion
ACR and AGP thereof are combined in the hierarchical tree, and wherein root AGP and its inner ACR are in the top (for example, the root AGP 130 and 132 among Fig. 6) of tree.Can have some AGP trees in the SSA system, but it is separated from one another fully.ACR in the AGP can authorize the access permission to its key to all ACR that all ACR in its residing same AGP and Xiang Youqi create.The permission of creating key preferably comprises the permission of the access permission of licensing key.
Permission to key is divided into three classifications:
1. access-this definition is namely read, is write for the access permission of key.
2. entitlement-foundation definition, the ACR that creates key is its owner.This entitlement can license to another ACR (if its be in the same AGP or among the filial generation AGP) from an ACR.The entitlement of key provides the deletion key and authorizes permission for the permission of described key.
3. the right that access right mandate-this permission makes ACR can authorize it to hold.
ACR can authorize to its subregion of creating with and have an access permission of other subregion of access permission.
Finish permission by the PCR that adds title and the key ID of subregion to specified ACR.The authorization key access permission can be to carry out at the key of creating to some extent of authorizing ACR by key ID or by the statement access permission.
The blockade of ACR and releasing are blocked
ACR can have the blockade counter, and its ACR proof procedure that carries out to system when entity increases progressively when getting nowhere.When reaching a certain maximum number (MAX) of unsuccessful authentication, the SSA system will block ACR.
Being blocked ACR can be lifted a blockade by another ACR that is blocked the reference of ACR institute.Reference to the ACR that lifts a blockade is set by its founder.The ACR that lifts a blockade preferably is among the AGP identical with the founder who is blocked ACR, and has " lifting a blockade " permission.
There is not other ACR to lift a blockade to being blocked ACR in the system.The ACR possible configuration has the counter of blockade but the person ACR that do not lift a blockade.In the case, if this ACR is blocked, it can't be disengaged blockade so.
Root AGP-creates application database
The SSA system through design to dispose a plurality of application programs and to make its each data isolation.The tree construction of AGP system is the main tool for identification and isolates application particular data.Root AGP is in the place, tip of application program SSA database tree and observes different slightly rule of conduct.Some AGP are configurable in the SSA system.Two root AGP 130 and 132 are showed among Fig. 6.Obviously, can use still less or more AGP, and it within the scope of the invention.
By the process of adding new AGP/ACR tree to device, come register device (for example, flash cards) at the issue voucher of the new application program of new application program and/or device.
The prop root AGP of SSA system creates three kinds of different modes of (and all ACR and permission thereof of root AGP):
1. open: as not require the Any user of checking of any kind of or entity or can create new root AGP by user/entity that the ACR of system (hereinafter explaination) verifies.Open mode makes it possible to be delivered in open channel and finish (namely when all data, in issue agency's security context) time situation without any security measures under, or pass through the escape way of setting up via the ACR of system checking (that is, aloft (OTA)) and issue the back program) establishment root AGP.
If system ACR is not configured (this is optional feature) and root AGP creation mode is set at opening, so only the open channel option can be used.
2. controlled: as to have only by the entity of the ACR of system checking and can create new root AGP.If system ACR is not configured, so can not be with the SSA default to this pattern.
3. locking: the establishment of root AGP of stopping using, and can not add supernumerary root AGP to system.
Two SSA order control these features (these orders can be used under situation about not verifying by Any user/entity):
1. any one that configuration SSA system uses three kinds of root AGP creation modes of method configuration order-be used for.Only allow following patterns of change: open->controlled, controlled->locking (that is, be configured to controlledly if the SSA system is current, it only can change into locking so).
2. method configuration locking order-be used for the method configuration order of stopping using, and the method for the current selection of permanent locking.
When creating root AGP, it is in and makes it possible to create and dispose in the special initialize mode of its ACR (use is applied to the same access restriction of the establishment of root AGP).When root AGP layoutprocedure finished, when entity switched to operator scheme with it clearly, existing ACR no longer can be updated and no longer can create extra ACR.
In case root AGP is placed in the mode standard, it only can sign in to by an ACR via the permission that is assigned deletion root AGP among its ACR in the system and deleted.Except special initialize mode, this is another exception of root AGP; It preferably can contain unique AGP of the ACR of the permission with the AGP that deletes himself, with AGP formation contrast in next tree layer.
Between root ACR and the standard A CR the 3rd and final difference are that it is to have the unique ACR that creates and delete the permission of subregion in the system.
The ACR of SSA system
System ACR can be used for following two kinds of SSA operation:
1. create the ACR/AGP tree under the protection of the escape way in hostile environment.
2. the device of SSA system is managed on behalf of another in identification and checking.
Preferably, only can have an ACR of system among the SSA, and in case through defining, it just can not change preferably.When creating the ACR of system, do not need system verification; Only need the SSA order.The ACR of the establishment system feature of can stopping using (be similar to and create root AGP feature).After the ACR of establishment system, creating the ACR of system order does not have effect, because preferably only allow an ACR of system.
In the time of in being in constructive process, system ACR inoperation.After finishing, need the issue special command, its indication mechanism ACR has created and has prepared and carried out.After this point, system ACR preferably can not be updated or substitute.
System ACR creates root ACR/AGP in SSA.It has the permission of interpolation/change root layer, up to main frame to it satisfied and when it is blocked till.Blocking root AGP cuts off it in essence to the connection of the ACR of system and causes its tamperproof.At this moment, do not have one can change/edit root AGP and inner ACR.This orders to finish by SSA.The establishment of inactive root AGP has permanent influence and can not put upside down.The feature that more than relates to the ACR of system illustrates in Fig. 7.System ACR is used for creating three different root AGP.After creating these roots AGP, sometime, send SSA from main frame and order to block root AGP from the ACR of system, the establishment root AGP feature of stopping using by this, indicated as the dotted line that among Fig. 7 the ACR of system is connected to root AGP.This causes three root AGP tamperproof.Before or after root AGP was blocked, three root AGP can be used for creating filial generation AGP to form three trees separately.
The above-mentioned content owner of being characterized as has in configuration provides big dirigibility aspect the safety product of content.Need " issue " safety product.Issue is the process that proposes the identification key, and device can be identified main frame by the identification key, and vice versa.Recognition device (for example, flash cards) makes main frame can determine its whether credible letting alone and the secret of installing.On the other hand, the identification main frame makes device can have only ability implement security strategy when main frame is allowed to (granting and the order of execution particular host).
To have some identification keys through design with the product of serving a plurality of application programs.Product can " issue " in advance-storage key during manufacture before shipment, or " issue afterwards "-after shipment, add new key.For issue afterwards, storage arrangement (for example, memory card) need contain certain master control set or a device layer key, and it can be used for identifying through allowing application program is added to the entity of device.
Above-mentioned feature makes product issue after can being configured to enable/stop using.In addition, issue configuration afterwards can be finished after shipment safely.Device can be used as retail product and buy, and does not have other key it on except above-mentioned master control set or device layer key, and follows described device and issue application program or it is inactive after being configured to enable further by the new owner.
Therefore, the ACR of system feature provides the ability that realizes above purpose:
-the storage arrangement that do not have the ACR of system will allow the unrestricted and not controlled interpolation of application program.
-the storage arrangement that do not have an ACR of the system ACR of system that can be configured to stop using creates, and this means the interpolation (also being deactivated unless create the feature of new root AGP) of having no idea to control new application program.
-storage arrangement with the ACR of system will only allow controllably adds application program via the escape way that uses the ACR of system voucher to set up by proving program.
-storage arrangement with the ACR of the system application program that can be configured to stop using before or after adding application program is added feature.
The key ID tabulation
Create key ID according to specific ACR request; Yet in accumulator system 10, it is only used by the SSA system.When creating key ID, creating ACR provides following data or following data is provided to establishment ACR:
1. key ID.Described ID is provided by main frame by entity, and is used for further reading or writing access with reference to key and use secret key encryption or decrypted data at all.
2. secret key cipher and data integrity sexual norm (above and as piecemeal, link and the Hash pattern hereinafter explained).
Except the attribute that main frame provides, following data are by the SSA system held:
1. the key ID owner.ID as possessory ACR.When creating key ID, founder ACR is its owner.Yet key ID entitlement can be transferred to another ACR.Preferably, only allow the key ID owner to shift entitlement and the authorization key ID of key ID.Mandate is to the access permission of the key that is associated and recall these rights and can be managed by the key ID owner or any other ACR that is assigned authorization.During in attempting to carry out these operations any one, the SSA system will be only just grant described operation during through mandate as request ACR.
2.CEK。This is that key value is used to the CEK that will be associated with key ID or enciphered by the content that key ID is pointed to.Key value can be 128 AES random keys that produced by the SSA system.
3.MAC and IV value.The multidate information that uses in link zone block encryption (CBC) cryptographic algorithm (Message Authentication Code and open beginning vector).
Also referring to the various features of the flowchart text SSA of Fig. 8 A-16, wherein " H " in step left side means that operation carried out by main frame, and " C " means that operation carried out by card.Though the reference memory card illustrates these SSA features, will understand, these features also are applicable to the storage arrangement of other physical form.In order to create the ACR of system, the order (square frame 202) that main frame is issued the establishment ACR of system to the SSA in the storage arrangement 10.Whether device 10 is by check system ACR existed to respond (square frame 204, rhombus 206).If it exists, install 10 so and pass failure back and stop (oval 208).If it does not exist, storer 10 checks whether allow the ACR of system to create (rhombus 210) so, and passes status of fail (square frame 212) under unallowed situation back.Therefore, can exist the device publisher not allow to create the example of the ACR of system, for example be scheduled to make under the situation of the ACR of system at required security features.If allow the ACR of system to create, install 10 so and pass the OK state back and wait for system ACR voucher (square frame 214) from main frame.Main frame checks the SSA state and installs 10 and whether indicated the permission establishment ACR of system (square frame 216 and rhombus 218).If if do not allow establishment or the ACR of system to exist, main frame stops (oval 220) so.Indicated the permission establishment ACR of system if install 10, main frame issue SSA orders to define its logging on authentication and sends it to device 10 (square frame 222) so.The voucher update system ACR record that device 10 usefulness receive is also passed OK state (square frame 224) back.In response to this status signal, the main frame issue indication mechanism ready SSA order of ACR (square frame 226).Device 10 makes it not to be updated by locking system ACR or substitutes to respond (square frame 228).This pins the feature of the ACR of system and is used for identity to main frame recognition device 10.
Being used for creating the new program of setting (new root AGP and ACR) determines in the mode that device disposes by these functions.Fig. 9 explains described program.Both all follow this program main frame 24 and accumulator system 10.Add new root AGP if stop using fully, can not add new root AGP (rhombus 246) so.Need the ACR of system if it is activated, main frame is created root _ AGP order (square frame 254) in issue and is verified and set up escape way (rhombus 250, square frame 252) by the ACR of system before so.If do not need the ACR of system (rhombus 248), main frame 24 can be issued under situation about not verifying and create root AGP order and advance to square frame 254 so.If system ACR exists really, even do not need the ACR of system main frame also can use described system ACR (not showing in the process flow diagram) so.Device (for example, flash cards) will be refused the trial (if described function is deactivated) of the new root AGP of any establishment, and it will refuse to create the trial (ACR of system if desired) (rhombus 246 and 250) of new root AGP under situation about not verifying.New AGP and the ACR that creates now switches to operator scheme in the square frame 254, makes ACR among this type of AGP not to be updated or changes in other mode, and any ACR can not be added to described ACR (square frame 256).System is then randomly locked, and makes to create extra root AGP (square frame 258).Frame of broken lines 258 is that this step of indication is the convention of optional step.All frame of broken lines in the graphic process flow diagram of this instructions all are optional step.This allows the content owner to block for other illegal objective that may imitate the actual stored apparatus with legal content use to installing 10.
In order to create ACR (being different from above-mentioned ACR among the AGP), any ACR that can have the right of creating ACR begins (square frame 270), as shown in figure 10.Entity can be attempted to come by main frame 24 inputs (square frame 272) by ACR of provide access an ACR identity and the attribute that is necessary with its hope establishment.SSA checks with the coupling of ACR identity and ACR with this identity whether have the permission (rhombus 274) of creating ACR.If request is verified as through authorizing, the SSA that installs so in 10 creates ACR (square frame 276).
Figure 11 shows two AGP of tree useful in the security application of the method for using Figure 10.Therefore, the marketing ACR that has identity m1 among the AGP has the permission of creating ACR.ACR m1 also has the permission of using key, and described key is used for reading and writing the data that are associated with key ID " marketing message " and the data that are associated with key ID " price list ".Use the method for Figure 10, its establishment has the sale AGP of two ACR s1 and s2, it only has the permission of reading to the key that is used for the pricing data that access is associated with key ID " price list ", and does not have the permission of reading of the necessary key of data that access is associated with key ID " marketing message ".In this way, the entity with ACR s1 and s2 only can read and can not change pricing data, and will not have the access right to marketing data.On the other hand, ACR m2 does not have the permission of creating ACR, and only has the permission of reading to the key that is used for the data that access is associated with key ID " price list " and is associated with key ID " marketing message ".
Therefore, the mode authorize access power that can above explain, wherein m1 authorizes the right that reads pricing data to s1 and s2.This is particularly useful under the situation that relates to bigger marketing and sale group.Under the situation that only has one or several sales force, may not need to use the method for Figure 10.In fact, can be weighed to the ACR authorize access lower or the identical layer place in the same AGP by ACR, as illustrated in fig. 12.At first, the tree (square frame 280) of entity by specifying the ACR in the tree to enter this type of AGP via main frame in the manner described above.Next, main frame will be specified ACR and the right that will authorize.SSA checks that tree is to check whether this type of ACR and described ACR have the permission (rhombus 282) that right is licensed to another ACR of appointment.If authorize described right (square frame 284) so; If not, it stops so.The result illustrates in Figure 13.ACR m1 in the case has and will read the permission of permission to ACR s1, makes that s1 can use key to come the access pricing data after authorizing.This can have under the situation identical or more grands droits access pricing data and the permission of so authorizing at m1 carries out.In one embodiment, m1 keeps its access right after authorizing.Preferably, confined conditions (rather than for good and all) such as limited time, limited access times authorize access power down can for example continued.
The process that is used for establishment key and key ID illustrates at Figure 14.Entity is by ACR checking (square frame 302).Described entity requests is created the key (square frame 304) that has by the ID of main frame appointment.SSA checks whether specified ACR has the permission of so doing (rhombus 306).For instance, if key will be for the data of access particular zones, but SSA will check whether this subregion of access of ACR so.If ACR is through authorizing, storage arrangement 10 is provided by the key value (square frame 308) that is associated with the key ID that is provided by main frame so, and key ID is stored among the ACR and with key value is stored in (in controller associated memory or the storer 20) in its storer, and assign right and permission (square frame 310) according to the information of entity supply, and with the right of this type of appointment and the PCR of this type of ACR of permission modifications (square frame 312).Therefore, the founder of key has all available rights, for example read and write permission, authorize and with same AGP in other ACR or be in the right that the ACR of lower level shares, and the proprietorial right that shifts key.
ACR can change the permission (or changing its existence fully) of another ACR in the SSA system, as illustrated in fig. 15.Entity can enter tree by ACR as before; In one case, entity empirical tests and then its appointment ACR (square frame 330,332).Permission (square frame 334) among its request deletion target ACR or the target ACR.If the ACR that specified ACR or this moment are in active state has the right of so doing (rhombus 336), delete target ACR so, or the PCR that changes target ACR is to delete this type of permission (square frame 338).If this without permission, system stops so.
After said process, target will be no longer can access its can access before process data.As shown in figure 16, entity can be attempted to enter at target ACR place (square frame 350) and find the proof procedure failure, because previous existing ACRID no longer is present among the SSA, makes access right be rejected (rhombus 352).Suppose that ACR ID is not deleted as yet, entity is specified key ID and/or the data (square frame 356) in ACR (square frame 354) and the particular zones, and SSA then checks key ID or permits subregion access request (rhombus 358) according to the PCR of this type of ACR.If permit deleted or expired, refusal request so again.Otherwise, grant described request (square frame 360).
How said process tracing device (for example, flash cards) manages the access to protected data, and no matter whether ACR and PCR thereof are just changed by another ACR or so be configured to start with.
Dialogue
A plurality of users that the SSA system logins with disposal simultaneously through design.When using this feature, each order that SSA receives is associated with special entity, and has only when the permission that has for the ACR that verifies this entity institute's request action and just be performed.
Support a plurality of entities by the dialogue concept.Dialogue is set up during proof procedure and is obtained talking with id by the appointment of SSA system.Dialogue id is associated with the ACR that is used for signing in to system inner, and orders to be used for all further SSA through exporting to entity.
The SSA system supports two types dialogue: open dialogue and security dialogues.In ACR, define the dialogue types that is associated with the certain validation process.The SSA system will carry out session establishment to be similar to the mode of itself carrying out checking.Because ACR defines the entity permission, so making system designer safety can be worn tunnel and access specific key ID or call specific ACR bookkeeping (that is, creating new ACR and setting voucher), this mechanism is associated.
Open dialogue
Open dialogue is to talk with id but the dialogue that do not have bus encryption to identify, and all orders and data are passed through in the clear.This operator scheme is preferably used in multi-user or the multiple entity environment, and wherein entity is not a part that threatens model, does not eavesdrop in bus yet.
Although the effective fire wall between the application program on the host computer side is not enabled in the transmission of protected data yet, open dialogue mode makes the SSA system can allow only access to allow to be used for the information of current empirical tests ACR.
Open dialogue also can be used for subregion or the shielded situation of key needs.Yet after effective proof procedure, all entities on main frame are granted access rights.In order to obtain the permission of empirical tests ACR, that the unique needs of various host application programs are shared is dialogue id.This illustrates in Figure 17 A.The step of line 400 tops is steps of being taked by main frame 24.At entity at ACR1 empirical tests (square frame 402) afterwards, its request is to the access (square frame 404,406 and 408) of the file that is associated with key ID X in the storage arrangement 10.If the PCR of ACR1 allows this access, install 10 so and grant described request (rhombus 410).If no, system turns back to square frame 402 so.After checking was finished, the dialogue id (rather than ACR voucher) that accumulator system 10 only passes through to assign identified the entity of issue an order.In open dialogue, in case ACR1 obtains the access right to the data that are associated with key ID among its PCR, any other application program or user just can come the access identical data by specifying in correct dialogue ID shared between the different application on the main frame 24.This feature is more favourable in following application: the user only can login once and can access be comparatively easily with all data that the account of being passed through at different application execution login contacts.Therefore, the Email that cell phone user may can access be stored, and listen to the music of storage in the storer 20, and needn't login repeatedly.On the other hand, the data that do not comprised by ACR1 can not access.Therefore, same cellular telephone subscriber can have and can for example play and photo by the valuable content of independent account ACR2 access.This is its data of not wishing to borrow other people access of its phone, although it may not mind the data that other people can use by its first account ACR1 access.To be divided into two independent accounts to the access of data allows in open dialogue access ACR1 that the convenience of using is provided simultaneously and protection to valuable data is provided.
In order further to make the process of sharing dialogue id between host application program convenient, when the open dialogue of ACR request, it can be asked dialogue to be assigned clearly and obtain " 0 (zero) " id.In this way, application program can be through design to use predefined dialogue id.Owing to tangible reason, unique restriction is that the ACR of an only request dialogue 0 can be verified at special time.The trial of verifying the ACR of another request dialogue 0 will be rejected.
Security dialogues
In order to add layer of security, can be shown in Figure 17 B and use dialogue id.Storer 10 is then also stored the dialogue id of the dialogue that is in active state.For instance, in Figure 17 B, for the file that can access be associated with key ID X, entity will also need to provide dialogue id (for example, dialogue id " A ") (square frame 404,406,412 and 414) before being allowed to accessing file.In this way, unless request entity is known correct dialogue id, otherwise it can not access memory 10.Because deletion dialogue id and dialogue id talk with difference, so entity only just can obtain access right when it can provide dialogue for each after end-of-dialogue.
Whether the SSA system is by using the dialogue trace command genuine in correct empirical tests entity.For application and the operating position of the threat that exists the assailant to attempt to use open channel to send malicious commands, host application program uses security dialogues (escape way).
When using escape way, encrypt (dialogue) key with escape way dialogue id and whole order are encrypted, and safety grades is the same with the host computer side embodiment high.
Stop dialogue
In any one of following situation, stop dialogue, and nullify ACR:
1. the end dialog order that entity issued is clear and definite.
2. it is overtime to communicate by letter.Special entity is being defined as not issue an order in time cycle of one of ACR parameter.
3. all open dialogues are reseted and/or power cycle termination afterwards at device (for example, flash cards).
The data integrity sex service
The integrality of SSA system test SSA database (it contains all ACR, PCR etc.).In addition, provide the data integrity sex service by key ID mechanism for solid data.
If key ID is configured to hash as its cryptographic algorithm, hashed value is stored in the CEK record with CEK and IV so.During write operation, calculate and the storage hashed value.During read operation, calculate hashed value again, and with its with previous write operation during the value of storing compare.During the positive access keys ID of each entity, with excessive data connect (with pin mode) to legacy data and upgrade suitable hashed value (at read or at writing).
Because the data file of having only main frame to know to be associated with key ID or being pointed to by key ID, so main frame some aspects of management data integrity function clearly in the following manner:
1. from beginning to write or read the data file that is associated with key ID or is pointed to by key ID to ending.The trial of the part of any accessing file will make the file confusion, because the SSA system is just using the CBC encryption method and producing the ashed information summary of whole data.
2. need be with adjacency stream deal with data (described data stream can be not staggered and divisible in a plurality of dialogues with the data stream of other key Id), because middle hashed value is by the SSA system held.Yet event data stream restarts, and entity will need to indicate clearly the SSA system to reset hashed value so.
3. when read operation is finished, the hashed value that main frame calculates during asking the SSA system by the hash that will read and write operation clearly compares to verify the described hash that reads.
4.SSA system also provides " illusory reading " operation.This feature will make serial data stream by crypto engine but will it can be issued to main frame.This feature is used in fact from installing (for example, flash cards) sense data check data integrality before.
Random number produces
The SSA system will make external entity can utilize internal random number producer and request in the outside random number of using of SSA system.This service can be used and do not needed and verify by any main frame.
RSA key is to producing
The SSA system will make external user can utilize inner RSA key right at the outside key that uses of SSA system to producing feature and request.This service can be used and do not needed and verify by any main frame.
Alternate embodiment
Be alternative in the use level approach, the active bank method realizes similar results, as illustrated in fig. 18.
As shown in figure 18, the maximum number that the voucher tabulation of entity, verification method, failure can be attempted and remove the minimal amount that blocks required voucher and be input in the database that is stored in controller 12 or the storer 20, described database requires this type of voucher with relevant by the strategy in the database of controller 12 implementations of storer 10 (to the reading of key and subregion, write access, escape way requires).Also be stored in the database is constraint and restriction to the access of key and subregion.Therefore, some entities (for example, the system manager) may be in white tabulation, but this means these all keys of entity access and subregions.Other entity may deceived in the tabulation, and the trial of any information of its access will be blocked.That restriction can be the overall situation or key and/or subregion are specific.But this means only some some specific key of entity access and subregion, and some entity can not be done like this.Also can impose restriction to content itself, no matter its residing subregion or be used for to its key that is encrypted or deciphers how.Therefore, some data (for example, song) may have the attribute of the first five host apparatus access that only can be accessed it, or other data (for example, film) only can be read limited number of times, and no matter which entity has access right.
Checking
Cryptoguard
Cryptoguard means need provide password to come the access protected field.Unless it can not be an above password, otherwise password can be associated with different rights (for example, reading access right or read/write access right).
Cryptoguard means that device (for example, flash cards) can be provided by the password that is provided by main frame, and namely device also has the password in the secure memory area that is stored in device management.
Issue and restriction
Password stands Replay Attack.Because password is constant after providing at every turn, so it can send in the same manner again.This means if data to be protected are valuable and the easy access of communication bus, do not answer tale quale to access to your password so.
Password can be protected the access of storage data but shall not be applied to protected data (not being key).
In order to increase the safety grades that is associated with password, can use master key to make its variation, the result steals a password can not make the total system collapse.Secured communication channel based on session key can be used for sending password.
Figure 19 is the process flow diagram that explanation accesses to your password and verifies.Entity is the system of passing 10 (for example, flash memory cards) with account id and password.The described password of systems inspection whether with its storer in the password coupling.If its coupling is passed the empirical tests state so back.Otherwise error counter increases progressively at described account, and requires entity to re-enter account id and password.If counter overflows, system passes the unaccepted state of access back so.
Symmetric key
Symmetric key algorithm means that same key is used for both sides to be encrypted and to decipher.This means before communication and agree key in advance.And each side should be implemented inverse algorithms each other, namely on the side is to be decipherment algorithm on cryptographic algorithm and the opposite side.Both sides do not need to implement two kinds of algorithms and communicate.
Checking
Symmetric key checking means that device (for example, flash cards) and main frame share same key and have same password algorithm (directly and reverse, for example DES and DES-1).
The symmetric key checking means inquiry-response (protection Replay Attack).Protected device produces inquiry and both equal calculated response at other device.Demo plant sends it back response, and protected device inspection response and correspondingly affirmation checking.Then can grant the right that is associated with checking.
Checking can be:
Outside: device (for example, flash cards) checking is extraneous, and namely device is confirmed the voucher of given main frame or application program.
Mutual: all produce inquiry in both sides.
Inner: host application program demo plant (for example, flash cards), namely whether the main frame testing fixture is genuine for its application program.
For the safety grades (that is, destroying a part can not destroy all) that increases total system
Usually symmetric key and the variation of using master key are made up.
The checking use serves as true inquiry from the inquiry of both sides to guarantee to inquire mutually.
Encrypt
Symmetric key cryptography also is used for encrypting, because it is very effective algorithm, namely it does not need powerful CPU to dispose cryptology.
When for the protection of communication port:
Two devices all must be known session key for the protection of passage (that is, encrypt all outgoi8ng datas and decipher all and import data into).This session key typically uses the secret symmetric key of sharing in advance or uses PKI to set up.
The same password algorithm must be known and implement to two devices all.
Signature
Symmetric key also can be used for signing data.In said case, signature is the partial results of encrypting.Keep the result under the situation that does not expose key value, to sign and required as many number of times for the permission of part.
Issue and restriction
The very effective and safety of symmetry algorithm, but it is based on the secret of sharing in advance.Issue shares safely with dynamical fashion that this is secret and may be at random (as session key).Viewpoint is that the secret shared is difficult to keep safety and may share with a plurality of people hardly for a long time.
In order to promote this operation, invention public key algorithm, it allows exchanging secrets under the situation of shared secret not.
Asymmetric proving program
Use a series of data transferring command of the session key that finally is configured for escape way communication based on the checking of asymmetric key.Basic agreement is to SSA system verification user.The agreement variation allows checking mutually (the wherein ACR of its hope use of subscriber checking) and two factor checking.
The asymmetric indentification protocol of SSA is preferably used Public Key Infrastructure (PKI) and RSA Algorithm.Define as these algorithms, the RSA key that each side in the permission proof procedure creates himself is right.Formed by public and private key for every pair.Because key is anonymous, so it can not provide the proof of identity.The PKI layer calls the 3rd and puts letter side, each of its signature public keys.Put the public keys of letter side and between the each side that will verify each other, share in advance, and be used for the public keys of check each side.In case break the wall of mistrust (two Fang Jun determine the public keys that trusted the opposing party provides), agreement just continues checking (checking each side to hold the private key of coupling) and key change.This can finish by the query-response mechanism of explanation in Figure 22 described below and 23.
The structure that contains through the signature public keys is called certificate.The letter side of putting of self-signing certificate is called certificate authority (CA).In order to verify a side, its have RSA key to the certificate of the authenticity that confirms public keys.The certificate authority signature that described certificate is trusted by another (checking) side.Authentication is expected at has the public keys that it puts letter CA in its belongings.
SSA allows the certificate link.The public keys that this means the side of being identified can be signed by different CA (being different from the CA that identification side trusts).In the case, the side of being identified will also provide the certificate of the CA of its public keys of signature except the certificate of himself.If this second level certificate is not still trusted (not putting letter CA signature by it) by the opposing party, can provide third level certificate so.In this certificate link algorithm, each side will have the complete list of the required certificate of its public keys of checking.This explanation in Figure 23 and 24.The ACR of this type verifies that mutually required voucher is that RSA key in the designated length is right.
The SSA certificate
SSA uses [X.509] version 3 digital certificate.[X.509] be the universal standard; The content of institute's define field of certificate is further specified and limit to SSA certificate profile described herein.The certificate profile also is defined as the trust level of the management definition of certificate chain, affirmation and certificate revocation lists (CRL) profile of SSA certificate.
Certificate is considered to public information (as the public keys of inside) and therefore not encrypted.Yet it comprises the RSA signature of checking public keys and all out of Memory fields not to be tampered.
[X.509] each field of ASN.1 standard format is used in definition, and described ASN.1 standard uses the DER form to carry out the data coding again.
The general introduction of SSA certificate
An embodiment of the SSA certificate management structure of describing among Figure 20 and 21 is by forming at the unrestricted hierarchical layers of main frame with at three hierarchical layers at the most of device, but can be at the level number of plies of device use greater or less than three.
The host credentials level
Device is based on two factor authentication main frames: be stored in the device root ca certificate (as the ACR voucher of when creating ACR, storing) and by the certificate/certificate chain (at described specific ACR) of the entity supply of attempting access device.
For each ACR, the host credentials authorized party is as root CA (this is the certificate that resides in the ACR voucher).For instance: for an ACR, root CA can be " main frame 1CA (layer 2) certificate ", and for another ACR, it can be " main frame root ca certificate ".For each ACR, each entity of holding by the certificate of the root CA signature certificate chain of end entity certificate (or root CA is connected to) can sign in among the described ACR, as long as it has the corresponding private key at the end entity certificate.As mentioned above, certificate is common knowledge, and does not remain secret.
The fact that all the certificate holders (with corresponding private key) that issued by root CA can sign in among the described ACR means the checking of specific ACR definite by the publisher who is stored in the root CA in the ACR voucher.In other words, the publisher of root CA can be the entity of the proof scheme of management ACR.
Main frame root certificate
The root certificate be SSA be used to begin check attempt login (main frame) entity public keys put the letter CA certificate.This certificate provides when ACR is created as ACR voucher a part of.It is the root of the trust of PKI system, and therefore supposes that it provides by putting reliable body (the letter environment is put in parent ACR or manufacturing/configuration).SSA uses its public keys to check this certificate to sign with certification of proof.Main frame root certificate is stored in the nonvolatile memory (Fig. 1 is not shown) with encrypted state, and wherein Zhuan Zhi privacy key preferably only can be by CPU 12 accesses of Fig. 1 of system 10.
The host credentials chain
These are to offer the certificate of SSA during the checking.After the finishing dealing with of chain, not regathering of host credentials chain should be stored in the device.
Figure 20 be the explanation some different host credentials chains host credentials layer by layer the level synoptic diagram.As illustrated in fig. 20, host credentials can have many different certificate chains, wherein only illustrates three:
A1. main frame root ca certificate 502, main frame 1CA (layer 2) certificate 504 and host credentials 506;
B1. main frame root ca certificate 502, main frame n CA (layer 2) certificate 508, main frame 1CA (layer 3) certificate 510, host credentials 512;
C1. main frame root ca certificate 502, main frame n CA (layer 2) certificate 508 and host credentials 514.
More than three certificate chain A1, B1 and C1 explanation can be used for proving that the public keys of main frame is genuine three possible host credentials chains.With reference to above certificate chain A1 and in Figure 20, the public keys in main frame 1CA (layer 2) certificate 504 is by the private key signature (that is, by encrypting the summary of public keys) of main frame root CA, and the public keys of described main frame root CA is in main frame root ca certificate 502.By the private key signature of main frame 1CA (layer 2), the public keys of main frame 1CA (layer 2) is provided in main frame 1CA (layer 2) certificate 504 host public key in the host credentials 506 again.Therefore, the entity with public keys of main frame root CA can be checked the authenticity of above certificate chain A1.As first step, described entity uses the public keys of the main frame root CA in its belongings to decipher by main frame and sends to the public keys of signing in main frame 1CA (layer 2) certificate 504 at its place, and the summary of the unsigned public keys in the public keys of signing of deciphering and the main frame 1CA that is sent by main frame (layer 2) certificate 504 is compared.If both couplings, the public keys of the main frame that the private key that the public keys empirical tests of main frame 1CA (layer 2), and entity so will then use the public keys of the empirical tests of main frame 1CA (layer 2) to decipher the main frame 1CA (layer 2) in the host credentials 506 that is sent by main frame is signed.If institute's signature value coupling of the summary of this public keys in institute's signature value of deciphering and the host credentials 506 that is sent by main frame, so then also empirical tests of the public keys of main frame.Certificate chain B1 and C1 can be used for verifying in a similar manner.
As from the above process that relates to chain A1, will noticing, from being public keys in main frame 1CA (layer 2) rather than the main frame root ca certificate by first public keys of the main frame of entity check.Therefore, the full content that main frame need send to entity is main frame 1CA (layer 2) certificate 504 and host credentials 506, makes that main frame 1CA (layer 2) certificate will be to need first certificate of sending in the chain.Illustrated as mentioned, the certificate checking sequence is as follows.Check entity (being storage arrangement 10 in the case) is at first checked the authenticity of the public keys in first certificate in the chain (it is the certificate 504 of the CA under the root CA in the case).After public keys in this certificate verified as very, device 10 then continued check next certificate (being host credentials 506 in the case).For the same reason, but contain under the situation of two above certificates checking sequence like the application class at certificate chain, the urgent certificate that is connected on root certificate below begins and finishes with the certificate of entity to be verified.
Device certificate level
Main frame is based on two factor demo plants: be stored in the main frame device root CA and by the certificate/certificate chain (it when creating ACR as voucher be fed to device) of device provisioning to main frame.The process of host verification device is similar to the process of above-described device checking main frame.
The device certificate chain
These are right certificates of key of ACR.It is provided to card when creating ACR.SSA individually stores these certificates, and will during verifying they be provided to main frame one by one.SSA uses these certificates to come to host verification.Device can be disposed the chain of 3 certificates, but can use the certificate number that is different from 3.The number of certificate can change according to the ACR difference.It is determined when creating ACR.Device can send to main frame with certificate chain, yet it does not need they are resolved, because it does not use the certificate chain data.
Figure 21 is the explanation device certificate synoptic diagram of level layer by layer, and described level is used for explanation at 1 to n different certificate chain of the device (for example, memory storage) that uses SSA.N illustrated in fig. 21 different certificate chains are as follows:
A2. install root ca certificate 520, device 1CA (manufacturer) certificate 522 and device certificate 524;
B2. install root ca certificate 520, device nCA (manufacturer) certificate 526 and device certificate 528.
The SSA device can be made by 1 to n different manufacturer, and each manufacturer has the device CA certificate of himself.Therefore, will be signed by the private key of its manufacturer at the public keys in the device certificate of specific device, and the public keys of manufacturer is signed by the private key of device root CA again.The mode that is verified of public keys of device is similar to the mode under the situation of public keys of above-described main frame.With the same under the situation of the check of the chain A1 that above describes at main frame, do not need the dispensing device root ca certificate, and first certificate that will need in the chain to send is device iCA (manufacturer) certificate, be the device certificate afterwards, i is the integer from 1 to n.
In embodiment illustrated in fig. 21, device will provide two certificates: device iCA (manufacturer) certificate is the device certificate of himself afterwards.Device iCA (manufacturer) certificate is the certificate of making the manufacturer of this device, and described manufacturer provides private key with the manufacturer of the public keys of signature device.When main frame receives device iCA (manufacturer) certificate, main frame will use the public keys of the root CA in its belongings to decipher the public keys with verifying attachment iCA (manufacturer).If this checks failure, main frame is failed abort process and notifying device checking so.If be proved to be successful, main frame then will send to device to the request of next certificate so.Device will then send the device certificate of himself to be checked in a similar manner by main frame.
Above-mentioned checkout procedure also is described in more detail in Figure 22 and 23.In Figure 22, " SSM system " implements the software module of SSA system described herein and other function described below.SSA can be embodied as software or computer code, and it has the database in the nonvolatile memory (not shown) that is stored among storer 20 or the CPU 12, and is read among the RAM 12a and is carried out by CPU 12.
As shown in figure 22, there is three phases during the course, wherein the 542 checking host computer systems 540 of the SSM system in device 10.At the first public keys testing stage, host computer system 540 sends to SSM system 542 with the host credentials chain in the SSM order.SSM system 542 uses the root certificate authority public keys of the main frame root certificate 548 that is arranged in ACR 550 to check the authenticity of (square frame 552) host credentials 544 and host public key 546.Under the situation that relates to the middle certificate authority between root certificate authority and the main frame, middle certificate 549 also is used for the check of square frame 552.Suppose the success of check or process (square frame 552), SSM system 542 then advances to subordinate phase so.
SSM system 542 produces random number 554 and it is sent to host computer system 540 as inquiry.System 540 uses the private key 547 of host computer systems to sign random number 554 (square frame 556) and as the random number that the response of inquiry is sent through signature.Use host public key 546 to decipher response (square frame 558), and will respond and random number 554 compares (square frame 560).Suppose through deciphering response and random number 554 couplings, query-response success so.
In the phase III, use host public key 546 to come encrypted random number 562.This random number 562 then is session key.Host computer system 540 can obtain session key from SSM system 542 through encrypted random number 562 by using its private key to decipher (square frame 564).By this session key, then can open the secure communication between beginning host computer system 540 and the SSM system 542.Figure 22 illustrates that wherein host computer system 540 is by the unidirectional asymmetric checking of SSM system 542 checkings in the device 10.Figure 23 is the protocol figure that the two-way mutual proof procedure of the unidirectional authentication agreement that is similar to Figure 22 is described, wherein the SSM system 542 among Figure 23 is also by host computer system 540 checkings.
Figure 24 is the figure for the certificate chain 590 of explanation one embodiment of the present of invention.As mentioned above, the certificate chain that need present to be used for check can comprise some certificates.Therefore, the certificate chain of Figure 24 comprises nine (9) individual certificates altogether, and it all may need through check to be used for checking.Explain in the background parts as mentioned, at the existing system that is used for the certificate check, send imperfect certificate chain, or sending under the situation of complete certificate, not with any certain order send certificate make the recipient will accept and store the certificate of whole group after could certificate of analysis.Because the number of certificate is not known in advance in the chain, so this can cause problem.May need to keep a large amount of storage spaces to be used for the certificate chain of the uncertain length of storage.This may be a problem for the memory storage of carrying out check.
One embodiment of the present of invention are based on the understanding that a system can alleviate described problem, and wherein host apparatus is to send its certificate chain with will be by the order that memory storage the is checked identical order of certificate chain.Therefore, as shown in figure 24, the chain 590 of certificate is with as certificate chain 590 (1) beginning that is right after the certificate below main frame root certificate, and finishes with the certificate 590 (9) as host credentials.Therefore, device 10 will be at first public keys in the certification of proof 590 (1), public keys in the certification of proof 590 (2) etc. afterwards, the host public key in certificate 590 (9) is till check.This then finishes the checkout procedure of whole certificate chain 590.Therefore, if host apparatus will send to storage arrangement 10 with certificate chain 590 with order or the sequence order that is verified or sequence is identical with certificate chain, storage arrangement 10 can begin to check each certificate when receiving each certificate so, and needn't wait until till whole 9 certificates that received in the chain 590.
Therefore, in one embodiment, host apparatus once sends to storage arrangement 10 with a certificate in the chain 590.Storage arrangement 10 will be followed and must once store single certificate.After certification of proof, it can be rewritten by next certificate (except last certificate in the chain) that main frame sends.In this way, storage arrangement 10 will need retaining space to be used for only storing single certificate at any time.
Storage arrangement is known needs and is received whole chain 590 when.Therefore, preferably, last certificate 590 (9) contains designator or the indication that this is last certificate in the chain.This feature illustrates in Figure 25, and Figure 25 is that explanation is in and sends to the table of the information of storage arrangement 10 by main frame in the control sector before the certificate impact damper.As shown in figure 25, independent variable title " ' for final ' flag " is contained in the control sector of certificate 590 (9).Storage arrangement 10 can be then by checking that whether " for final " flag is last certificate in the chain through setting certification of proof 590 (9), to determine whether the certificate that is received is last certificate in the chain.
In alternate embodiment, the certificate in the chain 590 can not send one by one, but sends with one, the group of two or three certificates.Obviously, can use the certificate of similar number in the group of the certificate with other number or the group.Therefore, chain 590 comprises certificate 591,593,595,597 and 599 five (5) individual continuous strings.Each of described string contains at least one certificate.The continuous string of certificate is the certificate (beginning certificate) that contains the string before the string that is next in the chain under discussion, be next in the chain certificate (end certificate) of the string after the string, and the string of all certificates between beginning certificate and the end certificate.For instance, string 593 contains all three certificates 590 (2), 590 (3) and 590 (4).Five certificate strings by storage arrangement 10 with following sequential test: 591,593,595,597, and finish with 599.Therefore, if five strings send and receive with the sequence identical with the performed check of storage arrangement 10, storage arrangement will not need to store any one of string after string has been verified so, and all strings except last string can be by the following a string rewriting that arrives from main frame.As among the embodiment formerly, last certificate need contain and is set at the designator (for example, flag) of particular value to indicate that it is last certificate in the chain in the chain.In this embodiment, storage arrangement will only need to keep the space that is enough to the certificate of storage maximum number in five strings.Therefore, if main frame is at first notified the storage arrangement the longest string that 10 its hope send, storage arrangement 10 will only need to keep enough spaces and be used for the longest string so.
Preferably, the length of each certificate is not more than four times of length of the public keys of being identified by certificate in the chain that is sent by main frame.Similarly, send to host apparatus preferably is not more than the public keys of being identified by certificate with the length of the certificate of the public keys of identifying storage arrangement four times of length by storage arrangement 10.
Above-mentioned embodiment for the certification of proof chain illustrates that at the process flow diagram of Figure 26 for simplicity, the certificate number in each group is assumed to one in Figure 26.As shown in figure 26, main frame sends to card in proper order with the certificate in the chain.With first certificate in the chain (normally immediately following a certificate after the root certificate of being explained as mentioned) beginning, card is the main frame acceptance certificate chain (square frame 602) from just being verified sequentially.Clamping each of the certificate that receives of check and abort process under any one situation of failing to be verified of certificate.If any one of certificate fails to be verified, cartoon is known main frame (square frame 604,606) so.Card will then detect last certificate and whether be received and check (rhombus 608).If last certificate is not received and checks, clamping and is turned back to square frame 602 to continue reception and check from the certificate of main frame so.If last certificate is received and checks, clamping after the certificate check and is advanced to next stage (610) so.Though the feature reference memory card in Figure 26 and the following subsequent drawings is as an example, will understand, these features also can be applicable to have the storage arrangement of the physical form of non-memory card.
The process that main frame is carried out when card is just being verified main frame illustrates in Figure 27.As shown in figure 27, main frame sends to card (square frame 620) (usually to begin immediately following a certificate after the root certificate) with next certificate in the chain.Main frame then determines whether to receive from clamping the suspension notice (rhombus 622) of indication authentication failed.If received suspension notice, main frame stops (square frame 624) so.If do not receive suspension notice as yet, main frame is by checking that whether setting " for final flag " in last certificate that sends checks last certificate (rhombus 626) that sends whether in the chain so.If sent last certificate, main frame then advances to next stage (square frame 628) after the certificate check so.As illustrated in Figure 22 and 23, next stage can be query-response, is that session key is created afterwards.If do not send last certificate in the chain as yet, main frame turns back to square frame 620 to send last certificate in the chain so.
Action explanation in Figure 28 and 29 that card and main frame are taked when card just is being verified.As shown in figure 28, after beginning, card is waited for the request (square frame 630, rhombus 632) from the certificate in the transmission chain of main frame.If do not receive the request from main frame, card will turn back to rhombus 632 so.If receive the request from main frame, card will then send next certificate in the chain so, begin (usually to begin immediately following a certificate after the root certificate) (square frame 634) with first certificate that should send.Card determines whether from the main frame notice (rhombus 636) that takes defeat.If taken defeat notice, card stops (square frame 637) so.The notice if do not take defeat, clamping and is determined whether to send last certificate (rhombus 638) so.If do not send last certificate as yet, card turns back to rhombus 632 and waits for up to it receives next request of next certificate that sends the chain from main frame till so.If sent last certificate, clamping and is advanced to next stage (square frame 639) so.
Figure 29 explanation action that main frame is taked when card just is being verified.Main frame will send to card to the request of next certificate in the chain, begin (square frame 640) with the request to sent first certificate.Whether main frame is each certificate of receiving of check then, and abort process and announcement card check fail (square frame 642).If upcheck, whether the main frame inspection has received and has successfully checked last certificate (rhombus 644) so.If do not receive and successfully check last certificate as yet, main frame then turns back to square frame 640 to send the request to next certificate in the chain so.If received and successfully checked last certificate, main frame then advances to next stage (square frame 646) after the certificate check so.
Certificate revocation
When the issue certificate, expect that it is used for its whole validity cycle.Yet various situations can cause certificate to become invalid before the validity period expires.This type of situation comprises the related change (for example, the office worker stops the employment relationship with mechanism) between name changing, theme and the CA, and the divulging a secret or suspicious divulging a secret of corresponding private key.Under this type of situation, CA need recall certificate.
SSA realizes certificate revocation by different way, and each ACR can be configured for use in the method for specifically recalling certificate.ACR can be configured to not support the scheme of recalling.In the case, think that each certificate is effectively till its expiry date.Perhaps can use certificate revocation lists (CRL).As another replacement scheme, the scheme of recalling can be specific for application-specific, or specific for using, and it will be explained hereinafter.ACR specifies by the appointment value of recalling and adopts three kinds to recall any in the scheme.If recall in nothing under the situation of scheme and create ACR, it might adopt the scheme of recalling that can be activated by the ACR owner so.Recalling by main frame rather than by the SSA security ststem of storage arrangement certificate carried out.The ACR owner is in charge of recalling of main frame root certificate, finish this action institute by mechanism be that voucher by renewal ACR carries out.
Certificate revocation lists (CRL)
The SSA system uses the scheme of recalling, its relate to each CA periodically issue be called certificate revocation lists (CRL) through the signature data structure.CRL is the tabulation through the time stamp, the certificate of recalling that its identification is signed by CA (issuing the same CA of in question certificate), and can be used by public freedom.Each certificate of recalling is identified by its certificate serial number in CRL.The size of CRL is arbitrarily and depends on the number of the certificate that do not expire that is withdrawn.When device uses certificate when (for example, being used for the identity of check main frame), device not only checks certificate signature (and validity), and the tabulation of the sequence number that receives by CRL of contrast is tested to it.If the CRL that issues at the CA by the issue certificate finds for example identifying informations such as sequence number of certificate, this indication certificate has been withdrawn and is no longer valid so.
CRL also is verified as needs genuine in order to make it can be used for the purpose of authentication certificate.Use the private key of the CA of issue CRL to sign CRL, and public keys that can be by using CA is to being decrypted and CRL is verified as really through signature CRL.If through the digests match of the CRL of deciphering CRL and unsigned, this means that so CRL is not tampered as yet and be genuine.CRL uses hashing algorithm to make a summary to obtain it through hash continually, and summary is by the private key encryption of CA.In order to check CRL whether effective, use the public keys solution crammed signature CRL (that is, hash and through encrypting CRL) of CA to obtain the CRL (that is the summary of CRL) through deciphering and hash.This then compares with hash CRL.Therefore, checkout procedure may relate to continually hash CRL with the step that compares through deciphering and the CRL of hash.
One of characteristic of CRL scheme is that the affirmation of certificate (contrast CRL) can separate execution with acquisition CRL.CRL is also by publisher's signature of relevant certificate, and uses the public keys of the CA that issues CRL in the above described manner and be verified in the mode of the check that is similar to certificate.Storage arrangement check signature is CRL, and the publisher of the publisher of CRL and certificate coupling.Another characteristic of CRL scheme is, can by with the identical means of certificate itself, namely communicate by letter the CRL that distributes via the non-telecommunications services device of putting with the non-letter of putting.CRL and characteristic thereof be explained in detail in standard X.509.
The SSA foundation structure of CRL
SSA provides foundation structure for the recalling of main frame of using the CRL scheme.When the scheme of recalling with CRL was verified to the ACR based on RSA, main frame added a CRL (if publisher CA does not recall deed of appointment, may be the CRL of sky so) as extra field to setting the certificate order.This field will contain the CRL by publisher's signature of certificate.When this field existed, storage arrangement 10 was at first checked the certificate of setting in the certificate order.Acquisition and access CRL storage vault are the responsibility of main frame fully.CRL with its during effectively the time cycle (CRL time expiration cycle or CET) is issued.In the inspection period, if find the current time not at this moment between in the cycle, think the CRL defectiveness so, and can not be used for the certificate check.Thereby the result is the authentication failed of certificate.
In the conventional certificate method of inspection, checking or check entity expection have maybe can be from certificate authority (CA) retrieval certificate revocation lists, and the contrast tabulation checks through presenting sequence number for the certificate of checking to determine whether the certificate that is presented is withdrawn.Be under the situation of storage arrangement in checking or check entity, storage arrangement may be not be used for independently from CA retrieval certificate revocation lists.If certificate revocation lists is stored in the device in advance, this tabulation expired certificate of recalling after the installed date that makes that can become will can not appear in the tabulation so.The certificate accessing storage devices that this will make the user use to recall.This is undesirable.
In one embodiment, the problems referred to above can be solved by a system, wish that wherein the entity that is verified is provided to checking entity (it can be storage arrangement 10) with certificate revocation lists together with certificate to be verified.The checking entity is followed the authenticity of certification of proof and the certificate revocation lists that receives.Whether the identifying information (for example sequence number of certificate) of checking entity by the inspection certificate is present in checks in the tabulation that certificate is whether on revocation lists.
In view of above content, asymmetric proof scheme can be used for the mutual checking between host apparatus and the storage arrangement 10.Hope provides its certificate chain and corresponding CRL to the host apparatus of storage arrangement 10 checkings with needs.On the other hand, host apparatus has been used for being connected to CA to obtain CRL, makes that storage arrangement does not need CRL is presented to host apparatus together with its certificate or certificate chain when storage arrangement 10 will be verified by host apparatus.
In recent years, there is the dissimilar mancarried device of the number of amplification that can be used for play content, for example different embedded or separate music player, mp3 player, cellular phone, personal digital assistant and notebooks.Though this type of device might be connected to World Wide Web so that access is tabulated from the certificate check of certificate authority, but many users are not connected to network usually every day, but will be connected to network only in order to obtain fresh content or to upgrade and subscribe (for example every several weeks).Therefore, this type of user must may be trouble from certificate authority acquisition certificate revocation lists more continually.For this type of user, certificate revocation lists and (randomly) are presented to memory storage with needs and can be stored in the preferred not protected zone of memory storage itself with the host credentials of access protected content.In the memory storage (for example, flash memory) of many types, the not protected zone of memory storage is managed by host apparatus rather than by memory storage itself.In this way, the user does not need (passing through host apparatus) must be connected to network to obtain how up-to-date certificate revocation lists.Host apparatus can be simply from the not protected area reseach this type of information of memory storage, and then turn to and this type of certificate and tabulation be presented to memory storage or storage arrangement with the protected content in the accessing storage devices.Because it is effective in some time cycle usually to be used for certificate and the respective certificate revocation lists thereof of access protected content, so as long as it is still effective, the user just needn't obtain up-to-date certificate or certificate revocation lists.Above feature make the user can during the suitably long cycle at certificate and certificate revocation lists all access certificate and certificate revocation lists expediently under the unspent situation, obtain updated information and needn't be connected to certificate authority.
Said process illustrates in the process flow diagram of Figure 30 and 31.As shown in figure 30, main frame 24 reads from the not protected public domain of storage arrangement 10 about main frame and will present to storage arrangement with the CRL (square frame 652) for the certificate of verifying.Because CRL is stored in the not protected zone of storer, so before main frame can obtain CRL, do not need checking.Because CRL is stored in the public domain of storage arrangement, so reading of CRL is subjected to host apparatus 24 controls.Main frame sends to storage arrangement (square frame 654) together with CRL and certificate to be tested again, unless and its receive failure notification from storage arrangement 10, otherwise advance to next stage (square frame 656).Referring to Figure 31, storage arrangement receives CRL and certificate (square frame 658) and checks certificate serial number whether on CRL (square frame 660) from main frame, and checks other side (for example, whether CRL expires).If the discovery certificate serial number is former thereby failure on CRL or owing to other, storage arrangement then sends to main frame (square frame 662) with failure notification so.In this way, different main frames can obtain to be stored in the CRL in the public domain of storage arrangement, because described same CRL can be used for the checking of different main frames.As mentioned above, for user convenience, will use the certificate of CRL check also can preferably be stored in the not protected zone of storage arrangement 10 with CRL.Yet the main frame that certificate can be used for only being distributed to by certificate is verified to storage arrangement.
In its field, contain under the situation of time (illustrated in as Figure 32) of next renewal at CRL, the SSA in the device 10 also contrast this time check current time with check the current time whether at this moment between after; If, also failure of checking so.SSA therefore preferably contrast the current time (or contrast storage arrangement 10 time when receiving CRL) check time of next renewal and CET both.
As mentioned above, if CRL contains the long list of the identifying information that is withdrawn certificate, handle (for example hash) and search listing so and may take a long time with the sequence number of the certificate that obtains to be presented by main frame, especially handle and the situation of search implementation in regular turn under.Therefore, for accelerator, these can be carried out simultaneously.In addition, received whole C RL if desired before processing and search whole C RL, process also may be consuming time so.The applicant recognizes, can come accelerator by some parts (when it is received (underway)) of handling and searching for CRL, makes that process is near completion when receiving the decline of CRL.
The above feature of scheme is recalled in Figure 33 and 34 explanations.Locate the entity acceptance certificate and the CRL (square frame 702) that are verified from hope at checking entity (for example, storage arrangement is such as memory card).Handle some parts of (for example hash) unencryption CRL, and these parts are carried out simultaneously the identification (for example, sequence number) of the certificate that search presented to be used for.The CRL of treated (for example hash) partly is compiled as complete hash CRL, its with by use part compiling that the entity that is verified from hope receives through deciphering CRL part forms complete through deciphering and the CRL of hash compares.If relatively do not have coupling in the indication relatively, so authentication failed.The checking entity also contrasts time and the CET both (square frames 706,708) that the current time checks next renewal.If the identifying information of finding the certificate present on the CRL or the current time not in CET, if or the time-out of the CRL of next renewal go also failure (square frame 710) of checking so.In some embodiments, store hash CRL part and may not need a large amount of storage space through decrypted hash CRL part for compiling.
When entity (for example, main frame) wishes to be verified, it will send to checking entity (square frame 722) to its certificate and CRL, and advance to next stage (square frame 724).This illustrates in Figure 34.
Present certificate chain for identification as sporocarp, can implement so and similar process above.In the case, need at each certificate in the chain with and corresponding CRL repeat said process.Each certificate and CRL thereof can handle when it is received, and the remainder that need not wait for the acceptance certificate chain with and corresponding CRL.
Identity object (IDO)
Identity to as if through design with allow storage arrangement 10 (for example, flash memory cards) storage RSA key to or the protected object of the password ID of other type.The identity object comprises the password ID of any kind that can be used for signing and check identity and encryption and decryption data.The identity object also comprises certificate from CA (or from a plurality of CA certificate chain), and the public keys of its auth key centering is true.The identity object can be used for providing the proof of the identity of external entity or inner card entity (that is, device itself, internal applications etc. are called the owner of identity object).Therefore, card do not use RSA key to or the password ID of other type come by query-response authenticate main frame but the proof of identifying as the data stream that is provided to its place by signature.In other words, the identity object contains its possessory password ID.For the password ID in the access identity object, main frame will at first need to be verified.Such as hereinafter description, control proof procedure by ACR.After main frame was successfully verified, the identity object owner ID that can access to your password set up possessory identity to the opposing party.For instance, password ID (for example, the right private key of public-private key) can be used for signing the data that presented by main frame by the opposing party.The representative capacity object owner to the opposing party present in the identity object through the signature data and certificate.The right public keys of public-private key in the certificate is accredited as very by CA (that is, putting the letter authorized party), makes this public keys of the opposing party's trusted for true.The opposing party can then use the data of the public keys solution crammed signature in the certificate, and will compare through data decryption and the data that sent by the opposing party.If through data decryption and the Data Matching that is sent by the opposing party, this owner who shows the identity object really can the real private key of access so, and is its entity that shows as really therefore.
Second purposes of identity object is to protect the owner data designated of ID (for example RSA key itself) to IDO that access to your password.Described data predicting uses the IDO public keys to encrypt.Storage arrangement 10 (for example, memory card) will use described private key to decipher described data.
IDO is the object that can create at the ACR of any kind.In one embodiment, ACR can only have an IDO object.Data signatures and protection feature all are that the SSA system just offering can be to the service of any entity of ACR checking.The protection class of IDO is the same high with the login authentication scheme of ACR.Can select any verification algorithm at the ACR that must have IDO.Decide and assess which algorithm and can protect IDO to use preferably by founder's (main frame).ACR with IDO provides its certificate chain in response to the order of obtaining the IDO public keys.
When IDO is used for data protection, may need further protection from what card was exported through data decryption.In the case, encourage the main frame use by the escape way of any one foundation of available verification algorithm.
When creating IDO, select key length and PKCS#1 version.In one embodiment, public and private key uses (index, the modulus) representation as defining among the PKCS#1 v2.1.
In one embodiment, the data that comprise during the establishment IDO are that the RSA key in the designated length is right, and the certificate chain that recursively confirms the authenticity of public keys.
The ACR that has IDO will allow the signature user data.This orders to finish by two SSA:
Set user data: provide free-format data buffer to be signed.
Obtain the SSA signature.Card will provide RSA signature (using the ACR private key).The form of described signature and big I are set according to PKCS#1 V1.5 or V2.1 according to object type.
Use the explanation among Figure 35-37 that operates in of IDO, wherein storage arrangement 10 is flash memory cards, and described card is the owner of IDO.The signature of Figure 35 instruction card sends to the practiced process of data of main frame.Referring to Figure 35, to be controlled as the ACR by the node place of above-mentioned tree construction and be verified (square frame 802) afterwards at main frame, card waits for that main frame is for the request (rhombus 804) of certificate.After the request of receiving, card sends certificate and turns back to rhombus 804 to carry out next host requests (square frame 806).Send certificate chain if desired to prove the public keys of the IDO that card is had, repeat above action all certificates in chain so and send to till the main frame.After each certificate had sent to main frame, card was waited for other order (rhombus 808) from main frame.If do not receive order from main frame in preset time period, card turns back to rhombus 804 so.After host receiving data and order, card checks whether order is signature data (rhombus 810).If order is the signature data, card also will send to main frame (square frame 812) and turn back to rhombus 804 with the signature of the private key among IDO data through the signature data so.If the order from main frame is not the data of signing from main frame, card uses the private key among the IDO to decipher the data (square frame 814) that receive and turn back to rhombus 804 so.
The practiced process of main frame when Figure 36 explanation is sent to the data of main frame in the card signature.Referring to Figure 36, main frame sends to card (square frame 822) with authorization information.As controlled by the ACR at the node place of above-mentioned tree construction and successfully after the checking, main frame will send to card and reception chain (square frame 824) to the request of certificate chain.After the public keys of check card, main frame sends to card to be used for signature and to receive data (square frame 826) by the private key signature of card with data.
The public key encrypts data that Figure 37 explanation is used card when main frame also will be when enciphered data sends to card the practiced process of main frame.Referring to Figure 37, main frame sends to card (square frame 862) with authorization information.By being proved to be successful after the execution of ACR control, main frame will send to card (square frame 864) and requests for data is sent to card the request of the required certificate chain of the public keys that blocks among the check IDO.After checking the public keys that blocks among the IDO, main frame use card through the check public-key encryption from the data of card and send it to card (square frame 866,868).
Inquiry
Main frame and application program need have about some information of the storage arrangement of just therewith working or card so that the executive system operation.For instance, main frame and application program may need to know which application program that is stored on the memory card can be used for calling.The required information of main frame is not common knowledge sometimes, this means not to be that everyone has the right to have described information.Therefore, in order to distinguish through authorizing and the unauthorized user, need provide can be by two kinds of querying methods of main frame use.
The general information inquiry.This inquiry provides hard-core system public information.The confidential information that is stored in the storage arrangement comprises two parts: shared portion and non-shared portion.A part of confidential information comprises can be by the proprietary information of individual entities, make to allow only himself Proprietary Information of access of each entity, and proprietary confidential information that can not other side of access.The confidential information of this type is not shared, and forms the non-shared portion of confidential information.
Be commonly referred to be some public information and may be regarded as secret in some cases, for example reside on title and the life cycle state thereof of the application program in the card.Another example of this situation may be root ACR title, and it is considered to public but may is secret for some SSA operating positions.For these situations, system will provide the option that keeps this information only can be by all empirical tests users can not be used by the invalidated user in response to general information inquiry.This type of information is formed the shared portion of confidential information.The example of the shared portion of confidential information can comprise the root ACR tabulation-current tabulation that is present in all the root ACR on the device.
The access of inquiring about public information by general information does not need main frame/user to sign in among the ACR.Therefore anyone of known SSA standard can carry out and receive described information.According to the SSA term, this querying command is disposed not having under the situation of dialogue number.Yet entity is to the access of the shared portion of confidential information if desired, and so described entity needs at first by control any one (for example, any one of ACR) empirical tests to the control structure of the access of the data in the storage arrangement.After good authentication, entity can be by the shared portion of general information queried access confidential information.Explain as mentioned, proof procedure will produce SSA dialogue number or the id that is used for access.
Careful information inquiry
Be considered as careful and need clearly checking about the specific information of indivedual ACR and system access and assets.Therefore, this search request carried out ACR login and checking (if checking is specified by ACR) before receiving the mandate of information inquiry.This inquiry needs SSA dialogue number.
Before the inquiry of two types of detailed descriptions, the concept of at first describing index group will be useful as the solution of putting into practice that is used for implementing to inquire about.
Index group
The application program that operating system on the main frame (OS) and system driver request move at potential SSA main frame is to specify the set number of sectors that is read.This means again host application program need know for each SSA read operation to read how many sectors.
Because the character of query manipulation is the information that supply is not generally known for the people of solicited message, so the required number of sectors of host application program releasing inquiry and this operation of conjecture is difficult.
For head it off, the every query requests of SSA inquiry output buffer only is made up of a sector (512 byte).Object as the part of output information is organized with the group that is called index group.The object of each type can have different byte-sized, and this takes into account the number of the object that can be fit to single sector.This defines the index group of this object.If object has 20 byte-sized, the index group of this object will contain to reaching 25 objects so.If there are 56 these class objects altogether, it will be organized in 3 index groups originally so, wherein object " 0 " (first object) will begin the first index group, and object " 25 " will begin the second index group, and object 50 will begin the 3rd (last) index group.
System queries (general information inquiry)
This inquiry provides the public information about the SSA system that supports in the device and the current system that is set up as different trees and application program in the device operation.Be similar to ACR described below inquiry (careful inquiry), system queries will be through structure to provide some query options:
Generally-support the version of SSA.
SSA application program-current the tabulation that is present in all the SSA application programs (comprising its running status) on the device.
The information of above enumerating is public information.The same with ACR inquiry, need know at the inquiry output buffer to read how many sectors in order to get rid of main frame, will there be a sector to send it back from device, the while still makes main frame can further inquire about extra index group.Therefore, if root ACR object outnumber output buffer size at index group " 0 ", main frame can send another query requests about index group (" 1 ") subsequently so.
ACR inquires about (careful information inquiry)
SSA ACR querying command is wished to the information of ACR user's supply about the system resource (such as key and application program ID, subregion and filial generation ACR) of ACR.Query Information is only about the ACR of login and less than the information about other ACR on the genealogical tree.In other words, access only limits to the accessible described part under the permission of related ACR of confidential information.
Three kinds of different ACR objects that exist the user to inquire about:
Subregion-title and access right (owner, read, write).
Key ID and application program ID-title and access right (owner, read, write).
The ACR of the direct filial generation ACR of filial generation ACR-and AGP title.
IDO and secured data objects (hereinafter describe)-title and access right (owner, read, write).
Because the number could varyization of the object that is connected with ACR and information may be more than 512 bytes (sectors).Under the situation of the number of not knowing object in advance, the user has no idea to know and need the SSA system from device read how many sectors in order to obtain tabulation fully.Therefore, each list object that the SSA system provides is divided into index group, is similar to the situation of said system inquiry.Index group is the number that is coupled to an object in the sector, can in a sector SSA system of how many objects from device be sent to main frame.This makes a sector of the transmission index group that asks of SSA system in the device.Main frame/user will receive the impact damper of institute's query object, the number of the object in the impact damper.If impact damper is full, the user can inquire about next object indexing group so.
Figure 38 is the process flow diagram that explanation relates to the operation of general information inquiry.Referring to Figure 38, when the SSA system receives the general information inquiry from entity (square frame 902), system determines whether entity is verified (rhombus 904).If it is verified, system is to the shared portion (square frame 906) of entity supply public information and confidential information so.If it is not verified, system is only to entity supply public information (square frame 908) so.
Figure 39 is the process flow diagram that explanation relates to the operation of careful information inquiry.Referring to Figure 39, when the SSA system receives careful information inquiry from entity (square frame 922), system determines whether entity is verified (rhombus 924).If it is verified, system is to entity dispenser device confidential information (square frame 926) so.If it is not verified, system's refusal entity is to the access (square frame 928) of confidential information so.
Feature set is extended (FSE)
In many cases, the very advantageously SSA internal operation data processing activity on card (for example, DRM licence object is confirmed).The gained system will be with respect to wherein all data processing tasks all will be safer, more effective the alternative solution that main frame is carried out, and not rely on main frame.
The SSA security ststem comprises one group of verification algorithm and delegated strategy, its through design with control to access and use thereof by the set of the object of memory card storage, management and protection.In case main frame obtains access right, main frame just will then be carried out processing to the data that are stored in the storage arrangement, wherein the access of storage arrangement be controlled by SSA.Yet tentation data is specific for using largely in nature, and therefore among the SSA undefined data form also undefined data handle, described SSA does not handle the data that are stored on the device.
One embodiment of the present of invention are based on following understanding: the SSA system can be through strengthening to allow main frame to carry out some functions in the function of being carried out in memory card by main frame usually.Therefore, some software functions of main frame can be divided into two parts: a part is still existing by the card execution by main frame execution and another part.This has strengthened security and the efficient of handling at many application's data.For this purpose, can add the mechanism that is called FSE to strengthen the ability of SSA.The host application program of being carried out in this way by card among the FSE is also referred to as internal applications or device internal applications in this article.
The SSA system that strengthens provides in order to extend the mechanism of basic SSA command set, and its introducing via card application provides checking and the access control to card.Suppose card application except SSA those the service also implement other service (for example, DRM scheme, e-commerce transaction).The SSA feature set is extended (FSE) and is had the mechanism of the standard SSA security ststem of data processing software/hardware module (it can be proprietary) through design with enhancing.By the service of SSA FSE system definition make host apparatus except the information that can use above-mentioned inquiry to obtain is can also be to card inquiry applications available, the selection application-specific is also communicated by letter with application-specific.Above-described general and careful inquiry can be used for this purpose.
Utilize two kinds of methods of extending the card feature set among the SSA FSE:
Service-by allowing to use the command channel (it can be proprietary) that is called communication pipe directly to communicate by letter to enable this feature with internal applications through authorized entity is provided.
The extension of SSA standard access control strategy-be associated to enable this feature with the inner card application program by making inner protected data object (for example, CEK, secured data objects or SDO described below).When this object of access, if satisfy defined standard SSA strategy, call the application program that is associated so except standard SSA strategy, also to force at least one condition whereby.This condition preferably will be not and standard SSA policy conflict.Only when satisfying this extra condition equally, just grant access right.Before the ability that further elaborates FSE, now will narrate structure aspects and communication pipe and the SDO of FSE.
SSM module and correlation module
Figure 40 A is the functional-block diagram of the system architecture 1000 in the storage arrangement 10 (for example, flash memory cards) that is connected to host apparatus 24, and it is in order to illustrate one embodiment of the invention.The primary clustering of the software module in the storage arrangement of card 20 is as follows:
SSA transport layer 1002
The SSA transport layer depends on the card agreement.Its protocol layer at card 10 is disposed host computer side SSA request (order), and then is relayed to SSM API.All hosts-Ka synchronously and the SSA command recognition all finish at this module place.All SSA data that transport layer also is responsible between main frame 24 and the card 10 are transmitted.
Security service module core (SSM core) 1004
This module is the pith of SSA embodiment.The SSM core is implemented the SSA structure.More particularly, the SSM core is implemented all respective rule of SSA tree and ACR system and above-described composition system.SSA security and cipher feature are supported in the SSM nucleus module storehouse 1012 that accesses to your password, and for example encrypt, deciphering and hash.
SSM core API 1006
This is that wherein main frame and internal applications will be situated between with the SSM core and connect to carry out the layer of SSA operation.Shown in Figure 40 A, both will use identical API main frame 24 and interior arrangement application program 1010.
Security application manager module (SAMM) 1008
SAMM is not the part of SSA system, but it is the important module of controlling the interior arrangement application program that connects with Jie of SSA system in the card.
SAMM manages all interior arrangements and runs application, and it comprises:
1. the application program life cycle monitors and control.
2. application initialization.
3. application program/main frame/SSM interface.
Device internal applications 1010
These are through the application program of approval in the operation of card side.It is managed by SAMM and can access SSA system.The SSM core also provides the communication pipe between host computer side application program and the internal applications.The example of this type of internal operation application program is DRM application program and a password (OTP) application program, as hereinafter further explaination.
Apparatus management system (DMS) 1011
This is to contain after transportation in (being commonly referred to the issue back) pattern more the system of neocaine and application firmware and required process and the module of agreement are served in interpolation/removals.
Figure 40 B is the functional-block diagram of the in house software module of SSM core 1004.Shown in Figure 40 B, core 1004 comprises SSA order disposer 1022.Disposer 1022 was resolved described order before the SSA order that is derived from main frame or is derived from device internal applications 1010 is delivered to SSA manager 1024.All SSA data of safety structures (for example AGP and ACR) and all SSA rule and strategy all are stored in the SSA database 1026.SSA manager 1024 is implemented by ACR and AGP and is stored in the control that other control structure in the database 1026 applies.For example other object such as IDO and secured data objects also is stored in the SSA database 1026.SSA manager 1024 is implemented by ACR and AGP and is stored in the control that other control structure in the database 1026 applies.The non-safe operation that does not relate to SSA is disposed by the non-safe operation module 1028 of SSA.Safe operation under the SSA structure is disposed by SSA safe operation module 1030.Module 1032 is the interfaces that module 1030 are connected to cryptographic libraries 1012.The 1034th, module 1026 and 1028 is connected to the layer of flash memory 20 among Fig. 1.
Communication (or by) pipeline
By the pipeline object make through the authorization host side entity can with as communicated by letter by the internal applications of SSM core and SAMM control.Data between main frame and the internal applications are delivered in to send and receive orders (hereinafter definition) to go up and carry out.Actual command is that application program is specific.The entity (ACR) of creating pipeline provides needs the ID of the application program that pipeline name and its arrive open channel.The same with all other protected objects, ACR become its owner and be allowed to according to the standard authorization rule and the restriction to other ACR license power and entitlement.
If set establishment _ pipeline permission in the ACAM of empirical tests entity, the empirical tests entity will be allowed to create the pipeline object so.Only write or read pipeline when permission when having set among the PCR in internal applications, just permission and internal applications communicates by letter.Only work as entity and be the pipeline owner or in its PCR, set authorize access temporary, just allow entitlement and access right mandate.The same with all other permissions when authorizing proprietary rights to another ACR, the original owner will preferably it be peeled off permission that this installs application program from all.
Preferably, only create a communication pipe at application-specific.Create second pipeline and be connected to the trial of the application program that has connected will be preferably by SSM system 1000 refusals.Therefore, preferably, there is one-one relationship between one and the communication pipe of device internal applications 1010.Yet, a plurality of ACR can with a device internal applications communicate by letter (via licensing scheme).Single ACR can with some device interapplication communications (via the entitlement of authorizing or be connected to a plurality of pipelines of different application).The ACR that controls different pipelines is preferably located in the node of the tree that separates fully, makes not exist between the communication pipe and crosstalks.
Use is with the Data transmission between main frame and application-specific of issuing orders:
Write by (WRITE PASS THROUGH)-will from main frame will be not formatted data buffer transfer auto levelizer internal applications.
Read by (READ PASS THROUGH)-will from main frame will be not formatted data buffer transfer auto levelizer internal applications, in case and inter-process finish, just main frame is not got back in the output of formatted data impact damper.
Writing and read by order provides ID that main frame wishes the device internal applications 1008 that communicates with as parameter.To confirm entity permission, and if request entity (that is, managing on behalf of another the ACR of the dialogue that this entity just using) have the permission of using the pipeline that is connected to institute's request applications, data buffer will be by decipher and fill order so.
This communication means allows host application program that seller/proprietary particular command is delivered to the interior arrangement application program by SSA ACR dialog channel.
Secured data objects (SDO)
Can in conjunction with FSE use useful to as if SDO.
SDO serves as the universal container for the safe storage of sensitive information.Be similar to the CEK object, it owns for ACR, and can authorize access weigh and entitlement between ACR.It contains with good grounds predefine policy constraints and data protected and that use, and the link that randomly has auto levelizer internal applications 1008.Sensitive data can't help preferably that the SSA system uses or decipher, but is used or decipher by the owner and the user of object.In other words, the SSA system does not discern by the information in the data of its disposal.In this way, the owner of the data in the object and user can more not pay close attention to when Data transmission between main frame and data object and connect the loss of the sensitive information that causes owing to being situated between with the SSA system.Therefore, the SDO object is created by host computer system (or internal applications), and has been assigned string ID, and is similar with the mode of creating CEK.After establishment, main frame also provides the application program ID of the application program that is linked to SDO and will be stored, carry out integrity check and data retrieved block by SSA except title.
Be similar to CEK, preferably only in the SSA dialogue, create SDO.The ACR that is used for opening dialogue becomes the owner of SDO and has the right its deletion, permission from access SDO to another ACR (its filial generation or in same AGP) that write and read sensitive data and authorize entitlement and.
Special owner's reservation for SDO writes and read operation.Write operation uses the data buffer that provides to rewrite existing SDO object data.Read operation will be retrieved the partial data record of SDO.
Allow the SDO accessing operation to the nonowners ACR with suitable access permission.The following operation of definition:
Set SDO, application program ID defines: data will be handled by the inside SSA application program with application program ID.Application program is by being called with the related of SDO.As optional result, application program will write the SDO object.
Set SDO, application program ID is empty: this option is invalid and will point out illegal command error.The internal applications that setting command need move in card.
Obtain SDO, application program ID defines: request will be handled by the device internal applications with application program ID.Application program is by being called with the related of SDO.Output (although undefined) will be sent back to the requestor.Application program will randomly read the SDO object.
Obtain SDO, application program ID is empty: this option is invalid and will point out illegal command error.Obtain the internal applications that order need move in card.
The relevant permission of SDO: ACR can be the SDO owner or only have access permission (set, obtain or both).In addition, can permit ACR its access right is delivered to the SDO that it does not have, be delivered to another ACR.Can permit ACR clearly creates SDO and has authorize access power under the situation of ACAM permission at it.
Inner ACR
Inner ACR is similar to the ACR of any PCR of having, and just the external entity of device 10 can not sign in to this ACR.In fact, when calling the object that is under its control or application program associated with it, the SSA manager 1024 of Figure 40 B signs in to inner ACR automatically.Because attempting to obtain the entity of access right is the entity of card or storage arrangement inside, so do not need to verify.SSA manager 1024 will be delivered to session key inner ACR simply to enable intercommunication.
To use the ability of two example explanation FSE: one time password produces and digital rights management.Before password of description produces example, will at first narrate the problem of dual factors checking.
OTP embodiment
Dual factors checkings (DFA)
DFA is indentification protocol, and it is through designing to strengthen to the individual login security of (as an example) web service servers by extra secret " second factor " added to Standard User voucher (that is, user's name and password).Second secret normally is stored in a certain content in the secure physical token that has in user's the belongings.During login process, the user need provide the part of the proof of belongings as logging on authentication.The normally used mode of proof belongings is to use a password (OTP), namely only is suitable for the password of single login, and it is produced by security token and exports from security token.If the user can provide correct OTP, it is considered to fully the proving of belongings of token so, is having to calculate OTP under the situation of token because it can be carried out with pin mode.Because OTP only is suitable for once logining, so the user should have token when login, because the use of the Old Password of capturing from previous login is with no longer valid.
The product utilization SSA data of safety structure of describing in the following paragraph, add that a FSE designs to calculate next password in the OTP sequence, thereby implement flash memory cards with a plurality of " virtual " security token, each " virtual " security token produces not homotactic password (it can be used for signing in to different web sites).The block scheme of this system is described in Figure 41.
Complete system 1050 comprises authentication server 1052, Internet server 1054 and user 1056 and token 1058.First step is the shared secret (being also referred to as seed supply) between agreement authentication server and the user.User 1056 will ask issue secret or seed and will be stored in it in the security token 1058.Next step is secret or seed and the specific network service server contact that will issue.In case this finishes, just can verify.The user will indicate token to produce OTP.OTP and User names and passwords send to Internet server 1054.Internet server 1054 is forwarded to authentication server 1052 with OTP, thereby requires its inspection user identity.Authentication server also will produce OTP, and because it is from the secret generation shared with token, so it should mate with the OTP that produces from token.If the coupling of finding, inspection user identity and authentication server will transfer back to Internet server 1054 to positive acknowledgment so, and Internet server 1054 will be finished process of user login.
The FSE embodiment that is used for the OTP generation has following characteristic:
OTP seed safety ground storage (encryption) is in card.
Produce algorithm at the inner password of carrying out of card.
Device 10 can imitate a plurality of virtual tokens, its each store different seeds, and can use different passwords to produce algorithm.
Device 10 provides security protocol so that seed is sent to the device from authentication server.
The SSA feature that is used for OTP seed supply and OTP generation illustrates at Figure 42, wherein solid arrow explanation entitlement or access right, and dotted arrow explanation association or link.As shown in figure 42, in SSA FSE system 1100, can pass through one or more communication pipes 1104 access software program code FSE 1102 by each control of N application A CR 1106.Among the embodiment of Miao Shuing, a FSE software application only is described hereinafter, and for each FSE application program, only has a communication pipe.Yet, will understand, can utilize an above FSE application program.Though a communication pipe only is described among Figure 42, will understand, can use a plurality of communication pipes.All these type of variations all are possible.Can be for the application program of OTP supply and form the subclass of the device internal applications 1010 of Figure 40 A referring to Figure 40 A, 40B and 42, FSE 1102.Control structure ( ACR 1101,1103,1106,1110) is the part of the data of safety structure among the SSA and is stored in the SSA database 1026.For example data structures such as IDO 1120, SDO object 1122 and communication pipe 1104 also are stored in the SSA database 1026.
Referring to Figure 40 A and 40B, relate to ACR and data structure the security associative operation (for example, the data transmission in the dialogue and for example encrypt, operations such as deciphering and hash) disposed down the auxiliary of interface 1032 and cryptographic libraries 1012 by module 1030.SSM core API 1006 do not distinguish relate to the ACR mutual with main frame (external AC R) and not with the operation of the mutual inside ACR of main frame, and therefore do not distinguish the operation that relates to main frame and device internal applications 1010.In this way, identical controlling mechanism is used for the access of main control system side entity and the access of device internal applications 1010.This is provided at the dirigibility that dividing data is handled between host computer side application program and the device internal applications 1010.Internal applications 1010 (for example, the FSE among Figure 42 1102) and inner ACR (for example, the ACR among Figure 42 1103) are associated and the control by inner ACR is called.
In addition, (for example has the data of safety structure of be associated SSA rule and strategy, ACR and AGP) preferably control the access to the interior important informations such as information of perhaps can the content from SDO deriving among the SDO for example, make that outside or internal applications only can be according to SSA rule and tactful access information perhaps in this.For instance, come deal with data if two different users can call indivedual one in the device internal applications 1010, the inside ACR that is arranged in independent hierarchical tree so is used for described two users' of control access, makes and does not crosstalk therebetween.In this way, but the common collection of two user's access device internal applications 1010 comes deal with data, and worries to lose the internally perhaps control of information aspect the owner of interior perhaps information that can be in SDO.For instance, the access of storage by the SDO of the data of device internal applications 1010 accesses can be made and do not crosstalked therebetween by the ACR control that is arranged in independent hierarchical tree.This control mode is similar to above-described SSA control to the mode of the access of data.This provides the security that is stored in the data in the data object to content owner and user.
Referring to Figure 42, the part of the software application code that OTP associated host application program is required might store (for example, storage in advance or loading after the memory card issue before memory card issue) in storage arrangement 10 as the application program among the FSE 1102.In order to carry out this code, main frame will need at first to verify that by one of N checking ACR 1106 N is positive integer, in order to obtain the access right to pipeline 1104.Main frame also provides application program ID with needs in order to identify the OTP related application that its hope is called.After good authentication, but this code of access is used for carrying out by the pipeline 1104 that is associated with the OTP related application.As mentioned above, preferably there is one-one relationship between pipeline 1104 and the application-specific (for example, OTP associated inner application program).As shown in figure 42, a plurality of ACR 1106 can share the control to Common Ducts 1104.ACR also can control an above pipeline.
Explanation is referred to as secured data objects SDO1, SDO2 and the SDO3 of object 1114 among Figure 42, its each contain data, for example be used for the seed that OTP produces, described seed is valuable and preferably through encrypting.Link between three data objects and the FSE 1102 or the attribute of related 1108 description objects, namely when in the access object any one, the application program that has among the FSE 1102 of the application program ID in the attribute of SDO will be called, and described application program will be carried out by the CPU 12 of storage arrangement and do not need to receive any further Host Command (Fig. 1).
Referring to Figure 42, before the user can begin the OTP process, created data of safety structure (ACR 1101,1103,1106 and 1110), its PCR is used for control OTP process.The user has access right to call OTP device internal applications 1102 by one of authentication server ACR 1106 with needs.The user also has needs a couple by N user ACR 1110 with the access right of the OTP that produces.Can during OTP seed supply process, create SDO1114.IDO 1116 has preferably created and has been controlled by inner ACR 1103.Inner ACR 1103 also controls described SDO 1114 after creating SDO1114.When access SDO 1114, the SSA manager 1024 among Figure 40 B signs in to ACR 1103 automatically.Inner ACR 1103 is associated with FSE 1102.During the OTP seed supply process of showing as dotted line 1108, SDO 1114 can become and be associated with FSE.After association was in the appropriate location, when main frame access SDO, association 1108 will impel called FSE 1102, and does not have the further request from main frame.When passing through the access communication pipelines 1104 of N ACR 1106, the SSA manager 1024 among Figure 40 B also will sign in to ACR 1103 automatically.Under two kinds of situations (access SDO 1114 and pipeline 1104), the SSA manager will number be delivered to FSE 1102 to dialogue, and described dialogue number will identify the passage of the inner ACR 1103 of arrival.
The OTP operation relates to two stages: the OTP that illustrates among the seed supply stage that illustrates among Figure 43 and Figure 44 produces the stage.Also will be referring to Figure 40-42, its auxiliary description.Figure 43 is the protocol figure of explanation seed supply process.As shown in figure 43, main frame (for example, main frame 24) and card are taked exercises.The SSM system that to take an entity on the card of exercises be Figure 40 A and 40B comprises SSM core 1004.Taking another entity on the card of exercises is FSE 1102 shown in Figure 42.
In a single day in the dual factors checking, the user asks to issue seed, and issues seed, described seed just will be stored in the security token.In this example, security token is storage arrangement or card.One of the checking ACR 1106 of user in Figure 42 verifies to obtain the access right (arrow 1122) to the SSM system.Suppose to be proved to be successful (arrow 1124), the user then asks seed (arrow 1126).Main frame sends to card by the request of selecting to sign the seed request for the application-specific 1102 of signature seed request.If the user does not know the application-specific ID that need call, can (for example) obtain these information by the careful inquiry to device from installing 10 so.The user then imports the application program ID of the application program that should call, also selects the communication pipe corresponding to application program whereby.User command then is forwarded to by the application program (arrow 1128) from application program of user ID appointment by the respective communication pipeline in by order.The application requests of calling is signed by the public keys among the specified IDO (for example, the IDO among Figure 42 1112).
The SSM system uses the public keys signature seed request of IDO and notification application signature to finish (arrow 1132).The application program of calling is then asked the certificate chain (arrow 1134) of IDO.In response, the SSM system provides the certificate chain (arrow 1136) by the IDO of ACR1103 control.The application program of calling then will be provided to the SSM system by communication pipe through the seed request of signature and the certificate chain of IDO, and described SSM system is forwarded to main frame (arrow 1138) with it.Be to be undertaken by the callback feature in foundation between the SAMM1008 of Figure 40 A and the SSM core 1004 through the seed request of signature and the transmission of IDO certificate chain by communication pipe, wherein will elaborate described callback feature hereinafter.
Seed request and IDO certificate chain through signature that main frame receives then send to authentication server shown in Figure 41 1052.Identify that by the certificate chain that card provides the seed request through signature is to be derived to put the signaling board, make authentication server 1052 be willing to that the purpose card provides secret seed.Therefore authentication server 1052 will send to main frame together with user ACR information with the seed of the public-key encryption of IDO.The user profile indication produces which person of user in N the user ACR of its access OTP that has the right down.Main frame calls OTP application program among the FSE 1102 by supply application program ID, also selects the communication pipe corresponding to application program whereby, and user ACR information is forwarded to SSM system (arrow 1140).Then be forwarded to selected application program (arrow 1142) by communication pipe through encryption seed and user ACR information.The application program of calling will use the request of the private key deciphering seed of IDO to send to SSM system (arrow 1144).Also will decipher completed notice sends to application program (arrow 1146) to SSM system decrypts seed.The application program of calling then request is created secured data objects and seed is stored in the secured data objects.It also asks to make SDO be associated with ID for generation of the OTP application program (it can be the same application of just making request) of a password (arrow 1148).SSM system creation SDO 1114 one and that seed is stored in described SDO is inner and described SDO is associated with the ID of OTP application program, and when finishing, notice sent to application program (arrow 1150).Application program then asks the SSM system to authorize the access right (arrow 1152) of inner ACR1103 access SDO 1114 to appropriate users ACR based on the user profile of main frame supply.After mandate has been finished, SSM notifications application program (arrow 1154).Application program then sends to SSM system (arrow 1156) with the title (groove ID) of SDO by communication pipe by callback feature.The SSM system then is forwarded to main frame (arrow 1158) with it.Main frame then makes the title of SDO and user ACR contact, but makes the user show access SDO.
With reference to the protocol figure among Figure 44 the process that OTP produces is described.In order to obtain password one time, the user will sign in to its user ACR that access right is arranged (arrow 1172).Suppose to be proved to be successful that SSM notifications main frame and main frame will " obtain SDO " order sends to SSM (arrow 1174,1176).As mentioned above, the SDO of storage seed is associated with application program for generation of OTP.Therefore, replace producing application program (arrow 1178) by the SDO by the order access in the arrow 1176 with the related OTP that calls that OTP produces between the application program in selecting application program with the same before by communication pipe.OTP produces application program then asks the SSM system from SDO reading of content (that is seed) (arrow 1180).Preferably, SSM does not know to be included in the information in the content of SDO, and will be simply as the data among the indicated treatment S DO of FSE.If seed is through encrypting, this may relate to as the FSE order deciphered seed before reading so.The SSM system reads seed from SDO, and seed is provided to OTP generation application program (arrow 1182).OTP produces application program and then produces OTP and it is provided to SSM system (arrow 1184).OTP then is forwarded to main frame (arrow 1186) by SSM, and main frame is forwarded to OTP authentication server 1052 again to finish the dual factors proof procedure.
Callback feature
Between the SSM of Figure 40 A core 1004 and SAMM 1008, set up general callback feature.Can different device internal applications and the communication pipes of this function register.Therefore, when the calling device internal applications, application program can use this callback feature after handling with data by once being delivered to the SSM system for the same communication pipeline that Host Command is delivered to application program.
The DRM system embodiment
Figure 45 is the functional-block diagram of explanation DRM system, described DRM system use communication pipe 1104 ', have to FSE application program 1102 ' link 1108 ' CEK 1114 ', and be used for control implement the control structure 1101 of the function of DRM function ', 1103 ', 1106 '.As noticing, the structure among Figure 45 quite is similar to the structure of Figure 42, and just the data of safety structure now comprises license server ACR 1106 ' and playback ACR 1110 ' replacement authentication server ACR and user ACR, and CEK 1114 ' replaces SDO.In addition, do not relate to IDO, and therefore in Figure 45, omit IDO.CEK 1114 ' can create in the licence supply process.Protocol figure Figure 46 explanation is used for licence supply and content process of downloading, and wherein key provides in the licence object.As among the OTP embodiment, wish that the user who obtains licence will at first need obtain access right times of one and the N of N ACR a 1106 ' ACR 1110 ', make to come rendering content by media players such as for example media-player software application programs.
As shown in figure 46, main frame is to license server ACR 1106 ' checking (arrow 1202).Suppose to be proved to be successful (arrow 1204), license server offers main frame with license file together with CEK (key ID and key value).Main frame is also selected application program to be called by the SSM system that application program ID is fed on the card.Main frame also sends the player information information of media-player software application program (for example, about) (arrow 1206).Player information will indicate player to have access right under which person of N playback ACR 1110 '.The SSM system is forwarded to DRM application program (arrow 1208) with license file and CEK by the communication pipe corresponding to selected application program.The application program of calling then asks the SSM system that license file is written to hidden partition (arrow 1210).When so writing license file, SSM notifications application program (arrow 1212).DRM application program then request is created CEK object 1114 ' and will be stored in wherein from the key value of license file.The ID that the DRM application program is also asked the CEK object and the DRM application program of the licence be associated with the key that provides is provided be associated (arrow 1214).The SSM system finishes these tasks and so notification application (arrow 1216).Application program then request permission institute from the player information that is sent by main frame to player that have access content based at playback ACR mandate CEK 1114 ' read access right (arrow 1218).The SSM system carries out to be authorized and so notification application (arrow 1220).Application program sends to the SSM system by communication pipe with the completed message of the storage of licence, and the SSM system is forwarded to license server (arrow 1222 and 1224) with it.Callback feature is used for this action by communication pipe.After receiving this notice, license server then provides the content file of encrypting with the key value among the CEK that is provided to card.Through encrypted content by host stores in public card zone.Storage through the encrypted content file does not relate to security functions, makes the SSM system not participate in the described storage.
Replay operations is described among Figure 47.The user verifies (arrow 1242) by main frame to suitable playback ACR (that is, above will read power in arrow 1152 and 1154 and authorize the playback ACR that arrives).Suppose to be proved to be successful (arrow 1244) that the user then sends the request (arrow 1246) of reading with the key ID associated content.After receiving request, the SSM system will find that DRM application program ID is associated with the CEK object that just is being accessed, and therefore will impel the DRM application program of calling through identification (arrow 1248).DRM application requests SSM system reads the data (that is licence) (arrow 1250) that are associated with key ID.SSM does not know the information in its requested data that read, and handles the request from the execution data read process of FSE simply.The SSM system reads data (that is licence) and data is provided to DRM application program (arrow 1252) from hidden partition.The DRM application program is followed interpret data and is checked that license information in the data is to check whether licence is effective.If licence is still effective, therefore the DRM application program will notify SSM system approval contents decryption (arrow 1254) so.The content that the SSM system then uses the key value deciphering in the CEK object to ask also will be fed to main frame with reset (arrow 1256) through decryption content.If licence is no longer valid, refuse the request to content access so.
Do not provide in the license file from license server under the situation of key, licence supply and content are downloaded and will be different from licence supply and the content download that illustrates among Figure 46 slightly.This different schemes illustrates in the protocol figure of Figure 48.Same steps as between Figure 46 and 48 is identified by same numeral.Therefore, main frame and SSM system at first participate in checking (arrow 1202,1204).License server is provided to main frame with license file and key ID (not having key value), and main frame will be forwarded to the SSM system to the application program ID of these DRM application programs of calling with its hope.Main frame also sends player information (arrow 1206 ').The SSM system then is forwarded to selected DRM application program (arrow 1208) with license file and key ID by the communication pipe corresponding to selected application program.The DRM application requests is written to hidden partition (arrow 1210) with license file.When so writing license file, SSM notifications DRM application program (arrow 1212).The DRM application program then asks the SSM system to produce key value, creates the CEK object, key value is stored in wherein and makes the CEK object is associated (arrow 1214 ') with the ID of DRM application program.After abideing by request, the SSM system sends to DRM application program (arrow 1216) with notice.The DRM application program will then ask the SSM system based on authorizing to playback ACR from the player information of main frame the CEK object to be read access right (arrow 1218).When this finished, therefore the SSM system notified DRM application program (arrow 1220).The DRM application program is then notified SSM system store licenses, wherein sends described notice (arrow 1222) by callback feature by communication pipe.This notifies by the SSM system forwards to license server (arrow 1224).License server then will send to SSM system (arrow 1226) with key ID associated content file.The SSM system uses the key value encrypted content file by key ID identification under the situation that does not relate to Any Application.The content of so encrypting and being stored on the card can use the agreement of Figure 47 to reset.
In OTP and DRM embodiment above, FSE 1102 and 1102 ' can contain many different OTP and the DRM application program is selected for host apparatus.The user can have the selection of selecting and calling required device internal applications.Yet the SSM module is identical with the overall relation maintenance between the FSE, makes that user and data set provider can use the agreement of regular set and the SSM module is mutual and calls FSE.User and supplier needn't relate in the singularity of many different device internal applications (some of them may for special use).
In addition, the supply agreement is may be slightly different, and is the same with situation in 48 as Figure 46.The licence object contains key value in the situation of Figure 46, but does not have key value in the situation of Figure 48.The different slightly agreement that this difference requirements illustrates as mentioned.Yet the playback among Figure 47 is identical, supplies licence howsoever.Therefore, this difference will only be related to content provider and distributor, and not be related to the consumer usually, and the consumer only relates in playback phase usually.Therefore this structure provides great flexibility for content provider and distributor's custom protocol, is still used by the consumer easily simultaneously.Obviously, the information that derives from the data by supply agreement supply more than two groups may still can be used second protocol access.
Another advantage that above embodiment provides is, though for example user's external entity can be shared use by the data of data of safety structure control with the device internal applications, the user only can access by the result of device internal applications from the derivation of storage data.Therefore, in OTP embodiment, the user only can obtain OTP by host apparatus, and can not obtain seed.In DRM embodiment, the content that the user only can obtain to present by host apparatus, and can not obtain access right to license file or cryptographic key.This feature facilitates for the consumer under the situation that does not jeopardize security.
In a DRM embodiment, device internal applications or main frame all do not have the access right to cryptographic key; Only the data of safety structure has this access right.In other embodiments, the key that also can access to your password of the entity except the data of safety structure.Described key also can produce by the device internal applications, and then by the data of safety structure control.
Controlled by the same security data structure to the device internal applications and to the access of information (for example, OTP and the content that presents).This has reduced complicacy and the cost of control system.
Authorize from the ability of control to the access right of the inside ACR of the access of device internal applications by providing to the ACR of main control system to the access of the information that obtains by the calling device internal applications, this feature makes and may realize above feature and function.
The specific scheme of recalling of application program
When the calling device internal applications, also can revise the access control protocol of data of safety structure.For instance, the certificate revocation agreement can be to use standard agreement or the specialized protocol of CRL.Therefore, by calling FSE, standard C RL recalls agreement and can be replaced by the FSE specialized protocol.
Except supporting that CRL recalls the scheme, SSA also makes the specific internal application program that resides in the device call main frame by the private communication passage between device internal applications and CA or any other side of Rescinding the Authorization.It is being restricted aspect the relation of main frame-application program that scheme is recalled in the internal applications special use.
When configuring application program is specific when recalling scheme, CRL (if providing) will be provided in the SSA system, otherwise will use certificate and vertical application data (before providing by application program specific communications pipeline) to determine whether recalling given evaluation.
As mentioned above, ACR specifies by the appointment value of recalling and adopts three kinds to recall any in the scheme (nothing is recalled the specific scheme of recalling of scheme, standard C RL scheme and application program).When selecting that application program is specific recalls the scheme option, ACR also will specify an ID at the internal applications ID that is responsible for the scheme of recalling, and the value in the CET/APP_ID field will be corresponding to the internal applications ID that is responsible for the scheme of recalling.When demo plant, the dedicated alternative of internal applications will then be observed by the SSA system.
Replace in replacing a protocol suite with another protocol suite, calling of internal applications of device can be forced extra access condition to the access control that SSA has applied.For instance, the right of the key value among the access CEK can further be examined by FSE.After the SSA system determines that ACR has access right to key value, will before granting access, seek advice from FSE.This feature allows content owner's control to the great flexibility of the access aspect of content.
Though above describe the present invention with reference to various embodiment, will understand, can make variation without departing from the scope of the invention and revise, scope of the present invention will only be defined by appended claims and equivalent thereof.