Summary of the invention
The object of the present invention is to provide a kind of in the method for USB storage device with multiple interface auxiliary digital copy right management; can avoid the digital signature or the private key data of desire protection are presented in general archives economy, and can prevent that the user from destroying digital signature or private key data unintentionally.
According to a characteristic of the present invention, proposition in the method for USB storage device with multiple interface auxiliary digital copy right management, connect a USB storage device for a main frame via a USB connecting line, with the combine digital copyright management, this method mainly comprises the steps:
(A) plug this USB storage device, this main frame requires this USB storage device to send descriptor, so that this USB storage device is transferred to this main frame with itself message such as effect, ability;
(B) this USB storage device transmits its descriptor and gives this main frame, and wherein, this descriptor has been described the characteristic of a plurality of interfaces;
(C) main frame is selected the mass storage interface;
(D) when this main frame was desired access digital signature or private key data, it was a coding parameter with random number parameter, chooses an interface in these a plurality of interfaces, thinks a confidential data access interface, and sends the password of encoding via this confidential data access interface;
(E) this USB storage device utilizes this confidential data access interface to pass the password confirming result back to this main frame; And
(F) this main frame is if confirm that password is errorless, and it is a coding parameter with random number parameter, in this confidential data access interface, transmission security data.
Described method wherein in step D, is desired the general archives of access when this main frame, is to transmit general archives material with first interface.
Described method, wherein a plurality of interfaces in step C are configurations (configuratlon) and interface (interface) of USB specification.
Described method, wherein any interface beyond this confidential data access interface mass storage interface that is the USB specification.
Described method, wherein the coding among the step C is to use the MD5 coding.
Described method, wherein this confidential data access interface is to its management all data with access, carries out the archives operational motion.
Embodiment
Fig. 1 is a kind of in the environment for use synoptic diagram of USB storage device with the method for multiple interface auxiliary digital copy right management for the present invention, and wherein, a main frame 110 connects a USB storage device 130 via a USB connecting line 120, with the combine digital copyright management.This main frame 110 can be a PC, notebook computer, e-schoolbag or personal digital assistant (Personal Digital Assistant, PDA), and this USB storage device 130 can be the carry-on dish of a USB, an action device or a language learner.This main frame 110 can be by USB connecting line 120 and to these USB storage device 130 combine digital copyright managements via method of the present invention.
Fig. 2 is the process flow diagram of method of the present invention.At first, a user is plugged to this USB connecting line 120 (step S210) with this USB storage device 130.Because usb bus has hot swap characteristics,, learnt that promptly a low speed, full speed or high speed USB device are connected to its usb bus when main frame 110 detects D-on its usb bus or D+ signal line when a pull-up resistor (pull-up resistor) is arranged.So when this USB storage device 130 was plugged to this USB connecting line 120, main frame 110 can detect this USB storage device 130 and be connected to its usb bus.
This main frame 110 is sent out main line replacement (bus reset) signal earlier, and with this USB storage device 130 of resetting, this replacement signal is all kept electronegative potential with this D-and D+ signal line, and need keep minimum 10ms.This replacement signal can force this USB storage device 130 to be in device address decided at the higher level but not officially announced (address 0).As shown in Figure 3, it is that this USB storage device 130 of 0 sends device description unit application package to the device address that this main frame 110 uses controlling plumbing fixtures node 0 (endpoint 0) decided at the higher level but not officially announced, and wherein, the bRequest field is set at GetDescriptor.This USB storage device 130 is passed 8 bit groups in front of its device description unit (device descriptor) back.
This main frame 110 (for example: 0000001 distributes a unique address
b=01
h) give this USB storage device 130, and set address application package to this USB storage device 130 by sending one, wherein, the bRequest field is set at SetAddress, is 01 with the address of setting this USB storage device 130
h, the package transmission between this main frame 110 and this USB storage device 130 as shown in Figure 4.
In step S220, this main frame 110 uses 01
hAddress is to send device description unit application package to this USB storage device 130, wherein, the bRequest field is set at GetDescriptor.And address 01
hThis USB storage device 130 receive this device description unit application package after, then with Datagram 0 and Datagram 1 (DATA0, DATA1) pass its device description unit (DeviceDescriptor) back, package transmission between this main frame 110 and this USB storage device 130 also as shown in Figure 3, wherein device address (Devicc Addtess) field is 01
h
This main frame 110 uses 01
hAddress sends one to this USB storage device 130 description unit application package is set, wherein, the bRequest field is set at GetConfiguration), and this USB storage device 130 receive this be provided with unit's application package is described after, then with Datagram 0 and Datagram 1 (DATA0, DATA1) pass it back description unit (Configuration Descriptor) is set, package transmission between this main frame 110 and this USB storage device 130 also as shown in Figure 3, wherein the bRequest field is GetConfiguration.
In the present invention, though this USB storage device 130 is a storage device, but it has multiple interface, and be the mass storage interface with first interface, and with second interface or other interface access digital signatures or private key data, so it is passed in bDeviceClass field in the device description unit of this main frame 110 and the bDeviceSubClass field and is 00h, and its bNumInterfaces field of describing in the unit (Configuration Descriptor) is set is 02
hOr than 02
hBig value, to represent that this USB storage device 130 has the interface more than two or two, wherein first interface is the mass storage interface, and second or other interfaces as confidential data access interface, with access digital signature or private key data, in present embodiment, be as confidential data access interface with second interface.
In step S230, this main frame 110 is selected mass storage interface (first interface) according to the description unit that is passed back, to allow this main frame 110 can call out the driver of this USB storage device 130, so that this USB storage device 130 of access.The interface that this main frame 110 and foundation are passed back is described the InterfaceProtoc01 field of unit, selects Bulk-only or CBI (Control, Bulk andInterrupt) communications protocol, so that link up with this USB storage device 130.In present embodiment, be to select the Bulk-only communications protocol for use.
In step S240, judge that this main frame 110 is general archives or access digital signature or the private key data on this USB storage device 130 of access, when judging that this main frame 110 is desired the general archives of accesses, execution in step S270 then.It is to send a SCSI-2/UFI standard commands with the second or the 4th export pipeline (Out-Pipe).At this moment, the package transmission between this main frame 110 and this USB storage device 130 then as shown in Figure 5.Wherein, the data field comprises a CBW (Command BlockWtapper) package, its form as shown in Figure 6, wherein the CBWCB field has comprised the standard commands of UFI/SCSI-2.All the other fields then have Bulk-only communications protocol and the auxiliary part of describing.
In step S280, this USB storage device 130 just can be known control how to respond this main frame 110, and respond the UFI/SCSI-2 standard commands with the first or the 3rd intake pipeline after having obtained the UFI/SCSI-2 order by CBW.Next come swap date by these main frame 110 master controls, data is fetched this main frame 110, at this moment, the package transmission between this main frame 110 and this USB storage device 130 then as shown in Figure 7.Or data delivered to this USB storage device 130, at this moment, the package transmission between this main frame 110 and this USB storage device 130 is then to shown in Figure 5 similar.This USB storage device 130 must be repaid the state of this subcommand/data transmission at last, and it is to wait for this main frame 110 requirements after CSW (the Command Status Wrapper) encapsulation, to pass this main frame 110 back.This CSW encapsulation format as shown in Figure 8, wherein, the bCSWStatus field is that 00h represents success, for 01h represent the failure, for 02h represents phase error.Finish when the data transmission, then resumes step 240, if need not using this USB storage device 130, then to step 290, to remove this USB storage device 130.
In step S240, when judging that this main frame 110 is desired access one access digital signature or private key data, then execution in step S250 is to select this confidential data access interface (second interface) and to call out exclusive driver, with access digital signature or private key data.This main frame 110 is a coding parameter with random number parameter, and this coding can use the MD5 coding, and sends the password of encoding via this confidential data access interface.And this USB storage device 130 utilizes this confidential data access interface to pass the password confirming result back to this main frame 110, and this main frame 110 is if confirm that password is errorless, and it is a coding parameter with random number parameter, in this confidential data access interface, transmission security data.
At this moment, the package transmission between this main frame 110 and this USB storage device 130 as shown in Figure 5.Wherein, information box only comprises a CBW package, its form as shown in Figure 6, wherein the CBWCB field can be for standard commands or the self-made order of UFI/SCSI-2.All the other fields then have Bulk-only communications protocol and the auxiliary part of describing.In step S260, after this USB storage device 130 has been obtained UFI/SCSI-2 standard commands or self-made order by CBW, just control how to respond this main frame 110 be can know, and UFI/SCSI-2 standard commands or self-made order responded with this confidential data access interface (second interface).When digital signature or private key data access are finished, the then virgin step 240 of returning.
Fig. 9 is the order field of UFI/SCSI-2, and the order of UFI/SCSI-2/response agreement has then defined the operating mechanism of basic document storage device.The length of each UFI/SCSI-2 order is fixing, responds data length also according to each order and different.For instance, order numbering 12h represents the Inquiry order, and this USB storage device 130 must return the number of Logical Unit; Order numbering 25h represents Read Capacity order, this USB storage device 130 must passback Last Logical BlockAddress and Block Length, to be calculated the amount of capacity of this USB storage device 130 according to Last Logical Block Address and Block Length by this main frame 110.
Generally with USB mass storage (USB Mass Storage) classification device driven, main frame 110 can be considered as disk set with it.And the description by this disk set data blocks, main frame 110 can be recognized the archives economy, capacity, user mode of this disk etc.In operating system, such disk set can be hung in the archives system automatically, and the data in the storage device can be interpreted as archives material by main frame.If not via the data of this specification pipeline transmission of mass storage (Mass Storage), then can not be regarded as the some of archives economy, also just can not appear in the archives economy (with the application journey of explorer and so on from opening or inspect this type of data).So data transmission pipeline of the present invention can be by the standard agreement pipeline of general USB mass storage; so can be interpreted as general archives by operating system; or be placed in the archives economy of operating system; the user can't can prevent that the user is not intended to ask digital signature or the private key data destroyed by the digital signature or the private key data of general archives operation interface access desire protection.The technology of the present invention is provided with processing such as authority managing and controlling and cryptographic check, noise data in addition, when seeing through non-general USB mass storage pipeline and pass the wheel data, can prevent to be eavesdropped, usurp.
As shown in the above description; the technology of the present invention utilizes a USB device can have the characteristic of a plurality of settings (Configuration) and interface (Interhce); make a large amount of storage facilitiess of USB include the interface of other classifications; transmit the data of desire protection by these other interface; and avoid the digital signature or the private key data of desire protection are presented in general archives economy; can prevent that the user from destroying digital signature or private key data unintentionally; by setting up processing such as authority managing and controlling, cryptographic check and noise data, can prevent to be eavesdropped, usurp simultaneously.
The foregoing description only is to give an example for convenience of description, and the interest field that the present invention advocated should be as the criterion so that claim is described certainly, but not only limits to the foregoing description.