Data processing device, data storage device, data processing method, and program providing medium for storing content protected under high security management
First Claim
1. A data processing device comprising:
- a data storage means for storing a revocation list and an access permission table stored in media;
a memory interface unit for accessing said data storage means; and
a control unit for controlling said memory interface unit;
wherein;
the revocation list includes content playback information;
the access permission table which is stored in a data storage area in said data storage means is set in said memory interface unit; and
in response to an access command to access said data storage means, which is issued by said control unit, said memory interface unit determines, by referring to the revocation list and the access permission table, whether or not to execute the access command, whereby processing which is set executable by the access permission table is only executed.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing device includes a memory interface (I/F) unit and a control unit. When accessing a data storage device such as a memory card having a built-in flash memory, the data processing device sets a block permission table (BPT) as an access permission table in the memory I/F unit, whereby only when the BPT permits a process to be executed does the memory I/F unit access the storage device, and the memory I/F unit does not execute a process when it is out of an allowable range. Regardless of a process type performed by the control unit and a command type, the memory I/F unit always accesses the storage device in accordance with the BPT set in the memory I/F unit. This effectively prevents the rewriting of data in rewrite-prevented recording media.
80 Citations
22 Claims
-
1. A data processing device comprising:
-
a data storage means for storing a revocation list and an access permission table stored in media;
a memory interface unit for accessing said data storage means; and
a control unit for controlling said memory interface unit;
wherein;
the revocation list includes content playback information;
the access permission table which is stored in a data storage area in said data storage means is set in said memory interface unit; and
in response to an access command to access said data storage means, which is issued by said control unit, said memory interface unit determines, by referring to the revocation list and the access permission table, whether or not to execute the access command, whereby processing which is set executable by the access permission table is only executed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
the data storage area in said data storage means is a flash memory having a plurality of blocks, each of which consists of a plurality of sectors which each have a predetermined data capacity;
in the access permission table, permission information on block-unit data processing is set; and
in accordance with the set permission information, said memory interface unit includes means for determines whether or not the block-unit data processing can be executed.
-
-
3. A data processing device according to claim 1, wherein:
-
only when a type of processing corresponding to the access command from said control unit is within a range of processing types which are set executable by the access permission table does said memory interface unit execute the type of processing, and sets a process-success flag in accordance with a success of the processing in said memory interface unit; and
said control unit executes processing thereof on condition that the setting of the process-success flag in said memory interface unit is verified.
-
-
4. A data processing device according to claim 1, wherein:
-
when the access command designates a data-file reading process, said control unit executes a process in which the address of a data file to be read is selected from a file allocation table corresponding to the data storage area in said data storage means and is transmitted to said memory interface unit; and
after receiving the address of the data file, said memory interface unit determines, by using the received address to refer to the access permission table, whether or not an address-assigned area having the address is a data-readable area, and only when the address-assigned area is a data-readable area does said memory interface unit execute the data-file reading process.
-
-
5. A data processing device according to claim 1, wherein:
-
when the access command designates a data-file writing process, said control unit executes a process in which the address of a data file to be written is selected from the data storage area in said data storage means and is transmitted as a write address to said memory interface unit; and
after receiving the write address, said memory interface unit determines, by using the received write address to refer to the access permission table, whether or not an address-assigned area having the write address is data-writable area, and only when the address-assigned area is a data-writable area does said memory interface unit execute the data-file writing process.
-
-
6. A data processing device according to claim 1, wherein:
-
in the access permission table, in the form of additional data, an integrity check value which is generated based on data in the access permission table is included as a check value for verifying whether or not the data in the access permission table is interpolated;
said memory interface unit includes a cryptosystem unit for, based on the integrity check value, executing the integrity checking of the access permission table; and
when said cryptosystem unit determines that the access permission table has not been interpolated, the access permission table is set in said memory interface unit, and data processing is executed based on the determination of access permission in accordance with the set access permission table.
-
-
7. A data processing device according to claim 1, wherein:
-
in the access permission table, in the form of additional data, an integrity check value which is generated based on data including data in the access permission table and an identifier unique to said data storage means is included as a check value for verifying whether or not the data in the access permission table is interpolated;
the verification based on the integrity check value by said memory interface unit is executed as the verification of whether or not the access permission table is stored in valid media, in addition to the verification of whether or not the data in the access permission table is interpolated; and
when verifying the validity of storage, the access permission table is set in said memory interface unit, and data processing is executed based on the determination of access permission in accordance with the set access permission table.
-
-
8. A data processing device according to claim 1, wherein, when mutual authentication is established as a result of mutual authentication with said data storage means, the access permission table, which is stored in the memory of said data storage means, is set in said memory interface unit.
-
9. A data processing device according to claim 1, wherein:
-
said data storage means is a flash memory having a data storage area which has a plurality of blocks, each of which consists of a plurality of sectors in which each of the sectors has a predetermined data capacity;
in the access permission table, either information on whether or not block-unit data erasure can be performed or information on whether or not block-unit data playback can be performed is set; and
in accordance with either information set in the access permission table, said memory interface unit determines whether or not block-unit data processing can be executed.
-
-
10. A data storage device comprising a data storage area consisting of a plurality of blocks, each of which consists of a plurality of sectors which each have a predetermined data capacity,
wherein, in said data storage area, a revocation list including content playback information and an access permission table in which permission information on block-unit data processing in the data storage area is set is stored.
-
13. A data processing method for a data processing device comprising a data storage means for storing revocation list and an access permission table stored in media, a memory interface unit for accessing said data storage means, and a control unit for controlling said memory interface unit, wherein said revocation list includes content playback information and wherein said memory interface unit performs the steps of:
-
setting therein the access permission table which is stored in a data storage area in said data storage means;
determining, by referring to the revocation list and the access permission table in response to an access command to access said data storage means, whether or not to execute the access command; and
executing only a process which is set executable by the access permission table. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
the data storage area in said data storage means is a flash memory having a plurality of blocks, each of which consists of a plurality of sectors which each have a predetermined data capacity;
in the access permission table, permission information on block-unit data processing is set; and
in accordance with the set permission information, said memory interface unit includes means for determines whether or not the block-unit data processing can be executed.
-
-
15. A data processing method according to claim 13, wherein:
-
only when a type of processing corresponding to the access command from said control unit is within a range of processing types which are set executable by the access permission table does said memory interface unit execute the type of processing, and sets a process-success flag in accordance with a success of the processing in said memory interface unit; and
said control unit executes processing thereof on condition that the setting of the process-success flag in said memory interface unit is verified.
-
-
16. A data processing method according to claim 13, wherein:
-
when the access command designates a data-file reading process, said control unit executes a process in which the address of a data file to be read is selected from a file allocation table corresponding to the data storage area in said data storage means and is transmitted to said memory interface unit; and
after receiving the address of the data file, said memory interface unit determines, by using the received address to refer to the access permission table, whether or not an address-assigned area having the address is a data-readable area, and only when the address-assigned area is a data-readable area does said memory interface unit execute the data-file reading process.
-
-
17. A data processing method according to claim 13, wherein:
-
when the access command designates a data-file writing process, said control unit executes a process in which the address of a data file to be written is selected from the data storage area in said data storage means and is transmitted as a write address to said memory interface unit; and
after receiving the write address, said memory interface unit determines, by using the received write address to refer to the access permission table, whether or not an address-assigned area having the write address is data-writable area, and only when the address-assigned area is a data-writable area does said memory interface unit execute the data-file writing process.
-
-
18. A data processing method according to claim 13, wherein:
-
in the access permission table, in the form of additional data, an integrity check value which is generated based on data in the access permission table is included as a check value for verifying whether or not the data in the access permission table is interpolated; and
said memory interface unit executes the steps of;
executing, based on the integrity check value, the integrity checking of the access permission table;
setting the access permission table in said memory interface unit when it is determined that the access permission table has not been interpolated; and
executing data processing based on the determination of access permission in accordance with the set access permission table.
-
-
19. A data processing method according to claim 13, wherein:
-
in the access permission table, in the form of additional data, an integrity check value which is generated based on data including data in the access permission table and an identifier unique to said data storage means is included as a check value for verifying whether or not the data in the access permission table is interpolated; and
said memory interface unit executes the steps of;
executing the verification based on the integrity check value as the verification of whether or not the access permission table is stored in valid media, in addition to the verification of whether or not the data in the access permission table is interpolated;
setting therein the access permission table when the validity of storage is verified; and
executing data processing based on the determination of access permission in accordance with the set access permission table.
-
-
20. A data processing method according to claim 13, wherein, when mutual authentication is established as a result of mutual authentication with said data storage means, the access permission table, which is stored in the memory of said data storage means, is set in said memory interface unit.
-
21. A data processing method according to claim 13, wherein:
-
said data storage means is a flash memory having a data storage area which has a plurality of blocks, each of which consists of a plurality of sectors in which each of the sectors has a predetermined data capacity;
in the access permission table, either information on whether or not block-unit data erasure can be performed or information on whether or not block-unit data playback can be performed is set; and
in accordance with either information set in the access permission table, said memory interface unit determines whether or not block-unit data processing can be executed.
-
-
22. A program providing medium for providing a computer program which controls a computer system to execute data processing by a data processing device comprising a data storage means for storing a revocation list and an access permission table stored in media, a memory interface unit for accessing said data storage means, and a control unit for controlling said memory interface unit,
wherein said revocation list includes content playback information, and wherein the computer program comprises the steps of: -
setting the access permission table which is stored in a data storage area in said data storage means;
determining, by referring to the revocation list and the access permission table in response to an access command to access said data storage means, whether or not to execute the access command; and
executing only a process which is set executable by the access permission table.
-
Specification