CN1300666C - Multiple interface auxiliary digital copy right management method for USB storage device - Google Patents
Multiple interface auxiliary digital copy right management method for USB storage device Download PDFInfo
- Publication number
- CN1300666C CN1300666C CNB2003101181487A CN200310118148A CN1300666C CN 1300666 C CN1300666 C CN 1300666C CN B2003101181487 A CNB2003101181487 A CN B2003101181487A CN 200310118148 A CN200310118148 A CN 200310118148A CN 1300666 C CN1300666 C CN 1300666C
- Authority
- CN
- China
- Prior art keywords
- interface
- storage device
- usb
- main frame
- usb storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a management method for a multi-interface auxiliary digital copyright for a USB storing device. A host machine is connected with a USB storing device through a USB connecting line so that a digital copyright is managed; firstly, the USB storing device is inserted, the host machine requires the USB storing device to send out a describer so that the information of the USB storing device, such as action, capacity, etc., is transmitted to the host machine; secondly, the USB storing device transmits the describer to the host machine, wherein the describer describes the properties of a plurality of interfaces, and the host machine selects the interface of a mass storing device; when the host machine is to access data of a digital autographed stamp or a private key, a random-number variable is used as a coding parameter, an interface is selected from the interfaces to be used as a confidential data accessing interface which is used for sending out a coded cipher, and then the USB storing device utilizes the confidential data accessing interface to send a cipher confirming result back to the host machine; finally, if the host machine confirms that the cipher is correct, the random-number variable is used as a coding parameter, and then the confidential data accessing interface is used for transmitting confidential data.
Description
Technical field
The invention relates to a kind of in the USB storage device technical field of the method for digital copyright management, refer to a kind of especially in the method for USB storage device with multiple interface auxiliary digital copy right management.
Background technology
The digital signature or the private key data that become known for digital copyright management generally are to be stored on the storage device with the archives kenel.In use, be to read this digital signature or private key data by an end device, now is sent to the digital copyright management servomechanism to confirm authority, and afterwards, the normal running digital content begins.Because this digital signature or private key data are to exist with the archives kenel, the existing practice allows the third party steal the archives of this digital signature or private key data easily, and stamped signature is had by improper danger of disseminating.
So for preventing improper diffusing the pinching of digital signature or private key, must use other mechanism to prevent, all will connect servomechanism when for example using digital content, so this will cause the lifting of operational inconvenience of user and handling cost at every turn.Simultaneously, because digital signature or private key are to exist with the archives kenel, so uncontrollable user deletes or revises the content of this digital signature or private key unintentionally, and cause the operation and the checking on obscuring, therefore, the design of known digital signature or private key data using method still has many disappearances and gives improved necessity.
Summary of the invention
The object of the present invention is to provide a kind of in the method for USB storage device with multiple interface auxiliary digital copy right management; can avoid the digital signature or the private key data of desire protection are presented in general archives economy, and can prevent that the user from destroying digital signature or private key data unintentionally.
According to a characteristic of the present invention, proposition in the method for USB storage device with multiple interface auxiliary digital copy right management, connect a USB storage device for a main frame via a USB connecting line, with the combine digital copyright management, this method mainly comprises the steps:
(A) plug this USB storage device, this main frame requires this USB storage device to send descriptor, so that this USB storage device is transferred to this main frame with itself message such as effect, ability;
(B) this USB storage device transmits its descriptor and gives this main frame, and wherein, this descriptor has been described the characteristic of a plurality of interfaces;
(C) main frame is selected the mass storage interface;
(D) when this main frame was desired access digital signature or private key data, it was coding parameter with the stochastic variable, chooses an interface in these a plurality of interfaces, thinks a confidential data access interface, and sends the password of encoding via this confidential data access interface;
(E) this USB storage device utilizes this confidential data access interface to pass the password confirming result back to this main frame; And
(F) this main frame is if confirm that password is errorless, and it is coding parameter with the stochastic variable, in this confidential data access interface, transmission security data.
Described method wherein in step D, is desired the general archives of access when this main frame, is to transmit general archives material with first interface.
Described method, wherein a plurality of interfaces in step B are configurations (configuratlon) and interface (interface) of USB specification.
Described method, wherein any interface beyond this confidential data access interface mass storage interface that is the USB specification.
Described method, wherein the coding among the step D is to use the MD5 coding.
Described method, wherein this confidential data access interface is to its management all data with access, carries out the archives operational motion.
Description of drawings
The synoptic diagram that Fig. 1 uses with multiple interface auxiliary digital copy right management method for USB storage device of the present invention.
Fig. 2 is that the present invention is in the process flow diagram of USB storage device with the method for multiple interface auxiliary digital copy right management.
Fig. 3 is the synoptic diagram that 0 USB storage device sends device description unit application package operation for this main frame of the present invention to the device address.
Fig. 4 is that 0 USB storage device sends a synoptic diagram of setting address application package operation for this main frame of the present invention to the device address.
Fig. 5 sends the synoptic diagram of a SCSI-2/UFI standard commands operation to the USB storage device for this host computer using one export pipeline of the present invention.
Fig. 6 is the data formats of CBW of the present invention (Command Block Wrapper) package.
Fig. 7 is USB storage device of the present invention is responded UFI/SCSI-2 standard commands operation with first intake pipeline a synoptic diagram.
Fig. 8 is the data formats of CSW of the present invention (Command Status Wrapper) package.
Fig. 9 is the command format of UFI/SCSI-2 of the present invention.
Embodiment
Fig. 1 is a kind of in the environment for use synoptic diagram of USB storage device with the method for multiple interface auxiliary digital copy right management for the present invention, and wherein, a main frame 110 connects a USB storage device 130 via a USB connecting line 120, with the combine digital copyright management.This main frame 110 can be a PC, notebook computer, e-schoolbag or personal digital assistant (Personal Digital Assistant, PDA), and this USB storage device 130 can be the carry-on dish of a USB, an action device or a language learner.This main frame 110 can be by USB connecting line 120 and to these USB storage device 130 combine digital copyright managements via method of the present invention.
Fig. 2 is the process flow diagram of method of the present invention.At first, a user is plugged to this USB connecting line 120 (step S210) with this USB storage device 130.Because usb bus has hot swap characteristics,, learnt that promptly a low speed, full speed or high speed USB device are connected to its usb bus when main frame 110 detects D-on its usb bus or D+ signal line when a pull-up resistor (pull-up resistor) is arranged.So when this USB storage device 130 was plugged to this USB connecting line 120, main frame 110 can detect this USB storage device 130 and be connected to its usb bus.
This main frame 110 is sent out main line replacement (bus reset) signal earlier, and with this USB storage device 130 of resetting, this replacement signal is all kept electronegative potential with this D-and D+ signal line, and need keep minimum 10ms.This replacement signal can force this USB storage device 130 to be in device address decided at the higher level but not officially announced (address 0).As shown in Figure 3, it is that this USB storage device 130 of 0 sends device description unit application package to the device address that this main frame 110 uses controlling plumbing fixtures node 0 (endpoint 0) decided at the higher level but not officially announced, and wherein, the bRequest field is set at GetDescriptor.This USB storage device 130 is passed 8 bit groups in front of its device description unit (device descriptor) back.
This main frame 110 (for example: 0000001 distributes a unique address
b=01
h) give this USB storage device 130, and set address application package to this USB storage device 130 by sending one, wherein, the bRequest field is set at SetAddress, is 01 with the address of setting this USB storage device 130
h, the package transmission between this main frame 110 and this USB storage device 130 as shown in Figure 4.
In step S220, this main frame 110 uses 01
hAddress is to send device description unit application package to this USB storage device 130, wherein, the bRequest field is set at GetDescriptor.And address 01
hThis USB storage device 130 receive this device description unit application package after, then with Datagram 0 and Datagram 1 (DATA0, DATA1) pass its device description unit (DeviceDescriptor) back, package transmission between this main frame 110 and this USB storage device 130 also as shown in Figure 3, wherein device address (Devicc Addtess) field is 01
h
This main frame 110 uses 01
hAddress sends one to this USB storage device 130 description unit application package is set, wherein, the bRequest field is set at GetConfiguration), and this USB storage device 130 receive this be provided with unit's application package is described after, then with Datagram 0 and Datagram 1 (DATA0, DATA1) pass it back description unit (Configuration Descriptor) is set, package transmission between this main frame 110 and this USB storage device 130 also as shown in Figure 3, wherein the bRequest field is GetConfiguration.
In the present invention, though this USB storage device 130 is a storage device, but it has multiple interface, and be the mass storage interface with first interface, and with second interface or other interface access digital signatures or private key data, so it is passed in bDeviceClass field in the device description unit of this main frame 110 and the bDeviceSubClass field and is 00h, and its bNumInterfaces field of describing in the unit (Configuration Descriptor) is set is 02
hOr than 02
hBig value, to represent that this USB storage device 130 has the interface more than two or two, wherein first interface is the mass storage interface, and second or other interfaces as confidential data access interface, with access digital signature or private key data, in present embodiment, be as confidential data access interface with second interface.
In step S230, this main frame 110 is selected mass storage interface (first interface) according to the description unit that is passed back, to allow this main frame 110 can call out the driver of this USB storage device 130, so that this USB storage device 130 of access.The interface that this main frame 110 and foundation are passed back is described the InterfaceProtoc01 field of unit, selects Bulk-only or CBI (Control, Bulk andInterrupt) communications protocol, so that link up with this USB storage device 130.In present embodiment, be to select the Bulk-only communications protocol for use.
In step S240, judge that this main frame 110 is general archives or access digital signature or the private key data on this USB storage device 130 of access, when judging that this main frame 110 is desired the general archives of accesses, execution in step S270 then.It is to send a SCSI-2/UFI standard commands with the second or the 4th export pipeline (Out-Pipe).At this moment, the package transmission between this main frame 110 and this USB storage device 130 then as shown in Figure 5.Wherein, the data field comprises a CBW (Command BlockWtapper) package, its form as shown in Figure 6, wherein the CBWCB field has comprised the standard commands of UFI/SCSI-2.All the other fields then have Bulk-only communications protocol and the auxiliary part of describing.
In step S280, this USB storage device 130 just can be known control how to respond this main frame 110, and respond the UFI/SCSI-2 standard commands with the first or the 3rd intake pipeline after having obtained the UFI/SCSI-2 order by CBW.Next come swap date by these main frame 110 master controls, data is fetched this main frame 110, at this moment, the package transmission between this main frame 110 and this USB storage device 130 then as shown in Figure 7.Or data delivered to this USB storage device 130, at this moment, the package transmission between this main frame 110 and this USB storage device 130 is then to shown in Figure 5 similar.This USB storage device 130 must be repaid the state of this subcommand/data transmission at last, and it is to wait for this main frame 110 requirements after CSW (the Command Status Wrapper) encapsulation, to pass this main frame 110 back.This CSW encapsulation format as shown in Figure 8, wherein, the bCSWStatus field is that 00h represents success, for 01h represent the failure, for 02h represents phase error.Finish when the data transmission, then resumes step 240, if need not using this USB storage device 130, then to step 290, to remove this USB storage device 130.
In step S240, when judging that this main frame 110 is desired access one access digital signature or private key data, then execution in step S250 is to select this confidential data access interface (second interface) and to call out exclusive driver, with access digital signature or private key data.This main frame 110 is a coding parameter with the stochastic variable, and this coding can use the MD5 coding, and sends the password of encoding via this confidential data access interface.And this USB storage device 130 utilizes this confidential data access interface to pass the password confirming result back to this main frame 110, and this main frame 110 is if confirm that password is errorless, and it is coding parameter with the stochastic variable, in this confidential data access interface, transmission security data.
At this moment, the package transmission between this main frame 110 and this USB storage device 130 as shown in Figure 5.Wherein, information box only comprises a CBW package, its form as shown in Figure 6, wherein the CBWCB field can be for standard commands or the self-made order of UFI/SCSI-2.All the other fields then have Bulk-only communications protocol and the auxiliary part of describing.In step S260, after this USB storage device 130 has been obtained UFI/SCSI-2 standard commands or self-made order by CBW, just control how to respond this main frame 110 be can know, and UFI/SCSI-2 standard commands or self-made order responded with this confidential data access interface (second interface).When digital signature or private key data access are finished, the then virgin step 240 of returning.
Fig. 9 is the order field of UFI/SCSI-2, and the order of UFI/SCSI-2/response agreement has then defined the operating mechanism of basic document storage device.The length of each UFI/SCSI-2 order is fixing, responds data length also according to each order and different.For instance, order numbering 12h represents the Inquiry order, and this USB storage device 130 must return the number of Logical Unit; Order numbering 25h represents Read Capacity order, this USB storage device 130 must passback Last Logical BlockAddress and Block Length, to be calculated the amount of capacity of this USB storage device 130 according to Last Logical Block Address and Block Length by this main frame 110.
Generally with USB mass storage (USB Mass Storage) classification device driven, main frame 110 can be considered as disk set with it.And the description by this disk set data blocks, main frame 110 can be recognized the archives economy, capacity, user mode of this disk etc.In operating system, such disk set can be hung in the archives system automatically, and the data in the storage device can be interpreted as archives material by main frame.If not via the data of this specification pipeline transmission of mass storage (Mass Storage), then can not be regarded as the some of archives economy, also just can not appear in the archives economy (with the application journey of explorer and so on from opening or inspect this type of data).So data transmission pipeline of the present invention can be by the standard agreement pipeline of general USB mass storage; so can be interpreted as general archives by operating system; or be placed in the archives economy of operating system; the user can't can prevent that the user is not intended to ask digital signature or the private key data destroyed by the digital signature or the private key data of general archives operation interface access desire protection.The technology of the present invention is provided with processing such as authority managing and controlling and cryptographic check, noise data in addition, when seeing through non-general USB mass storage pipeline and pass the wheel data, can prevent to be eavesdropped, usurp.
As shown in the above description; the technology of the present invention utilizes a USB device can have the characteristic of a plurality of settings (Configuration) and interface (Interhce); make a large amount of storage facilitiess of USB include the interface of other classifications; transmit the data of desire protection by these other interface; and avoid the digital signature or the private key data of desire protection are presented in general archives economy; can prevent that the user from destroying digital signature or private key data unintentionally; by setting up processing such as authority managing and controlling, cryptographic check and noise data, can prevent to be eavesdropped, usurp simultaneously.
The foregoing description only is to give an example for convenience of description, and the interest field that the present invention advocated should be as the criterion so that claim is described certainly, but not only limits to the foregoing description.
Claims (5)
1, the method with multiple interface auxiliary digital copy right management in a kind of USB storage device connects a USB storage device for a main frame via a USB connecting line, and with the combine digital copyright management, this method mainly comprises the steps:
A) plug this USB storage device, this main frame requires this USB storage device to send descriptor, so that this USB storage device is transferred to this main frame with itself effect, ability message;
B) this USB storage device transmits its descriptor and gives this main frame, and wherein, this descriptor has been described the characteristic of a plurality of interfaces;
C) main frame is selected the mass storage interface;
D) when this main frame was desired access digital signature or private key data, it was coding parameter with the stochastic variable, chooses an interface in these a plurality of interfaces, thinks a confidential data access interface, and sends the password of encoding via this confidential data access interface; Desiring the general archives of access when this main frame, is to transmit general archives material with first interface;
E) this USB storage device utilizes this confidential data access interface to pass the password confirming result back to this main frame; And
F) this main frame is if confirm that password is errorless, and it is coding parameter with the stochastic variable, in this confidential data access interface, transmission security data.
2, the method for claim 1 is characterized in that, wherein a plurality of interfaces in step B are configurations (configuratlon) and interface (interface) of USB specification.
3, the method for claim 1 is characterized in that, wherein any interface beyond this confidential data access interface mass storage interface that is the USB specification.
4, the method for claim 1 is characterized in that, wherein the coding among the step D is to use the MD5 coding.
5, the method for claim 1 is characterized in that, wherein this confidential data access interface is to its management all data with access, carries out the archives operational motion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101181487A CN1300666C (en) | 2003-11-10 | 2003-11-10 | Multiple interface auxiliary digital copy right management method for USB storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101181487A CN1300666C (en) | 2003-11-10 | 2003-11-10 | Multiple interface auxiliary digital copy right management method for USB storage device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1617089A CN1617089A (en) | 2005-05-18 |
| CN1300666C true CN1300666C (en) | 2007-02-14 |
Family
ID=34761069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101181487A Expired - Fee Related CN1300666C (en) | 2003-11-10 | 2003-11-10 | Multiple interface auxiliary digital copy right management method for USB storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1300666C (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1357840A (en) * | 2000-12-08 | 2002-07-10 | 英业达股份有限公司 | Computer security system |
| CN1400779A (en) * | 2001-08-06 | 2003-03-05 | 平实数位股份有限公司 | Network transaction method with safety |
| CN1402529A (en) * | 2001-08-29 | 2003-03-12 | 英业达股份有限公司 | Network file transmission system and method |
-
2003
- 2003-11-10 CN CNB2003101181487A patent/CN1300666C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1357840A (en) * | 2000-12-08 | 2002-07-10 | 英业达股份有限公司 | Computer security system |
| CN1400779A (en) * | 2001-08-06 | 2003-03-05 | 平实数位股份有限公司 | Network transaction method with safety |
| CN1402529A (en) * | 2001-08-29 | 2003-03-12 | 英业达股份有限公司 | Network file transmission system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1617089A (en) | 2005-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100401280C (en) | Universal serial bus data transmission method and apparatus thereof | |
| US9811678B2 (en) | Method and system for transferring data and instructions through a host file system | |
| US9137249B2 (en) | Local proxy system and method | |
| US7953878B1 (en) | Multi-threaded internet small computer system interface (iSCSI) socket layer | |
| US20050049976A1 (en) | Remotely licensing configurable network diagnostic modules | |
| CN101086726A (en) | Method and apparatus for disabling a universal serial bus port | |
| JP2009507270A (en) | A validated computing environment for personal Internet communicators | |
| CN103077345B (en) | Based on software authorization method and the system of virtual machine | |
| EP1226482A2 (en) | System and method for managing connections between a client and a server | |
| TW201514749A (en) | Method and apparatus for securing computer mass storage data | |
| CN1794660A (en) | Method for overcoming system administration blockage | |
| WO2011032001A1 (en) | Viewing content under enterprise digital rights management without a client side access component | |
| WO2008008244A3 (en) | Content control system and method using versatile control structure | |
| CN1821986A (en) | Control apparatus, information processing apparatus, and data transferring method | |
| CN1300666C (en) | Multiple interface auxiliary digital copy right management method for USB storage device | |
| EP1530757A1 (en) | Usb device | |
| AU2006220180A1 (en) | A method and protocol for transmitting extended commands to USB devices | |
| CN100346281C (en) | Managing method for multiple pipeline anxiliary digital copyright in USB storage device | |
| CN1297879C (en) | Managing method with self-made order auxiliary digital copy right for USB storage device | |
| CN1906559A (en) | Method for controlling a data processing device | |
| US20070198753A1 (en) | Method and protocol for transmitting extended commands to USB devices | |
| US20050089166A1 (en) | Method of applying multiple pipes to assist digital copyright management in a USB storage device | |
| CN1266912C (en) | Multiple buffers for removing unwanted header information from received data packets | |
| CN2896370Y (en) | Intelligent key device | |
| CN103269348A (en) | Network segment-crossing data security exchange device and exchange method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20090213 Address after: Taipei city of Taiwan Province Patentee after: INSTITUTE FOR INFORMATION INDUSTRY Address before: Taipei city of Taiwan Province Patentee before: Saipoteer Industrial Co.,Ltd. Effective date of registration: 20090213 Address after: Taipei city of Taiwan Province Patentee after: Saipoteer Industrial Co.,Ltd. Address before: 11 floor, No. two, 106 Heping East Road, Taiwan, Taipei Patentee before: INSTITUTE FOR INFORMATION INDUSTRY |
|
| ASS | Succession or assignment of patent right |
Owner name: YULIN TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SEILTEL INDUSTRIAL CO., LTD. Effective date: 20090213 Owner name: SEILTEL INDUSTRIAL CO., LTD. Free format text: FORMER OWNER: INCORPORATED FOUNDATION OF INFORMATION INDUSTRY INSTITUTE Effective date: 20090213 |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070214 Termination date: 20111110 |