Systems and methods for locking and exporting the locking of a removable memory device
First Claim
Patent Images
1. An information storage device comprising:
- a memory for storing data; and
a controller for performing access control on the memory,wherein the controller performs locking of the memory on the basis of a lock command and an identifier (ID) input from an information processing apparatus, and the controller determines, on the basis of the lock command, whether a key set including the identifier (ID) is(a) a standard lock key set serving as a key set prohibiting output, or(b) an export lock key set serving as a key set permitting output, andstores determination information in storage means,wherein the controller determines whether it is permitted to output the export lock key set to the information processing apparatus, and the determination includes verification of a key set unique to the information processing apparatus, which is input from the information processing apparatus, and the export lock key set is output to the information processing apparatus at least provided that the verification succeeds, andwherein the key set unique to the information processing apparatus is a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the information processing apparatus and a primary lock key (LKs) serving as a lock key associated with the unique ID,the information storage device has a lock master key (LMK) that is applicable to compute the primary lock key (LKs), which is a hash value based on the relationship LKs=H(LMK, IDs), the hash value being computed for the primary ID (IDs) by applying the lock master key (LMK), andthe controller verifies the key set unique to the information processing apparatus, which is input from the information processing apparatus, on the basis of a lock key (LK) obtained by computing the hash value by applying the lock master key (LMK).
1 Assignment
0 Petitions
Accused Products
Abstract
A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds.
-
Citations
7 Claims
-
1. An information storage device comprising:
-
a memory for storing data; and a controller for performing access control on the memory, wherein the controller performs locking of the memory on the basis of a lock command and an identifier (ID) input from an information processing apparatus, and the controller determines, on the basis of the lock command, whether a key set including the identifier (ID) is (a) a standard lock key set serving as a key set prohibiting output, or (b) an export lock key set serving as a key set permitting output, and stores determination information in storage means, wherein the controller determines whether it is permitted to output the export lock key set to the information processing apparatus, and the determination includes verification of a key set unique to the information processing apparatus, which is input from the information processing apparatus, and the export lock key set is output to the information processing apparatus at least provided that the verification succeeds, and wherein the key set unique to the information processing apparatus is a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the information processing apparatus and a primary lock key (LKs) serving as a lock key associated with the unique ID, the information storage device has a lock master key (LMK) that is applicable to compute the primary lock key (LKs), which is a hash value based on the relationship LKs=H(LMK, IDs), the hash value being computed for the primary ID (IDs) by applying the lock master key (LMK), and the controller verifies the key set unique to the information processing apparatus, which is input from the information processing apparatus, on the basis of a lock key (LK) obtained by computing the hash value by applying the lock master key (LMK). - View Dependent Claims (2)
-
-
3. A memory access control system comprising:
-
an information storage device including a memory for storing data and a controller for performing access control on the memory; and an information processing apparatus including an interface with the information storage device and accessing the memory in the information storage device via the interface, wherein the information processing apparatus stores a key set including an identifier (ID) and a lock key (LK) in storage means, the controller of the information storage device performs locking of the memory on the basis of a lock command and the identifier (ID) input from the information processing apparatus, the controller of the information storage device determines, on the basis of the lock command, whether the key set including the identifier (ID) is (a) a standard lock key set serving as a key set prohibiting output, or (b) an export lock key set serving as a key set permitting output, and stores determination information in storage means, and on the basis of the determination information, the controller of the information storage device determines whether it is permitted to output the key set to the information processing apparatus, and wherein the information processing apparatus stores a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the information processing apparatus and a primary lock key (LKs) serving as a lock key associated with the unique ID in the storage means, the information storage device has a lock master key (LMK) that is applicable to compute the primary lock key (LKs), which is a hash value based on the relationship LKs =H(LMK, IDs), the hash value being computed for the primary ID (IDs) by applying the lock master key (LMK), and the controller of the information storage device verifies a key set unique to the information processing apparatus, which is input from the information processing apparatus, on the basis of a lock key (LK) obtained by computing the hash value by applying the lock master key (LMK).
-
-
4. A memory access control system comprising:
-
an information storage device including a memory for storing data and a controller for performing access control on the memory; and an information processing apparatus including an interface with the information storage device and accessing the memory in the information storage device via the interface, wherein the information processing apparatus stores a key set including an identifier (ID) and a lock key (LK) in storage means, the controller of the information storage device performs locking of the memory on the basis of a lock command and the identifier (ID) input from the information processing apparatus, the controller of the information storage device determines, on the basis of the lock command, whether the key set including the identifier (ID) is (a) a standard lock key set serving as a key set prohibiting output, or (b) an export lock key set serving as a key set permitting output, and stores determination information in storage means, and on the basis of the determination information, the controller of the information storage device determines whether it is permitted to output the key set to the information processing apparatus, and wherein the information processing apparatus has, serving as a unique key set, a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the information processing apparatus and a primary lock key (LKs) defined in association with the primary ID (IDs), and in response to an export-lock-key-set output request from the information processing apparatus, the controller of the information storage device encrypts data of the export lock key set on the basis of the primary lock key (LKs) held by the information processing apparatus and outputs the encrypted data, and the information processing apparatus obtains the data of the export lock key set by decrypting the encrypted data on the basis of the primary lock key (LKs) held by the information processing apparatus. - View Dependent Claims (5)
-
-
6. A memory access control method for an information storage device including a memory for storing data and a controller for performing access control on the memory, the method comprising:
-
a step of receiving a lock command and an identifier (ID) input from an information processing apparatus, and a step of determining, on the basis of the lock command, whether a key set including the identifier (ID) is (a) a standard lock key set serving as a key set prohibiting output, or (b) an export lock key set serving as a key set permitting output, and storing determination information in storage means, wherein, as determination of whether it is permitted to output the export lock key set to the information processing apparatus, verification is performed on a key set unique to the information processing apparatus, which is input from the information processing apparatus, and the export lock key set is output to the information processing apparatus at least provided that the verification succeeds, and wherein the key set unique to the information processing apparatus is a primary key set [IDs, LKs] consisting of a primary ID (IDs) serving as a unique ID of the information processing apparatus and a primary lock key (LKs) serving as a lock key associated with the unique ID, the information storage device has a lock master key (LMK) that is applicable to compute the primary lock key (LKs), which is a hash value based on the relationship LKs=H(LMK, IDs), the hash value being computed for the primary ID (IDs) by applying the lock master key (LMK), and the verification includes a step of verifying the key set unique to the information processing apparatus, which is input from the information processing apparatus, on the basis of a lock key (LK) obtained by computing the hash value by applying the lock master key (LMK). - View Dependent Claims (7)
-
Specification