JP2005190276A - Memory card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To protect data on a memory card per individual without encrypting the data. <P>SOLUTION: The memory card includes terminals 13a-13i for connection to a host device 12; a NAND memory 15 that stores data; and a card controller 14 that sends and receives the data in the NAND memory 15 according to commands received from the host device 12. Based on the commands received by a contactless IC module 17, the connection between the card controller 14 and either the terminals 13a-13i or the NAND memory 15 is controlled to be maintained or disconnected. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a memory card connected to a host device for recording and reproducing data.

  In recent years, digital devices have been developed along with the digitization of music signals and video signals. These digital devices are equipped with recording media such as compact discs and hard disks for recording music data and video data (hereinafter referred to as “content data”).

  Digital devices are becoming smaller, and several centimeter-square products are also available for music players. In such a small digital device, with the miniaturization of the main body, the equipped recording medium has also been miniaturized in parallel.

  Further, so-called memory cards using semiconductor memories are used as smaller recording media. At present, a memory card called SD (Secure Digital) card corresponding to copyright protection has been commercialized.

  The SD card authenticates with the connected host device and has a protected area that can be accessed only when the authentication is successful, thereby protecting the content data. For example, if the revocation information indicating an unauthorized host device is stored in the memory card and the host device connected to the memory card falls under this category, access from the host device is invalidated to protect the content data This method is described in “Patent Document 1”.

  By the way, the data protection method based on the authentication of the host device as described above has a problem that if the authentication with the host device is successful, a user other than the stored person can access all areas. That is, the conventional SD card has a problem that when important personal data is stored, it is difficult to protect data on an individual basis so that only the person himself can access the data.

  For this reason, when it is desired to protect data on an individual basis, the file is encrypted for each file using a file encryption tool or the like.

However, such a method requires an extra operation every time the file is accessed, and is not only complicated, but also when the capacity of the file to be protected is large, the encryption time cannot be ignored, which is difficult for the user. It was very difficult to use.
JP 2000-357126 A

  As described above, the conventional memory card has a problem that it must be encrypted for each file when data protection is performed on an individual basis.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a memory card that can protect data on an individual basis without encrypting the data.

  According to one aspect of the present invention, first and second interfaces connected to a host device, storage means for storing data, and the first interface connected to the first interface and the storage means Based on the command received by the storage means, the control means for accessing the data of the storage means, and transmitting and receiving the data via the first interface, and based on the command received by the second interface, A memory card is provided that controls a connection between a control unit and the first interface or the storage unit in a connected state or a disconnected state.

  According to another aspect of the present invention, first and second interfaces connected to a host device, first storage means for storing data, the first interface and the first storage Control means connected to the means for accessing the data of the first storage means based on a command received by the first interface, and for transmitting and receiving the data via the first interface; And a second storage means for storing firmware for controlling the operation of the means, and a rewrite means for rewriting the firmware in the second storage means based on a command received by the second interface. A memory card is provided.

  According to the present invention, since the data access path can be controlled by an independent interface, data protection of the memory card can be performed on an individual basis without encrypting the data.

  Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a circuit block diagram showing a memory card according to Embodiment 1 of the present invention.

  The memory card 11 according to the first embodiment of the present invention includes terminals 13a to 13i used for connection with the host device 12, a card controller 14 that controls the entire card, a NAND memory 15 that stores and saves data received from the host device 12, A switcher 16a that connects the card controller 14 and the terminals 13a to 13i, a switcher 16b that connects the card controller 14 and the NAND memory 15, a noncontact IC module 17 that transmits and receives information in a noncontact manner, and a noncontact An EEPROM 18 in which control information of the IC module 17 and circuit information of the switchers 16a and 16b are stored is provided.

  The terminals 13a to 13i are a terminal 13a (hereinafter referred to as a CLK terminal 13a) that receives a clock CLK necessary for data transfer, and terminals 13b to 13e that transmit and receive data DAT0 to DAT3 (hereinafter referred to as DAT terminals 13b to 13e). A terminal 13f (hereinafter referred to as CMD terminal 13f) for receiving a command CMD for instructing writing, reading, erasing, etc. to the memory card 11, a terminal 13g to which the power supply VDD is supplied, and a terminal to which the ground GND is supplied 13h and 13i.

  Further, the host device 12 is provided with a card I / F unit 19 for connecting to the terminals 13a to 13i.

  The CMD terminal 13f is used not only for processing requests to the memory card 11, but also for transferring response information returned from the memory card 11 to the host device 12. This conforms to the SD card standard.

  The card controller 14 stores an I / O-I / F unit 20 that is an interface with the host device 12, a memory I / F unit 21 that is an interface with the NAND memory 15, and firmware that controls the card controller 14. The ROM 22 includes a SRAM 23 that is a work memory for executing firmware, a register 24 that stores information registers, and a CPU 25 that controls these by firmware.

  When power is turned on to the memory card 11, the card controller 14 first initializes the I / O-I / F unit 20, ROM 22, SRAM 23, memory I / F unit 21, and NAND memory 15. Subsequently, the firmware is read from the ROM 22 and stored in the SRAM 23.

  When the preparation of the card controller 14 is completed and a prescribed initialization command is issued from the host device 12 via the CMD terminal 13f and the DAT terminals 13b to 13e, the initialization of the memory card 11 is completed.

  When the card controller 14 receives a command from the host device 12, for example, single write, multiple write, single read, multiple read, register 24 read, or an authentication procedure, the card controller 14 executes a desired process according to the command.

  The NAND memory 15 is a NAND type electrically rewritable nonvolatile memory.

  The memory card 11 manages the NAND memory 15 by dividing it into a normal area and a protection area, and can access only the normal area with a normal command. In order to access the protected area, for example, an authentication process such as CPRM (Content Protection for Recoverable Media) is required. As a result, functions for suppressing access by unauthorized devices are realized.

  The switchers 16a and 16b are circuits that can change wiring connections in a programmable manner.

  The EEPROM 18 is an electrically rewritable nonvolatile memory and has a serial interface.

  The EEPROM 18 stores circuit information of the switchers 16a and 16b. When the memory card 11 is turned on, the switchers 16a and 16b automatically read circuit information from a predetermined area of the EEPROM 18 and set the wiring connection. Made.

  The non-contact IC module 17 is an IC card module that has no connection terminal on the card surface and performs wireless power supply and communication with a dedicated reader / writer (not shown). This module is a proximity type and conforms to the ISO / IEC14443 standard.

  FIG. 2 is a circuit block diagram showing the non-contact IC module 17 of the memory card 11 according to the first embodiment of the present invention. Here, for the sake of explanation, connections to the EEPROM 18 and the switcher 16a are also shown.

  The non-contact IC module 17 of the memory card 11 according to the first embodiment of the present invention includes a control unit 31 that controls the entire module, a modulation unit 32 that performs data modulation when transmitting data, and a data reception unit. A demodulation unit 33 that performs data demodulation, a power supply unit 34, and an electromagnetic induction unit 35 that performs data transmission and reception and power supply are provided.

  The electromagnetic induction unit 35 is formed of a coil, and electromagnetic induction is generated in the coil by the carrier wave generated by the reader / writer, and electric power is supplied. Data reception from the reader / writer is performed by this carrier wave and demodulated by the demodulator 33. Furthermore, data transmission to the reader / writer is performed by changing the magnetic field by changing the coil load of the electromagnetic induction unit 35 and reading it with the coil in the reader / writer.

  The non-contact IC module 17 is connected to an EEPROM 18 and a switcher 16a via an SPI (Serial Peripheral Interface) bus.

  The EEPROM 18 synchronizes the clock using the CLK line 36 of the SPI bus, inputs data through the DataIn line 37, and outputs data through the DataOut line 38. The CS terminal 39 is connected to the ground, and the EEPROM 18 is always in the selected state.

  Normally, when the memory is shared, a circuit for sharing is required. However, since the switcher 16a and the non-contact IC module 17 do not access the EEPROM 18 at the same time, such a simple circuit configuration is used. .

  The switcher 16b has a similar configuration.

  FIG. 3 is an image diagram showing information stored in the EEPROM 18 of the memory card 11 according to the first embodiment of the present invention. FIG. 3A is an image diagram showing an address map of the EEPROM 18, and FIG. 3B is an image diagram showing details of the authentication information 41.

  As shown in FIG. 3A, the EEPROM 18 has authentication information 41 used in the non-contact IC module 17 in the non-contact IC module memory area of the upper address, and the switchers 16a and 16b in the switcher memory area of the lower address. Have circuit information to use.

  The circuit information is information for setting the wiring connections of the switchers 16a and 16b. The circuit information 42 at the time of loading is automatically loaded by the switchers 16a and 16b, the circuit information 43 for LOCK that makes the memory card 11 inaccessible, the memory There is UNLOCK circuit information 44 that allows the card 11 to be used, and other circuit information 45 that is spare circuit information such as extended use.

  When the memory card 11 is initialized such as when the power is turned on, the switchers 16a and 16b automatically read the circuit information 42 at the time of loading and set the wiring connection based on this. In the initial state when the memory card 11 is shipped, UNLOCK circuit information 44 is stored in the load circuit information 42. In the state where access to the memory card 11 is prohibited, the circuit information 43 for LOCK is stored in the circuit information 42 at the time of loading.

  As shown in FIG. 3B, the authentication information 41 includes user authentication including password information 46 and an authentication flag 47, and an access flag 48 indicating whether or not the memory card 11 can be accessed.

  The password information 46 is used for personal authentication for identifying individual-unit access, and is set safely by, for example, a public key method, as will be described later.

  The authentication flag 47 indicates the success or failure of personal authentication based on the password information 46.

  Next, details of the switcher 16a will be described.

  FIG. 4 is a circuit diagram showing a configuration of the switcher 16a in the memory card 11 according to the first embodiment of the present invention.

  The switcher 16a of the memory card 11 according to the first embodiment of the present invention includes an interface 51a connected to the terminals 13a to 13f, an interface 51b connected to the I / O-I / F unit 20, and a row wiring 52a from the interface 51a. To 52f, column wirings 53a to 53f from the interface 51b (in the figure, row wirings 52a to 52f are arranged in the horizontal direction, column wirings 53a to 53f are arranged in the vertical direction), row wirings 52a to 52f and column wiring 53a. To 53f, switches Q11 to Q66, switch setting circuit 54 for setting the switches Q11 to Q66, and control lines 55a to 55f from the switch setting circuit 54 are provided.

  Whether or not the row wirings 52a to 52f and the column wirings 53a to 53f are connected is determined by the setting of the switches Q11 to Q66 at the respective crossing positions. By default, the row wirings 52a to 52f are connected as shown in FIG. There is no state, that is, a disconnected state (hereinafter referred to as “LOCK state”).

  The switch setting circuit 54 is connected to the EEPROM 18, reads circuit information from the EEPROM 18, and controls on / off of the switches Q11 to Q66 by the control lines 55a to 55f. As shown in the figure, each of the control lines 55a to 55f has a 6-bit configuration and can control all the switches independently. That is, the switch setting circuit 54 has a configuration called a so-called decoder.

  For example, semiconductor transistors can be used for the switches Q11 to Q66.

  In a semiconductor transistor, when a current flows through the base, a current flows between the emitter and the collector. When no current flows through the base, no current flows between the emitter and the collector.

  Accordingly, the configuration of the switcher 16a can be easily realized by connecting the row wirings 52a to 52f to the emitter and the column wirings 53a to 53f to the collector based on the control lines 55a to 55f from the switch setting circuit 54, respectively. it can.

  FIG. 5 is a circuit diagram showing an operation state of the switcher 16a in the memory card 11 according to the first embodiment of the present invention. Here, a state in which all signal lines, that is, CLK, CMD, and DAT0 to DAT3 are connected (hereinafter, referred to as “UNLOCK state”) is shown.

  In the figure, the switches Q11, Q22, Q33, Q44, Q55, and Q66 that are in the ON state are indicated by bold lines.

  When the power of the memory card 11 is turned on, the load circuit information 42 stored in the EEPROM 18 is loaded into the switch setting circuit 54, and the on / off of the switches Q11 to Q66 is set accordingly.

  For example, if the UNLOCK circuit information 44 is copied to the load circuit information 42, the UNLOCK state shown in FIG.

  If the circuit information for LOCK 43 is copied in the circuit information 42 at the time of loading, the LOCK state of FIG. 4 is obtained.

  Although the switcher 16a has been described here, the same applies to the switcher 16b. The difference is that the NAND memory 15 is connected to the interface 51a, and the memory I / F unit 21 is connected to the interface 51b.

  4 and 5 show circuit diagrams of signal wiring, the switcher 16a is configured to be able to turn on / off the power supply line (VDD) and ground line (GND) in the same manner. Yes.

  Next, the operation of the memory card 11 having the above-described configuration will be described.

  FIG. 6 is an image diagram showing an example of a usage method in the memory card 11 according to the first embodiment of the present invention.

  User A and user B are located away from each other, and user A has a memory card 11 and a host device A that controls the memory card 11 (hereinafter referred to as “host A”), and user B holds the memory card 11. It has a host device B to be controlled (hereinafter referred to as “host B”).

  Each of the host A and the host B includes memory card reader / writers 61 a and 61 b that can be connected to the memory card 11. The memory card 11 is inserted into the memory card reader / writers 61a and 61b, and transmits and receives data via the card I / F unit 19 to which the terminals 13a to 13i are connected.

  Each of the host A and the host B includes non-contact IC card reader / writers 62 a and 62 b that can access the memory card 11 via the non-contact IC module 17. The non-contact IC card reader / writers 62a and 62b do not need to be physically connected to the memory card 11, and can exchange data wirelessly just by bringing the memory card 11 closer.

  The memory card reader / writers 61a and 61b and the non-contact IC card reader / writers 62a and 62b are connected to the host A and the host B by USB-I / F, respectively.

  User A writes data to the memory card 11 at the host A, and further sends the data to the user B with the memory card 11 in the LOCK state. User B who has received the memory card 11 performs personal authentication using password information 4646 set in advance in a secure manner, and accesses the data with the memory card 11 in the UNLOCK state.

  FIG. 7 is a flowchart showing the operation of the host in using the memory card 11 according to the first embodiment of the present invention. Here, as shown in FIG. 6, the case where the user A sends the memory card 11 to the user B is shown.

  The operation of the host A in using the memory card 11 according to the first embodiment of the present invention includes a password creation step 71 for creating a password used for personal authentication, a data storage step 72 for writing data to the NAND memory 15, and the memory card 11. LOCK processing step 73 for setting the LOCK state, and card sending step 74 for sending the memory card 11 to the host B are configured.

  The operation of the host B in using the memory card 11 according to the first embodiment of the present invention includes the password acquisition step 75 for acquiring a password used for personal authentication, the card reception step 76 for receiving the memory card 11 from the host A, the memory The card comprises an UNLOCK processing step 77 for setting the card 11 to the UNLOCK state, a card initializing step 78 for initializing the memory card 11, and a card access step 79 for accessing the NAND memory 15.

  In the password creation step 71, the host A first writes the user authentication password used for personal authentication into the password information 46 of the memory card 11 via the non-contact IC card reader / writer 62a. At the same time, “NG” is written in the authentication flag 47 and “UNLOCK” is written in the access flag 48.

  Next, the user authentication password is encrypted with the public key of user B created by the public key method described later, and this is sent to the host B.

  In the password acquisition step 75, the host B decrypts the encrypted password received from the host A with the private key of the user B.

  In the data storage step 72, the host A transmits a write command and data to the memory card 11 in the UNLOCK state via the memory card reader / writer 61a. Receiving these, the card controller 14 stores the received data in the NAND memory 15 in accordance with the write command.

  At this time, the data stored in the NAND memory 15 is not encrypted.

  In the LOCK processing step 73, the host A transmits a LOCK instruction to the memory card 11 via the non-contact IC card reader / writer 62a. The non-contact IC module 17 that has received this performs the LOCK process of the memory card 11 by copying the LOCK circuit information 43 of the EEPROM 18 to the load circuit information 42.

  At this stage, the switchers 16a and 16b are not in the LOCK state shown in FIG. 4, but the load circuit information 42 is read into the switchers 16a and 16b when the memory card 11 is turned on next time. Is substantially equivalent to the LOCK state.

  Next, in the card sending step 74 and the card receiving step 76, the host A sends the memory card 11 in the LOCK state to the host B, and the host B receives it.

  In the UNLOCK processing step 77, the host B transmits an UNLOCK instruction to the memory card 11 via the non-contact IC card reader / writer 62b. The non-contact IC module 17 that has received this performs UNLOCK processing of the memory card 11 by copying the UNLOCK circuit information 44 of the EEPROM 18 to the circuit information 42 at the time of loading.

  Similar to the LOCK processing step 73, the memory card 11 is equivalent to the UNLOCK state at this stage.

  In the card initialization step 78, the memory card 11 brought into the UNLOCK state in the UNLOCK processing step 77 is inserted into the memory card reader / writer 61b of the host B and initialized.

  In the card access step 79, the card controller 14 of the memory card 11 executes a desired process according to a command received from the host B via the memory card reader / writer 61b. For example, the host B can issue a read command to read data stored in the memory card 11.

  In this way, the NAND memory 15 of the memory card 11 subjected to the UNLOCK process and the card initialization process can freely read and write in the card access step 79.

  Accordingly, complicated processing such as encryption / decryption is not required, and the data stored in the NAND memory 15 in the data storage step 72 can be easily read and used.

  Next, a detailed operation flow of the LOCK processing step 73 and the UNLOCK processing step 77 will be described.

  FIG. 8 is a flowchart showing operations in the LOCK processing and UNLOCK processing of the memory card 11 according to the first embodiment of the present invention. Since the operations in the host A and the host B are the same, they are simply referred to as “host” here.

  The operation of the host in the LOCK processing and UNLOCK processing of the memory card 11 according to the first embodiment of the present invention includes a processing selection step 81 in which the user selects LOCK processing or UNLOCK processing, a password input step 82 in which a user authentication password is input, A LOCK determination step 83 for determining whether the selected process is a LOCK process, a LOCK instruction step 84 for transmitting a LOCK command to the memory card 11, an UNLOCK determination step 85 for determining whether the selected process is an UNLOCK process, And an UNLOCK instruction step 86 for transmitting an UNLOCK command to the memory card 11.

  The operation of the memory card 11 in the LOCK processing and UNLOCK processing of the memory card 11 according to the first embodiment of the present invention includes the password check step 87 for determining whether the input user authentication password is correct, and circuit information 43 for LOCK. LOCK setting step 88 for copying the circuit information 42 to the loading circuit information 42, and a UNLOCK setting step 89 for copying the UNLOCK circuit information 44 to the loading circuit information 42.

  In the process selection step 81, the host displays a selection screen of “memory card 11LOCK” and “memory card 11UNLOCK” on the display device. When the user selects either one, the host stores it as a user instruction and switches the display screen to the user authentication password input screen.

  In the password input step 82, the host sends the user authentication password entered on the user authentication password input screen to the non-contact IC card reader / writer 62 a or 62 b and passes through the electromagnetic induction unit 35 to remove the memory card 11. It transmits to the contact IC module 17.

  In the password check step 87, the non-contact IC module 17 of the memory card 11 compares the received user authentication password with the password information 46 in the authentication information 41 of the EEPROM 18, and performs a password check.

  If they match (“OK”), the non-contact IC module 17 sets “OK” in the authentication flag 47 in the authentication information 41, and further indicates that the user authentication has been successful, the non-contact IC card reader / writer. The host is notified through 62a or 62b.

  If the user authentication password and the password information 46 do not match (“NG”), the non-contact IC module 17 sets “NG” in the authentication flag 47 and further notifies the host that the user authentication has failed. The process is terminated.

  Upon receiving the user authentication failure, the host displays “authentication failure” on the screen and ends the process.

  When the host receives a notification of successful user authentication from the memory card 11, the host displays “authentication successful” on the screen. Then, in the LOCK determination step 83, it is determined whether or not the user instruction stored in the process selection step 81 is “LOCK”.

  If it is “LOCK” (“YES”), the host transmits a LOCK command to the memory card 11 via the non-contact IC card reader / writer 62 a or 62 b in the LOCK instruction step 84.

  If it is not “LOCK” (“NO”), the operation of the host proceeds to UNLOCK determination step 85.

  When the LOCK command is received from the host, the non-contact IC module 17 of the memory card 11 reads the LOCK circuit information 43 of the EEPROM 18 and copies it to the load circuit information 42. Further, the non-contact IC module 17 changes the access flag 48 of the authentication information 41 to “LOCK” and ends the process.

  Thereby, the memory card 11 substantially shifts to the LOCK state.

  In UNLOCK determination step 85, the host determines whether the user instruction stored in process selection step 81 is “UNLOCK”.

  If it is “UNLOCK” (“YES”), the host transmits an UNLOCK command to the memory card 11 via the non-contact IC card reader / writer 62 a or 62 b in the UNLOCK instruction step 86.

  If it is not “UNLOCK” (“NO”), the host operation ends.

  When receiving the UNLOCK command from the host, the non-contact IC module 17 of the memory card 11 reads the UNLOCK circuit information 44 of the EEPROM 18 and copies it to the circuit information 42 at the time of loading. Further, the non-contact IC module 17 changes the access flag 48 of the authentication information 41 to “UNLOCK” and ends the process.

  As a result, the memory card 11 substantially shifts to the UNLOCK state.

  Next, a detailed operation flow of the card initialization step 78 will be described.

  FIG. 9 is a flowchart showing the card initialization operation in the memory card 11 according to the first embodiment of the present invention.

  The card initialization operation in the memory card 11 according to the first embodiment of the present invention includes a circuit information setting step 91, a connection determination step 92, and an initialization processing step 93.

  In the circuit information setting step 91, the memory card 11 loads the load circuit information 42 of the EEPROM 18 into the switchers 16a and 16b.

  In the connection determination step 92, the memory card 11 performs wiring connection of the switchers 16a and 16b according to the loaded circuit information.

  In the case of the memory card 11 in the UNLOCK state (“OK”), the terminals 13a to 13i of the memory card 11 and the card controller 14 and the wiring between the card controller 14 and the NAND memory 15 are correctly connected, and the operation is the initialization process step 93. Migrate to

  In the LOCK state (“NG”), the switchers 16a and 16b are not connected to each other and power is not supplied to the card controller 14, so the card controller 14 is not initialized and the operation ends. Even if a read command is input to the CMD terminal 13f of the memory card 11 in this state, the card controller 14 does not execute the read process.

  In the initialization processing step 93, power is first supplied to the card controller 14, and then the I / O-I / F unit 20, ROM 22, SRAM 23, CPU 25, memory I / F unit 21, register 24, and NAND memory 15 are connected. It is initialized.

  Then, the firmware is read from the ROM 22 and stored in the SRAM 23, and the preparation of the card controller 14 is completed.

  Next, when a prescribed initialization command is received from the host via the CMD terminal 13f and the DAT terminals 13b to 13f, the initialization of the memory card 11 is completed.

  Next, a public key method used for encrypting a user authentication password will be described.

  FIG. 10 is a flowchart showing a public key method used for encrypting a user authentication password in the memory card 11 according to the first embodiment of the present invention.

  The public key method used for encrypting the user authentication password in the memory card 11 according to the first embodiment of the present invention includes the key A creation step 101 for creating the user A key, and the key B for creating the user B key. It comprises a creation step 102, a key B registration step 103 for registering the public key B of the user B in the host A, and a key A registration step 104 for registering the public key A of the user A in the host B.

  In the key A creation step 101 and the key B creation step 102, public keys and private keys of the user A and the user B are created, and are registered in the respective hosts together with a private key creation password. The public key A is sent to the host B, and the public key B is sent to the host A.

  In the key B registration step 103, the public key B of the user B sent from the host B is registered in the host A.

  In the key A registration step 104, the public key A of the user A sent from the host A is registered in the host B.

  The password creation step 71 and password setting step 75 shown in FIG. 7 are executed using the public key registered in this way.

  According to the first embodiment, the non-contact IC module 17 which is an independent interface can control the wiring connection of the switchers 16a and 16b, and the access path to the data stored in the NAND memory 15 can be controlled. The data protection of the memory card 11 can be easily performed on an individual basis without conversion.

  In the first embodiment described above, the EEPROM 18 has the circuit information 43 for LOCK, the circuit information 44 for UNLOCK, and the other circuit information 45 as circuit information. However, the present invention is not limited to this, and a part of the LOCK is also included. For example, the non-contact IC module 17 may have a plurality of pieces of circuit information such as circuit information and circuit information for LOCK for a certain time, and may be selected by the non-contact IC module 17 in accordance with a user instruction.

  Further, the circuit information is loaded from the loading circuit information 42 to the switchers 16a and 16b at the time of card initialization, but it may be loaded at the time of LOCK processing or UNLOCK processing.

  Furthermore, in the first embodiment, the LOCK circuit information 43 is copied to the load circuit information 42 at the time of LOCK, but the present invention is not limited to this, and the data of the load circuit information 42 may be deleted.

  As another method, at the time of LOCK, the address at which the LOCK circuit information 43 is stored and the address at which the load circuit information 42 is stored are sent to the memory card 11, and the LOCK circuit information 43 is loaded according to the address. You may copy to the area of the time circuit information 42. FIG.

  In this case, at the time of UNLOCK, the address at which the UNLOCK circuit information 44 is stored and the address at which the load circuit information 42 is stored are sent to the memory card 11, and the UNLOCK circuit information 44 is loaded based on the address. Copy to the area of the circuit information 42.

  Further, a configuration in which the circuit information itself is sent may be used. For example, the LOCKed user sends the UNLOCK circuit information 44 at the same time. The user who receives them copies the UNLOCK circuit information 44 to the area of the load circuit information 42 at the time of UNLOCK. At this time, the circuit information itself is encrypted and sent.

  Furthermore, in Embodiment 1 described above, all the wirings are disconnected at the time of LOCK. However, the present invention is not limited to this, and only the CMD line, the power supply line, and the ground line are connected, and the host device 12 is connected. Although it is not possible to send / receive data to / from the memory card 11, basic commands may be sent / received. In this way, the state of the memory card 11 can be confirmed by using the CMD line.

  FIG. 11 is a circuit block diagram showing a memory card according to Embodiment 2 of the present invention.

  The memory card 111 according to the second embodiment of the present invention includes terminals 113a to 113i used for connection with the host device 112, a card controller 114 that controls the entire card, a NAND memory 115 that stores and saves data received from the host device 112, A non-contact IC module 117 that transmits and receives information to and from the host device 112 in a non-contact manner, and an EEPROM 118 that stores control information of the non-contact IC module 117, firmware of the card controller 114, and the like are provided.

  The difference from the first embodiment is that the switchers 16a and 16b do not exist in the second embodiment and the circuit connection around the EEPROM 118 and the card controller 114 is different.

  In the second embodiment, the same effect can be realized without the switchers 16a and 16b by replacing the firmware of the card controller 114 via the non-contact IC module 117.

  In other words, the LOCK state of the first embodiment is realized by ignoring the command and the like from the host device 112 by the firmware, and conversely, the UNLOCK state is realized by correctly processing the command and the like.

  Since the configuration and operation of each circuit block excluding the card controller 114 are the same as those in the first embodiment, description thereof is omitted.

  The card controller 114 includes an I / O-I / F unit 120 that is an interface with the host device 112, a memory I / F unit 121 that is an interface with the NAND memory 115, an SRAM 123 that is a work memory for executing firmware, The register 124 stores the information register 124, and the CPU 125 controls these by firmware.

  Since the details of these circuit blocks are the same as those in the first embodiment, description thereof will be omitted.

  The firmware of the card controller 114 is stored in an electrically rewritable EEPROM 118.

  FIG. 12 is a circuit block diagram showing connections of the EEPROM 118 in the memory card 111 according to the second embodiment of the present invention.

  The EEPROM 118 and the non-contact IC module 117 have a parallel I / F, and the card controller 114 and the non-contact IC module 117 are connected to the EEPROM 118.

  The EEPROM 118 has a parallel I / F composed of address (ADD), data (DATA), write / read (W / R), and chip enable (CE). As shown in FIG. 4, the parallel I / F is connected via buffers 126a to 126h with enable.

  In this embodiment, the non-contact IC module 117 and the card controller 114 do not access the EEPROM 118 at the same time. Further, the timing of signal switching on the bus is not critical, and further, the CPU 125 of the card controller 114 does not access the EEPROM 118 while the non-contact IC module 117 is performing the LOCK process or the UNLOCK process.

  That is, while the host device 112 accesses the memory card 111 using the non-contact IC module 117, the enabled buffers 126a to 126d on the non-contact IC module 117 side are enabled, and the enabled buffers 126e to 126h. Is disabled. While the host device 112 is accessing the memory card 111 via the card I / F unit 119, the enabled buffers 126e to 126h on the card controller 114 side are enabled, and the enabled buffers 126a to 126d are disabled. It becomes Able.

  The EEPROM 118 stores firmware and data for the non-contact IC module 117 and the card controller 114. When the memory card 111 is in the locked state, the firmware of the card controller 114 is programmed not to accept a data transmission / reception command from the host side. Conversely, in the UNLOCK state, it is programmed to perform a normal access operation.

  According to the second embodiment, in addition to the effects described in the first embodiment, since the firmware of the non-contact IC module 117 and the card controller 114 is stored in the same EEPROM 118, the memory card having the same function as the first embodiment 111 can be realized at a lower cost.

  In the second embodiment described above, the card controller 114 does not accept a data transmission / reception command from the host device 112 when it is locked. However, the present invention is not limited to this, and the available commands are limited. Alternatively, the command at the time of LOCK and the command at the time of UNLOCK may be completely separated.

  The card controller 114 may be a programmable LSI.

  In the first embodiment and the second embodiment described above, the example in which the user authentication password used for the LOCK process or the UNLOCK process is transmitted after being encrypted with the public key is shown. However, the present invention is not limited to this, and the common key encryption is used. A method may be used.

  In addition, although personal authentication is performed with a user authentication password at the time of LOCK processing or UNLOCK processing, human body authentication such as voice authentication or face authentication may be used.

  Further, the user authentication password is stored in the EEPROM of the memory card and the user authentication is performed via the contactless IC module. However, the present invention is not limited to this, and a rewritable memory area in the memory card 11 is used. Or may be stored in a host device and user authentication may be performed by the host device.

  Further, although the proximity type is used as the non-contact IC card module, a close contact type (ISO / IEC 10536) or a proximity type (ISO / IEC 15693) may be used.

  Furthermore, in the above-described first and second embodiments, the data is stored without being encrypted, but the present invention is not limited to this, and may be stored with some encryption.

  Further, in the first and second embodiments, the NAND memory is used as the memory. However, the present invention is not limited to this, and other nonvolatile memories such as a NOR memory and an FRAM memory may be used.

  Furthermore, in the first embodiment and the second embodiment described above, the connection terminal of the memory card is 9 pins, but the present invention is not limited to this.

1 is a circuit block diagram showing a memory card according to Embodiment 1 of the present invention. 1 is a circuit block diagram showing a non-contact IC module of a memory card according to Embodiment 1 of the present invention. 3 is an image diagram showing information stored in an EEPROM of a memory card according to Embodiment 1 of the present invention. FIG. 1 is a circuit diagram showing a configuration of a switcher in a memory card according to Embodiment 1 of the present invention. FIG. 3 is a circuit diagram showing an operation state of the switcher in the memory card according to the first embodiment of the invention. FIG. 3 is an image diagram illustrating an example of a usage method in the memory card according to the first embodiment of the invention. FIG. 3 is a flowchart showing the operation of the host in using the memory card according to the first embodiment of the present invention. The flowchart which shows the operation | movement in the LOCK process and UNLOCK process of the memory card concerning Example 1 of this invention. The flowchart which shows the operation | movement of the card initialization in the memory card concerning Example 1 of this invention. The flowchart which shows the public key system used for encryption of the password for user authentication in the memory card 11 concerning Example 1 of this invention. The circuit block diagram which shows the memory card concerning Example 2 of this invention. The circuit block diagram which shows the connection of EEPROM in the memory card concerning Example 2 of this invention.

Explanation of symbols

11, 111 Memory card 12, 112 Host device 13a-13i, 113a-113i Terminal 14, 114 Card controller 15, 115 NAND memory 16a, 16b Switcher 17, 117 Non-contact IC module 18, 118 EEPROM
19, 119 Card I / F unit 20, 120 I / O-I / F unit 21, 121 Memory I / F unit 22 ROM
23, 123 SRAM
24, 124 Register 25, 125 CPU
31 Control Unit 32 Modulation Unit 33 Demodulation Unit 34 Power Supply Unit 35 Electromagnetic Induction Unit 36 CLK Line 37 DataIn Line 38 DataOut Line 41 Authentication Information 42 Load Circuit Information 43 LOCK Circuit Information 44 UNLOCK Circuit Information 45 Other Circuit Information 46 Password Information 47 Authentication flag 48 Access flag 51a, 51b Interface 52a-52f Row wiring 53a-53f Column wiring 54 Switch setting circuit 55a-55f Control line 61a, 61b Memory card reader / writer 62a, 62b Non-contact IC card reader / writer 71 Password creation Step 72 Data storage step 73 LOCK processing step 74 Card sending step 75 Password setting step 76 Card receiving step 77 UNLOCK processing step 78 Card initialization step 79 Access step 81 process selection step 82 password input step 83 LOCK determination step 84 LOCK instruction step 85 UNLOCK determination step 86 UNLOCK instruction step 87 password check step 88 LOCK setting step 89 UNLOCK setting step 91 circuit information setting step 92 connection determination step 93 Initialization processing step 101 Key A creation step 102 Key B creation step 103 Key B registration step 104 Key A registration steps 126a to 126h Buffer with enable

Claims (5)

First and second interfaces connected to the host device;
Storage means for storing data;
Control connected to the first interface and the storage means, accessing the data of the storage means based on a command received by the first interface, and transmitting / receiving the data via the first interface With means,
A memory card characterized in that, based on a command received by the second interface, the connection between the control means and the first interface or the storage means is controlled to a connected state or a disconnected state. Programmable switch means connected between the first interface and the control means and corresponding one-to-one with the signal line from the first interface and the signal line from the control means;
The control unit according to claim 1, further comprising a rewriting unit that rewrites program information of the switch unit based on a command received by the second interface in order to control the switch unit to a connected state or a disconnected state. The memory card described. Programmable switch means connected between the storage means and the control means, and corresponding the signal lines from the storage means and the signal lines from the control means on a one-to-one basis;
The control unit according to claim 1, further comprising a rewriting unit that rewrites program information of the switch unit based on a command received by the second interface in order to control the switch unit to a connected state or a disconnected state. The memory card described. First and second interfaces connected to the host device;
First storage means for storing data;
Connected to the first interface and the first storage means, and accesses the data of the first storage means based on a command received by the first interface, via the first interface Control means for transmitting and receiving the data;
Second storage means for storing firmware for controlling the operation of the control means;
A memory card comprising rewriting means for rewriting the firmware of the second storage means based on a command received by the second interface. The second interface is
The memory card according to claim 1, wherein the memory card is a non-contact IC module that is wirelessly connected to a host device.

Images