JP2002015511A - Off-line sharing security system using removable media - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an off-line sharing security system using removable media, which is simple, safe and effective. SOLUTION: According to one embodiment of the invention, the off-line sharing security system using the removable media has an authentication processing functioning part, which is provided in a removable media drive and performs authentication, by using authentication information recorded in a prescribed area on removable media mounted on the drive, a media access control functioning part which is provided in the drive and allows an access to media, only when authentication performed by the authentication processing functioning part is successful, an authentication processing request transmission functioning part which is provided in a file management control part, reads confidential information stored in a confidential information storing part, transmits information including the confidential information to the drive and requests authentication processing, and an authentication processing request functioning part, which is provided in the file management control part and requests authentication processing at least once, before accessing the media by using the authentication processing request transmission functioning part.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a security system using a portable recording medium (removable medium), and more particularly, to an offline sharing security system using a removable medium.

[0002]

2. Description of the Related Art Conventionally, there is known a portable recording medium (removable medium) system having a security function as shown in FIG.

[0003] That is, as shown in FIG. 1, an M code having an authentication code 11 such as a password recorded in a specific portion.
A removable medium drive 13 to which a portable recording medium (removable medium) 12 such as O is mounted has a firmware with an authentication function.

A personal computer (hereinafter referred to as a host PC) 14 on the host terminal connected to the removable media drive 13 starts its application program and authentication processing driver software, thereby
When an authentication code such as a password is sent to the removable media drive 13,
The verification is performed by the firmware with the authentication function.

Only when the authentication code such as a password and the like match as a result of the verification, the firmware with the authentication function of the removable media drive 13 releases the lock and permits the host PC 14 to access the removable media drive 13. I am trying to do it.

FIG. 3 shows the structure of the portable recording medium (removable medium) 12 with the security function.

That is, in the configuration on the portable recording medium (removable medium) 12, a security area (an area inaccessible by the OS function of the host PC 14 side, in which information about security is recorded) 12a , An authentication information code 12b, and a medium identification code (security recording medium,
Code for identifying a recording medium such as a general recording medium) 12c
Is recorded.

Here, the authentication information code 12b is like a password as a user identification code.

There are a plurality of types that can be distinguished by the medium identification code 12c, such as security, copyright protection, and general media. Further, a plurality of types can be provided for security. It is recorded in the security area 12a.

A normal area 12d is provided below the security area 12a.

FIG. 4 is a flowchart for explaining an authentication process by the firmware with an authentication function of the removable media drive 13.

That is, when the portable recording medium (removable medium) 12 is inserted into the removable medium drive 13, the medium identification code of the portable recording medium (removable medium) 12 is confirmed by the firmware with the authentication function of the removable medium drive 13. Then, it is determined whether or not the recording medium is a security recording medium (steps S1 and S2).

If the result of this determination is that the recording medium is a security recording medium, access to the recording medium, which is a security recording medium, is locked at the firmware level, and then a request for transmission of an authentication information code to the host PC 14 is made. (Steps S3 and S4).

In response to this, when the authentication information code is transmitted from the host PC 14, the authentication information code is collated at the firmware level (steps S5 and S6).

If the verification is successful, the lock at the firmware level is released, and then the firmware permits the host PC 14 to access the recording medium (steps S7 and S8).

If the collation is not successful in step S7, the process returns to step S4 and subsequent steps.

In step S2, when the recording medium is not a security recording medium, access to the recording medium, which is a general recording medium, is permitted at the firmware level.

FIG. 5A shows a relationship between a portable recording medium (removable medium) 12 having a security function in which the authentication information code is recorded and a user who transmits the secret information code on the host PC 14 side. ing.

FIG. 5B shows the form of account management (user management) in the relationship as shown in FIG.

That is, when one user uses one medium, registration and change of the password as the authentication information code are permitted, and deletion of the password is conditionally permitted. .

Then, one medium is shared by a plurality of users (one secret information code is shared by a plurality of users)
In such a case, registration of a password as an authentication information code is permitted under the condition that one password is shared.

However, regarding the deletion and change of the password, it is necessary to delete and change all the passwords of a plurality of recording media, and it is necessary to notify all registered users of the new password. Tolerating them is virtually impossible because they are so complicated.

FIG. 6A shows a portable recording medium (removable medium) 12 with a security function in which the authentication information code is recorded as a user 1 authentication information code, a user 2 authentication information code... Host PC
On the 14 side, secret information 1 code, secret information 2 code ...
Is shown with respect to a plurality of users who transmit the.

FIG. 6B shows a form of account management (user management) in the relationship as shown in FIG.

That is, when one medium is shared by a plurality of users (a plurality of authentication codes are set), it is necessary for an administrator to register a password as an authentication information code for each recording medium. There are, so they are very cumbersome and allow it on condition.

However, when deleting and changing the password, it is necessary to delete all the passwords on a plurality of recording media, and these are very complicated.
It is virtually impossible to allow them.

That is, it is wasteful to write an account for all the users, it is difficult to increase or decrease the number of accounts later, and since there are a plurality of media, the account is reset for all the owned media. It is hard to do.

[0028]

That is, in a security system using a portable recording medium (removable medium) according to the prior art as described above, in particular, an off-line sharing using a simple, safe and effective removable medium. There is a problem that it is difficult to realize a security system.

The present invention has been made in view of the above circumstances, and is particularly directed to a security system using a portable recording medium (removable medium), in particular, an off-line shared security using a simple, safe and effective removable medium. The purpose is to provide a system.

[0030]

According to the present invention, in order to solve the above-mentioned problems, (1) in a system comprising a removable media drive, a file management control unit, and a secret information storage unit, the system comprises: An authentication processing function unit that performs authentication using authentication information recorded in a predetermined area on the removable medium mounted on the removable media drive, and an authentication processing function unit that is provided in the removable media drive, A media access control function unit that permits access to the removable medium only when the authentication by the authentication processing function unit succeeds, and a secret information stored in the secret information storage unit, which is provided in the file management control unit. Read the file and place it in the removable media drive. An authentication processing request transmission function unit for transmitting information including secret information and requesting an authentication processing; and an authentication processing request transmission function provided in the file management control unit, at least once before accessing the removable medium. An authentication processing requesting function unit for requesting authentication processing using the unit is provided, and an off-line shared security system using a removable medium is provided.

According to the present invention, in order to solve the above-mentioned problems, (2) the secret information storage section is characterized in that it is a memory device that can be attached to and detached from a host terminal composed of a personal computer (1). An offline sharing security system using a removable medium described in (1) is provided.

According to the present invention, in order to solve the above-mentioned problems, (3) the file management control unit includes: a user authentication processing function unit for performing a user authentication process; The removable information storage device according to (1) or (2), further comprising: a secret information reading function unit that reads out the secret information from the secret information storage unit only when authentication is performed and the user is authenticated. An offline sharing security system using media is provided.

According to the present invention, in order to solve the above problems, (4) the secret information storage unit includes a secret information generation function unit that generates the authentication secret information in a state where the secret information storage unit is hidden from a user. An offline sharing security system using the removable medium according to any one of (1) to (3), which is provided.

According to the present invention, in order to solve the above-mentioned problems, (5) the file management control unit, when starting a series of write processing to the removable medium,
Offline sharing using a removable medium according to any one of (1) to (4), further comprising a function unit for performing media authentication processing and returning the authentication to the recording medium to an unprocessed state at the time of termination. A security system is provided.

According to the present invention, in order to solve the above problems, (6) the removable media drive includes a random number generation function unit, an encryption function unit, and the random number generation function at the time of authentication with the host terminal. A functional unit that generates a random number using the unit and transmits the random number to the host terminal side;
A function unit that encrypts the random number using the authentication information on the removable medium mounted on the removable media drive, and compares information transmitted from the host terminal with information obtained by encrypting the random number. Having a function unit for permitting access from the host terminal as being authenticated when they match, wherein the secret information storage unit is an encryption function unit and stored in the secret information storage unit. (2) An offline sharing security system using a removable medium according to (2), further comprising a function unit for encrypting data using secret information.

According to the present invention, in order to solve the above-mentioned problems, (7) the file management control unit combines the data in the user area on the removable medium into one file, and a falsification prevention code for the file. And a function unit for copying both files to the host terminal in the form of (1)
An offline sharing security system using the removable medium according to any one of (6) to (6) is provided.

According to the present invention, in order to solve the above-mentioned problems, (8) the file management control unit associates files in the user area on the removable medium with a plurality of related files collectively, and associates them. The removable medium according to any one of (1) to (7), further including a function unit for adding a code for detecting falsification to the entire data of the obtained file and copying the data to a host terminal. An offline shared security system is provided.

According to the present invention, in order to solve the above-mentioned problems, (9) the file management control section divides a file when storing a file larger than a free space on the removable medium, While storing the first half of the file, describe that the file was divided into a data file that manages the attributes of the file, further divided another part as a separate file, and on which removable media to record the separate file, A function unit for recording the identifier of the removable medium of the recording destination in the data file that manages the attribute, and further, when recording the divided another file on another removable medium, the identifier of the original removable medium is stored in the separate file. Function to record even in the data file that manages the attributes of (1) to (8)
An offline sharing security system using the removable medium according to any one of the above is provided.

According to the present invention, in order to solve the above-mentioned problems, (10) the file management control unit receives a request from a user to read data divided and stored in a plurality of media. Has a function unit for instructing the user which media to insert next, and when the media is inserted, finds the corresponding divided file, combines the data on the host, and presents it to the user. An offline sharing security system using a removable medium according to (9) is provided.

According to the present invention, in order to solve the above problems, (11) the file management control unit, when assigning a tampering detection code to a plurality of related files, The off-line shared security system using removable media according to (8), further comprising a function unit for obtaining a falsification detection code for a file, and further for obtaining one falsification detection code from the entire related file. Provided.

According to the present invention, in order to solve the above-mentioned problems, (12) the file management control unit, when assigning a falsification detection code to a plurality of related files, An off-line shared security system using a removable medium according to (8), further comprising a function unit for obtaining a falsification detection code for a file and thereafter obtaining one falsification detection code from the entirety of the obtained falsification detection code. Is provided.

According to the present invention, in order to solve the above problems, (13) the security system detects that the file management control unit has not been tampered with before the file management control unit is activated. In the case where the storage medium has been tampered with, a removable medium according to any one of (1) to (12) is provided with a program tampering check processing unit for locking the function of the secret information storage unit. An offline shared security system is provided.

According to the present invention, in order to solve the above-mentioned problems, (14) the security system, when starting up the execution module of the file management control unit, executes the process ID of the program execution module including the file management control unit. And an exclusive control unit that causes a driver of the removable media drive to perform error processing when there is a program that attempts to access the removable media drive from a source other than the process ID ( 1) to (1)
An offline sharing security system using the removable medium according to any one of 3) is provided.

According to the present invention, in order to solve the above-mentioned problems, (15) the security system accesses a user when an attempt is made to access the removable medium from a program or module other than the file control management unit. An offline sharing security system using a removable medium according to any one of (1) to (14), further comprising a function unit for notifying that the system cannot be used.

Here, definitions of terms used in the present invention will be described.

The drive is a drive for a removable medium.

The authentication information is information recorded in a predetermined area on the removable medium.

The media access control function is a function of the firmware of the drive.

The file management control unit is a host terminal (P
C) The above software is, for example, an explorer like Windows (registered trademark) or a file manager API.

The secret information storage unit is a host terminal (PC)
A mechanism for hiding the above encryption keys (implemented by software),
Alternatively, it is a (tamper-resistant) memory device (implemented by hardware) connected to a host terminal (PC).

The secret information is information stored in the secret information storage unit, and is the same as the authentication information.

The user authentication information is information for determining whether or not the secret information storage unit can be used. In short, it is a password, but it is completely different from the above authentication information and secret information. You need to be careful.

Both the user authentication information and the secret information are recorded in the secret information storage unit, and the secret information can be used only when the password is passed using the user authentication information. I have.

The drive identification function means that a drive has a serial number, and by registering the serial number of a drive that can access this medium on a removable medium, it can be accessed from any drive whose serial number is not registered on the medium. It has a function to limit the drives that can access the media by performing controls that cannot be performed.

The user identification information is an identifier for identifying a user, such as a user name or a user ID.

The group information is, for example, Windows
The access right is the name / ID of the same group as used in wsNT (registered trademark).

The hard key means a printer port or USB
It is a device that can be connected to, for example, a memory, and a password is required to read data in the memory.

In general, it is used for copy protection (prevention of unauthorized copying of software) or for storing an encryption key for encrypting / decrypting a file on a hard disk.

[0059]

Embodiments of the present invention will be described below with reference to the drawings.

First, an outline of an off-line sharing security system using a removable medium according to the present invention will be described.

FIG. 2 is a conceptual diagram showing a hardware configuration for realizing an off-line shared security system using removable media applied as an embodiment according to the present invention.

That is, as shown in FIG. 2, an M having an authentication code 21 such as a password recorded in a specific portion is used.
A removable medium drive 23 to which a portable recording medium (removable medium) 22 such as O is mounted has a firmware with an authentication function.

From the personal computer (hereinafter referred to as host PC) 24 on the host terminal side connected to the removable media drive 23, the application program, the authentication processing driver software, and the tamper-resistant memory driver software are started to activate the password and the like. When the authentication code is sent to the removable media drive 23, the verification is performed by the firmware with the authentication function of the removable media drive 23.

Only when the authentication codes such as the passwords match as a result of the comparison, the firmware with the authentication function of the removable media drive 23 releases the lock and permits the host PC 24 to access the removable media drive 23. I am trying to do it.

In this case, a memory device 25 in which an authentication code such as a password to be sent to the removable media drive 23 is recorded with tamper resistance on the host PC 24 side is detachably used. This is a feature of the present invention.

In place of the memory device 25, if the secret information can be logically protected, the host PC 2
4, you can use the internal hard disk, but then
The utility of the offline function aimed at by the present invention is reduced.

As an example of the memory device 25, a tamper-resistant memory (PCM-CIA type, USB type, Printer Po
rt type, IC card, contactless IC card, mobile phone, etc.)
Should be fine.

In order to access the information in the memory inside the host PC 24 by the tamper-resistant memory driver software, access control such as a password is performed, and the password / passphrase is controlled by the tamper-resistant memory or the tamper-resistant memory. The information on the memory can be read by inputting the information to the system that performs the processing.

Next, an embodiment of the present invention based on the above outline will be described.

(First Embodiment) FIG. 7A shows a portable recording medium with security function 22 in which the authentication information code 22b is recorded in a security area 22a.
And the user who transmits the secret information code on the host PC 24 side.

In this case, as described above, the host PC 2
A memory device 25 in which an authentication code such as a password is recorded with a tamper resistance as a secret information code to be sent to the removable media drive 23 is detachably attached to the four sides. It is assumed that this is carried by the user.

FIG. 7B shows the form of account management (user management) in the relationship as shown in FIG. 7A.

That is, when one medium is shared by a plurality of users (when one secret information code is shared)
The registration of the password as the authentication information code is permitted by passing the tamper-resistant memory device 25 to the user.

Further, the change of the password as the authentication information code is permitted by updating the contents of the tamper-resistant memory device 25, and the deletion is permitted by taking up the tamper-resistant memory device 25 from the user.

That is, the first embodiment is characterized in that the authentication code on the recording medium 22, that is, the password is stored in a hard key composed of the tamper-resistant memory device 25 and is hidden from the user.

As a result, account management, in particular, processing of deleting an important account can be realized by picking up a physical key (hard key), and it is necessary for the user to memorize a password or take a memo. There is no need to worry about the security degradation due to the fact that the user uses a simple password as a password.

(Second Embodiment) FIG. 8 shows, as a second embodiment of the present invention, a portable recording medium 22 with a security function in which the authentication information code 22b is recorded in a security area 22a. The relationship with the user who transmits the secret information code on the host PC 24 side is shown.

In this case, as described above, the host PC 2
For the four sides, a user 1 authentication code such as a password for sending to the removable media drive 23, a user 2 authentication code,... 25a1, 25a2... And secret information codes 25a2, 25b2. A plurality of recorded memory devices 25-1 and 25-2
5-2... Are removable.
.. Are carried by a plurality of users.

Then, a plurality of memory devices 25-1,
In order to read out each user 1 authentication code, user 2 authentication code,... 25a1, 25a2... In 25-2, the user tamper-resistant memory or a system controlling the tamper-resistant memory, It is necessary to input and collate each.

Further, a plurality of memory devices 25-1 and 25-2
Each secret information code 25a2, 25b2 in 5-2 ...
, It is necessary to input a user authentication code to the tamper-resistant memory or to a system for controlling the tamper-resistant memory, and to perform collation.

In the first embodiment described above, the memory device 25 as a hard key can be used as it is by inserting it into the host PC 24. On the other hand, in the second embodiment, the user authentication code is used as the user authentication code. This type cannot be used unless the password is input to the host PC 24.

The password entered by the user at this time is a password for using the memory device 25 as a hard key, and is not a medium.

With this function, it is safe even if someone steals the memory device 25 as a hard key.

That is, in the second embodiment of the present invention, a user authentication code (password) can be set for each user in the memory device 25 as a tamper-resistant memory. It is safe even if a third party steals the memory device 25 of FIG.

(Third Embodiment) FIG. 9 shows a portable recording medium 22 with a security function in which the authentication information code 22b is recorded in a security area 22a as a third embodiment of the present invention. The relationship with the user who transmits the secret information code on the host PC 24 side is shown.

In this case, as described above, the host PC 2
., 25a1, 25a2, and secret information codes 25a2, 25b2,..., And user 1I.
D, a plurality of memory devices 25- in which user 2 IDs 25c1, 25c2... Are recorded with tamper resistance.
Are detachable, and the memory devices 25-1, 25-2,... Are carried by a plurality of users.

Further, the user ID can be used by the application on the host PC 24 side.

Then, a plurality of memory devices 25-1,
In order to read out each user 1 authentication code, user 2 authentication code,... 25a1, 25a2... In 25-2, the user tamper-resistant memory or a system controlling the tamper-resistant memory, It is necessary to input and collate each.

Further, a plurality of memory devices 25-1 and 25-2
Each secret information code 25a2, 25b2 in 5-2 ...
, It is necessary to input a user authentication code to the tamper-resistant memory or to a system for controlling the tamper-resistant memory, and to perform collation.

The first embodiment described above is of a type that can be used as it is if the memory device 25 as a hard key is inserted into the host PC 24. On the other hand, the third embodiment is of the second embodiment described above. A password as a user authentication code is stored in the host PC 24 as in the embodiment.
It is a type that can not be used unless you enter it in.

The password entered by the user at this time is a password for using the memory device 25 as a hard key, and is not a medium.

With this function, it is safe even if someone steals the memory device 25 as a hard key.

That is, the third embodiment of the present invention is as follows.
As in the above-described second embodiment, since a user authentication code (password) can be set for each user in the memory device 25 as a tamper-resistant memory, the memory device 25 as a key (hard key) should be used. Is safe if stolen by a third party.

In addition, in the above-described second embodiment, only the password as the user authentication code is registered in the memory device 25 as the hard key.
In the third embodiment, a user identifier (ID, registered name, etc.) is also stored together.

Thus, the application of the host PC 24 records and knows who uses the system.

[0096] By using this method, user management can be realized in a completely offline environment.

The reason for this is that access control and information are realized by a drive and a medium, and user management is performed by the memory device 25 as a hard key, so that a main part of the system is separated from a PC or a server. This is because the system configuration is as follows.

Also, the same account and access control management as the management by the network server can be realized on a PC terminal that is not connected to a plurality of networks by the SOHO or the like as the host PC 24.

(Fourth Embodiment) FIG. 10 shows a fourth embodiment of the present invention, wherein the authentication information code 22b is a personal authentication information code 22b1, a group 1 authentication information code 22b2, and a group 2 authentication information code. Authentication information code 22
b3... are recorded in the security area 22a, respectively.
, And the user who transmits the secret information code on the host PC 24 side.

In this case, as described above, the host PC 2
The user authentication code 2 such as a password to be sent to the removable media drive 23 for each of the four sides.
5a, personal secret information code 25b, and user ID
In addition to the memory device 25c, a memory device 25 in which a group 1 secret authentication code 25d and a group 2 secret authentication code 25e are recorded with tamper resistance is made detachable, and this memory device 25 can be used by a plurality of users. It is assumed that it is carried.

Further, the user ID can be used by the application on the host PC 24 side.

Then, in order to read the user authentication code 25a in the memory device 25, it is necessary to input the user authentication code to the tamper-resistant memory or the system controlling the tamper-resistant memory and to collate them. Becomes

In order to read the personal secret information code 25c and the group secret authentication codes 25d, 25e2,... In the memory device 25, the personal tamper-resistant memory or the system for controlling the tamper-resistant memory must be provided to the personal memory. It is necessary to input and input a secret information code or a secret authentication code for each group.

The first embodiment described above is of a type that can be used as it is if the memory device 25 as a hard key is inserted into the host PC 24. On the other hand, the fourth embodiment is of the second embodiment described above. Embodiment and 3rd
As in the case of the first embodiment, the password cannot be used unless a password as a user authentication code is input to the host PC 24.

Note that the password input by the user at this time is a password for using the memory device 25 as a hard key, and is not a medium.

With this function, it is safe even if someone steals the memory device 25 as a hard key.

That is, the fourth embodiment of the present invention is as follows.
As in the above-described second and third embodiments, a user authentication code (password) can be set for each user in the memory device 25 as a tamper-resistant memory. It is safe even if a third party steals the memory device 25 as a key).

In addition, in the above-described second embodiment, only the password as the user authentication code is registered in the memory device 25 as the hard key.
In the fourth embodiment, similarly to the above-described third embodiment, a user identifier (ID, registered name, etc.) is also stored together.

As a result, the application of the host PC 24 records and knows who uses the system.

By using this method, user management can be realized in a completely offline environment.

The reason for this is that access control and information are realized by a drive and a medium, and user management is performed by the memory device 25 as a hard key, so that a main part of the system is separated from a PC or a server. This is because the system configuration is as follows.

Also, the same account and access control management as the management by the network server can be realized on a PC terminal that is not connected to a plurality of networks by the SOHO or the like as the host PC 24.

In addition, in this embodiment, a plurality of authentication codes such as a personal authentication code and a group authentication code (neither of which is known to the user) are registered in the memory device 25 as one hard key. Thus, the feature is that the user can use the media under various access conditions.

That is, as shown in FIG. 10, various types of account control can be set for each recording medium, such as a recording medium used by an individual or a recording medium shared by a specific group. In this case, only the user authentication code is stored by the user, and the state of access control can be set for each medium.

(Fifth Embodiment) FIG. 11 shows a fifth embodiment of the present invention in which a full-access secret authentication code 22b10 and a read-only access secret authentication code 22b11 are recorded in a security area 22a. In this case, a portable recording medium 22 with a security function is used.

Then, the full access secret authentication code 2
When 2b10 is input from the host PC 24 (not shown), read / write access to the portable recording medium 22 is permitted to the host PC 24.

When the read only access secret authentication code is input from the host PC 24 (not shown), the host PC 24 is permitted to access only the portable recording medium 22 for reading.

That is, in this embodiment, both the password for full access to the portable recording medium 22 and the password for read-only can be set, so that full access and read-only It is characterized by supporting two types of access.

(Sixth Embodiment) FIG. 12 shows a sixth embodiment of the present invention, in which the authentication information code 22b includes a group 1 authentication information code 22b2 and a group 2 authentication information code 22b3. The relationship between the portable recording medium with security function 22 recorded in the security area 22a and the user who transmits the secret information code on the host PC 24 side is shown.

In this case, as described above, the host PC 2
The user authentication code 2 such as a password to be sent to the removable media drive 23 for each of the four sides.
5a, personal secret information code 25b and user ID 25
c, the memory device 25 in which the group 1 secret authentication code 25d and the group 2 secret authentication code 25e are recorded with tamper resistance is detachable.
It is assumed that the memory device 25 is carried by each of a plurality of user groups.

Further, the user ID can be used by the application on the host PC 24 side.

Then, in order to read the user authentication code 25a in the memory device 25, it is necessary to input the user authentication code to the tamper-resistant memory or the system controlling the tamper-resistant memory, and to collate them. Becomes

In order to read the group secret authentication codes 25d, 25e2,... In the memory device 25, the respective group secret authentication codes are input to the tamper-resistant memory or the system for controlling the tamper-resistant memory. Must be collated.

The first embodiment described above is of a type that can be used as it is if the memory device 25 as a hard key is inserted into the host PC 24. On the other hand, the sixth embodiment is the second embodiment described above. As in the fourth to fourth embodiments, this type cannot be used unless a password as a user authentication code is input to the host PC 24.

Note that the password input by the user at this time is a password for using the memory device 25 as a hard key, and is not a medium.

With this function, it is safe even if someone steals the memory device 25 as a hard key.

That is, the sixth embodiment of the present invention provides:
As in the above-described second to fourth embodiments, a user authentication code (password) can be set for each user in the memory device 25 as a tamper-resistant memory. It is safe even if the memory device 25 is stolen by a third party.

In addition, in the above-described second embodiment, only the password as the user authentication code is registered in the memory device 25 as the hard key.
In the sixth embodiment, similarly to the third and fourth embodiments described above, a user identifier (ID, registered name, etc.) is also stored together.

Thus, the application of the host PC 24 records and knows who uses the system.

By using this method, user management can be realized in a completely offline environment.

The reason for this is that access control and information are realized by a drive and a medium, and user management is performed by the memory device 25 as a hard key, thereby separating a main part of the system from a PC or a server. This is because the system configuration is as follows.

Also, the same account and access control management as the management by the network server can be realized on a PC terminal which is not connected to a plurality of networks by the SOHO or the like as the host PC 24.

In addition, in the present embodiment, by registering a plurality of authentication codes such as a group authentication code (none of which is known to the user) on the memory device 25 as one hard key, Under various access conditions, a user can use media so that a user belonging to group 1 can have full access and a user belonging to group 2 can access only read. Things.

That is, when the access control of the drive supports the access of the read-only password, the owner has full access to the file as executed on the workstation or the like. Group members can perform access control that allows only browsing.

As shown in FIG. 12, various account controls can be set for each recording medium, such as a recording medium shared by a specific group. Stores only the user authentication code, the state of access control can be set for each medium, and the type of full access and read-only access can be set for each group.

(Seventh Embodiment) FIG. 13 shows a method of automatically selecting an authentication code at the time of authentication according to a seventh embodiment of the present invention (part 1).
2b, the group X authentication information code 22b2 and the group information 22b3 are stored in the security area 22 respectively.
a portable recording medium 22 with a security function recorded in a (recording medium shared by group 2 in this example)
And the user who transmits the secret information code on the host PC 24 side.

In this case, as described above, the host PC 2
The user authentication code 2 such as a password to be sent to the removable media drive 23 for each of the four sides.
5a, personal secret information code 25b and user ID 25
c, the memory device 25 in which the group 1 secret authentication code 25d and the group 2 secret authentication code 25e are recorded with tamper resistance is detachable.
It is assumed that the memory device 25 is carried by each of a plurality of user groups.

In the host PC 24, a user ID can be used by an application.

Then, in order to read the user authentication code 25a in the memory device 25, it is necessary to input the user authentication code to the tamper-resistant memory or the system controlling the tamper-resistant memory and to collate the user authentication code. Becomes

In order to read each group secret authentication code 25d, 25e2,... In the memory device 25, each group secret authentication code is input to the tamper-resistant memory or the system for controlling the tamper-resistant memory. Must be collated.

The above-described first embodiment is of a type that can be used as it is if the memory device 25 as a hard key is inserted into the host PC 24. On the other hand, the sixth embodiment is different from the above-described second embodiment. As in the fourth to fourth embodiments, this type cannot be used unless a password as a user authentication code is input to the host PC 24.

The password input by the user at this time is a password for using the memory device 25 as a hard key, and is not a medium.

With this function, it is safe even if someone steals the memory device 25 as a hard key.

That is, the seventh embodiment of the present invention provides
As in the above-described second to fourth embodiments, a user authentication code (password) can be set for each user in the memory device 25 as a tamper-resistant memory. It is safe even if the memory device 25 is stolen by a third party.

In addition, in the above-described second embodiment, only the password as the user authentication code is registered in the memory device 25 as the hard key.
In the seventh embodiment, similarly to the third and fourth embodiments described above, a user identifier (ID, registered name, etc.) is stored together.

Thus, the application side of the host PC 24 records and knows who uses the system.

By using this method, user management can be realized in a completely offline environment.

The reason for this is that the access control and the information are realized by the drive and the medium, and the user management is performed by the memory device 25 as a hard key, so that the main part of the system is separated from the PC or the server. This is because the system configuration is as follows.

Also, the same account and access control management as the management by the network server can be realized on a PC terminal that is not connected to a plurality of networks by the SOHO or the like as the host PC 24.

In addition, in the present embodiment, by registering a plurality of authentication codes such as a group authentication code (none of which is known to the user) on the memory device 25 as one hard key, On the host PC 24 side,
It is characterized in that the group information is read out from the portable recording medium 22 in advance and the authentication code to be used in the memory device 25 is automatically selected.

That is, this system (software)
Manages user IDs and their belonging groups on the host PC 24 side. For example, as shown in FIG.
..) And their belonging groups (A, B, C, D,...) In a predetermined association with each other on the system side.

When there are a plurality of passwords in the tamper-resistant memory (25), it is not clear which password should be input to the drive, so a trial and error is required. By recording user information, group information, and the like, and recording the information of the group to which the user belongs on the host PC 24, it is possible to determine which authentication code of the tamper-resistant memory 25 should be used. .

When the user has a plurality of access statuses (the user can select either full access or read only mode, such as when entering with the user's own account or when entering with the group A account), GU
It is also possible to provide a means for selecting the way of entry with I.

(Eighth Embodiment) FIG. 14 shows a method of automatically selecting an authentication code at the time of authentication according to an eighth embodiment of the present invention (part 2).
2b, the group X authentication information code 22b2 and the group information (ID) 22b3 are recorded in the security area 22a, respectively, and the portable recording medium with security function 22 (in this example, the recording medium shared by the group 2). Shows the relationship with the user who transmits the secret information code on the host PC 24 side.

In this case, as described above, the host PC 2
The user authentication code 2 such as a password to be sent to the removable media drive 23 for each of the four sides.
5a, personal secret information code 25b and user ID 25
c, a group 1 secret authentication code 25d, a group 2 secret authentication code 25e, and a group 1 ID 25.
f, the memory device 25 in which the ID 25g of the group 2 is recorded with tamper resistance is detachable,
It is assumed that the memory device 25 is carried by each of a plurality of user groups.

In the host PC 24, the user ID and the IDs of the groups 1 and 2 can be used by the application.

The other points are the same as those of the above-described seventh embodiment.

FIG. 14 shows a higher-level configuration of FIG. 13. By recording an identifier relating to a group in the memory device 25 as a tamper-resistant memory,
Since there is no need to record special information on the host PC 24, the information can be used by a plurality of offline terminals.

(Ninth Embodiment) FIG. 15A shows
According to a ninth embodiment of the present invention, an off-line using a removable medium which is applied as a countermeasure when the storage capacity of the tamper-resistant memory according to the eighth embodiment is small and group management information or the like cannot be accommodated. FIG. 2 is a conceptual diagram illustrating a hardware configuration for implementing a shared security system.

In FIG. 15A, in the conceptual diagram showing the hardware configuration shown in FIG. 2, the storage capacity of the tamper resistant memory (25) is small, and
The difference is that another recording medium 25-2 (built-in is also possible) such as FD or HD for encrypting and storing group management information that cannot be accommodated is used.

That is, as shown in FIG. 15B, as the tamper-resistant memory (25) having a large storage capacity, as shown in FIG. In addition to the user authentication code 25a such as a password to be sent to 23, the personal secret information code 25b, and the user ID 25c, the group 1 secret authentication code 25d, the group 2 secret authentication code 25e, the group 1 ID 25f, and the group 2 ID 25g. It is assumed that a memory device 25 recorded with tamper resistance is detachable, and this memory device 25 is carried by a plurality of user groups.

However, in the case of the tamper-resistant memory (25) having a small storage capacity as shown in FIG. 15C, the user authentication code 25a, the user ID 25c, the encryption key 25h, and the decryption key 25i Only the memory device 25-1 recorded with tamper resistance is used, and the personal secret information code 25b, the group 1 secret authentication code 25d, the group 2 secret authentication code 25e, and the group 1 The ID 25f of the group 2 and the ID 25g of the group 2 are encrypted with the encryption key 25h and stored in another storage medium 25-2 (built-in is also possible) such as FD or HD.

That is, when the storage capacity of the tamper-resistant memory is too small to store group management information or the like, the system performs all the following processing and hides all data from the user.

Memory device 2 as tamper-resistant memory
After inputting a code for user authentication in 5-1 to enable use of the tamper-resistant memory, the encryption key 2 in the tamper-resistant memory is used.
5f, and then another recording medium 2 such as FD or HD
The information that has not been able to be stored, which has been encrypted and stored in step 5-2, is extracted and decrypted using the decryption key 25i.

The subsequent processing is the same as in the above-described eighth embodiment.

According to the ninth embodiment, an encryption key is stored in a tamper-resistant memory as a means when the storage capacity of the tamper-resistant memory (25) is small and the above-mentioned information cannot be stored. FD is encrypted by encrypting the information of the authentication code.
PC 2 via another recording medium 25-20 such as a PC or HD
Store securely on 4

At the time of authentication, a system is used in which the system is combined and used (encrypted immediately after use).

The encryption key may be either a shared key system or a public key system, but there is no particular reason to use the latter.

In some cases, the public key method has no merit because the key data is large and the calculation is difficult.

(Tenth Embodiment) FIG. 16 is a diagram showing a configuration for preventing a plurality of files from being tampered as a tenth embodiment of the present invention.

As shown in FIG. 16, by combining the data of all the files 1, 2,... N into one, and obtaining one electronic signature A from the entire collected data, the data of all the files 1, 2,. Even if any one of them is lost or replaced, it can be detected.

However, if any one file is updated, the calculation of the electronic signature must be performed again from the beginning, which is inefficient.

(Eleventh Embodiment) FIG. 17 is a diagram showing a configuration for preventing tampering of a plurality of files as an eleventh embodiment of the present invention.

This eleventh embodiment is different from the first embodiment described above.
0, as in the embodiment of FIG.
Of the files 1, 2,... N, as shown in FIG.
.. N are calculated, and then the digital signatures 1, 2,... N are collected into one, and one digital signature A is created from the set of the digital signatures.

As an effect of the eleventh embodiment, first, even if one of the files is updated, the calculation of the electronic signature is performed for the updated file and the set of electronic signatures. The amount of calculation is much smaller than in the case of FIG.

Then, from the electronic signature A of the set of the electronic signatures 1, 2,..., N, it is possible to detect the falsification including the illegal replacement of the file for the entire file set, and further, the falsification for the whole. Is detected, it is possible to detect which file has been tampered with,
Tampering detection becomes possible in two stages.

(Twelfth Embodiment) FIG. 18 shows a hardware configuration of an off-line sharing security system using a removable medium incorporating the configuration of ensuring evidentiality and anti-computer virus as a twelfth embodiment of the present invention. The outline is shown.

Basically, the configuration is almost the same as that shown in FIG. 2. The difference is that in FIG. 18, a dedicated file management module (file management control unit) and a business processing module exist on the host PC 24. is there.

The present configuration is characterized in that, in addition to the functions that can be realized by the configurations of FIGS. 2, 5 to 17, access to a removable medium can be performed only through this file management module.

The firmware with the authentication function and the portable medium are as follows.

An authentication code (password) can be recorded in an area (security area) inaccessible from the OS of the host terminal on the portable medium, and the access from the host is restricted unless the authentication code is received from the host terminal. Has functions.

There are the following two types of authentication codes.

(1) An authentication code for permitting full access to a file on a medium (normal area).

(2) An authentication code that permits only read access to a file on a medium (normal area).

(Thirteenth Embodiment) FIG. 19 shows a function module of an off-line shared security system using a removable medium incorporating a configuration of anti-virus and anti-computer virus as a thirteenth embodiment of the present invention. It is a block diagram which shows a structure (basic type).

In FIG. 19, reference numeral 200 denotes a host terminal, 204 denotes a display unit, 202 denotes a GUI processing unit, 203
Denotes an input device unit, 201 application processing unit, 1
00 is a portable recording medium drive, A is a file management controller, 300 is a memory driver, 101 is a module with authentication processing (firmware), 221 is a driver,
102 is a portable recording medium on which authentication information is recorded, 301
Denotes a memory device, and 302 denotes a memory device unit.

FIG. 20 is a block diagram showing a configuration example of the file management control unit of FIG.

In FIG. 20, reference numeral 201 denotes the application processing unit, 300 denotes the memory driver unit, A4 denotes a file access control unit, A2 denotes a user authentication processing unit, A3 denotes a drive authentication processing unit, and A denotes the file management control unit. A5, an attribute data creation unit, A6 a digital signature creation / verification unit, A7 a file access history creation unit, A
8 is an encryption / decryption processing unit, A9 is a recording medium information acquisition unit, A10 is a certified file acquisition unit, A11 is a backup creation unit, A12 is a log management unit, A13 is a recording medium initialization setting / processing unit, 221 is The driver unit.

(Fourteenth Embodiment) FIG. 21 is a functional module of an off-line shared security system using a removable medium incorporating a configuration of anti-virus and computer virus protection according to a fourteenth embodiment of the present invention. FIG. 3 is a block diagram showing a configuration (with a program monitoring function).

In FIG. 21, reference numeral 200 denotes a host terminal, 204 denotes a display unit, 202 denotes a GUI processing unit, 203
Denotes an input device unit, 201 denotes an application processing unit,
300 is a memory (device) driver unit, 301 is a memory device, 302 is a memory device unit, A is a file management control unit, 100 is a portable recording medium drive, 101
Is a module with authentication processing (firmware), 221
Denotes a driver unit, 102 denotes a portable recording medium on which authentication information is recorded, and B denotes a module monitoring unit.

The purpose of this module monitoring unit is to confirm whether at least the secure file management unit has been tampered with by any malicious means when starting up the module of the secure file management unit or when accessing the tamper-resistant memory. It is in.

For example, in order for a cracker to obtain confidential information in the tamper-resistant memory, the information in the tamper-resistant memory is protected from a threat such as a module of the secure file management unit.

At the same time, the module itself of the secure file management unit can be protected, and the authentication driver unit and the data access driver unit can be protected in the same manner.

FIG. 22 is a block diagram showing a configuration example of the module monitoring unit B of FIG.

In FIG. 22, reference numeral 300 denotes the memory (device) driver unit, B denotes a module monitoring unit,
B1 is a module management processing section, B2 is a module falsification detection code acquisition section, B3 is a falsification verification section, B5 is a module scramble / decode processing section, B4 is a tamper-resistant memory lock section, and a module monitoring section B is an OS kernel. Run in mode.

The module monitoring unit B has the following mounting patterns.

(1) It is incorporated in the execution module of the tamper-resistant memory driver.

(2) Operate in the kernel mode (inside the OS), constantly monitor access to the tamper-resistant memory, and execute a predetermined operation / process when an access is made.

In the program, this module is managed by the OS as a process completely independent of the application program (assuming a multitask OS).

There are the following two places and methods for storing the falsification detection code.

(1) Save in a tamper-resistant memory.

(2) Encrypt with the encryption key stored in the tamper-resistant memory and save it on the HD of the host terminal.

The above encryption can be performed by both a shared key method and a public key method.

(Fifteenth Embodiment) FIG. 23 shows a function module of an off-line shared security system using a removable medium incorporating a structure of ensuring evidentiality and anti-computer virus as a fifteenth embodiment of the present invention. It is a block diagram which shows a structure (with an exclusive control function).

In FIG. 23, reference numeral 200 denotes a host terminal, 204 denotes a display unit, 202 denotes a GUI processing unit, 203
Denotes an input device unit, 201 denotes an application processing unit,
Reference numeral 300 denotes a memory (device) driver unit, 303 denotes a tamper-resistant memory, 304 denotes a tamper-resistant memory unit, A denotes a file management control unit, 100 denotes a portable recording medium drive, C denotes an exclusive control unit (H), and D denotes exclusive control. Units (D) and 101 are modules (firmware) with an authentication process, 221 is a driver unit, 102 is a portable recording medium on which authentication information is recorded, and B is a module monitoring unit.

The exclusive control unit (H) of C and the exclusive control unit (D) of D prevent the exposure to the portable recording medium without passing through the secure file management unit after the authentication with the drive is completed. It is an object.

FIG. 24 shows the exclusive control unit (H) of FIG.
FIG. 3 is a block diagram illustrating a configuration example of an exclusive control unit (D) of FIG.

In FIG. 24, reference numeral D denotes an exclusive control unit (D) (firmware), D3 denotes a lock processing unit, and D2 denotes a lock processing unit.
Is an exclusive control code collating unit, D1 is an exclusive control code acquisition unit, C is an exclusive control unit (H), C1 is an exclusive control code holding unit, 101 is a module with authentication processing (firmware), 221 is a driver unit, A is a file management control unit.

When a drive is accessed, a specific code (exclusive control code) is used in addition to the command.
Is a function that makes it inaccessible if you do not send it together.

Unless a code (exclusive control code) known only to the process (when viewed from the OS) including the secure file management unit is sent together with the command,
The drive firmware does not access the recording medium at all.

With this function, only the program of the process including the secure file management unit can access the drive.

FIG. 25 shows the exclusive control unit (H) of FIG.
FIG. 13 is a block diagram showing another example of the configuration.

In FIG. 25, reference numeral C denotes an exclusive control unit (H), C13 denotes an access exclusion unit, C12 denotes a process monitoring unit, C11 denotes a process ID acquisition unit, A denotes a file management control unit, and C13 denotes an access exclusion unit. The unit, the process monitoring unit of C12, and the process ID obtaining unit of C11 are connected to the OS.

This module is executed in the kernel mode, and only accesses through the secure file management unit.
Provide a function to open the port of the portable recording medium drive.

Next, the present invention described in the above embodiment will be described by being classified into a large classification, a middle classification, and a small classification.

First, there are (1) a system that can perform security access control even when offline using removable media. (2) File management that can not be illegally performed by the user himself and data is not destroyed even by a computer virus. There is a system realized by using the system.

Next, (1) the middle classification is as follows: (1-1) The drive firmware has an authentication function (access control is possible with the drive) <There is also a method such as using a dedicated file system. This method (GI
GAMO method and its similarity). (1-2) The drive and the PC can perform authentication processing for each user's access right.

(1-3) The authentication information can be carried around with 1-2.

(1-4) Generating information for media authentication in a form hidden from the user.

(1-5) A method for setting secret information at the time of system setup.

There is a

Next, as the middle category of (2), (2-1) Programs that can access the tribe are limited.

(2-2) Regarding file control, backup, speeding up of electronic signature, history management, (2-3) media management, jukebox, program tampering check function, service driver.

There is the following.

Next, the sub-classification (1-1) will be described.

(1-1-1) Characteristics of Drive Firmware When a medium is inserted, the drive determines what type of medium is in a predetermined area on the medium that cannot be accessed by a normal OS command. The identification information is checked, and if the medium requires authentication processing, access is not permitted unless the medium is authenticated.

(A) Authentication information (password) for performing access control authentication processing is recorded in a predetermined area on the medium which cannot be accessed by a normal OS command.

(B) To access the media,
It is necessary for the user to send this information (to be referred to as confidential information for distinction) to the drive so that the drive can be collated (this processing is always required when a medium is inserted).

(C) Two types of access levels can be set for authentication.

One is a full access right that allows both reading and writing, and the other is a read-only access right, which is distinguished by input authentication information.

(D) There is a drive limitation function. This function records a drive serial number in a predetermined area on a medium similar to the above, so that a drive with a serial number recorded on the medium can be used. This function can only be accessed.

(E) A medium initialized by this drive is assigned a completely unique medium ID for each medium, and is recorded on the medium.

(1-1-2) Media Authentication 1-1
The authentication information is obtained by performing challenge-response authentication, such as authentication using a smart IC card, instead of merely checking the password as in Example 1 or the result of processing the password with a one-way function or the like. And prevent leakage of confidential information.

For this purpose, (a) the drive firmware is equipped with a random number generation function and an encryption function, and the encryption key is the above-mentioned authentication information.

(B) The secret information storage unit on the PC side or the file management control unit also has a random number generation unit and an encryption processing unit.

(1-1-3) Wireless Reader Unit (Non-Contact IC)
The drive is equipped with a card, Bluetooth, IrDA, etc., and authentication is exchanged with a wireless memory device (contactless IC card, Bluetooth / IrDA memory device, mobile phone) (1-1-1, 1-1-).
2 available in both cases).

Next, the sub-classification (1-2) will be described.

(1-2-1) Secret information (this is the same information content as the authentication information on the medium) is separated from the user.

That is, the user can use this information, but cannot directly obtain the contents.

When the user attempts to access the medium, the file management control unit takes out the secret information from the secret information management unit on behalf of the user and sends it to the drive (user indirectly uses).

(1-2-2) Anyone who can use this system can use this system if it is left as 1-2-1. Therefore, a function for checking whether or not the user can use the secret information is required.

The secret information management unit or the file management control unit has this function.

Specifically, the secret information cannot be used unless the user inputs a password and the password is verified.

(1-2-3) A plurality of passwords for using the confidential information can be set together with a user identifier so that a plurality of users can use them (the user inputs a user name and a password). You just need to do it))).

(1-2-4) Both a read / write password and a read-only password can be set in the secret information, and the access is restricted by the user such that both read / write access and read only are possible. Can be

(1-2-5) The secret information storage section can store a plurality of pieces of secret information.

The user can use the secret information of the group to which the user belongs, in addition to the secret information exclusively used by the user.

To realize this function, information on the group to which the user belongs is recorded in the secret information storage section together with the user identification information.

Further, in addition to the identifiers of the users who can use the secret information, the identifiers of the groups that can use the secret information are also stored.

Next, the sub-category (1-3) will be described.

(1-3-1) The secret information storage section is realized by a memory device detachable from the PC body.

As this memory device, for example, I
C card, hard key, PCM-CIA card, FD.
SmartMedia and the like.

Thus, by carrying the memory device and the removable medium, file access control can be similarly performed on different PCs (however, a drive having the same function is required). In conventional systems, doing this was not usually possible off-line (such as the indirect method of specializing or encrypting a file system so that its contents could not be checked). Although access control was possible, access could not be restricted directly as in this example).

(1-3-2) Unless a password is input via software on a PC, the memory device
The internal information cannot be read.

(1-3-3) The memory device has an encryption processor.

(1-3-4) The memory device has secret information generating means.

(1-3-5) It has both functions of 1-3-2 and 1-3-3.

(1-3-6) Method of Creating Duplicate Key for Memory Device

(1-3-7) Duplicate key creation method in the case of 1-3-2.

(1-3-8) A duplicate key generation method in the case of 1-3-3.

(1-3-9) A method of performing media authentication through a memory device.

Next, the small classification (1-4) will be described.

(1-4-1) When the medium is initialized, the secret information stored in the memory device is obtained and passed to the file management control unit, and the authentication information of the medium is transferred from the file management control unit to the drive. Send as

The file management control section deletes the secret information from the working memory space when the processing for transmitting the secret information is completed.

Specifically, in the same way as the encryption library does, after using the data of the secret information in the program, the memory area where the data is buffered immediately is set to NULL value or the like. Fill and release.

(1-4-2) When the medium is initialized, when the secret information is obtained from the memory device, the information is encrypted in the memory device, passed to the file management control unit, and transferred from the file management control unit to the drive. Is sent as authentication information.

The data is decrypted in the drive and recorded on the medium as authentication information.

Thus, the authentication information can be set on the medium more safely (without leaking the authentication information to the user).

Next, the small classification (1-5) will be described.

(1-5-1) At system setup,
The confidential information is stored in the confidential information storage unit. At this time, the confidential information should not leak to the user (including the administrator).

As one of the methods, there is a method of automatically generating confidential information inside a memory device (when an internal processor is provided like an IC card).

(1-5-2) A predetermined processing (for example, encryption,
The information subjected to the hash function or the like is used as secret information and stored in the secret information storage unit.

(1-5-3) As described above, information obtained by performing predetermined processing (for example, encryption, hash function, etc.) on variations in the time interval (keystroke) for pressing the keyboard is used as secret information, and the secret information storage unit is used. To be stored.

(1-5-4) A signal from the mouse when the user moves the mouse appropriately is subjected to predetermined processing (for example,
The encrypted information is used as secret information and stored in the secret information storage unit.

(1-5-5) Information obtained by performing predetermined processing (for example, encryption, hash function, etc.) on information (sound frequency, etc.) related to sound input using a microphone is used as secret information. Store in secret information storage.

(1-5-6) Information obtained by performing predetermined processing (for example, encryption, hash function, etc.) on image data manually input by using a camera or a scanner is stored as secret information in a secret information storage unit. .

(1-5-7) Predetermined processing (for example, encryption, hash function, etc.) on information from the temperature sensor of the CPU
Is given as secret information and stored in the secret information storage unit.

(1-5-8) A random number generated by using the random number generation function in the drive is obtained, and information obtained by performing predetermined processing (for example, encryption, hash function, etc.) is used as secret information. Store in secret information storage.

(1-5-9) Information obtained by performing predetermined processing (for example, encryption, hash function, etc.) on information on the number of rotations of the medium in the drive per unit time at that time is used as secret information. Stored in the secret information storage unit.

(11-5-10) Information obtained by performing predetermined processing (for example, encryption, hash function, etc.) on the information on the current time of the timer in the PC is set as secret information and stored in the secret information storage unit.

(1-15-11) If there is a timer built in the memory device, a predetermined process (for example, encryption, hash function, etc.) is added to the information on the current time of the timer.
Is given as secret information and stored in the secret information storage unit.

(11-5-12) System information in PC (remaining HD, CPU occupancy, current number of tasks, current free space in memory space, cache hit rate, cache memory utilization rate, OS Boot time, number of files,
Window information, etc.), the data generated using at least one or more pieces of information is subjected to predetermined processing (for example, encryption, a hash function, or the like), and is stored as secret information in a secret information storage unit.

(1-15-13) 1-5-2 to 1-5
The secret information is obtained by subjecting data generated by using at least two pieces of information used in step 12 to predetermined processing (for example, encryption, hash function, etc.), and storing the secret information in a secret information storage unit.

(1-15-14) The information stored in the secret key storage unit is obtained by subjecting the information obtained in 1-5-1 to 1-5-13 to information obtained by performing a predetermined arithmetic processing such as XOR. The secret information is subjected to predetermined processing (for example, encryption, a hash function, etc.) and stored in the secret information storage unit.

Next, the small classification (2-1) will be described.

(2-1-1) In the file management control unit,
When writing data to the media, first, the drive performs authentication processing, and after writing the data, has a function to immediately send a command to initialize the authentication to the drive, while the drive side has the function that the media is authenticated. After that, when the authentication initialization command is sent, the media has a function of shifting to a state before the media is authenticated.

By providing this function, only the file management control unit that can handle the authentication information can access the above-mentioned medium (access from a general program, a file manager attached to the OS, or a file system provided by the OS). Can not.

Further, since writing is not possible, there is no possibility of being destroyed by a computer virus.

(2-1-2) After the authentication is completed, the drive generates a different code every time based on a predetermined operation, and sends it to the PC (file management controller).

When sending a command such as read / write, the file management control unit does not send this code together, or the drive will not be processed.

In this case, since only the file management control unit knows the code, it cannot be accessed from other programs.

By doing so, it is more efficient than performing authentication every time.

(2-1-3) Almost the same as 2-1-2, except that the code is updated every time a command is sent instead of every session (between once authentication is performed and media is removed). Update.

By doing so, the risk of the code being read illegally is lower than in the case of 2-1-2.

(2-1-4) The security system stores the process ID (multi-task OS) of the program execution module including the file management control unit when the execution module of the file management control unit starts up, When there is a program that attempts to access the drive from a source other than the above, an exclusive control unit is provided that causes the driver of the drive to perform error processing.

Next, the sub-category (2-2) will be described.

(2-2-1) The file management control unit is characterized in that the file management control unit has a function capable of setting to prohibit rewriting / erasing of a stored file.

Once this setting has been set, it cannot be changed again.

By doing so, for example, a data file which is legally required to be stored, such as an official document, can be stored with confidence.

(2-2-2) By providing a function capable of setting a storage period in 2-2-1, it becomes possible to delete a data file that has passed by the storage obligation agency.

(2-2-3) The file management control unit has an attribute assigning function of assigning an attribute for setting access control to a file.

[0302] The files to be recorded on the removable medium in order to record this attribute are managed together with another file called an attribute management file, and the attribute information is recorded in this attribute management file.

The attributes that can be set are: An attribute that prohibits rewriting and erasing of files, but permits appending and updating by version management (corresponding to the original in paper documents).

[0304] 2. You can delete files,
An attribute that does not allow appending or updating by version control (same as paper copy (copy)).

[0305] 3. Attributes that allow all processing (normal files).

[0306] 4. Attribute that allows deletion of files and prohibits rewriting of files, but permits appending and updating by version control (corresponds to documents before the retention obligation occurs).

[0307] In the case of a paper document, a mark remains on the correction, and the postscript / version management corresponds to this.

[0308] However, it may be discarded before the storage obligation occurs.

At least one of the four attributes can be set.

(2-2-4) Once the attribute for a file is set, it cannot be changed.

[0311] This makes it possible to mix files that cannot be falsified or deleted by the user and files that can be deleted.

(2-2-5) At least one of the attributes of (2-1), (2), (2), (4), and (4) in (2-2-4) can be changed.

2 → 1 (4) positions 2 as the backup of 1 (4). When the original file is lost when a failure occurs, the backup 2 is replaced by 1
The process returns to (4).

With this function, if important data is lost due to a failure, at the worst, it is possible to return to the state where the backup was created.

Further, it is guaranteed that the backup file has not been tampered with, including the user, since the backup was created.

Also, 4 → 1 is a process for preventing this file from being falsified by a person from a certain point in time in the same manner as the original paper.

By managing these attributes, an electronic file can be provided with evidentiality and can be safely stored and managed in the same manner as paper.

(2-2-6) The file management control unit performs a process in which, when a file is copied, the copy source is one of 1 and 4 of (2-2-3) and the copy destination is 2. .

The point is a function that can perform processing for creating a backup or a certified copy.

Since the attributes change even after copying, only one file having the attributes 1 and 4 always exists.

(2-2-7) The copy source of the file is 1 in the above (2-2-3), the copy destination is 2, and the falsification detection code (electronic signature) is added to the copy destination file, and the PC Functions that can be obtained by the side.

With this function, a file of a certified copy can be managed in a medium other than a removable medium.

[0323] Because a falsification detection code is attached, the file cannot be falsified because the falsification is detected.

[0324] Originally, the copy cannot be added or upgraded, so this is acceptable.

[0325] Further, since erasing is possible, it is sufficient to treat that the data has been deleted if tampered.

[0326] Therefore, the certified copy can be managed in a medium other than the removable medium.

Note that data serving as a key for obtaining a falsification detection code (for example, a secret key of a public key cryptosystem) is
Use what is securely stored in the secret information storage unit or the like (this is important, and the falsification detection code is created under these conditions).

(2-2-8) The file management control unit performs a process in which the copy source is one of 1, 2, and 4 of (2-2-3) and the copy destination is 3 when copying a file. .

In this case, since the copy destination is an ordinary file, it is arbitrarily falsified or deleted.

For convenience, this is the same as copying a paper document, and this function is provided for ease of use.

(2-2-9) The file management control unit combines the data in the user area on the removable medium into one file, obtains a falsification prevention code for the file, converts the file into one file, Has the ability to copy both files to

That is, this is a function of backing up each medium.

However, in order to prevent the backup file from being tampered with,
A falsification detection code is obtained similarly to the above-mentioned transcript, and managed together with a backup file.

(2-2-10) The file management control unit associates files in the user area on the removable medium with a plurality of related files collectively, and detects tampering with the entire data of the related files. And a function to copy the code on the host terminal.

When creating a backup, a falsification detection code is attached to a set of related files instead of attaching a falsification detection code for each file.

In this manner, if any one of the related files has been tampered with, including erasure, the contents can be detected.

(2-2-11) When assigning a falsification detection code to a plurality of related files, the file management control unit first obtains a falsification detection code for each of the files. And a function for obtaining one falsification detection code from the entire related file.

From the falsification detection code, falsification including unauthorized erasure and replacement of a file can be detected, and when falsification is detected, which file is detected from the falsification detection code group of the former. You can identify whether it has been tampered with.

(2-2-12) When assigning a tamper detection code to a plurality of related files, the file management control unit first obtains a tamper detection code for each of the files. And a function for obtaining one falsification detection code from the entire obtained falsification detection code.

In order to perform falsification detection, it is necessary to verify the falsification detection codes of all the related files every time. The conditions are as follows.

Although there are a plurality of related files, only a part of the files are updated (appended or upgraded).

In 2-2-11, if at least one file is updated, it is necessary to calculate a falsification detection code from all the files. In this case, only the falsification detection code of the updated file is obtained. After that, it is only necessary to obtain the falsification detection code from the entire falsification detection code of the related file that has been calculated previously (the data size of the falsification detection code is also small because this data amount is small).

(2-2-12-1) The file management control unit obtains a falsification detection code for each file in order to assign a falsification detection code to a plurality of related files. A falsification detection code calculation rule management function for managing information relating to the order of the files for which the falsification detection code is calculated, in association with the falsification detection code, when obtaining one falsification detection code from the entire file to be falsified. .

(2-2-12-2) The file management control unit obtains a falsification detection code for each file in order to assign a falsification detection code to a plurality of related files. When calculating one falsification detection code from the entire falsification detection code, a falsification detection code calculation rule management function that manages information on the order of the falsification detection code of the file for calculating the falsification detection code in association with the falsification detection code is provided. It is characterized by having.

(2-2-13) The file management control unit determines at least the date and time when the file was saved, the identification information of the user who saved the file, the date and time when the attribute of the file was changed, and the identification information of the user who changed the attribute of the file. One or more are recorded as histories, written in a file called a history management file, and the file, the attribute management file of the file, and the history management file are managed together.

(2-2-14) In the process of calculating the file tampering detection code, the three files are regarded as one file and the process is performed. In addition, four files for recording a falsification detection code (falsification detection code files) are collectively managed.

[0347] Copying and moving of a file are also performed together, but as described above, copying of a file involves a change in attributes.

This is a process for ensuring the uniqueness of the original data. By performing such management, the original and the copy can be distinguished in the same manner as paper, and the history of correction (that is, additional writing or version upgrade) can be performed. Remain, and falsification including the user himself can be prevented.

Next, the sub-category (2-3) will be described.

(2-3-1) When storing a file larger than the free space on a removable medium, the file management control unit divides the file, saves the first half of the file, and stores the file attribute. Describes that the file has been divided into a data file for managing the file, further separates another part into another file, and manages the media ID of the removable medium on which the separate file is to be recorded on the removable medium. Function to record in a data file
When recording the divided another file on another removable medium, the apparatus has a function of recording the identifier of the original removable medium also in a data file for managing the attribute of the another file.

(2-3-2) When the file management control unit receives a request from the user to read data that has been divided and stored in a plurality of media, the media of which media ID is inserted next Or when a user is instructed and a medium is inserted, a corresponding divided file is searched for, and the data is combined on the host PC and presented to the user.

(2-3-3) In the above processing, the media ID of the removable medium at the recording destination can be omitted.

[0353] This saves the trouble of checking the media ID of the second medium.

In this case, the recombining of the data in 2-3-2 is performed from the last divided data.

(2-3-4) The file division method is as follows:
A similar process is performed when a file is divided into three or more parts and recorded on three or more removable media.

(2-3-5) When the drive has a jukebox structure (a plurality of discs can be stored), the file management control unit manages the media ID information managed by the jukebox in association with the media ID. It has a function to do.

(2-3-6) When the drive has a jukebox structure (a plurality of sheets can be stored), 2-3-1.
The process of 2-3-2 is automatically performed by the file management control unit based on the correspondence information of 2-3-3-5.

(2-3-7) The security system detects that the file management control unit has not been tampered with before starting the file management control unit, and if tampered, stores the secret information. It has a program tampering check processing unit for locking the function of the unit (prevents an unauthorized attack on the medium by mixing an unauthorized program).

(2-3-8) The secret information storage unit is characterized by storing an execution module digest code extracted by a predetermined process from binary data of a program execution module of the file management control unit.

(2-3-9) The program tampering check processing unit executes a predetermined process from the binary data of the program execution module to extract a code, and then extracts the execution module digest from the secret information storage unit. The code is read, the code and the execution module digest are compared, and if they match, the file management control unit is normally started, and if they do not match, the function of the secret information storage unit is locked.

(2-3-10) When the security system attempts to access the medium from a program or module other than the file management control unit,
It is characterized by having a function of notifying the user that access is not possible (this prevents the user from mistaking the inability to access the media because the drive has been damaged).

[0362] In addition to the claims 1 to 15 described in the claims, the present specification shown in the above-described embodiments includes the inventions shown as the following additional notes 1 to. Have been.

(Supplementary note 1) The security system according to claim 2, wherein the memory device includes a random number generation processing unit for generating a random number and an encryption processing unit for performing encryption. , Secure user authentication using Challenge Response
C cards usually have this feature).

(Supplementary Note 2) The memory device has a function of transmitting internal information wirelessly (a non-contact IC card having a memory therein, a mobile phone, a BlueTooth /
3. The security system according to claim 2, wherein data in a memory is exchanged between an IrDA-equipped device and a wireless receiver mounted on a host terminal (PC) including the personal computer.

(Supplementary note 3) The security system according to claim 2, wherein the drive includes a wireless reader unit and exchanges information with the memory device according to supplementary note 2.

(Supplementary Note 4) The file management control unit:
It has a user authentication processing function unit and a reading function unit that performs user authentication using the user authentication processing function unit and reads out the secret information from the secret information storage unit only when the user is authenticated. Claim 1,
2. The security system according to Supplementary notes 1 to 3.

(Supplementary Note 5) The secret information storage unit has a function of locking access to an area storing the secret information when user authentication by the user authentication function unit is not successful. The security system according to any one of Claims 1 to 4, further comprising:

(Supplementary Note 6) The removable media includes at least one of authentication information for permitting read-only access, authentication information for permitting read / write access, and authentication information for permitting reference to only file information. 4. The storage device according to claim 1, wherein the authentication information is recorded, and the drive includes a drive access control function unit that performs access control corresponding to each access restriction permitted by the authentication information. 5. 5. The security system according to item 5.

(Supplementary Note 7) In the case where at least one piece of drive identification information is recorded on the removable medium, and the drive does not have its own identifier recorded in the drive information recorded on the removable medium, 7. The security system according to claim 1, further comprising a drive identification function unit that does not permit access.

(Supplementary Note 8) The security system according to supplementary notes 1 to 7, wherein the secret information storage unit has a function of storing a plurality of pieces of authentication secret information.

(Supplementary note 9) The security system according to supplementary notes 1 to 8, wherein the secret information storage section has a function of storing user identification information.

(Supplementary note 10) The security system according to Supplementary notes 1 to 9, wherein the secret information storage unit has a function of storing information of a group to which a user belongs.

(Supplementary Note 11) The secret information storage unit has a confidential copy processing function that can copy at least a part of information to another secret information storage unit without leaking the information to the outside. The security system according to Supplementary Notes 1 to 10 (so-called duplicate key creation).

(Supplementary Note 12) The secret copy processing function is such that the secret information storage unit has a scramble processing unit common to the secret information storage unit to which the information is copied, and a secret information storage unit where the information is copied. 13. The security system according to claim 11, wherein the security system is achieved by a decoding processing unit that decodes the scrambled data.

(Supplementary Note 13) The security system according to Supplementary Note 11, wherein the secret information storage unit has a function of directly exchanging information between the secret information storage units.

(Supplementary Note 14) The file management control unit has a function of destroying the secret information in the working memory space immediately after transmitting the secret information obtained from the secret information storage unit to the drive during the media authentication. 14. The security system according to claim 1, wherein the security system comprises:

(Supplementary Note 15) Immediately after transmitting the secret information acquired from the secret information storage unit to the drive at the time of the media initialization,
14. The security system according to claim 1, wherein the security system has a function of destroying the secret information in the working memory space.

(Supplementary Note 16) The file management control unit includes: a secret information generation function unit that generates the authentication secret information in a state in which the secret information is hidden from a user; and the secret information generation unit that generates the secret information by using the secret information generation function unit. The security system according to claim 1, further comprising a secret information storage function unit that stores information in the secret information storage unit.

(Supplementary Note 17) The supplementary note 16, wherein the secret information generation function unit generates a random number using data obtained by performing a predetermined operation on a character string appropriately input by a user using a keyboard. Security system.

(Supplementary Note 18) The secret information generation function unit uses data obtained by performing a predetermined operation on a keystroke (information of a time interval for key input) when a user appropriately inputs using a keyboard. 17. The security system according to claim 16, wherein a random number is generated.

(Supplementary Note 19) The secret information generation function unit generates a random number using data obtained by performing a predetermined operation on a signal from the mouse when the user appropriately moves the mouse. 16. The security system according to item 16,

(Supplementary Note 20) The supplementary note 16, wherein the secret information generation function unit generates a random number using data obtained by performing a predetermined operation on frequency data of a sound input using a microphone. Security system.

(Supplementary Note 21) The secret information generation function unit generates a random number using data obtained by performing a predetermined operation on image data input using a video input device such as a digital camera / scanner. The security system according to attachment 16, wherein

(Supplementary Note 22) The security system according to Supplementary Note 21, wherein the secret information generation function unit uses image input data obtained by photographing a black place with the video input device. Random numbers used).

(Supplementary note 23) The security system according to supplementary note 16, wherein the secret information generation function unit generates a random number using data obtained by performing a predetermined operation on information from a temperature sensor of the CPU.

(Supplementary note 24) The security system according to supplementary note 16, wherein the secret information generation function unit uses data obtained by performing a predetermined operation on a random number generated by using a random number generation function in the drive.

(Supplementary Note 25) The security according to Supplementary Note 16, wherein the secret information generation function unit generates a random number by using data obtained by performing a predetermined operation on information regarding the number of rotations of the medium in the drive. system.

(Supplementary Note 26) The security system according to Supplementary Note 16, wherein the secret information generation function unit generates a random number using data obtained by performing a predetermined operation on information on the current time of the PC.

(Supplementary Note 27) The secret information management unit has a device timer in the memory device, and the secret information generation function unit stores data obtained by performing a predetermined operation on information on the current time of the device timer. The security system according to claim 16, wherein the security system generates a random number by using the security system.

(Supplementary Note 28) The secret information generation function unit executes the system information (the remaining amount of the HD, the occupancy of the CPU, the current number of tasks, the free area of the memory space, the cache hit rate, and the cache memory use of the PC). 17. The security system according to claim 16, wherein a random number is generated using data obtained by performing a predetermined operation on at least one or more pieces of information such as a rate, an OS startup time, the number of files, and a window ID.

[0391] The security system according to Supplementary Note 16, wherein the secret information generation function unit generates a random number using data obtained by performing a predetermined operation on at least two or more pieces of information described in Supplementary Notes 16 to 28.

(Supplementary Note 30) The secret information generation function unit may be further configured to combine the data stored in the secret information storage unit and at least one or more pieces of information described in Supplementary Notes 16 to 28 into data obtained by a predetermined procedure. 17. The security system according to claim 16, wherein a random number is generated using the data on which the calculation has been performed.

(Supplementary Note 31) The secret information storage unit has a function of recording a plurality of pieces of user identification information and authentication information of each user in association with each other. The described security system (if it is troublesome to create a master key or create a key for each user individually, <the password is different for each user, so the same key can manage the access rights of multiple users>).

(Supplementary note 32) The security system according to supplementary note 31, wherein the secret information storage unit has a function of specifying which secret information for recording medium authentication can be used by each user.

(Supplementary Note 33) If a predetermined code is recorded in a predetermined area on a recording area that cannot be accessed by a normal OS command on the mounted medium, the drive performs authentication of the medium. 33. The security system according to claim 1, further comprising an authentication initialization function for initializing processing (a state immediately before authentication) by inputting a specific code from outside the drive. Correspondence).

(Supplementary Note 34) The file management control unit reads the authentication code for media authentication from the secret information storage unit at the time of the first media authentication after the media is mounted on the drive. A session authentication function for performing authentication using the (session key) authentication information generated by the file management control unit or generated by the drive, and the drive side also performs authentication using the session authentication information at the time of media authentication after the first time. 6. The security system according to claim 5, wherein the security system is more secure than using the same authentication information every time.

[0397] The security system according to attachment 34, wherein the session authentication information uses an authentication code updated in a predetermined process each time the file management control unit accesses the system. More secure because the authentication information is updated at the same time).

(Supplementary Note 35) The security system according to any one of Supplementary Notes 1 to 34, wherein the file management control unit has a function of prohibiting rewriting / erasing of the stored file.

(Supplementary Note 36) The file management control unit has a function of setting a period during which rewriting / erasing of a stored file is prohibited, and a function of prohibiting rewriting / erasing of a stored file during the period. 36. The security system according to claim 1, further comprising:

(Supplementary note 37) The file management control unit has an attribute assigning function of assigning an attribute for setting access control to a file.
36. The security system according to any one of supplementary notes 1 to 36.

(Supplementary Note 38) The attributes that can be set by the attribute assignment function are: 1. An attribute that prohibits rewriting and erasing of files, but permits appending and updating by version control. 2. Attributes that can delete files but do not allow rewriting, appending, or updating by version control. 3. attribute that allows all processing; 37. The security system according to attachment 37, wherein at least one of the following four attributes can be set: file rewriting is prohibited, but appending and updating by version management are permitted.

(Supplementary note 39) Supplementary note 38, wherein the attribute for the file cannot be changed once it is set.
The security system described.

(Supplementary note 40) The security system according to supplementary note 38, wherein a transition of at least one of attributes 2 to 1, 2 to 4, and 4 to 1 among the attributes 1 to 4 with respect to the file is permitted.

(Supplementary Note 41) The file management control unit performs processing in which a copy source is any of the attributes 1 and 4 and a copy destination is the attribute 2 when copying a file. 40. The security system according to forty.

(Supplementary Note 42) The secret information storage unit has a function of securely storing information for creating a tampering detection code, and the file management control unit
7. A function for creating a falsification detection code of the duplicated file by using the falsification detection code creation information when creating the file of the attribute 2. 41. The security system according to 41.

(Supplementary Note 43) The file management control unit performs a process in which a copy source is 1, 2, or 4 and a copy destination is 3 when copying a file.
43. The security system according to any one of claims 42 to 42.

(Supplementary Note 44) The security system according to the ninth aspect, wherein the designation of the removable medium ID of the recording destination can be omitted. Insert).

(Supplementary Note 45) The file dividing method is as follows:
47. The security system according to claim 9, further comprising a function of performing the same processing when dividing a file into three or more files and recording the files on three or more removable media.

(Supplementary Note 46) In the case where the file management control unit assigns the tamper detection code to a plurality of related files, first, the file management control unit obtains the tamper detection code for each of the files, and then further obtains the related 10. The security system according to claim 9, further comprising a function of obtaining one falsification detection code from the entire file to be modified.

(Supplementary Note 47) The file management control unit updates the date and time when the file was saved, the identification information of the user who saved the file, the date and time when the file was updated, and
Version upgrade), record at least one of the user's identification information, the date and time when the attribute of the file was changed, and the identification information of the user who changed the attribute of the file as a history,
10. The security system according to claim 9, wherein the security system has a function of writing to a file called a history management file and managing the file, an attribute management file of the file, and a history management file together.

(Supplementary Note 48) In the process of obtaining the falsification detection code for the file, the file management control unit performs the process by treating the three files as one file, so that the file management control unit performs the falsification in addition to the three files. In addition to managing four files that record detection codes (falsification detection code files). The security system described in Supplementary Note 47, characterized in that copying and moving of the file are also performed together.
As mentioned earlier, copying a file involves changing its attributes).

(Supplementary Note 49) In the case where the drive has a jukebox structure (a plurality of drives can be stored), the file management control unit has a function of managing the media in association with the media identification information managed by the jukebox and the media. 47. The security system according to attachment 47, wherein:

(Supplementary Note 50) In the case where the drive has a jukebox structure, the processing according to supplementary note 9 and claim 10 is
50. The security system according to supplementary note 49, wherein the file management control unit automatically performs the processing based on the correspondence information in supplementary note 49.

(Supplementary Note 51) The security according to Supplementary Note 49, wherein the secret information storage unit stores an execution module digest code extracted by predetermined processing from binary data of a program execution module of the file management control unit. system.

(Supplementary Note 52) The program tampering check processing unit executes the predetermined process from binary data of the program execution module to extract a code, and thereafter reads the execution module request from the secret information storage unit. The code and the execution module digest are compared, and if they match, the file management control unit is started normally, and if they do not match, the function of the secret information storage unit is locked. Security system.

(Supplementary Note 53) In order to assign a falsification detection code to a plurality of related files, the file management control unit obtains a falsification detection code for each of the files, 12. A falsification detection code calculation rule management function for managing information relating to the order of files for which the falsification detection codes are calculated when the two falsification detection codes are calculated, the falsification detection code calculation rule managing function being provided. Security system.

(Supplementary Note 54) In order to assign a falsification detection code to a plurality of related files, the file management control unit obtains a falsification detection code for each file, and further obtains the obtained falsification detection code as a whole. Having a falsification detection code calculation rule management function for managing information on the order of the falsification detection codes of the file for calculating the falsification detection code in association with the falsification detection code when calculating one falsification detection code from 13. The security system according to claim 12, wherein

[0418]

Therefore, as described above, according to the present invention, in a security system using a portable recording medium (removable medium), in particular, offline sharing using a simple, safe and effective removable medium A security system can be provided.

[Brief description of the drawings]

FIG. 1 is a conceptual diagram showing a conventional portable recording medium (removable medium) system with a security function.

FIG. 2 is a conceptual diagram showing a hardware configuration for realizing an offline sharing security system using a removable medium applied as an embodiment according to the present invention;

FIG. 3 is a conceptual diagram showing the structure of a conventional portable recording medium (removable medium) 12 with a security function.

FIG. 4 is a flowchart for explaining an authentication process performed by a firmware having an authentication function of a conventional removable media drive.

FIG. 5A shows the relationship between a conventional portable recording medium with a security function (removable medium) on which an authentication information code is recorded and a user who transmits a secret information code on the host PC side. FIG. 5B is a diagram showing a form of account management (user management) in the relationship as shown in FIG. 5A.

FIG. 6 (a) is a portable recording medium with a security function (removable medium) in which a conventional authentication information code is recorded as a user 1 authentication information code, a user 2 authentication information code... FIG. 6B is a diagram showing a relationship with a plurality of users who transmit the secret information 1 code, the secret information 2 code... On the host PC side, and FIG. FIG. 4 is a diagram showing a form of (user management).

FIG. 7A illustrates a portable recording medium with a security function in which an authentication information code is recorded in a security area according to a first embodiment of the present invention;
FIG. 7B is a diagram showing a relationship with a user who transmits a secret information code on the side, and FIG. 7B is a diagram showing a form of account management (user management) in the relationship as shown in FIG. is there.

FIG. 8 is a second embodiment of the present invention, in which the authentication information code is recorded in a security area on a portable recording medium with a security function, and a secret information code is transmitted on the host PC side. It is a figure showing the relation with a user.

FIG. 9 is a third embodiment of the present invention, in which a portable recording medium with a security function in which the authentication information code is recorded in a security area a and a secret information code are transmitted on the host PC side. FIG. 7 is a diagram showing a relationship with a user who performs the operation.

FIG. 10 shows a personal authentication information code as the authentication information code according to a fourth embodiment of the present invention;
FIG. 4 is a diagram showing a relationship between a plurality of portable recording media with security functions in which a group 1 authentication information code and a group 2 authentication information code are recorded in security areas, respectively, and a user who transmits a secret information code on the host PC side. It is.

FIG. 11 shows a portable recording medium with a security function in which a full-access secret authentication code and a read-only access secret authentication code are recorded in a security area as a fifth embodiment of the present invention. It is a figure showing a case.

FIG. 12 is a diagram showing a sixth embodiment of the present invention, in which a security function with group 1 authentication information code and group 2 authentication information code recorded in the security area as the authentication information is shown. FIG. 4 is a diagram illustrating a relationship between a portable recording medium and a user who transmits a secret information code on the host PC side.

FIG. 13 is a method for automatically selecting an authentication code at the time of authentication according to the seventh embodiment of the present invention (part 1).
The relationship between the authentication information code for group X, the portable recording medium with security function in which the information of the group is recorded in the security area, and the user who transmits the secret information code on the host PC side. FIG.

FIG. 14 is a method for automatically selecting an authentication code at the time of authentication according to the eighth embodiment of the present invention (part 2).
As the authentication information code, a group X authentication information code 22b2, a portable recording medium with security function in which group information (ID) is recorded in the security area 22a, and a secret information code are transmitted on the host PC side. FIG. 7 is a diagram showing a relationship with a user who performs the operation.

FIG. 15A illustrates a removable medium used as a method in a case where the storage capacity of a tamper-resistant memory according to the ninth embodiment of the present invention is small and information such as group management cannot be accommodated. FIG. 15B is a conceptual diagram showing a hardware configuration for realizing an offline shared security system using the tamper-resistant memory (25) having a large storage capacity, and FIG. ) Indicates a user authentication code, a user ID, an encryption key,
In addition to using a memory device in which only the decryption key is recorded with tamper resistance, a personal secret information code, a group 1 secret authentication code, a group 2 secret authentication code and a group 1 ID, Group 2 I
FIG. 11 is a diagram illustrating a case where Dg uses another recording medium (also built-in) such as an FD or an HD that is encrypted and stored by an encryption key.

FIG. 16 is a diagram showing a configuration for preventing tampering of a plurality of files as a tenth embodiment of the present invention.

FIG. 17 is a diagram showing a configuration for preventing falsification of a plurality of files as an eleventh embodiment of the present invention.

FIG. 18 is a diagram showing an outline of a hardware configuration of an off-line shared security system using removable media incorporating a configuration of originality assurance as a twelfth embodiment of the present invention.

FIG. 19 is a block diagram showing a functional module configuration (basic type) of an off-line shared security system using a removable medium incorporating a configuration of originality assurance as a thirteenth embodiment of the present invention.

FIG. 20 is a block diagram illustrating a configuration example of a file management control unit in FIG. 19;

FIG. 21 is a block diagram showing a functional module configuration (with a program monitoring function) of an off-line shared security system using a removable medium incorporating a configuration of originality assurance according to a fourteenth embodiment of the present invention; is there.

FIG. 22 is a block diagram illustrating a configuration example of a module monitoring unit B in FIG. 21;

FIG. 23 is a block diagram showing a functional module configuration (with an exclusive control function) of an offline shared security system using a removable medium incorporating a configuration of originality assurance as a fifteenth embodiment of the present invention; is there.

FIG. 24 is a block diagram illustrating a configuration example of an exclusive control unit (H) of C and an exclusive control unit (D) of D in FIG. 23;

FIG. 25 is a block diagram illustrating another configuration example of the exclusive control unit (H) in C of FIG. 23;

[Explanation of symbols]

Reference numeral 21: Authentication code, 22: Portable recording medium (removable medium), 22a: Security area, 22b: Authentication information code, 23: Removable media drive having firmware with an authentication function, 24: Personal computer (host PC) on the host terminal side ), 25: memory device, 25a1, 25a2 ... user 1 authentication code, user 2
Authentication code 25a2, 25b2 Secret information code 25-1, 25-2 Multiple memory devices 25c1, 25c2 User 1 ID, User 2 ID
, 25d: Group 1 secret authentication code, 25e: Group 2 secret authentication code, 22b10: Full access secret authentication code, 22b11: Read-only access secret authentication code, 22b2: Group X authentication information code, 22b3 ... Group information, 25h: encryption key, 25i: decryption key, 25-1: memory device, 25f: ID of group 1, 25g: ID of group 2, 25-2: other recording media such as FD and HD 200: host terminal, 204: display unit, 202: GUI processing unit, 203: input device unit, 201: application processing unit, 100: portable recording medium drive, A: file management control unit, 300 ... Memory driver unit, 101 ... Module with authentication processing (firmware), 221 ... Driver unit 102: Portable recording medium on which authentication information is recorded 301: Memory device 302: Memory device unit A4: File access control unit A2: User authentication processing unit A3: Drive authentication processing unit A5: Attribute data creation unit, A6: electronic signature creation / verification unit, A7: file access history creation unit, A8: encryption / decryption processing unit, A9: recording medium information acquisition unit, A10: copy file acquisition unit, A11: backup Creation unit, A12: Log management unit, A13: Recording medium initialization setting / processing unit, B: Module monitoring unit, B1: Module management processing unit, B2: Module falsification detection code acquisition unit, B3: Falsification verification unit, B5 ... Module scramble / decode processing unit, B4: Tamper-resistant memory lock unit, C: Exclusive control unit (H), D Exclusive control unit (D), D3 ... locking portion, D2 ... exclusive control code collation unit, D1 ... exclusive control code acquiring unit, C1 ... exclusive control code holding unit. C13: access exclusion unit, C12: process monitoring unit, C11: process ID acquisition unit.

Claims (15)

[Claims] 1. A system comprising a removable media drive, a file management control unit, and a secret information storage unit, wherein the system is provided in the removable media drive, and is provided on a removable medium mounted on the removable media drive. An authentication processing function unit that performs authentication using authentication information recorded in the area; and an authentication processing function unit that is provided in the removable media drive and permits access to the removable medium only when authentication by the authentication processing function unit is successful. A media access control function unit for reading the secret information stored in the secret information storage unit, transmitting the information including the secret information to the removable media drive, and performing an authentication process. Authentication request transmitter And an authentication processing request function unit provided in the file management control unit and requesting an authentication process using the authentication processing request transmission function unit at least once before accessing the removable medium. An off-line shared security system using removable media. 2. The offline sharing security system using removable media according to claim 1, wherein said secret information storage unit is a memory device detachable from a host terminal comprising a personal computer. 3. The file management control unit includes: a user authentication processing function unit that performs a user authentication process; and user authentication is performed by using the user authentication processing function unit. The secret sharing function using a removable medium according to claim 1, comprising: a secret information reading function unit that reads the secret information from an information storage unit. 4. The secret information storage unit according to claim 1, wherein the secret information storage unit includes a secret information generation function unit that generates the authentication secret information while being hidden from a user. An offline sharing security system using removable media. 5. The file management control unit has a function unit that performs a media authentication process at the start of a series of write processes to the removable medium and returns the authentication to the recording medium to an unprocessed state at the end. An off-line sharing security system using a removable medium according to any one of claims 1 to 4, wherein: 6. The removable media drive, comprising: a random number generation function unit; an encryption function unit; and a random number generation unit using the random number generation function unit at the time of authentication with the host terminal. A function unit for encrypting the random number by using the authentication information on the removable medium mounted on the removable media drive, and encrypting the information and the random number sent from the host side. Comparing the encrypted information, and when they match, has a function unit for permitting access from the host terminal as being authenticated, the secret information storage unit includes an encryption function unit, and the secret information. 3. A function unit for encrypting data using secret information stored in a storage unit, the function unit encrypting data using the secret information stored in the storage unit. Line shared security system. 7. The file management control unit collects data of a user area on the removable medium into one file, obtains a falsification prevention code of the file, forms one file, and stores both files on a host terminal. The offline sharing security system using a removable medium according to any one of claims 1 to 6, further comprising a copy function unit. 8. The file management control unit associates files in the user area on the removable medium with a plurality of related files collectively, and attaches a tampering detection code to the entire data of the associated files. 8. An off-line sharing security system using removable media according to claim 1, further comprising a function unit for copying on a host terminal. 9. The file management control unit, when storing a file larger than the free space on the removable medium, divides the file, stores the first half of the file, and manages the attribute of the file. Describe that the file was divided into files, further divided another part as another file, and to which removable media to record the different file,
A function unit for recording the identifier of the removable medium of the recording destination in the data file that manages the attribute, and further, when recording the divided another file on another removable medium, the identifier of the original removable medium is stored in the separate file. The offline sharing security system using removable media according to any one of claims 1 to 8, further comprising: a function unit for recording the attribute in a data file for managing the attribute. 10. When receiving a request from a user to read data divided and stored in a plurality of media, the file management control unit instructs the user on which media to insert next, 10. The offline sharing security using removable media according to claim 9, further comprising a function unit for finding a corresponding divided file when the media is inserted, combining the data on the host, and presenting the data to the user. system. 11. The file management control unit, when assigning a tamper detection code to a plurality of related files, first obtains a tamper detection code for each of the files, The off-line sharing security system using removable media according to claim 8, further comprising a function unit for obtaining one falsification detection code from the whole. 12. The file management control unit, when assigning a falsification detection code to a plurality of related files, first obtains a falsification detection code for each file, and then obtains the obtained falsification detection code. The offline sharing security system using removable media according to claim 8, further comprising a function unit for obtaining one falsification detection code from the entire code. 13. The security system detects that the file management control unit has not been tampered with before starting the file management control unit. If the file management control unit has been tampered with, the security system stores the confidential information storage unit. 13. The offline sharing security system using removable media according to claim 1, further comprising a program tampering check processing unit for locking a function. 14. The security system stores a process ID of a program execution module including the file management control unit when the execution module of the file management control unit starts up, and attempts to access the removable media drive from a source other than the process ID. 2. An exclusive control unit which causes a driver of the removable media drive to perform error processing when there is a program to be executed.
3. An off-line sharing security system using the removable medium according to any one of 3. 15. The security system according to claim 15, further comprising a function unit for notifying a user that the removable medium cannot be accessed when trying to access the removable medium from a program or module other than the file control management unit. 15. An offline sharing security system using the removable medium according to any one of 1 to 14.