CN1280737C - Safety authentication method for movable storage device and read and write identification device - Google Patents

Safety authentication method for movable storage device and read and write identification device Download PDF

Info

Publication number
CN1280737C
CN1280737C CN 02159484 CN02159484A CN1280737C CN 1280737 C CN1280737 C CN 1280737C CN 02159484 CN02159484 CN 02159484 CN 02159484 A CN02159484 A CN 02159484A CN 1280737 C CN1280737 C CN 1280737C
Authority
CN
China
Prior art keywords
storage device
device
security
reader
identification
Prior art date
Application number
CN 02159484
Other languages
Chinese (zh)
Other versions
CN1512360A (en
Inventor
施宣明
Original Assignee
台均科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台均科技(深圳)有限公司 filed Critical 台均科技(深圳)有限公司
Priority to CN 02159484 priority Critical patent/CN1280737C/en
Publication of CN1512360A publication Critical patent/CN1512360A/en
Application granted granted Critical
Publication of CN1280737C publication Critical patent/CN1280737C/en

Links

Abstract

一种移动存储设备与读写识别设备的安全认证方法,在移动存储设备设置一存储空间存放的唯一识别信息,并开设安全机制存储区和安全加密数据区;移动存储设备与读写识别设备具有结合的电气接口,两者分别设有相互匹配的安全认证算法,当存储设备配置在读写识别设备上时,读写识别设备识别存储设备,并进行鉴权认证,通过鉴权认证后,对存储设备的安全加密数据区施行相应的操作。 Security authentication method for a mobile storage device and the reader device identification, in the mobile storage device is provided unique identification information stored in a storage space, and defines security data storage area and a secure area encrypted; mobile storage device and the reader identification device having combined electrical interface, respectively, with both the security authentication algorithm match with each other, when a storage device is arranged on the identification device reader, the reader identification device identifying the storage device, and performs authentication through the authentication certification, secure encrypted data storage area corresponding operating device purposes. 本发明通过内建于移动存储及读写识别功能设备的安全机制,实现设备相互识别、身份验证、权限管理、数据安全,并提供针对该移动存储设备及读写识别功能设备的特定服务内容的机制。 The present invention is built in security by removable storage device and the reader recognition, to achieve mutual identification device, authentication, rights management, data security, and provide specific services for the mobile storage device and the reader device identification function mechanism.

Description

移动存储设备与读写识别设备的安全认证方法 Security authentication method of a mobile storage device and the reader of the identification device

技术领域 FIELD

本发明涉及一种移动存储设备以及该设备读写设备的认证机制,尤其是一种通过内建于移动存储及读写识别功能设备的安全机制,实现设备相互识别、身份验证、权限管理、数据安全,并提供针对该移动存储设备及读写识别功能设备的特定服务内容的机制。 The present invention relates to a mobile storage device and an authentication mechanism for the apparatus to read and write device, in particular a built-in moving through the storage device and the reader recognition security mechanisms, achieve mutual identification device, authentication, rights management, data security, and provide mechanisms for specific service content of the mobile storage device and the reader recognition device. 属于计算机技术领域。 It belongs to the field of computer technology.

背景技术 Background technique

随着消费电子产品的日益增多,尤其是便携的电子产品在人们日常生活中的使用日渐普及,比如:电子辞典,掌上电脑,PDA,MP3,录音笔,数码相机……这些产品的使用日趋简单,相关的服务内容也日渐增多。 With the increasing number of consumer electronics products, especially portable electronic products used in the daily life of the growing popularity, such as: electronic dictionaries, handheld computers, PDA, MP3, voice recorder, digital camera ...... these products become increasingly simple related services is also increasing. 而且几乎所用的便携式电子产品都有一些同样的特点:这些产品使用着不同存储方式(Compact Flash card,MMC,SD,Memory stick,内建的Nand Flash),虽然这些移动存储设备的类型多种多样,但是其中使用的基本存储单元相似,都采用的闪存介质。 And portable electronic products have almost used some of the same features: These products use different storage (Compact Flash card, MMC, SD, Memory stick, built-in Nand Flash), although these types of removable storage devices varied , but wherein the base used is similar to the memory cell, flash media are employed.

这些产品对存储设备的要求越来越高,不再限于对容量的要求越来越大,对于存储内容的安全性(版权保护,资料保密等功能)的要求也在不断的增强。 These products require more and more storage devices, no longer limited to the demand for more and more capacity, for the security of stored content (copyright protection, and information security and other functions) requirements are also constantly enhanced. 例如,版权管理,一直以来都是通过简单的密码控制等进行管理,而该方法通常又被不良排除,而没有更好地技术解决该问题。 For example, rights management, has always been managed through a simple password control, and the method has been generally poor excluded, without better technology to solve the problem.

现有技术的存储设备与不同功能的读写设备之间有的是通过不同的接口标准完成特定匹配;有的具有通用的标准接口;或者是与读写设备一体设置。 Between the storage device and read the prior art devices of different functions performed by some of the different interface standards of a particular match; others have a common standard interface; or integrally provided with the reader device. 由于作为通用的存储器件,越来越多的功能设备具有了结合存储设备扩展接口,或者功能读写设备也越来越多地将存储设备剥离出去,这些存储设备才能得到更为广泛地使用。 Since the general-purpose memory devices, an increasing number of devices having the function of storage expansion interface binding, or the device to read and write functions are increasingly peeled out storage device, these storage devices can be more widely used. 也就是存储设备日益通用化,为实现不同的功能而结合到不同的读写设备上,其接口为开放性的公共标准化。 I.e. increasing universal storage device, to achieve different functions bonded to different read-write device, which open public interface standardization. 例如,音频播放器都带有CF移动存储设备扩展口或U盘接口;便携式PDA不仅具有接U盘的USB接口,有的也具有各种记忆卡的插口等等。 For example, an audio player with CF are a removable storage device or expansion port U disk interface; then not only portable PDA U disk USB interface, and some have various memory card socket and the like.

基于上述产品结构形态和应用,往往人们“随身携带”的更多应该是移动存储设备,例如U盘,CF卡等,利用不同的读写及功能设备,实现越来越地在“离线”环境中的具体功能。 Based on the morphology of products and applications, it is often "carry" more should be removable storage devices, such as a U disk, CF card, and read and write functions using different equipment, and more and more in the "offline" Environment the specific functions.

针对这种情况,移动存储设备与读写及功能设备之间的认证识别、数据安全、权限管理、服务提供等内容的实现就十分迫切。 In view of this situation, to achieve certification to identify content between mobile storage devices read and write functions and equipment, data security, rights management, service provision, it is very urgent. 而现有技术中,这些管理仅仅是依靠了简单的密码管理模式,这样难以满足版权保护,或对于特定应用或服务供应的管理。 The prior art, these management just rely on a simple password management, so difficult to meet copyright protection or management for a particular application or service provision.

发明内容 SUMMARY

本发明主要目的是提供一种移动存储设备与读写识别设备的安全认证方法,具有接口通用性的,但具有唯一识别特征的移动存储设备与不同的读写识别功能设备结合,并能够相互识别、鉴权。 The main object of the present invention to provide a mobile storage device and the reader device identification security authentication method, an interface having general versatility, but the mobile storage device having a unique identification feature in conjunction with the read and write different recognition apparatus, recognize each other and can be , authentication.

本发明再一目的是提供一种移动存储设备与读写识别设备的安全认证方法,通过硬件和软件结合的方式实现识别和鉴权。 A further object of the present invention is to provide a mobile storage device and the reader device identification security authentication method, a combination of hardware and software to achieve the identification and authentication.

本发明又一目的是提供一种移动存储设备与读写识别设备的安全认证方法,它能够保证移动存储设备上存储的信息的安全性和有效性,实现版权保护,资料安全存取,资料设备间共享、权限管理、用户身份识别,用户服务类别的确认等工作。 A further object of the present invention to provide a mobile storage device and the reader device identification security authentication method, which can ensure the security and validity information stored on removable storage devices, copyright protection, data security access data device Room sharing, rights management, user identification, user confirmation service class work.

本发明通如下技术方案实现上述发明目的:一种移动存储设备与读写识别设备的安全认证方法,移动存储设备与读写识别设备之间设有相互匹配的电气接口,两者通过接口传递数据,读写识别设备上设置中央控制装置,用于读出存储设备上的数据以及将数据写入存储设备,中央控制装置接设功能处理装置;在移动存储设备设置一存储空间用于存放唯一的识别信息,并开设安全机制存储区和安全加密数据区;移动存储设备与读写识别设备具有结合的电气接口,两者分别设有相互匹配的安全认证算法,当存储设备配置在读写识别设备上时,读写识别设备识别存储设备,并进行鉴权认证,通过鉴权认证后,对存储设备的安全加密数据区施行相应的操作。 The present invention through the following technical solution to achieve the above object of the invention: secure authentication method in a mobile storage device and the reader identification device, is provided between the mobile storage device and the reader identification device matched electrical interface, data is transmitted through both interfaces , is provided on the central control means read the identification device, the data on the storage device for reading and writing data to the storage device, connected to the central control device function processing means is provided; in the mobile storage device provided with a storage space for storing a unique identification information, and the creation of security data storage area and a secure area encrypted; mobile storage device and the reader identification device having a combination of electrical interface, are provided both security authentication algorithm match with each other, when the storage device is configured to read and write in the identification device when the read and write device identification identifying the storage device, and performs authentication, the authentication by the authentication, the security of the encrypted data area of ​​the memory device corresponding to the operation performed. 而且,在本发明中存储设备与读写识别设备之间的鉴权认证是双向的,存储设备根据对读写识别设备的鉴权结果,开放相应的存储空间,供读写识别设备进行读出或写入操作;读写识别设备根据对存储设备的鉴权,为存储设备提供相应的服务。 Further, in the present invention, authentication and authorization between the identification device and read-write storage device is bi-directional, the storage device according to the authentication result of the identification reader device, open the respective storage space for the reader reading out the identification device or writing operation; read identification device according to the authentication of the storage device, providing the corresponding service to the storage device.

为保障安全性,读写识别设备设有IC芯片,用于至少存放唯一的识别信息或存放安全机制存储区的安全认证算法或密钥。 To protect the security, the identification device is provided with an IC chip reader, at least for storing unique identification information storage or security authentication algorithm or key security store. 同时,较好地,存储设备上设有IC芯片,用于至少存放唯一的识别信息或存放安全机制存储区的安全认证算法。 Meanwhile, preferably, the IC chip provided on a storage device for storing at least a unique identification information or storing security authentication security algorithm storage area.

进一步地,存储设备的安全加密数据区为一个或多个;其中至少一个安全加密数据区设置有私用安全加密数据区和公用安全加密数据区,其中私用安全加密数据区用于管理特定应用或服务的数据保密,公用安全加密数据区用于读写识别设备的资料共享和权限保护。 Further, the data security encryption device is a storage area or more; wherein at least one safe area provided with a data encryption security encryption private data area and a data area of ​​the common security encryption, wherein the private data area for managing secure encryption particular application or confidential data services, public security encryption for data sharing and data area read and write permissions identification equipment protection. 而安全机制存储区内存放有版本头信息,读写识别设备根据版本头信息验证存储设备是否具有安全算法;如果有,则进行启动安全认证处理,如果没有,则不启动安全认证处理。 And deposited with a storage area security version header information, reading and writing the version identification apparatus according to the header information storage device to verify whether the security algorithm; if so, start a secure authentication process is performed, if not, the security authentication process is not started.

存储设备安全机制存储区内存放有用户识别信息,读写识别设备根据用户识别信息识别存储设备使用者的合法性,以便激活存储设备。 Security mechanism storage memory area storing user identification information, validity of the user according to the read identification device identification information identifying the storage device of the user, in order to activate the storage device. 用户识别信息为用户激活移动存储设备密码。 The user activating the mobile user identification information storage device password.

存储设备安全机制存储区内存放有设备权限认证信息,读写识别设备内建有打开存储设备设备权限认证信息的超级密钥,读写识别设备根据设备权限认证信息确定读写识别设备对于存储设备的使用权限。 Storage security mechanism storage area to store equipment have permission authentication information, reading and writing recognition device built permission to open the storage device authentication information super key, identification equipment to read and write device to read and write permission authentication information to determine identification device according to the storage device usage rights. 具体地,设备权限认证信息包括认证文件版本、日期信息,用于标示认证文件的版本和日期;设备权限认证信息包括设备间公用安全加密数据区存取密钥,读写识别设备根据私用密钥表获得私用密钥,利用该密钥解密设备间公用安全加密数据区的数据;或设备权限认证信息包括设备间公用安全加密数据区存取权限,用于标示读写识别设备访问公用安全加密数据区的数据的权限;当读写识别设备的权限信息与该信息匹配时,读写识别设备可访问该存储设备。 Specifically, the device includes a certification authority certificate file version information, date information, the date and the version of the files marked authentication; certification authority information includes device identification device reader in accordance with the adhesion between the private security encryption device common data area access key, key table to obtain the private key, using the key data between the decryption device secure encrypted common data area; permission authentication information or device identification device comprises a marking reader device to access the public security among public safety access encrypted data area, for permissions data encryption data area; when read permission information matches the identification device and the information identifying the reader device can access the storage device. 再有,设备权限认证信息包括私用安全加密数据区存取权限,用于标示读写设备是否有权限访问私用安全加密数据区。 Further, the device information includes private authentication authority secure access to encrypted data area, whether the marking device has read and write access to a secure encrypted private data area.

另外,存储设备中的所有数据均以文件的形式存储,读写设备对存储设备的数据操作均以文件的形式进行。 Further, all of the data storage device are stored in the read and write device in the form of a data file on storage device file operations are carried out.

在本发明中,存储设备中的加密信息为特定服务提供方接入程序或密码或版权保护信息。 In the present invention, the encryption information storage device provider access procedure or password information, or copyright protection for a particular service.

读写识别设备内设置有特定应用或服务的私用密钥表。 It is provided with a particular application or service of the private key table identification device reader. 特定服务应用或服务为具有相应权限的应用程序,它至少包括私用密钥标示,该应用所用的私用密钥标示,通过私用密钥表调出;可用空间名称;可用空间大小。 Particular service application or service application with the appropriate permissions, which comprises at least a designated private key, the private key used by the application indicated, by adjusting the private key table; available space name; available space.

因此,当读写识别设备应用程序访问读取存储设备公用安全加密数据区中的数据时,读写识别设备内建超级密钥,解密存储设备安全机制存储区内的存放的设备权限文件;读写识别设备读取该文件,确认读写识别设备对公用安全加密数据区是否有访问权,如果无,则停止;如果有,则获得存储设备权限认证文件中保存的公用安全加密数据区存取密钥,使用该密钥在公用安全加密数据区完成数据操作。 Thus, when the data in the common data area of ​​the encrypted security identification device reader reads applications to access the storage device, the identification device reader built super key, stored in security mechanism storage device decrypting device access to the file storage area; read handwriting recognition device to read the file, make sure the reader to identify whether the device has access to the public security encryption data area, if not, then stop; if so, get stored in the memory device certification authority public security file access encrypted data area key, the key used for data encryption security operations in the common data area.

当读写识别设备应用程序访问存储设备的私用安全加密数据区时,读写识别设备取得内建的超级密钥,解密移动存储设备安全机制存储区存放的设备权认证文件;读写识别设备读取设备权认证文件,确认该读写识别设备对私用安全加密数据区是否有访问权限;如无相应权限,停止;如有权限,则检验应用程序是否具有应用认证证书;如无,停止;如有,则对该证书进行认证;如不是合法证书,停止;如是合法证书,根据证书内容在读写识别设备的私用密钥表中取得相应密钥;根据证书内容获取应用程序可访问的数据段;使用该密钥在私用安全加密数据区完成数据操作。 When the read identification device applications to access the storage device security encryption private data area, read the identification device to obtain built super key, the decryption device authentication right file mobile storage device stored in security mechanism storage area; read identification device right authentication file reading apparatus, the interrogator to confirm whether there is identification device private secure access to encrypted data area; if no appropriate permissions stop; if rights, it is checked whether the application having an application certificate; if no, stopping ; if so, the certificates for authentication; if not valid certificate stopped; the case of legitimate certificate, to obtain the corresponding private key in the key table reads the identification device in accordance with the contents of the certificate; acquisition application can access the content based on the certificate data segment; data using the key operation is completed in secure encrypted private data area.

对于没有安全认证机制的存储设备,可通过读写识别设备进行建立。 For storage devices no security authentication mechanism, can be established through identification device reader. 当读写识别设备确认存储设备内没有建立安全认证机制时,先在该存储设备中写入安全认证版本头信息,用户输入激活密码或从机制提供方获取权限认证证书数据,使用超级密钥加密后,存储在存储设备的特定区域,根据用户选择或默认值进行格式化公用加密数据区、私用加密数据区和通用数据区,完成制造存储设备安全认证机制的过程。 When the authentication mechanism is not established security identification device reader to storage devices, to write authentication security version header information in the storage device, the user enters a password to activate or providers obtain data from the certificate authority mechanisms, use the super key encryption after stored in the specific area of ​​the storage device, a public encryption format data area according to user selection or default private encryption general data area and a data area, a process of manufacturing the storage device security authentication mechanism is completed.

其中读写识别设备为不同键盘、MP3、PDA、电子词典、数字电话、数码相机、录音笔。 Which identifies the device to read and write for different keyboards, MP3, PDA, electronic dictionaries, digital phone, digital camera, voice recorder.

根据上述技术方案分析可知,本发明具有如下明显优点:利用移动存储设备及读写识别功能设备具有内建的安全机制,用于保证移动存储设备上存储的信息的安全性和有效性,解决诸如:版权保护,资料安全存取,资料设备间共享、权限管理、用户身份识别,用户服务类别的确认等工作。 The analysis found that the above technical solution, the present invention has the following distinct advantages: the use of removable storage devices and read-write apparatus having a recognition function built-in security mechanism to ensure the safety and effectiveness of information stored on a removable storage device, such as a solution : copyright protection, data security access, sharing data between devices, rights management, user identification, user confirmation service class work.

在移动存储设备上带有特定的设备权限认证文件和受保护的资料内容,同时在移动存储设备的读写识别功能设备上带有相应的资料内容识别算法,按照约定的机制,读写识别功能设备根据设备权限认证文件进行权限认证,确定具有权限才可以通过信息识别算法正确识别移动存储设备上受保护的资料内容,才可以根据所识别的资料内容提供相应的服务。 Certification authority with a specific device and data files of protected content on a removable memory device, while the contents of the information with corresponding recognition algorithm on the read-write device recognition mobile storage device, in accordance with the agreed mechanism, reading and writing recognition equipment certification authority certification authority device according to the file, determined to have privileges to correctly identify the protected content data on removable storage devices through the information recognition algorithm, we can provide the appropriate service depending on the data identified.

同一个移动存储设备可以被不同的读写识别功能设备读写,不同的读写识别功能设备可以通过信息识别算法获得对该读写识别功能设备有效的资料内容,同时提供相应的服务。 With a mobile storage device may be different read recognition device to read and write, read and write different functions of the device can be obtained by identification information identifying the content material effective algorithm for the reader recognition apparatus, along with the appropriate service. 而一个不具备权限或信息识别算法的普通读写识别功能设备不可以正确识别移动存储设备上受保护的资料内容。 And that does not have the authority or the common recognition algorithm to read and write information recognition device can not correctly identify the data protected content on removable storage devices.

特定的应用或服务(具有相应权限的应用程序)可以通过读写识别功能设备访问移动存储设备上受保护的资料内容。 A particular service or application (application program having appropriate permissions) can access the protected content on the data storage device by reading and writing the mobile recognition device.

附图说明 BRIEF DESCRIPTION

图1为本发明移动存储设备与读写识别设备的系统结构示意图;图2为本发明移动存储设备与读写识别设备的安全认证内建机制框图;图3为本发明一种在存储设备上资料安全存取结构流程示意图;图4为本发明存储设备与读写识别设备的IC相互认证流程图;图5为本发明应用访问存储设备的公用安全加密数据区的流程图;图6为本发明应用访问存储设备的私用安全加密数据区的流程图;图7为本发明读写识别设备在存储设备创建机制的流程图。 FIG 1 is a schematic system configuration of a mobile storage device and the reader of the identification device of the present invention; security authentication block diagram of removable storage devices with built-in mechanism to read and write the identification device of the present invention in FIG. 2; FIG. 3 of the present invention on a storage device A schematic flow diagram of data security access structure; mutual authentication with the storage device 4 is a flowchart of read identification device of the present invention FIG IC; flowchart applications to access the storage device common secure encrypted data area in FIG. 5 of the present invention; FIG. 6 is application of a flowchart of the storage device to access the private data area encrypted security; identification device reader to the flow chart created in a storage device of the present invention mechanism.

具体实施方式 Detailed ways

下面结合附图和具体实施方案对本发明做进一步地详细描述。 The present invention will be described in further detail in conjunction with the accompanying drawings and specific embodiments.

如图1、2所示,移动存储设备上带有特定的用户识别信息,将移动存储设备的特定读取设备称为读写识别功能设备。 1 and 2, with a specific user identification information on the mobile storage device, a specific reading device to read and write removable storage device called recognition device. 移动存储设备具有存储和认证功能;读写识别功能设备能够读写该移动存储设备,并实现一定的特定功能,例如音频播放、拍照等。 The mobile storage device having a memory and an authentication function; reader device to read the identification features of the mobile storage device, and to achieve certain specific functions, such as audio playback, pictures and the like. 各图中的Flash broad为存储设备;Flash broad Reader为读写识别设备。 Flash broad in the drawings as a storage device; Flash broad Reader to read the identification device.

进一步地,读写识别设备结构和特点如下:读写识别设备具体表现为不同的电子产品,可以是:键盘读写识别、MP3读写识别、PDA读写识别、STB读写识别、硬盘读写识别(如图6)、Smart PDA读写识别、电子词典、数字电话、数码相机,录音笔……等等。 Further, the identification device reader and structural characteristics are as follows: read identification device embodied as different electronic products, may be: a keyboard identification reader, MP3 identification reader, PDA read identification, read identifying the STB, a hard disk read and write recognition (Figure 6), Smart PDA reader identification, electronic dictionaries, digital phone, digital camera, voice recorder ...... and so on. 读写识别设备具有自身的标志信息:1、唯一的设备ID号,每一个读写识别设备具有唯一的设备ID号。 Read identification device has its own flag information: 1, the unique device ID number, a reader identifying each device has a unique device ID.

2、设备类型的标示,读写识别设备包括Mp3,PDA、电子词典,数码相机,录音笔等类型,每一种类型又细分成为不同的型号、不同的厂商,相同型号、相同厂商的读写识别设备为同一类别。 2, device type marking, reading and writing identification devices include Mp3, PDA, electronic dictionaries, digital cameras, voice recorder and other types, each type is further subdivided into different models, different manufacturers, the same model, read the same vendor handwriting recognition device for the same category.

再有,读写识别设备中建有用于打开移动存储设备中设备权限认证文件的超级密钥,用于解密移动存储设备中的设备权限认证文件;读写识别设备中建有加、解密私用信息的密钥表,用于加、解密移动存储设备的安全加密区存储的私用安全加密数据区的信息;读写识别设备具有可以完成加解密、完成设备权限认证信息的认证的功能模块可以解读移动存储设备的安全机制存储区存放的设备权限认证信息,并且认证该读写识别设备对该移动存储设备的使用权限。 Further, the identification device reader built in the apparatus for opening the super key certification authority file mobile storage device, for decrypting apparatus authority of the mobile storage device authentication file; recognition apparatus has read the encryption and decryption private key table information for adding, private security information to decrypt the encrypted data area storing encrypted secure storage area of ​​the mobile device; read identification device can be completed with encryption and decryption, authentication information, authority to complete the device authentication functional modules may Reading device permissions security authentication information storage area of ​​the mobile device stored in the storage, and authenticating the reader recognition apparatus use authority of the mobile storage device. 读写识别设备可利用软件或者硬件独立或者结合的方式,对于移动存储设备上的信息进行加密解密工作。 Identification reader device may utilize separate hardware or software or a combination of, for information on a removable storage device encryption and decryption work. 这样的加密解密、权限认证算法可以是符合条件的任何算法(例如:DES、RSA、PKI机制)。 Such encryption and decryption, permissions, authentication algorithm may be eligible for any algorithm (for example: DES, RSA, PKI mechanism).

读写识别设备根据相应权限可以解读移动存储设备内存放的加密信息,并进行相应处理。 Identification device reader can interpret the encrypted information and storing the mobile storage device according to the appropriate permissions, and treated accordingly. 比如:MP3类型读写识别设备在读取移动存储设备时,可以读出如下信息:唯一标示、拥有版权保护的歌曲、某些特定的网络服务供应商的接入用户名和密码。 For example: MP3 reader to identify the type of the machine is reading mobile storage device, it can be read the following information: a unique mark, copyright-protected songs, certain Internet service providers access user name and password. 根据解密后的信息类型,提供相应的服务:如果是唯一标示,可以利用这些标示作为用户下载相关付费服务的账号;如果是拥有版权保护的歌曲,可以将歌曲读取进行播放;如果是特定网络服务供应商的接入用户名和密码,在用户介入到网络时,可以自动作为身份验证卡,提供个用户特定的服务。 According to the type of information decrypted, provide the necessary services: If it is the only label, you can use these markers paid download services as a user account; if it is copyright-protected songs, you can read a song to play; if a particular network service providers access user name and password when the user involved in the network, as the authentication card can automatically provide a user-specific services.

另一方面,移动存储设备结构和特点如下:1、移动存储设备内建有安全机制存储区和一个或多个安全加密数据区。 On the other hand, the mobile storage devices and structural characteristics are as follows: 1, the mobile storage device built security storage area and one or more secure encryption data area.

2、移动存储设备的安全机制存储区存放了版本头信息、用户识别信息和设备权限认证信息。 2, store security mobile storage devices to store a version header information, user identification information and device authentication information rights.

3、版本头信息包含该移动存储设备中安全机制的基本信息,是用于验证该移动存储设备是否具有安全机制的标志之一;4、用户识别信息用于识别该移动存储设备使用者的合法性,可以是一个用户激活移动存储设备密码;5、设备权限认证文件用于认证读写识别设备对该移动存储设备的使用权限,设备权限认证信息是一段加密的数据,所有的读写识别设备都可以利用超级密钥解读这一段数据,并通过认证确定读写识别设备对该移动存储设备的使用权限。 3, the version information header contains basic information of the mobile storage device security mechanisms, one for verifying whether the removable storage device security flag; 4, user identification information for identifying a legitimate user of the mobile storage device resistance, a user may activate removable storage device password; 5, permission authentication device for authenticating the document identification device to the reader using the authority of the mobile storage device, the device authentication authority information which are encrypted data, to read and write all the identification device You can use a super key data interpretation of this period, and determine usage rights to read and write the identification device to the mobile storage device by the authentication.

具体地,设备权认证文件包含如下内容:1、认证文件版本、日期:标示该认证文件版本、日期;2、设备间公用安全加密数据区存取密钥:用于解密设备间公用安全加密数据区的数据;3、设备间公用安全加密数据区存取权限:标示每一类别(相同型号和厂商的读写识别设备为同一类别)的读写识别设备是否有权访问公用安全加密数据区;4、私用安全加密数据区存取权限:标示每一类别的读写识别设备是否有权访问私用安全加密数据区。 In particular, the device authentication file contains the following weights: 1, the authentication file version, date: marking the authentication file version, date; 2, inter-device secure encrypted common data area access key: public security for inter-encrypted data decrypting apparatus data area; 3, encrypted data between devices secure public access area: Indicates whether each category (the same model and manufacturer of equipment for the reader to identify the same category) reading and writing recognition devices have access to the common security encryption data area; 4, access to a private data area encrypted by security: marking each class identification device reader is authorized to access secure encrypted private data area.

在移动存储设备的安全加密数据区存储的信息都是经过加密的资料,这些信息只有具有相应权限的读写识别设备才可以解密并正确读取。 Identification equipment to read and write encrypted data in the information security area removable storage devices are stored encrypted data, the information only with the appropriate permissions can decrypt and read correctly. 安全加密数据区又分为私用安全加密数据区和公用安全加密数据区,其中:1、私用安全加密数据区的特点:容量小,安全系数高。 Secure encryption data area is divided into private and public area security encryption data security encryption data area, wherein: 1, security encryption features private data area: small capacity, high safety factor. 经私用密钥表中加密的数据存放在私用安全加密数据区,用于特定应用或服务的数据保密的实现。 By the private key of the table data stored in the encrypted secure encrypted private data area, data for a specific application, or privacy service implementation.

2、设备间公用安全加密数据区的特点:容量大,安全系数低于私用安全加密数据区,其中的数据内容可读,(在移动存储设备带有IC时可限定其中的数据内容不可复制)。 2, the data security encryption features common area between devices: capacity, safety factor below the private security encryption data area, wherein the data content readable (when the mobile storage device having an IC may be defined as the data content can not be copied ). 可用于读写识别设备之间的资料共享和版权保护的实现。 It is used to implement data sharing and copyright protection between the reader identification device.

移动存储设备内的安全加密数据区可以是全部区域,也可以是特定的部分区域,如果是全部区域,则:所有信息都必须被解密后才可以读取,都在受保护的范围之内;如果是部分区域,则除了安全加密数据区,还有普通的数据区域。 The encrypted data within a secure area of ​​the mobile storage device may be the entire area or may be part of a specific region, if the entire area, then: all information must be decrypted after being read, are within the scope of the subject; If a partial region, security of the encrypted data area, and in addition to ordinary data region.

移动存储设备可以带有一颗IC来保护其安全机制和安全加密数据区不被非读写识别设备的其它读取设备破坏。 The mobile storage device may be provided with a safety mechanism to protect its IC and secure encrypted data read region is not damaged non-recognition device other reading device. 如果移动存储设备不带IC,同样可以保证移动存储设备上存储的信息的安全性和有效性,非读写识别设备的其它读取设备无法正确读写移动存储设备上受保护的资料内容,但有可能破坏这些资料内容。 If the mobile storage device without the IC, can also ensure the safety and effectiveness of non-recognition equipment to read and write other reading device information stored on a removable storage device can not read and write data protected content on removable storage devices correctly, but it is possible to destroy these data content.

移动存储设备具有文件管理系统:1、移动存储设备中所有的数据都以文件的形式进行存储;2、读写识别设备对移动存储设备的数据操作也都以文件的形式进行;3、文件格式相同;移动存储设备上的加密信息可以是特性服务商的接入程序或者密码,也可以是受版权保护的信息……如果没有这些加密的特定信息,将不成为移动存储设备,同时非移动存储设备如果满足基本要求,可以通过特定设备被设定成移动存储设备。 The mobile storage device having a file management system: 1, the mobile storage device all data are stored in the form of a file; 2, read and write operations on the mobile device data identifying the storage device also be in the form of file; 3, the file format same; encrypted information on a removable storage device may be a characteristic of the service provider access procedure or the password, the information may be copyrighted ...... without these specific encryption information, will not be removable storage devices, while the non-removable storage If the apparatus meet the basic requirements, a particular device can be set to a mobile storage device.

而本发明所涉及的特定的应用或服务,多指具有相应权限的应用程序。 And a specific application or service according to the present invention, a multi-application means with the appropriate permissions. 这些应用认证文件至少包括以下内容:1、私用密钥ID:该应用所用的私用密钥ID,通过私用密钥表可查得私用密钥;2、可用空间名称:该应用可用空间名称(访问文件名);3、可用空间大小:该应用可用空间大小;综上所述,在具体的实现过程中,会有如下几种情况: The application authentication files include at least the following: 1, private key ID: the application ID with the private key, the private key by look up table may be a private key; 2, available space Title: Application of the available space name (filename access); 3, the available space: the space available to the application; in summary, the specific implementation process, there will be the following situations:

实施例一:移动存储设备读写识别的IC和移动存储设备的IC相互认证(认证包括各种可能的认证方式,例如:设备间认证、在线认证),发现对方带有机制此时将移动存储设备读写识别的IC设为主导的IC;如图4所示。 Example a: IC reader identifying the mobile storage devices, and removable storage devices IC mutual authentication (authentication including all possible authentication methods, for example: inter-device authentication, online authentication), this time to find each other with a removable storage mechanism an IC device to read the identification of the dominant IC; shown in FIG.

当有应用程序要访问移动存储设备的公用安全加密数据区时,移动存储设备读写识别的IC完成如下步骤,如图5所示:读写识别设备取得内建的超级密钥,解密移动存储设备安全机制存储区存放的设备权限认证文件;读写识别设备读取设备权限认证文件,确认该读写识别设备对公用安全加密数据区是否有访问权限。 When the common data area with a secure encryption application to access the removable storage devices, mobile storage devices read and write to complete the step of identifying the IC, shown in Figure 5: the reader to obtain identification device built super key, decrypting removable storage security equipment storage area storage device certification authority file; a reading device to read and write permissions identification devices certified document confirming the read-write device identifies whether there is public access to encrypted data safe area. 如无相应权限,停止。 If there is no appropriate permissions, stop.

如该读写识别设备对安全加密数据区有访问权限,则获得设备权限认证文件中保存的公用安全加密数据区存取密钥。 As the identification device has read access to the data security encryption area, the storage device to get the certification authority public secure encrypted file data area access key.

使用公用安全加密数据区存取密钥在公用安全加密数据区完成数据操作。 Secure encryption using public key data area access operation for data in the common data area encrypted security.

当有应用程序要访问移动存储设备的私用安全加密数据区时,移动存储设备读写识别的IC完成如下步骤,如图6所示:读写识别设备取得内建的超级密钥,解密移动存储设备安全机制存储区存放的设备权认证文件;读写识别设备读取设备权认证文件,确认该读写识别设备对私用安全加密数据区是否有访问权限。 When the private data area with a secure encryption application to access the removable storage devices, mobile storage devices read and write to complete the step of identifying the IC, shown in Figure 6: the reader to obtain identification device built super key, decrypting the mobile storage security mechanism storage area to store the right equipment certification documents; the right to read and write identification device reads the device certification documents confirming that the reader identify whether the device has access to private data secure, encrypted area. 如无相应权限,停止。 If there is no appropriate permissions, stop.

如该读写识别设备对私用安全加密数据区有访问权限,则检验应用程序是否具有应用认证证书。 As the reader identify the device has access to the private data encryption security zone, it is checked whether the application has an application certificate. 如无,停止。 If no, stop.

如应用程序具有应用认证证书,对该证书进行认证。 As an application with the application certificate, the certificate for authentication. 如不是合法证书,停止。 If it is not lawful certificate, stop. (认证包括各种可能的认证方式,例如:)如是合法证书,根据证书内容在读写识别设备的私用密钥表中取得相应密钥。 (Including all possible authentication authentication, e.g. :) legitimate certificate case, to obtain the corresponding private key in the key table reads the identification device in accordance with the content of the certificate.

根据证书内容获取应用程序可访问的数据段。 Certificates content acquisition application can access data segment based.

使用该密钥在私用安全加密数据区完成数据操作。 Using the key data operation is completed secure encrypted private data area.

实施例二:移动存储设备读写识别读取移动存储设备安全机制存储区存放的版本头信息,判定移动存储设备是符合安全机制的。 Example II: a removable storage device reads the version identification read header information of the mobile storage device stored in security mechanism storage area, the storage device determines whether the mobile is in line with the security mechanism.

实施例三:移动存储设备读写识别读取移动存储设备安全机制存储区存放版本头信息的位置,判定移动存储设备不符合安全机制。 Third Embodiment: a removable storage device reads the identification reader removable storage device security mechanism storage area storing header information of the version of the location, the mobile storage device is determined not compliant mechanism.

移动存储设备读写识别的IC完成如下步骤:创建机制(相当于造卡),调用造卡程序,将版本头信息、用户识别信息和设备权限认证信息写入移动存储设备,如图7所示。 The mobile storage device identification IC reader complete the following steps: creation mechanism (corresponding to card-made), calls made card program, a version header information, user identification information and apparatus authentication information write permissions mobile storage device, shown in Figure 7 .

此时移动存储设备已符合安全机制,其它同实施例一。 At this time, the mobile storage device has been compliance with safety mechanisms, other embodiments of a same.

移动存储设备读写识别不符合安全机制,必须安装软件包(靠软件来实现所有机制,需要在线获取认证,验证软件和硬件的是否为正版)。 Removable storage devices read and write identification does not meet the safety mechanism, you must install software packages (by software to implement all mechanisms need to get online certification, verification software and hardware is genuine).

移动存储设备的IC发现移动存储设备读写识别不符合安全机制。 IC removable storage devices discovering mobile storage device does not meet the security identification reader. 此时移动存储设备的IC验证移动存储设备读写识别及其所安装的软件包是否为正版。 At this time, authentication IC removable storage devices and mobile storage device identification reader installed software package is genuine. 如不是,停止。 If not, stop.

如移动存储设备读写识别及其所安装的软件包是正版,当有应用程序要访问移动存储设备的公用安全加密数据区时,软件包中的相关软件完成如下步骤:1、根据软件包的设定,取得内建的超级密钥,解密移动存储设备安全机制存储区存放的设备权认证文件;2、读取设备权认证文件,确认该读写识别设备对公用安全加密数据区是否有访问权限。 The mobile storage device and identification reader installed package is genuine, when the common data area with a secure encryption application to access the mobile storage device, the software package to complete the following steps: 1, according to the package setting, to obtain built super key, the decryption device authentication right file mobile storage device stored in security mechanism storage region; 2, right authentication file reading apparatus, the interrogator to confirm whether a device identification secure access to encrypted data common area authority. 如无相应权限,停止。 If there is no appropriate permissions, stop.

3、如该读写识别设备对安全加密数据区有访问权限,则获得设备权认证文件中保存的公用安全加密数据区存取密钥。 3, if the read identification device has access to secure data encrypted area, is obtained right authentication device stored in the common secure file access key encrypted data area.

4、使用公用安全加密数据区存取密钥在公用安全加密数据区完成数据操作。 4, the use of the common data area access key encrypted secure data operation is completed in the common security encryption data area.

当有应用程序要访问移动存储设备的私用安全加密数据区时,软件包中的相关软件完成如下步骤:1、取得内建的超级密钥,解密移动存储设备安全机制存储区存放的设备权认证文件;2、读取设备权认证文件,确认该读写识别设备对私用安全加密数据区是否有访问权限。 When private security encrypted data area have applications to access removable storage devices, related software package complete the following steps: 1, to obtain built-in super-key, decryption device right mobile storage device security mechanism storage area storage certification documents; 2, right authentication file reading apparatus, the interrogator to confirm whether there is identification device private secure access to encrypted data area. 如无相应权限,停止。 If there is no appropriate permissions, stop.

3、如该读写识别设备对私用安全加密数据区有访问权限,则检验应用程序是否具有应用认证证书。 3, if the read identification device has access to the private security encryption data area, it is checked whether the application has an application certificate. 如无,停止。 If no, stop.

4、如应用程序具有应用认证证书,对该证书进行认证。 4. The application having certificates, the certificates for authentication. 如不是合法证书,停止。 If it is not lawful certificate, stop. (认证包括各种可能的认证方式,例如:)5、如是合法证书,根据证书内容在读写识别设备的私用密钥表中取得相应密钥。 (Including all possible authentication authentication methods, for example:) 5, the case of the legitimate certificate, to obtain the corresponding private key in the key table reads the identification device in accordance with the content of the certificate.

6、根据证书内容获取应用程序可访问的数据段。 6, to obtain data segments based applications can access the contents of the certificate.

7、使用该密钥在私用安全加密数据区完成数据操作。 7, using the key data operation is completed in secure encrypted private data area.

资料安全存取实施例,如图3所示:有读写识别设备设备A。 Information security access embodiment, as shown in FIG. 3: YES identification device reader unit A. 针对设备A的应用程序的需求,可将资料加密后安全存入移动存储设备的安全加密数据区(私用安全加密数据区或设备间公用安全加密数据区);也可将加密资料解密后安全读出。 Needs of the application for device A, the encrypted security information can be stored in secure encrypted data storage area of ​​the mobile device (a private data area or between security encryption security encryption device common data area); also after decrypting the encrypted security information can be read out.

具体步骤:1、用户激活移动存储设备;2、设备A的IC检查版本头信息,判定移动存储设备是符合安全机制的;3、设备A的IC取得内建的超级密钥,解密移动存储设备的设备权认证文件确认设备A对安全加密数据区的访问权限; Specific steps: 1 the user activates a mobile storage device; 2, an IC device A checks the version information header, it is determined in line with the mobile storage device is a security mechanism;. 3, the built-in IC device A acquired super key, decrypting the mobile storage device equipment certification documents confirming the right to access to device a secure, encrypted data area;

4、若对设备间公用安全加密数据区有访问权限,可将资料用IC中的通用共用密钥加密存入公用安全加密数据区,只有读写识别设备才能访问这些资料;5、若对私用安全加密数据区有访问权限,可将资料用经IC解密应用认证证书得到的私钥加密即可存入私用安全加密数据区;6、将公用安全加密数据区中资料用IC中的通用共用密钥解密即可读出;7、将私用安全加密数据区中资料经IC解密应用认证证书得到的私钥解密即可读出。 4, if there is access to the public security encryption device between the data area, data may be stored in a general-purpose IC in an encrypted common key common security encryption data area, the identification device can only read and write access to these data; 5, if the private have access to the encrypted data with a secure area, data can be encrypted with a private key to decrypt the certificate application by the IC to get into secure encrypted private data area; 6, the public security encrypted data in the data area of ​​a general-purpose IC decrypting the common key can be read out; 7, the private private key to decrypt the encrypted security information in the data area by the application IC decrypted certificate obtained can read.

最后所应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明技术方案的精神和范围,其均应涵盖在本发明的权利要求范围当中。 Finally, it should be noted that the above embodiments are intended to illustrate and not limit the present invention, although the present invention has been described in detail with reference to preferred embodiments, those of ordinary skill in the art should be understood that the techniques of the present invention program modifications or equivalent replacements without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the present invention as claimed in which the required range.

Claims (20)

1.一种移动存储设备与读写识别设备的安全认证方法,移动存储设备与读写识别设备之间设有相互匹配的电气接口,两者通过接口传递数据,读写识别设备上设置中央控制装置,用于读出存储设备上的数据以及将数据写入存储设备上,中央控制装置接设功能处理装置;其特征在于:在移动存储设备设置一存储空间,用于存放唯一的识别信息,并开设安全机制存储区和一个或多个安全加密数据区;移动存储设备与读写识别设备具有结合的电气接口,两者分别设有相互匹配的安全认证算法,当移动存储设备配置在读写识别设备上时,读写识别设备识别移动存储设备,并进行双向鉴权认证,移动存储设备根据对读写识别设备的鉴权结果,开放相应的存储空间,供读写识别设备进行读出或写入操作;读写识别设备根据对移动存储设备的鉴权,为移动存储设 A mobile security authentication method storage device and the reader of the identification device, provided with mutually matching electrical interface between the mobile storage device and the reader identification device, both the data transmitted through the interface, the reader is provided on a central control device identification means for reading data on the storage device and write data to the storage device, connected to the central control device function processing means is provided; characterized in that: the mobile storage device provided with a storage space for storing unique identification information, and defines security storage area and one or more secure encrypted data area; mobile storage device and the reader having electrical interface identification device combining both with each other are provided with matching security authentication algorithm, when the mobile device is stored in the read-write configuration when the identification device, the identification device reader identifying the mobile storage device, mutual authentication and authentication according to the authentication result of the mobile storage device to read the identification device, open the respective storage space for reading and writing or reading out identification device a write operation; read identification device according to the authentication of the mobile storage devices, mobile storage device 提供相应的服务。 Provide the necessary services.
2.根据权利要求1所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备上的安全机制包括认证算法或识别信息或超级密钥。 The security authentication method according to a mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the security identification device comprises a reader identification information or authentication algorithm or super key.
3.根据权利要求1所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备上的安全机制包括数据存储版本头信息和/或认证文件存储区和/或用户输入的激活密码。 The security authentication method according to a mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the security mechanism on a removable storage device includes a data storage header version information and / or authentication file storage area and / or user enter the activation password.
4.根据权利要求3所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:认证文件存储区包括认证文件的版本和日期、决定设备类别的公用区存取权限、公用区存取密钥、私用区存取权限。 The security authentication method according to the mobile storage device 3 and the reader recognition apparatus as claimed in claim, wherein: the authentication file storage area includes a file version and date of authentication, the decision device categories common area access, common area access keys, access to the private area.
5.根据权利要求2所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:当移动存储设备接入读写识别设备时,超级密钥用于解密移动存储设备上的安全加密数据区的数据。 The security authentication method according to the second mobile storage device and the reader recognition apparatus as claimed in claim, wherein: when the mobile storage device to read and write access to the identification device, for secure super key decryption on the mobile storage device encrypt the data area.
6.根据权利要求5所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备上的安全加密数据区包括公用安全加密数据区和/或私用安全加密数据区;其中私用安全加密数据区用于管理特定应用或服务的数据保密,公用安全加密数据区用于读写识别设备的资料共享和权限保护。 The security authentication method as the mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the encrypted security data area on the removable storage device comprises a secure encrypted common data area and / or a private security encryption data area ; wherein the data security encryption private data area is used to manage a particular application or service secrecy, public security encryption for data sharing and data area read and write permissions identification equipment protection.
7.根据权利要求6所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备利用超级密钥,解密移动存储设备安全机制存储区内的存放的设备权限文件;读写识别设备读取该文件,确认读写识别设备对公用安全加密数据区是否有访问权,如果无,则停止;如果有,则获得移动存储设备权限认证文件中保存的公用安全加密数据区存取密钥,使用该密钥在公用安全加密数据区完成数据操作。 The security authentication method according to the mobile storage device 6 and the reader recognition apparatus as claimed in claim, wherein: the identification device reader using a super key, the decryption device permissions files stored in the removable storage device security mechanism storage area ; identifying device to read the file read and write, read and write identification device to confirm whether there is public access to the encrypted data safe area, if not, then stop; if so, obtain public security encrypted data stored in the removable storage device certification authority file area access key, using the key data to complete the operation in the common security encryption data area.
8.根据权利要求7所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备安全机制存储区内存放有版本头信息,读写识别设备根据版本头信息验证移动存储设备是否具有安全算法;如果有,则进行启动安全认证处理,如果没有,则不启动安全认证处理。 8. The security authentication method according to the mobile storage device 7 and the reader of the identification device according to claim, wherein: the removable storage device storing security information storage area has a head version, the identification device verification reader head according to the version information of the mobile storage device has security algorithm; if so, to boot security authentication process, if not, the security verification process is not started.
9.根据权利要求6或7所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备具有私用密钥表,根据该私用密钥表中的私用密钥ID和私用密钥,打开移动存储设备的私用安全加密数据区。 9. The security authentication method of claim 6 or 7 mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the reader device has a private key identification table, based on the private key of a private table a private security key ID and the encrypted private key data area, the mobile storage device is opened.
10.根据权利要求9所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备从本地或从远程获取签发给特定应用的认证文件格式,其中包括私用密钥的I D或可用空间名称或可用空间大小,根据该信息也可更新私用密钥表。 10. The security authentication method according to the mobile storage device 9 and the reader recognition apparatus as claimed in claim, wherein: the identification device reader obtained locally or from a remote issued to the authentication from the application-specific file formats, including private secret the name or ID, or the available space in the key space available, this information may be updated according to the private key table.
11.根据权利要求7所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备的私用安全加密数据区存储特定服务提供方接入程序或密码或版权保护信息。 11. A method of secure authentication of the mobile storage device 7 and the reader of the identification device according to claim, wherein: a private secure encrypted data storage area specific service provider the mobile storage device access procedure or password information, or copyright protection .
12.根据权利要求11所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:特定应用或服务为具有相应权限的应用程序,它至少包括:通过私用密钥表调出的该特定应用或服务所用的私用密钥标示;可用空间名称;以及可用空间大小。 12. A method of secure authentication of the mobile storage device 11 and reader identification device as claimed in claim, wherein: the particular application or service application with the appropriate permissions, comprising at least: a private key by the table adjustment the private key used by the particular application or service designation; available space name; and the available space.
13.根据权利要求11或12所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备读取设备权认证文件,确认该读写识别设备对私用安全加密区是否有访问权限;如无相应权限,停止;如有权限,则检验应用程序是否具有应用认证证书;如无,停止;如有,则对该证书进行认证;如不是合法证书,停止;如是合法证书,根据证书内容在读写识别设备的私用密钥表中取得相应密钥;根据证书内容获取应用程序可访问的数据段;使用该密钥在私用安全加密数据区完成数据操作。 13. The security authentication method of claim 11 or 12, the mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the identification device reader right authentication file reading apparatus, to confirm that the read identification device private security encryption whether the district has access; if no appropriate permissions, stop; if there privilege, it is checked whether the application has an application certificate; if not, stop; if so, the certificates for authentication; if not legal certificate, stop; the case certificate that is valid according to the contents of the certificate to obtain the private key table reads the corresponding key identification device; obtaining application can access the data segment according to the content of the certificate; data using the key operation is completed in secure encrypted private data area.
14.根据权利要求1所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备安全机制存储区内存放有用户识别信息,读写识别设备根据用户识别信息识别移动存储设备使用者的合法性,以便激活移动存储设备。 14. The security authentication method according to a mobile storage device and the reader of the identification device according to claim, wherein: the removable storage device security mechanism storage memory area has user identification information, device identification information for identifying the mobile reader according to a user identification legitimacy of a user storage device, in order to activate the mobile storage device.
15.根据权利要求14所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:用户识别信息为用户激活移动存储设备密码。 15. The security authentication method according to the mobile storage device 14 and reader identification device as claimed in claim, wherein: the user identification information to the user activates the mobile storage device password.
16.根据权利要求1所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备设有IC芯片,用于至少存放唯一的识别信息或存放安全机制存储区的安全认证算法或密钥;以及移动存储设备上设有IC芯片,用于至少存放唯一的识别信息或存放安全机制存储区的安全认证算法或访问权限。 16. The mobile storage device according to claim 1 and method of security authentication identification reader device, wherein: the identification device is provided with an IC chip reader, at least for storing unique identification information or store security storage area security authentication algorithm or key; and an IC chip provided on a removable storage device for storing at least a unique store identification information or authentication algorithm or security access security mechanism storage area.
17.根据权利要求16所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:当移动存储设备接入读写识别设备时,两设备的IC芯片相互识别,判断移动存储设备有无安全机制;如果移动存储设备有则,将读写设备IC芯片设置为主导IC芯片,执行安全认证步骤;如果移动存储设备无安全机制,则在移动存储设备上创建安全机制。 17. A method of secure authentication of the mobile storage device 16 and reader identification device according to claim, wherein: when the mobile storage device to read and write access identification equipment, IC chips of the two devices recognize each other, the mobile storage device is determined have security mechanism; if there is a mobile storage device, the device will read the IC chip to the IC chip led, perform security authentication step; If the mobile storage device without security mechanisms, security mechanism is created on the mobile storage device.
18.根据权利要求17所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:当读写识别设备确认移动存储设备内没有建立安全认证机制时,先在该移动存储设备中写入安全认证版本头信息,用户输入激活密码或从机制提供方获取权限认证证书数据,使用超级密钥加密后,存储在移动存储设备的特定区域,根据用户选择或默认值进行格式化公用加密数据区、私用加密数据区和通用数据区,完成制造移动存储设备安全认证机制的过程。 18. The security authentication method according to the mobile storage device 17 and reader identification device as claimed in claim, wherein: the identification device when the read acknowledgment has not been established security authentication mechanism within the mobile storage device, the first mobile storage device written version security authentication header information, the user enters a password to activate or providers obtain data from the certificate authority mechanism, the use of super-key encryption, is stored in a specific area of ​​the mobile storage device, a public encryption formatted according to user selection or default values data area, data area and a private encryption general data area, to complete the process of manufacturing the mobile storage device security authentication mechanism.
19.根据权利要求1-8、10-12、14-18中的任一项所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:移动存储设备中的所有数据均以文件的形式存储,读写识别设备对移动存储设备的数据操作均以文件的形式进行。 19. The security authentication method of a mobile storage device and the reader of the identification device according to any one 1-8,10-12,14-18 claim, wherein: all data are a removable storage device stored files, read and write operation of identification device in the form of data files of a storage device are performed.
20.根据权利要求1-8、10-12、14-18中的任一项所述的移动存储设备与读写识别设备的安全认证方法,其特征在于:读写识别设备为键盘、MP3、PDA、电子词典、数字电话、数码相机或录音笔。 20. The security authentication method as claimed in any one of claims 1-8,10-12,14-18 mobile storage device and the reader recognition apparatus as claimed in claim, wherein: the identification device is a read keyboard, MP3, PDA, electronic dictionaries, digital phone, digital camera or voice recorder.
CN 02159484 2002-12-31 2002-12-31 Safety authentication method for movable storage device and read and write identification device CN1280737C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 02159484 CN1280737C (en) 2002-12-31 2002-12-31 Safety authentication method for movable storage device and read and write identification device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 02159484 CN1280737C (en) 2002-12-31 2002-12-31 Safety authentication method for movable storage device and read and write identification device

Publications (2)

Publication Number Publication Date
CN1512360A CN1512360A (en) 2004-07-14
CN1280737C true CN1280737C (en) 2006-10-18

Family

ID=34237496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 02159484 CN1280737C (en) 2002-12-31 2002-12-31 Safety authentication method for movable storage device and read and write identification device

Country Status (1)

Country Link
CN (1) CN1280737C (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100618386B1 (en) 2004-10-18 2006-08-31 삼성전자주식회사 Image display apparatus for restricting hard disk drive's use and hard disk drive's use restricting method thereof
US7526794B2 (en) 2005-09-30 2009-04-28 Rockwell Automation Technologies, Inc. Data perspectives in controller system and production management systems
CN101009566B (en) 2006-01-23 2011-06-01 北京金远见电脑技术有限公司 System and method for information download of the embedded system device
CN100595741C (en) 2006-05-19 2010-03-24 迈世亚(北京)科技有限公司 Information processing system
CN101490689B (en) 2006-07-07 2012-05-16 桑迪士克股份有限公司 Content control system and method using certificate chains
CN101192199B (en) 2006-11-30 2011-01-12 华腾微电子(上海)有限公司 Portable safe memory apparatus and its access control method
CN101464932B (en) 2007-12-19 2012-08-22 联想(北京)有限公司 Cooperation method and system for hardware security units, and its application apparatus
JP2009175790A (en) * 2008-01-21 2009-08-06 Nec Corp Content asset management system, method and control program
CN101753532B (en) * 2008-11-29 2013-09-25 华为数字技术(成都)有限公司 Method for controlling storage equipment, verifying device and storage device
CN101510332B (en) 2008-12-25 2013-04-24 北京握奇数据系统有限公司 Method and apparatus for managing memory space of smart card
CN102043644B (en) * 2009-10-12 2015-07-22 中兴通讯股份有限公司 Upgrading method and device for line card main program
CN101853341A (en) * 2010-04-06 2010-10-06 李勇 Portable storage device with digital watermarking function
CN101840476B (en) * 2010-05-07 2013-03-13 江苏新广联科技股份有限公司 OTP-SD electronic publication encryption method
KR101775971B1 (en) * 2010-10-29 2017-09-07 삼성전자주식회사 A storage device, method and apparatus for authenticating the storage device
CN102202057B (en) * 2011-05-18 2013-11-27 株洲南车时代电气股份有限公司 System and method for safely dumping data of mobile memory
CN102307075A (en) * 2011-08-09 2012-01-04 深圳科立讯电子有限公司 Voice transmission encryption method of DMR (digital mobile radio) communication terminal
CN102736993A (en) * 2011-09-23 2012-10-17 新奥特(北京)视频技术有限公司 Data equipment type identification method and system
CN103065102B (en) * 2012-12-26 2015-05-27 中国人民解放军国防科学技术大学 Data encryption mobile storage management method based on virtual disk
CN103729604B (en) * 2013-11-18 2016-11-23 北京奇虎科技有限公司 A kind of method and apparatus in customer access area territory
JP6293629B2 (en) * 2014-09-22 2018-03-14 株式会社東芝 Information processing device
CN104598947B (en) * 2015-02-11 2017-10-31 成都布林特信息技术有限公司 A kind of electronic tag data processing method
CN105141614B (en) * 2015-09-07 2019-05-21 北京北信源软件股份有限公司 A kind of access right control method and device of movable storage device

Also Published As

Publication number Publication date
CN1512360A (en) 2004-07-14

Similar Documents

Publication Publication Date Title
US6314409B2 (en) System for controlling access and distribution of digital property
US7159244B2 (en) Audio data playback management system and method with editing apparatus and recording medium
CN101043319B (en) Digital content protective system and method
EP1304702B1 (en) Semiconductor memory card and data reading apparatus
TWI242704B (en) Secure video card in computing device having digital rights management (DRM) system
KR101009126B1 (en) Revocation of a certificate and exclusion of other principals in a digital rights managementdrm system based on a revocation list from a delegated revocation authority
CN100527141C (en) Recording and playback apparatus and method
US8528096B2 (en) Secure universal serial bus (USB) storage device and method
JP2005122402A (en) Ic card system
EP1273996A2 (en) Secure bootloader for securing digital devices
JP2004104539A (en) Memory card
US8898477B2 (en) System and method for secure firmware update of a secure token having a flash memory controller and a smart card
JP2004530219A (en) Method and apparatus for setting usage rights for digital content created in the future
US20060178997A1 (en) Systems and methods for authoring and protecting digital property
CN100530029C (en) Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys
CN101853363B (en) File protection method and system
US7062622B2 (en) Protection of content stored on portable memory from unauthorized usage
CN100555298C (en) Method and device for virtulizing personal office environment
US7725614B2 (en) Portable mass storage device with virtual machine activation
US20070150963A1 (en) MP3 Player with Digital Rights Management
JP2010268417A (en) Recording device, and content-data playback system
US20050144136A1 (en) Content providing system and content reproducing apparatus
US9104618B2 (en) Managing access to an address range in a storage device
US8761402B2 (en) System and methods for digital content distribution
JP4690600B2 (en) Data protection method

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
ASS Succession or assignment of patent right

Owner name: TAIJUN TECHNOLOGY(SHENZHEN) LTD.

Free format text: FORMER OWNER: TAIJUN INDUSTRIAL CO., LTD.

Effective date: 20050429

C41 Transfer of patent application or patent right or utility model
C14 Grant of patent or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 518106 SHENZHEN, GUANGDONG PROVINCE TO: 100086 HAIDIAN, BEIJING

ASS Succession or assignment of patent right

Owner name: MAISHIYA (BEIJING) SCIENCE AND TECHNOLOGY CO., LTD

Free format text: FORMER OWNER: TAI GUEN TECHNOLOGY (SHENZHEN) CO., LTD.

Effective date: 20141217

C41 Transfer of patent application or patent right or utility model
EXPY Termination of patent right or utility model