Summary of the invention
In view of this, the object of the present invention is to provide a kind of intelligent memory card, this storage card can improve security and dirigibility.
The object of the present invention is to provide a kind of method of intelligent memory card safety management, this method can improve security and dirigibility.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
A kind of intelligent memory card, this storage card comprises:
Interface module, the document control parameter F CP information command of setting up that the outside is imported exports memory controller to; Export the operational order and the Authority Verification instruction of outside input to memory controller; Said FCP information is include file title, security algorithm and safety condition at least;
Controlled memory block, be used to save contents and said catalogue under file;
Memory controller exports the said FCP of foundation information command to additional controller; The title of the pending file that said operational order is carried and the instruction of said Authority Verification export additional controller to; Handle according to the data of operational order after the safeguard protection of additional controller output;
Additional controller; According to the said FCP information command of setting up; Be called index with name and set up the catalogue of preserving catalogue FCP information one to one, be called index with name and set up the file preserved with said controlled memory block file FCP information one to one with said controlled memory block; According to its FCP information of name acquiring of said pending file, resolve the FCP information acquisition safety condition and the security algorithm of said pending file; Instruction judges whether to satisfy safety condition according to Authority Verification; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, the data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; Confirm not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Said additional controller is further resolved the FCP information acquisition life cycle of said pending file, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that said additional controller further comprises according to said FCP information judges whether to satisfy safety condition.
In the said memory card, said additional controller comprises:
Microprocessor; The said FCP information command of setting up according to said memory controller output; In additional storage, be called index and preserve and the catalogue of said controlled memory block catalogue FCP information one to one, in additional storage, be called index and preserve and the file of said controlled memory block file FCP information one to one with name with name; The title of the pending file that carries according to operational order reads the FCP information of pending file from additional storage, resolve FCP information acquisition life cycle, safety condition and the security algorithm of said pending file; Judge whether to satisfy the requirement of life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition, after confirming to satisfy safety condition, utilizes security algorithm that the data that pending literature kit contains are protected; Data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; When confirming not satisfy life cycle or do not satisfy safety condition, the refusal operation;
Additional storage is used to preserve said catalogue FCP information and said file FCP information.
Preferably, said additional storage is further used for preserving required key of security algorithm and/or password.
A kind of intelligent memory card, this storage card comprises:
Interface module, set up document control parameter F CP information instruction, Authority Verification instruction and operational order that the outside is imported export memory controller to; Said FCP information is include file title, safety condition and security algorithm at least;
Storer, be used to save contents, the file under the said catalogue, with said catalogue one to one catalogue FCP information and with said catalogue under file file FCP information one to one;
Memory controller; According to the said FCP information command of setting up; In storer, be called index and set up and the said catalogue of preserving catalogue FCP information one to one, in storer, be called index and set up and the said file of preserving file FCP information one to one with name with name; Its FCP information of name acquiring of the pending file that carries according to said operational order is resolved the FCP information acquisition safety condition and the security algorithm of said pending file; Judge whether to satisfy safety condition according to said Authority Verification instruction; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, obtain the data after the safeguard protection, handle according to the data of said operational order after to safeguard protection; Confirm not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Said memory controller is further resolved the FCP information of said pending file and is obtained life cycle, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
Said memory controller further instructs according to Authority Verification and the logical combination of the safety condition that said FCP information comprises judges whether to satisfy safety condition.
In the said memory card, said storer comprises:
Controlled memory block, be used to save contents and said catalogue under file;
Additional storage is used to preserve and the said catalogue of said controlled memory block catalogue FCP information one to one, is used to preserve the file file FCP information one to one under the said catalogue with said controlled memory block.
Preferably, said storer is further used for preserving required key of security algorithm and/or password.
A kind of method of intelligent memory card safety management, this method comprises:
A, set up the catalogue of preserving with controlled memory block catalogue file controlled variable FCP information, and the file of preserving with controlled memory block that carries out index with the title file FCP information one to one one to one of carrying out index in additional storage with title; Said FCP information is include file title, safety condition and security algorithm at least;
Its FCP information of name acquiring of B, the pending file that carries according to the operational order of outside input is resolved the FCP information acquisition safety condition and the security algorithm of said pending file;
C, the Authority Verification of importing according to the outside instruct; Judge whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data that obtain after the safeguard protection, handle according to the data of said operational order after to safeguard protection; When confirming not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Further comprise between said step B and the said step C: resolve the FCP information acquisition life cycle of said pending file, after confirming to satisfy life cycle, execution in step C, otherwise refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
Said step B further comprises: the logical combination of the safety condition that comprises according to said FCP information judges whether to satisfy safety condition.
In the said method; The file that preserve the said and controlled memory block of steps A file FCP information one to one is: the file structure that said file FCP information and said catalogue FCP information constitute in additional storage, the file structure that in controlled memory block, constitutes with said file FCP information corresponding file and the corresponding catalogue of said catalogue FCP information is identical.
In the said method, said security algorithm comprises AES and verification at least, and perhaps said security algorithm comprises decipherment algorithm and verification at least;
The said security algorithm that utilizes of step C comprises the data protection of pending file:
C1, utilize AES that the data that pending literature kit contains are encrypted, or utilize decipherment algorithm that the data that pending literature kit contains are deciphered;
C2, the integrality of encrypting the data that data that the back obtains or deciphering back obtain is carried out verification, with data encrypted and the proof test value data after as safeguard protection, data after maybe will deciphering and the proof test value data after as safeguard protection.
Preferably; Steps A is said sets up the file of preserving with controlled memory block one to one before the file FCP information that carries out index with title in additional storage, further comprises: for the file of preserving under the catalogue described in the said controlled memory block adds a file name; The length of said file name is the M byte; Said M is the natural number less than 256.
Visible by above-mentioned technical scheme; The invention provides the method for a kind of intelligent memory card and safety management thereof; Intelligent memory card is set up catalogue FCP information and file FCP information according to the FCP information of setting up FCP information and setting in intelligent memory card, intelligent memory card is when setting up FCP information; The file structure that forms when preserving in controlled memory block according to catalogue and file is set up the catalogue FCP information and the file FCP information of same file structure in additional storage; Obtain its FCP information according to pending file; According to safety condition and logical combination thereof, when confirming to satisfy safety condition, utilize security algorithm that pending data are protected; Obtain the data after the safeguard protection, handle according to the data of operational order after to safeguard protection.Adopt storage card of the present invention and method, when the file in the controlled memory block is operated, its operational order is carried out security control, realize safeguard protection, improved security and dirigibility data through safety condition and logical combination thereof.
Embodiment
For make the object of the invention, technical scheme, and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, to further explain of the present invention.
The method of intelligent memory card of the present invention and intelligent memory card safety management no longer is that unit carries out safety management with the sector; But be that unit manages with the file; And realize the file of preserving in the controlled memory block is carried out safety management by memory controller in the intelligent memory card or additional controller, improved security; Can be according to the real needs of user for a certain file, safety condition and security algorithm that the FCP information of this document is comprised are provided with, and have improved dirigibility.
FCP information of the present invention is to define with reference to the structure described in the ISO7816-4 standard; But FCP information of the present invention is also further expanded the ISO7816-4 standard; In FCP information, increased the file name that can be arranged to any byte length, further being convenient to realize with the file is that unit carries out safety management.
Fig. 1 is the structural representation of intelligent memory card first embodiment of the present invention.Combine Fig. 1 at present, first embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card of the present invention comprises: interface module 10, memory controller 11, controlled memory block 12 and additional controller 13.Wherein, interface module 10 1 ends connect memory controller 11, the external unit of other end connected reference intelligent memory card; Memory controller 11 connects controlled memory block 12 and additional controller 13.
Interface module 10 provide memory controller 11 and the visit intelligent memory card external unit between communication channel.Interface module 10 exports document control parameter (FCP) information command of setting up of outside input to memory controller 11.Wherein, set up the FCP information command and carry and wait to set up the directory name of FCP information and the FCP information of setting, or carry and wait to set up the file name of FCP information and the FCP information of setting; The FCP information of said setting comprises file name and security attribute at least; Said security attribute comprises safety condition and security algorithm at least; Said security attribute can be set to compact mode, mode of extension, with reference to the combination of mode of extension or above-mentioned various modes.In order to improve security, said security attribute also can further comprise the logical combination of a life cycle and/or safety condition.
Interface module 10 exports the operational order and the Authority Verification instruction of outside input to memory controller 11.Wherein, operational order comprises read data instruction or write data instruction; Operational order also further carries the title of pending file; The title of pending file can be the title of pending catalogue or the title of the file under the pending data.The Authority Verification instruction also carries the certificate parameter of operation this time.
Controlled memory block 12 is used to preserve a plurality of files under a plurality of catalogues and said each catalogue.Catalogue and the file that preserve controlled memory block 12 are the contents that need carry out safeguard protection.Such as: catalogue 1 include file 1 and file 2, catalogue 2 include files 3 and file 4.
Memory controller 11 will be set up the FCP information command and export additional controller 13 to.Memory controller 11 exports the title and the Authority Verification instruction of the pending file that operational order carries to additional controller 13.Memory controller 11 is handled according to the data of operational order after to the safeguard protection of additional controller 13 output, to interface module 10 feedback processing results and the data after handling.In the present embodiment, memory controller 11 does not carry out safety management to file or the catalogue that preserve controlled memory block 12, only carries out read or write operation according to the data of operational order after to the safeguard protection of additional controller 13 outputs.
Additional controller 13 is according to setting up the FCP information command, is called index with name and sets up the catalogue of preserving with controlled memory block 12 catalogue FCP information one to one, is called index with name and sets up the file preserved with controlled memory block 12 file FCP information one to one; Particularly, additional controller 13 can through with the communication of memory controller 11, obtain the file structure of controlled memory block 12 through memory controller 11, and controlled memory block 12 catalogue of preserving and the file under the catalogue.Above-mentioned relation one to one is embodied on the file structure of being made up of file and catalogue; Be the file structure that file FCP information and catalogue FCP information form in additional controller 13, the file structure that in controlled memory block 12, forms with file FCP information corresponding file and the corresponding catalogue of catalogue FCP information is identical.
Additional controller 13 is searched the FCP information of pending file according to the title of pending file from the FCP information of having set up; Resolve FCP information acquisition life cycle, the safety condition of pending file, the logical combination and the security algorithm of safety condition; Judge whether to satisfy life cycle; If satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data after the acquisition safeguard protection, data to the memory controller 11 after the output safety protection; When confirming not satisfy life cycle or safety condition, refusal is operation this time.Life cycle is a term of validity, judges whether to satisfy life cycle and judges just whether the operation to pending file is in the term of validity, if then carry out the judgement of safety condition, otherwise refusal is operation this time.Additional controller 13 is also further preserved key and/or the password that is used to carry out security algorithm.Such as: the FCP information acquisition safety condition of resolution file 1 is a PIN code; Security algorithm is AES and verification, judges then whether the certificate parameter that Authority Verification instruction carries is identical with PIN code, if identical; Then satisfy safety condition; Utilize the key of preserving that pending data are carried out cryptographic calculation, the data behind the cryptographic calculation are carried out completeness check, data or proof test value to memory controller 11 after the output safety protection; Certificate parameter and PIN code that the checking instruction that defines the competence is carried are inequality, then confirm not satisfy safety condition, and refusal is operation this time.
Wherein, additional controller 13 comprises microprocessor 131 and additional storage 132.Microprocessor 131 connects memory controller 11 and additional storage 132.
Additional storage 132 be used to save contents FCP information and file FCP information.Additional storage 132 is further used for preserving required key of security algorithm and/or password.
Microprocessor 131 is set up the FCP information command according to memory controller 11 output; In additional storage 132, be called index and preserve and the catalogue of controlled memory block 12 catalogue FCP information one to one, in additional storage 132, be called index and preserve and the file of controlled memory block 12 file FCP information one to one with name with name; The title of the pending file that carries according to operational order reads the FCP information of pending file from additional storage 132, resolve FCP information acquisition life cycle, the safety condition of pending file, the logical combination and the security algorithm of safety condition; Judge whether to satisfy the requirement of life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; After confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data after the acquisition safeguard protection, data to the memory controller 11 after the output safety protection; When confirming not satisfy life cycle or do not satisfy safety condition, the refusal operation.
Fig. 2 is the structural representation of intelligent memory card second embodiment of the present invention.Combine Fig. 2 at present, second embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card second embodiment of the present invention compares with first embodiment; Lacked the additional controller that is used to carry out file security control; The function of additional controller among Implementing Memory Controllers first embodiment among second embodiment, the intelligence storage of this embodiment has reduced hardware cost.
Intelligent memory card of the present invention comprises interface module 20, memory controller 21 and storer 22.Interface module 20 1 ends connect memory controller 21, the external unit of other end connected reference intelligent memory card; Memory controller 21 connected storages 22.
The interface module 20 of present embodiment is identical with the interface module 10 of first embodiment, this no longer docking port module 20 describe.
Storer 22 is used to save contents, the file under the catalogue, with said catalogue one to one catalogue FCP information and with said catalogue under file file FCP information one to one.Storer 22 is also further preserved key and/or the password that is used to carry out security algorithm.The content of catalogue FCP information and file FCP information is identical with the content of embodiment one, repeats no more at this.
Storage control attaches 21 according to setting up the FCP information command; From storer 22, obtain the catalogue of its preservation and the file under the catalogue; The FCP information of the setting of carrying according to the FCP information command; In storer with name be called index set up with the said catalogue of preserving one to one catalogue FCP information, and with the said file of preservation file FCP information one to one; In other words, the corresponding catalogue of the file structure that forms at storer 22 of file FCP information and catalogue FCP information and file FCP information corresponding file and catalogue FCP information is identical in the file structure of storer 22 formation.
The title of the pending file that memory controller 21 carries according to operational order, the FCP information of from the FCP information of having set up, searching pending file; Resolve the logical combination of said FCP information acquisition for life cycle, safety condition, security algorithm and the safety condition of pending file.Memory controller 21 judges whether to satisfy life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data that obtain after the safeguard protection, handle according to the data of operational order after to safeguard protection; When confirming not satisfy life cycle or do not satisfy safety condition, refusal is operation this time.
Memory controller 21 is the data after interface module 20 feedback processing results and processing further; Said result is the result of refusal operation or the result of complete operation; Data after the said processing are data or the integrity check value after the safeguard protection.
Wherein, storer 22 comprises: controlled memory block 221 and additional storage 222.
Controlled memory block 221 is used to preserve a plurality of files under a plurality of catalogues and each catalogue.Catalogue and the file preserved in the controlled memory block 221 are in order to carry out the file of safeguard protection.
Additional storage 222 be used to save contents FCP information and file FCP information.
The file structure that catalogue FCP information that additional storage 222 is preserved and file FCP information form is identical with the file structure that the catalogue and the file under the catalogue of 221 preservations of controlled memory block form.
Fig. 3 is the process flow diagram of the method for intelligent memory card safety management of the present invention.Combine Fig. 3 at present, the method for intelligent memory card safety management of the present invention is described, specific as follows:
Step 301: set up the FCP information of carrying out index with title;
This step comprises: step 3011, add directory name according to the catalogue that preserve controlled memory block, and the file of preserving according to controlled memory block adds file name; Step 3012, according to FCP information and the directory name of setting up the setting that the FCP information command carries, in additional storage, set up carry out index with directory name with controlled memory block in catalogue catalogue FCP information one to one; Step 3013, according to FCP information and the file name of setting up the setting that the FCP information command carries, in additional storage, set up carry out index with file name with controlled memory block in file file FCP information one to one.
In the step 3011; Length and particular content that the file of preserving according to controlled memory block adds file name can be provided with according to user's demand; The title of the fixed byte length that no longer is confined to stipulate among the ISO7816-4 can file name be set to M byte; Said M is the natural number less than 256.
In this step, the file structure that catalogue FCP information that additional storage is preserved and file FCP information form is identical with the file structure that the catalogue and the file of the preservation of controlled memory block form, and repeats no more at this.
Step 302: the FCP information of obtaining pending file;
According to the title of the pending file that carries in the operational order, the FCP information of the pending file of from additional storage, preserving of FCP information searching.
Step 303: the logical combination and the security algorithm of resolving FCP information acquisition safety condition, safety condition;
The responsible controller that file is carried out safety management such as memory controller or additional controller, is resolved the FCP information of pending file in the intelligent memory card, obtains the safety condition relevant with pending file, the logic and the security algorithm of safety condition.
Step 304: judge whether to satisfy safety condition, if, execution in step 305, otherwise execution in step 307;
In this step, if the logical combination of safety condition is not set, then directly instruction judges whether to satisfy safety condition according to Authority Verification; If be provided with the logical combination of safety condition, then the logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition.
Safety condition of the present invention also further carries the parameter that whether satisfies safety condition in order to judge; Such as: safety condition can be PIN code checking, authentication, external authentication, internal authentication, multiple authentication or the like; Then determine whether that according to the PIN code of importing, authentication code, external authentication sign indicating number, internal authentication sign indicating number, multiple authentication sign indicating number or the like the parameter of carrying with safety condition is identical; If then confirm to satisfy safety condition, otherwise confirm not satisfy safety condition.
Step 305: utilize security algorithm that pending file is protected;
Said security algorithm comprises AES and verification at least, and perhaps said security algorithm comprises decipherment algorithm and verification at least.
Comprise AES and be verified as example that with security algorithm this step comprises: utilize the key of AES and preservation, pending file is encrypted; Carry out data integrity verifying to encrypting the data that the back obtains, with data encrypted and the proof test value data after as safeguard protection.
Comprise decipherment algorithm and be verified as example that with security algorithm this step comprises: utilize the key of decipherment algorithm and preservation, pending file is deciphered; Carry out data integrity verifying to deciphering the data that the back obtains, with the data after the deciphering and the proof test value data after as safeguard protection.
Step 306: handle according to the data of operational order after to safeguard protection;
Said operational order comprises reading command or writes instruction; According to the operational order that receives, the data after the safeguard protection of step 305 acquisition are carried out read or write operation.
Step 307: finish.
In order further to improve security, FCP information further comprises life cycle; Whether effectively life cycle is in order to judge the operation of a certain file parameter.
Between step 303 and step 304, further comprise: the life cycle according to the FCP information of pending file comprises, judge whether to satisfy life cycle, if, execution in step 304, otherwise execution in step 307.
In the above-mentioned preferred embodiment of the present invention; No longer the external unit by the visit intelligent memory card carries out safety management to the data in the intelligent memory card; But by intelligent memory card according to the FCP information that is provided with in advance; File to preserving in the controlled memory block carries out safety management, is difficult for being cracked by physics or software, has improved security; Intelligent memory card of the present invention and method for managing security; No longer with the base unit of sector as rights management; But by the elementary cell of the file under the different file as safety management; Such as: file under the file under FAT (the File Allocation Table) file system, NTFS (the New Technology File System) file system or the file under EXT (the Extended File System) file system, but be not limited to the file under above-mentioned three kinds of file system.Intelligent memory card of the present invention and method for managing security can be provided with FCP information to the security requirement of specific file according to the user, have improved dirigibility; For the ease of being that base unit carries out safety management with the file, the file structure of the catalogue of preservation and file formation is identical in the file structure that the catalogue FCP information of preserving in the additional storage of the present invention and file FCP information form and the controlled memory block.
The above is merely preferred embodiment of the present invention, is not limited to the present invention, and is all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of the present invention's protection.