JPH02116924A - Data secret protecting system - Google Patents

Abstract

PURPOSE:To surely protect a secret of data recorded in a recording medium by specifying a data format of the recording medium, and also, recording user's intrinsic information in an information reference area provided on the recording medium. CONSTITUTION:User's intrinsic information being fingerprint image information which is read out of an information reference area of an optical disk 3 stored in an image buffer 22 of a disk drive device 2, and for instance, a fingerprint being user's comparing information which is inputted by an image scanner 4 stored in an image buffer 21 are compared, and when they coincide with each other, a directory data area is reproduced from the optical disk 3, and a file name in directory data and a file name instructed by a user are compared by a host computor 1. When both of them coincide with each other, image data of the file name instructed by the user is reproduced from a user data area of the optical disk 3, supplied to a display device 5, and a user's desired image is displayed.

Description

DETAILED DESCRIPTION OF THE INVENTION [Field of Industrial Application] The present invention relates to a management system for data recorded on optical recording media, magnetic recording media, and the like.

[Conventional technology]

A data file system is known as a system using large-capacity recording media such as optical disks and magnetic disks, which records and manages a large amount of necessary data on the recording medium, but this data file system is also used in various fields. For example, it has come to be used to manage data that is only available to designated people, such as personal data. An example of a system for managing this personal data is a medical data management system, which stores personal X-ray photographs and the like, and which must be kept confidential from others. There is.

On the other hand, an IC card system is conventionally known as a data file system that maintains the confidentiality of personal data. This uses an IC card that has a built-in microcomputer and memory, and the necessary data is stored in the memory and a password is stored in the microcomputer. The microcomputer can read data from the memory only when the password matches the password stored in the computer.

[Problem to be solved by the invention]

In the above-mentioned IC card system, the microcomputer in the IC card determines whether or not data can be read from the memory depending on whether the PIN number matches or does not match, as described above. A high level of confidentiality can be maintained. In other words, the microcomputer, which is the means for reading data from the memory, is built into the IC card together with this memory, and it operates only by a password; the microcomputer cannot operate by any other means, so the confidentiality of the data cannot be guaranteed. It can be maintained.

On the other hand, recording media such as optical disks and magnetic disks only record data, and data can be easily read by attaching them to a drive device. In contrast to an IC card system, it is conceivable to use a password to determine whether or not the drive device can read data from the recording medium.
This is possible with a specific drive device, and data reading can be easily performed using other drive devices or existing drive devices that do not require a password.

As described above, it has conventionally been impossible to maintain the confidentiality of data in file systems using optical disks, magnetic disks, and the like.

SUMMARY OF THE INVENTION An object of the present invention is to provide a data secrecy protection system that solves these problems and makes it possible to protect the secrecy of data recorded on a recording medium.

[Means to solve the problem]

In order to achieve the above object, the present invention specifies the data format of a recording medium, and at least one information reference area is provided on the recording medium, and user-specific information is recorded in the information reference area. and when the comparison information input from the outside is compared with the user-specific information read from the recording medium in a system that reproduces data from the recording medium in the specific format, and the two match. Only the system allows reproduction of the data from the recording medium.

Further, the present invention provides a recording medium having a user data area and a directory data area, and when the user-specific information and the comparison information do not match, reproduction of the directory data from the directory data area is disabled, or The directory data reproduced from the directory data area is made unreadable.

[Effect]

Since the data recorded on the recording medium is in a specific format, the data can only be reproduced by a drive device that handles this specific format. As a result, a drive device capable of data reproduction is specified. Moreover, even if the recording medium is used in a drive device that is capable of data reproduction, if the input comparison information does not match the user-specific information recorded on the recording medium, data reproduction from the recording medium will not be possible. is not carried out. Information such as fingerprints, handwriting, and seals can be used as the user-specific information, making it possible to identify individuals.

Therefore, complete data security will be achieved.

Furthermore, when the user-specific information and the comparison information do not match, by making the directory data impossible to reproduce or read, it is possible to leave traces that the recording medium has been used illegally. It is possible to reliably prevent data reproduction in case of unauthorized use.

〔Example〕

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing an embodiment of the data security protection system according to the present invention, in which 1 is a host computer, 2 is a
is a disk drive device, 21°22 is an image buffer,
3 is an optical disk, 4 is an image scanner, and 5 is a display device.

In the figure, the optical disc 3 is, for example, 15O-91
This is a 5.25-inch optical disc with a cartridge conforming to the 71 standard, and has a user data area and a directory data area. The user data area records a large amount of image data that requires confidentiality protection, such as X-ray photographs, and the directory data area stores directories such as the start address, data length, file name, date, etc. for each image data. Data is recorded. Here, these image data and directory data are recorded in a specific format, and furthermore,
On the optical disc 3, specific information (hereinafter referred to as this) representing an individual user such as the owner of this optical disc 3 is stored in a specific area (hereinafter referred to as an information reference area) different from these user data areas and directory data areas. (referred to as user-specific information) is recorded. This user-specific information includes information representing physical characteristics such as fingerprints, fundus patterns, and facial photographs, information representing characteristics generated by the user such as handwriting and voice prints, and information representing characteristics of the user's possessions such as seals. used. It may be a PIN number consisting of a numerical pattern.

When the user-specific information K is image information such as a fingerprint, the image scanner 4 is a means for inputting image information such as a fingerprint of a user who uses the optical disc 3 mounted on the disc drive device 2.

If the user-specific information is a voiceprint, a microphone is used as the input means, and if the user-specific information is a password, a keyboard is used. Hereinafter, the information input from such input means will be referred to as comparison information, but here, such comparison information will be explained as image information.

The disk drive device 2 includes two image buffers 21,
22 and comparison means (not shown), the image buffer 21 stores comparison information input from the image scanner 4 after being processed by the host computer 1, and the image buffer 22 stores comparison information input from the optical disk 3. The read user specific information is stored.

Next, the operation of this embodiment will be explained using FIG. 2.

First, when the optical disc 3 is inserted into the disc drive device 2 (step 101), the host computer 1 starts the disc drive device 2 and causes the user unique information, which is fingerprint image information, to be read from the information reference area of the optical disc. The read user specific information is stored in the image buffer 22 of the disk drive device 2 (step 10).
2).

Then, when the user specifies the file name of the image data that the user needs and also inputs the user's comparison information, such as fingerprint image information, using the image scanner 4, the host computer 1 processes this comparison information and processes it into the disk drive device. 2 and stored in its image buffer 21 (step 103).

Next, the disk drive device 2 compares the comparison information with the user-specific information (step 104), and sends the comparison result to the host computer 1. When the comparison information and the user-specific information match, the host computer 1 sends a data reproduction command to the disk drive device 2. As a result, first, the disk drive device 2
reproduces the directory data area from the optical disc 3, and the reproduced directory data is sequentially supplied to the host computer 1. This host computer 1
Then, the file name in this directory data is compared with the file name specified by the user. When the two match, the start address and data length are extracted from the directory data including this file name and supplied to the disk drive device 2, and the image data of the file name specified by the user is reproduced from the user data area of the optical disk 3. let This reproduced image data is converted into an analog image signal by the host computer 1 and supplied to the display device 5. Therefore, the image desired by the user is displayed on the display device 5 (step 105). Thereafter, the optical disc 3 is ejected from the disc drive device 2 according to the user's instructions. (Step 107).

If the comparison information stored in the image buffer 21 of the disk drive device 2 and the user-specific information stored in the image buffer 22 do not match, the host computer 1 prohibits data reproduction from the optical disk 3, and, for example, Error processing is performed to output a message such as "Unsuitable" (step 10G), and after the L has been read, the optical disc 3 is ejected from the disc drive device 2 (step 107).
.

Regarding the comparison when user-specific information is fingerprint image information, for example, at the Autumn National Conference of the Institute of Electronics, Information and Communication Engineers in 1988, a paper titled [Fingerprint Verification Method for Identification of Ownership of an IC Card (NEC)] was presented. has been done.

As described above, in this embodiment, since a specific format is used for the data on the optical disc 3, and since the true user such as the owner is determined by comparing the comparison information and the user-specific information, Only these users can reproduce the data, and the confidentiality of the data recorded on the optical disc 3 is achieved.

In FIG. 1, the image buffers 21 and 22 and the comparison means may be provided in a device other than the disk drive device 2, such as the host computer 1.

Further, the process of registering the user-specific information in the information reference area is performed when the user purchases the optical disc 3, for example, when the vendor or the user himself inputs a fingerprint or the like as the user-specific information from the image scanner 4. The information is recorded on the optical disc 3 under instructions from the host computer l.

Next, another embodiment of the data security system according to the present invention will be described with reference to FIGS. 3 and 4.

Recording media such as optical discs are generally recordable, so if they are used illegally, the recorded desired data may be overwritten and changed or destroyed. be. For this reason, there is also the problem that the reliability of recorded data on the optical disc is reduced.

In particular, regarding recording media that record personal data, it is necessary to protect the confidentiality and improve the reliability of the data. This embodiment is a modification of the embodiment shown in FIG. 1 in which data reliability is further improved. For this reason, the second
In the figure, if the comparison information and user-specific information do not match, it usually means that the optical disc has been used illegally.
In error processing (step 106), traces thereof are also retained within the optical disk.

Figure 3 shows the sector format in the directory area, where “C0NTIN01JS 5
ERVO0PTICAL 512BYTE 5EC
TORFORMAT''.

In the error processing (step 106) shown in FIG. 2, three "[D+CR
The address data representing the pre-formatted track number and sector number of the "C" block is destroyed, and in the recording area where the directory data next to the recording area where this directory data is recorded is recorded, the address data of this recording area is Record the most recently destroyed address data.Then, after performing this processing on the entire directory data area, the previous “user unsuitable”
Outputs the message.

When an optical disc processed in this way is reinserted into a disc drive device, it becomes impossible to determine the recording area in the directory data area.
Unable to play directory data. This makes it clear that the optical disc has been used illegally.

On the other hand, user data that requires confidentiality protection must be recorded on only one optical disc and must be available for use at any time. For this reason, an optical disk whose address data has been destroyed as described above must not be discarded as is, but must be copied onto another optical disk so that it can be reused.

FIG. 4 shows a specific example of a disk drive device that is capable of reproducing user data from an optical disk that has been destroyed in this manner.

In the figure, a disk drive device 6 is provided with a sector mark counter 61 and an address mark counter 62. When an optical disc processed as shown in FIG. 3 is inserted into this disc drive device 6, first,
The data in the directory data area is reproduced.

Therefore, if we now play back the recording area where the address data has been destroyed, it will be impossible to determine the sector in this recording area, but in the next recording area, each sector can be determined because the address data is recorded. As explained earlier, address data of the immediately previous recording area is recorded in this recording area, so this is read out. Now, this recorded address data is in decimal notation (
10)0 to (10)6, the disk drive device 6 reproduces the same track again, and at this time, when reading address data 0009 from the undestructed recording area, the sector mark counter 61 and address mark counter 62 and are reset to 0, respectively. Thereafter, the process moves on to reproducing the destroyed recording area, and each time a sector mark SM is detected in each sector shown in FIG. 3, the sector mark counter 62 counts up by 1, and the address mark AM is The address mark 61 counts up by one each time it is detected. These count values become the address data of the sector, but if the count value of the sector mark counter 61 is 1 and the count value of the address mark counter 62 is 3, it is determined that the sector is address data or (10) 0. be done. Similarly,
If the count value of the sector mark counter 61 is n, 1<, (
When 1≦10, when the count value of the address mark counter 62 is 30, it is determined that the sector is ((10)0+n). In this way, the address data of the destroyed sector is restored, making it possible to reproduce the directory data in each recording area.

Still another embodiment of the data security system according to the present invention for improving the reliability of recorded data on an optical disc will be described with reference to FIGS. 5 to 8.

In this embodiment, the directory data recorded in the directory data area is modulated to make the directory data illegible.

That is, the error processing in FIG. 2 (step 106
), the buoy left data area recorded in the directory data area of the optical disc is destroyed. This makes it impossible to address image data in the user data area. As another example, a specific pattern of data (modulation data) is overwritten on the recorded directory data to modulate the directory data. As a result, although the directory data area is reproduced, the directory data cannot be read. In this case, the original directory data can be restored by using demodulated data of a specific pattern. This makes it possible to copy directory data and user data to other optical discs.

Modulation and demodulation processing of directory data by overwriting in this manner is shown in FIGS. 5 to 7.

Assuming that the directory data has been modulated 2-7, the original data shown as demodulated data in FIG. 5 has been modulated 2-7 into pattern data shown as modulated data.

For such data, there must be one “1” after the “1” bit.
As shown in FIG. 6, without performing modulation by overwriting so that the bits continue, the data before error processing, which is the modulation data in FIG. 5, is converted as data after error processing. The data is no longer 2-7 modulated data, but can no longer be demodulated and the directory data is unreadable.

In order to read such data, it is possible to convert it into 2-7 modulated data by performing demodulation in which the next bit of the "1" bit following the "0" bit is converted to "0". As a result, the original demodulated data can be obtained from the error-processed data shown in FIG. 7, and data can be reproduced from the optical disc and copied to another optical disc.

The program (error program) for modulation processing by destroying or overwriting directory data as described above may be provided in the disk drive device, or may be written in a specific area of the optical disk. In this case, as shown in FIG.
01), the error program is read from this optical disk and stored in the error processing table in the disk drive device 108), and then the same process as shown in Fig. 2 is performed to process the error according to this error program (step 106) Perform the above process.

〔Effect of the invention〕

As described above, according to the present invention, only a user who has registered user-specific information on a recording medium can reproduce data on the recording medium, and data confidentiality can be accurately protected.

Further, according to the present invention, traces of use by a user other than the authorized user of the recording medium can be reliably left behind, and the reliability of recorded data is greatly improved.

[Brief explanation of drawings]

FIG. 1 is a block diagram showing one embodiment of the data security system according to the present invention, FIG. 2 is a flowchart showing its operation, and FIG. 3 is data reproduction in another embodiment of the data security system according to the invention. FIG. 4 is a diagram showing a specific example of a means for reproducing data from a recording medium that has been made unreproducible, and FIGS. FIG. 8 is a diagram showing a data modulation method for making data indistinguishable in still another embodiment of the protection system, and is a flowchart showing its operation. 1...Host computer, 2...Disk drive device, 21.22...Image buffer, 3...Optical disk, 4...Image Scanner, 5...display device. Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 71I @ Figure 8

Claims (10)

[Claims] (1) In a security protection system for data recorded on an optical recording medium, the data is recorded in a specific format on the optical recording medium, and at least one information reference area is provided, and the information reference area is provided with at least one information reference area. Information unique to the user who uses the optical recording medium is recorded on the optical recording medium, and comparison information input from the outside to a system that reproduces data for the specific format and information unique to the user read from the optical recording medium are recorded. 1. A data security protection system, characterized in that the system is able to reproduce the data from the optical recording medium only when the information is compared and the two match. (2) The data security system according to claim (1), characterized in that a comparison processing means for comparing the comparison information and the user-specific information is provided in the drive device for the optical recording medium. (3) The data secret according to claim (1) or (2), wherein the user-specific information is at least one of information such as handwriting, a fingerprint, a seal, a voice print, a facial photograph, and a fundus pattern. Protection method. (4) In claim (1), (2) or (3), the optical recording medium has a user data area in which user data requiring confidentiality protection is recorded and directory data for each of the user data. a directory data area, and wherein the directory data recorded in the directory data area cannot be reproduced when the user-specific information and the comparison information do not match. . (5) The data security system according to claim (4), characterized in that the address data recorded in the directory data area is destroyed every predetermined number of pieces to make it impossible to reproduce the directory data. (6) The data secrecy protection system according to claim (5), characterized in that the destroyed address data can be detected based on the number of times the address part is detected from undestroyed address data. (7) In claim (1), (2) or (3), the optical recording medium has a user data area in which user data requiring confidentiality protection is recorded and directory data for each of the user data. a directory data area, and the data security system is characterized in that the directory data recorded in the directory data area is made unreadable when the user-specific information and the comparison information do not match. (8) A data security system according to claim (7), characterized in that the directory data is modulated by overwriting the directory data with predetermined pattern information to make the directory data unreadable. (9) A data security system according to claim (8), characterized in that the modulated directory data can be demodulated using a predetermined demodulation code. (10) A data security system according to claim (7), characterized in that a program for making the directory data unreadable is recorded in a specific area of the optical recording medium.