CN102567230B - Smart card and method for safely managing same - Google Patents
Smart card and method for safely managing same Download PDFInfo
- Publication number
- CN102567230B CN102567230B CN201010620416.5A CN201010620416A CN102567230B CN 102567230 B CN102567230 B CN 102567230B CN 201010620416 A CN201010620416 A CN 201010620416A CN 102567230 B CN102567230 B CN 102567230B
- Authority
- CN
- China
- Prior art keywords
- file
- fcp
- information
- safety condition
- catalogue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a smart card which comprises an interface module, a controllable storage region, a storage controller and an additional controller, wherein the additional controller establishes catalogue FCP information and file FCP information by using a name as an index according to a command of establishing FCP information, obtains the FCP information according to the name of a file to be processed, and analyzes the FCP information of the file to be processed to obtain a safety condition and a safety algorithm. Whether the safety condition is met is judged according to a permission validation command, when the safety condition is met, data included by the field to be processed is protected by using the safety algorithm to obtain the data subjected to safety protection, and the data subjected to the safety protection is output to the storage controller; and the safety condition is not met, operation is rejected. The invention also provides a method for safely managing the smart card. By adopting the smart card and the method provided by the invention, the safety and the flexibility can be enhanced.
Description
Technical field
The present invention relates to memory technology, particularly a kind of method of intelligent memory card and safety management thereof.
Background technology
Intelligent memory card (Smart Storage Card, SSC) traditional smart card techniques and ultra-high capacity storage technology are combined, utilize multiple communication and computer interface, be loaded in mobile communication terminal, computing machine and other digital terminal equipment, provide the intelligent information of the several functions such as large capacity storage, novel wireless value-added application, multimedia processing, information security, DRM, the products such as multimedia, amusement.
Because the data in intelligent memory card mostly are user or publisher's significant data, the safety that how to realize safe data storage, communication and specific region operational order will be the major issue that intelligent memory card must solve.
Publication number be the patent of invention of CN101520854A the intelligent memory card that comprises storage medium and usb interface module has been proposed and realize intelligent memory card and access means (PC) between the method for secure access, the storage space of storage medium is divided into confidential data district and mass memory district; Secret storage district is used the file system of ISO7816-4 standard, and it is for can carry out to file the region of control of authority; Usb interface module is for shining upon confidential data district and mass memory the district different sectors that cover and the memory sector of accessing the equipment (PC) of intelligent memory card; Confidential data operational module on the equipment of access intelligent memory card, by the usb interface module of intelligent memory card, carries out safety management to the file in the secret storage district on intelligent memory card.Owing to accessing the equipment of intelligent memory card, intelligent memory card is carried out to safety management, security is lower; And confidential data district adopts fixing file structure, rights management be take sector as unit, more easily by physics or software intercepting and capturing, is cracked, and has higher security risk; Security logic in this patent of invention is comparatively fixing, simple, can not arrange flexibly, need further improvement.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of intelligent memory card, this storage card can improve security and dirigibility.
The object of the present invention is to provide a kind of method of intelligent storage managing card safety, the method can improve security and dirigibility.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
An intelligent memory card, this storage card comprises:
Interface module, exports the document control parameter F CP information command of setting up of outside input to memory controller; Export operational order and the Authority Verification instruction of outside input to memory controller; Described FCP information is include file title, security algorithm and safety condition at least;
Controlled memory block, for save contents and described catalogue under file;
Memory controller, exports the described FCP of foundation information command to additional controller; The title of the pending file that described operational order is carried and described Authority Verification instruction export additional controller to; Data after the safeguard protection of additional controller being exported according to operational order are processed;
Additional controller, according to the described FCP information command of setting up, with name, be called index and set up the catalogue of preserving with described controlled memory block catalogue FCP information one to one, with name, be called index and set up the file preserved with described controlled memory block file FCP information one to one; According to its FCP information of the name acquiring of described pending file, resolve FCP information acquisition safety condition and the security algorithm of described pending file; According to Authority Verification, instruction judges whether to meet safety condition, determining while meeting safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data after output safety protection are to described memory controller; Determine and do not meet safety condition, refusal operates.
Preferably, described FCP information further comprises a life cycle;
Described additional controller is further resolved the FCP information acquisition life cycle of described pending file, and judges whether to meet the requirement of life cycle, and after determining and meeting, according to Authority Verification, instruction judges whether to meet safety condition; Determine and do not meet life cycle, refusal operates.
Preferably, described FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that described additional controller further contains according to described FCP packets of information judges whether to meet safety condition.
In said memory card, described additional controller comprises:
Microprocessor, according to the described FCP information command of setting up of described memory controller output, in additional storage, with name, be called index and preserve and the catalogue of described controlled memory block catalogue FCP information one to one, in additional storage, with name, be called index and preserve and the file of described controlled memory block file FCP information one to one; The title of the pending file carrying according to operational order reads the FCP information of pending file from additional storage, resolves FCP information acquisition life cycle, safety condition and the security algorithm of described pending file; Judge whether to meet the requirement of life cycle, determine and meet after life cycle, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition, determine and meet after safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data after output safety protection are to described memory controller; Determine when not meeting life cycle or not meeting safety condition refusal operation;
Additional storage, for preserving described catalogue FCP information and described file FCP information.
Preferably, described additional storage is further used for preserving the required key of security algorithm and/or password.
An intelligent memory card, this storage card comprises:
Interface module, exports the instruction of setting up document control parameter F CP information, Authority Verification instruction and the operational order of outside input to memory controller; Described FCP information is include file title, safety condition and security algorithm at least;
Storer, the file for saving contents, under described catalogue, with described catalogue one to one catalogue FCP information and with described catalogue under file file FCP information one to one;
Memory controller, according to the described FCP information command of setting up, in storer, with name, be called index and set up and the described catalogue of preserving catalogue FCP information one to one, in storer, with name, be called index and set up and the described file of preserving file FCP information one to one; Its FCP information of the name acquiring of the pending file carrying according to described operational order, resolves FCP information acquisition safety condition and the security algorithm of described pending file; According to described Authority Verification instruction, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data according to described operational order after to safeguard protection are processed; Determine and do not meet safety condition, refusal operates.
Preferably, described FCP information further comprises a life cycle;
Described memory controller is further resolved the FCP acquisition of information life cycle of described pending file, and judges whether to meet the requirement of life cycle, and after determining and meeting, according to Authority Verification, instruction judges whether to meet safety condition; Determine and do not meet life cycle, refusal operates.
Preferably, described FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that described memory controller further contains according to Authority Verification instruction and described FCP packets of information judges whether to meet safety condition.
In said memory card, described storer comprises:
Controlled memory block, for save contents and described catalogue under file;
Additional storage, for preserving and the described catalogue of described controlled memory block catalogue FCP information one to one, for preserving file under the described catalogue with described controlled memory block file FCP information one to one.
Preferably, described storer is further used for preserving the required key of security algorithm and/or password.
A method for intelligent storage managing card safety, the method comprises:
A, in additional storage, set up the catalogue of preserving with the controlled memory block file of preserving with controlled memory block that catalogue file is controlled parameter F CP information and carried out index with the title one to one file FCP information one to one of carrying out index with title; Described FCP information is include file title, safety condition and security algorithm at least;
Its FCP information of name acquiring of B, the pending file that carries according to the operational order of outside input, resolves FCP information acquisition safety condition and the security algorithm of described pending file;
C, the Authority Verification instruction of inputting according to outside, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm protect the data after acquisition safeguard protection to the data of pending file including, the data according to described operational order after to safeguard protection are processed; Determining that while not meeting safety condition, refusal operates.
Preferably, described FCP information further comprises a life cycle;
Between described step B and described step C, further comprise: resolve the FCP information acquisition life cycle of described pending file, definite, meet after life cycle, execution step C, otherwise refusal operates.
Preferably, described FCP information further comprises the logical combination of a safety condition;
Described step B further comprises: the logical combination of the safety condition containing according to described FCP packets of information judges whether to meet safety condition.
In said method, the file of preserving with controlled memory block described in steps A one to one file FCP information is: the file structure that described file FCP information and described catalogue FCP information form in additional storage, the file structure that catalogue corresponding to the file corresponding with described file FCP information and described catalogue FCP information forms in controlled memory block is identical.
In said method, described security algorithm at least comprises cryptographic algorithm and verification, or described security algorithm at least comprises decipherment algorithm and verification;
Described in step C, utilize security algorithm, the data protection of pending file comprised:
C1, utilize cryptographic algorithm to be encrypted the data of pending file including, or utilize decipherment algorithm to be decrypted the data of pending file including;
C2, to encrypting the integrality of the data that obtain after the data of rear acquisition or deciphering, carry out verification, data and the data of proof test value after safeguard protection after encrypting, maybe using data and the data of proof test value after safeguard protection after deciphering.
Preferably, described in steps A, in additional storage, set up the file of preserving with controlled memory block one to one before file FCP information carry out index with title, further comprise: for the file of preserving under catalogue described in described controlled memory block adds a file name; The length of described file name is M byte; Described M is less than 256 natural number.
As seen from the above technical solutions, the invention provides a kind of method of intelligent memory card and safety management thereof, intelligent memory card is according to the FCP information of setting up FCP information and setting, in intelligent memory card, set up catalogue FCP information and file FCP information, intelligent storage is stuck in while setting up FCP information, the file structure forming while preserving in controlled memory block according to catalogue and file is set up catalogue FCP information and the file FCP information of same file structure in additional storage; According to its FCP information of pending file acquisition; according to safety condition and logical combination thereof, determine while meeting safety condition, utilize security algorithm to protect pending data; obtain the data after safeguard protection, the data according to operational order after to safeguard protection are processed.Adopt storage card of the present invention and method, when the file in controlled memory block is operated, its operational order is carried out to security control, by safety condition and logical combination thereof, realize the safeguard protection to data, improved security and dirigibility.
Accompanying drawing explanation
Fig. 1 is the structural representation of intelligent memory card the first embodiment of the present invention.
Fig. 2 is the structural representation of intelligent memory card the second embodiment of the present invention.
Fig. 3 is the process flow diagram of the method for intelligent storage managing card safety of the present invention.
Embodiment
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
The method of intelligent memory card of the present invention and intelligent storage managing card safety no longer be take sector and is carried out safety management as unit, but take file, manage as unit, and by the memory controller in intelligent memory card or additional controller, realize the file of preserving in controlled memory block is carried out to safety management, improved security; Can be according to user the real needs for a certain file, safety condition and security algorithm that the FCP packets of information of this document is contained arrange, and have improved dirigibility.
FCP information of the present invention is to define with reference to the structure described in ISO7816-4 standard, but FCP information of the present invention is also further expanded ISO7816-4 standard, in FCP information, increased the file name that can be arranged to any byte length, be further convenient to realize and take file and carry out safety management as unit.
Fig. 1 is the structural representation of intelligent memory card the first embodiment of the present invention.Now, in conjunction with Fig. 1, the first embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card of the present invention comprises: interface module 10, memory controller 11, controlled memory block 12 and additional controller 13.Wherein, interface module 10 one end connect memory controller 11, the external unit of other end connected reference intelligent memory card; Memory controller 11 connects controlled memory block 12 and additional controller 13.
Interface module 10 provides the communication channel between memory controller 11 and the external unit of access intelligent memory card.Interface module 10 exports document control parameter (FCP) information command of setting up of outside input to memory controller 11.Wherein, set up FCP information command and carry the directory name of FCP information to be set up and the FCP information of setting, or carry the file name of FCP information to be set up and the FCP information of setting; The FCP information of described setting at least comprises file name and security attribute; Described security attribute at least comprises safety condition and security algorithm; Described security attribute can be set to compact mode, mode of extension, with reference to the combination of mode of extension or above-mentioned various modes.In order to improve security, described security attribute also can further comprise the logical combination of a life cycle and/or safety condition.
Interface module 10 exports operational order and the Authority Verification instruction of outside input to memory controller 11.Wherein, operational order comprises read data instruction or writes data command; Operational order also further carries the title of pending file; The title of pending file can be the title of pending catalogue or the title of the file under pending data.Authority Verification instruction also carries this time certificate parameter of operation.
Controlled memory block 12 is for preserving a plurality of files under a plurality of catalogues and described each catalogue.Catalogue and the file that preserve controlled memory block 12 are the contents that need to carry out safeguard protection.Such as: catalogue 1 include file 1 and file 2, catalogue 2 include files 3 and file 4.
Memory controller 11 exports additional controller 13 to by setting up FCP information command.The title of the pending file that memory controller 11 carries operational order and Authority Verification instruction export additional controller 13 to.Data after the safeguard protection that memory controller 11 is exported additional controller 13 according to operational order are processed, the data to interface module 10 feedback processing results and after processing.In the present embodiment, file or catalogue that memory controller 11 is not preserved controlled memory block 12 are carried out safety management, and the data after the safeguard protection of only according to operational order, additional controller 13 being exported are carried out read or write operation.
Additional controller 13 is according to setting up FCP information command, is called index sets up the catalogue of preserving with controlled memory block 12 catalogue FCP information one to one with name, is called index sets up the file preserved with controlled memory block 12 file FCP information one to one with name; Particularly, additional controller 13 can obtain the file structure of controlled memory block 12 by the communication with memory controller 11 by memory controller 11, and the catalogue of controlled memory block 12 preservations and the file under catalogue.Above-mentioned relation is one to one embodied in the file structure being comprised of file and catalogue, be the file structure that file FCP information and catalogue FCP information form in additional controller 13, the file structure that catalogue corresponding to the file corresponding with file FCP information and catalogue FCP information forms in controlled memory block 12 is identical.
Additional controller 13, according to the title of pending file, is searched the FCP information of pending file from the FCP information of having set up; Resolve FCP information acquisition life cycle, the safety condition of pending file, logical combination and the security algorithm of safety condition; Judge whether to meet life cycle, if meet life cycle, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm the data of pending file including to be protected to the data that obtain after safeguard protection, the data after output safety protection are to memory controller 11; Determining that while not meeting life cycle or safety condition, refusal is operation this time.Whether life cycle is a term of validity, judge whether to meet life cycle and namely judge the operation of pending file in the term of validity, if so, carry out the judgement of safety condition, otherwise refusal is operation this time.Additional controller 13 is also further preserved for carrying out key and/or the password of security algorithm.Such as: the FCP information acquisition safety condition of resolution file 1 is PIN code, security algorithm is cryptographic algorithm and verification, judge that whether the certificate parameter that Authority Verification instruction carries is identical with PIN code, if identical, meet safety condition, utilize the key of preserving to be encrypted computing to pending data, the data after cryptographic calculation are carried out to completeness check, the data after output safety protection or proof test value are to memory controller 11; The certificate parameter that the checking instruction that defines the competence is carried is not identical with PIN code, determines and does not meet safety condition, and refusal is operation this time.
Wherein, additional controller 13 comprises microprocessor 131 and additional storage 132.Microprocessor 131 connects memory controller 11 and additional storage 132.
Additional storage 132 is for FCP information and the file FCP information of saving contents.Additional storage 132 is further used for preserving the required key of security algorithm and/or password.
Microprocessor 131 is set up FCP information command according to memory controller 11 output, in additional storage 132, with name, be called index and preserve and the catalogue of controlled memory block 12 catalogue FCP information one to one, in additional storage 132, with name, be called index and preserve and the file of controlled memory block 12 file FCP information one to one; The title of the pending file carrying according to operational order reads the FCP information of pending file from additional storage 132, resolves FCP information acquisition life cycle, the safety condition of pending file, logical combination and the security algorithm of safety condition; Judge whether to meet the requirement of life cycle, determine and meet after life cycle, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition, definite, meet after safety condition, utilize security algorithm the data of pending file including to be protected to the data that obtain after safeguard protection, the data after output safety protection are to memory controller 11; Determine when not meeting life cycle or not meeting safety condition refusal operation.
Fig. 2 is the structural representation of intelligent memory card the second embodiment of the present invention.Now, in conjunction with Fig. 2, the second embodiment of intelligent memory card of the present invention is described, specific as follows:
Intelligent memory card the second embodiment of the present invention compares with the first embodiment, lacked for carrying out the additional controller of file security control, the function of additional controller in Implementing Memory Controllers the first embodiment in the second embodiment, the intelligent storage of this embodiment has reduced hardware cost.
Intelligent memory card of the present invention comprises interface module 20, memory controller 21 and storer 22.Interface module 20 one end connect memory controller 21, the external unit of other end connected reference intelligent memory card; Memory controller 21 connected storages 22.
The interface module 20 of the present embodiment is identical with the interface module 10 of the first embodiment, this no longer docking port module 20 describe.
The file of storer 22 for saving contents, under catalogue, with described catalogue one to one catalogue FCP information and with described catalogue under file file FCP information one to one.Storer 22 is also further preserved for carrying out key and/or the password of security algorithm.The content of catalogue FCP information and file FCP information is identical with the content of embodiment mono-, does not repeat them here.
Memory controller 21 is according to setting up FCP information command, from storer 22, obtain the catalogue of its preservation and the file under catalogue, the FCP information of the setting of carrying according to FCP information command, the described catalogue that is called index foundation with name and preserves in storer is catalogue FCP information one to one, and with the described file of preserving file FCP information one to one, in other words, the file structure that catalogue corresponding to the file that file FCP information is corresponding with file FCP information with the file structure that catalogue FCP information forms at storer 22 and catalogue FCP information forms at storer 22 is identical.
The title of the pending file that memory controller 21 carries according to operational order, the FCP information of searching pending file from the FCP information of having set up; Resolve described FCP information acquisition for the logical combination of life cycle, safety condition, security algorithm and the safety condition of pending file.Memory controller 21 judges whether to meet life cycle, after determining and meeting life cycle, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm the data of pending file including to be protected to the data that obtain after safeguard protection, the data according to operational order after to safeguard protection are processed; Determining that when not meeting life cycle or not meeting safety condition, refusal is operation this time.
Memory controller 21 is the data to interface module 20 feedback processing results and after processing further; Described result is the result of refusal operation or the result of complete operation; Data after described processing are data or the integrity check value after safeguard protection.
Wherein, storer 22 comprises: 221He additional storage, controlled memory block 222.
Controlled memory block 221 is for preserving a plurality of files under a plurality of catalogues and each catalogue.Catalogue and the file in controlled memory block 221, preserved are the files that carries out safeguard protection.
Additional storage 222 is for FCP information and the file FCP information of saving contents.
The file structure that the catalogue that the file structure that the catalogue FCP information that preserve additional storage 222 and file FCP information form is preserved with controlled memory block 221 and the file under catalogue form is identical.
Fig. 3 is the process flow diagram of the method for intelligent storage managing card safety of the present invention.Now, in conjunction with Fig. 3, the method for intelligent storage managing card safety of the present invention is described, specific as follows:
Step 301: set up the FCP information of carrying out index with title;
This step comprises: step 3011, and the catalogue of preserving according to controlled memory block is added directory name, and the file of preserving according to controlled memory block adds file name; Step 3012, according to FCP information and the directory name of setting up the setting that FCP information command carries, in additional storage, set up with directory name, carry out index with controlled memory block in catalogue catalogue FCP information one to one; Step 3013, according to FCP information and the file name of setting up the setting that FCP information command carries, in additional storage, set up with file name, carry out index with controlled memory block in file file FCP information one to one.
In step 3011, length and particular content that the file of preserving according to controlled memory block adds file name can arrange according to user's demand, the title that is no longer confined to the fixed byte length stipulated in ISO7816-4, can file name be set to M byte; Described M is less than 256 natural number.
In this step, the file structure that the catalogue that the file structure that the catalogue FCP information that preserve additional storage and file FCP information form is preserved with controlled memory block and file form is identical, does not repeat them here.
Step 302: the FCP information of obtaining pending file;
According to the title of the pending file carrying in operational order, the FCP information of the pending file of FCP information searching of preserving from additional storage.
Step 303: logical combination and the security algorithm of resolving FCP information acquisition safety condition, safety condition;
In intelligent memory card, be responsible for the controller that file is carried out to safety management, such as memory controller or additional controller, the FCP information of pending file resolved, obtain the safety condition relevant to pending file, logic and the security algorithm of safety condition.
Step 304: judge whether to meet safety condition, if so, execution step 305, otherwise execution step 307;
In this step, if the logical combination of safety condition is not set, directly according to Authority Verification, instruction judges whether to meet safety condition; If be provided with the logical combination of safety condition, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition.
Safety condition of the present invention also further carries to determine whether the parameter that meets safety condition, such as: safety condition can be PIN code checking, authentication, external authentication, internal authentication, multiple authentication etc., according to the PIN code of input, authentication code, external authentication code, internal authentication code, multiple authentication code etc., determine whether that the parameter of carrying with safety condition is identical, if, determine and meet safety condition, otherwise determine and do not meet safety condition.
Step 305: utilize security algorithm to protect pending file;
Described security algorithm at least comprises cryptographic algorithm and verification, or described security algorithm at least comprises decipherment algorithm and verification.
With security algorithm, comprise cryptographic algorithm and be verified as example, this step comprises: utilize the key of cryptographic algorithm and preservation, pending file is encrypted; To encrypting the data of rear acquisition, carry out data integrity verifying, data and the data of proof test value after safeguard protection after encrypting.
With security algorithm, comprise decipherment algorithm and be verified as example, this step comprises: utilize the key of decipherment algorithm and preservation, pending file is decrypted; To deciphering the data of rear acquisition, carry out data integrity verifying, using data and the data of proof test value after safeguard protection after deciphering.
Step 306: the data according to operational order after to safeguard protection are processed;
Described operational order comprises reading command or writes instruction; According to the operational order receiving, the data after the safeguard protection that step 305 is obtained are carried out read or write operation.
Step 307: finish.
In order further to improve security, FCP information further comprises life cycle; Life cycle is in order to judge the whether effective parameter of the operation of a certain file.
Between step 303 and step 304, further comprise: the life cycle containing according to the FCP packets of information of pending file, judge whether to meet life cycle, if so, execution step 304, otherwise execution step 307.
In above-mentioned preferred embodiment of the present invention, no longer the external unit by access intelligent memory card carries out safety management to the data in intelligent memory card, but the FCP information being set in advance by intelligent memory card basis, the file of preserving in controlled memory block is carried out to safety management, be difficult for being cracked by physics or software, improved security; Intelligent memory card of the present invention and method for managing security, no longer using the base unit of sector as rights management, but by the file under different file the elementary cell as safety management, such as: the file under the file under FAT (File Allocation Table) file system, NTFS (New Technology File System) file system or the file under EXT (Extended File System) file system, but be not limited to the file under above-mentioned three kinds of file system.Intelligent memory card of the present invention and method for managing security can arrange FCP information to the security requirement of specific file according to user, have improved dirigibility; For the ease of take file, carry out safety management as base unit, the file structure that the catalogue FCP information of preserving in additional storage of the present invention and file FCP information form is identical with the catalogue of preservation controlled memory block in and the file structure of file formation.
The foregoing is only preferred embodiment of the present invention, be not limited to the present invention, within the spirit and principles in the present invention all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (16)
1. an intelligent memory card, is characterized in that, this storage card comprises:
Interface module, exports the document control parameter F CP information command of setting up of outside input to memory controller; Export operational order and the Authority Verification instruction of outside input to memory controller; Described FCP information is include file title, security algorithm and safety condition at least;
Controlled memory block, for save contents and described catalogue under file;
Memory controller, exports the described FCP of foundation information command to additional controller; The title of the pending file that described operational order is carried and described Authority Verification instruction export additional controller to; Data after the safeguard protection of additional controller being exported according to operational order are processed;
Additional controller, according to the described FCP information command of setting up, with name, be called index and set up the catalogue of preserving with described controlled memory block catalogue FCP information one to one, with name, be called index and set up the file preserved with described controlled memory block file FCP information one to one; According to its FCP information of the name acquiring of described pending file, resolve FCP information acquisition safety condition and the security algorithm of described pending file; According to Authority Verification, instruction judges whether to meet safety condition, determining while meeting safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data after output safety protection are to described memory controller; Determine and do not meet safety condition, refusal operates.
2. storage card according to claim 1, is characterized in that, described FCP information further comprises a life cycle;
Described additional controller is further resolved the FCP information acquisition life cycle of described pending file, and judges whether to meet the requirement of life cycle, and after determining and meeting, according to Authority Verification, instruction judges whether to meet safety condition; Determine and do not meet life cycle, refusal operates.
3. storage card according to claim 2, is characterized in that, described FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that described additional controller further contains according to described FCP packets of information judges whether to meet safety condition.
4. storage card according to claim 3, is characterized in that, described additional controller comprises:
Microprocessor, according to the described FCP information command of setting up of described memory controller output, in additional storage, with name, be called index and preserve and the catalogue of described controlled memory block catalogue FCP information one to one, in additional storage, with name, be called index and preserve and the file of described controlled memory block file FCP information one to one; The title of the pending file carrying according to operational order reads the FCP information of pending file from additional storage, resolves FCP information acquisition life cycle, safety condition and the security algorithm of described pending file; Judge whether to meet the requirement of life cycle, determine and meet after life cycle, according to the logical combination of Authority Verification instruction and safety condition, judge whether to meet safety condition, determine and meet after safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data after output safety protection are to described memory controller; Determine when not meeting life cycle or not meeting safety condition refusal operation;
Additional storage, for preserving described catalogue FCP information and described file FCP information.
5. storage card according to claim 4, is characterized in that, described additional storage is further used for preserving the required key of security algorithm and/or password.
6. an intelligent memory card, is characterized in that, this storage card comprises:
Interface module, exports the instruction of setting up document control parameter F CP information, Authority Verification instruction and the operational order of outside input to memory controller; Described FCP information is include file title, safety condition and security algorithm at least;
Storer, the file for saving contents, under described catalogue, with described catalogue one to one catalogue FCP information and with described catalogue under file file FCP information one to one;
Memory controller, according to the described FCP information command of setting up, in storer, with name, be called index and set up and the described catalogue of preserving catalogue FCP information one to one, in storer, with name, be called index and set up and the described file of preserving file FCP information one to one; Its FCP information of the name acquiring of the pending file carrying according to described operational order, resolves FCP information acquisition safety condition and the security algorithm of described pending file; According to described Authority Verification instruction, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm to protect the data of pending file including, obtain the data after safeguard protection, the data according to described operational order after to safeguard protection are processed; Determine and do not meet safety condition, refusal operates.
7. storage card according to claim 6, is characterized in that, described FCP information further comprises a life cycle;
Described memory controller is further resolved the FCP acquisition of information life cycle of described pending file, and judges whether to meet the requirement of life cycle, and after determining and meeting, according to Authority Verification, instruction judges whether to meet safety condition; Determine and do not meet life cycle, refusal operates.
8. according to the storage card described in claim 6 or 7, it is characterized in that, described FCP information further comprises the logical combination of a safety condition;
The logical combination of the safety condition that described memory controller further contains according to Authority Verification instruction and described FCP packets of information judges whether to meet safety condition.
9. storage card according to claim 8, is characterized in that, described storer comprises:
Controlled memory block, for save contents and described catalogue under file;
Additional storage, for preserving and the described catalogue of described controlled memory block catalogue FCP information one to one, for preserving file under the described catalogue with described controlled memory block file FCP information one to one.
10. storage card according to claim 8, is characterized in that, described storer is further used for preserving the required key of security algorithm and/or password.
The method of 11. 1 kinds of intelligent storage managing card safeties, is characterized in that, the method comprises:
A, in additional storage, set up the catalogue of preserving with the controlled memory block file of preserving with controlled memory block that catalogue file is controlled parameter F CP information and carried out index with the title one to one file FCP information one to one of carrying out index with title; Described FCP information is include file title, safety condition and security algorithm at least;
Its FCP information of name acquiring of B, the pending file that carries according to the operational order of outside input, resolves FCP information acquisition safety condition and the security algorithm of described pending file;
C, the Authority Verification instruction of inputting according to outside, judge whether to meet safety condition, determining while meeting safety condition, utilize security algorithm protect the data after acquisition safeguard protection to the data of pending file including, the data according to described operational order after to safeguard protection are processed; Determining that while not meeting safety condition, refusal operates.
12. methods according to claim 11, is characterized in that, described FCP information further comprises a life cycle;
Between described step B and described step C, further comprise: resolve the FCP information acquisition life cycle of described pending file, definite, meet after life cycle, execution step C, otherwise refusal operates.
13. according to the method described in claim 11 or 12, it is characterized in that, described FCP information further comprises the logical combination of a safety condition;
Described step B further comprises: the logical combination of the safety condition containing according to described FCP packets of information judges whether to meet safety condition.
14. methods according to claim 13, it is characterized in that, the file of preserving with controlled memory block described in steps A one to one file FCP information is: the file structure that described file FCP information and described catalogue FCP information form in additional storage, the file structure that catalogue corresponding to the file corresponding with described file FCP information and described catalogue FCP information forms in controlled memory block is identical.
15. methods according to claim 13, it is characterized in that, described security algorithm at least comprises cryptographic algorithm and verification, or described security algorithm at least comprise decipherment algorithm and verification;
Described in step C, utilize security algorithm, the data protection of pending file comprised:
C1, utilize cryptographic algorithm to be encrypted the data of pending file including, or utilize decipherment algorithm to be decrypted the data of pending file including;
C2, to encrypting the integrality of the data that obtain after the data of rear acquisition or deciphering, carry out verification, data and the data of proof test value after safeguard protection after encrypting, maybe using data and the data of proof test value after safeguard protection after deciphering.
16. methods according to claim 13, it is characterized in that, described in steps A, in additional storage, set up the file of preserving with controlled memory block one to one before file FCP information carry out index with title, further comprise: for the file of preserving under catalogue described in described controlled memory block adds a file name; The length of described file name is M byte; Described M is less than 256 natural number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010620416.5A CN102567230B (en) | 2010-12-23 | 2010-12-23 | Smart card and method for safely managing same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010620416.5A CN102567230B (en) | 2010-12-23 | 2010-12-23 | Smart card and method for safely managing same |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102567230A CN102567230A (en) | 2012-07-11 |
| CN102567230B true CN102567230B (en) | 2014-11-26 |
Family
ID=46412689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010620416.5A Expired - Fee Related CN102567230B (en) | 2010-12-23 | 2010-12-23 | Smart card and method for safely managing same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102567230B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102841861A (en) * | 2011-06-24 | 2012-12-26 | 同方股份有限公司 | Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof |
| CN107590149B (en) * | 2016-07-07 | 2021-01-08 | 北京数码视讯科技股份有限公司 | File directory creation method and device in smart card |
| CN112737700B (en) * | 2020-12-21 | 2021-11-16 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Data encryption and decryption method and device, encryption equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6351813B1 (en) * | 1996-02-09 | 2002-02-26 | Digital Privacy, Inc. | Access control/crypto system |
| CN1395180A (en) * | 2001-07-09 | 2003-02-05 | 大买家科技股份有限公司 | File protection system using storage card and its method |
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| CN1567255A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for controlling storage and access of security file system |
| CN101520854A (en) * | 2008-02-29 | 2009-09-02 | 凤凰微电子(中国)有限公司 | Smart memory card, data safety control system and method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8156322B2 (en) * | 2007-11-12 | 2012-04-10 | Micron Technology, Inc. | Critical security parameter generation and exchange system and method for smart-card memory modules |
-
2010
- 2010-12-23 CN CN201010620416.5A patent/CN102567230B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6351813B1 (en) * | 1996-02-09 | 2002-02-26 | Digital Privacy, Inc. | Access control/crypto system |
| CN1395180A (en) * | 2001-07-09 | 2003-02-05 | 大买家科技股份有限公司 | File protection system using storage card and its method |
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| CN1567255A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for controlling storage and access of security file system |
| CN101520854A (en) * | 2008-02-29 | 2009-09-02 | 凤凰微电子(中国)有限公司 | Smart memory card, data safety control system and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102567230A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
| US20120066223A1 (en) | Method and computing device for creating distinct user spaces | |
| EP1580663A1 (en) | A method for realizing security data storage and algorithm storage by means of semiconductor memory device | |
| CN105141614B (en) | A kind of access right control method and device of movable storage device | |
| CN102722670B (en) | Mobile storage equipment-based file protection method, equipment and system | |
| CN101082883A (en) | Storage apparatus having multiple layer encrypting protection | |
| CN101578608B (en) | Methods and apparatuses for accessing content based on a session ticket | |
| CN102693399B (en) | System and method for on-line separation and recovery of electronic documents | |
| CN101593252B (en) | Method and system for controlling access of computer to USB equipment | |
| CN101562040A (en) | High-security mobile memory and data processing method thereof | |
| CN101595488A (en) | Be used for content is tied to the method and apparatus of independent storage arrangement | |
| CN105095945A (en) | SD card capable of securely storing data | |
| CN101520854A (en) | Smart memory card, data safety control system and method thereof | |
| CN106682522A (en) | Fingerprint encryption device and implementation method thereof | |
| WO2017181968A1 (en) | Method for processing application file, method and device for accessing application file, and storage medium | |
| US20130262879A1 (en) | Secure type storage device and information security system | |
| CN102200948A (en) | Multi-partition memory device and access method thereof | |
| CN107092838A (en) | A kind of safety access control method of hard disk and a kind of hard disk | |
| CN102567230B (en) | Smart card and method for safely managing same | |
| CN201185082Y (en) | Mobile memory with high safety | |
| CN101930521A (en) | File protecting method and device thereof | |
| CN101296231A (en) | Data card operation method and data card | |
| CN103617127A (en) | Memory device with subareas and memorizer area dividing method | |
| CN108287988B (en) | Security management system and method for mobile terminal file | |
| CN103049705B (en) | A kind of based on virtualized method for secure storing, terminal and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: PUTIAN IT TECH INST CO., LTD. Free format text: FORMER OWNER: CHINA POTEVIO CO., LTD. Effective date: 20130306 Owner name: CHINA POTEVIO CO., LTD. Free format text: FORMER OWNER: PUTIAN IT TECH INST CO., LTD. Effective date: 20130304 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20130304 Address after: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District Applicant after: CHINA POTEVIO CO.,LTD. Address before: 100080 Beijing, Haidian, North Street, No. two, No. 6, No. Applicant before: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd. Effective date of registration: 20130306 Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No. Applicant after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd. Address before: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District Applicant before: CHINA POTEVIO CO.,LTD. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141126 Termination date: 20211223 |