Memory device having secure non-volatile locking functionality
First Claim
1. An information storage device comprising:
- a memory for storing data; and
a controller for performing access control on the memory,wherein,the controller is operatively configured to (1) establish, at both an initial physical placement of the information storage device in and subsequent interconnections with each of a plurality of information processing apparatus and without user intervention when so interconnected, an automatic authentication process performed between the information storage device and one of the plurality of information processing apparatus to unlock the memory in response to an automatic command input from the one of the plurality of information processing apparatus, (2) store lock status data corresponding to a unique identification for each of the plurality of information processing apparatus prior to the memory being unlocked in a storage unit, and (3) when the information storage device transitions from an off state to an on state, recreate a lock status of the memory on the basis of the lock status data stored in the storage unit and perform memory access control based on the recreated lock status,one of a plurality of unique identifiers and one of a plurality of lock keys correspond to each of the plurality of information processing apparatus,a key set comprises an identifier and a lock key,the key set is utilized to lock and unlock the memory by communicating with the controller,authentication that one of the plurality of information processing apparatus is authorized to access the memory of the information storage device is determined by the controller utilizing the key set,the controller requires the key set utilized to lock the memory to unlock the memory,the memory is locked according to three locking modes, the memory being locked in one of the three locking modes at a time, the three locking modes being standard locking, export locking and standard locking enabling group locking, in standard locking the key set being prevented from being output to another information processing apparatus for accessing the memory, and in export locking the key set being permitted to be output to another information processing apparatus for accessing the memory,the key set includes at least one sub key set, the at least one sub key set including a sub identification and a sub lock key, the at least sub key set being permitted to be copied to each of the plurality of information processing apparatus during the export locking lock status, the sub key set being required to unlock the memory in response to the sub key set being utilized to lock the memory previously, andthe sub key set is imprinted to one of the plurality of information processing apparatus during the export locking or the standard locking enabling group locking.
1 Assignment
0 Petitions
Accused Products
Abstract
A device and method is provided for maintaining, upon unlocking of a memory, the lock status of the memory prior to the memory being unlocked and recreating the lock status when power is turned on again. An information storage device, such as a memory card, performs unlocking of a memory in response to a command input from an information processing apparatus and stores lock status data prior to the memory being unlocked in a non-volatile memory (NVM). When the information storage device is turned off and then on, the information storage device recreates a lock status of the memory on the basis of the lock status data stored in the storage means and performs memory access control based on the recreated lock status.
29 Citations
14 Claims
-
1. An information storage device comprising:
-
a memory for storing data; and a controller for performing access control on the memory, wherein, the controller is operatively configured to (1) establish, at both an initial physical placement of the information storage device in and subsequent interconnections with each of a plurality of information processing apparatus and without user intervention when so interconnected, an automatic authentication process performed between the information storage device and one of the plurality of information processing apparatus to unlock the memory in response to an automatic command input from the one of the plurality of information processing apparatus, (2) store lock status data corresponding to a unique identification for each of the plurality of information processing apparatus prior to the memory being unlocked in a storage unit, and (3) when the information storage device transitions from an off state to an on state, recreate a lock status of the memory on the basis of the lock status data stored in the storage unit and perform memory access control based on the recreated lock status, one of a plurality of unique identifiers and one of a plurality of lock keys correspond to each of the plurality of information processing apparatus, a key set comprises an identifier and a lock key, the key set is utilized to lock and unlock the memory by communicating with the controller, authentication that one of the plurality of information processing apparatus is authorized to access the memory of the information storage device is determined by the controller utilizing the key set, the controller requires the key set utilized to lock the memory to unlock the memory, the memory is locked according to three locking modes, the memory being locked in one of the three locking modes at a time, the three locking modes being standard locking, export locking and standard locking enabling group locking, in standard locking the key set being prevented from being output to another information processing apparatus for accessing the memory, and in export locking the key set being permitted to be output to another information processing apparatus for accessing the memory, the key set includes at least one sub key set, the at least one sub key set including a sub identification and a sub lock key, the at least sub key set being permitted to be copied to each of the plurality of information processing apparatus during the export locking lock status, the sub key set being required to unlock the memory in response to the sub key set being utilized to lock the memory previously, and the sub key set is imprinted to one of the plurality of information processing apparatus during the export locking or the standard locking enabling group locking. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A memory access control method for an information storage device including a memory for storing data and a controller for performing access control on the memory, the method comprising:
-
an unlocking performing step of, at both an initial physical placement of the information storage device in and subsequent interconnections with an information processing apparatus and in response to an automatic command input from the information processing apparatus, establishing without user intervention an automatic authentication process performed between the information storage device and the information processing apparatus to unlock the memory, a key set comprising a unique identifier and a lock key corresponding to the information processing apparatus, wherein the authentication process verifies the key set was utilized to lock the memory before allowing access to the memory; a lock-status-data storing step of storing lock status data corresponding to a unique identification of the information processing apparatus prior to the memory being unlocked in a storage unit, the memory is locked according to three locking modes, the memory being locked in one of the three locking modes at a time, the three locking modes being a standard locking, an export locking and a standard locking enabling group locking, in the standard locking the key set being prevented from being output to another information processing apparatus for accessing the memory, in the export locking the key set being permitted to be output to another information processing apparatus for accessing the memory; and a memory access control step of recreating, when the information storage device transitions from an off state to an on state, a lock status of the memory on the basis of the lock status data stored in the storage unit and performing memory access control based on the recreated lock status. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer readable recording medium comprising instructions which when executed by a computer system causes the computer to implement a programmed method for performing memory access control on an information storage device including a memory for storing data and a controller for performing access control on the memory, the programmed method comprising:
-
an unlocking performing step of, at both an initial physical placement of the information storage device in and subsequent interconnections with an information processing apparatus and in response to an automatic command input from the information processing apparatus, establishing without user intervention an automatic authentication process performed between the information storage device and the information processing apparatus to unlock the memory, a key set comprising a unique identifier and a lock key corresponding to the information processing apparatus, wherein the authentication process verifies the key set was utilized to lock the memory before allowing access to the memory; a lock-status-data storing step of storing lock status data corresponding to a unique identification of the information processing apparatus prior to the memory being unlocked in a storage unit; a memory access control step of recreating, when the information storage device is turned off and then on, a lock status of the memory on the basis of the lock status data stored in the storage unit and performing memory access control based on the recreated lock status, the memory is locked according to three locking modes, the memory being locked in one of the three locking modes at a time, the three locking modes being standard locking, export locking and standard locking enabling rou locking, in standard locking the key set being prevented from being output to another information processing apparatus for accessing the memory, in export locking the key set being permitted to be output to another information processing apparatus for accessing the memory; an imprinting step of imprinting a selection of a plurality of information processing apparatuses including the information processing apparatus with at least one sub key set included within the key set for accessing the memory, the at least one sub key set including a sub identification and a sub lock key, the sub key set may be copied to each of the plurality of information processing apparatus during the export locking, the sub key set being required to unlock the memory in response to the sub key set being utilized to lock the memory previously and the lock status being set to the export locking or group locking, the sub key set is imprinted to one of the plurality of information processing apparatus during export locking or group locking.
-
Specification