CN102567230A - Smart card and method for safely managing same - Google Patents

Smart card and method for safely managing same Download PDF

Info

Publication number
CN102567230A
CN102567230A CN2010106204165A CN201010620416A CN102567230A CN 102567230 A CN102567230 A CN 102567230A CN 2010106204165 A CN2010106204165 A CN 2010106204165A CN 201010620416 A CN201010620416 A CN 201010620416A CN 102567230 A CN102567230 A CN 102567230A
Authority
CN
China
Prior art keywords
file
fcp information
safety condition
fcp
catalogue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010106204165A
Other languages
Chinese (zh)
Other versions
CN102567230B (en
Inventor
龚平
窦永金
常莹
刘金鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Potevio Co ltd
Petevio Institute Of Technology Co ltd
Original Assignee
Potevio Institute of Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Potevio Institute of Technology Co Ltd filed Critical Potevio Institute of Technology Co Ltd
Priority to CN201010620416.5A priority Critical patent/CN102567230B/en
Publication of CN102567230A publication Critical patent/CN102567230A/en
Application granted granted Critical
Publication of CN102567230B publication Critical patent/CN102567230B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a smart card which comprises an interface module, a controllable storage region, a storage controller and an additional controller, wherein the additional controller establishes catalogue FCP information and file FCP information by using a name as an index according to a command of establishing FCP information, obtains the FCP information according to the name of a file to be processed, and analyzes the FCP information of the file to be processed to obtain a safety condition and a safety algorithm. Whether the safety condition is met is judged according to a permission validation command, when the safety condition is met, data included by the field to be processed is protected by using the safety algorithm to obtain the data subjected to safety protection, and the data subjected to the safety protection is output to the storage controller; and the safety condition is not met, operation is rejected. The invention also provides a method for safely managing the smart card. By adopting the smart card and the method provided by the invention, the safety and the flexibility can be enhanced.

Description

The method of a kind of intelligent memory card and safety management thereof
Technical field
The present invention relates to memory technology, the method for particularly a kind of intelligent memory card and safety management thereof.
Background technology
Intelligent memory card (Smart Storage Card; SSC) traditional smart card techniques and ultra-high capacity storage technology are combined; Utilize multiple communication and computer interface; Be loaded in mobile communication terminal, computing machine and other digital terminal equipment, the intelligent information of multiple functions such as high capacity storage, novel wireless value-added application, multimedia processing, information security, DRM be provided, products such as multimedia, amusement.
Because mostly the data in the intelligent memory card are user or publisher's significant data, the safety that how to realize safe data storage, communication and specific region operational order will be the major issue that intelligent memory card must solve.
Publication number is the patent of invention of the CN101520854A intelligent memory card that proposed to comprise storage medium and usb interface module, and realize the method for secure access between intelligent memory card and access means (PC), and the storage space of storage medium is divided into confidential data district and mass memory district; The secret storage district uses the file system of ISO7816-4 standard, its zone for carrying out control of authority to file; The memory sector that usb interface module is used for different sectors that confidential data district and mass memory district are covered and the equipment (PC) of visiting intelligent memory card shines upon; Confidential data operational module on the equipment of visit intelligent memory card comes the file in the secret storage district on the intelligent memory card is carried out safety management through the usb interface module of intelligent memory card.Because the equipment of visit intelligent memory card carries out safety management to intelligent memory card, security is lower; And the confidential data district adopts fixing file structure, and rights management is unit with the sector, is prone to cracked by physics or software intercepting and capturing, has higher security risk; Security logic in this patent of invention is comparatively fixing, simple, can not be provided with flexibly, is still waiting further improvement.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of intelligent memory card, this storage card can improve security and dirigibility.
The object of the present invention is to provide a kind of method of intelligent memory card safety management, this method can improve security and dirigibility.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
A kind of intelligent memory card, this storage card comprises:
Interface module, the document control parameter F CP information command of setting up that the outside is imported exports memory controller to; Export the operational order and the Authority Verification instruction of outside input to memory controller; Said FCP information is include file title, security algorithm and safety condition at least;
Controlled memory block, be used to save contents and said catalogue under file;
Memory controller exports the said FCP of foundation information command to additional controller; The title of the pending file that said operational order is carried and the instruction of said Authority Verification export additional controller to; Handle according to the data of operational order after the safeguard protection of additional controller output;
Additional controller; According to the said FCP information command of setting up; Be called index with name and set up the catalogue of preserving catalogue FCP information one to one, be called index with name and set up the file preserved with said controlled memory block file FCP information one to one with said controlled memory block; According to its FCP information of name acquiring of said pending file, resolve the FCP information acquisition safety condition and the security algorithm of said pending file; Instruction judges whether to satisfy safety condition according to Authority Verification; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, the data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; Confirm not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Said additional controller is further resolved the FCP information acquisition life cycle of said pending file, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that said additional controller further comprises according to said FCP information judges whether to satisfy safety condition.
In the said memory card, said additional controller comprises:
Microprocessor; The said FCP information command of setting up according to said memory controller output; In additional storage, be called index and preserve and the catalogue of said controlled memory block catalogue FCP information one to one, in additional storage, be called index and preserve and the file of said controlled memory block file FCP information one to one with name with name; The title of the pending file that carries according to operational order reads the FCP information of pending file from additional storage, resolve FCP information acquisition life cycle, safety condition and the security algorithm of said pending file; Judge whether to satisfy the requirement of life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition, after confirming to satisfy safety condition, utilizes security algorithm that the data that pending literature kit contains are protected; Data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; When confirming not satisfy life cycle or do not satisfy safety condition, the refusal operation;
Additional storage is used to preserve said catalogue FCP information and said file FCP information.
Preferably, said additional storage is further used for preserving required key of security algorithm and/or password.
A kind of intelligent memory card, this storage card comprises:
Interface module, set up document control parameter F CP information instruction, Authority Verification instruction and operational order that the outside is imported export memory controller to; Said FCP information is include file title, safety condition and security algorithm at least;
Storer, be used to save contents, the file under the said catalogue, with said catalogue one to one catalogue FCP information and with said catalogue under file file FCP information one to one;
Memory controller; According to the said FCP information command of setting up; In storer, be called index and set up and the said catalogue of preserving catalogue FCP information one to one, in storer, be called index and set up and the said file of preserving file FCP information one to one with name with name; Its FCP information of name acquiring of the pending file that carries according to said operational order is resolved the FCP information acquisition safety condition and the security algorithm of said pending file; Judge whether to satisfy safety condition according to said Authority Verification instruction; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, obtain the data after the safeguard protection, handle according to the data of said operational order after to safeguard protection; Confirm not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Said memory controller is further resolved the FCP information of said pending file and is obtained life cycle, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
Said memory controller further instructs according to Authority Verification and the logical combination of the safety condition that said FCP information comprises judges whether to satisfy safety condition.
In the said memory card, said storer comprises:
Controlled memory block, be used to save contents and said catalogue under file;
Additional storage is used to preserve and the said catalogue of said controlled memory block catalogue FCP information one to one, is used to preserve the file file FCP information one to one under the said catalogue with said controlled memory block.
Preferably, said storer is further used for preserving required key of security algorithm and/or password.
A kind of method of intelligent memory card safety management, this method comprises:
A, set up the catalogue of preserving with controlled memory block catalogue file controlled variable FCP information, and the file of preserving with controlled memory block that carries out index with the title file FCP information one to one one to one of carrying out index in additional storage with title; Said FCP information is include file title, safety condition and security algorithm at least;
Its FCP information of name acquiring of B, the pending file that carries according to the operational order of outside input is resolved the FCP information acquisition safety condition and the security algorithm of said pending file;
C, the Authority Verification of importing according to the outside instruct; Judge whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data that obtain after the safeguard protection, handle according to the data of said operational order after to safeguard protection; When confirming not satisfy safety condition, refusal is operated.
Preferably, said FCP information further comprises a life cycle;
Further comprise between said step B and the said step C: resolve the FCP information acquisition life cycle of said pending file, after confirming to satisfy life cycle, execution in step C, otherwise refusal is operated.
Preferably, said FCP information further comprises the logical combination of a safety condition;
Said step B further comprises: the logical combination of the safety condition that comprises according to said FCP information judges whether to satisfy safety condition.
In the said method; The file that preserve the said and controlled memory block of steps A file FCP information one to one is: the file structure that said file FCP information and said catalogue FCP information constitute in additional storage, the file structure that in controlled memory block, constitutes with said file FCP information corresponding file and the corresponding catalogue of said catalogue FCP information is identical.
In the said method, said security algorithm comprises AES and verification at least, and perhaps said security algorithm comprises decipherment algorithm and verification at least;
The said security algorithm that utilizes of step C comprises the data protection of pending file:
C1, utilize AES that the data that pending literature kit contains are encrypted, or utilize decipherment algorithm that the data that pending literature kit contains are deciphered;
C2, the integrality of encrypting the data that data that the back obtains or deciphering back obtain is carried out verification, with data encrypted and the proof test value data after as safeguard protection, data after maybe will deciphering and the proof test value data after as safeguard protection.
Preferably; Steps A is said sets up the file of preserving with controlled memory block one to one before the file FCP information that carries out index with title in additional storage, further comprises: for the file of preserving under the catalogue described in the said controlled memory block adds a file name; The length of said file name is the M byte; Said M is the natural number less than 256.
Visible by above-mentioned technical scheme; The invention provides the method for a kind of intelligent memory card and safety management thereof; Intelligent memory card is set up catalogue FCP information and file FCP information according to the FCP information of setting up FCP information and setting in intelligent memory card, intelligent memory card is when setting up FCP information; The file structure that forms when preserving in controlled memory block according to catalogue and file is set up the catalogue FCP information and the file FCP information of same file structure in additional storage; Obtain its FCP information according to pending file; According to safety condition and logical combination thereof, when confirming to satisfy safety condition, utilize security algorithm that pending data are protected; Obtain the data after the safeguard protection, handle according to the data of operational order after to safeguard protection.Adopt storage card of the present invention and method, when the file in the controlled memory block is operated, its operational order is carried out security control, realize safeguard protection, improved security and dirigibility data through safety condition and logical combination thereof.
Description of drawings
Fig. 1 is the structural representation of intelligent memory card first embodiment of the present invention.
Fig. 2 is the structural representation of intelligent memory card second embodiment of the present invention.
Fig. 3 is the process flow diagram of the method for intelligent memory card safety management of the present invention.
Embodiment
For make the object of the invention, technical scheme, and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, to further explain of the present invention.
The method of intelligent memory card of the present invention and intelligent memory card safety management no longer is that unit carries out safety management with the sector; But be that unit manages with the file; And realize the file of preserving in the controlled memory block is carried out safety management by memory controller in the intelligent memory card or additional controller, improved security; Can be according to the real needs of user for a certain file, safety condition and security algorithm that the FCP information of this document is comprised are provided with, and have improved dirigibility.
FCP information of the present invention is to define with reference to the structure described in the ISO7816-4 standard; But FCP information of the present invention is also further expanded the ISO7816-4 standard; In FCP information, increased the file name that can be arranged to any byte length, further being convenient to realize with the file is that unit carries out safety management.
Fig. 1 is the structural representation of intelligent memory card first embodiment of the present invention.Combine Fig. 1 at present, first embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card of the present invention comprises: interface module 10, memory controller 11, controlled memory block 12 and additional controller 13.Wherein, interface module 10 1 ends connect memory controller 11, the external unit of other end connected reference intelligent memory card; Memory controller 11 connects controlled memory block 12 and additional controller 13.
Interface module 10 provide memory controller 11 and the visit intelligent memory card external unit between communication channel.Interface module 10 exports document control parameter (FCP) information command of setting up of outside input to memory controller 11.Wherein, set up the FCP information command and carry and wait to set up the directory name of FCP information and the FCP information of setting, or carry and wait to set up the file name of FCP information and the FCP information of setting; The FCP information of said setting comprises file name and security attribute at least; Said security attribute comprises safety condition and security algorithm at least; Said security attribute can be set to compact mode, mode of extension, with reference to the combination of mode of extension or above-mentioned various modes.In order to improve security, said security attribute also can further comprise the logical combination of a life cycle and/or safety condition.
Interface module 10 exports the operational order and the Authority Verification instruction of outside input to memory controller 11.Wherein, operational order comprises read data instruction or write data instruction; Operational order also further carries the title of pending file; The title of pending file can be the title of pending catalogue or the title of the file under the pending data.The Authority Verification instruction also carries the certificate parameter of operation this time.
Controlled memory block 12 is used to preserve a plurality of files under a plurality of catalogues and said each catalogue.Catalogue and the file that preserve controlled memory block 12 are the contents that need carry out safeguard protection.Such as: catalogue 1 include file 1 and file 2, catalogue 2 include files 3 and file 4.
Memory controller 11 will be set up the FCP information command and export additional controller 13 to.Memory controller 11 exports the title and the Authority Verification instruction of the pending file that operational order carries to additional controller 13.Memory controller 11 is handled according to the data of operational order after to the safeguard protection of additional controller 13 output, to interface module 10 feedback processing results and the data after handling.In the present embodiment, memory controller 11 does not carry out safety management to file or the catalogue that preserve controlled memory block 12, only carries out read or write operation according to the data of operational order after to the safeguard protection of additional controller 13 outputs.
Additional controller 13 is according to setting up the FCP information command, is called index with name and sets up the catalogue of preserving with controlled memory block 12 catalogue FCP information one to one, is called index with name and sets up the file preserved with controlled memory block 12 file FCP information one to one; Particularly, additional controller 13 can through with the communication of memory controller 11, obtain the file structure of controlled memory block 12 through memory controller 11, and controlled memory block 12 catalogue of preserving and the file under the catalogue.Above-mentioned relation one to one is embodied on the file structure of being made up of file and catalogue; Be the file structure that file FCP information and catalogue FCP information form in additional controller 13, the file structure that in controlled memory block 12, forms with file FCP information corresponding file and the corresponding catalogue of catalogue FCP information is identical.
Additional controller 13 is searched the FCP information of pending file according to the title of pending file from the FCP information of having set up; Resolve FCP information acquisition life cycle, the safety condition of pending file, the logical combination and the security algorithm of safety condition; Judge whether to satisfy life cycle; If satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data after the acquisition safeguard protection, data to the memory controller 11 after the output safety protection; When confirming not satisfy life cycle or safety condition, refusal is operation this time.Life cycle is a term of validity, judges whether to satisfy life cycle and judges just whether the operation to pending file is in the term of validity, if then carry out the judgement of safety condition, otherwise refusal is operation this time.Additional controller 13 is also further preserved key and/or the password that is used to carry out security algorithm.Such as: the FCP information acquisition safety condition of resolution file 1 is a PIN code; Security algorithm is AES and verification, judges then whether the certificate parameter that Authority Verification instruction carries is identical with PIN code, if identical; Then satisfy safety condition; Utilize the key of preserving that pending data are carried out cryptographic calculation, the data behind the cryptographic calculation are carried out completeness check, data or proof test value to memory controller 11 after the output safety protection; Certificate parameter and PIN code that the checking instruction that defines the competence is carried are inequality, then confirm not satisfy safety condition, and refusal is operation this time.
Wherein, additional controller 13 comprises microprocessor 131 and additional storage 132.Microprocessor 131 connects memory controller 11 and additional storage 132.
Additional storage 132 be used to save contents FCP information and file FCP information.Additional storage 132 is further used for preserving required key of security algorithm and/or password.
Microprocessor 131 is set up the FCP information command according to memory controller 11 output; In additional storage 132, be called index and preserve and the catalogue of controlled memory block 12 catalogue FCP information one to one, in additional storage 132, be called index and preserve and the file of controlled memory block 12 file FCP information one to one with name with name; The title of the pending file that carries according to operational order reads the FCP information of pending file from additional storage 132, resolve FCP information acquisition life cycle, the safety condition of pending file, the logical combination and the security algorithm of safety condition; Judge whether to satisfy the requirement of life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; After confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data after the acquisition safeguard protection, data to the memory controller 11 after the output safety protection; When confirming not satisfy life cycle or do not satisfy safety condition, the refusal operation.
Fig. 2 is the structural representation of intelligent memory card second embodiment of the present invention.Combine Fig. 2 at present, second embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card second embodiment of the present invention compares with first embodiment; Lacked the additional controller that is used to carry out file security control; The function of additional controller among Implementing Memory Controllers first embodiment among second embodiment, the intelligence storage of this embodiment has reduced hardware cost.
Intelligent memory card of the present invention comprises interface module 20, memory controller 21 and storer 22.Interface module 20 1 ends connect memory controller 21, the external unit of other end connected reference intelligent memory card; Memory controller 21 connected storages 22.
The interface module 20 of present embodiment is identical with the interface module 10 of first embodiment, this no longer docking port module 20 describe.
Storer 22 is used to save contents, the file under the catalogue, with said catalogue one to one catalogue FCP information and with said catalogue under file file FCP information one to one.Storer 22 is also further preserved key and/or the password that is used to carry out security algorithm.The content of catalogue FCP information and file FCP information is identical with the content of embodiment one, repeats no more at this.
Storage control attaches 21 according to setting up the FCP information command; From storer 22, obtain the catalogue of its preservation and the file under the catalogue; The FCP information of the setting of carrying according to the FCP information command; In storer with name be called index set up with the said catalogue of preserving one to one catalogue FCP information, and with the said file of preservation file FCP information one to one; In other words, the corresponding catalogue of the file structure that forms at storer 22 of file FCP information and catalogue FCP information and file FCP information corresponding file and catalogue FCP information is identical in the file structure of storer 22 formation.
The title of the pending file that memory controller 21 carries according to operational order, the FCP information of from the FCP information of having set up, searching pending file; Resolve the logical combination of said FCP information acquisition for life cycle, safety condition, security algorithm and the safety condition of pending file.Memory controller 21 judges whether to satisfy life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data that obtain after the safeguard protection, handle according to the data of operational order after to safeguard protection; When confirming not satisfy life cycle or do not satisfy safety condition, refusal is operation this time.
Memory controller 21 is the data after interface module 20 feedback processing results and processing further; Said result is the result of refusal operation or the result of complete operation; Data after the said processing are data or the integrity check value after the safeguard protection.
Wherein, storer 22 comprises: controlled memory block 221 and additional storage 222.
Controlled memory block 221 is used to preserve a plurality of files under a plurality of catalogues and each catalogue.Catalogue and the file preserved in the controlled memory block 221 are in order to carry out the file of safeguard protection.
Additional storage 222 be used to save contents FCP information and file FCP information.
The file structure that catalogue FCP information that additional storage 222 is preserved and file FCP information form is identical with the file structure that the catalogue and the file under the catalogue of 221 preservations of controlled memory block form.
Fig. 3 is the process flow diagram of the method for intelligent memory card safety management of the present invention.Combine Fig. 3 at present, the method for intelligent memory card safety management of the present invention is described, specific as follows:
Step 301: set up the FCP information of carrying out index with title;
This step comprises: step 3011, add directory name according to the catalogue that preserve controlled memory block, and the file of preserving according to controlled memory block adds file name; Step 3012, according to FCP information and the directory name of setting up the setting that the FCP information command carries, in additional storage, set up carry out index with directory name with controlled memory block in catalogue catalogue FCP information one to one; Step 3013, according to FCP information and the file name of setting up the setting that the FCP information command carries, in additional storage, set up carry out index with file name with controlled memory block in file file FCP information one to one.
In the step 3011; Length and particular content that the file of preserving according to controlled memory block adds file name can be provided with according to user's demand; The title of the fixed byte length that no longer is confined to stipulate among the ISO7816-4 can file name be set to M byte; Said M is the natural number less than 256.
In this step, the file structure that catalogue FCP information that additional storage is preserved and file FCP information form is identical with the file structure that the catalogue and the file of the preservation of controlled memory block form, and repeats no more at this.
Step 302: the FCP information of obtaining pending file;
According to the title of the pending file that carries in the operational order, the FCP information of the pending file of from additional storage, preserving of FCP information searching.
Step 303: the logical combination and the security algorithm of resolving FCP information acquisition safety condition, safety condition;
The responsible controller that file is carried out safety management such as memory controller or additional controller, is resolved the FCP information of pending file in the intelligent memory card, obtains the safety condition relevant with pending file, the logic and the security algorithm of safety condition.
Step 304: judge whether to satisfy safety condition, if, execution in step 305, otherwise execution in step 307;
In this step, if the logical combination of safety condition is not set, then directly instruction judges whether to satisfy safety condition according to Authority Verification; If be provided with the logical combination of safety condition, then the logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition.
Safety condition of the present invention also further carries the parameter that whether satisfies safety condition in order to judge; Such as: safety condition can be PIN code checking, authentication, external authentication, internal authentication, multiple authentication or the like; Then determine whether that according to the PIN code of importing, authentication code, external authentication sign indicating number, internal authentication sign indicating number, multiple authentication sign indicating number or the like the parameter of carrying with safety condition is identical; If then confirm to satisfy safety condition, otherwise confirm not satisfy safety condition.
Step 305: utilize security algorithm that pending file is protected;
Said security algorithm comprises AES and verification at least, and perhaps said security algorithm comprises decipherment algorithm and verification at least.
Comprise AES and be verified as example that with security algorithm this step comprises: utilize the key of AES and preservation, pending file is encrypted; Carry out data integrity verifying to encrypting the data that the back obtains, with data encrypted and the proof test value data after as safeguard protection.
Comprise decipherment algorithm and be verified as example that with security algorithm this step comprises: utilize the key of decipherment algorithm and preservation, pending file is deciphered; Carry out data integrity verifying to deciphering the data that the back obtains, with the data after the deciphering and the proof test value data after as safeguard protection.
Step 306: handle according to the data of operational order after to safeguard protection;
Said operational order comprises reading command or writes instruction; According to the operational order that receives, the data after the safeguard protection of step 305 acquisition are carried out read or write operation.
Step 307: finish.
In order further to improve security, FCP information further comprises life cycle; Whether effectively life cycle is in order to judge the operation of a certain file parameter.
Between step 303 and step 304, further comprise: the life cycle according to the FCP information of pending file comprises, judge whether to satisfy life cycle, if, execution in step 304, otherwise execution in step 307.
In the above-mentioned preferred embodiment of the present invention; No longer the external unit by the visit intelligent memory card carries out safety management to the data in the intelligent memory card; But by intelligent memory card according to the FCP information that is provided with in advance; File to preserving in the controlled memory block carries out safety management, is difficult for being cracked by physics or software, has improved security; Intelligent memory card of the present invention and method for managing security; No longer with the base unit of sector as rights management; But by the elementary cell of the file under the different file as safety management; Such as: file under the file under FAT (the File Allocation Table) file system, NTFS (the New Technology File System) file system or the file under EXT (the Extended File System) file system, but be not limited to the file under above-mentioned three kinds of file system.Intelligent memory card of the present invention and method for managing security can be provided with FCP information to the security requirement of specific file according to the user, have improved dirigibility; For the ease of being that base unit carries out safety management with the file, the file structure of the catalogue of preservation and file formation is identical in the file structure that the catalogue FCP information of preserving in the additional storage of the present invention and file FCP information form and the controlled memory block.
The above is merely preferred embodiment of the present invention, is not limited to the present invention, and is all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of the present invention's protection.

Claims (16)

1. an intelligent memory card is characterized in that, this storage card comprises:
Interface module, the document control parameter F CP information command of setting up that the outside is imported exports memory controller to; Export the operational order and the Authority Verification instruction of outside input to memory controller; Said FCP information is include file title, security algorithm and safety condition at least;
Controlled memory block, be used to save contents and said catalogue under file;
Memory controller exports the said FCP of foundation information command to additional controller; The title of the pending file that said operational order is carried and the instruction of said Authority Verification export additional controller to; Handle according to the data of operational order after the safeguard protection of additional controller output;
Additional controller; According to the said FCP information command of setting up; Be called index with name and set up the catalogue of preserving catalogue FCP information one to one, be called index with name and set up the file preserved with said controlled memory block file FCP information one to one with said controlled memory block; According to its FCP information of name acquiring of said pending file, resolve the FCP information acquisition safety condition and the security algorithm of said pending file; Instruction judges whether to satisfy safety condition according to Authority Verification; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, the data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; Confirm not satisfy safety condition, refusal is operated.
2. storage card according to claim 1 is characterized in that, said FCP information further comprises a life cycle;
Said additional controller is further resolved the FCP information acquisition life cycle of said pending file, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
3. storage card according to claim 2 is characterized in that said FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that said additional controller further comprises according to said FCP information judges whether to satisfy safety condition.
4. storage card according to claim 3 is characterized in that, said additional controller comprises:
Microprocessor; The said FCP information command of setting up according to said memory controller output; In additional storage, be called index and preserve and the catalogue of said controlled memory block catalogue FCP information one to one, in additional storage, be called index and preserve and the file of said controlled memory block file FCP information one to one with name with name; The title of the pending file that carries according to operational order reads the FCP information of pending file from additional storage, resolve FCP information acquisition life cycle, safety condition and the security algorithm of said pending file; Judge whether to satisfy the requirement of life cycle; After confirming to satisfy life cycle; Logical combination according to Authority Verification instruction and safety condition judges whether to satisfy safety condition, after confirming to satisfy safety condition, utilizes security algorithm that the data that pending literature kit contains are protected; Data after the acquisition safeguard protection, data to the said memory controller after the output safety protection; When confirming not satisfy life cycle or do not satisfy safety condition, the refusal operation;
Additional storage is used to preserve said catalogue FCP information and said file FCP information.
5. storage card according to claim 4 is characterized in that, said additional storage is further used for preserving required key of security algorithm and/or password.
6. an intelligent memory card is characterized in that, this storage card comprises:
Interface module, set up document control parameter F CP information instruction, Authority Verification instruction and operational order that the outside is imported export memory controller to; Said FCP information is include file title, safety condition and security algorithm at least;
Storer, be used to save contents, the file under the said catalogue, with said catalogue one to one catalogue FCP information and with said catalogue under file file FCP information one to one;
Memory controller; According to the said FCP information command of setting up; In storer, be called index and set up and the said catalogue of preserving catalogue FCP information one to one, in storer, be called index and set up and the said file of preserving file FCP information one to one with name with name; Its FCP information of name acquiring of the pending file that carries according to said operational order is resolved the FCP information acquisition safety condition and the security algorithm of said pending file; Judge whether to satisfy safety condition according to said Authority Verification instruction; When confirming to satisfy safety condition; Utilize security algorithm that the data that pending literature kit contains are protected, obtain the data after the safeguard protection, handle according to the data of said operational order after to safeguard protection; Confirm not satisfy safety condition, refusal is operated.
7. storage card according to claim 6 is characterized in that, said FCP information further comprises a life cycle;
Said memory controller is further resolved the FCP information of said pending file and is obtained life cycle, and judges whether to satisfy the requirement of life cycle, and after confirming to satisfy, instruction judges whether to satisfy safety condition according to Authority Verification; Confirm not satisfy life cycle, refusal is operated.
8. according to claim 6 or 7 described storage cards, it is characterized in that said FCP information further comprises the logical combination of a safety condition;
Said memory controller further instructs according to Authority Verification and the logical combination of the safety condition that said FCP information comprises judges whether to satisfy safety condition.
9. storage card according to claim 8 is characterized in that, said storer comprises:
Controlled memory block, be used to save contents and said catalogue under file;
Additional storage is used to preserve and the said catalogue of said controlled memory block catalogue FCP information one to one, is used to preserve the file file FCP information one to one under the said catalogue with said controlled memory block.
10. storage card according to claim 8 is characterized in that, said storer is further used for preserving required key of security algorithm and/or password.
11. the method for an intelligent memory card safety management is characterized in that, this method comprises:
A, set up the catalogue of preserving with controlled memory block catalogue file controlled variable FCP information, and the file of preserving with controlled memory block that carries out index with the title file FCP information one to one one to one of carrying out index in additional storage with title; Said FCP information is include file title, safety condition and security algorithm at least;
Its FCP information of name acquiring of B, the pending file that carries according to the operational order of outside input is resolved the FCP information acquisition safety condition and the security algorithm of said pending file;
C, the Authority Verification of importing according to the outside instruct; Judge whether to satisfy safety condition; When confirming to satisfy safety condition, the data of utilizing security algorithm that pending literature kit is contained are protected the data that obtain after the safeguard protection, handle according to the data of said operational order after to safeguard protection; When confirming not satisfy safety condition, refusal is operated.
12. method according to claim 11 is characterized in that, said FCP information further comprises a life cycle;
Further comprise between said step B and the said step C: resolve the FCP information acquisition life cycle of said pending file, after confirming to satisfy life cycle, execution in step C, otherwise refusal is operated.
13., it is characterized in that said FCP information further comprises the logical combination of a safety condition according to claim 11 or 12 described methods;
Said step B further comprises: the logical combination of the safety condition that comprises according to said FCP information judges whether to satisfy safety condition.
14. method according to claim 13; It is characterized in that; The file that preserve the said and controlled memory block of steps A file FCP information one to one is: the file structure that said file FCP information and said catalogue FCP information constitute in additional storage, the file structure that in controlled memory block, constitutes with said file FCP information corresponding file and the corresponding catalogue of said catalogue FCP information is identical.
15. method according to claim 13 is characterized in that, said security algorithm comprises AES and verification at least, and perhaps said security algorithm comprises decipherment algorithm and verification at least;
The said security algorithm that utilizes of step C comprises the data protection of pending file:
C1, utilize AES that the data that pending literature kit contains are encrypted, or utilize decipherment algorithm that the data that pending literature kit contains are deciphered;
C2, the integrality of encrypting the data that data that the back obtains or deciphering back obtain is carried out verification, with data encrypted and the proof test value data after as safeguard protection, data after maybe will deciphering and the proof test value data after as safeguard protection.
16. method according to claim 13; It is characterized in that; Steps A is said sets up the file of preserving with controlled memory block one to one before the file FCP information that carries out index with title in additional storage, further comprises: for the file of preserving under the catalogue described in the said controlled memory block adds a file name; The length of said file name is the M byte; Said M is the natural number less than 256.
CN201010620416.5A 2010-12-23 2010-12-23 Smart card and method for safely managing same Expired - Fee Related CN102567230B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010620416.5A CN102567230B (en) 2010-12-23 2010-12-23 Smart card and method for safely managing same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010620416.5A CN102567230B (en) 2010-12-23 2010-12-23 Smart card and method for safely managing same

Publications (2)

Publication Number Publication Date
CN102567230A true CN102567230A (en) 2012-07-11
CN102567230B CN102567230B (en) 2014-11-26

Family

ID=46412689

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010620416.5A Expired - Fee Related CN102567230B (en) 2010-12-23 2010-12-23 Smart card and method for safely managing same

Country Status (1)

Country Link
CN (1) CN102567230B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841861A (en) * 2011-06-24 2012-12-26 同方股份有限公司 Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof
CN107590149A (en) * 2016-07-07 2018-01-16 北京数码视讯科技股份有限公司 File directory creating method and apparatus in a kind of smart card
CN112737700A (en) * 2020-12-21 2021-04-30 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data encryption and decryption method and device, encryption equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351813B1 (en) * 1996-02-09 2002-02-26 Digital Privacy, Inc. Access control/crypto system
CN1395180A (en) * 2001-07-09 2003-02-05 大买家科技股份有限公司 File protection system using storage card and its method
CN1501263A (en) * 2002-11-13 2004-06-02 �������ʿƿƼ����޹�˾ Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device
CN1567255A (en) * 2003-09-02 2005-01-19 四川大学 Method for controlling storage and access of security file system
CN101520854A (en) * 2008-02-29 2009-09-02 凤凰微电子(中国)有限公司 Smart memory card, data safety control system and method thereof
US20100023747A1 (en) * 2007-11-12 2010-01-28 Micron Technology, Inc. Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351813B1 (en) * 1996-02-09 2002-02-26 Digital Privacy, Inc. Access control/crypto system
CN1395180A (en) * 2001-07-09 2003-02-05 大买家科技股份有限公司 File protection system using storage card and its method
CN1501263A (en) * 2002-11-13 2004-06-02 �������ʿƿƼ����޹�˾ Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device
CN1567255A (en) * 2003-09-02 2005-01-19 四川大学 Method for controlling storage and access of security file system
US20100023747A1 (en) * 2007-11-12 2010-01-28 Micron Technology, Inc. Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules
CN101520854A (en) * 2008-02-29 2009-09-02 凤凰微电子(中国)有限公司 Smart memory card, data safety control system and method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841861A (en) * 2011-06-24 2012-12-26 同方股份有限公司 Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof
CN107590149A (en) * 2016-07-07 2018-01-16 北京数码视讯科技股份有限公司 File directory creating method and apparatus in a kind of smart card
CN107590149B (en) * 2016-07-07 2021-01-08 北京数码视讯科技股份有限公司 File directory creation method and device in smart card
CN112737700A (en) * 2020-12-21 2021-04-30 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data encryption and decryption method and device, encryption equipment and storage medium
CN112737700B (en) * 2020-12-21 2021-11-16 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data encryption and decryption method and device, encryption equipment and storage medium

Also Published As

Publication number Publication date
CN102567230B (en) 2014-11-26

Similar Documents

Publication Publication Date Title
CN103366797B (en) Method for designing secure USB flash disk by using wireless authentication terminal to authorize authentication and encrypt and decrypt
CN101562040B (en) Data processing method of high-security mobile memory
CN101800811B (en) Mobile phone data security protection method
CN102722670B (en) Mobile storage equipment-based file protection method, equipment and system
EP1580663A1 (en) A method for realizing security data storage and algorithm storage by means of semiconductor memory device
CN101520854B (en) Smart memory card, data safety control system and method thereof
CN101593252B (en) Method and system for controlling access of computer to USB equipment
CN102693399B (en) System and method for on-line separation and recovery of electronic documents
CN103345601A (en) Identity recording and verification system based on radio frequency
CN103390125A (en) Design method for safe and mobile storage controller authorized and encrypted/decrypted by wireless terminal
EP2361416A1 (en) Secure storage device
CN101595488A (en) Be used for content is tied to the method and apparatus of independent storage arrangement
CN106682522A (en) Fingerprint encryption device and implementation method thereof
CN101578608A (en) Methods and apparatuses for accessing content based on a session ticket
CN106296177A (en) Data processing method based on bank's Mobile solution and equipment
US20130262879A1 (en) Secure type storage device and information security system
CN201185082Y (en) Mobile memory with high safety
CN107273150A (en) Preload firmware and download wiring method and device
CN105303093A (en) Token verification method for cryptographic smart token
CN101296231A (en) Data card operation method and data card
CN101930521A (en) File protecting method and device thereof
CN102567230B (en) Smart card and method for safely managing same
CN103049705B (en) A kind of based on virtualized method for secure storing, terminal and system
CN108287988B (en) Security management system and method for mobile terminal file
CN102480353A (en) Method of password authentication and secret key protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: PUTIAN IT TECH INST CO., LTD.

Free format text: FORMER OWNER: CHINA POTEVIO CO., LTD.

Effective date: 20130306

Owner name: CHINA POTEVIO CO., LTD.

Free format text: FORMER OWNER: PUTIAN IT TECH INST CO., LTD.

Effective date: 20130304

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20130304

Address after: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Applicant after: CHINA POTEVIO CO.,LTD.

Address before: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Applicant before: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd.

Effective date of registration: 20130306

Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Applicant after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd.

Address before: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Applicant before: CHINA POTEVIO CO.,LTD.

C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141126

Termination date: 20211223

CF01 Termination of patent right due to non-payment of annual fee