KR20110118922A - Apparatus and method for driving record media - Google Patents

Apparatus and method for driving record media Download PDF

Info

Publication number
KR20110118922A
KR20110118922A KR1020100038320A KR20100038320A KR20110118922A KR 20110118922 A KR20110118922 A KR 20110118922A KR 1020100038320 A KR1020100038320 A KR 1020100038320A KR 20100038320 A KR20100038320 A KR 20100038320A KR 20110118922 A KR20110118922 A KR 20110118922A
Authority
KR
South Korea
Prior art keywords
recording medium
content data
present
user
card
Prior art date
Application number
KR1020100038320A
Other languages
Korean (ko)
Inventor
김희찬
켄 오타
Original Assignee
(주)파인아크코리아
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)파인아크코리아 filed Critical (주)파인아크코리아
Priority to KR1020100038320A priority Critical patent/KR20110118922A/en
Publication of KR20110118922A publication Critical patent/KR20110118922A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

The present invention proposes a recording medium driving apparatus and method for encrypting or decrypting data for a recording medium.
To this end, the password input from the user, the identification information recorded in the flash memory, and the terminal identification information registered in the SIM card are used to allow access to the recording medium with the security function set, and to provide an enhanced security function. In addition to the encryption and decryption procedures, this enables not only data sharing between the combined recording media through a plurality of slots, but also through the USB terminal of an external system to perform data processing with the recording media. .

Figure P1020100038320

Description

Recording medium driving device and method {APPARATUS AND METHOD FOR DRIVING RECORD MEDIA}

The present invention relates to a recording medium driving apparatus and method, and more particularly, to a recording medium driving apparatus and method for encrypting or decrypting data for a recording medium.

Recently, portable information devices having card slots in which recording carriers such as IC cards and memory cards are located have been widely used as multifunctional portable information devices such as cellular phones and PDAs (Personal Digital Assistants) have been developed.

For example, telephone directory data, schedule directory data, and image data taken by a digital camera are recorded in such a record carrier attached to the portable information device. The telephone directory data includes a user's telephone number and mail address, and personal information including the name of a person known by the user and their telephone number, mail address, home address, and the like.

Therefore, even if a record carrier or a portable information device with a record carrier is lost, an appropriate protection mechanism is required to prevent anyone other than the user from accessing such data recorded on the record carrier. As an example the record carrier stores certain invalidation codes as well as personal data. When the cellular phone with the record carrier attached is stolen or lost, the user dials the cellular phone and sends the invalidation code to the cellular phone.

The cellular phone then receives the invalidation code and sends it to the record carrier. The record carrier receives an invalidation code from the cellular phone and determines whether the received invalidation code matches the invalidation code previously stored in the recording carrier. If they match, the record carrier locks the personal data and makes it unavailable. In this way, the data stored on the card is protected.

However, due to the security function for the record carrier, there may occur a case where the right to use the content data recorded on the record carrier is blocked even for a user with normal authority.

Therefore, it will be deemed necessary to provide a user with a normal authority to conveniently use an operation of writing or reading data to a record carrier.

The present invention proposes a recording medium driving apparatus and method for encrypting data and storing the data on the recording medium or decrypting the data recorded on the recording medium.

An apparatus for driving a recording medium according to an embodiment of the present invention allows access to a recording medium having a security function set by utilizing a password input from a user, identification information recorded in a flash memory, and terminal identification information registered in a SIM card. In addition, additional encryption and decryption procedures have been added to provide enhanced security, which not only enables data sharing between the combined recording media through a plurality of slots, but also combines and records them through the USB terminal of an external system. To handle data processing with the media.

In addition, the recording medium driving method according to an embodiment of the present invention, by using a password input from the user, identification information recorded in the flash memory and the terminal identification information registered in the SIM card to allow access to the recording medium is set to the security function In addition, additional encryption and decryption procedures have been added to provide enhanced security, which enables data sharing between the combined recording media through a plurality of slots, as well as through the USB terminal of an external system. It should be able to handle data processing with recording media.

In the present invention, a user having normal authority can conveniently use data of a recording medium that provides a security function. On the other hand various other effects will be disclosed directly or implicitly in the detailed description of the embodiments of the present invention to be described later.

1 is a diagram illustrating an example of an operation of receiving content data in a wireless terminal capable of combining with a recording medium;
2 is a diagram illustrating an example of an operation of transmitting content data in a wireless terminal capable of combining with a recording medium;
3 is a view showing an example of a successful reading of encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium;
4 to 6 show examples of failure to read encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium;
7 is a view showing an example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention;
8 is a view showing another example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention;
9 is a diagram showing the configuration of a recording medium driving apparatus having a plurality of memory slots according to an embodiment of the present invention;
10 is a diagram showing a configuration for enhancing encryption and decryption in a recording medium driving apparatus according to an embodiment of the present invention;
FIG. 11 is a view showing an example of a recording medium driving apparatus when the embodiment of the present invention is applied to an SD card only; FIG.
12 is a diagram illustrating an example in which a recording medium driving apparatus according to an exemplary embodiment of the present invention may be implemented as a separate apparatus instead of being embedded in another system;
13 is a view showing the overall configuration of a recording medium driving apparatus that can be proposed according to an embodiment of the present invention.

In the following description of the present invention, detailed descriptions of well-known functions or configurations will be omitted if it is determined that the detailed description of the present invention may unnecessarily obscure the subject matter of the present invention. Terms to be described later are terms defined in consideration of functions in the present invention, and may be changed according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout this specification.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. Meanwhile, in the drawings for describing the present invention, the same elements will be noted with the same reference numerals and symbols as much as possible even though they are shown in different drawings.

1 illustrates an example of an operation of receiving content data in a wireless terminal capable of combining with a recording medium.

Referring to FIG. 1, content data received through an antenna is encrypted by a password input from an LCD & keyboard by a user and terminal identification information registered in an internal flash memory. The encrypted content data is transferred to and recorded in a recording medium such as an SD memory.

2 shows an example of an operation of transmitting content data in a wireless terminal capable of combining with a recording medium.

Referring to FIG. 2, the encrypted content data recorded on the recording medium is read out by a password inputted by the user from the LCD & keyboard, terminal identification information registered in the internal flash memory, and unique supplemental information of the recording medium. . The decrypted encrypted content data is decoded, and the content data that is successfully decoded is transmitted through an antenna.

3 illustrates an example of a successful reading of encrypted content data from a recording medium in a wireless terminal capable of combining with a recording medium.

The example shown in FIG. 3 is the same as the password input from the user through the LCD & keyboard and the terminal identification information registered in the flash memory are applied to the encrypted content data to be read from the recording medium, and the security information on the recording medium. This is the case when the desired encrypted content data is available due to the accuracy.

4 to 6 illustrate examples of failure to read encrypted content data from a recording medium in a wireless terminal capable of combining with the recording medium.

In FIG. 4, the terminal identification information registered in the flash memory and the security information of the recording medium are correct. However, as a wrong password is input from the user through the LCD & keyboard, it fails to read the desired encrypted content data from the recording medium. have.

In FIG. 5, when the correct password is input from the user through the LCD & keyboard and the security information of the recording medium is correct, but the terminal identification information registered in the flash memory is incorrect, the desired encrypted content data cannot be read from the recording medium. Is showing.

In FIG. 5, when the correct password is input from the user through the LCD & keyboard and the terminal identification information registered in the flash memory is correct, but the security information of the recording medium is incorrect, reading of the desired encrypted content data from the recording medium fails. Is showing.

7 shows an example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention.

Referring to FIG. 7, a configuration capable of selecting at least one of a terminal ID (Serial Number), a Phone No (SIM Card), and a password as a binding ID has been added. In this case, if Terminal ID (Serial Number) is selected, only the designated terminal can use the content data recorded on the recording medium. If Phone No (SIM Card) is selected, the content data recorded on the recording medium fixed to the telephone number (SIM Card) can be used. If a password is selected, the content data recorded on the recording medium can be used by the password inputted from the user through the user interface even without the terminal and the telephone number information. At this time, the data recorded on the recording medium is encrypted content data.

Of course, the above-described operation can be equally applied to encrypt the content data provided from the outside and to record it on the recording medium. On the other hand, in order to encrypt the content data to be recorded on the recording medium or to read and decrypt the encrypted content data from the recording medium, a separate password is input from the user through the user interface.

8 shows another example of an authentication scheme proposed for allowing access to a recording medium in the recording medium driving apparatus according to an embodiment of the present invention.

Referring to FIG. 8, the terminal ID (Serial Number) and Phone No (SIM Card) information is bound by the combined information, or bound by the second password inputted from the user through the user interface. It proposes a configuration that can be selected.

For example, when the terminal ID (Serial Number) and Phone No (SIM Card) information are combined and bound, the encrypted content of the recording medium can be used only when a specific terminal and a specific SIM card are included in the specific terminal. It is possible to use the data. Of course, content data may be encrypted and recorded on a recording medium only when a specific terminal and a specific SIM card are included in the specific terminal. On the other hand, in order to encrypt the content data to be recorded on the recording medium or to read and decrypt the encrypted content data from the recording medium, a separate password is input from the user through the user interface.

9 is a block diagram of a recording medium driving apparatus including a plurality of memory slots according to an exemplary embodiment of the present invention.

Referring to FIG. 9, an interface corresponding to two SD CPRMs may be added to the security processor, and the encrypted content data may be read from the master SD card and safely copied to another SD card. To this end, decryption of the encrypted content data read from the master SD card should be performed, and the decrypted content data is encrypted again and recorded on the other SD card. In this case, the decryption of the encrypted content data and the encryption of the decrypted content data should be made according to the security procedure proposed by the present invention. In addition, the contents data decrypted by the Security Processor are not visible at all.

Meanwhile, the password input by the user through the user interface may be set to different passwords for the master SD card and the slave SD card. In FIG. 6, only two SD CPRM interfaces are assumed, but more than one SD CPRM interface may be provided.

10 illustrates a configuration for enhancing encryption and decryption in a recording medium driving apparatus according to an embodiment of the present invention. 10 illustrates a structure of a recording medium for increasing the strength of encryption and decryption of CPRM.

Referring to FIG. 10, the SD CPRM standard defines encryption using a 56-bit long key. But with that much encryption, there is a concern that a strong cryptographic environment can be decrypted. Therefore, a stronger combination of encryption algorithms is required.

Therefore, CPRM-encrypted data is re-encrypted with a stronger encryption algorithm later, using a longer encryption key. At this time, the best encryption may be a method of re-encrypting the title key encrypted with CPRM in addition to the content data. However, if the two-step encryption algorithm is a strong method, it may be applied in an undesired manner. Currently, AES is a representative and strong encryption algorithm.

And you can think that 128 bits is enough for the key length for encryption. But even more powerfully, you can use encryption keys that are 256 bits long.

The encryption key for the two-stage encryption algorithm added in the present invention may be stored in a dedicated memory in the Security Processor, or a password depending on the card media ID generated by the CPRM authentication function may be used. In addition, the method of generating a 128-bit (or 256-bit) encryption key is not limited.

FIG. 11 shows an example of a recording medium driving apparatus when an embodiment of the present invention is applied to an SD card. 11 illustrates a structure in which a non-volatile memory (EEPROM or Flash memory) is mounted inside the Security Processor to encrypt and store an SD card media ID (either Media Dependent Key 1 or 2). have.

Referring to FIG. 11, when authenticating with an SD card, control is performed so that encrypted content data can be read or written only when a card having one or more media IDs registered in the non-volatile memory is connected to the device.

Therefore, it is possible to restrict the SD card media registered in the non-volatile memory to the device. In addition, it is advantageous in terms of safety to maintain the non-volatile memory (Media ID NV Memory) inside the Security Processor. However, physically outside the Security Processor is no problem for the implementation.

According to an embodiment of the present invention, an encryption key and a media ID key used to encrypt and store a media ID in a nonvolatile memory are stored in a nonvolatile memory (mask ROM, EEPROM, etc.). At this time, it does not matter to implement the Media ID NV Memory or Media ID Key Memory by using a separate storage means. In addition, it can be implemented by a common storage means (memory).

12 shows an example in which the recording medium driving apparatus according to the embodiment of the present invention can be implemented as a separate apparatus rather than being embedded in another system.

Referring to FIG. 12, a USB interface is installed inside the Security Processor, so that content data desired to be securely stored on an SD card can be transmitted from a general PC environment via a USB interface.

In this case, the general PC environment refers to an environment in which Mass Storage Class Driver and Explorer, which are installed as standard in a general operating system (OS), can be used without installing a special application or driver. That is, in the past, it was necessary to install a special application or driver compatible with CPRM on a PC, connect a special SD Card Reader / Writer compatible with CPRM through the USB port, and access the SD card (encrypted with CPRM). However, in the present invention, when accessing an encrypted file in an SD card connected to a portable device from a PC, the portable device designates a password (title key) using the user interface. In addition, the Binding ID switch function described above can be used effectively.

13 shows the overall configuration of a recording medium driving apparatus that can be proposed according to an embodiment of the present invention. That is, FIG. 13 includes a file system, a file path analyzer, and an SD / USB driver, which were not shown in the above description.

In this case, the file system may exist inside the security processor or may exist in a higher host microcomputer or a base band processor. However, the file system is an essential component of the system configuration of the present invention.

As a representative example of the file system, FAT16 / FAT32 / exFAT may be employed, and a file system suitable for this method is required for the present invention. If the file system does not exist, it is impossible to access any data recorded on the SD card.

In addition, when accessing a file in a specific folder existing in the SD card, a password is required to enter or a file in a specific folder is encrypted. The file system is also necessary for the determination.

File Path Analyzer, on the other hand, is not normally required when connecting to a Mass Storage Class (MSC) with a PC via a USB interface. However, if you want to encrypt a file in some specified folder, determine which path in the file structure the sector or cluster currently being accessed from your PC belongs to and determine which cluster or sector is in use by a file or directory belonging to a path in a specific folder. In this case, access to the PC is denied or a screen for requesting a password input is displayed on the UI (liquid crystal screen, etc.) of the portable terminal to prompt the user to receive a password. At this time, the File Path Analyzer determines whether the file requires a password or whether a password is not required. That is, this function is necessary when connecting to MSC of USB with encryption or password protection in a specific folder.

In addition, SD / USB Driver is a software layer required to control the hardware of SD card and USB. At this time, the hardware of the SD / USB and the SD / USB Driver are integrated, and are realized as the SD card connection means and the USB connection means. Therefore, embodiments of the present invention do not describe hardware and software separately. However, it is natural to have a hardware and software configuration in an embodiment of the present invention.

The method of dividing the SD / USB driver into hardware and software is not the only example. That is only one embodiment to the last.

Referring to FIG. 13, a major feature of the embodiment of the present invention is that encryption / decryption is performed between the file system and the SD card driver layer. In this part, the information to be handled is not converted in units of files but in units of clusters (or sectors). By encrypting / decrypting here, encryption and decryption can be supported even when connecting to a USB MSC.

Meanwhile, in the detailed description of the present invention, specific embodiments have been described, but various modifications are possible without departing from the scope of the present invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be defined not only by the appended claims, but also by the equivalents of the claims.

Claims (1)

In the method for driving a recording medium,
Allowing access to a recording medium having a security function set using a password input from a user, identification information recorded in a flash memory, and terminal identification information registered in a SIM card;
Additionally performing additional encryption and decryption procedures to provide a security function, thereby enabling data sharing between the combined recording media through a plurality of slots; And
A method of driving a recording medium, comprising: processing data with a recording medium by coupling through a USB terminal of an external system.
KR1020100038320A 2010-04-26 2010-04-26 Apparatus and method for driving record media KR20110118922A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020100038320A KR20110118922A (en) 2010-04-26 2010-04-26 Apparatus and method for driving record media

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020100038320A KR20110118922A (en) 2010-04-26 2010-04-26 Apparatus and method for driving record media

Publications (1)

Publication Number Publication Date
KR20110118922A true KR20110118922A (en) 2011-11-02

Family

ID=45390567

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020100038320A KR20110118922A (en) 2010-04-26 2010-04-26 Apparatus and method for driving record media

Country Status (1)

Country Link
KR (1) KR20110118922A (en)

Similar Documents

Publication Publication Date Title
US9813416B2 (en) Data security system with encryption
US7552345B2 (en) Implementation of storing secret information in data storage reader products
US8761403B2 (en) Method and system of secured data storage and recovery
US7406604B2 (en) Method for protecting a memory card, and a memory card
KR100678927B1 (en) Method and portable storage device for allocating secure area in insecure area
US8213612B2 (en) Secure software download
KR100723762B1 (en) Access method
US8161524B2 (en) Method and portable storage device for allocating secure area in insecure area
US20100043078A1 (en) Secure compact flash
JP6622275B2 (en) Mobile data storage device with access control function
WO2012037247A1 (en) Secure transfer and tracking of data using removable non-volatile memory devices
US20090164804A1 (en) Secured storage device
CN110929302B (en) Data security encryption storage method and storage device
JP2008005408A (en) Recorded data processing apparatus
CN101673248B (en) Storage system, controller and data protection method
CN101226507A (en) Security method and system as well as correlative pairing enciphering system thereof
JP2009080772A (en) Software starting system, software starting method and software starting program
US8234501B2 (en) System and method of controlling access to a device
US20140223195A1 (en) Encrypted Storage Device for Personal Information
KR102295470B1 (en) Secure usb dongle for usb memory without security
KR20110118922A (en) Apparatus and method for driving record media
US20080019506A1 (en) Encryption/Decryption Apparatus, System and Method
JP2011108151A (en) Security adaptor for external storage
JP2010079426A (en) Semiconductor storage device
JP2009177368A (en) Potable electronic device

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination