CN102841861A - Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof - Google Patents
Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof Download PDFInfo
- Publication number
- CN102841861A CN102841861A CN2011101721070A CN201110172107A CN102841861A CN 102841861 A CN102841861 A CN 102841861A CN 2011101721070 A CN2011101721070 A CN 2011101721070A CN 201110172107 A CN201110172107 A CN 201110172107A CN 102841861 A CN102841861 A CN 102841861A
- Authority
- CN
- China
- Prior art keywords
- memory
- access instruction
- controller
- file
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a data security storage device taking SD (Secure Digital Card) as a communication interface and a working method thereof which overcome the defect of lower security of current communication equipment taking SD as the communication interface. The data security storage device comprises a first memory, a second memory, an SD controller and a security controller; when an access instruction transmitted by upper equipment is a preset first class instruction, the SD controller is used for receiving the access instruction, transmitting the access instruction to the security controller and transmitting the file operation result transmitted by the security controller to the upper equipment; and the security controller is used for inquiring a corresponding target file in first memory cells of the first memory and the second memory, carrying out file operations on the target file according to the access instruction to obtain the file operation result when the access instruction has the operating authorization of operating the target file. According to the embodiment of the invention, different storage regions are logically mapped into a whole, and the size of a security storage space with higher requirement on security can be flexibly set.
Description
Technical field
The present invention relates to data storage technology, relate in particular to that a kind of (Secure Digital Card SD) is the data safe storing equipment and the method for work thereof of communication interface with safe digital card.
Background technology
At present, be that the application of data storage device of communication interface is increasingly extensive with SD, advantage such as it is big with capacity, volume is little, cheap is widely applied to fields such as data distribution, data storage.Simultaneously, the SD interface is as a general data transmission interface, also by various mancarried electronic aids compatibility, make with SD to be that the data storage device of communication interface has very high versatility.
With SD is the data storage device of communication interface, adopts flash memory (Flash) as storage medium usually.Though Flash has very big memory capacity; But this storage medium is the data storage device of general-purpose interface with SD; It all adopts stored in clear for the data that the user stored; This just make data to read copy very convenient and easy, thereby to cause with SD be that the data storage device of communication interface can't be applied to higher field of level of security such as financial circles etc., having limited with SD is the usable range of the data storage device of communication interface.
Prior art has also proposed based on USB (Universal Serial Bus; USB)/SD/ multimedia card (Multi Media Card; The secure access of mobile device technology such as MMC); But this technology is that the authority access control of the data of needs being carried out secure access is all deposited in the mutual middleware at equipment and upper terminal, and the fixing file structure of confidential data district employing, and rights management is unit with the sector; Therefore be prone to cracked, still exist higher security risk by physics or software intercepting and capturing.And this technological security logic is comparatively fixing, simple, can not be provided with flexibly in the practical application.
Summary of the invention
Technical matters to be solved by this invention is that a kind need be provided is the data security memory technology of communication interface with SD, and overcoming in the prior art with SD is the lower defective of communication apparatus security of communication interface.
In order to solve the problems of the technologies described above, the invention provides a kind of is the data safe storing equipment of communication interface with SD, and it comprises first memory, second memory, SD controller and safety governor, and wherein, said second memory comprises first storage unit;
Said SD controller; Link to each other with said safety governor with said second memory; Be used for being connected, receive the access instruction that said upper equipment sends, when said access instruction is the first kind instruction of presetting with upper equipment; Said access instruction is sent to said safety governor, and the file operation result that said safety governor is sent sends to said upper equipment;
Said safety governor; Link to each other with said first memory and SD controller; Be used for after receiving said access instruction, in the said first memory and first storage unit, inquire corresponding file destination, when said access instruction possesses the operating right that said file destination is operated; According to said access instruction said file destination is carried out file operation, obtain said file operation result and send to said SD controller.
Preferably, said safety governor is used to adopt file allocation table to manage the logic sector that the physical sector on said first memory and said first storage unit is mapped to; Wherein, the said first memory and first storage unit are used to adopt document form to store first data; Said file destination belongs to said first data.
Preferably, said first memory is used to store said file allocation table.
Preferably, said first memory and said safety governor integrate.
Preferably, said first memory is further used for storing the key file of said data safe storing equipment.
Preferably, said second memory links to each other with said SD controller through the SD interface.
Preferably, said SD controller is used for through judging whether said access instruction carries preset privately owned mark, judges whether said access instruction is said first kind instruction.
Preferably, said second memory comprises second storage unit, and said second storage unit is used to store second data.
The present invention also provides a kind of method of work of data safe storing equipment, and it comprises:
Said SD controller receives the said access instruction that said upper equipment sends;
When said SD controller is the first kind instruction of presetting at said access instruction, said access instruction is sent to said safety governor;
Said safety governor inquires corresponding file destination according to said access instruction in the said first memory and first storage unit; When said access instruction possesses the operating right that said file destination is operated; According to said access instruction said file destination is carried out file operation, obtain the file operation result and send to said SD controller;
Said SD controller sends to said upper equipment with said file operation result.
Preferably, when said SD controller is the instruction of the said first kind at said access instruction, said access instruction is sent to the step of said safety governor, comprising:
Whether said SD controller carries preset privately owned mark through judging in the said access instruction, judge whether said access instruction is said first kind instruction.
Compared with prior art; Embodiments of the invention are through being integral the different storage zone logical mappings; Size to the higher secure memory space of safety requirements can be set flexibly; Such as the rank that can secure memory space be extended to the G byte, efficient extn be the application and the range of application of the data storage device of communication interface with SD.Also some embodiment of technical scheme of the present invention carry out flexible management through the FAT document form to the file in the secure memory space, when guaranteeing data security, can organize flexibly with unified management the data of needs assurance safety and safeguard.
Other features and advantages of the present invention will be set forth in instructions subsequently, and, partly from instructions, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in instructions, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Accompanying drawing is used to provide the further understanding to technical scheme of the present invention, and constitutes the part of instructions, is used to explain technical scheme of the present invention with embodiments of the invention, does not constitute the restriction to technical scheme of the present invention.In the accompanying drawings:
Fig. 1 be the embodiment of the invention be the composition synoptic diagram of the data safe storing equipment of communication interface with SD;
Fig. 2 is the file distribution synoptic diagram in the secure memory space of the embodiment of the invention;
Fig. 3 be the embodiment of the invention be the schematic flow sheet of method of work of the data safe storing equipment of communication interface with SD.
Embodiment
Below will combine accompanying drawing and embodiment to specify embodiment of the present invention, how the application technology means solve technical matters to the present invention whereby, and the implementation procedure of reaching technique effect can make much of and implement according to this.
At first, the mutually combining under the prerequisite of not conflicting mutually of each characteristic among the embodiment of the invention and the embodiment is all within protection scope of the present invention.In addition; Can in computer system, carry out in the step shown in the process flow diagram of accompanying drawing such as a set of computer-executable instructions, and, though logical order has been shown in process flow diagram; But in some cases, can carry out step shown or that describe with the order that is different from here.
Fig. 1 is the composition synoptic diagram of the data safe storing equipment of communication interface with SD for the embodiment of the invention.As shown in Figure 1; In the present embodiment; The data safe storing equipment that with SD is communication interface mainly comprises first memory 110, second memory 120, SD controller (SD Controller; SDC) 130 and safety governor 140, this second memory 120 comprises first storage unit 121 and second storage unit 122.
Second memory 120 wherein links to each other with SD controller 130 through the SD interface, adopts universal communication agreement and SD controller 130 to carry out communication; Logically be divided into first storage unit 121 and second storage unit 122; Wherein the data access authority of first storage unit 121 and data management authority belong to safety governor 140; Accept the control and the operation of safety governor 140 through SD controller 130, store this first data with first memory 110; The data access authority of second storage unit 122 and data management authority belong to SD controller 130; The user can be accepted through the query manipulation of upper equipment (like mobile phone), data write operation that the user stores this storage unit through upper equipment or the like can be accepted the capacity of this storage unit; Be used to store to domestic consumer it is thus clear that and can accept second data (need not carry out the data of safeguard protection) that domestic consumer operates.
Above-mentioned privately owned mark needs on upper equipment and SD controller 130, to set in advance; Being used for differentiating this access instruction is second type of instruction that second data of storage in second memory 120 second storage unit 122 are operated, the first kind instruction of still first data of storage in first storage unit 121 in first memory 110 and the second memory 120 being operated.
Above-mentioned safety governor 140 is the inquiry of in first memory 110 and second memory 120, carrying out file destination according to access instruction in first storage unit 121 after receive access instruction and obtain administration authority that SD controller 130 submits to.
First storage unit, 121 minimum storage unit are physical sectors in first memory 110 and the second memory 120.Safety governor 140 is mapped as continuous logic sector with all the physical sector unifications on the whole secure memory space; And employing file allocation table (File Allocation Table; FAT) form is managed whole logic sector, and the FAT table is stored in the first memory 110.First memory 110 links to each other with safe controller 140, can effectively prevent the extraneous attack of carrying out through the SD interface, has effectively guaranteed first safety of data.
As shown in Figure 2; Each file in the secure memory space; Include file header and file body, wherein record document control parameter (File Control Information, information such as FCP) in the file header; And recording file content in the file body, this document content can be also can be ciphertext expressly.Wherein, The file header of each file and file body; Can together be stored in first storage unit 121 of first memory 110 or second memory 120, also can separate and be stored in respectively in first storage unit 121 of first memory 110 and second memory 120.The FCP information of file can define with reference to the structure described in the ISO7816-4 standard, writes in the in advance individualized stage, and only after satisfying certain safety condition, just allows modification.Level of security wants high key (KEY) file to force to be stored in this first memory 110 than the conventional system file.The in advance individualized stage is wherein generally accomplished by manufacturer, such as writing sequence number, operating system, privacy key etc., Yi Bian carry out personalized; In case after writing these information, just can not carry out other initial work again.
In the embodiments of the invention, be the workflow of the data safe storing equipment of communication interface with SD, as shown in Figure 3, mainly comprise the steps:
Step S310; During outside (such as user or keeper etc.) data safe storing equipment through the upper device access embodiment of the invention; Upper equipment is issued to SD controller 130 through the order format of standard SD agreement (like standard SD1.0 agreement or standard SD2.0 agreement or the like) regulation with access instruction, changes step S320.
Step S320, SD controller 130 judge whether this access instruction carries privately owned mark after receiving access instruction, do not carry privately owned mark if judge access instruction, explain that then access instruction is second type of instruction, change step S321; Carry privately owned mark if judge access instruction, explain that then access instruction is first kind instruction, changes step S330.
Step S321, SD controller 130 carries out data manipulation according to access instruction (being second type of instruction) to second data in second storage unit 122 of second memory 120, finishes.
Step S330; SD controller 130 sends to safety governor 140 through the standard communications protocol with access instruction (for first kind instruction); To be used for indicating the register set of administration authority simultaneously; Such as the value of global variable is changed into corresponding to second value that is controled by safety governor 140 (the aforementioned register first bit value is 1) by current first value (the aforementioned register first bit value is 0) that controls corresponding to SD controller 130; Realization is given safety governor 140 with administration authority, changes step S340.
Step S340; After the aforementioned register first bit value was 1, safety governor 140 obtained administration authority, resolves the access instruction of receiving; And whether exist file destination (as previously mentioned in first data of being stored according to first storage unit 121 of this access instruction inquiry first memory 110 and second memory 120; Safety governor is inquired about through the FAT table), existing then changes step S350, otherwise changes step S341.
Step S341, as a result the time, SD controller 130 returns to upper equipment with the non-existent result of file destination in upper equipment query file operation, and there is not file destination in upper equipment to domestic consumer or keeper's prompting, finishes.
Step S350; Safety governor 140 will be according to file destination in advance individualized good document control parameter (the File Control Information of stage definitions; FCP) check this access instruction whether to possess the operating right that this file destination is operated to being provided with of security permission in; If possess then change step S360, otherwise change step S351.
Step S351; In upper equipment query file operation as a result the time; SD controller 130 returns to upper equipment with the result that access instruction does not possess the operating right that this file destination is operated; Upper equipment points out access instruction not possess the operating right that this file destination is operated to domestic consumer or keeper, finishes.
Step S360; Safety governor 140 according to predefined file operation define the function definition of editor and close file (how to set up, delete and open) and this access instruction carry out corresponding file operation (such as encrypt, deciphering or verification or the like); And send the file operation result and give SD controller 130, change step S370.
Step S370; Behind all operations that safety governor 140 is accomplished this file destination; Accomplish to the operation of SD controller 130 circular documents; The aforementioned register that will be used for indicating administration authority simultaneously corresponding to second value that controls by safety governor 140 (the aforementioned register first bit value is 1) change into corresponding to first value that controls by SD controller 130 (the aforementioned register first bit value is 0) with the exchange of management authority, change step S380.
Step S380, after the aforementioned register first bit value was 0, SD controller 130 obtained administration authority, and the file operation result is sent to upper equipment, finishes.
Embodiments of the invention are through carrying out logical partitioning to amount of physical memory; Through the FAT table whole secure memory space is carried out unified management; Rights management mechanism realizes at device interior; Overcome that prior art realizes the not enough of rights management in mutual middleware and be the defective of rights management unit with the sector; Made things convenient for keeper that the authority of administering and maintaining is arranged to the administering and maintaining of first data, improved the level of security of authority, having expanded is the application and the scope of the data storage device of communication interface with SD.Through first data being carried out safe operations such as data encryption, deciphering and verification; Overcome prior art and adopted defective the disclosed stored in clear of user; Security logic is flexible and efficient; Make secure memory space have very high level of security, when effectively guaranteeing secure memory space, also guaranteed security the sightless secure memory space of domestic consumer.
It is apparent to those skilled in the art that each ingredient and each step among the above-mentioned embodiment provided by the present invention, can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the memory storage and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the embodiment that the present invention disclosed as above, the embodiment that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technician under any the present invention in the technical field; Under the prerequisite of spirit that does not break away from the present invention and disclosed and scope; Can do any modification and variation what implement in form and on the details; But scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. one kind is the data safe storing equipment of communication interface with SD, and it comprises first memory, second memory, SD controller and safety governor, and wherein, said second memory comprises first storage unit;
Said SD controller; Link to each other with said safety governor with said second memory; Be used for being connected, receive the access instruction that said upper equipment sends, when said access instruction is the first kind instruction of presetting with upper equipment; Said access instruction is sent to said safety governor, and the file operation result that said safety governor is sent sends to said upper equipment;
Said safety governor; Link to each other with said first memory and SD controller; Be used for after receiving said access instruction, in the said first memory and first storage unit, inquire corresponding file destination, when said access instruction possesses the operating right that said file destination is operated; According to said access instruction said file destination is carried out file operation, obtain said file operation result and send to said SD controller.
2. equipment according to claim 1, wherein:
Said safety governor is used to adopt file allocation table to manage the logic sector that the physical sector on said first memory and said first storage unit is mapped to;
Wherein, the said first memory and first storage unit are used to adopt document form to store first data; Said file destination belongs to said first data.
3. equipment according to claim 2, wherein:
Said first memory is used to store said file allocation table.
4. equipment according to claim 1, wherein:
Said first memory and said safety governor integrate.
5. equipment according to claim 1, wherein:
Said first memory is further used for storing the key file of said data safe storing equipment.
6. equipment according to claim 1, wherein:
Said second memory links to each other with said SD controller through the SD interface.
7. equipment according to claim 1, wherein:
Said SD controller is used for through judging whether said access instruction carries preset privately owned mark, judges whether said access instruction is said first kind instruction.
8. equipment according to claim 1, wherein:
Said second memory comprises second storage unit, and said second storage unit is used to store second data.
9. the method for work of data safe storing equipment as claimed in claim 1, it comprises:
Said SD controller receives the said access instruction that said upper equipment sends;
When said SD controller is the first kind instruction of presetting at said access instruction, said access instruction is sent to said safety governor;
Said safety governor inquires corresponding file destination according to said access instruction in the said first memory and first storage unit; When said access instruction possesses the operating right that said file destination is operated; According to said access instruction said file destination is carried out file operation, obtain the file operation result and send to said SD controller;
Said SD controller sends to said upper equipment with said file operation result.
10. method according to claim 9 wherein, when said SD controller is the instruction of the said first kind at said access instruction, sends to the step of said safety governor with said access instruction, comprising:
Whether said SD controller carries preset privately owned mark through judging in the said access instruction, judge whether said access instruction is said first kind instruction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101721070A CN102841861A (en) | 2011-06-24 | 2011-06-24 | Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101721070A CN102841861A (en) | 2011-06-24 | 2011-06-24 | Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102841861A true CN102841861A (en) | 2012-12-26 |
Family
ID=47369245
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011101721070A Pending CN102841861A (en) | 2011-06-24 | 2011-06-24 | Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102841861A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104503705A (en) * | 2014-12-22 | 2015-04-08 | 吴剀劼 | Trusted storage system constructed by flash memory devices and method for constructing trusted storage system by flash memory devices |
CN104766021A (en) * | 2014-01-04 | 2015-07-08 | 深圳富泰宏精密工业有限公司 | Authority control system and method |
CN105701424A (en) * | 2014-11-29 | 2016-06-22 | 华为技术有限公司 | Method for creating memory cell, and controller |
CN106960159A (en) * | 2017-05-09 | 2017-07-18 | 深圳市夏日晨光数码有限公司 | Burst disk and safe encryption method with safe encryption function |
CN111159788A (en) * | 2020-01-02 | 2020-05-15 | 天津飞腾信息技术有限公司 | Safety equipment area access method, device and medium based on MMCSD controller |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1395180A (en) * | 2001-07-09 | 2003-02-05 | 大买家科技股份有限公司 | File protection system using storage card and its method |
CN101470873A (en) * | 2007-12-25 | 2009-07-01 | 上海瀚银信息技术有限公司 | Method for implementing interaction with intelligent memory card in multi-file read-write mode |
CN101520854A (en) * | 2008-02-29 | 2009-09-02 | 凤凰微电子(中国)有限公司 | Smart memory card, data safety control system and method thereof |
CN102567230A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Smart card and method for safely managing same |
-
2011
- 2011-06-24 CN CN2011101721070A patent/CN102841861A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1395180A (en) * | 2001-07-09 | 2003-02-05 | 大买家科技股份有限公司 | File protection system using storage card and its method |
CN101470873A (en) * | 2007-12-25 | 2009-07-01 | 上海瀚银信息技术有限公司 | Method for implementing interaction with intelligent memory card in multi-file read-write mode |
CN101520854A (en) * | 2008-02-29 | 2009-09-02 | 凤凰微电子(中国)有限公司 | Smart memory card, data safety control system and method thereof |
CN102567230A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Smart card and method for safely managing same |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104766021A (en) * | 2014-01-04 | 2015-07-08 | 深圳富泰宏精密工业有限公司 | Authority control system and method |
CN105701424A (en) * | 2014-11-29 | 2016-06-22 | 华为技术有限公司 | Method for creating memory cell, and controller |
CN105701424B (en) * | 2014-11-29 | 2018-11-06 | 华为技术有限公司 | A kind of method and controller creating storage unit |
CN104503705A (en) * | 2014-12-22 | 2015-04-08 | 吴剀劼 | Trusted storage system constructed by flash memory devices and method for constructing trusted storage system by flash memory devices |
CN104503705B (en) * | 2014-12-22 | 2017-08-08 | 吴剀劼 | The method of trusted storage system and the trusted storage system of structure are built using flash memory device |
CN106960159A (en) * | 2017-05-09 | 2017-07-18 | 深圳市夏日晨光数码有限公司 | Burst disk and safe encryption method with safe encryption function |
CN111159788A (en) * | 2020-01-02 | 2020-05-15 | 天津飞腾信息技术有限公司 | Safety equipment area access method, device and medium based on MMCSD controller |
CN111159788B (en) * | 2020-01-02 | 2023-04-25 | 飞腾信息技术有限公司 | MMCSD controller-based security device region access method, device and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102026187B (en) | Subscriber identification module and transmission method and system based on subscriber identification module | |
US8789195B2 (en) | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor | |
US8789146B2 (en) | Dual interface device for access control and a method therefor | |
CN102088349B (en) | Personalized method and system of intelligent card | |
KR20070009740A (en) | Access method | |
CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
CN101894235B (en) | Smart card security session system | |
CN102841861A (en) | Data security storage device taking SD (Secure Digital Card) as communication interface and working method thereof | |
CN103903042B (en) | Data flow encryption SD card | |
CN104025544A (en) | Sensitive information leakage prevention system, sensitive information leakage prevention method, and computer-readable recording medium | |
CN101595488A (en) | Be used for content is tied to the method and apparatus of independent storage arrangement | |
CN103138932B (en) | The collocation method of a kind of Mifare card sector key and system | |
CN110121860A (en) | Data processing method, equipment and system based on block chain | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
CN101866411B (en) | Security certification and encryption method and system of multi-application noncontact-type CPU card | |
WO2021036511A1 (en) | Method for data encryption, storage and reading, terminal device, and storage medium | |
CN108199834A (en) | A kind of method and device of intelligent cipher key equipment work | |
CN101650700B (en) | Method and device for supporting multi-logical channel communication | |
CN103914642A (en) | USB (universal serial bus) KEY-based security suite structure system | |
US8234501B2 (en) | System and method of controlling access to a device | |
EP1854260B1 (en) | Access rights control in a device management system | |
KR20190040772A (en) | Apparatus for storing device data in internet of things environment and method for the same | |
CN101291345A (en) | Controlling method of storage resource access, IP storage system, memory apparatus and host | |
CN111526509B (en) | Card data processing method and device | |
CN103324970A (en) | Efficient and safe RFID (radio frequency identification device) receiving and transmitting method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C05 | Deemed withdrawal (patent law before 1993) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121226 |