JP2008225661A - Electronic apparatus and information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To achieve an intuitive interface in an information processor to which electronic apparatus is connected. <P>SOLUTION: A fingerprint sensor 11 is installed on the surface of the casing of a USB memory 1. It is necessary for a user to make the USB memory 1 collate the fingerprint in using the USB memory 1 as a storage medium outside a personal computer. When the USB memory 1 is inserted, an icon showing a drive in such a state that a removable disk is not inserted is displayed in the personal computer. When authentication performed by the USB memory 1 succeeds, information relating to a file stored in an internal flash memory is reported from the USB memory 1 to the personal computer, and the icon showing the file is displayed in the personal computer. The invention may be applied to the USB memory having the authenticating function of the user. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an electronic device and an information processing method, and more particularly to an electronic device and an information processing method that can realize an intuitive interface in an information processing apparatus to which the electronic device is connected.

  In recent years, the flash memory has been reduced in price and increased in capacity, so that a USB (Universal Serial Bus) memory has become widespread as a device for storing data created by a personal computer. The user can cause the personal computer to recognize the USB memory as an external storage medium by inserting the USB memory into a USB terminal provided in the personal computer, and store data there.

  Some USB memories require the user to authenticate as a pre-process for reading stored data or storing the data. For example, when a password is entered by operating a keyboard of a personal computer with a USB memory inserted into the personal computer, the entered password is collated with a pre-registered password in the personal computer. When the password verification is successful, the user can read data stored in the USB memory from the personal computer.

  As a result, it is necessary to successfully authenticate with a password in order to read the data, so that it is possible to prevent others from seeing the privacy data stored in the USB memory. .

Patent Document 1 discloses a technique in which an external storage device is recognized by a host device when authentication by an authentication device is successful. Patent Document 2 reads out information stored in an information storage device when the code entered in the information storage device matches the input code while the information storage device is mounted on an electronic device. A technique that is permitted for an electronic device is disclosed.
JP 2006-155217 A JP 2006-260151 A

  As an interface displayed on a personal computer when using a USB memory that requires authentication, for example, it is displayed that the USB memory has been detected in response to the USB memory being inserted, and is stored in the USB memory when authentication is successful. If an icon representing the file being displayed is displayed, it can be said that the user can access the file because of the successful authentication. Therefore, such an interface can be said to be an intuitive and easy-to-understand interface for the user. .

  The present invention has been made in view of such a situation, and enables an intuitive interface to be realized in an information processing apparatus to which an electronic device is connected.

  An electronic device according to one aspect of the present invention includes a reading unit that reads biological information in an electronic device that includes a nonvolatile memory and can be connected to an information processing device, and a user based on the biological information read by the reading unit. An authentication unit that performs authentication of the file, and when connected to the information processing apparatus, the file stored in the non-volatile memory even if there is a request from the information processing apparatus before the authentication by the authentication unit is successful Notification means for notifying the information processing apparatus of information related to the file stored in the nonvolatile memory in response to a request from the information processing apparatus after successful authentication by the authentication means without notifying information With.

  An information processing method according to one aspect of the present invention is an information processing method for an electronic device that includes a nonvolatile memory and can be connected to an information processing device. And when connected to the information processing apparatus, the authentication succeeds without notifying information about the file stored in the non-volatile memory even if there is a request from the information processing apparatus before the authentication is successful. Then, in response to a request from the information processing apparatus, the information processing apparatus includes a step of notifying the information processing apparatus of information relating to the file stored in the nonvolatile memory.

  In one aspect of the present invention, biometric information is read, and user authentication is performed based on the read biometric information. When connected to the information processing apparatus, even if there is a request from the information processing apparatus before the authentication is successful, the information about the file stored in the nonvolatile memory is not notified, and after the authentication is successful, In response to a request from the information processing apparatus, information on the file stored in the nonvolatile memory is notified to the information processing apparatus.

  According to one aspect of the present invention, an intuitive interface can be realized in an information processing apparatus to which an electronic device is connected.

  Embodiments of the present invention will be described below. Correspondences between the constituent elements of the present invention and the embodiments described in the specification or the drawings are exemplified as follows. This description is intended to confirm that the embodiments supporting the present invention are described in the specification or the drawings. Therefore, even if there is an embodiment which is described in the specification or the drawings but is not described here as an embodiment corresponding to the constituent elements of the present invention, that is not the case. It does not mean that the form does not correspond to the constituent requirements. On the contrary, even if an embodiment is described herein as corresponding to the invention, this does not mean that the embodiment does not correspond to other than the configuration requirements. .

  The electronic device according to one aspect of the present invention (for example, the USB memory 1 with fingerprint collation function in FIG. 1) has a built-in nonvolatile memory and is an electronic device that can be connected to an information processing device. 2 is connected to the information processing apparatus, the fingerprint sensor 11) of FIG. 2, the authentication means for authenticating the user based on the biometric information read by the reading means (for example, the fingerprint collation engine 37 of FIG. 2). If the authentication means succeeds, the authentication means succeeds without notifying the information about the file stored in the nonvolatile memory even if there is a request from the information processing apparatus before the authentication means succeeds. Thereafter, in response to a request from the information processing apparatus, notification means for notifying the information processing apparatus of information related to the file stored in the nonvolatile memory ( Eg to and a command processing unit 51) of Figure 4.

  An information processing method according to one aspect of the present invention is an information processing method of an electronic device (for example, the USB memory 1 with a fingerprint matching function in FIG. 1) that includes a nonvolatile memory and can be connected to an information processing device. When the user is authenticated based on the read biometric information and connected to the information processing apparatus, even if there is a request from the information processing apparatus before the authentication is successful, it is stored in the nonvolatile memory. A step of notifying the information processing apparatus of information related to the file stored in the non-volatile memory in response to a request from the information processing apparatus after successful authentication without notifying information regarding the file being stored ( For example, step S61) of FIG. 13 is included.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing an example of the appearance of a USB memory 1 with a fingerprint verification function according to an embodiment of the present invention.

  A USB memory 1 with a fingerprint verification function (hereinafter simply referred to as a USB memory 1) has a box-shaped housing, and a USB terminal 1A provided on the side surface of the housing is inserted into a personal computer provided with a USB terminal. Connected.

  The USB memory 1 has a built-in flash memory, and the user inserts the USB memory 1 into a personal computer and causes the personal computer to recognize the USB memory 1 as an external storage medium. Can be stored in the USB memory 1.

  A fingerprint sensor 11 is exposed on the surface of the housing of the USB memory 1. When the user uses the USB memory 1 as a storage medium outside the personal computer, the user needs to collate the fingerprint by placing the finger pad on the fingerprint sensor 11 with the USB memory 1 inserted into the personal computer. is there. The user's fingerprint data read by the fingerprint sensor 11 is registered in advance by the user and collated with the fingerprint data stored in the USB memory 1 by the USB memory 1. Data can be stored in the memory 1 from the personal computer, and data stored in the USB memory 1 can be read out from the personal computer.

  A finger placement instruction LED (Light Emitting Diode) 12 is also provided on the housing surface of the USB memory 1. The finger placement instruction LED 12 starts blinking when the USB memory 1 is inserted into the personal computer and power is supplied from the personal computer, thereby placing the finger on the fingerprint sensor 11 and performing authentication by fingerprint. Prompt the user.

  Even when the USB memory 1 having such an appearance is inserted into the USB terminal of the personal computer, even if there is a request from the personal computer immediately after being inserted, it is stored in the internal flash memory. It has a function of notifying the personal computer of information relating to a file in response to a request made after successful authentication of a user by a fingerprint without notifying information relating to the existing file.

  Immediately after the USB memory 1 is inserted, only information about the device indicating that it is an external storage medium is notified, so that the personal computer has detected the USB memory 1 as a removable disk drive. Is displayed first, and after the authentication is successful, an icon representing a file stored in the USB memory 1 is displayed based on information notified from the USB memory 1.

  By performing such display on the personal computer, the user intuitively understands that the authentication is successful and the file stored in the USB memory 1 can be read out. Can do.

  The processing of the USB memory 1 when the above screen display is performed in the personal computer will be described later with reference to a flowchart.

  FIG. 2 is a block diagram illustrating a hardware configuration example of the USB memory 1. The same components as those shown in FIG.

  In the example of FIG. 2, a host PC (Personal Computer) 2 is shown as a USB host device. The USB memory 1 that is a USB target device performs processing in response to a request from the connected host PC 2.

  As shown in FIG. 2, the USB memory 1 basically has a fingerprint sensor 11, a finger placement instruction LED 12, a flash memory 22, and a crystal for a controller LSI (Large Scale Integrated Circuit) 21 that is a USB target controller. It is configured by connecting the oscillator 23. At least some of these configurations operate using power supplied when the USB memory 1 is plugged into the USB terminal of the host PC 2.

  The controller LSI 21 includes a USB I / F (Interface) 31, an LED controller 32, a CPU (Central Processing Unit) 33, a cryptographic engine 34, an EEPROM (Electrically Erasable and Programmable Read Only Memory) 35, a program RAM / ROM (Random Access Memory). / Read Only Memory) 36, fingerprint collation engine 37, PLL (Phase Lock Loop) 38, and flash memory I / F 39 are connected via a bus 40.

  The USB I / F 31 communicates with the host PC 2 according to the USB standard. The USB I / F 31 receives data transmitted from the host PC 2 and outputs the received data to the bus 40. The data output to the bus 40 is encrypted by the encryption engine 34, supplied to the flash memory I / F 39, and stored in the flash memory 22.

  When the data read from the flash memory 22 by the flash memory I / F 39 and decrypted by the cryptographic engine 34 is supplied via the bus 40, the USB I / F 31 transmits the data to the host PC 2.

  The LED controller 32 causes the finger placement instruction LED 12 to emit light according to control by the CPU 33.

  The CPU 33 controls the operation of each unit connected via the bus 40 by expanding and executing a program stored in the ROM in the program RAM / ROM 36 in the RAM. For example, the CPU 33 controls the access to the flash memory 22 by the host PC 2 and permits the access to the flash memory 22 when notified from the fingerprint collation engine 37 that the authentication by the fingerprint is successful.

  The encryption engine 34 is obtained by encrypting and encrypting the data to be written transmitted from the host PC 2 using the encryption key stored in the EEPROM 35 when the data to be written is supplied via the bus 40. The data is output to the flash memory I / F 39.

  Also, the encryption engine 34 reads the data stored in the flash memory 22 by the flash memory I / F 39, and when the read data is supplied, the encryption applied to the supplied data is stored in the EEPROM 35. Is decrypted using the encryption key stored in, and the data obtained by the decryption is output to the USB I / F 31 and transmitted to the host PC 2.

  The EEPROM 35 stores encryption keys such as RSA, AES (Advanced Encryption Standard), and DES (Data Encryption Standard). The encryption key stored in the EEPROM 35 is appropriately read out by the encryption engine 34 and is used for data encryption or decryption of the encrypted data. For example, when a fingerprint is registered by the user, the encryption key stored in the EEPROM 35 is generated using a part of the registered fingerprint data and data stored in advance in the EEPROM 35.

  The program RAM / ROM 36 stores various data necessary for the CPU 33 to execute various processes in addition to the program executed by the CPU 33.

  When the integrated value of the signal level of the RF signal output by reading a fingerprint in a plurality of relatively narrow ranges set in the fingerprint sensor 11 exceeds a threshold value, the fingerprint collation engine 37 moves the finger to the fingerprint sensor 11. It is determined that it has been placed, and reading of the fingerprint is started.

  The fingerprint collation engine 37 uses the fingerprint read based on the output from the fingerprint sensor 11 as a collation target fingerprint, and collates features using a fingerprint template stored in the flash memory 22. When the characteristics of the fingerprint to be verified match the characteristics represented by the fingerprint template, the fingerprint verification engine 37 determines that the user who placed the finger on the fingerprint sensor 11 is a valid user, and authentication by the fingerprint is successful. This is notified to the CPU 33.

  The fingerprint template is stored in the flash memory 22 in a state of being encrypted with the encryption key stored in the EEPROM 35. When performing fingerprint verification, the fingerprint verification engine 37 is supplied with the fingerprint template decrypted by the cryptographic engine 34 using the cryptographic key.

  The PLL 38 generates a clock necessary for each part in the controller LSI 21 to operate based on the clock supplied from the crystal oscillator 23, and supplies the generated clock to each part.

  The flash memory I / F 39 controls writing of data to the flash memory 22 or reading of data stored in the flash memory 22.

  For example, the flash memory I / F 39 causes the flash memory 22 to store the data encrypted by the cryptographic engine 34 and supplied via the bus 40. Further, the flash memory I / F 39 reads the data stored in the flash memory 22 in an encrypted state, and outputs the read data to the encryption engine 34 via the bus 40.

  The flash memory 22 stores various data according to control by the flash memory I / F 39.

  The crystal oscillator 23 outputs a clock having a predetermined frequency to the PLL 38.

  FIG. 3 is a diagram illustrating an example of a region formed in the flash memory 22.

As shown in FIG. 3, the entire storage area of the flash memory 22 is divided into an area A ₁ and an area A ₂ .

In the area A ₁ , a fingerprint template and a secret key (individual key) encrypted using the encryption key stored in the EEPROM 35 are stored. This area A ₁ is an area in which information relating to stored data is not notified from the USB memory 1 to the host PC 2 and cannot be accessed from the host PC 2 even after successful fingerprint authentication. .

The secret key stored in the area A ₁ is used to decrypt the data encrypted in another apparatus using the corresponding public key. The secret key is used to generate electronic signature data to be added to data created by the user using the host PC 2.

  As described above, the USB memory 1 stores a key used for realizing a PKI (Public Key Infrastructure), a key used for data encryption and decryption, and the USB memory 1 is used as a hardware token. It also has the function of

On the other hand, in the area A ₂ , data encrypted using the encryption key stored in the EEPROM 35 is stored. After the fingerprint authentication is successful, the area A ₂ becomes an area accessible from the host PC 2, and data (file) can be stored from the host PC 2, and the data stored in the area can be read by the host PC 2. It becomes.

Data encryption when data is stored in the area A ₂ and data decryption when data stored in the area A ₂ is read out in accordance with a command transmitted from the host PC 2 Since it is automatically performed in the USB memory 1, it is not necessary for the host PC 2 to be aware of encryption processing when reading and writing data.

  FIG. 4 is a block diagram illustrating a functional configuration example of the USB memory 1. At least a part of the functional units shown in FIG. 4 is realized by the CPU 33 shown in FIG. 2 executing a predetermined program.

  As shown in FIG. 4, a command processing unit 51 and a file management unit 52 are realized in the USB memory 1. The notification from the fingerprint verification engine 37 that the authentication has succeeded and the notification that the authentication has failed are input to the command processing unit 51 and the file management unit 52.

  When the command transmitted from the host PC 2 is received by the USB I / F 31 and supplied, the command processing unit 51 performs processing according to the command and notifies the host PC 2 of the processing result. From the host PC 2 that uses the USB memory 1 that is a mass storage device, commands defined by a command system such as SFF-8070i are transmitted according to a transfer protocol such as Bulk-Only Transport.

  For example, when an inquiry command is transmitted from the host PC 2 and device information is requested, the command processing unit 51 notifies the host PC 2 of device information such as a vendor ID, product ID, and media type as a processing result. Device information such as a vendor ID, product ID, and media type is managed by the command processing unit 51, for example.

  Further, when a Read Capacity command is transmitted from the host PC 2 and information on the capacity of the removable disk (flash memory 22) is requested, the command processing unit 51 inserts the removable disk before the authentication by the fingerprint verification engine 37 is successful. Information regarding the file stored in the flash memory 22 obtained by notifying the host PC 2 as a processing result (No Medium) as a processing result and making an inquiry to the file management unit 52 after successful authentication by the fingerprint collation engine 37 To the host PC 2 as a processing result.

  The file management unit 52 manages the files stored in the flash memory 22 by controlling the flash memory I / F 39. The file management unit 52 is notified from the fingerprint collation engine 37 that the authentication is successful, and when the command processing unit 51 receives an inquiry about information stored in the flash memory 22, the file management unit 52 stores the information in the flash memory 22. The command processing unit 51 is notified of information regarding the existing file. In addition, when the file to be written is transmitted from the host PC 2 together with the Write command and the file is supplied via the command processing unit 51, the file management unit 52 stores the file in the flash memory 22.

  FIG. 5 is a block diagram illustrating a hardware configuration example of the host PC 2.

  The CPU 61 executes various processes according to a program stored in the ROM 62 or a program loaded from the storage unit 68 to the RAM 63. The RAM 63 also appropriately stores data necessary for the CPU 61 to execute various processes.

  The CPU 61, ROM 62, and RAM 63 are connected to each other via a bus 64. An input / output interface 65 is also connected to the bus 64.

  The input / output interface 65 includes an input unit 66 including a keyboard and a mouse, a display 67 including an LCD (Liquid Crystal Display), a storage unit 68 including a hard disk, and a communication unit 69 including a network terminal. It is connected.

  A USB controller 70 that is a USB host controller is also connected to the input / output interface 65. The USB controller 70 communicates with the USB memory 1 inserted into a USB terminal provided on the housing of the host PC 2.

  A drive 71 is also connected to the input / output interface 65 as necessary, and a removable medium 72 composed of a magnetic disk, an optical disk, a magneto-optical disk, a memory card, or the like is appropriately mounted. The computer program read from the removable medium 72 is installed in the storage unit 68 as necessary.

  FIG. 6 is a diagram illustrating a software configuration example of the host PC 2. The host PC 2 is equipped with an OS (Operating System) such as Windows (registered trademark).

  As shown in FIG. 6, the host PC 2 has a hierarchical software configuration including a USB driver 81, a class driver 82, a driver interface 83, a file system 84, and an application 85.

  The USB driver 81 performs USB logical communication control independent of the controller and class (classification defined for each application, such as HID class, communication class, printer class, and mass storage class). A command is issued according to the USB memory 1 which is a mass storage device, and communication control is performed.

  The driver interface 83 and the file system 84 are upper protocols, and the application 85 is an application program using the USB memory 1. A display indicating that the USB memory 1 has been detected and a display of an icon representing a file stored in the flash memory 22 are managed by the application 85.

  Here, the transition of the screen displayed on the host PC 2 will be described.

  FIG. 7 is a diagram showing an example of a screen displayed on the display 67 of the host PC 2 before the USB memory 1 is inserted.

  When the “My Computer” function is selected from the “Desktop” of Windows (registered trademark), a window 101 as shown in FIG.

  In the example of FIG. 7, the window 101 mainly includes an address field 101A and an icon display field 101B on which various icons are displayed. In the address field 101A, the function of “My computer” is selected for the window 101. "My computer" is displayed to indicate that the window is displayed at the time.

  In the icon display column 101B, an icon 111 representing a hard disk drive with the name “C: drive”, an icon 112 representing a hard disk drive with the name “D: drive”, and the name “E: drive” are displayed. 113 representing a memory card drive for which “F: drive” is set, an icon 114 representing a memory card drive for which the name “F: drive” is set, and a DVD / CD-RW drive set for the name “G: drive” Is displayed. For example, the user can display a list of files stored in “C: drive” by placing the mouse pointer on the icon 111 and performing a double click operation.

  When the USB memory 1 is inserted into the USB terminal while the window 101 is displayed and the host PC 2 detects that the USB memory 1 is connected, the display of the window 101 is switched to the display of FIG.

  In the example of FIG. 8, in addition to the icons 111 to 115, an icon 116 representing a removable disk drive to which the name “H: drive” is set is displayed in the icon display column 101B.

  For example, when the user performs a double click operation by placing the mouse pointer on the icon 116 before performing fingerprint authentication, the user may insert a removable disk into the “H: drive” as shown in FIG. A prompt message appears. In the example of FIG. 9, a window 121 is displayed over the window 101, and a message “H: Please insert a disc into the drive.” Is displayed there.

  On the other hand, when the user performs authentication by fingerprint while the window 101 of FIG. 8 is displayed and the authentication is successful, the USB memory 1 sends the flash memory 22 to the host PC 2 from the USB memory 1 in response to a request from the host PC 2. Information on the stored file is notified, and the display of the window 101 is switched to the display of FIG. 10 based on the notified information.

  In the example of FIG. 10, the letters “H: ¥” are displayed in the address field 101A, and the information of the files stored in the removable disk inserted in “H: drive” is displayed in the window 101. It has been shown.

  In addition, in the icon display column 101B, an icon 131 representing a file with the name “2007 calendar.pdf” is displayed based on the information notified from the USB memory 1. A file in which the name “2007 calendar.pdf” is set is a file stored in the flash memory 22 of the USB memory 1.

  When the mouse pointer is placed on the icon 131 and the user performs a double click operation, a file in which the name “2007 calendar.pdf” is set is read from the flash memory 22 by the host PC 2 and executed on the host PC 2. The

  As described above, in response to the detection that the USB memory 1 is connected, the host PC 2 recognizes that the drive in which the removable disk is not inserted is connected, and an icon representing the drive is displayed. Is displayed. In addition, according to the successful authentication by the fingerprint, an icon representing a file stored in the removable disk that is recognized as being inserted, that is, the flash memory 22 is displayed as if the removable disk was inserted. The

  Before the authentication is successful, the USB memory 1 notifies the host PC 2 only of information related to the device of the USB memory 1 as a drive. After the authentication is successful, the information is stored in the flash memory 22 as a removable disk. Information about the file will be notified.

  Accordingly, the user can intuitively understand that the file stored in the flash memory 22 can be opened because the authentication is successful.

  Here, the switching of the display when the “My Computer” function is selected by the user and the “My Computer” window is displayed has been described. However, the “My Computer” window is displayed. If not, the window 101 shown in FIG. 7 to FIG. 9 is not displayed, and a window as shown in FIG. 10 is displayed in which an icon representing a file is directly displayed when the user authenticates and succeeds. 101 is displayed. By inserting the USB memory 1 into the host PC 2 and placing a finger on the fingerprint sensor 11, a folder for storing files stored in the flash memory 22 is automatically opened and an icon is displayed.

  Also by this, the user can intuitively understand that the file stored in the flash memory 22 can be opened because the authentication is successful.

  Next, processing of the USB memory 1 will be described.

  First, the process of the USB memory 1 for registering a fingerprint will be described with reference to the flowchart of FIG.

  This process is started when the user instructs to register the fingerprint by operating the host PC 2 to which the USB memory 1 is connected. When the user instructs to register the fingerprint, a command instructing to start the fingerprint registration is transmitted from the host PC 2 to the USB memory 1.

  In step S1, the fingerprint collation engine 37 determines whether or not a finger is placed on the fingerprint sensor 11, and waits until it is determined that the finger is placed.

  If it is determined in step S1 that the finger is placed, in step S2, the fingerprint collation engine 37 takes in the RF signal supplied from the fingerprint sensor 11 as fingerprint reading data.

  In step S <b> 3, the fingerprint collation engine 37 takes out data representing the characteristics of the fingerprint read by the fingerprint sensor 11 as a fingerprint template. The fingerprint template extracted by the fingerprint verification engine 37 is output to the cryptographic engine 34 via the bus 40.

In step S4, the cryptographic engine 34 encrypts the fingerprint template using the encryption key stored in the EEPROM 35, outputs the encrypted fingerprint template to the flash memory I / F 39, and outputs the area A _{1 of the} flash memory 22 (FIG. 3). The fingerprint template may be stored in the EEPROM 35 instead of the flash memory 22 after being encrypted using the encryption key.

  Next, processing of the USB memory 1 that performs user authentication will be described with reference to the flowchart of FIG. Here, the processing performed in the USB memory 1 will be described, and the exchange between the host PC 2 and the USB memory 1 at the time of authentication will be described later.

  This process is started when the user inserts the USB memory 1 into the USB terminal of the host PC 2. When the USB memory 1 is inserted into the USB terminal of the host PC 2, power is supplied from the host PC 2 to the USB memory 1, and the USB memory 1 is turned on.

  In step S11, the fingerprint collation engine 37 determines whether or not a finger is placed on the fingerprint sensor 11, and waits until it is determined that the finger is placed.

  If it is determined in step S11 that the finger has been placed, the fingerprint collation engine 37 takes in the fingerprint reading data based on the RF signal supplied from the fingerprint sensor 11 in step S12.

  In step S13, the fingerprint collation engine 37 uses the fingerprint represented by the fingerprint read data as the fingerprint to be collated, and decrypts it with the feature extracted from the fingerprint to be collated and the encryption key stored in the EEPROM 35. Is collated with the feature represented by the fingerprint template supplied from.

  In step S14, the fingerprint collation engine 37 determines whether or not the authentication is successful based on the collation result of the fingerprint feature. The CPU 33 is notified of the determination result as to whether or not the authentication is successful.

  If the feature extracted from the fingerprint to be verified does not match the feature represented by the fingerprint template, the process ends if it is determined in step S14 that the authentication has failed.

  On the other hand, if it is determined in step S14 that the authentication is successful, in step S15, the CPU 33 permits the host PC 2 to access the flash memory 22, writes the data supplied from the host PC 2, and designates it from the host PC 2. Control reading of the read data. Thereafter, the process is terminated.

  As described above, since authentication is performed in the USB memory 1, the user does not need to install a dedicated application for authentication in the host PC 2. As a result, a USB memory that is very easy to use and secure is realized.

  Next, processing of the USB memory 1 and the host PC 2 will be described with reference to the flowchart of FIG.

  When the user inserts the USB memory 1 into the USB terminal of the host PC 2 and the USB memory 1 is turned on, and the host PC 2 detects that the USB memory 1 is inserted, in step S31, the host The CPU 61 of the PC 2 (the class driver 82 loaded by the CPU 61) transmits an Inquiry command to the USB memory 1.

  In step S51, the command processing unit 51 of the USB memory 1 receives the inquiry command transmitted from the host PC 2.

  In step S52, the command processing unit 51 transmits device information such as a vendor ID, product ID, and media type to the host PC 2 as a processing result.

  In step S <b> 32, the CPU 61 of the host PC 2 receives the device information transmitted from the USB memory 1.

  When the “My computer” function is selected by the user and the “My computer” window is displayed, the CPU 61 displays an icon representing the drive of the removable disk in step S33 as shown in FIG. Such a window is displayed on the display 67.

  In step S <b> 34, the CPU 61 of the host PC 2 transmits a Read Capacity command to the USB memory 1.

  In step S53, the command processing unit 51 of the USB memory 1 receives the Read Capacity command transmitted from the host PC 2, and if the fingerprint verification engine 37 has not notified that the user authentication has been successful, step S54 is performed. The notification (No Medium) that the removable disk is not inserted is returned to the host PC 2 as the processing result.

  In step S35, the CPU 61 of the host PC 2 receives the notification from the USB memory 1. In this state where the information about the file stored in the flash memory 22 has not been notified from the USB memory 1, a mouse pointer is placed on the icon representing the drive and a double click operation is performed. As shown, a message prompting you to insert a removable disk is displayed.

  In step S 36, the CPU 61 of the host PC 2 transmits a Test Unit Ready command to the USB memory 1. Transmission of the Test Unit Ready command is repeatedly performed at a predetermined cycle.

  In step S55, the command processing unit 51 of the USB memory 1 receives the Test Unit Ready command transmitted from the host PC 2, and if the fingerprint verification engine 37 has not notified that the user authentication has been successful, In S56, a notification that the removable disk is not inserted is returned to the host PC 2. The notification that the removable disk is not inserted is repeated every time a Test Unit Ready command is transmitted from the host PC 2.

  For example, when the user places a finger on the fingerprint sensor 11, the authentication process as described with reference to FIG. 12 is performed in the USB memory 1 in step S 57.

  In step S38, the CPU 61 of the host PC 2 transmits a Test Unit Ready command to the USB memory 1 again.

  In step S58, the command processing unit 51 of the USB memory 1 receives the Test Unit Ready command transmitted from the host PC 2, and the fingerprint verification engine 37 is notified that the authentication performed in step S57 has been successful. In this case, in step S59, the host PC 2 is notified that the removable disk is ready (returns OK).

  In step S39, the CPU 61 of the host PC 2 receives the notification from the USB memory 1, and transmits a Read Capacity command to the USB memory 1 in step S40.

  In step S60, the command processing unit 51 of the USB memory 1 receives the Read Capacity command transmitted from the host PC 2, and manages information regarding the capacity of the flash memory 22 and information regarding the files stored in the flash memory 22. The unit 52 is inquired.

  In step S61, the command processing unit 51 notifies the host PC 2 of information acquired by making an inquiry to the file management unit 52 as a processing result.

  In step S41, the CPU 61 of the host PC 2 receives the notification from the USB memory 1, and in step S42, displays a window as shown in FIG. 10 in which an icon representing a file stored in the flash memory 22 is displayed on the display 67. To display and finish the process.

  Thereafter, when a mouse pointer is placed on an icon representing a file and a double click operation is performed, the file is read from the flash memory 22 and executed on the host PC 2.

  In the above description, the user authentication is performed by the fingerprint read by the fingerprint sensor 11. However, the user authentication is not necessarily performed by the fingerprint, and any other device can be used as long as the user authentication can be performed in the USB memory 1. Biometric authentication may be performed. For example, the user can be authenticated by an iris or palm print.

  When the touch panel is provided on the USB memory 1, the user may be authenticated by a password input by tracing the surface with a finger.

  The series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software executes various functions by installing a computer incorporated in dedicated hardware or various programs. It is installed from a program recording medium into a device capable of processing.

  The program executed by the device is, for example, from a magnetic disk (including a flexible disk), an optical disk (CD-ROM (Compact Disc-Read Only Memory), DVD (Digital Versatile Disc), etc.), a magneto-optical disk, or a semiconductor memory. Or is provided via a wired or wireless transmission medium such as a local area network, the Internet, or digital satellite broadcasting.

  Note that the program executed by the device may be a program that is processed in time series in the order described in this specification, or in parallel or at a necessary timing such as when a call is made. It may be a program for processing.

  The embodiments of the present invention are not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the present invention.

It is a figure which shows the example of the external appearance of the USB memory with a fingerprint collation function which concerns on one Embodiment of this invention. It is a block diagram which shows the hardware structural example of the USB memory with a fingerprint collation function. It is a figure which shows the example of the area | region formed in flash memory. It is a block diagram which shows the function structural example of the USB memory with a fingerprint collation function. It is a block diagram which shows the hardware structural example of host PC. It is a block diagram which shows the software structural example of host PC. It is a figure which shows the example of the screen displayed on host PC. It is a figure which shows the example of the other screen displayed on host PC. It is a figure which shows the example of the other screen displayed on host PC. It is a figure which shows the example of the screen displayed on host PC. It is a flowchart explaining the fingerprint registration process of the USB memory with a fingerprint collation function. It is a flowchart explaining the authentication process of the USB memory with a fingerprint collation function. 10 is a flowchart for explaining processing of a USB memory with a fingerprint verification function and a host PC.

Explanation of symbols

  1 USB memory with fingerprint verification function, 2 Host PC, 11 Fingerprint sensor, 12 Finger placement instruction LED, 21 Controller LSI, 22 Flash memory, 23 Crystal oscillator, 31 USB I / F, 32 LED controller, 33 CPU, 34 Cryptographic engine, 35 EEPROM, 36 program RAM / ROM, 37 fingerprint verification engine, 38 PLL, 39 flash memory I / F, 51 command processing unit, 52 file management unit

Claims (2)

In an electronic device that has a built-in nonvolatile memory and can be connected to an information processing device,
Reading means for reading biological information;
Authentication means for authenticating a user based on the biometric information read by the reading means;
When connected to the information processing device, before authentication by the authentication means is successful, even if there is a request from the information processing device, the information about the file stored in the nonvolatile memory is not notified, An electronic device comprising: notification means for notifying the information processing apparatus of information relating to a file stored in the nonvolatile memory in response to a request from the information processing apparatus after successful authentication by the authentication means. In an information processing method of an electronic device that has a built-in nonvolatile memory and can be connected to an information processing device,
Read biological information,
User authentication is performed based on the read biometric information,
When connected to the information processing apparatus, after successful authentication without notification of information about the file stored in the non-volatile memory even if there is a request from the information processing apparatus before the authentication is successful An information processing method including a step of notifying the information processing apparatus of information related to a file stored in the nonvolatile memory in response to a request from the information processing apparatus.

Images