KR20110118922A - Apparatus and method for driving record media - Google Patents
Apparatus and method for driving record media Download PDFInfo
- Publication number
- KR20110118922A KR20110118922A KR1020100038320A KR20100038320A KR20110118922A KR 20110118922 A KR20110118922 A KR 20110118922A KR 1020100038320 A KR1020100038320 A KR 1020100038320A KR 20100038320 A KR20100038320 A KR 20100038320A KR 20110118922 A KR20110118922 A KR 20110118922A
- Authority
- KR
- South Korea
- Prior art keywords
- recording medium
- content data
- present
- user
- card
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Abstract
The present invention proposes a recording medium driving apparatus and method for encrypting or decrypting data for a recording medium.
To this end, the password input from the user, the identification information recorded in the flash memory, and the terminal identification information registered in the SIM card are used to allow access to the recording medium with the security function set, and to provide an enhanced security function. In addition to the encryption and decryption procedures, this enables not only data sharing between the combined recording media through a plurality of slots, but also through the USB terminal of an external system to perform data processing with the recording media. .
Description
The present invention relates to a recording medium driving apparatus and method, and more particularly, to a recording medium driving apparatus and method for encrypting or decrypting data for a recording medium.
Recently, portable information devices having card slots in which recording carriers such as IC cards and memory cards are located have been widely used as multifunctional portable information devices such as cellular phones and PDAs (Personal Digital Assistants) have been developed.
For example, telephone directory data, schedule directory data, and image data taken by a digital camera are recorded in such a record carrier attached to the portable information device. The telephone directory data includes a user's telephone number and mail address, and personal information including the name of a person known by the user and their telephone number, mail address, home address, and the like.
Therefore, even if a record carrier or a portable information device with a record carrier is lost, an appropriate protection mechanism is required to prevent anyone other than the user from accessing such data recorded on the record carrier. As an example the record carrier stores certain invalidation codes as well as personal data. When the cellular phone with the record carrier attached is stolen or lost, the user dials the cellular phone and sends the invalidation code to the cellular phone.
The cellular phone then receives the invalidation code and sends it to the record carrier. The record carrier receives an invalidation code from the cellular phone and determines whether the received invalidation code matches the invalidation code previously stored in the recording carrier. If they match, the record carrier locks the personal data and makes it unavailable. In this way, the data stored on the card is protected.
However, due to the security function for the record carrier, there may occur a case where the right to use the content data recorded on the record carrier is blocked even for a user with normal authority.
Therefore, it will be deemed necessary to provide a user with a normal authority to conveniently use an operation of writing or reading data to a record carrier.
The present invention proposes a recording medium driving apparatus and method for encrypting data and storing the data on the recording medium or decrypting the data recorded on the recording medium.
An apparatus for driving a recording medium according to an embodiment of the present invention allows access to a recording medium having a security function set by utilizing a password input from a user, identification information recorded in a flash memory, and terminal identification information registered in a SIM card. In addition, additional encryption and decryption procedures have been added to provide enhanced security, which not only enables data sharing between the combined recording media through a plurality of slots, but also combines and records them through the USB terminal of an external system. To handle data processing with the media.
In addition, the recording medium driving method according to an embodiment of the present invention, by using a password input from the user, identification information recorded in the flash memory and the terminal identification information registered in the SIM card to allow access to the recording medium is set to the security function In addition, additional encryption and decryption procedures have been added to provide enhanced security, which enables data sharing between the combined recording media through a plurality of slots, as well as through the USB terminal of an external system. It should be able to handle data processing with recording media.
In the present invention, a user having normal authority can conveniently use data of a recording medium that provides a security function. On the other hand various other effects will be disclosed directly or implicitly in the detailed description of the embodiments of the present invention to be described later.
1 is a diagram illustrating an example of an operation of receiving content data in a wireless terminal capable of combining with a recording medium;
2 is a diagram illustrating an example of an operation of transmitting content data in a wireless terminal capable of combining with a recording medium;
3 is a view showing an example of a successful reading of encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium;
4 to 6 show examples of failure to read encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium;
7 is a view showing an example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention;
8 is a view showing another example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention;
9 is a diagram showing the configuration of a recording medium driving apparatus having a plurality of memory slots according to an embodiment of the present invention;
10 is a diagram showing a configuration for enhancing encryption and decryption in a recording medium driving apparatus according to an embodiment of the present invention;
FIG. 11 is a view showing an example of a recording medium driving apparatus when the embodiment of the present invention is applied to an SD card only; FIG.
12 is a diagram illustrating an example in which a recording medium driving apparatus according to an exemplary embodiment of the present invention may be implemented as a separate apparatus instead of being embedded in another system;
13 is a view showing the overall configuration of a recording medium driving apparatus that can be proposed according to an embodiment of the present invention.
In the following description of the present invention, detailed descriptions of well-known functions or configurations will be omitted if it is determined that the detailed description of the present invention may unnecessarily obscure the subject matter of the present invention. Terms to be described later are terms defined in consideration of functions in the present invention, and may be changed according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout this specification.
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. Meanwhile, in the drawings for describing the present invention, the same elements will be noted with the same reference numerals and symbols as much as possible even though they are shown in different drawings.
1 illustrates an example of an operation of receiving content data in a wireless terminal capable of combining with a recording medium.
Referring to FIG. 1, content data received through an antenna is encrypted by a password input from an LCD & keyboard by a user and terminal identification information registered in an internal flash memory. The encrypted content data is transferred to and recorded in a recording medium such as an SD memory.
2 shows an example of an operation of transmitting content data in a wireless terminal capable of combining with a recording medium.
Referring to FIG. 2, the encrypted content data recorded on the recording medium is read out by a password inputted by the user from the LCD & keyboard, terminal identification information registered in the internal flash memory, and unique supplemental information of the recording medium. . The decrypted encrypted content data is decoded, and the content data that is successfully decoded is transmitted through an antenna.
3 illustrates an example of a successful reading of encrypted content data from a recording medium in a wireless terminal capable of combining with a recording medium.
The example shown in FIG. 3 is the same as the password input from the user through the LCD & keyboard and the terminal identification information registered in the flash memory are applied to the encrypted content data to be read from the recording medium, and the security information on the recording medium. This is the case when the desired encrypted content data is available due to the accuracy.
4 to 6 illustrate examples of failure to read encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium.
In FIG. 4, the terminal identification information registered in the flash memory and the security information of the recording medium are correct. However, as a wrong password is input from the user through the LCD & keyboard, it fails to read the desired encrypted content data from the recording medium. have.
In FIG. 5, when the correct password is input from the user through the LCD & keyboard and the security information of the recording medium is correct, but the terminal identification information registered in the flash memory is incorrect, the desired encrypted content data cannot be read from the recording medium. Is showing.
In FIG. 5, when the correct password is input from the user through the LCD & keyboard and the terminal identification information registered in the flash memory is correct, but the security information of the recording medium is incorrect, reading of the desired encrypted content data from the recording medium fails. Is showing.
7 shows an example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention.
Referring to FIG. 7, a configuration capable of selecting at least one of a terminal ID (Serial Number), a Phone No (SIM Card), and a password as a binding ID has been added. In this case, if Terminal ID (Serial Number) is selected, only the designated terminal can use the content data recorded on the recording medium. If Phone No (SIM Card) is selected, the content data recorded on the recording medium fixed to the telephone number (SIM Card) can be used. If a password is selected, the content data recorded on the recording medium can be used by the password inputted from the user through the user interface even without the terminal and the telephone number information. At this time, the data recorded on the recording medium is encrypted content data.
Of course, the above-described operation can be equally applied to encrypt the content data provided from the outside and to record it on the recording medium. On the other hand, in order to encrypt the content data to be recorded on the recording medium or to read and decrypt the encrypted content data from the recording medium, a separate password is input from the user through the user interface.
8 shows another example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention.
Referring to FIG. 8, the terminal ID (Serial Number) and Phone No (SIM Card) information is bound by the combined information, or bound by the second password inputted from the user through the user interface. It proposes a configuration that can be selected.
For example, when the terminal ID (Serial Number) and Phone No (SIM Card) information are combined and bound, the encrypted content of the recording medium can be used only when a specific terminal and a specific SIM card are included in the specific terminal. It is possible to use the data. Of course, content data may be encrypted and recorded on a recording medium only when a specific terminal and a specific SIM card are included in the specific terminal. On the other hand, in order to encrypt the content data to be recorded on the recording medium or to read and decrypt the encrypted content data from the recording medium, a separate password is input from the user through the user interface.
9 is a block diagram of a recording medium driving apparatus including a plurality of memory slots according to an exemplary embodiment of the present invention.
Referring to FIG. 9, an interface corresponding to two SD CPRMs may be added to the security processor, and the encrypted content data may be read from the master SD card and safely copied to another SD card. To this end, decryption of the encrypted content data read from the master SD card should be performed, and the decrypted content data is encrypted again and recorded on the other SD card. In this case, the decryption of the encrypted content data and the encryption of the decrypted content data should be made according to the security procedure proposed by the present invention. In addition, the contents data decrypted by the Security Processor are not visible at all.
Meanwhile, the password input by the user through the user interface may be set to different passwords for the master SD card and the slave SD card. In FIG. 6, only two SD CPRM interfaces are assumed, but more than one SD CPRM interface may be provided.
10 illustrates a configuration for enhancing encryption and decryption in a recording medium driving apparatus according to an embodiment of the present invention. 10 illustrates a structure of a recording medium for increasing the strength of encryption and decryption of CPRM.
Referring to FIG. 10, the SD CPRM standard defines encryption using a 56-bit long key. But with that much encryption, there is a concern that a strong cryptographic environment can be decrypted. Therefore, a stronger combination of encryption algorithms is required.
Therefore, CPRM-encrypted data is re-encrypted with a stronger encryption algorithm later, using a longer encryption key. At this time, the best encryption may be a method of re-encrypting the title key encrypted with CPRM in addition to the content data. However, if the two-step encryption algorithm is a strong method, it may be applied in an undesired manner. Currently, AES is a representative and strong encryption algorithm.
And you can think that 128 bits is enough for the key length for encryption. But even more powerfully, you can use encryption keys that are 256 bits long.
The encryption key for the two-stage encryption algorithm added in the present invention may be stored in a dedicated memory in the Security Processor, or a password depending on the card media ID generated by the CPRM authentication function may be used. In addition, the method of generating a 128-bit (or 256-bit) encryption key is not limited.
FIG. 11 shows an example of a recording medium driving apparatus when an embodiment of the present invention is applied to an SD card. 11 illustrates a structure in which a non-volatile memory (EEPROM or Flash memory) is mounted inside the Security Processor to encrypt and store an SD card media ID (either Media
Referring to FIG. 11, when authenticating with an SD card, control is performed so that encrypted content data can be read or written only when a card having one or more media IDs registered in the non-volatile memory is connected to the device.
Therefore, it is possible to restrict the SD card media registered in the non-volatile memory to the device. In addition, it is advantageous in terms of safety to maintain the non-volatile memory (Media ID NV Memory) inside the Security Processor. However, physically outside the Security Processor is no problem for the implementation.
According to an embodiment of the present invention, an encryption key and a media ID key used to encrypt and store a media ID in a nonvolatile memory are stored in a nonvolatile memory (mask ROM, EEPROM, etc.). At this time, it does not matter to implement the Media ID NV Memory or Media ID Key Memory by using a separate storage means. In addition, it can be implemented by a common storage means (memory).
12 shows an example in which the recording medium driving apparatus according to the embodiment of the present invention can be implemented as a separate apparatus rather than being embedded in another system.
Referring to FIG. 12, a USB interface is installed inside the Security Processor, so that content data desired to be securely stored on an SD card can be transmitted from a general PC environment via a USB interface.
In this case, the general PC environment refers to an environment in which Mass Storage Class Driver and Explorer, which are installed as standard in a general operating system (OS), can be used without installing a special application or driver. That is, in the past, it was necessary to install a special application or driver compatible with CPRM on a PC, connect a special SD Card Reader / Writer compatible with CPRM through the USB port, and access the SD card (encrypted with CPRM). However, in the present invention, when accessing an encrypted file in an SD card connected to a portable device from a PC, the portable device designates a password (title key) using the user interface. In addition, the Binding ID switch function described above can be used effectively.
13 shows the overall configuration of a recording medium driving apparatus that can be proposed according to an embodiment of the present invention. That is, FIG. 13 includes a file system, a file path analyzer, and an SD / USB driver, which were not shown in the above description.
In this case, the file system may exist inside the security processor or may exist in a higher host microcomputer or a base band processor. However, the file system is an essential component of the system configuration of the present invention.
As a representative example of the file system, FAT16 / FAT32 / exFAT may be employed, and a file system suitable for this method is required for the present invention. If the file system does not exist, it is impossible to access any data recorded on the SD card.
In addition, when accessing a file in a specific folder existing in the SD card, a password is required to enter or a file in a specific folder is encrypted. The file system is also necessary for the determination.
File Path Analyzer, on the other hand, is not normally required when connecting to a Mass Storage Class (MSC) with a PC via a USB interface. However, if you want to encrypt a file in some specified folder, determine which path in the file structure the sector or cluster currently being accessed from your PC belongs to and determine which cluster or sector is in use by a file or directory belonging to a path in a specific folder. In this case, access to the PC is denied or a screen for requesting a password input is displayed on the UI (liquid crystal screen, etc.) of the portable terminal to prompt the user to receive a password. At this time, the File Path Analyzer determines whether the file requires a password or whether a password is not required. That is, this function is necessary when connecting to MSC of USB with encryption or password protection in a specific folder.
In addition, SD / USB Driver is a software layer required to control the hardware of SD card and USB. At this time, the hardware of the SD / USB and the SD / USB Driver are integrated, and are realized as the SD card connection means and the USB connection means. Therefore, embodiments of the present invention do not describe hardware and software separately. However, it is natural to have a hardware and software configuration in an embodiment of the present invention.
The method of dividing the SD / USB driver into hardware and software is not the only example. That is only one embodiment to the last.
Referring to FIG. 13, a major feature of the embodiment of the present invention is that encryption / decryption is performed between the file system and the SD card driver layer. In this part, the information to be handled is not converted in units of files but in units of clusters (or sectors). By encrypting / decrypting here, encryption and decryption can be supported even when connecting to a USB MSC.
Meanwhile, in the detailed description of the present invention, specific embodiments have been described, but various modifications are possible without departing from the scope of the present invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be defined not only by the appended claims, but also by the equivalents of the claims.
Claims (1)
Allowing access to a recording medium having a security function set using a password input from a user, identification information recorded in a flash memory, and terminal identification information registered in a SIM card;
Additionally performing additional encryption and decryption procedures to provide a security function, thereby enabling data sharing between the combined recording media through a plurality of slots; And
A method of driving a recording medium, comprising: processing data with a recording medium by coupling through a USB terminal of an external system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100038320A KR20110118922A (en) | 2010-04-26 | 2010-04-26 | Apparatus and method for driving record media |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100038320A KR20110118922A (en) | 2010-04-26 | 2010-04-26 | Apparatus and method for driving record media |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20110118922A true KR20110118922A (en) | 2011-11-02 |
Family
ID=45390567
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020100038320A KR20110118922A (en) | 2010-04-26 | 2010-04-26 | Apparatus and method for driving record media |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20110118922A (en) |
-
2010
- 2010-04-26 KR KR1020100038320A patent/KR20110118922A/en not_active Application Discontinuation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9813416B2 (en) | Data security system with encryption | |
US7552345B2 (en) | Implementation of storing secret information in data storage reader products | |
US8761403B2 (en) | Method and system of secured data storage and recovery | |
US7406604B2 (en) | Method for protecting a memory card, and a memory card | |
KR100678927B1 (en) | Method and portable storage device for allocating secure area in insecure area | |
US8213612B2 (en) | Secure software download | |
KR100723762B1 (en) | Access method | |
US8161524B2 (en) | Method and portable storage device for allocating secure area in insecure area | |
US20100043078A1 (en) | Secure compact flash | |
JP6622275B2 (en) | Mobile data storage device with access control function | |
WO2012037247A1 (en) | Secure transfer and tracking of data using removable non-volatile memory devices | |
US20090164804A1 (en) | Secured storage device | |
CN110929302B (en) | Data security encryption storage method and storage device | |
JP2008005408A (en) | Recorded data processing apparatus | |
CN101673248B (en) | Storage system, controller and data protection method | |
CN101226507A (en) | Security method and system as well as correlative pairing enciphering system thereof | |
JP2009080772A (en) | Software starting system, software starting method and software starting program | |
US8234501B2 (en) | System and method of controlling access to a device | |
US20140223195A1 (en) | Encrypted Storage Device for Personal Information | |
KR102295470B1 (en) | Secure usb dongle for usb memory without security | |
KR20110118922A (en) | Apparatus and method for driving record media | |
US20080019506A1 (en) | Encryption/Decryption Apparatus, System and Method | |
JP2011108151A (en) | Security adaptor for external storage | |
JP2010079426A (en) | Semiconductor storage device | |
JP2009177368A (en) | Potable electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |