WO2002073872A1 - Appareil de stockage de donnees - Google Patents
Appareil de stockage de donnees Download PDFInfo
- Publication number
- WO2002073872A1 WO2002073872A1 PCT/JP2002/002169 JP0202169W WO02073872A1 WO 2002073872 A1 WO2002073872 A1 WO 2002073872A1 JP 0202169 W JP0202169 W JP 0202169W WO 02073872 A1 WO02073872 A1 WO 02073872A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption key
- key
- encryption
- data
- storage device
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Definitions
- the present invention relates to a data storage device for storing data.
- an “encrypted R ⁇ M device” ′ having a ROM for storing data and a volatile memory or a volatile register into which an encryption key is written.
- the encryption key is written in a volatile memory or a volatile register, and the data is encrypted with the encryption key and stored in the OM.
- an encryption key is written into a volatile memory or a volatile register, and the data in the ROM is decrypted with the decryption key.
- the data is easily taken out to an outsider while the data that can be easily analyzed is stored in the ROM. If the stored contents are analyzed by using the encryption key, there is a possibility that the lost encryption key is guessed. If the ⁇ number ⁇ is known to an unrelated person, there is a risk that the data stored in the encrypted ROM device will be decrypted one after another. This danger extends not only to other data stored in the analyzed ROM, but also to data stored in the encrypted ROM device in the future.
- An object of the present invention is to provide a data storage device that can prevent an unrelated person from determining the storage data of a nonvolatile storage medium in a chained manner.
- Another object of the present invention is to store data stored in a non-volatile storage medium, which is no longer necessary, without reducing the efficiency of data input / output.
- An object of the present invention is to provide a data storage device which can make it difficult for a person in charge to read.
- a data storage device (encryption storage device) of the present invention is a data storage device including a storage data nonvolatile storage unit for storing data.
- a random number generation unit that generates and uses the pseudo-random number for each of the above-mentioned timings as an encryption key;
- a key storage unit that stores the encryption key generated by the random number generation unit; Is given, the input unit is encrypted with the encryption key and stored in the nonvolatile storage unit as encrypted data.
- a decryption unit that decrypts the encrypted data stored in the nonvolatile storage unit using the encryption key and reads the encrypted data;
- the latest encryption key information corresponding to the encryption key is returned, and an instruction for encrypting the input data and, when the encryption key information is input, the ⁇ key corresponding to the encryption key information Is read from the key storage unit and given to the encryption unit.
- the encryption key corresponding to the encryption key information is read from the key storage unit.
- a key management unit that reads out and provides the key to the decryption unit.
- the random number generation unit generates a pseudo random number at a predetermined timing, uses the pseudo random number at each evening as an encryption key, and stores the encryption key in the key storage unit.
- the key management unit returns encryption key information corresponding to the latest key to the user when the user requests allocation of the encryption key from outside.
- User inputs data encryption instruction and encryption key information
- an encryption key corresponding to the encryption key information is read from the key storage unit and given to the encryption unit.
- the encryption unit encrypts the input data with a given encryption key and stores the encrypted data in a nonvolatile storage unit, that is, a nonvolatile storage medium as encrypted data.
- the key management unit reads the encryption key corresponding to the encryption key information from the key storage unit and gives it to the decryption unit.
- the decryption unit decrypts the encrypted data stored in the non-volatile storage unit using the encryption key and reads out the same when the same encryption key as that at the time of encryption is given.
- the pseudorandom number is used as the encryption key, the rate at which the same encryption key is generated when a plurality of encryption keys are generated is extremely low. Therefore, by assigning the latest generated encryption key to the user, a plurality of encryption keys assigned through different generation timings of pseudorandom numbers can be made different with high probability. As a result, data can be easily encrypted and decrypted using various encryption keys, and a plurality of encrypted data with different encryption keys can be stored in the nonvolatile storage unit. .
- the link storage unit is volatile during storage, if the data is analyzed by being taken out or the like, the power is normally shut off and the encryption key stored in the key storage unit disappears.
- the encrypted data stored in the non-volatile storage unit is analyzed, it is assumed that even if encrypted data that can be easily analyzed accidentally exists and the encryption key of the encrypted data is estimated, An encryption key cannot decrypt encrypted data that was encrypted with another different encryption key. Also, even if the encryption key for the encrypted data stored in the non-volatile storage unit is guessed, this non-volatile storage unit will be used in the future. Since a pseudo-random number is used for the encryption key of the encrypted data stored in, the probability that it differs from the estimated one is very high. Therefore, the encrypted data is hardly discriminated by anyone other than the user.
- FIG. 1 is a block diagram showing a configuration of a data storage device according to one embodiment of the present invention.
- FIG. 3 is an explanatory diagram illustrating an example of the structure of an allocation frame used in the data storage device of FIG.
- FIG. 4 is a flowchart showing a key assignment procedure when the allocation frame of FIG. 3 is used.
- FIG. 5 is a flowchart showing a key release procedure when the allocation frame of FIG. 3 is used.
- FIG. 6 is an explanatory diagram illustrating another example of the structure of the allocation frame used in the data storage device of FIG.
- FIG. 7 is a flowchart showing a key assignment procedure when the allocation frame of FIG. 6 is used.
- FIG. 8 is a block diagram showing a configuration of a data storage device according to another embodiment of the present invention. .
- FIG. 9 is an explanatory diagram illustrating a structural example of an allocation frame used in the data storage device of FIG.
- FIG. 10 is a flowchart showing a key assignment procedure in the case where the allocation frame of FIG. 9 is used.
- FIG. 11 is a flowchart showing a key update procedure in the case where the allocation frame of FIG. 9 is used.
- FIG. 12 is an explanatory diagram illustrating another example of the structure of the allocation frame used in the data storage device of FIG.
- FIG. 13 is a flowchart showing a procedure for forcibly releasing a key when the allocation frame of FIG. 12 is used.
- FIG. 14 is a block diagram showing a configuration of a modification of the data storage device according to another embodiment of the present invention.
- FIG. 15 is a flowchart showing the procedure of reading and writing data when the data storage device of FIG. 14 is used.
- FIG. 1 shows a configuration of an encrypted storage device 1 as a data storage device according to the present embodiment.
- the encryption storage device 1 includes a nonvolatile storage unit 2, a random number generation unit 3, a key storage unit 4, an encryption unit 5, a decryption unit 6, and a key management unit 7.
- Non-volatile storage unit (non-volatile storage means) 2 is a non-volatile storage medium for storage data such as a hard disk or ROM.
- the non-volatile storage unit 2 stores encrypted data that is encrypted data.
- the random number generation unit (# key generation means) 3 generates a pseudo random number at a predetermined timing, and sets the pseudo random number generated at each timing as an encryption key c.
- the key storage unit (encryption key storage means) 4 is a storage medium such as a RAM that stores stored data and is volatile.
- the key storage unit 4 stores the encryption key c generated by the random number generation unit 3 under the management of the key management unit 7.
- the encryption unit (encryption means) 5 When the encryption unit (encryption means) 5 receives the encryption key c from the key management unit 7, the encryption unit 5 converts the data d1 input from outside the encryption storage device 1 by the given encryption key c. The data is encrypted and stored in the nonvolatile storage unit 2 as encrypted data d 2.
- the decryption unit (decryption means) 6 sends the encryption When the same encryption key c is given, the encrypted data d 2 stored in the non-volatile storage unit 2 is decrypted and read using the given encryption key c, and encrypted as decrypted data d 3 Output to the outside of storage device 1.
- FIGS. 2A and 2B show configuration examples of the encryption unit 5 and the decryption unit 6.
- FIG. 2A shows an exclusive OR of the data d 1 input from outside the encryption storage device 1 and the encryption key c by the EX-OR gate 8 to obtain the encrypted data.
- the configuration of the encryption unit 5 that generates d2 and the exclusive OR of the encrypted data d2 in the non-volatile storage unit 2 and the encryption key c with the EX-OR gate 8 for decryption This is the configuration of the decoding unit 6 that generates the data d3.
- the figure (b) shows a configuration of the figure (a), in which the cryptographic key c is used as a trigger to generate a pseudorandom number e, and this pseudorandom number e is input to the EX- ⁇ R 'gate 8 9 is added, and an EX- ⁇ R gate 8 performs an exclusive OR operation on the pseudorandom number e and the data d 1 to generate encrypted data d 2.
- the encryption key randomizer 9 always outputs the same pseudorandom number e when the same encryption key c is input. In the configuration of (b), even if the encryption key c is a simple numerical sequence, it is replaced with a complex numerical sequence by randomizing it, and the ⁇ key c is analyzed by analyzing the encrypted data d 2. Are not easily guessed
- the key management unit (encryption key management means) 7 manages the generation, transfer, and selection of the encryption key c.
- the key management unit 7 is used by the user of the encryption storage device 1 from outside the encryption storage device 1.
- an assignment request signal a 1 indicating a request for assignment of the encryption key c is input through the computer.
- a generation request signal b indicating a request to generate the encryption key c is output to the random number generation unit 3.
- a key number (encryption key information) corresponding to the newly generated ⁇ @ ⁇ c, that is, the latest encryption key c Return a2 to the user (computer).
- the key storage unit 4 stores several encryption keys c generated and generated by the random number generation unit 3 in the past, but the key number a 2 is different for each encryption key c.
- the key management unit 7 is configured to receive an encryption instruction signal a3 indicating an encryption instruction and a decryption instruction signal a4 indicating a decryption instruction.
- the user inputs the encryption instruction signal a 3 and the key number a 2 to the key management unit 7 via a computer when encrypting the data d 1 and storing it in the nonvolatile storage unit 2.
- the key management unit 7 reads out the encryption key c corresponding to the key number a 2 from the key storage unit 4 based on the input and provides the encryption key c to the encryption unit 5.
- the user when the user decrypts the encrypted data d2 in the nonvolatile storage unit 2 and tries to read out the decrypted data d3, the user transmits the decryption instruction signal a4 and the key number a2 to the computer. Input to the key management unit 7 via.
- the key management unit 7 reads out the encryption key c corresponding to the key number a 2 from the key storage unit 4 based on the input, and gives it to the decryption unit 6. Further, the key management unit 7 receives a key release signal a5 indicating an instruction to invalidate the encryption key c to which the user has been assigned.
- the key management unit 7 assigns the content of the encryption key c to the user.
- the hit frame is recognized and stored in the key storage unit 4.
- Figure 3 shows an example of the structure of the allocation frame. An allocation frame is provided corresponding to each of N + 1 multiple key numbers a2 from 0 to N, and one symbol key c corresponds to each allocation frame. In addition, it is also possible to make one allocation frame. Then, the encryption keys c ... are stored in the key storage unit 4 with the upper limit of N + 1 being the total number of allocation slots. The key management unit 7 sets the in-use flag “1” in the allocation frame of the encryption key c that has already been allocated to the user and is currently valid.
- the key management unit 7 assigns unused allocation frames to the allocation frame of the encryption key c which has been allocated to the user but is currently invalid, and the allocation frame which has not yet allocated the encryption key c to the user. Set the flag "0" indicating that Further, when the key management unit 7 invalidates the symbol key c based on the above-mentioned key release signal a5 for the allocation frame in which the in-use flag “1” is set, the key of the allocation frame is set to “ Change it to 0 ".
- the procedure of assigning the encryption key c (referred to as “key assignment”) in the state where the assignment frame of FIG. 3 is provided will be described with reference to the flowchart of FIG.
- the SIT key management unit 7 searches for an unused allocation frame. If there is an unused allocation frame in S2, the process proceeds to S3, and if not, the process proceeds to S8 to return an error notification to the user side (computer) and end the process.
- the key management unit 7 outputs a generation request signal b to the random number generation unit 3 and causes the random number generation unit 3 to generate the encryption key c.
- the key management unit 7 calculates the value of the latest pseudo-random number as the encryption key c generated by the random number generation unit 3 into the pseudo-random number as the encryption key c already stored in the key storage unit 4. Compare with value. It is invalid at this time.
- the key c is also a comparison target. If there is no key c that has already been stored in the key storage unit 4 that matches the latest encryption key c, the process proceeds to S5, and if there is a match, the process returns to S3 to generate a random number. Cause part 3 to regenerate encryption key c.
- the key management unit 7 generates the latest encryption key c in the random number generation unit 3 until there is no longer any encryption key c already stored in the key storage unit 4 that matches the latest encryption key c. Let it fix.
- the matching latest encryption key c is not stored in the key storage unit 4 and is automatically excluded from the assignment to the user. .
- the key management unit 7 sets the latest encryption key c and stores it in the key storage unit 4. Then, in S6, the latest encryption key c is set as one of the key keys c in the unused allocation frame, and the flag of the allocation frame is changed from “0” to “1”. In S7, the key number a2 corresponding to the encryption key c is returned to the user, and the process ends.
- the above is the key assignment procedure.
- the pseudo-random number is used as the encryption key c, so that when a plurality of symbol keys c ... are generated, the probability of occurrence of in the same encryption key becomes extremely small. . Therefore, by assigning the generated latest encryption key C to the user, it is possible to make the plurality of encryption keys C assigned through different generation timings of pseudorandom numbers different with high probability. You. This makes it possible to easily perform 'one-time encryption and decryption using various encryption keys c,' and store in the nonvolatile storage unit 2 a plurality of encrypted data with different symbol keys c. d 2 can be stored.
- the key management unit 7 determines that the latest encryption key c generated by the random number generation unit 3 is the same as the encryption key c already stored in the key storage unit 4. If there is a match, the random number generating unit 3 regenerates the latest encryption key c until it no longer matches, and the matching encryption key c is not assigned to the user.
- the key management unit 7 transmits the allocation request signal a As shown in the case where the generation request signal and signal b are output when 1 is input and the random number generation unit 3 generates a new symbol key c, a plurality of By assigning the encryption keys c ... to the users, it is possible to ensure that each of the ⁇ symbol keys c ... is different from each other.
- the key storage unit 4 is volatile after storage, if the data is analyzed such as when the encrypted storage device 1 is taken out, the power is normally shut off and the key storage unit 4 stores the data.
- the cryptographic key c (or c ') that has been erased disappears. In this state, if the encrypted data d 2 stored in the non-volatile storage unit 2 is analyzed, the encrypted data d 2 that can be easily analyzed accidentally exists and the encryption key of the encrypted data d 2 is obtained. Even if c is guessed, the guessed encryption key c cannot decrypt the encrypted data d 2 encrypted with another different encryption key c.
- the encryption key c for the encrypted data d 2 in the non-volatile storage unit 2 taken out is estimated, the encryption key c of the encrypted data d 2 stored in the non-volatile storage unit 2 will be Uses pseudo-random numbers Is very likely to be different from what was guessed. Therefore, the encrypted data d2 is hardly discriminated by anyone other than the user.
- the encryption storage device 1 is a data storage device that can prevent an unrelated person from determining the storage data of the nonvolatile storage medium in a chained manner.
- the encrypted storage device 1 can store data stored in a non-volatile storage medium that is no longer required to be read out by an unrelated person without reducing the efficiency of data input / output.
- the random number generation unit 3 receives from the key management unit 7 a generation request signal b that directly reflects a request for generation of the encryption key c from the outside, and determines the generation request at a predetermined time. Generate an encryption key c as a mine. As described above, when it is desired to generate the encryption key c, the random number generation unit 3 generates the encryption key c. Therefore, the symbol key c (or%) that has already been generated and stored in the key storage unit 4 is A different key code c can be easily obtained. Further, generation of a useless encryption key C that is not used can be avoided.
- the key management unit 7 outputs the generation request signal b to the random number generation unit 3 when the allocation request signal a1 is input, and Request is generated.
- the random number generating unit 3 generates the encryption key c at the time of the allocation request for the encryption key c, so that a different encryption key c can be easily obtained for each allocation request. Therefore, it is possible to make it difficult for another user to determine the data, and to prevent data that is not read by the same user from being read. Also, there is no need to separately issue a request for generating the encryption key c.
- the key storage unit 4 stores a plurality of symbol keys c. Therefore, since each of the encryption keys c ... can be used for encrypting and decrypting different data, different encryption keys c can be assigned to different users during the same period, or different data can be processed for the same user. For example, different encryption keys c can be assigned to each other. Therefore, the number of times the nonvolatile storage unit 2 can be used in the state where the security of each data is secured during the same period increases, and the efficiency of data encryption and decryption can be improved.
- the key management unit 7 receives an instruction to invalidate the encryption key c from outside, such as the key release signal a5, in combination with the key number a2 corresponding to the encryption key c.
- the key release signal a5 an instruction to invalidate the encryption key c from outside
- the above-mentioned key key c is not given to the encryption unit 5 and the decryption unit 6. Therefore, when the encryption key c is no longer used, the encryption key c can be disabled for data encryption / decryption at any time, and the data may be read out carelessly. Can be reduced as much as possible.
- the key number a2 assigned to the user may be a pseudo-random number.
- the random number generation unit 3 in the encryption storage device 1 also functions as an encryption key information generation unit that generates a pseudo random number as a key number a 2.
- Can be Figure 6 shows an example of the structure of the allocation frame when the key number a2 is a pseudo-random number. Since the key number a2 is a pseudo-random number, a number from 0 to N is assigned to the allocation frame itself.
- the key number a 2 is given to the user as a pseudo-random number, so it is assumed that the key number a 2 given in the past is still being used and the key number a 2 It is possible to prevent unauthorized encryption and decryption of data using 2.
- the procedure of assigning an encryption key c (called “key assignment”) when the key number a 2 is a pseudo-random number will be described with reference to the flowchart of FIG.
- the key management unit 7 searches for an unused allocation frame in S21. If there is an unused allocation frame in S22, go to S23, otherwise. Go to S30, return an error notification to the user (computer) and end the process. .
- the key management unit 7 outputs a generation request signal b to the random number generation unit 3 and causes the random number generation unit 3 to generate a pseudo random number for the key number a2 and a pseudo random number for the encryption key c.
- the process enters the “encryption key frame loop”, and in S 24, the key management unit 7 writes the value of the pseudorandom number as the key number a 2 generated by the random number generation unit 3 into the key storage unit 4 and It is compared with a value of a pseudo random number as a key number a 2 (or a 2-%) Already stored in a storage unit for a key number a 2 (not shown). If the comparison target is not desired to be erased by turning off the power of the encryption storage device 1, a non-volatile storage medium may be provided somewhere as storage means for the key number a2.
- the process proceeds to S 25, and if there is a match, Return to S2 3 and regenerate key number a 2 in random number generator 3.
- the key management unit 7 compares the latest encryption key c generated by the random number generation unit 3 with the encryption key c (or c ⁇ ⁇ ) already stored in the key storage unit 4. Then, if there is no encryption key c (or c "') already stored in the key storage unit 4 that matches the latest encryption key c, the processing exits the" encryption key frame loop ".
- the process returns to S23 to cause the random number generation unit 3 to regenerate the encryption key c.
- the invalid encryption key c is also compared.
- the key management unit 7 does not store the matching latest encryption key c in the key storage unit 4 and automatically excludes the key from the user.
- the key management unit 7 sets and stores the key number a2, and in S27, the key management unit 7 sets the latest encryption key c and stores it in the key storage unit 4. Then, in S 28, the key management unit 7 sets the key number a 2 and the latest encryption key c as any one of the key numbers a 2 and the encryption keys c of the unused allocation frames, and sets the flag of the allocation frame to “0”. "To" 1 ". In S29, the key management unit returns the set key number a2 to the user, and the process ends. The above is the key assignment procedure.
- FIG. 8 Another embodiment that embodies the data storage device of the present invention will be described below with reference to FIG. 8 or FIG. Components having the same functions as the components described in the first embodiment are denoted by the same reference numerals, and description thereof will be omitted.
- FIG. 8 shows a configuration of an encrypted storage device 11 as a data storage device according to the present embodiment.
- the encrypted storage device 11 has a configuration in which a timer 12 is added to the encrypted storage device 1 described in the first embodiment.
- Timer 1 2 A signal: f is generated at regular time intervals and input to the key management unit 7.
- the key management unit 7 inputs the generation request signal b to the random number generation unit 3, and the random number generation unit 3 encrypts the input of the generation request signal b as the predetermined evening.
- Generate key c In other words, the predetermined timing of the random number generation unit 3 is linked to the generation of the signal f of the image 11.
- FIG. 9 shows an example of the structure of an allocation frame in a configuration including such a timer 12.
- the key number a 2 has a number from 0 to N, and accordingly, the same number of allocation slots exists, and one key c corresponds to each.
- the key management unit 7 applies the encryption key c sequentially to different allocation frames every time the image f 1 generates the signal f.
- the same key c becomes the latest encryption key c until the next signal ⁇ is generated, and the key management unit 7 corresponds to the latest key c.
- the key number a2 to be used is recognized as the current key number a2.
- the assignment of the encryption key c (referred to as “key assignment”) will be described with reference to the flowchart of FIG.
- An assignment request signal a 1 is input from the user side (computer) to the key management unit 7.
- the key management unit 7 returns (notifies) the current key number a2 to the user side (computer).
- the key management unit 7 updates the current key number a 2 in order, and when the assigned frame goes around, the key management unit 7 updates the encryption ⁇ c of the first assigned frame to the latest encryption key c at the next update. Each time, the allocation frame of the current key number a2 is continuously changed.
- the key management unit 7 calculates the next current key number a 2 in S 51.
- the key management unit 7 It is determined whether or not the calculated key number a2 is used for encryption or decryption at that time, and if not used, the process proceeds to S55 to encrypt or decrypt. If the key number a2 used in S54 has been used, the process proceeds to S53 and the error notification is sent to the user (computer). Proceed to.
- the key management unit 7 inputs the generation request signal b to the random number generation unit 3 to generate the No. key c.
- the key management unit 7 In S56, the key management unit 7 generates a pseudorandom number value as the latest key c generated by the random number generation unit 3 and the encryption key c (or c "') already stored in the key storage unit 4. )), And if there is no key that matches the latest encryption key c generated in the encryption key c (or C "') already stored in the key storage unit 4. For example, the process proceeds to S57, and if there is a match, the process returns to S55 to cause the random number generation unit 3 to regenerate the symbol key c. Then, the key management unit 7 sets the latest encryption key c in S57 and stores it in the key storage unit 4, updates the current key number a2 in S58, and sets a predetermined time in S59. That is, wait until the next signal f is input from the timer 1-12. When the next signal ⁇ is input, the flow returns to S51. The above is the procedure of key update.
- the random number generation unit 3 can generate the encryption key c one after another even if left unattended. Need not be intentionally given by the user.
- the encryption key corresponding to the key number a 2 may not be provided to the encryption unit 5 and the decryption unit 6. In this way, from the assignment Since the encryption key c becomes unusable after a lapse of time, the same encryption key c can be prevented from being occupied by the user for a long time. In addition, since the encryption key c cannot be used without giving an instruction to disable the encryption key c from the user, the possibility that the encrypted data d 2 is read out from the nonvolatile storage unit 2 automatically is automatically determined. It can be made as small as possible.
- a clock is provided in the encryption storage device 11 and the date and time of the assignment of the key number a2 (the assignment of the encryption key c) is stored. This can be realized by the key management unit ⁇ invalidating the corresponding encryption key c in the allocation frame when a predetermined time has elapsed from the specified date and time.
- Such a configuration can be applied to the encrypted storage device 1 described in the first embodiment and the encrypted storage device 21 described later.
- Fig. 12 shows an example of the structure of the allocation frame in the case of the configuration provided with the above clock.
- the date and time of allocation of encryption key c (year and month if necessary) are stored as information indicating the date and time when key number a2 was used. Is done.
- the information on the use start date and time is deleted by the key management unit 7 and changed to the flag "0" in the allocation frame of the key number a2 after the lapse of a predetermined time from the use start date and time.
- FIG. 13 is a flowchart showing the procedure for invalidating the encryption key c (referred to as “key compulsory release”) when the allocation frame shown in FIG. 12 is used.
- the process enters the “encryption key frame loop”, and in 'S61, the key management unit 7 determines whether or not a predetermined time has elapsed since the assignment of the key number a2 (the allocation of the encryption key c). If so, proceed to S62. If it has not passed, go through the "No. ⁇ key frame loop" and proceed to S66.
- the key management unit 7 determines whether the key number a2 (encryption key c) for which the predetermined time has elapsed is used for encryption or decryption at that time.
- S65 it proceeds to S65 if it is not used for encryption or decryption. On the other hand, if it is used for encryption or decryption, an error notification is sent to the user '(computer) in S63, and the key number a 2 ( ⁇ key c) used in S64 is used. Wait until is completed and proceed to S65. In S65, the key management unit 7 changes (resets) the information of the use start date and time of the allocation frame of the corresponding key number a2 to the flag "0". Thus, the process exits from the “encryption key frame loop”, waits for the predetermined time to elapse in S66, and returns to S61. The above is the order of the key release.
- FIG. 14 shows a configuration of an encrypted storage device (data storage device) 21 which is a modified example of the encrypted storage device 11.
- the encrypted storage device 21 has a configuration in which selectors 22 and 23 are added to the encrypted storage device 11.
- the selector 22 is provided between the input side of the data d 1 of the encryption storage device 21 and the encryption unit 5 and the decryption unit 6.
- the selector 23 is provided between the encryption unit 5 and the decryption unit 6 and the nonvolatile storage unit 2.
- an encryption necessity signal g indicating the necessity of encryption
- a decryption necessity signal h indicating the necessity of decryption
- an encryption necessity signal g indicating that encryption is required is input to selectors 22-23, and selector 22 is input to encryption storage device 21.
- the path is switched so that the encrypted data d 1 is input to the encryption unit 5, and the selector 23 changes the encryption data d 2 output from the encryption unit 5 to the non-volatile storage unit 2.
- Switch routes.
- decoding data d 2 a decoding necessity signal h indicating that decoding is requested is input to the selectors 2 2 and 2 3, and the selector 23 stores the data in the non-volatile memory.
- the path is switched so that the encrypted data d2 output from the unit 2 is input to the decryption unit 6, and the selector 22 switches the decrypted data d3 output from the decryption unit 6 from the encryption storage device 21. Switch the route so that it is output to the user (computer).
- the encryption necessity signal g indicating that encryption is not requested to the selectors 22 and 23 is stored in the nonvolatile storage unit 2 when the data is stored in the nonvolatile storage unit 2.
- the selectors 22 and 23 switch the path so that the data d 1 is passed from the selector 22 directly to the selector 23 and input to the nonvolatile storage unit 2.
- a decryption necessity signal h indicating that decryption is not required is input to the selectors 22 and 23, and the selector 22 is selected.
- -23 switches the path so that the data d1 is passed directly from the selector 23 to the selector 22 and output from the encrypted storage device 21 to the user side (computer).
- the key management unit 7 determines whether data read / write processing is in progress. If data read / write processing is not in progress, the process proceeds to S72. On the other hand, if the data read / write processing is being performed, the flow advances to S79 to notify the user of the busy state and terminate the processing. In S72, the key management unit 7 determines whether to encrypt or decrypt the data, and proceeds to S73 when encrypting or decrypting the data.
- step S77 in which an encryption necessity signal g indicating that encryption is not required, or decryption indicating that decryption is not required.
- the necessity signal h is input to the selectors 22 and 23 to Switch the route so that it is directly connected to Lek evening 23 and proceed to S78.
- the key management unit 7 receives the key number a2 from the user side (computer), and in S74, the key management unit 7 searches for and reads out the corresponding encryption key c from the key storage unit 4. In S75, the key management unit 7 gives (sets) the encryption key c to the encryption unit 5 or the decryption unit 6. In S76, an encryption necessity signal g indicating that encryption is requested or a decryption necessity signal h indicating that decryption is requested is input to the selectors 22 and 23, and the selector 22 is input. -Have 23 switch to the encryption or decryption path. Then, in S78, the data is read and written, and the process ends.
- the selectors 22-23 are provided, it is possible to store even the data that is not encrypted and not decrypted in the nonvolatile storage unit 2.
- the data storage device of the present invention is a data storage device including a storage data nonvolatile storage device for storing data, wherein the data storage device generates a pseudo-random number at a predetermined timing, and uses the pseudo-random number for each timing as an encryption key.
- Encryption key generating means for performing encryption, storage means for storing the encryption key generated by the encryption key generating means, and volatile encryption key storage means for storing the encryption key; Encrypting means for encrypting with the key and storing the encrypted data in the non-volatile storage means, and when the same encryption key as in the encryption is given, the encryption stored in the non-volatile storage means Decryption means for decrypting and reading data with the encryption key, and the allocation in response to an externally requested user to allocate the key Returns encryption - key information corresponding to the latest of the encryption key Motometoki, instruction and the encryption key information for encrypting the data to be input is input Then, the encryption key corresponding to the encryption key information is read out from the encryption key storage means and given to the jurying means, and the instruction to read the encrypted data and the encryption key information are input. And an encryption key management means for reading out the encryption key corresponding to the encryption key information from the symbol key storage means and providing it to the decryption means.
- the encryption key generation means generates a pseudorandom number at a predetermined timing, uses the pseudorandom number at each evening as an encryption key, and stores the encryption key in the encryption key storage means. Then, the encryption key management means returns the encryption key information corresponding to the latest symbol key to the user when the user requests the allocation of the encryption key from outside.
- the encryption key corresponding to the encryption key information is read from the encryption key storage means and given to the encryption means.
- the encrypting means encrypts the input data with a given encryption key and stores the encrypted data in a non-volatile storage means, that is, in a non-volatile storage medium as encrypted data.
- the encryption key management means reads the encryption key corresponding to the encryption key information from the encryption key storage means and gives the encryption key to the decryption means.
- the decryption means decrypts the encrypted data stored in the non-volatile storage means using the encryption key and reads out the data when the same encryption key as that at the time of encryption is given.
- the No. key storage means is volatile in stored data
- the power is normally shut off and the encryption key stored in the No. key storage means is lost. Disappear.
- the encrypted data stored in the non-volatile storage means is analyzed, it is assumed that an encrypted data which can be easily analyzed accidentally exists and the encryption key of the encrypted data is guessed. However, the guessed encryption key cannot decrypt encrypted data encrypted with another different encryption key. Even if an encryption key for the encrypted data taken out of the non-volatile storage device is guessed, a pseudo-random number will be used for the encryption key of the encrypted data stored in the non-volatile storage device in the future.
- the encryption key generation means may receive an externally generated request for the encryption key, and generate the encryption key at the predetermined time when the generation request is made. .
- the encryption key generation means when an encryption key is desired to be generated, the encryption key generation means is caused to generate the encryption key. Therefore, it is easy to generate an encryption key different from the encryption key already generated and stored in the encryption key storage means. Can be obtained. Also, generation of useless encryption keys can be avoided.
- the encryption key management means may issue the generation request to the encryption key generation means at the time of the allocation request.
- the encryption key is generated by the encryption key generation means at the time of the encryption key allocation request, so that a different encryption key can be easily obtained for each allocation request. Therefore, it is possible to make the data hard to be discriminated by other users, and to prevent data that is not read by the same user from being read. Also, there is no need to separately issue a request for generating an encryption key.
- the data storage device may include a timer for generating a signal at regular intervals, and the predetermined timing of the encryption key generating means may be linked to the generation timing of the signal.
- the encryption key can be generated one after another by the encryption key generation means even if it is left unattended, so that there is no need to intentionally give a trigger for generating the encryption key. Furthermore, in the data storage device, a plurality of the encryption keys may be stored in the encryption key storage unit. '
- each of the encryption keys can be used for encrypting and decrypting separate data
- different encryption keys can be assigned to different users during the same period, or different data can be assigned to the same user. Or a different encryption key can be assigned for processing. Therefore, the number of times the non-volatile storage means can be used in a state where the security of each data is assured during the same period increases, and the efficiency of data encryption and decryption can be improved.
- the encryption key management unit compares the latest encryption key generated by the encryption key generation unit with the encryption key already stored in the encryption key storage unit. If there is a match, the encryption key generation means may regenerate the latest key until the key no longer matches, and the matching encryption key may not be assigned to the user.
- the encryption key management means may receive an instruction to invalidate the encryption key from outside in combination with the encryption key information corresponding to the encryption key, and Even if information is input, the encryption key may not be given to the encryption means and the decryption means.
- the encryption key can be used whenever the encryption key is no longer used. Can be disabled for data encryption / decryption, so that the possibility of data being read carelessly can be minimized.
- the data storage device may be arranged such that the encryption key management means stores the encryption key in the encryption means and decrypts the encryption key even if the encryption key information is input when a predetermined time has elapsed since the allocation of the encryption key to the user. It may not be given to the conversion means.
- the encryption key since the encryption key becomes unusable after a predetermined time has elapsed from the assignment, it is possible to prevent the same encryption key from being occupied by the user for a long time. Also, since the encryption key is disabled without giving an instruction to disable the encryption key from the user, the possibility of accidentally reading out the data can be automatically minimized.
- the data storage device may include an encryption key information generating unit that generates a pseudo random number as the encryption key information.
- the encryption key information is given to the user as a pseudo-random number, it is possible to prevent the data from being illegally encrypted and decrypted using the encryption key information given in the past. can do.
- the data storage device stores secret data in a nonvolatile manner. It is useful as a data storage device that stores data in a flexible storage medium, and is particularly suitable for a data storage device that requires excellent confidentiality and a function that makes it impossible to read out stored contents in a short time.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Management Or Editing Of Information On Record Carriers (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/297,662 US7392401B2 (en) | 2001-03-09 | 2002-03-08 | Data storage apparatus |
DE60237664T DE60237664D1 (de) | 2001-03-09 | 2002-03-08 | Vorrichtung zur datenspeicherung |
EP02702827A EP1292064B1 (en) | 2001-03-09 | 2002-03-08 | Data storage apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2001-067700 | 2001-03-09 | ||
JP2001067700A JP4112188B2 (ja) | 2001-03-09 | 2001-03-09 | データ記憶装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002073872A1 true WO2002073872A1 (fr) | 2002-09-19 |
Family
ID=18926008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/002169 WO2002073872A1 (fr) | 2001-03-09 | 2002-03-08 | Appareil de stockage de donnees |
Country Status (5)
Country | Link |
---|---|
US (1) | US7392401B2 (ja) |
EP (1) | EP1292064B1 (ja) |
JP (1) | JP4112188B2 (ja) |
DE (1) | DE60237664D1 (ja) |
WO (1) | WO2002073872A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8094571B2 (en) | 2002-02-19 | 2012-01-10 | Qualcomm Incorporated | Channel quality feedback mechanism and method |
CN105306530A (zh) * | 2015-09-16 | 2016-02-03 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | 一种使用Wi-Fi标签监测目标对象的方法 |
CN108566500A (zh) * | 2018-03-02 | 2018-09-21 | 西南交通大学 | 基于混合加密机制的自适应图像加密域可逆隐藏方法 |
Families Citing this family (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4375935B2 (ja) * | 2002-01-22 | 2009-12-02 | スパンション エルエルシー | 不正読み出し防止機能付き半導体不揮発性メモリ |
JP2004341768A (ja) * | 2003-05-15 | 2004-12-02 | Fujitsu Ltd | 磁気ディスク装置、暗号処理方法及びプログラム |
US20050114686A1 (en) * | 2003-11-21 | 2005-05-26 | International Business Machines Corporation | System and method for multiple users to securely access encrypted data on computer system |
FR2866450B1 (fr) * | 2004-02-17 | 2006-06-02 | Enertec | Cartouche d'enregistrement de donnees de type "anti-compromission" et procede anti-compromission correspondant |
DE102004009065A1 (de) * | 2004-02-23 | 2005-09-08 | Stefan Kistner | Verfahren zur Verhinderung des Verlustes der Vertraulichkeit von Daten auf oder mit wechselbaren Speichermedien (Datenträgern) |
US7216207B1 (en) * | 2004-03-08 | 2007-05-08 | International Business Machines Corporation | System and method for fast, secure removal of objects from disk storage |
US7162647B2 (en) * | 2004-03-11 | 2007-01-09 | Hitachi, Ltd. | Method and apparatus for cryptographic conversion in a data storage system |
JP3761557B2 (ja) * | 2004-04-08 | 2006-03-29 | 株式会社日立製作所 | 暗号化通信のための鍵配付方法及びシステム |
JP4791741B2 (ja) * | 2005-03-16 | 2011-10-12 | 株式会社リコー | データ処理装置とデータ処理方法 |
US7478220B2 (en) * | 2005-06-23 | 2009-01-13 | International Business Machines Corporation | Method, apparatus, and product for prohibiting unauthorized access of data stored on storage drives |
EP1798888B1 (fr) * | 2005-12-19 | 2011-02-09 | St Microelectronics S.A. | Protection de l'exécution d'un algorithme DES |
DE102006034535A1 (de) * | 2006-07-26 | 2008-01-31 | Carl Zeiss Meditec Ag | Verfahren zur Generierung eines Einmal-Zugangscodes |
JP2008035438A (ja) * | 2006-07-31 | 2008-02-14 | Fujitsu Ltd | データ中継装置 |
GB0615392D0 (en) * | 2006-08-03 | 2006-09-13 | Wivenhoe Technology Ltd | Pseudo random number circuitry |
US8806227B2 (en) * | 2006-08-04 | 2014-08-12 | Lsi Corporation | Data shredding RAID mode |
JP4917478B2 (ja) * | 2007-05-25 | 2012-04-18 | 株式会社ケーヒン | 乱数発生装置及び車両制御装置 |
US20100031057A1 (en) * | 2008-02-01 | 2010-02-04 | Seagate Technology Llc | Traffic analysis resistant storage encryption using implicit and explicit data |
US20090196417A1 (en) * | 2008-02-01 | 2009-08-06 | Seagate Technology Llc | Secure disposal of storage data |
US8103844B2 (en) * | 2008-02-01 | 2012-01-24 | Donald Rozinak Beaver | Secure direct platter access |
US8826037B2 (en) * | 2008-03-13 | 2014-09-02 | Cyberlink Corp. | Method for decrypting an encrypted instruction and system thereof |
US8238559B2 (en) * | 2008-04-02 | 2012-08-07 | Qwest Communications International Inc. | IPTV follow me content system and method |
DE102009052456A1 (de) * | 2009-11-09 | 2011-05-19 | Siemens Aktiengesellschaft | Verfahren und System zur beschleunigten Entschlüsselung von kryptographisch geschützten Nutzdateneinheiten |
US8239733B2 (en) * | 2009-11-27 | 2012-08-07 | Skymedi Corporation | Memory device with protection capability and method of accessing data therein |
CN101986663A (zh) * | 2010-11-29 | 2011-03-16 | 北京卓微天成科技咨询有限公司 | 一种基于otp的云存储数据存储方法、装置及系统 |
CN102393890B (zh) * | 2011-10-09 | 2014-07-16 | 广州大学 | 一种抗物理入侵和旁路攻击的密码芯片系统及其实现方法 |
US9935768B2 (en) | 2012-08-06 | 2018-04-03 | Samsung Electronics Co., Ltd. | Processors including key management circuits and methods of operating key management circuits |
KR102013841B1 (ko) | 2012-08-06 | 2019-08-23 | 삼성전자주식회사 | 데이터의 안전한 저장을 위한 키 관리 방법 및 그 장치 |
CN103118002A (zh) * | 2012-12-21 | 2013-05-22 | 北京飞漫软件技术有限公司 | 一种以语音为密钥实现数据资源云存储管理的方法 |
WO2015118630A1 (ja) * | 2014-02-05 | 2015-08-13 | 株式会社日立製作所 | ストレージシステムおよびストレージシステム用キャッシュ制御装置 |
JP2014161043A (ja) * | 2014-04-01 | 2014-09-04 | Thomson Licensing | マルチメディア・アクセス・デバイスの登録システム及び方法 |
US10861009B2 (en) | 2014-04-23 | 2020-12-08 | Minkasu, Inc. | Secure payments using a mobile wallet application |
US11887073B2 (en) * | 2014-04-23 | 2024-01-30 | Minkasu, Inc. | Securely storing and using sensitive information for making payments using a wallet application |
US10796302B2 (en) * | 2014-04-23 | 2020-10-06 | Minkasu, Inc. | Securely storing and using sensitive information for making payments using a wallet application |
US9311256B2 (en) | 2014-06-09 | 2016-04-12 | Kabushiki Kaisha Toshiba | Storage device |
KR102154187B1 (ko) | 2014-08-07 | 2020-09-09 | 삼성전자 주식회사 | 메모리 장치, 메모리 시스템 및 메모리 시스템의 동작 방법 |
CN104735163B (zh) * | 2015-04-10 | 2018-12-21 | 重庆邮电大学 | 一种用于混合云存储环境下多用户数据完整性验证方法 |
US10491387B2 (en) * | 2016-11-15 | 2019-11-26 | International Business Machines Corporation | End-to-end encryption of a block storage device with protected key |
JP7195802B2 (ja) * | 2018-07-31 | 2022-12-26 | キヤノン株式会社 | 情報処理方法、情報処理システム、および通信装置 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0522283A (ja) * | 1991-02-20 | 1993-01-29 | C Ee T V Kiban Gijutsu Kenkyusho:Kk | 秘話通信方式 |
JPH09218836A (ja) * | 1996-02-13 | 1997-08-19 | Hitachi Ltd | ネットワーク用セキュリティ確保方法 |
JPH09258977A (ja) * | 1996-01-17 | 1997-10-03 | Fuji Xerox Co Ltd | ソフトウェアの保護機能付き情報処理装置 |
JPH10134157A (ja) * | 1996-10-28 | 1998-05-22 | Nippon Telegr & Teleph Corp <Ntt> | 計算機カードを利用した暗号認証処理方法および装置 |
JPH1173375A (ja) * | 1997-08-29 | 1999-03-16 | Dainippon Printing Co Ltd | Icカード |
JP2000092040A (ja) * | 1998-09-11 | 2000-03-31 | Omron Corp | 記憶媒体、読出/書込機、カードシステム、暗号鍵使用方法、駅務システムおよびカード発行機 |
JP2000295209A (ja) * | 1999-04-09 | 2000-10-20 | Ntt Data Corp | 鍵管理方法、鍵管理システム及び記録媒体 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS62107352A (ja) | 1985-11-05 | 1987-05-18 | Fujitsu Ltd | 暗号化rom装置 |
US5027397A (en) * | 1989-09-12 | 1991-06-25 | International Business Machines Corporation | Data protection by detection of intrusion into electronic assemblies |
US5717756A (en) * | 1995-10-12 | 1998-02-10 | International Business Machines Corporation | System and method for providing masquerade protection in a computer network using hardware and timestamp-specific single use keys |
JPH09223061A (ja) | 1996-02-15 | 1997-08-26 | Canon Inc | 情報処理方法及び装置 |
US5883958A (en) * | 1996-04-01 | 1999-03-16 | Sony Corporation | Method and device for data decryption, a method and device for device identification, a recording medium, a method of disk production, and a method and apparatus for disk recording |
US6148401A (en) * | 1997-02-05 | 2000-11-14 | At&T Corp. | System and method for providing assurance to a host that a piece of software possesses a particular property |
JP3625354B2 (ja) | 1997-04-18 | 2005-03-02 | 株式会社東芝 | ユニット装置、復号化ユニット装置、暗号化ユニット装置、暗号処理システム及び暗号化方法 |
US6105131A (en) * | 1997-06-13 | 2000-08-15 | International Business Machines Corporation | Secure server and method of operation for a distributed information system |
US5987376A (en) * | 1997-07-16 | 1999-11-16 | Microsoft Corporation | System and method for the distribution and synchronization of data and state information between clients in a distributed processing system |
US6249866B1 (en) * | 1997-09-16 | 2001-06-19 | Microsoft Corporation | Encrypting file system and method |
US5987572A (en) * | 1997-09-29 | 1999-11-16 | Intel Corporation | Method and apparatus employing a dynamic encryption interface between a processor and a memory |
JP2000299682A (ja) | 1999-04-13 | 2000-10-24 | Matsushita Electric Ind Co Ltd | 認証書取得装置および認証書取得方法 |
US6990578B1 (en) * | 1999-10-29 | 2006-01-24 | International Business Machines Corp. | Method and apparatus for encrypting electronic messages composed using abbreviated address books |
US6772340B1 (en) * | 2000-01-14 | 2004-08-03 | Microsoft Corporation | Digital rights management system operating on computing device and having black box tied to computing device |
US20020114453A1 (en) * | 2001-02-21 | 2002-08-22 | Bartholet Thomas G. | System and method for secure cryptographic data transport and storage |
-
2001
- 2001-03-09 JP JP2001067700A patent/JP4112188B2/ja not_active Expired - Fee Related
-
2002
- 2002-03-08 DE DE60237664T patent/DE60237664D1/de not_active Expired - Lifetime
- 2002-03-08 US US10/297,662 patent/US7392401B2/en not_active Expired - Lifetime
- 2002-03-08 EP EP02702827A patent/EP1292064B1/en not_active Expired - Lifetime
- 2002-03-08 WO PCT/JP2002/002169 patent/WO2002073872A1/ja active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0522283A (ja) * | 1991-02-20 | 1993-01-29 | C Ee T V Kiban Gijutsu Kenkyusho:Kk | 秘話通信方式 |
JPH09258977A (ja) * | 1996-01-17 | 1997-10-03 | Fuji Xerox Co Ltd | ソフトウェアの保護機能付き情報処理装置 |
JPH09218836A (ja) * | 1996-02-13 | 1997-08-19 | Hitachi Ltd | ネットワーク用セキュリティ確保方法 |
JPH10134157A (ja) * | 1996-10-28 | 1998-05-22 | Nippon Telegr & Teleph Corp <Ntt> | 計算機カードを利用した暗号認証処理方法および装置 |
JPH1173375A (ja) * | 1997-08-29 | 1999-03-16 | Dainippon Printing Co Ltd | Icカード |
JP2000092040A (ja) * | 1998-09-11 | 2000-03-31 | Omron Corp | 記憶媒体、読出/書込機、カードシステム、暗号鍵使用方法、駅務システムおよびカード発行機 |
JP2000295209A (ja) * | 1999-04-09 | 2000-10-20 | Ntt Data Corp | 鍵管理方法、鍵管理システム及び記録媒体 |
Non-Patent Citations (2)
Title |
---|
GARFINKEL SIMSON, SPAFFORD GENE, YAMAGUCHI AKIRA: "UNIX Security", 1 October 1993, ASCII CORP., TOKYO-TO, XP002953851 * |
See also references of EP1292064A4 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8094571B2 (en) | 2002-02-19 | 2012-01-10 | Qualcomm Incorporated | Channel quality feedback mechanism and method |
CN105306530A (zh) * | 2015-09-16 | 2016-02-03 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | 一种使用Wi-Fi标签监测目标对象的方法 |
CN108566500A (zh) * | 2018-03-02 | 2018-09-21 | 西南交通大学 | 基于混合加密机制的自适应图像加密域可逆隐藏方法 |
Also Published As
Publication number | Publication date |
---|---|
JP2002268946A (ja) | 2002-09-20 |
EP1292064B1 (en) | 2010-09-15 |
JP4112188B2 (ja) | 2008-07-02 |
US20030182566A1 (en) | 2003-09-25 |
EP1292064A4 (en) | 2007-07-25 |
DE60237664D1 (de) | 2010-10-28 |
US7392401B2 (en) | 2008-06-24 |
EP1292064A1 (en) | 2003-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2002073872A1 (fr) | Appareil de stockage de donnees | |
JP4169822B2 (ja) | 記憶媒体のデータ保護方法、その装置及びその記憶媒体 | |
JP7073268B2 (ja) | 量子鍵配送に基づく暗号化及び復号のためのシステム及び方法 | |
US7912223B2 (en) | Method and apparatus for data protection | |
US6993661B1 (en) | System and method that provides for the efficient and effective sanitizing of disk storage units and the like | |
KR100445406B1 (ko) | 데이터 암호화 장치 및 그 방법 | |
JP3627384B2 (ja) | ソフトウェアの保護機能付き情報処理装置及びソフトウェアの保護機能付き情報処理方法 | |
JP4902207B2 (ja) | ファイルの暗号化と復号化のための複数のキーを管理するシステムと方法 | |
CN102750233B (zh) | 加密和存储机密数据 | |
EP0002579A1 (en) | A method of creating a secure data file | |
JPH11510678A (ja) | セキュリティモジュールにおいて秘密情報を記憶し使用するための方法及び関連するセキュリティモジュール | |
JP5645725B2 (ja) | データ処理装置およびデータ処理システムおよびその制御方法 | |
JP2005050160A (ja) | ハードウェアプロテクトキー及び情報処理システム | |
JP2001022646A (ja) | メモリ装置 | |
JP2009104445A (ja) | データ管理装置、データ管理システム及びプログラム | |
TWI362207B (en) | Key cache management through multiple localities | |
JP3982531B2 (ja) | ソフトウェアの保護機能付き情報処理装置およびソフトウェアの保護機能付き情報処理方法 | |
JP3982530B2 (ja) | ソフトウェアの保護機能付き情報処理装置およびソフトウェアの保護機能付き情報処理方法 | |
CN112468300B (zh) | 具有旁通通道的金钥管理装置及处理器芯片 | |
JP2007074507A (ja) | 暗号化/復号化装置、電子機器及び暗号化/復号化装置の制御方法 | |
JP2009089438A (ja) | 認証装置 | |
JP2004126745A (ja) | データ保護装置 | |
KR100495682B1 (ko) | 보안모듈에서의민감한정보의기억및관리를위한방법및관련보안모듈 | |
JPH1055273A (ja) | ソフトウェア保護装置 | |
JP2007074505A (ja) | 暗号化/復号化装置、電子機器及び暗号化/復号化方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10297662 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002702827 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002702827 Country of ref document: EP |