JP2008033450A - Communications system and peripheral device used therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a card type storage medium having a data format structure capable of achieving a very robust security property while having a physical structure without an onboard storage controller. <P>SOLUTION: In a normal mode, the whole of a security area 400 of the card type storage medium 11 is viewed only as one encoded macro security file, whose content is difficult to decode. Additionally, because a writing position of a macro security file to be decoded is written into a header area 401 and an authenticating check sector is fixedly described at the head thereof, the authenticating check sector can be read form the medium without problems by a sequence decided on a host device side though the macro security file itself, even though it has an internal data structure unable to be identified due to encoding. After receiving the authentication result, a predetermined necessary part of the macro security file can be collectively decoded. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a communication system using a removable storage medium and a peripheral device used for the communication system.

JP 2002-92745 A JP 2006-18345 A

  In recent years, a so-called memory card (card type storage medium: an example of a recording medium) in which a nonvolatile memory such as a flash memory is packaged in a card type is widely known. This memory card is rapidly spreading as a data storage medium used in digital devices such as digital cameras and portable music players. The specifications of the memory card are not unified. For example, compact flash (registered trademark, hereinafter abbreviated as “CF”), smart media (registered trademark, hereinafter abbreviated as “SM”), memory stick (registered trademark, hereinafter “ Various products such as “MS” and SD memory card (registered trademark, hereinafter abbreviated as “SD”) are on the market. These memory cards are connected to a PC or the like, and by using a memory card reader / writer (an example of a peripheral device, hereinafter abbreviated as “reader / writer”) that reads and writes the memory card, the PC can access the memory card. It becomes possible. As a result, data communication can be performed between the PC and the memory card. In other words, these memory cards can only communicate data when they are installed in a reader / writer. They can be used for active communication function units (for example, protocol analysis units and data transmission / reception units) and storage control. The device is not mounted on itself but depends on the reader / writer side.

  The above-mentioned memory card is written with a password encrypted by software processing via a card reader drive built in the PC. The password is read on the PC side and verified against the password entered by the user. What was made to perform is known (patent document 1). On the other hand, a so-called USB memory is known as a removable storage medium equipped with a storage control device and having a function as an auxiliary storage device. In this USB memory, security hardware logic (for example, data encryption / decryption logic) is mounted in the storage control device so that the storage contents of the file allocation table (FAT) can be protected. Is known (Patent Document 2).

  However, in both Patent Document 1 and Patent Document 2, the important data file written in the memory is not encrypted at all, and measures against security and data destruction due to unauthorized access are not necessarily strong. There is no problem. Further, in the case of the configuration of Patent Document 2, a security function cannot be enjoyed unless a dedicated medium having an encryption logic (for example, a special USB memory having a security logic as described above) is used. This technology cannot be applied to memory cards with a complicated structure. Furthermore, it is necessary to record the encryption history and the storage sector information of each file on the FAT in association with each file to be stored on the PC side, and there is a major drawback that decryption can be performed only by the PC on which recording remains. . In addition, it is necessary to search the history for the presence of an encrypted file and to selectively decrypt the corresponding encrypted FAT area, resulting in a complicated processing program. In addition, there is a method in which the user encrypts the data file to be stored by dedicated software on the PC for each file and then writes it to the memory card in the same way as a normal file. When the number is large, it takes a lot of work, and it cannot be said that it is a practical method for a memory card whose capacity is increasing.

  An object of the present invention is to provide a communication system using a removable storage medium having a data format structure capable of realizing very strong security while having a physical structure not equipped with security hardware logic such as encryption. And a peripheral device used therefor.

Means for Solving the Problems and Effects of the Invention

In order to solve the above problems, the communication system of the present invention provides:
A peripheral device that is a communication target of the host device and the host device connected to the host device, and the removable storage medium is detachably attached to the slot, and the peripheral device is based on a communication event with the peripheral device. A peripheral device configured as a storage device that performs data access to the removable storage medium,
Removable storage media
It consists of a non-volatile memory that enables data access related to reading and writing of data, and an actual data storage area in which stored data can be read, written and erased in units of files, and each of the actual data storage areas An actual file management information storage area for storing file management information described in such a manner that at least the occupied area of the data file and the empty area not occupied by the data file can be specified in the data storage area of the area are stored, It has a real media area formed according to a predetermined media format, and the real data storage area is divided into a security area in which all stored contents are written in an encrypted state and a normal area that is not encrypted. Formed,
Data files stored in the normal area in an unencrypted state as normal files, and data files stored in the security area in an encrypted state as security files,
The real file management information storage area specifies the position of the area occupied by the normal file in the normal area and the position of the empty area not occupied by the normal file, and the first area based on the head of the real media area Normal file management information described according to the coordinate system is stored,
A virtual data storage area in which a security file is stored and storage data can be read, written and erased in units of files, an occupation area position of each security file in the virtual data storage area, and an occupation of the security file The virtual file management information storage area for storing file management information described so that at least the unoccupied empty area position can be specified is the same as the media format that defines the formation form of the real data management area and the real file management information storage area A virtual media area formed according to the format is formed in the security area,
The virtual file management information storage area regards the virtual media area as another separate removable storage medium, and file management information for locating the security file occupation area and the empty area in the virtual data storage area, It is described according to the second area coordinate system based on the beginning of the virtual media area,
At the beginning of the security area, separately from the virtual media area, area coordinate conversion information for converting file management information described according to the first area coordinate system into file management information in the second area coordinate system, and A header area is formed to store authentication verification information for authenticating access to the security area, which is written in a fixed area in the header area.
By encrypting the information in the security area including the security file collectively, a macro security file that is handled as a virtual single file on the actual data storage area is formed. Macro security file storage location information for specifying the storage location on the actual data storage area is written outside the actual data storage area,
Access mode setting means for setting the access mode to the removable storage medium attached to the peripheral device to either a normal mode in which only the normal area can be accessed or a security mode in which the security area can be accessed;
By reading the macro security file storage position information from the removable storage medium, the position of the macro security file in the removable storage medium is specified, the authentication verification information information located at the head of the header area is read, and the authentication verification information An authentication means for authenticating the access right from the host device side to the removable storage medium,
An access mode setting control means for causing the access mode setting means to set the access mode to the security mode only when the authentication result by the authentication means is acceptance authentication;
A medium for transmitting virtual virtual exchange information from a peripheral device to a host device for virtual recognition of a removable storage medium that is attached to which the security mode is applied as another removable storage medium when the security mode is entered Virtual exchange information transmitting means;
When data access to the security area from the host device side after the transmission of the media virtual exchange information, the virtual file management information described in the second area coordinate system of the security file to be accessed is acquired, and the area File management information conversion means for converting into file management information described in the first area coordinate system using coordinate conversion information;
Security area access means for data access to the security area using the converted file management information, writing the file while encrypting the file when writing the file, and reading the file while decrypting the file when reading the file Features.

The peripheral device of the present invention is a peripheral device constituting the communication system of the present invention, wherein the removable storage medium is detachably attached to the slot, and is attached to the removable storage medium by a communication event. As a storage device that performs data access,
Authentication means for authenticating the access right from the host device side to the removable storage medium based on the authentication verification information written in the removable storage medium;
An encryption means for writing the data file to be written in the security area in an encrypted state;
Further, decryption means for decrypting and reading out the encrypted data file to be read out in the security area is provided.

  According to the present invention, the storage area of the removable storage medium can be accessed to the data file by a known file system, and the occupied area of each data file in the data storage area The area is divided into an empty area not occupied by the data file and a file management information storage area for storing file management information described so that the position of the area in the data storage area can be specified. A virtual media area dedicated to the security file is formed in the data storage area. In the present invention, the entire storage area including the data storage area and the file management information storage area of an actual removable storage medium is referred to as a “real media area” in order to distinguish it from the virtual media area. The storage area and the file management information storage area are referred to as “actual data storage area” and “actual file management information storage area”, respectively. This virtual media area forms a security area together with a header area separately formed in the actual data storage area, and all information in the security area is encrypted in a lump and is simply viewed from the actual media area. A macro security file is formed. The area outside the security area in the actual data storage area is used as a storage area (normal area) for encrypted normal files. The storage position of the macro security file on the actual data storage area is written outside the actual data storage area as macro security file storage position information.

  In the header area, authentication verification information for authenticating access to the security area is stored at the head (in an encrypted form). When attempting to access the security area from the host device side, the information of the fixed area at the head of the security area is read as authentication verification information and authentication processing is performed. Access for writing is allowed. At this time, the important point in the present invention is that the virtual virtual exchange information is transferred from the peripheral device to the host device (PC) as the access to the security area is permitted by the authentication acceptance. The purpose is to make the host device recognize that the new media whose substance matches the media area has been virtually exchanged (although not actually exchanged). That is, the virtual file management information is information indicating the storage location of the security file, but is recorded as information forming a part of the file written in the actual data storage area, not the actual file management information storage area. Therefore, as long as it continues to be recognized as the same medium, it cannot be read as file management information indicating the location of the security file. Therefore, in order to recognize virtual file management information that is not recognized as regular file management information on the real media area as file management information for the security file, the virtual media area is recognized as a new medium. It is indispensable.

  For normal files, the normal file management information for specifying the position of the occupied area and the free area of each normal file in the normal area is stored in the real file management information storage area based on the top of the real media area. It is described according to the area coordinate system, and the normal area can be accessed from the host device side using this normal file management information directly. On the other hand, the virtual media area is recognized as a new medium exchanged by the host device as described above, but the media has not actually been exchanged, and the entity actually uses a part of the actual data storage area of the same medium as the new media. It is just pretending to be. The virtual file management information for managing the security file written here is the second area coordinates based on the beginning of the virtual media area corresponding to the new media from the peripheral device that is recognized as being replaced with the new media. Although it must be described according to the system, access to the actual media area of the media that has not been actually exchanged is not changed from the perspective of the peripheral device that directly performs the access operation to the media. In addition, file management information described according to the first area coordinate system must be used.

  Therefore, area coordinate conversion information for converting file management information described according to the first area coordinate system into file management information in the second area coordinate system is stored in the header area of the security area. When an access event to the security area occurs, the access position is recognized from the virtual media area (that is, the new media) using the file management information described in the second area coordinate system, and the area coordinate conversion information Thus, the virtual file management information is sequentially converted into file management information described in the first area coordinate system indicating the access position of the actual medium and is given to the peripheral device (this conversion operation is performed on the OS). Depending on the running application, it can be done on the host device side or on the peripheral device side Both, it is both possible).

As a result, the following effects are achieved in the present invention.
(1) In normal mode, the entire security area (even if multiple security files are stored) can be seen as only one encrypted macro security file, and its contents are very difficult to decipher. realizable. In addition, data destruction due to erroneous access to the macro security file is unlikely to occur.
(2) The start position of the security area to be decrypted (the writing position of the macro security file) is written as a macro security file storage position information in a predetermined area in the medium, and authentication verification information for authentication is stored Since it is described in a fixed manner at the beginning, the authentication verification information itself is determined by the host device even though the internal data structure of the macro security file itself cannot be identified by encryption. The sequence can be read from the media without problems. In other words, it is not necessary to mount authentication logic unique to the medium, and as a result, high security is realized even though the medium is a detachable medium that does not include the security hardware logic. In addition, since a predetermined necessary portion (for example, a (virtual) file allocation table described later) of the macro security file may be decrypted at once in response to the authentication result, the encryption history as in Patent Document 1 is used. Decryption can be easily performed without performing recording or searching for the encryption history.

  The removable storage medium to which the present invention is applied may be a removable storage medium not equipped with security hardware logic, for example, a card-type storage medium (without a storage control device). it can. Further, although the security hardware logic is not installed, the storage control device may be a detachable storage medium that is integrally incorporated.

  The removable storage medium can be configured as follows. That is, the real media area is divided into a plurality of sectors of a certain size, and the data file is read, written, and erased in units of the sector, and area coordinates for specifying the positions of the occupied and empty areas of the file It is assumed that the system is defined by using a sector number assigned to each sector by a serial number in order to individually identify a series of sectors. The security area is formed as a continuous continuous area of sectors in the actual data storage area. It is assumed that the number is described using a first sector number string as a first area coordinate system determined based on the head sector number of the actual media area. In the virtual file management information storage area, the file management information includes a second area coordinate system in which the occupation sector number of the security file and the empty sector number not occupied by the security file are determined with reference to the head sector number of the virtual media area. Is described using the second sector number string. The area coordinate conversion information includes offset information that can specify the number of offset sectors from the head sector position of the actual data storage area to the head sector position of the virtual data storage area.

The communication system in this case is
Sector number notifying means for notifying the host device of the number of security sectors in the portion excluding the header of the security area after the transmission of the media virtual exchange information as the number of sectors of another virtual removable storage medium;
When accessing the security area from the host device side, the sector number of the file to be accessed described using the second sector number sequence received from the host device side is used as the first sector number sequence using the offset information. Sector number conversion means as file management information conversion means for converting into a sector number of a file to be accessed described by using the security area access means, data access to the security area with the sector number after the conversion Is configured to perform.
With this configuration, by subtracting the number of offset sectors, the first sector number can be easily converted to the second sector number, and the sector conversion processing algorithm for recognizing the virtual media area as a new medium is greatly simplified. Can be

  When such a sector structure is adopted, in order to achieve the effect (2) described above, the actual file management information storage area is provided in a sector area adjacent to the head side of the actual data storage area. In the virtual media area, the virtual file management information storage area is provided in the sector area adjacent to the head side of the virtual data storage area, and the header area is adjacent to the head side of the virtual media area in the security area. It is necessary to have a configuration provided in the sector area.

  Next, the authentication verification information is verification information obtained by encrypting predetermined information with an encryption key, and is stored at a fixed number of bytes at the head of the header area as information that does not match verification with the encryption key itself. It is desirable to keep it. According to this configuration, since an encryption key such as a password is not directly written in the medium, security can be further improved.

  In addition, in order to specify the end sector of the security area (that is, the size of the security area), the header area stores virtual data storage area sector number information for specifying the number of sectors in the virtual data storage area. It is necessary to keep. If this virtual data storage area sector number information can be rewritten by a command value from the host device (for example, set based on information input by the user if desired), the size of the security area set in the medium Can be changed freely. Further, when the normal area is formed so as to be divided before and after the security area, the normal area following the security area can be specified based on the virtual data storage area sector number information.

  Next, in the media format described above, the actual data storage area, the actual file management information storage area, and the boot sector adjacent to the head side of the actual file management information storage area constitute only one partition area in the medium. The hard disk format conforming to ANSI (American National Standard Institute) can be emulated. In the hard disk format, the boot sector is secured as a storage sector of an initial program loader (IPL) for using the partition area as a boot disk. In this case, in the real file management information storage area, the storage sector of the file allocation table (FAT) that stores the occupied sector number of the normal file in association with the file name and the root directory (RD) of the normal file from the head side. ) Storage sector is secured. The first sector of the real media area searches for the presence of the initial program loader in the partition area, and a master boot program for starting it and a master table for storing a partition table storing partition information in the medium. Reserved as a boot record sector (MBR). By adopting this method, the hard disk standard infrastructure widely spread by ANSI can be applied to the removable storage medium, and the burden of software development related to read / write control of the data file can be greatly reduced. In this case, as the macro security file storage location information, the occupied sector number of the macro security file (because it is a continuous sector, it may be possible to specify only a specific sector (for example, the first sector)), the master boot record sector, the boot It may be written in either the sector or the file allocation table.

  Data access from the host device to the removable storage medium (peripheral device (storage device)) is, for example, SCSI communication in addition to the first method in which access is made in units of data files using a file system operating on the OS. By using an applied additional information communication mechanism, which will be described later, a second method of accessing in units of sectors in the form of independent data that does not constitute a data file is also possible.

  In this case, assuming that a partition area that is not defined as a storage area is not used as a boot disk, an empty area reserved for storing the master boot program in the master boot record sector (that is, the function of the system boot disk as the medium to be used) If the master boot program is not provided, it is not necessary to install a master boot program), and the occupied sector number (macro security file storage location information) of the macro security file can be written. In addition, since it is not necessary to install an initial program loader in the boot sector on the premise that the partition area is not used as a boot disk, the occupation sector number of the macro security file is written in the free space reserved for the storage. You can also. Either method can be easily realized by adopting the second method.

  On the other hand, if the first method is assumed, the occupation sector number of the macro security file may be written in the file allocation table in a form associated with the fixed file name uniquely determined for the macro security file. it can. In other words, by assigning a file name to the macro security file and registering it in the file allocation table (for normal mode) so that it can be revealed as a file even in normal mode, the macro security file can be saved from the file system on the OS. The storage position can be easily specified.

  As a specific method for writing authentication verification information into the removable storage medium as verification information obtained by encrypting information predetermined by an encryption key and not matching with the encryption key itself, The following can be illustrated. That is, an authentication verification information storage area is provided in the above-described header area for storing predetermined verification source data as authentication verification information in a state encrypted with the master encryption key. The peripheral device is provided with security master information storage means for storing the original data for verification as security master information, and the authentication means receives an encryption key that also serves as a decryption key as security reference information from the host device side. The information obtained by decrypting the verification verification data using the authentication key is used as verification target information. When the verification target information matches with the security master information, the acceptance authentication is performed. When the verification target information does not match, the rejection authentication is performed. The encryption key is, for example, a password that is individually hidden by the user. Data protection can be more reliably achieved by a collation process combining a password and encryption. Further, in the above method, it is not necessary to provide a password registration unit for each user on the peripheral device side, and the password is not directly written to the storage medium. Since it is encrypted information, it is more secure. In addition, by using a password that doubles as an encryption key and a decryption key, a unique key pairing with a secret key (encryption key) is made on the host device side as in the public encryption key method. This is convenient because it is not necessary to register the public key (decryption key) one by one.

Next, the communication system of the present invention includes:
A host device having a communication event activation decision right and a peripheral device to be communicated with the host device connected to the host device, and a command for instructing execution of the communication event is transmitted from the host device to the peripheral device. The peripheral device that has issued the issued command sequentially executes the data processing corresponding to the command, and returns response information corresponding to the execution result to the host device side. In addition, it can be configured as a communication system having a main communication protocol in which the command issue direction is restricted in one direction from the host device side to the peripheral device side. in this case,
A predetermined frame that is provided on the host device side and issues a survey request command requesting the peripheral device itself to perform a survey report process on the peripheral device, and indicates the content of the survey report instruction when the survey request command is issued Survey instruction data creating means for creating survey instruction data having a format and additional information written in a predetermined field of the frame;
Survey instruction data transmission means for transmitting the created survey instruction data to the peripheral device;
Survey report data generating means provided in the peripheral device, receiving survey instruction data, and generating survey report data having a predetermined frame format;
A survey report data transmitting means provided in the peripheral device and transmitting the survey report data as response information to the host device;
It is possible to construct an additional information communication mechanism that is provided on the peripheral device side and includes additional information extraction means for extracting additional information from a predetermined field of the received survey instruction data.
And as a functional means realized by the additional information communication mechanism,
Security reference information transmitting means for transmitting the security reference information acquired on the host device side to the peripheral device as additional information on the investigation instruction data is provided,
The peripheral device has authentication means for authenticating the access right from the host device side to the removable storage medium using the authentication verification information written in the removable storage medium and the security reference information received from the host device. Can be provided.

In this case, assuming that the peripheral device of the present invention is used for the above-described configuration of the communication system of the present invention,
Survey report data generating means for receiving survey instruction data and generating survey report data having a predetermined frame format;
Investigation report data transmission means for transmitting investigation report data to the host device as response information;
And additional information extracting means for extracting additional information from a predetermined field of the received survey instruction data.

  The main purpose of the main communication protocol is to send and receive data files to and from the storage device that constitutes the peripheral device, and control processing that is not supported by the main communication protocol (particularly, a communication event is started on the peripheral device side). Such information) needs to be handled as additional information independent of the control information supported by the main communication protocol. It is meaningless to write such additional information in the main body of the data file to be transmitted / received. This is because, when trying to refer to the contents of additional information on the host device side or peripheral device side for control execution etc., it is necessary to launch application software for opening the data file, which is not realistic at all. is there. However, according to the above configuration, the investigation request event for requesting the peripheral device to perform investigation report processing on the peripheral device itself with the additional information communication mechanism peculiar to the host device side to send the additional information to the peripheral device side. By writing in the predetermined field of the survey instruction data created with the issuance of the survey request command in the form of using, it is surely transmitted without going through the data file under the control of the main communication protocol Can do.

  In the present invention, the security reference information acquired on the host device side can be transmitted to the peripheral device as additional information on the survey instruction data by the additional information communication mechanism. The peripheral device uses authentication verification information written in the removable storage medium and security reference information received from the host device to authenticate the access right from the host device side to the removable storage medium. A communication mechanism for security authentication of a removable storage medium attached to a peripheral device despite being restricted in one direction from the PC side to the peripheral device side. realizable.

  As the main communication protocol, in the present invention, the SCSI protocol (either SCSI-1, SCSI-2, or SCSI-3: in particular, SCSI-2 that is still used in many OS kernels) is adopted. However, it is not limited to this.

  On the other hand, in the present invention, the peripheral device and the host device can be polled by the peripheral device from the host device side through a serial communication mechanism in which the reverse polling of the host device from the peripheral device side is impossible. Information transfer between the host device and the peripheral device for connecting and executing the communication event can be configured to be executed by serial communication in a format in which the host device polls the peripheral device. In this configuration, the host device cannot be polled from the peripheral device side (that is, the peripheral device side is not given the right to start communication), so that the above-described effects can be exhibited more effectively. In addition, the communication interface on the host device side for directly connecting peripheral devices is greatly simplified, and the system configuration can be reduced in weight and cost. An example of such a serial communication standard is USB (Universal Serial Bus). Further, in this specification, a peripheral device that adopts the SCSI protocol as a main communication protocol and is connected to the host device by a serial communication bus according to the USB protocol is also referred to as a USB / SCSI type peripheral device.

  More specifically, when the USB is employed, the peripheral device can be configured as follows. That is, a command analysis step for receiving a command from the host device and analyzing the command content, a data processing step for executing data processing reflecting the analysis content of the command, and response information indicating the result of the data processing are sent to the host device. A response information reply step for replying is executed in this order, and an access control device for controlling communication processing on the peripheral device side, and mutual transfer of the command and response information is performed by the host device with a plurality of access control devices. And a serial communication unit that executes serial communication in a polling format. The access control device includes a transmission / reception unit that transmits / receives command and response information to / from the serial communication unit, and a control execution entity that interprets the command and performs data processing according to the content. Note that the transmission / reception unit and the serial communication unit can be integrated in a dedicated IC. In this configuration, commands or response information according to a main communication protocol such as SCSI can be exchanged without problems via a bus for serial communication according to the USB protocol.

  More specifically, the serial communication unit on the peripheral device side performs communication processing for transferring command and response information between the communication bus connection terminal for connecting the serial communication bus from the host device and the serial communication bus and the transmission / reception unit. A communication control unit that executes communication protocol unit connected to a communication bus connection terminal, and the protocol engine unit via a bidirectional endpoint for control comprising a FIFO memory. A control command unit that is connected and controls the transfer communication process can be provided. The transmission / reception unit has an input / output path to the protocol engine unit via an input endpoint to the protocol engine unit composed of a FIFO memory and an output endpoint from the protocol engine unit composed of a FIFO memory. Can be connected separately. In addition, the communication control unit receives from the host device side the identification information of the transmission / reception unit to be accessed and the identification information of the endpoint corresponding to the transmission / reception unit, and polls each transmission / reception unit as a target device. It can be configured to be. Endpoints serving as transmission / reception data buffers are provided independently on the transmission side and the reception side, and the data transfer direction can be easily specified depending on which endpoint is designated at the time of polling.

  Next, in the present invention, as the functional means realized by the additional information communication mechanism, the authentication result request information for requesting the authentication result reflection information reflecting the authentication result by the authentication means to the peripheral device is added to the additional information on the investigation instruction data. As the response information, the survey report data in which the authentication result reflection information is written as the corresponding additional information corresponding to the additional information from the host device side in the predetermined frame of the survey report data. It is possible to provide an authentication communication means for sending a reply to the host device. In this case, the host device can be provided with authentication result reflection information output means for outputting the returned authentication result reflection information. A unique additional information communication mechanism can return the authentication result of the removable storage medium from the peripheral device to the host device without any problem. The user can grasp it properly.

  Further, in the present invention, as the functional means realized by the additional information communication mechanism, the access mode report instruction information for causing the peripheral device to report the type of access mode set in the peripheral device is included in the investigation instruction data. An access mode in which the access mode setting means reports the access mode being set as the additional information corresponding to the additional information from the host device side in the predetermined frame of the investigation report data. Access mode report communication means can be provided for returning the investigation report data in which the report information is written as response information from the peripheral device side to the host device. In this case, the host device can be provided with an access mode type display means for displaying the type of the access mode acquired by the access mode report communication means. With this configuration, the user can easily grasp what access mode is set in the peripheral device by displaying on the host device side.

  The host device can be provided with an access mode selection means for selecting either the normal mode or the security mode as the access mode. In this case, as the functional means realized by the additional information communication mechanism, when the normal mode is selected on the host device side, normal mode shift instruction information for instructing the peripheral device to shift to the normal mode is obtained as the survey instruction data. The normal mode transition instruction information transmitting means for transmitting to the peripheral device as additional information above, and the peripheral device receiving the normal mode transition instruction information, the access mode setting means sets the access mode to the normal mode, and the investigation report Normal mode in which normal mode setting completion report information for reporting completion of setting to normal mode is returned to the host device as investigation report data as corresponding additional information corresponding to additional information from the host device side in a predetermined frame of data Setting completion report information return means can be provided. Thus, when the normal mode is selected on the host device side, it can be transferred to the peripheral device without any problem, and the normal mode can be quickly set on the peripheral device side. On the other hand, the host device has security reference information input means, and the above-described security reference information transmission means can be configured to transmit the input security reference information to the peripheral device as additional information on the survey instruction data. . As a result, when the security mode is selected on the host device side, the security reference information input by the user can be transferred to the peripheral device without any problem. The security mode can be quickly set.

  The survey instruction data creation means writes the additional information in the field specified in the main communication protocol so that the information other than the additional information is stored as the main storage information to be stored in the survey instruction data in the form of using the additional information as the main storage information. Can be. When the main communication protocol conforms to an off-the-shelf communication standard such as the SCSI protocol, there may be no room for newly setting a dedicated field for additional information in the frame of the survey instruction data. At this time, if the additional information (including additional information) is written to the field prepared for the main storage information that is completely different from the original additional information as described above, As described above, even when there is no room for providing a dedicated field, additional information can be written without any problem.

  For example, the peripheral device incorporates or is detachably mounted with a removable storage medium capable of at least data access related to data reading, and performs data access to the removable storage medium by a communication event. When configured as a storage device, in the survey instruction data, when executing a communication event related to reading or writing data to or from a removable storage medium according to the main communication protocol, the removable storage assigned to the read process or write process A field for setting the allocation length of the memory area on the medium can be secured as an allocation length setting field. In this case, the occurrence report instruction information that is also used as the allocation length information can be written in the allocation length setting field, with the allocation length information as the main storage information. In this way, it is possible to transmit unique additional information not defined in the main communication protocol to the peripheral device side in a form that is also used as allocation length information.

  In the main communication protocol, when the size of the allocation length setting field is set to a certain bit length, the following clever method exists to form an empty area in which the additional information is written in the allocation length setting field. That is, the number of bits when the maximum value that can be set as the allocation length is expressed in bytes is set to be less than the total number of bits in the allocation length setting field. If an allocation length exceeding the maximum value is described in the allocation length setting field, the maximum value is determined as the actual setting value of the allocation length regardless of the described allocation length value. Then, different additional information contents including additional information can be defined in a manner that uniquely associates with a redundant allocation length description value exceeding the maximum value. For example, when a CDB of an inquiry command (to be described later) in the SCSI protocol is used as the survey instruction data, this CDB consists only of fields allocated for SCSI protocol control, and there is no room for the user to write new data. Looks like not. However, by setting the maximum value that can be set as the allocation length as described above in the allocation length setting field that is originally the main storage information of the SCSI protocol, the maximum value is set to be less than the total number of bits of the allocation length setting field. It is possible to give a meaning as additional information including additional information to the setting description value of the redundant allocation length that exceeds.

  Next, in the case of the SCSI protocol or the like, there are cases where some types of investigation request commands are prepared. In this case, what type of investigation request command is used may be a problem. For example, a storage device in which a peripheral storage device is detachably mounted with a removable storage medium capable of data access related to both reading and writing of data, and performs data access to the removable storage medium by a communication event. When configured as a device, the peripheral device includes a replacement notification information holding unit that holds replacement notification information for notifying the host device of replacement of the removable storage medium when the removable storage medium is replaced. When the predetermined first type command is received from the host device, the exchange notification information held in the exchange notification information holding means is cleared after the execution of the command, and the second type other than the first type command is also cleared. When a seed command is received, an exchange that holds the exchange notification information holding state by the exchange notification information holding means even after execution of the command There are cases where the broadcast information holding control section is provided. In this case, it is strongly recommended to use the second type command as the investigation request command to be used. This is because when the first type command is used for such a purpose, the exchange notification information is cleared at the end of the process, even though it is an additional information transmission event that does not require the exchange notification information. When a system component (for example, a file system) that originally needs the exchange notification information on the device side cannot obtain the information, and the storage contents of the removable storage medium are destroyed. Because there is.

  As the investigation request command, for example, a configuration / attribute investigation request command for instructing a peripheral device to report configuration / attribute identification information that is information for identifying the configuration and attributes of the peripheral device itself can be employed. Such a communication event related to specifying the configuration and attributes of the peripheral device itself indicates, for example, what type of peripheral device (device: target in the case of SCSI) is connected on the main communication protocol. Although it is often used for the purpose of executing for recognition at the time of start-up, here it is issued at an arbitrary timing even after the apparatus is started up in order to realize the additional information communication mechanism. The communication event defined by the configuration / attribute investigation request command is originally intended only to recognize the so-called “feature” of the peripheral device (which remains unchanged when the device is in use). When the removable storage medium is exchanged before and after the occurrence, it should not be unnecessarily affected in the exchange notification information holding state or the like, so it is desirable to prepare it as the second type command. By diverting this information to the additional information communication mechanism, it is possible to prevent the above-mentioned troubles without affecting the holding state of the exchange notification information, even if the command is repeatedly issued.

  When the main communication protocol is the SCSI protocol, it is desirable to use an inquiry command as the above-mentioned investigation request command. In this case, the investigation instruction data sent from the host device (initiator) to the peripheral device (target) describes the detailed contents of the inquiry command, CDB (Command Descriptor Block: command description block, and the frame format for each command conforms to the SCSI protocol. The investigation report data returned from the peripheral device (target) to the host device (initiator) is inquiry data (the frame format is defined in detail by the SCSI protocol). Table 1 shows a CDB format corresponding to the inquiry command.

  In the SCSI protocol, the type of inquiry data returned from the peripheral device (target) can be specified on the host device (initiator) side. Specifically, a field called EVPD (Enable Vital Product Data) (1 bit) and a field called page code (8 bits) are formed in the CDB corresponding to the inquiry command. As shown in Table 2, for a CDB in which “0” is described in the EVPD field (hereinafter abbreviated as CDB (0)), the inquiry data is related to the peripheral device specifications as shown in Table 3. Instead, standard inquiry data (hereinafter abbreviated as S / I data) whose format and contents are defined in common is returned. Of the S / I data, an empty area that is not directly used for communication control by the SCSI protocol can be used as a description field of specific corresponding additional information.

  For example, in the S / I data, a fixed-length field (hereinafter referred to as a vendor-specific area) for describing information specific to a device vendor is provided. If there is an empty area in this field, It can be used as a description field for specific response information. Although the number of bits is very small, the following empty areas can also be used as a description field for specific response information. In other words, the additional data length field (data length after byte 5 of S / I data) set to 8 bits may have a maximum data length of less than 8 bits due to the upper limit of the data frame length in S / I data. is there. In this case, when a data length exceeding the maximum data length is specified in the additional data length field, the maximum data length is specified regardless of the description content of the additional data length field. As a result, the range of bit values exceeding the maximum data length can be utilized as a “vacant area” for describing the corresponding additional information substantially.

  On the other hand, as shown in Table 4, a CDB in which “1” is described in the EVPD field (hereinafter abbreviated as CDB (1)) provides detailed or device-specific information to the host device (initiator). As shown in Table 5, special inquiry data called VPD (Vital Product Data) is returned.

The VPD are defined several types, or to specify the VPD of which type to describe (specifically page code field of the CDB, pages Listing (Page _Code: 00 h), FRU ASCII information (page _code: 01 h _~7F h), the unit serial number (page code: ₈₀ h), the operation mode definition (page _code: 81 h), ASCII operation mode definition (page code: ₈₂ h), and vendor-specific format (page _code: C0 h _~FF h)). The peripheral device creates a VDP of the type specified in the page code field and returns it to the host device. In particular, in the VPD in the FRU ASCII information format and the ASCII operation mode definition format, a data length field in which necessary ASCII information is written and an ASCII information field specified by the data length are formed following the page length field. However, the subsequent fields can be used as vendor-specific areas as “empty areas” for describing corresponding additional information. For example, in the VPD in the ASCII operation mode definition format, if the ASCII information field is defined as a field with a small number of bytes (for example, 1 to 3 bytes) for describing the version information of the device, the remaining vendor-specific area It is possible to ensure a relatively large field length, and to write corresponding additional information that is somewhat large in size.

  In the SCSI protocol, an event or a state change occurs on a target (peripheral device) or one or a plurality of logical units included therein (or one or a plurality of media mounting slots when the peripheral device is a storage device). A function is provided for generating a unit attention condition for notifying the initiator when it occurs asynchronously with the operation of the host device (initiator). When the removable storage medium is exchanged in the peripheral device, the exchange notification information is reflected in the generated unit attention condition. In the SCSI protocol, when an inquiry command is issued to a peripheral device that has such a unit attention condition pending, the peripheral device does not clear the pending unit attention condition (however, Copy The issued Inquiry command is executed (created / returned Inquiry data) only when the Aborted (CA) state is generated. Therefore, when a response request event for corresponding additional information is activated, the unit attention condition including the replacement notification information is retained even when the removable storage medium is replaced by using the inquiry command. Therefore, loss of exchange notification information can be prevented. It is clear that the inquiry command corresponds to the above-described second type command.

  In the SCSI protocol, another investigation request command called a Request Sense command can also be used. The Request Sense command is a command for requesting sense data for reporting, for example, an error cause and type to a peripheral device (target), and the sense data is described and returned as a survey report data in a frame of a prescribed format. In the present invention, it is also possible in principle to write the corresponding additional information using the empty area of the sense data and return it to the host device. However, in the SCSI protocol, when a Request Sense command is issued to a peripheral device for which a unit attention condition is pending, the peripheral device clears the pending unit attention condition (however, Copy). (Only before the generation of the Aborted (CA) state) When a removable storage medium is replaced, the unit attention condition including the replacement notification information is cleared and the replacement notification information may be lost. There is. That is, the Request Sense command corresponds to the first type command described above.

  Hereinafter, a communication system 1 according to an embodiment of the present invention will be described with reference to the drawings as appropriate. 1 is a perspective view of a multi-reader / writer 2 (storage device: an example of a peripheral device) applied to the communication system 1, FIG. 2 is a block diagram showing a schematic configuration of the multi-reader / writer 2, and FIG. It is a block diagram which shows schematic structure of PC3 (an example of a host apparatus) performed. Note that the configuration of the communication system 1 described below is merely an example for embodying the present invention, and it is natural that the configuration can be appropriately changed without departing from the gist of the present invention.

  As shown in FIG. 1A, the multi-reader / writer 2 has a first memory card 11 (for example, a CF) for inserting a first memory card 11 (for example, CF) as a removable card-type storage medium (detachable storage medium) on the front surface thereof. A slot 16, a second slot 17 for inserting a second memory card 12 (for example, SM), a third slot 18 for inserting a third memory card 13 (for example, MS), and a fourth memory card 14 (for For example, a fourth slot 19 for inserting SD) is provided. In this embodiment, the multi-reader / writer 2 is described as an example of the peripheral device, but the present invention is also applicable to a single slot type reader / writer.

  The multi-reader / writer 2 is configured as a USB / SCSI type peripheral device, and a USB terminal 24 for connecting a USB cable 25 (see FIG. 2) is provided on the rear surface thereof as shown in FIGS. 1B and 2. Yes. In this embodiment, it is assumed that the SCSI-2 protocol is adopted as the main communication protocol. As shown in FIG. 2, the multi-reader / writer 2 includes therein a CPU 27 that controls each component, a ROM 28 that stores a control program, various data, and the like, and a RAM 29 that is a work area for computation by the CPU 27. An input / output control LSI 31 and a USB chip 32 are provided, and these are connected via a bus 33 so that data can be transferred to each other. The multi-reader / writer 2 performs data communication according to the SCSI protocol with the PC 3 to which the multi-reader / writer 2 is connected.

  Specifically, the ROM 28 stores a communication control program created based on the SCSI protocol and a table list of analysis data used for analyzing data (CDB) transmitted from the PC 3. In order for the reader / writer 2 to function as a target of a SCSI compatible device, a communication event execution control process corresponding to the received SCSI command is performed. The first to fourth memory cards 11 to 14 that are detachably mounted in the slots 16 to 19 are, for example, compact flash (CF: registered trademark), smart media (SM: registered trademark), memory stick (MS). : A registered trademark), an SD memory card (SD: registered trademark), and the like, a card-type storage medium equipped with a flash memory capable of data access such as data writing, rewriting, erasing, reading, and media loading confirmation by the PC 3.

  In accordance with the SCSI protocol, the PC 3 is given the right to determine a communication event as a host device, and the multi-reader / writer 2 connected to the PC 3 (host device: initiator) becomes a communication target (target) of the PC 3 (host device). . SCSI commands for instructing execution of communication events are sequentially issued from the PC 3 (host device) to the multi-reader / writer 2 (peripheral device), while the multi-reader / writer 2 (peripheral device) that has received the issued command. ) Sequentially executes data processing corresponding to the SCSI command, and returns response information corresponding to the execution result to the host device side. Also, the issuing direction of the SCSI command is restricted to one direction from the PC 3 (host device) side to the multi-reader / writer 2 (peripheral device) side.

  Next, the USB chip 32 includes a command / data / status transmission / reception unit (hereinafter simply referred to as “transmission / reception unit”; transfer element transmission / reception unit) 341 provided in common to the external memory input / output control units 51 to 54. The USB protocol engine (protocol engine unit) 321 connected to the USB terminal (communication bus connection terminal) 24 and the USB control unit (control command unit) 331 for controlling the transfer communication processing are integrated.

  Here, a portion composed of a USB protocol engine (protocol engine unit) 321 and a USB control unit (control command unit) 331 corresponds to a communication control unit, and this communication control unit and a USB terminal (communication bus) The portion composed of the connection terminal 24 corresponds to the serial communication unit.

  Each USB control unit 331 is connected to a corresponding USB protocol engine 321 via a bidirectional endpoint for control including a FIFO memory. The transmission / reception unit 341 inputs / outputs the USB protocol engine 321 via an input endpoint to the USB protocol engine 321 including a FIFO memory and an output endpoint from the USB protocol engine 321 including a FIFO memory. Routes are connected in a separate form.

  Each of the communication control units including the USB protocol engine 321 and the USB control unit 331 receives the specific information of the transmission / reception unit 341 and the specific information of the endpoint corresponding to the transmission / reception unit 341 from the PC side. By polling the transmission / reception unit 341 as a target device, the data access destination is the external memory input / output control units 51 to 54 and the data transmission / reception direction is specified. As a matter of course, reverse polling of the PC 3 as the host device from the transmission / reception unit 341 side serving as the target device is not permitted in the USB protocol.

  The transmission / reception unit (transfer element transmission / reception unit) 341 transmits / receives to / from the USB protocol engine 321 according to the SCSI protocol. Here, the transfer element is a command (SCSI command) for specifying the content of the communication event exchanged with the PC 3 via the USB bus, and is returned from the peripheral device side corresponding to the execution of the communication event process. (If the processing content specified in the SCSI command is data access processing related to transmission / reception of data stored in the memory card, the data is also a transfer element).

  As shown in FIG. 3, the transmission / reception unit 341 includes a control register 81 (see FIG. 4), a status register 82 (see FIG. 5), a SCSI command buffer 83, a SCSI status buffer 84, a SCSI data DMA address register 85, a SCSI A data DMA count register 86 is provided. Details of these will be described later.

  The CPU 27 analyzes the command analysis step for analyzing the SCSI command received by the transmission / reception unit 341 and the communication event having the content specified by the SCSI command into the target external memory input / output control units 51 to 54 (that is, the reader / writer 2). When the target is a target, an event execution step performed with a plurality of logical units) and a status transmission step for transmitting the status to the transmission / reception unit 341 are performed in this order.

  In the multi-reader / writer 2, when data is read from or written into the inserted memory card, a memory area used for reading data from the memory card or a memory area used for storing data in the memory card Is assigned. The data length of the allocated memory area is called the allocation length. Generally, the allocation length is set to a specified data length from the PC 3 that accesses the multi-reader / writer 2, but in this embodiment, the maximum allocation length that can be set by the multi-reader / writer 2 is determined from the PC 3 side. It is set to less than the maximum value that can be specified.

  As shown in FIG. 6, the PC 3 includes a CPU 41 that controls each component, a ROM 42, a RAM 43, an HDD 44 that stores various software programs and data, a video control LSI 45, a USB chip 46, and a video terminal 47. And a USB terminal 48 having a plurality of input / output ports, which are connected to each other via a bus 49 so that data can be transferred to each other. These parts are integrated into a main control board called a so-called mother board. A display 56 is connected to the video terminal 47 via a video cable. The USB terminal 48 has a USB hub function. Input means such as a keyboard 57 and a mouse 58 are connected to the USB terminal 48, and the multi-reader / writer 2 is further connected.

  The ROM 42 stores data to be transmitted to the multi-reader / writer 2 and instructs the CPU 27 of the multi-reader / writer 2 to execute a predetermined process. The instruction data is stored in the HDD 44 or the ROM 42 in the form of a table list. In addition, in the program storage area of the HDD 44, it is possible to write and read data to and from the SP3 (hereinafter referred to as “WIN2000”) of Windows 2000 (registered trademark), which is the operation system of the PC 3, and the multi-reader / writer 2. A software program such as an R / W application is stored. These software programs are read by the CPU 41 and subjected to predetermined calculation processing, whereby each application can operate on the PC 3. The program storage area stores a data communication program according to the SCSI protocol with the multi reader / writer 2. In this embodiment, the PC 3 on which WIN2000 is installed will be described as an example. However, an OS such as a Linux series or a MacOS series may be installed. Of course, SP3 of Windows 2000 can be replaced with SP4 or Windows XP (registered trademark).

  The R / W application, the data communication program on the PC 3 side, and the control program on the reader / writer 2 side cooperate with each other to perform processing for functionally realizing the following means.

Survey instruction data transmission means: provided on the PC 3 (host device) side, issues a survey request command for requesting survey report processing for the multi reader / writer 2 (peripheral device) itself to the multi reader / writer 2 (peripheral device). Along with the issuance of the survey request command, the survey instruction data that has a predetermined frame format indicating the content of the survey report command and creates survey command data in which additional information is written in a predetermined field of the frame The creating means and the created survey instruction data are transmitted to the multi-reader / writer 2 (peripheral device).
Survey report data generation means: provided in the multi-reader / writer 2 (peripheral device), receives survey instruction data, and generates survey report data having a predetermined frame format.
Survey report data transmission means: provided in the multi-reader / writer 2 (peripheral device), and transmits survey report data to the PC 3 (host device) as response information.
Additional information extraction means: provided on the multi-reader / writer 2 (peripheral device) side, extracts additional information from a predetermined field of the received survey instruction data. The above constructs the additional information communication mechanism referred to in the claims.

The functional means realized by the additional information communication mechanism are as follows.
Security reference information transmission means: The security reference information (in this embodiment, the password input by the user) acquired on the PC 3 (host device) side is added to the multi-reader / writer 2 as additional information on the survey instruction data. To (peripheral device).
Correspondingly, as described below, the multi-reader / writer 2 (peripheral device) uses authentication verification information written in the card-type storage medium and security reference information received from the PC 3 (host device). Thus, authentication means for authenticating the access right from the PC 3 (host device) side to the card type storage medium is formed.

Authentication communication means: Multi-reader / writer 2 (peripheral device) using authentication result request information requesting authentication result reflection information reflecting the authentication result of the authentication means to multi-reader / writer 2 (peripheral device) as additional information on the survey instruction data The survey report data in which the authentication result reflection information is written as the corresponding additional information corresponding to the additional information from the PC 3 (host device) side in the predetermined frame of the survey report data is sent as the response information to the multi-reader A reply is sent from the writer 2 (peripheral device) to the PC 3 (host device).
Correspondingly, authentication result reflection information output means for outputting the returned authentication result reflection information is formed in the PC 3 (host device).

Access mode report communication means: Access mode report instruction information for causing the multi reader / writer 2 (peripheral device) to report the type of access mode set in the multi reader / writer 2 (peripheral device) Is transmitted to the multi-reader / writer 2 (peripheral device) as additional information, and the access mode setting means sets corresponding additional information corresponding to the additional information from the PC 3 (host device) side in a predetermined frame of the survey report data. The investigation report data in which the access mode report information for reporting the access mode is written is returned as response information from the multi-reader / writer 2 (peripheral device) side to the PC 3 (host device).
Correspondingly, an access mode type display means for displaying the type of the access mode acquired by the access mode report communication means is formed in the PC 3 (host device).

Normal mode transition instruction information transmission means: Normal mode transition instruction information for instructing the multi-reader / writer 2 (peripheral device) to transition to the normal mode when the normal mode is selected on the PC 3 (host device) side, It is transmitted to the multi-reader / writer 2 (peripheral device) as additional information on the survey instruction data.
Normal mode setting completion report information return means: The multi-reader / writer 2 (peripheral device) that has received the normal mode shift instruction information sets the access mode to the normal mode in advance as the investigation mode data is set in advance. As the corresponding additional information corresponding to the additional information from the PC 3 (host device) side, the normal mode setting completion report information for reporting the completion of setting to the normal mode is returned to the PC 3 (host device) as the investigation report data in the determined frame. To do.

  Further, the PC 3 (host device) is selected by selecting an access mode selection means for selecting either a normal mode or a security mode as an access mode, an input means for security reference information, and a security mode. And input control means for accepting input of security reference information from the input means. The above-described security reference information transmitting means transmits the input security reference information to the multi-reader / writer 2 (peripheral device) as additional information on the survey instruction data.

  First, an outline of data communication performed between the PC 3 and the reader / writer 2 connected to the PC 3 via the USB-I / F 78 based on the SCSI command will be described with reference to FIG. The OS 70 includes a GUI (Graphical User Interface) 71, a file system 72, and an OS kernel 73, and the basic system is configured. The GUI 71 is a user interface that realizes a user input operation using a computer graphics and a pointing device such as a mouse, and the file system 72 is a method and a management system for managing data using files and folders inside the computer. It is. The OS kernel 73 is software that implements basic functions such as monitoring applications and peripheral devices. The PC 3 is preinstalled with driver software 74 so that the reader / writer 2 can be accessed, and the driver software 74 is mounted on the OS kernel 73 in a modular state.

  For example, it is assumed that an explorer 75 and an R / W application 76, which are examples of applications for accessing the reader / writer 2, are activated on the PC 3. As is well known, the explorer 75 is for managing files and folders. The explorer 75 is created in conformity with the OS 70 system and is generally recognized as a function of the OS 70. Therefore, the explorer 75 communicates with the reader / writer 2 via the file system 72. On the other hand, the R / W application 76 is unique application software developed by the manufacturer of the reader / writer 2, for example, and performs a process of writing data to a recording medium inserted in the reader / writer 2 or a process of reading data. Is. Generally, the R / W application 76 is created without conforming to the OS 70 because the specification of the file system 72 is not disclosed.

  First, a case where the reader / writer 2 is accessed from the explorer 75 will be described. When the OS 70 is activated and the explorer 75 is activated, the explorer 75 issues an inquiry command to the OS kernel 73 via the file system 72. All SCSI commands including the inquiry command are issued to the SCSI command processing entrance 79 virtually provided in the OS kernel 73. When the inquiry command is issued, the corresponding CDB (here, CDB (0); Table 2) is transmitted to the reader / writer 2, and the reader / writer 2 receives the model, device name, SCSI-ID, Inquiry data (in this case, S / I data (Table 3)) including configuration information such as presence / absence of LUN (Logical Unit Number) and memory card type is created and returned to the PC 3. Thereby, the reader / writer 2 is recognized.

  When the reader / writer 2 is recognized, a drive icon of the reader / writer 2 is generated on the explorer 75 by the GUI 71. When a data read instruction is input, for example, when the user accesses the drive icon using a mouse or the like, the explorer 75 works on the file system 72 to read the OS kernel 73 with a Read command (SCSI command). Issue an example). On the other hand, similarly, when a write instruction is input, a write command (an example of a SCSI command) is issued to the OS kernel 73. These command data are transferred to the reader / writer 2 via an I / F such as a USB, and reading or writing according to the command is executed on the reader / writer 2 side. The Inquiry command is also issued when the reader / writer 2 is connected to the PC 3 or when the power of the PC 3 is reset while the reader / writer 2 is connected.

  Next, a case where the reader / writer 2 is accessed from the R / W application 76 will be described. When the R / W application 76 is activated, a request to release the data bus only to the R / W application is issued to the OS kernel 73. In response to this request, the OS kernel 73 makes the R / W application 76 occupy the data bus. In other words, the SCSI command issued from the file 72 to the SCSI command processing entrance 79 is not accepted by the SCSI command processing entrance 79. Therefore, the file system 72 cannot access the reader / writer 2 while the R / W application 76 is activated. When the R / W application 76 is activated, an input screen (user interface screen) programmed by the R / W application 76 is displayed on the display by the GUI 71. Also, the driver software 74 issues an inquiry command to the OS kernel 73, and returns the inquiry data (in this case, S / I data in Table 3) as response information. Configuration information is acquired. Thereby, the reader / writer 2 is recognized. Thereafter, reading or writing of data is executed on the reader / writer 2 side in accordance with a Read command or a Write command issued to the OS kernel 73 by the driver software 74.

  Recognition of the reader / writer 2 is performed as follows. That is, first, CDB (0) (Table 2) generated when an inquiry command is issued to the OS kernel 73 is transmitted to the reader / writer 2. The reader / writer 2 that receives the CDB (0) refers to various information included in the CDB (0), generates configuration information according to the information, and generates S / I data including the configuration information ( Table 3) is returned to PC3. Based on the returned S / I data, the reader / writer 2 is recognized.

  When a memory card is exchanged (that is, an event or a state is changed) on any slot (or external memory input / output control unit: logical unit) on the reader / writer 2 (target: peripheral device), A unit attention condition for notifying the PC 3 (initiator) is generated. The file system of the PC 3 recognizes the replacement of the memory card with reference to the unit attention condition, and updates file information such as FAT (file allocation table). When an inquiry command is issued toward a logical unit that is holding such a unit attention condition, the logical unit executes the inquiry command without clearing the pending unit attention condition. That is, even when the inquiry command is executed, the replacement notification information of the memory card reflected in the unit attention condition is not erased and is retained. Access can be performed without problems.

  Next, a more specific operation of the reader / writer 2 will be described using the flowchart of FIG. In the following description, only processing for one slot is performed. For a plurality of slots, the processing is performed in parallel by interrupt processing. When the CPU 27 is turned on by the power (bus power) supplied from the PC 3 via the USB cable (T1), the CPU 27 enters a state of permitting an interrupt from the USB chip 32 (T2). In the USB chip 32, the command transmitted from the PC 3 side on the USB bus is transferred to the transmission / reception unit 341 by the operation of the USB protocol engine 321 and the USB control unit 331. Note that no response indicating that a command has been received is returned yet.

  When receiving the command, the transmission / reception unit 341 sets the “command reception completion” bit of the status register 82 to 1 and interrupts the CPU 27. In this case, the CPU 27 can grasp what the interrupt is for by referring to the status register 82. The received command is stored in the SCSI command buffer 83.

  When there is an interrupt (T3: YES) and the reception of the SCSI command is completed (T4: YES), the CPU 27 interprets the command received by the transmission / reception unit 341 (T5). That is, when the CPU 27 refers to the status register 82 of the transmission / reception unit 341 and knows that the transmission / reception unit 341 has received a command, the CPU 27 acquires the command from the SCSI command buffer 83 and interprets it. Thereby, the CPU 27 grasps the presence / absence, transmission direction, and size of the SCSI data.

  When the CPU 27 recognizes that there is no SCSI data by interpreting the command (for example, in the case of an inquiry command or a test unit ready command) and when it determines that the transmission direction of the SCSI data is device → PC (transmission) (for example, In the case of a Read command) (T6: YES), 1 is written to the “command acceptance complete” bit and “status register clear” bit of the control register 81 of the transmission / reception unit 341 (T7).

  The transmission / reception unit 341 returns a response indicating that the command has been received to the PC when 1 is written in the “command acceptance complete” bit in T7. Here, when the response is received, the PC 3 side receives the SCSI status if there is no SCSI data, and if the SCSI data transmission direction is device → PC, the next is reception of the SCSI data. Transition to a device waiting state.

  On the other hand, when the CPU 27 recognizes that the SCSI data transmission direction is PC → device (reception) by interpreting the command (for example, in the case of the Write command) (T6: NO), the CPU 27 receives the SCSI data from the PC3. Prepare to receive (T8). Specifically, an area necessary for reception is secured on the RAM 29, the head address is written in the SCSI data DMA address register 85, and the number of received bytes is written in the SCSI data DMA count register 86. Thereafter, 1 is written in the “command acceptance complete” bit and “status register clear” bit of the control register 81 of the transmission / reception unit 341 (T9).

  The transmission / reception unit 341 returns a response indicating that the command has been received to the PC 3 when 1 is written in the “command acceptance complete” bit in T9. Here, when receiving the response, the PC 3 side interprets the command on the device side and recognizes that it is ready to receive the SCSI data, and starts transmission of the SCSI data.

  Then, when the SCSI data DMA count register 86 becomes 0, the transmission / reception unit 341 sets the “data reception completion” bit of the status register 82 to 1 and interrupts the CPU 27.

  When there is an interrupt (T10: YES), the CPU 27 writes 1 to the “data reception completion” bit and the “status register clear” bit of the control register 81 of the transmission / reception unit 341 to complete the reception of the SCSI data (T11: YES) Here, the PC 3 side is notified that the SCSI data has arrived at the device, and the next is the reception of the SCSI status.

  After T7 and T11 (YES), the CPU 27 executes the command (T12). For example, if it is a Test Unit Ready command, it is determined whether or not the first to fourth memory cards 11 to 14 are inserted. For example, in the case of a Read command, data is read from the first to fourth memory cards 11 to 14. For example, in the case of the Write command, since data to be written is received from the PC 3 at this time (T8 to T11 described above), it is written to the first to fourth memory cards 11 to 14.

  Next, when the SCSI data transmission direction is device → PC (transmission) (for example, in the case of a Read command) (T13: YES), the CPU 27 prepares to transmit the read data to the PC 3 (T14). ). Specifically, the RAM 29 stores an area necessary for transmission and stores the read data, writes its head address in the SCSI data DMA address register 85, and stores the number of received bytes in the SCSI data DMA count register 86. Write. Then, 1 is written in the “data transmission start” bit of the control register 81 of the transmission / reception unit 341.

  The transmission / reception unit 341 starts transferring SCSI data to the PC 3 when 1 is written in the “data transmission start” bit in T14. Then, when the transfer of the SCSI data is completed, the transmission / reception unit 341 sets the “data transmission completion” bit of the status register 82 to 1 and interrupts the CPU 27.

  When there is an interrupt (T15: YES), the CPU 27 grasps that the transfer of the SCSI data is finished, so write 1 in the “status register clear” bit of the control register 81 of the transmission / reception unit 341 to transmit the SCSI data. Is completed (T16: YES).

  After T13 (NO) and T16 (YES), the CPU 27 starts transmission of the SCSI status (T17). Specifically, since the CPU 27 has already determined the status to be returned to the PC 3 in the above processing, the status is written in the SCSI status buffer 84 and “status transmission start” in the control register 81 of the transmission / reception unit 341 is written. Write 1 to bit and start sending SCSI status.

  The transmission / reception unit 341 starts transmission of the SCSI status to the PC 3 when 1 is written in the “status transmission start” bit in T17. Upon receiving the response that received the SCSI status from the PC 3 side, the transmission / reception unit 341 sets the “status transmission completion” bit of the status register 82 to 1 and interrupts the CPU 27.

  When there is an interrupt (T18: YES), the CPU 27 grasps that the transmission of the SCSI status is finished. Therefore, the CPU 27 writes 1 to the “status register clear” bit of the control register 81 of the transmission / reception unit 341 to transmit the SCSI data. Is completed (T19: YES). As a result, the status register 82 of the transmission / reception unit 341 is cleared, and the original state is restored.

  Next, an example of the flow of data communication processing using inquiry data in the communication system 1 will be described. Note that the processing in each step (function implementation means described in claims) is performed by each component being controlled by the CPU 41 of the PC 3 or the CPU 27 of the multi-reader / writer 2. FIG. 9 is a flowchart showing the flow of main processing. That is, when the multi-reader / writer 2 is connected to the PC 3 and each apparatus is powered on, first, a drive allocation process (S1) for allocating a drive to an unknown device connected to the PC 3 is executed. In this embodiment, since only the multi-reader / writer 2 is connected as a device, a drive is assigned only to this.

  Next, drive setting processing (S2) for setting the drive selected by the user as the communication partner is performed. When the drive is set, a device (multi-reader / writer 2 in the present embodiment) corresponding to the set drive is recognized as a communication partner. Then, the security processing (S3) for the memory cards 11 to 14 to the multi-reader / writer 2 is performed. The main processing routine is repeatedly and regularly executed at regular time intervals (for example, 100 ms to 1000 ms: 500 ms, for example) by using a start trigger periodically issued from the start management timer routine.

  FIG. 10 shows the details of the drive allocation process (S1) executed by the CPU 41 in the PC 3. First, a drive to be referred (hereinafter referred to as “reference drive”) is initialized to A drive (S101). The reference drive means a drive that can be allocated on the PC 3 side, and when there are a plurality of the drives, they are referred to in ascending order during the drive allocation process. The reference drive is managed by the OS kernel of WIN2000 of PC3. In the present embodiment, the number of drives that can be allocated is 26 from A to Z.

  When the reference drive is set, the CPU 41 issues an inquiry command (hereinafter referred to as “Inq (0) command”) for returning S / I data from the device to which the drive is assigned to the reference drive. (S102). Actually, the CPU 41 issues the Inq (0) command to the OS kernel, and the OS kernel treats the Inq (0) command as being issued to the reference drive. Then, CDB (0) in which the EVPD area is set to “0” is generated by the OS kernel and transmitted to the unknown device associated with the reference drive. The SCSI standard defines that S / I data is returned when the EVPD area is set to “0”. Specific examples of CDB (0) are shown in Table 2 as described above. In the data column of Table 2, each data is shown in hexadecimal notation. Unless otherwise specified in this specification, all data fields are shown in hexadecimal notation.

  If there is a device associated with the reference drive and the device is a device that can process a SCSI command (a SCSI command compatible device), S / I data is returned from the device. On the other hand, when the device does not exist or when the device cannot process the SCSI command (device that does not support the SCSI command), the S / I data is not returned from the device. In S103, the CPU 41 makes an error determination based on whether or not S / I data is returned (S103). Specifically, when no S / I data is returned, it is determined as an error (Yes in S103). In this case, the subsequent processing proceeds to step S107. Further, when there is a reply of S / I data, it is not determined as an error (No side of S103). That is, it is determined that there is a device associated with the reference drive. In this case, the subsequent processing proceeds to step S104.

  If it is determined in S103 that there is no error, whether or not the device associated with the reference drive is a device that can be communicated based on the returned S / I data, that is, whether or not it is a communicable device. Determined. In the present embodiment, this step is performed to determine whether or not the device associated with the reference drive is the multi-reader / writer 2. In the present embodiment, the S / I data shown in Table 3 is returned from the multi-reader / writer 2 to the PC 3, and the determination process in this step is byte 0 of the returned S / I data. The data of the area of Byte 1 and the area of byte 1, the vendor ID of the area of bytes 8 to 15, and the product ID of the area of bytes 16 to 31 match the ID information registered in advance on the PC 3 side. Done depending on whether or not. If it is determined in this step that the device is communicable (Yes in S104), the process proceeds to step S105. If it is determined that the device is not communicable (No in S104), the process proceeds to S107. Proceed to In Table 3, byte 0 area data “0x00” indicates a direct access device, and byte 1 area data “0x80” indicates a replaceable card type storage medium (card type storage medium). Since the contents described in each byte area are defined in the SCSI standard, refer to the standard for details.

  When the process proceeds to S105, the CPU 41 determines whether or not the LUN of the reference drive is “0” based on the returned S / I data. Such a determination is made based on the data of the area of the byte 54 of the vendor specific area in the S / I data. In the present embodiment, as described above, the S / I data shown in Table 3 is returned from the multi-reader / writer 2 to the PC 3. Further, as described in the remarks column of the byte 54 area in Table 3, when the multi-reader / writer 2 returns S / I data, the multi-reader / writer 2 is added to the upper 4 bits of the byte 54 area. Information indicating the physical I / F (information indicating USB in this embodiment) is stored, and programming is performed so that the LUN number is stored in the lower 4 bits. Therefore, the CPU 41 can acquire LUN information by referring to the data in the area of the byte 54. Thereby, the determination process of the said step can be performed. For example, when “0x10” is stored in the area of byte 54, it is acquired that the physical I / F is a USB connector and LUN is 0, and “0x23” is stored. Is obtained that the physical I / F is a SCSI connector and the LUN is 3.

  If it is determined in S105 that the LUN is “0” (Yes in S105), the process proceeds to S106, and if it is determined that the LUN is not “0” (No in S105), the process proceeds to S107. When connected to the PC 3 on which WIN2000 is installed, even if information such as LUN = 1 is stored in the area of the byte 54 on the multi-reader / writer 2 side, it is recognized that LUN = 0 on the PC 3 side. It has become. Therefore, the process of S105 always proceeds to the Yes side. In this case, the determination process in S105 does not make sense and may be omitted.

  In S106, a process of adding the current reference drive to the corresponding drive list is executed. The corresponding drive list is a list of reference drives to which drives are finally assigned. Specifically, the corresponding drive list is expanded in a predetermined storage area of the RAM 43, and the corresponding reference drive is written into the storage area. Thereafter, the process proceeds to S107.

  In S107, the CPU 41 determines whether or not the reference drive is the Z drive. For example, it is possible to determine whether or not the current reference drive is the Z drive by causing the counter memory or the like to count the drive reference order and monitoring the counter value by the CPU 41. Such determination is performed to determine whether the set reference drive is the last. Here, if it is determined that the reference drive is the Z drive, there is no drive that can be referred to, and therefore the subsequent processing proceeds to S109. If it is determined that the reference drive is not the Z drive, after setting the reference drive as the next drive (S108), the processing from S102 is repeated until it is determined Yes in S107.

  When the process proceeds to S109, here, a drive is allocated based on the corresponding drive list. Thereby, a series of drive allocation processes (S1) are complete | finished. In the present embodiment, since only the multi-reader / writer 2 is connected as an external storage device, the multi-reader / writer 2 is assigned to the A drive and is not assigned to any other drive.

  Next, FIG. 11 shows details of the drive setting process (S2). In S201, it is determined whether there is a drive (hereinafter referred to as “corresponding drive”) allocated by the drive allocation process (S1) (S201). That is, it is determined whether or not a predetermined device is assigned to any of the drives that can be assigned by the PC 3. In the present embodiment, since there is an A drive to which the multi-reader / writer 2 is assigned, it is determined that there is a corresponding drive. Thereafter, it is determined whether there is one corresponding drive (S202). On the other hand, if it is determined in S201 that the corresponding drive does not exist (No side in S201), the process ends because there is no communication target.

  If it is determined in S202 that there is one corresponding drive (Yes in S202), the corresponding drive is set as a communication target (S205). That is, a device associated with the corresponding drive is set as a communication target. In the present embodiment, the A drive is set as a communication target. In other words, the multi-reader / writer 2 is set as a communication target device.

  On the other hand, when it is determined that there are a plurality of corresponding drives (No in S202), an icon indicating the corresponding drive is displayed in a dialog (S203). Thereafter, when a desired corresponding drive is selected by selecting any icon from the user (S204), the selected corresponding drive is set as a communication target (S205). Even when no icon is selected, for example, when a priority is set for each corresponding drive, the corresponding drive with the highest priority is automatically set as a communication target. Thereby, a series of drive setting processes (S2) are complete | finished.

  Next, the security process (S3) will be described. In FIG. 2, the ROM 28 of the multi-reader / writer 2 stores authentication firmware for realizing the function of the authentication means described above. The access mode to the card-type storage medium is set to either a normal mode in which only the normal area can be accessed or a security mode in which the security area can be accessed. Only when the result of authentication by the authentication is acceptance authentication, the process of setting the access mode to the security mode is also performed.

  As shown in FIG. 15, the memory card 11 is configured as a card-type storage medium having a structure unique to the present invention, and actual data storage in which stored data can be read, written and erased in file units. File management in which the area 308, the occupied area of each data file in the actual data storage area 308, and the free area not occupied by the data file are described so that at least the position of the area in the data storage area can be specified An actual file management information storage area 307 for storing information has an actual media area 300 formed according to a predetermined media format. The actual data storage area 308 is divided into a security area 400 in which the stored contents are all encrypted and a normal area 309 that is not encrypted. Hereinafter, a data file stored in the normal area 309 in an unencrypted state is defined as a normal file, and a data file stored in the security area 400 in an encrypted state is defined as a security file.

  In the real file management information storage area 307, the position of the occupied area of the normal file in the normal area 309 and the position of the empty area not occupied by the normal file are specified. Normal file management information described according to one area coordinate system is stored. In the security area 400, a virtual media area 420 is formed. In the virtual media area 420, a security file is stored, and a virtual data storage area 407 in which storage data can be read, written and erased in units of files, and each security file in the virtual data storage area 407 is stored. A virtual file management information storage area 407 that stores file management information that describes at least the occupying area position and the empty area position that is not occupied by the security file can be specified, and a real data storage area 308 and a real file management information storage. It is formed according to the same format as the media format that defines the formation form with the area 307.

  The virtual file management information storage area 407 regards the virtual media area 420 as another independent card-type storage medium, and file management for locating the occupied area and the empty area of the security file in the virtual data storage area 407 Information is described according to a second area coordinate system with the head of the virtual media area 420 as a reference. Area coordinate conversion information for converting file management information described according to the first area coordinate system into file management information in the second area coordinate system separately from the virtual media area 420 at the head of the security area 400 And a header area 401 for storing authentication verification information written in a fixed area in the header area 401 for authenticating access to the security area 400 is formed.

  Then, by collectively encrypting information in the security area 400 including the security file, a macro security file treated as a virtual single file on the actual data storage area 308 is formed, Macro security file storage location information for specifying the storage location of the macro security file on the actual data storage area 308 is written outside the actual data storage area 308.

  An outline of the operation will be described below. The access mode to the memory card 11 attached to the reader / writer 2 (peripheral device) is set to either a normal mode in which only the normal area 309 can be accessed or a security mode in which the security area 400 can be accessed. The Then, by reading the macro security file storage location information from the memory card 11, the location of the macro security file in the memory card 11 is specified, and the authentication verification information located at the head of the header area 401 is read, Based on the authentication verification information, the access right from the PC 3 side to the memory card 11 is authenticated.

  Then, only when the authentication result is acceptance authentication, when the access mode is set to the security mode and the security mode is shifted to, the memory card 11 that is attached to which the security mode is applied is changed to a different one. Media virtual exchange information for virtual recognition as a card-type storage medium is transmitted from the reader / writer 2 to the PC 3. When data is accessed from the PC 3 side to the security area 400 after transmission of the virtual media exchange information, virtual file management information described in the second area coordinate system of the security file to be accessed is acquired, and the area It is converted into file management information described in the first area coordinate system using the coordinate conversion information. Then, data access to the security area 400 using the converted file management information is performed in such a manner that the file is written while being encrypted when the file is written, and is read while being decrypted when the file is read.

  In the memory card 11, the real media area 300 is divided into a plurality of sectors of a certain size, and data files are read, written and erased in units of sectors, and the positions of the occupied and empty areas of the file are specified. An area coordinate system is defined by using a sector number assigned to each sector by a serial number in order to individually specify a series of sectors. The security area 400 is formed as a continuous continuous area of sectors in the actual data storage area 308. In the real file management information storage area 307, the normal file management information is a first file in which the occupied sector number of the normal file and the empty sector number not occupied by the normal file are determined based on the head sector number of the real media area 300. The area coordinate system is described using a first sector number string (sector 0 to sector MAX). Further, in the virtual file management information storage area 407, the file management information is a second file in which the occupation sector number of the security file and the empty sector number not occupied by the security file are determined based on the first sector number of the virtual media area 420. It is assumed that the second sector number string (sector 0 ′ to sector MAX ′) is described as the area coordinate system. As shown in FIG. 16, the area coordinate conversion information is the number of offset sectors from the head sector position of the actual data storage area 308 to the head sector position of the virtual data storage area 407.

  The specific operation outline in this case is as follows. After the transmission of the virtual media exchange information, the number of security sectors excluding the header area 401 of the security area 400 is notified to the PC 3 as the number of sectors of another virtual card type storage medium. When data is accessed from the PC 3 side to the security area 400, the sector number of the access target file described using the second sector number string received from the PC 3 side is changed to the first sector number string using the offset information. It is converted into the sector number of the file to be accessed described by using. Then, data access to the security area 400 is performed using the converted sector number.

  The real file management information storage area 307 is provided in a sector area adjacent to the top side of the real data storage area 308. In the virtual media area 420, the virtual file management information storage area 407 is provided in a sector area adjacent to the top side of the virtual data storage area 407. In the security area 400, the header area 401 is provided in a sector area adjacent to the top side of the virtual media area 420.

  As will be described in detail later, the authentication verification information is verification information obtained by encrypting information predetermined with an encryption key, and is information that does not match verification with the encryption key itself. Is stored in a fixed number of bytes. In order to specify the last sector of the security area 400 (that is, the size of the security area 400), the header area 401 stores the number of security sectors (virtual data storage for specifying the number of sectors in the virtual data storage area 407). Area sector number information) is stored. If the number of security sectors can be rewritten by a command value from the PC 3 (for example, set based on information input by the user as desired), the size of the security area 400 set in the medium can be freely set. Can be changed. Further, when the normal area 309 is formed in a form divided before and after the security area 400, the normal area 309 following the security area 400 can be specified based on the virtual data storage area 407 sector number information. Become.

  Next, the media format described above is a partition in which the actual data storage area 308 and the actual file management information storage area 307 and the boot sector 304 adjacent to the head side of the actual file management information storage area 307 are only one in the medium. The area 310 is defined by emulating a hard disk format conforming to ANSI (American National Standard Institute).

  In the hard disk format, the boot sector 304 is secured as a storage sector of an initial program loader (IPL) for using the partition area 310 as a boot disk. In this case, the real file management information storage area 307 has a storage sector 305 of the file allocation table (FAT) for storing the occupied sector number of the normal file in association with the file name from the head side, and the root directory of the normal file. (RD) storage sectors and 306 are formed. The head sector of the real media area 300 is secured as a master boot record (MBR) sector 302 for storing a master boot program (also called a bootstrap loader) and a partition table storing partition information in the medium.

  FIG. 17 shows the structure of the master boot record sector 302, which follows the hard disk format described above, and thus the areas necessary for the OS boot sequence are formed as follows. That is, if the partition area 310 of this memory card is set as a boot drive (that is, a startup disk), the master boot program storage area 302A and the partition table are located at the top of the master boot record sector 302. Each storage area 302B is formed. Reference numeral 302 denotes a signature for identifying the validity of the master boot record sector 302. On the other hand, the boot sector 304 has a jump code storage area 304J for instructing a jump from the head to the initial program start position, a format information storage area 304B in the partition, and a boot program storage area 304A in this order. (304C is a signature for identifying the validity of the boot sector.

  In the boot sequence of the OS, the BIOS is read after the PC 2 starts up, and then the master boot record sector 302 is accessed to execute the master boot program. Thus, the presence or absence of the initial program loader is searched in the partition area 310, and if the initial program loader is found, it is activated. The initial program loader is a starting point for starting the OS, and after checking the hardware, operates to read the OS.

  However, in this embodiment, the memory card is not used as a startup disk, and the master boot program storage area 302A, the boot program storage area 304A, and the boot program can be used as free areas.

  Next, the security reference information is a password used as an encryption key, and is input from the keyboard 57 of the PC 3, for example. Then, the data to be written is written in the security area in a state encrypted with the encryption key. On the other hand, the encrypted read target data in the security area is read by decrypting with the encryption key. In this embodiment, the encryption / decryption firmware is stored in the ROM 28 of the multi-reader / writer 2, but may be provided on the PC 3 side. As the encryption / decryption logic, a known algorithm (for example, DES (Data Encryption Standard), Triple DES, AES (Advanced Encryption Standard), etc.) can be adopted.

  However, in the present embodiment, the above-mentioned encryption / decryption firmware does not directly perform data encryption / decryption, and the encryption / decryption operation itself is a well-known encryption / decryption algorithm. The firmware performs only the process of transferring the data to be processed to the logic operation circuit and the process of acquiring the processed data. Specifically, in FIG. 2, an encryption logic circuit 6 that is a hardware logic that performs an encryption logic operation and a decryption logic circuit 7 that is a hardware logic that performs a decryption logic operation are provided on the address bus and the data bus. Are connected via the encryption / decryption buffer RAM 5. By executing the encryption / decryption firmware, the data to be encrypted / decrypted is sent to the encryption logic circuit 6 or the decryption logic circuit 7 via the encryption / decryption buffer RAM 5. Thus, the encryption or decryption operation is performed and sequentially obtained as processed data via the encryption / decryption buffer RAM 5.

  Returning to FIG. 16, at the head of the security area 400, as described above, a header of one to several sectors is provided. In this header, predetermined original data for collation (in this embodiment, this data is fixed data of a fixed length, but the contents may be changed as necessary) is encrypted. A check sector (authentication verification information storage area) is formed which is stored as authentication verification information in a state encrypted with a key (that is, a correct password). The multi-reader / writer 2 holds the above-described original data for verification as security master information. The original data for verification can be stored in the ROM 28 in a form incorporated in the above-mentioned encryption / decryption firmware, for example. Then, the verification target information is obtained by decrypting the authentication verification information with the encryption key received from the PC 3 side (that is, the password input by the user on the PC 3 side). A process of accepting authentication when the data matches the original data (security master information) and rejecting authentication when the data does not match is performed.

  In the virtual data storage area 407 of the security area, a data file (a plurality of data files can be stored as long as the size of the virtual data storage area 407 permits) is written in a state encrypted with a password. It is. This security area is secured as a continuous area of sectors. In order to handle a set of encrypted data files stored in the security area as a macro security file, the security area is defined for defining the macro security file. As information, the number of offset sectors and the number of security sectors described above are stored in the header portion.

  The multi-reader / writer 2 (peripheral device) shifts to the security mode when the authentication by the password becomes the acceptance authentication, and virtually recognizes the installed memory card to which the security mode is applied as another memory card. Is sent to the PC 3 (host device). In other words, although the memory card is not actually replaced, a media replacement notification is issued in order for the PC 3 to recognize the security area to which access is permitted by acceptance of authentication as a virtually independent new memory card. This is reflected in the unit attention condition. On the PC 3 side, the media exchange notification is acquired by the file system.

  In this case, the number of security sectors is also notified to the PC 3 (host device) as the number of sectors of the virtual separate card type storage medium. The PC 3 actually recognizes the security sector area of the same memory card as the actual data storage area of the replaced new memory card. In this case, since the top sector of the security area is grasped as the top sector of the new virtual memory card on the PC 3 side, the sector number for access is naturally based on the top sector of the virtual memory card (the first sector) The second sector number string) is designated.

  However, in reality, the memory card has not been replaced, and the sector that the PC 3 recognizes as the head of the actual data storage area of the new card is lowered by the number of offset sectors from the head of the actual data storage area of the actual memory card. This is the head sector of the security sector area at the specified position. Therefore, in the security mode, the multi-reader / writer 2 offsets the access target sector number received from the PC 3 (host device) side by the number of security sectors when data is accessed from the PC 3 (host device) side to the security area. Then, it is converted into a real access sector number (indicated by the first sector number string) to the security area, and data access to the security area is performed with the real access sector number after the conversion.

  12 shows the flow on the PC 3 side of security processing, and FIG. 13 shows the flow on the multi-reader / writer 2 side. First, on the PC 3 side, an inquiry command (hereinafter referred to as an “Inq (1) command) for returning a VPD (Vital Product Data) related to reporting of the current access mode setting state from the multi-reader / writer 2 to the multi-reader / writer 2. (No. 1) is issued to the A drive (S301). Actually, the Inq (1) command is issued to the OS kernel 73 and is treated as being issued to the A drive by the OS kernel 73. When the Inq (1) command is issued, the OS kernel 73 generates a CDB (1) in which the EVPD area is set to “1”, and the USB cable 25 is connected to the multi-reader / writer 2 associated with the A drive. Sent through. Table 4 shows the CDB (1) generated at this time. That is, the page code “0xE0” is described in the byte 2 area of the CDB (1).

  In the area of byte 4 of CDB (1), that is, the allocation length area, “0x10” (“00010000” in binary notation) is stored. Originally, the data length required for the connected device is stored in the allocation length area. In the present embodiment, the maximum value of the allocation length of the multi-reader / writer 2 is set in advance to a fixed length (here, it is assumed to be 15 bytes, but is not limited to this). This number “15” can be expressed by the lower 4 bits. According to the SCSI standard, the allocation length of the multi-reader / writer 2 is set to the maximum value, that is, 15 bytes even if a numerical value greater than or equal to the maximum value set in the multi-reader / writer 2 is designated as the allocation length. . Therefore, even if “0x10” is described in the allocation length area, or “0x11” or more is described, the allocation length is set to 15 bytes. This means that if any one of the upper 4 bits of the allocation length area data is “1”, the data in the allocation length area can be set to any data (also used as a setting value for the allocation length). It means that it can be used freely as additional information). That is, by setting any one of the upper 4 bits to “1”, bits other than the bit in the allocation length area can be secured as a virtual empty area. By adding arbitrary data to the virtual empty area secured in this way, data communication related to the additional information can be performed between the PC 3 and the multi-reader / writer 2.

  The allocation length is not always set to a fixed length (here, 15 bytes), but may be set to a maximum value according to the page code of CDB (1). For example, in the case of page code “0xE0”, the maximum value of the allocation length is set to a fixed length of 15 bytes, and in the case of page code “0xE2”, it is set to a fixed length of 9 bytes. The setting process corresponds to the fixed length correspondence list stored in the ROM 28 in advance according to the read content of the page code read by the CPU 27 of the multi-reader / writer 2 that has received the CDB (1). This is done by selecting a fixed length. Of course, the allocation length set to 15 bytes or 9 bytes can be arbitrarily set.

  Tables 6 and 7 classify the communication data added to the empty area secured in the allocation length area. As shown in the data content column of each table, each data defines what it means. Specifically, refer to the description in the data content column. Table 6 shows communication data transmitted when the page code is “0xE0”. Table 7 shows communication data transmitted when the page code is “0xE2” (mainly character information such as a password). Used as additional information to be transmitted from the PC 3 side to the multi-reader / writer 2 side). If this page code (investigation instruction data type identification information) is changed in CDB (investigation instruction data), another investigation instruction data format having a different allocation length maximum value and additional information content can be generated.

  The left column of Tables 6 and 7 shows the data itself described in the allocation length area, and the right column shows the meaning of the data. When the data in the left column is transmitted from the PC 3 side to the multi-reader / writer 2, on the multi-reader / writer 2 side, the CPU 27 extracts the allocation length area data from the received CDB (1), and the extracted data The contents are analyzed, and processing according to the contents of the analyzed data is executed. The contents shown in Tables 6 and 7 are made into a table list and stored in advance in the HDD 44 or ROM 42 of the PC 3 and the ROM 28 of the multi-reader / writer 2.

  As shown in Table 4, “0x10” (additional information) is described in the CDB (1) generated by issuing the Inq (1) command in S301. It can be seen that the Inq (1) command (part 1) is a command for requesting the access mode (normal mode or security mode (described later)) from the PC 3 to the multi-reader / writer 2 as corresponding additional information. . Similarly, “0x11” is a command that requests the multi-reader / writer 2 to shift to the normal mode from the PC 3, and “0x13” is a command that similarly requests to shift to the security mode.

  On the other hand, on the multi-reader / writer 2 side, the transmitted CDB (1) is received. Thereafter, the CPU 27 extracts the data “0x10” (additional information) of the allocation length area in the CDB (1) (additional information extraction means). Then, processing for detecting the setting state of the access mode is performed according to the data.

  When the detection of whether or not the memory card is installed is completed, the detection result is returned to the PC 3 by the CPU 27. Specifically, the reply process is performed by writing the detection result in the VPD that is generated after receiving the CDB (1) and returned to the PC 3. More specifically, as shown in Table 8, the access mode report information is written in the area of byte 7. In this embodiment, “0x00” is written when the access mode is the normal mode, and “0x01” is written when the access mode is the security mode. Table 8 shows the VPD in the normal mode. Similarly, the area of byte 8 is a transfer completion report to normal mode, and the area of byte 9 is a transfer completion report to security mode (both “0x00” is incomplete and “0x01” is complete).

  Subsequently, the PC 3 receives the VPD in Table 8 returned from the multi-reader / writer 2 and acquires the corresponding additional information. For example, the access mode set on the multi-reader / writer 2 side is determined by referring to the byte 7 area of the VPD. As described above, the issue of the Inq (1) command on the PC 3 side, the transmission of the CDB (1) data in which the additional information is written to the multi-reader / writer 2 (peripheral device), and the multi-reader / writer 2 (peripheral device) Inq (1) / VPD addition, a specific series of communication processing for returning a VPD in which corresponding additional data for responding to the additional data from the side (in this case, information for reporting the presence / absence of the selection confirmation operation) is written. This is called information communication.

  On the PC 3 side, a dialog box as shown in FIG. 14A is displayed, and the acquired current access mode is displayed in area 501. Further, soft buttons 503 and 504 for mode selection are also displayed, and an access mode selection input is made by clicking these buttons with a mouse or the like. This input is performed in S302 of FIG. When the normal mode is selected, the PC 3 displays a confirmation dialog box 507 as shown in FIG. 14D. When the confirmation button 510 is clicked, the PC 3 proceeds to the mode setting process. That is, in S303, a new Inq (1) command (part 2) is issued, and the multi-reader / writer 2 is requested to shift to the normal mode by the additional information written in the corresponding CDB (1). Upon receiving this, the multi-reader / writer 2 sets the normal mode and returns a VPD in which the corresponding additional information indicating the completion of setting is written. The PC 3 receives this, advances to S304, and updates the display state of the area 501 in the dialog box 500 of FIG. 14A to that of the corresponding mode.

  On the other hand, when the security mode is selected in S302, the user inputs a password into the password input window 502 of the dialog box 500 in FIG. 14A from the keyboard 57 or the like, and presses the security button 504. Then, a new Inq (1) command (part 2) is issued, and the password is written as additional information in the corresponding CDB (1) and transmitted to the multi-reader / writer 2. This password needs to be transmitted to the multi-reader / writer 2 as character string data. The character string data is bit code data (character code) corresponding to the character to be displayed on a one-to-one basis, and an off-the-shelf code such as a JIS code, a shift JIS code, or an ASCII code may be used as it is. May be used. However, if the display character data table on the peripheral device side (for example, in the ROM 28: the display data itself is bitmap type or outline type font data) is created using the off-the-shelf code, A table indicating the correspondence with the unique code may be separately prepared on the peripheral device side (for example, in the ROM 28), and the unique code may be converted into the ready-made code with reference to this table and used for display.

  Transmission processing of character string data is performed according to the following processing procedure. First, an Inq (1) command is issued. The CDB (1) data generated by issuing this Inq (1) command is transmitted to the multi-reader / writer 2. Note that the VPD is returned from the multi-reader / writer 2 by issuing the Inq (1) command, but it is determined that no reply data is added to the VPD in the case of character string transmission. Therefore, the description of the VPD reply process is omitted here.

  More specifically, as the page code, CDB (1) data in which “0xE2” is described in the byte 2 area and “0x18” is described in the allocation length area is generated. Therefore, the Inq (1) command issued in this step sets a pointer at the head of the character string storage area (storage area in the RAM 29) corresponding to the character string number indicated by “0x90” based on Table 7. It is a request command to make it happen. Of course, this request command is issued to the multi-reader / writer 2. The pointer means an index that indicates a position for storing the extracted character.

  Subsequently, characters are cut out in order from the top of the character string data for file list display stored in the RAM 43 of the PC 3. Thereafter, the CPU 41 determines whether or not the extracted character is a terminal character. Such processing is determined by whether or not the data indicating the extracted character is “0x00”. Since “0x00” does not indicate a character, if it is determined in this step that it is “0x00”, it is determined that it is a terminal character. If it is determined that the extracted character is a terminal character, the process proceeds to the next step. On the other hand, if it is determined that the extracted character is not the terminal character, an Inq (1) command is issued, and “0xE2” is issued as the page code in the allocation length area in the CDB (in which the extracted character data is described) 1) Data is generated. Then, the generated CDB (1) data is transmitted to the multi-reader / writer 2.

  After the transmission of the CDB (1) data, the cutout position of the character data is set to the next character, and then the above processing is repeatedly executed. Thereafter, a new Inq (1) command is issued to generate CDB (1) data in which “0xE2” is described in the byte 2 area and “0x17” is described in the allocation length area as the page code. This is a request command for filling all the bit areas after the area where the last stored character (that is, the last character) is stored with “0x00” in the current character string storage area. In other words, “0x00” is added after the end of the data transmitted to the multi-reader / writer 2 and stored in the RAM 29 to align the stored data with bit data of a predetermined length (for example, 128 bits). It is a request command. This completes the transmission process of the character string (password).

  The transmitted character string data is received by the multi-reader / writer 2, and the received data is stored in the RAM 29. Actually, each time the characters cut out in the above steps are transmitted one by one, the character data is sequentially stored in the RAM 29.

  Returning to FIG. 12, in S <b> 305, the Inq (1) command is issued again on the PC 3 side, and the CDB (1) data generated thereby is transmitted to the multi-reader / writer 2. Table 9 shows the CDB (1) data generated at this time. As shown in Table 9, since “0xE0” is described in the byte 2 area and “0x12” is described in the allocation length area, the Inq (1) command issued at this time is received based on Table 6. It can be understood that this is an authentication processing execution command (that is, a command to shift to the security mode) based on the password.

  On the multi-reader / writer 2 side, the authentication process is performed by the method already described. If the authentication is acceptance, the access mode is set to the security mode, and the result is written in the VPD and returned to the PC 3. The PC 3 receives this, advances to S307, and updates the display state of the area 501 in the dialog box 500 of FIG. 14A to that of the corresponding mode. On the other hand, when the result of rejection authentication is returned, a dialog box 506 for notifying the failure to shift to the security mode as shown in FIG. 14C is displayed.

  FIG. 13 shows a flow of a state transition task according to the SCSI protocol on the multi-reader / writer 2 side corresponding to FIG. In S1401, the access mode is set to the normal mode, and the memory card replacement state is entered. In S1402, it is confirmed whether there is an instruction to shift to the security mode from the PC3 side. If Yes, it is checked in step S1403 if a memory card is installed. If not, the process advances to step S1404 to notify the PC 3 that there is no memory card, and the process returns to step S1402. If a memory card is loaded, the process advances to step S1405 to determine whether the memory card has a security area. If there is no security area, the process proceeds to S1406 to notify the PC 3 that there is no security area, and the process returns to S1402.

Whether there is a security area is determined by the presence or absence of macro security file storage location information (occupied sector number of the macro security file: continuous sector, so that only a specific sector (for example, the first sector) may be specified) Judgment by As described above, this case can be executed by one of the following three methods.
(1) Write the occupancy sector number (macro security file storage location information) of the macro security file in the empty area 302A reserved for storing the master boot program in the master boot record sector 302 of FIG. The information is transferred to the PC 2 by the information communication mechanism. The PC 2 obtains this and grasps the head position (that is, the check sector position) of the macro security file.
(2) The occupied sector number of the macro security file is written in the free area 304A reserved for storing the boot program in the boot sector 304 of FIG. 18, and the information is transferred to the PC 2 by the additional information communication mechanism. To do. The PC 2 obtains this and grasps the start position (check sector position) of the macro security file.

(3) The occupied sector number of the macro security file is written in the file allocation table 305 in a form associated with the fixed file name uniquely determined for the macro security file. In this case, the file name of the macro security file is read from the file system on the OS, and the sector number (first one) stored in association with the file name in the file allocation table 305 is used as the check sector position. get. The file name of the macro security file may be fixed or may be customized by the user.

  On the other hand, if there is a security area, the process proceeds to S1407, where the above-mentioned check sector is decrypted using the password received from PC3 as a key. In S1408, this is compared with the original data for verification. In step S1409, the PC 3 is notified of the password error, and the process returns to step S1402. On the other hand, if it is a collation match, the authentication is accepted, the process proceeds to S1410, the correct password is notified to the PC3, the security mode is set in S1411, and the memory card is changed to the PC3 so that it is recognized as the virtual new card. Transition. In S1412, it is confirmed whether or not there is an instruction to shift to the normal mode from the PC 3, and if there is a transition instruction, the process returns to S1401. If there is no transfer instruction, the process advances to step S1413 to check whether the memory card has been removed. If not removed, the process returns to S1412. If it has been removed, the process returns to S1401.

  In FIG. 15, in the security area 400, the entire header area 401 and virtual media area 420 are encrypted or decrypted in units of sectors (that is, encryption across a plurality of adjacent sectors is not performed). Not done). Therefore, decryption of the encrypted data can be performed for each sector. In this case, the first check sector of the security area 400 (header area 401) is also encrypted, but as described above, only this check sector is stored in the macro security file storage location information (the occupied sector number of the macro security file). Since the security area 400 is formed as a continuous sector from here, if the decryption of the check sector and the verification authentication are completed indefinitely, the following will be performed by sequentially decrypting the subsequent sectors. Good. When the sector of the file allocation table 405 in the security area 400 is decoded, the sector number of each security file can be specified by analyzing the contents on the PC 2 side, and the sector ( However, the sector number is offset-converted as described above) and is sequentially decrypted while being read in the encrypted state and transferred to the PC 3. At the time of writing, data to be written in each sector is transferred from the PC 3 to the reader / writer 2 in a decrypted state, sequentially encrypted, and written to the corresponding sector (however, the sector number is offset-converted as described above).

  In addition, embodiment mentioned above is only an example of this invention, and can change suitably embodiment in the range which does not change the summary of this invention. For example, instead of a card-type storage medium, a detachable storage medium (for example, a USB memory) that does not include a security hardware logic but is integrated into the storage control device may be used.

The perspective view which looked at an example of the multi reader / writer applied to this invention from the front side. The perspective view similarly seen from the back side. FIG. 3 is a block diagram illustrating an example of an electrical configuration of a multi-reader / writer. Explanatory drawing of the SCSI command data data status transmission / reception part of a multi reader / writer. Explanatory drawing of a control register. Explanatory drawing of a status register. The block diagram which shows schematic structure of PC applied to the communication system of this invention. The conceptual diagram for demonstrating OS which operate | moves on PC, and the application which operate | moves on this OS. The flowchart showing the flow of the process which the SCSI command data data status transmission / reception part of a multi reader / writer performs. The flowchart showing the flow of the process of the data communication process performed in the communication system of this invention. 10 is a flowchart showing the flow of drive allocation processing in FIG. 9. 10 is a flowchart showing the flow of drive setting processing in FIG. 9. 10 is a flowchart showing a flow on the PC side of the security processing of FIG. 9. The flowchart which shows the flow of the state transition task by the side of the multi reader / writer corresponding to FIG. The figure which shows the example of a 1st display of the dialog box by the side of PC. The figure which shows the 2nd example of a display of the dialog box by the side of PC. The figure which shows the 3rd display example of the dialog box by the side of PC. The figure which shows the 4th example of a display of the dialog box by the side of PC. The conceptual diagram of the sector structure of a memory card. Explanatory drawing of the principal part of FIG. The conceptual diagram of a master boot record sector. The conceptual diagram of the sector for initial program loader storage.

Explanation of symbols

1 Communication system 2 Multi reader / writer (peripheral device)
3 PC (host device)
11 First memory card (card-type storage media)
12 Second memory card (card-type storage media)
13 Third memory card (card-type storage media)
14 Fourth memory card (card-type storage media)
21 Liquid crystal display (display unit)
27 CPU (investigation report data generation means, trigger generation report information writing means, investigation report data transmission means, exchange notification information holding means, exchange notification information holding control means, additional information extraction means, authentication means, authentication communication means, access mode setting Means, access mode setting control means, access mode report communication means, normal mode setting completion report information return means, file management information conversion means, security area access means, sector number notification means, sector number conversion means)
41 CPU (report information receiving means, investigation instruction data creation means, investigation instruction data transmission means, security reference information transmission means, authentication communication means, authentication result reflection information output means, normal mode transition instruction information transmission means)
51-54 Input / output control unit 56 Display (authentication result reflection information output means, access mode type display means)

Claims (25)

A peripheral device that is a communication target of the host device and the host device connected to the host device, and a removable storage medium is detachably attached to the slot, and based on a communication event with the peripheral device A peripheral device configured as a storage device that performs data access to the removable storage medium,
The removable storage medium is
It consists of a non-volatile memory in which data access relating to reading and writing of data is made possible, and an actual data storage area in which reading, writing and erasing of stored data in units of files are possible, and each in the actual data storage area An area occupied by the data file, an empty area not occupied by the data file, and an actual file management information storage area for storing file management information described so that the position of the area in the actual data storage area can be specified, A security area that has a real media area formed according to a predetermined media format, and that is written in a state where all stored contents are encrypted in the real data storage area, and a normal area that is not encrypted Is divided and formed,
A data file stored in an unencrypted state in the normal area as a normal file, a data file stored in an encrypted state in the security area as a security file,
In the real file management information storage area, the position of the occupied area of the normal file in the normal area and the position of the empty area not occupied by the normal file are specified, and the start of the real media area is used as a reference Normal file management information described according to the first area coordinate system is stored,
A virtual data storage area in which the security file is stored and storage data can be read, written, and erased in units of files, an occupation area position of each security file in the virtual data storage area, and the security file A virtual file management information storage area for storing file management information in which at least an unoccupied empty area position can be specified is specified, and the real data storage area and the real file management information storage area define a form of formation A virtual media area formed according to the same format as the media format is formed in the security area,
The virtual file management information storage area is a file for locating the occupied area and the free area of the security file in the virtual data storage area by regarding the virtual media area as another independent removable storage medium. The management information is described according to a second area coordinate system based on the top of the virtual media area,
At the beginning of the security area, apart from the virtual media area, area coordinates for converting file management information described according to the first area coordinate system into file management information in the second area coordinate system A header area for storing conversion information and authentication verification information for authenticating access to the security area written in a fixed area in the header area is formed,
By collectively encrypting information in the security area including the security file, a macro security file that is treated as a virtual single file on the real data storage area is formed, Macro security file storage position information for specifying a storage position of the macro security file on the actual data storage area is written outside the actual data storage area, and
An access mode in which an access mode to the removable storage medium attached to the peripheral device is set to one of a normal mode in which only the normal area can be accessed and a security mode in which the security area can be accessed Setting means;
By reading the macro security file storage location information from the removable storage medium, the location of the macro security file in the removable storage media is specified, and the authentication verification information located at the beginning of the header area is read, Authentication means for authenticating the access right from the host device side to the removable storage medium based on authentication verification information;
An access mode setting control means for causing the access mode setting means to set the access mode to the security mode only when the authentication result by the authentication means is acceptance authentication;
When transitioning to the security mode, virtual media exchange information for causing a virtual recognition of the attached removable storage medium to which the security mode is applied as another removable storage medium is sent from the peripheral device to the host device. A medium virtual exchange information transmitting means for transmitting;
The virtual file management described in the second area coordinate system of the security file to be accessed at the time of data access to the security area from the host device side after transmission of the media virtual exchange information File management information conversion means for acquiring information and converting the file management information described in the first area coordinate system using the area coordinate conversion information;
Security area access means for data access to the security area using the converted file management information, writing the file while encrypting the file when writing the file, and reading the file while decrypting the file when reading the file;
A communication system comprising:   In the detachable storage medium, the header area is provided with an authentication verification information storage area that stores predetermined verification source data as the authentication verification information in a state encrypted with a master encryption key, The peripheral device is provided with security master information storage means for storing the original data for verification as security master information, and the authentication means also receives the encryption key serving as a decryption key as security reference information from the host device side. The authentication decryption information is decrypted with the encryption key, and the verification target information is used as verification target information. When the verification target information matches the security master information, acceptance authentication is performed. The communication system according to claim 1. In the removable storage medium, the real media area is divided into a plurality of sectors of a certain size, and reading, writing, and erasing of data files are performed in units of the sectors, and the positions of the occupied area and free area of the file An area coordinate system for identifying each sector is defined using a sector number assigned to each of the sectors in a sequential number to individually identify a series of the sectors;
The security area is formed as a continuous area in which the sector numbers are continuous in the actual data storage area,
In the real file management information storage area, the normal file management information includes the occupied sector number of the normal file and the empty sector number not occupied by the normal file, with the leading sector number of the real media area as a reference. It is described using the first sector number sequence as the first area coordinate system,
In the virtual file management information storage area, the file management information includes an occupation sector number of the security file and an empty sector number that is not occupied by the security file based on the first sector number of the virtual media area. It is described using the second sector number sequence as the second area coordinate system,
The area coordinate conversion information includes offset information that can specify the number of offset sectors from the head sector position of the actual data storage area to the head sector position of the virtual data storage area,
Sector number notifying means for notifying the host device of the number of security sectors of the security area excluding the header as the number of sectors of the virtual removable storage medium after transmitting the media virtual exchange information; ,
At the time of data access to the security area from the host device side, the sector number of the access target file described using the second sector number string received from the host device side is obtained using the offset information. Sector number conversion means as the file management information conversion means for converting to the sector number of the access target file described using a first sector number string,
3. The communication system according to claim 2, wherein the security area access means performs data access to the security area using the converted sector number. The removable storage medium is
The real file management information storage area is provided in a sector area adjacent to the head side of the real data storage area,
In the virtual media area, the virtual file management information storage area is provided in a sector area adjacent to the head side of the virtual data storage area,
4. The communication system according to claim 3, wherein, within the security area, the header area is provided in a sector area adjacent to a head side of the virtual media area.   In the removable storage medium, the authentication verification information is verification information obtained by encrypting information predetermined by an encryption key, and is information that does not match verification with the encryption key itself. 5. The communication system according to claim 4, wherein the communication system is stored with a fixed number of bytes.   The communication system according to claim 4 or 5, wherein the header area of the removable storage medium stores virtual data storage area sector number information for specifying the number of sectors of the virtual data storage area.   The normal area of the removable storage medium is formed in a form divided before and after the security area, and the normal area following the security area can be specified based on the virtual data storage area sector number information. The communication system according to claim 6. The media format of the removable storage medium is a partition in which the actual data storage area, the actual file management information storage area, and a boot sector adjacent to the head side of the actual file management information storage area are only one in the medium. The area is configured to emulate an ANSI-compliant hard disk format, and the boot sector is secured as a storage sector of an initial program loader for using the partition area as a boot disk. In the real file management information storage area, the storage sector of the file allocation table that stores the occupied sector number of the normal file in association with the file name and the root directory of the normal file from the head side. And storage sector is ensured, further,
The first sector of the real media area searches the partition area for the presence or absence of the initial program loader, and stores a master boot program for starting it and a partition table storing partition information in the media Reserved as a master boot record sector
The occupation sector number of the macro security file is written in any of the master boot record sector, the boot sector, and the file allocation table as the macro security file storage location information. The communication system according to 1.   On the premise that the partition area of the removable storage medium is not used as the boot disk, an occupied sector number of the macro security file is stored in an empty area reserved for storing the master boot program in the master boot record sector. 9. A communication system according to claim 8, written.   On the premise that the partition area of the removable storage medium is not used as the boot disk, the occupied sector number of the macro security file is written in an empty area reserved for storage of the initial program loader in the boot sector. The communication system according to claim 8.   9. The communication system according to claim 8, wherein an occupied sector number of the macro security file of the removable storage medium is written in the file allocation table in a form associated with a fixed file name uniquely determined for the macro security file. . A command for instructing execution of the communication event, the host device including the host device having the right to determine the start of a communication event and the peripheral device to be communicated with the host device connected to the host device; Are sequentially issued to the peripheral device, while the peripheral device receiving the issued command sequentially executes data processing corresponding to the command and returns response information corresponding to the execution result to the host device side And is configured as the communication system having a main communication protocol in which the command issuance direction is restricted in one direction from the host device side to the peripheral device side,
Provided on the host device side, issues a survey request command for requesting the peripheral device itself to perform a survey report process on the peripheral device, and is accompanied by a predetermined search report instruction content accompanying the issuance of the survey request command. Survey instruction data creating means for creating survey instruction data having additional frame format and additional information written in a predetermined field of the frame;
Investigation instruction data transmission means for transmitting the created investigation instruction data to the peripheral device;
Survey report data generating means provided in the peripheral device, receiving the survey instruction data, and generating survey report data having a predetermined frame format;
Provided in the peripheral device, a survey report data transmitting means for transmitting the survey report data as response information to the host device;
An additional information communication mechanism provided on the peripheral device side and having additional information extracting means for extracting the additional information from the predetermined field of the received survey instruction data;
As functional means realized by the additional information communication mechanism,
Security reference information transmitting means for transmitting the security reference information acquired on the host device side to the peripheral device as the additional information on the investigation instruction data is provided,
The peripheral device authenticates the access right from the host device side to the removable storage medium using authentication verification information written in the removable storage medium and security reference information received from the host device. The communication system according to any one of claims 1 to 11, wherein the authentication means is provided.   The peripheral device and the host device are connected via a serial communication mechanism in which the peripheral device can be polled from the host device side and the host device cannot be reversely polled from the peripheral device side. The information transfer between the host device and the peripheral device for executing the communication event is executed by serial communication in a form in which the host device polls the peripheral device. Item 13. The communication system according to Item 12.   14. The communication system according to claim 13, wherein the serial communication mechanism conforms to a USB protocol. As functional means realized by the additional information communication mechanism,
Authentication result request information for requesting authentication result reflection information reflecting the authentication result by the authentication means to the peripheral device is transmitted to the peripheral device as the additional information on the investigation instruction data, and the investigation report data is predetermined. Authentication communication in which the investigation report data in which the authentication result reflection information is written as corresponding additional information corresponding to the additional information from the host device side is returned from the peripheral device to the host device as response information Means are provided,
The communication system according to any one of claims 12 to 14, wherein the host device is provided with authentication result reflection information output means for outputting the returned authentication result reflection information. As functional means realized by the additional information communication mechanism,
The access mode report instruction information for causing the peripheral device to report the type of the access mode set in the peripheral device is transmitted to the peripheral device as the additional information on the investigation instruction data, and the investigation report The investigation report data in which access mode report information for reporting the access mode being set by the access mode setting means is written as corresponding additional information corresponding to the additional information from the host device side in a predetermined frame of data Is provided with an access mode report communication means for returning the response information from the peripheral device side to the host device,
16. The communication system according to claim 15, wherein the host device is provided with access mode type display means for displaying the type of the access mode acquired by the access mode report communication means. The host device is provided with an access mode selection means for selecting either the normal mode or the security mode as the access mode,
As functional means realized by the additional information communication mechanism,
When the normal mode is selected on the host device side, normal mode shift instruction information for instructing the peripheral device to shift to the normal mode is transmitted to the peripheral device as the additional information on the survey instruction data Normal mode transition instruction information transmitting means to perform,
When the access mode setting means sets the access mode to the normal mode, the peripheral device that has received the normal mode transition instruction information receives a predetermined frame of the investigation report data from the host device side. As the additional information corresponding to the additional information, normal mode setting completion report information return means is provided for returning the normal mode setting completion report information reporting the completion of setting to the normal mode to the host device as the investigation report data. ,
The host device has input means for the security reference information;
The communication system according to claim 15 or 17, wherein the security reference information transmitting unit transmits the input security reference information to the peripheral device as the additional information on the investigation instruction data.   The survey instruction data creating means stores the additional information in the field defined in the main communication protocol so that information other than the additional information is stored as main storage information to be stored in the survey instruction data. The communication system according to any one of claims 12 to 17, wherein the communication is performed in a form commonly used by a computer.   In the survey instruction data, a memory area on the removable storage medium allocated to the read process or the write process when executing a communication event related to reading or writing of data to the removable storage medium according to the main communication protocol A field for storing the allocation length information is secured as an allocation length setting field, and the allocation length information is used as the main storage information in the allocation length setting field. 19. The communication system according to claim 18, wherein additional information is written.   In the main communication protocol, the size of the allocation length setting field is determined to be a constant bit length, and the number of bits when the maximum value that can be set as the allocation length is expressed in bytes is expressed in the allocation length setting field. When the allocation length is set to less than the total number of bits and the allocation length exceeding the maximum value is described in the allocation length setting field, the maximum value is actually set regardless of the described allocation length value. 20. The communication system according to claim 19, wherein different additional information contents are defined so as to be uniquely associated with redundant allocation length description values exceeding the maximum value while being defined as values. In the peripheral device, when the removable storage medium is exchanged, exchange notification information holding means for holding replacement notification information for notifying the host device of replacement of the removable storage medium, and the host device When the predetermined first type command is received from the command, the exchange notification information held in the exchange notification information holding unit is cleared after the execution of the command, and the second type other than the first type command is also cleared. An exchange notification information holding control means for holding the exchange notification information holding state by the exchange notification information holding means even after execution of the command when the seed command is received;
The communication system according to any one of claims 12 to 20, wherein the second type command is used as the investigation request command.   Configuration / attribute survey request that constitutes the second type command for the survey request command to instruct the peripheral device to report configuration / attribute identification information that is information identifying the configuration and attributes of the peripheral device itself. The communication system according to claim 21, wherein the communication system is a command.   The communication system according to claim 22, wherein the main communication protocol is a SCSI protocol, and an inquiry command is used as the investigation request command. The peripheral device constituting the communication system according to any one of claims 1 to 23, wherein the removable storage medium according to any one of claims 1 to 11 is attached to or detached from a slot. It is configured as a storage device that is detachably mounted and performs data access to the removable storage medium by the communication event,
The authentication means for authenticating the access right from the host device side to the removable storage medium based on the authentication verification information written in the removable storage medium;
Encryption means for writing the data file to be written in the security area in an encrypted state;
Further, decryption means for decrypting and reading out the encrypted data file to be read in the security area;
A peripheral device characterized in that is provided. It is used for the communication system according to any one of claims 12 to 23,
Receiving the survey instruction data and generating the survey report data having a predetermined frame format;
The survey report data transmitting means for transmitting the survey report data as the response information to the host device;
The additional information extracting means for extracting the additional information from the predetermined field of the received survey instruction data;
25. A peripheral device according to claim 24.

Images