SYSTEMS AND METHODS FOR LOCKING AND EXPORTING THE LOCKING OF A REMOVABLE MEMORY DEVICE
First Claim
1. An information storage device comprising a memory for storing data and a controller for performing access control on the memory, whereinthe controller performs locking of the memory on the basis of a lock command, an identifier (ID), and a lock key, each of which is input from a first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, andthe controller determines, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is(a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or(b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, andstores determination information in storage means.
0 Assignments
0 Petitions
Accused Products
Abstract
A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds.
-
Citations
13 Claims
-
1. An information storage device comprising a memory for storing data and a controller for performing access control on the memory, wherein
the controller performs locking of the memory on the basis of a lock command, an identifier (ID), and a lock key, each of which is input from a first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, and the controller determines, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, and stores determination information in storage means.
-
4. An information storage device comprising:
-
a memory for storing data; and a controller for performing access control on the memory, wherein the controller performs locking of the memory on the basis of a lock command, an identifier (ID), and a lock key, each of which is input from a first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, and the controller determines, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is (a) a standard lock key set serving as a key set prohibiting output of the key set and prohibiting access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, and stores determination information in storage means, and wherein the primary information processing apparatus has, serving as a unique key set, a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the primary information processing apparatus and a the primary lock key (LKs) defined in association with the primary ID (IDs), and in response to an export-lock-key-set output request from the primary information processing apparatus, the controller encrypts data of the export lock key set on the basis of the primary lock key (LKs) held by the primary information processing apparatus and outputs the encrypted data to the primary information processing apparatus. - View Dependent Claims (5)
-
-
6. A memory access control system comprising an information storage device including a memory for storing data and a controller for performing access control on the memory and a first information processing apparatus including an interface with the information storage device and accessing the memory in the information storage device via the interface,
wherein the information processing apparatus stores a key set including an identifier (ID) and a lock key (LK) in storage means, the controller of the information storage device performs locking of the memory on the basis of a lock command, an identifier (ID), and the lock key, each of which is each input from the first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, the controller of the information storage device determines, on the basis of the locking mode corresponding to the lock command, whether the key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, and stores determination information in storage means, and on the basis of the determination information, the controller of the information storage device determines whether it is permitted to output the key set to another one of the information processing apparatus in the group.
-
7. A memory access control system comprising:
-
an information storage device including a memory for storing data and a controller for performing access control on the memory; a first information processing apparatus including an interface to the information storage device and adapted to access the memory in the information storage device, a second information processing apparatus including an interface to the information storage device and adapted to access the memory in the information storage device, wherein the first information processing apparatus stores a key set including an identifier (ID) and a lock key (LK) in storage means, the controller of the information storage device performs locking of the memory on the basis of a lock command, the lock key and the identifier (ID) each input from the first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of the first information processing apparatus in which the lock key is a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the first information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, the controller of the information storage device determines, on the basis of the locking mode corresponding to the lock command, whether the key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the first information processing apparatus, where the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving as a key set permitting output of the key set to a corresponding one of information processing apparatus in the group and prohibiting all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, and stores determination information in storage means, and on the basis of the determination information, the controller of the information storage device determines whether it is permitted to output the key set to the second information processing apparatus, and wherein, in response to a request from the second information processing apparatus the controller of the information storage device generates another random number and receives, from the second information processing apparatus, encrypted data [E(Lks, Rms)] generated by encrypting the other random number (Rms) on the basis of a primary lock key (LKs) held by the second information processing apparatus, and the controller of the information storage device performs verification including checking of the received encrypted data against encrypted data [E(Lks, Rms)] computed on the basis of a primary lock key (LKs) obtained by computing a hash value using an identifier of the second information storage device to determine whether the second information processing apparatus is in the group associated with the sub lock key.
-
-
8. A memory access control method for an information storage device including a memory for storing data and a controller for performing access control on the memory, the method comprising:
-
a step of receiving a lock command, an identifier (ID), and a lock key, each of which is input from a first information processing apparatus, the ID identifying the first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, and a step of determining, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, storing determination information in storage means. - View Dependent Claims (9, 10)
-
-
11. A memory access control method for an information storage device including a memory for storing data and a controller for performing access control on the memory, the method comprising:
-
a step of receiving a lock command, a lock key and identifier (ID) each input from a first-information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of a primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, and a step of determining, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, storing determination information in storage means, and wherein a second information processing apparatus has, serving as a unique key set, a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the second information processing apparatus and a primary lock key (LKs) defined in association with the primary ID (IDs), and the memory access control method further comprises an encryption and output step of encrypting, in response to an export-lock-key-set output request from the second information processing apparatus, data of the export lock key set on the basis of the primary lock key (LKs) held by the second information processing apparatus identifying the second information processing apparatus as being in the group and outputting the encrypted data. - View Dependent Claims (12)
-
-
13. A computer-readable recording medium containing a program for controlling an information storage device to perform a method for controlling memory access to the information storage device, the information storage device including a memory for storing data and a controller for performing access control on the memory, the program comprising:
-
a step of receiving a lock command, an identifier (ID), and a lock key, each of which is input from a first information processing apparatus, the lock command corresponding to one of a plurality of locking modes, each locking mode corresponding to a respective locked state limiting all access to the memory to one of the primary information processing apparatus having a primary lock key used by the controller to standard lock the memory when the memory is not otherwise export-locked or a plurality of other information processing apparatus, where the plurality of other information processing apparatus and the primary information processing apparatus define a group, at least one of the group having a sub lock key used by the controller to export lock the memory to limit all access to the memory to each information processing apparatus in the group that transmits an unlock command to the controller using the sub lock key, and a step of determining, on the basis of the locking mode corresponding to the lock command, whether a key set including the identifier (ID) and the lock key is (a) a standard lock key set serving to prohibit output of the key set and prohibit all access to the memory except to the primary information processing apparatus, where the first information processing apparatus is the primary information processing apparatus and the lock key is the primary lock key for standard locking the memory, or (b) an export lock key set serving to permit output of the key set to a corresponding one of the information processing apparatus in the group and prohibit all access to the memory except to each information processing apparatus in the group that has unlocked the memory via the controller using the lock key, where the lock set is the sub lock key for export locking the memory, and storing determination information in storage means.
-
Specification