JPH09237228A - Access control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the security of a portable storage medium such as a PC card. SOLUTION: At the time of formatting the PC card 1d, a user is allowed to input password data used for generating key data for ciphering/decoding for ciphering and decoding processings. Inputted password data is stored in the PC card 1d, key data for ciphering/decoding is generated by using the data and key data is announced to the user. When the user requests writing to the PC card 1d, it is confirmed whether password data exists in the PC card 1d or not. When it is stored, the user is allowed to input key data for ciphering/ decoding and access right to the PC card 1d is checked. When they are matched as a result, data is ciphered by using key data and data is written in the PC card 1d.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an access control method used in a computer system in which a portable storage medium is detachably mounted.

[0002]

2. Description of the Related Art Conventionally, when writing data to a portable storage medium such as a PC card or a floppy disk having a built-in semiconductor memory, a method has been adopted in which the write data is stored in the storage medium as it is without being transformed. As a result, even a user other than the user who wrote the data could easily access the data. As a data security method in this method, there is known a method of restricting access from other users by changing attribute information for each file or directory such as write protection and hidden files.

However, even if such a security system is adopted, anyone can easily confirm the data structure of the PC card or the floppy disk, and
Since those attributes can be easily changed, it was not possible to obtain sufficient confidentiality.

As a data storage method in consideration of security, password data is stored in a storage medium such as a PC card and the password stored in the storage medium is stored by inputting the password at the time of access. A method of performing data writing and reading after performing collation and checking the access right is known. Further, there is also a method in which encryption processing is performed for each file or directory to be stored so that valid data cannot be obtained even if another user accesses it. The encryption key data used at this time is added as attribute information of a file or directory, respectively, and by acquiring this, the decryption of the encrypted data is realized.

However, in these security methods, since the password or the encryption / decryption key data itself is stored in a storage medium such as a PC card, it cannot be analyzed at the time of I / O access, but the storage medium cannot be analyzed. It is possible to obtain them by analyzing the data of, and then easily access the data. In other words, since only a single level of concealment was performed, it was possible to cancel it easily, and this was also low in concealment.

[0006]

As described above, in the conventional security method for the portable storage medium such as the PC card or the floppy disk having the built-in semiconductor memory, the third party can easily change the attribute. In addition, since the password and the data for encryption can be analyzed and acquired, the security technology for concealing the personal information of the portable storage medium carried on an individual basis is low in reliability.

The present invention has been made in view of the above circumstances, and is intended for maintaining security of a portable storage medium, which is characterized in that it is carried as an individual unit and is detachably attached to a computer system for use. An object is to provide a suitable access control method.

[0008]

The present invention is an access control method used in a computer system in which a portable storage medium is detachably mounted, and is stored in the portable storage medium based on a password input by a user. Initializing the portable storage medium by generating key data for encrypting / decrypting the data to be presented and presenting it to the user, and storing the input password in the portable storage medium, The input password read from the portable storage medium when the initialized portable storage medium is attached to the computer system, or when a data write / read request is issued to the attached portable storage medium. Generates the encryption / decryption key data from, and the generated encryption / decryption key data and the user The presence / absence of an access right to the portable storage medium is determined based on the comparison result with the input encryption / decryption key data, and when it is determined that the access right is available, the data writing / writing to the portable storage medium is performed. It is characterized in that the write data is encrypted, the encrypted data is written / the encrypted data is read, and the encrypted data is decrypted in response to a read request.

According to this access control method, at the time of initial setting for using a portable storage medium such as a PC card or a floppy disk as an encryption card, key data for encryption and decryption processing of the portable storage medium is performed. The user is prompted to enter the password used for generation. Then, the password input by the user is stored in the portable storage medium, key data is generated using the data, and the key data is presented to the user. In this way, only the password used to generate the key data is stored in the portable storage medium, and the key data is held and managed inside the software used as the I / O control system for realizing the access control method. It

Further, in consideration of the characteristic of the portable storage medium that is detachably attached to the computer system for use, when the initially set portable storage medium is attached to the computer system or is attached to the computer system. The access right check is performed when a data write / read request for the portable storage medium is issued. In this access right check, the user is prompted to enter the key data instead of the password, and this is compared with the key data generated from the password read from the portable storage medium. When it is determined that the user has the access right, the write data is encrypted, the encrypted data is written / the encrypted data is read, and the encrypted data is decrypted in response to the data write / read request.

Therefore, the data I / O control is performed through the data encryption and decryption processing, and the concealment of the data in the storage medium unit can be realized. Furthermore, in the confidentiality, the storage medium does not actually store the key data used in data encryption and decryption, but only the original password for generating the key data. Since it is stored, it is not possible to decipher it by a third party simply analyzing the data in the storage medium. Therefore, it is possible to realize access control suitable for maintaining security of a portable storage medium, which is characterized in that it is carried in an individual unit and is detachably attached to a computer system for use.

[0012]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 shows a functional configuration of a computer system to which an access control method according to an embodiment of the present invention is applied and a program executed by the computer system. Here, a PC card equipped with a semiconductor memory will be described as an example of a portable storage medium that can be detachably attached to a computer system.

This computer system is provided with a computer main body having an input device 1a consisting of a keyboard, a mouse or a pen, a trackball, etc., and a display device 1c, and this computer main body is in a power-on state. Also, the PC card 1d can be attached and detached.

The processing control device 1b determines the I / O request to the PC card 1d by determining the data input from the input device 1a, and the data to the PC card 1d is processed through the data encryption and decryption process. I / O control and output control to the display device 1c according to these processes are performed, and the function is realized by using a PC card driver which is software executed by the CPU in the computer system. ing.

The processing control device 1b includes a code / position data 1b1 input from the input device 1a and a display device 1c.
The input / output processing unit 1b3 for processing the output data 1b2 such as character data and graphic data output to the computer, the attachment / detachment detection processing unit 1b4 for detecting the attachment / detachment state of the computer main body and the PC card 1d, and the input / output processing unit 1b3. I for determining an I / O request such as a data write or a data read to the PC card 1d from the input data processed via the I
Key data for data encryption / decryption in data writing / reading to / from the PC card 1d when the I / O request discrimination processing unit 1b5 and the I / O request discrimination processing unit 1b5 request the format of the PC card 1d. Password data input processing unit 1b6 for inputting the password data used to generate the password and storing it in the PC card 1d, and data encryption from the password data input / stored by the password data input processing unit 1b6
An encryption / decryption key generation processing unit 1b7 for generating decryption key data, and an access check processing unit for checking the user's access right by using the data encryption / decryption key data when the PC card 1d is attached. 1b8 and PC
A data encryption processing unit 1b9 that encrypts target data when writing data to the card 1d, a data decryption processing unit 1b10 that decrypts target data when reading data to the PC card 1d, and a data write to the PC card 1d. Data I / O processing unit 1b11 for performing I / O processing such as reading and data reading, and block management information data 1 for managing PC card data used in the data I / O processing unit 1b11
b12 and a work buffer 1b13 used as a variable or data buffer used in each processing unit.

Further, the PC card 1d includes a controller 1d3 for controlling data read / write to the common memory 1d1 and the attribute memory 1d2 according to a data I / O control processing signal from the computer main body, and a computer 1d3 via the controller 1d3. It is composed of a common memory 1d1 for storing data transmitted from the main body and an attribute memory 1d2 for storing attribute information of the PC card 1d. These memories are flash E
It is configured using a non-volatile memory such as ERPOM.

FIG. 2 shows the block management information data 1b12.
FIG. 1d data write to PC card,
As with hard disk devices and floppy disk devices, data I / O control is performed in block (sector) units, so the total block number data 2a in the PC card and the number of defective blocks for managing unnecessary blocks that have become unusable The data 2b and the block number that becomes the defective block.
1 to N data 2c, spare block number data 2d of a spare block which is a replacement destination of a defective block,
The spare block registration number data 2e, which is the number of alternative blocks of the spare block, and the spare block number. 1 to N data 2f.

FIG. 3 is a block diagram of the attribute memory 1d2. The attribute memory has a PC card size 3a, a spare block number 3b, and a manufacturer name 3
c, release version 3d, password data 3
Card attribute information such as d is stored.

The procedure of access control for the PC card 1d executed by using the PC card driver will be described below. First, the basic flow of access control processing will be described.

At the time of formatting the PC card 1d (at the time of initial setting as an encryption card), the user is allowed to select whether to use the encryption processing for the data stored in the PC card 1d. The user is prompted to input password data used to generate encryption / decryption key data for the encryption and decryption processing. The entered password data is stored in the PC card 1d, and the data is used to generate encryption / decryption key data, and the key data is announced to the user.

When the user makes a write request to the PC card 1d, it is confirmed whether the password data exists in the PC card 1d, and if the password data is stored, the user receives the encryption / decryption key data. Input the password and check the access right to the PC card 1d. If they match as a result, the data is encrypted using the key data and then written in the PC card 1d.

When the user makes a read request to the PC card 1d, it is confirmed whether or not the password data exists in the PC card 1d, and if the password data is stored, the encryption / decryption key is given to the user. Enter data,
Check the access right to the PC card 1d. If they match as a result, the key data is used to decrypt the data, and then the data is transmitted to the read request command.

Specifically, access control is performed using the following steps. 1) An input / output step that prompts the user to make an input or confirmation via the input device 1a and the display device 1c of the computer body or the voice output mechanism.

2) An attachment / detachment detecting step for detecting the attachment / detachment state of the PC card 1d and the computer main body. 3) PC card 1d
I / O request contents to the client and judge the contents
/ O request determination step.

4) When the I / O content determined by the I / O request determination step is a format, the input / output step prompts the PC card 1d to select whether or not to set data encryption. , Input the password data used to generate the encryption / decryption key used to encrypt or decrypt the data in the PC card 1d when the selection result is determined and the encryption setting is determined to be selected. Password data input step of storing (memorizing) in the PC card 1d after prompting the user to obtain the input password data.

5) An encryption / decryption key that acquires the password data stored in the PC card 1d when the PC card is formatted and generates key data used for data encryption / decryption based on the data. Generation step.

6) An announcement step of announcing to the user the encryption / decryption key data generated in the encryption / decryption key generation step. 7) In order to determine the access right to the PC card 1d, it is determined whether or not the password data exists in the PC card 1d, and a display prompting the input of the encryption / decryption key data is displayed in the input / output step. An access check step of comparing the input data with the key data generated from the password data stored in the PC card 1d to judge whether the access right is acceptable or not.

8) PC card 1 according to the attachment / detachment detection step
Generated in the access check step when it is determined that d is attached to the computer body, the access right is acquired in the access check step, and the data write request is determined for the PC card 1d in the I / O request determination step. A data encryption step of encrypting the target write data using the generated key data and then storing it in the PC card 1d.

9) PC card 1 according to the attachment / detachment detection step
Generated in the access check step when it is determined that d is attached to the computer body, the access right is acquired in the access check step, and the data read request is determined for the PC card 1d in the I / O request determination step. A data decryption step of decrypting the read data, which is the data in the target PC card 1d, using the obtained key data, and then passing the decrypted data to the request side.

Next, referring to the flowchart of FIG.
The flow of access control processing to the PC card 1d will be specifically described. This access control process, as described above,
It is realized by a PC card driver resident in the main memory of the computer main body. When the computer main body is started up, recognition processing of the PC card 1d is performed, and the I / O request waiting state for the PC card 1d is entered.

When an I / O request command such as a PC card format or data write or data read for the PC card 1d is executed from the input device 1a of the computer main body, the PC card driver causes the code / position data 1b1 and the input / output processing. I / O via part 1b3
Receive O request (step 4a).

Then, the attachment / detachment detection processing unit 1b4 determines whether the PC card 1d is attached to the computer main body (step 4c). As a result, when the PC card 1d is not attached, the error status is set in the status data held by the I / O request command program, and then the I / O command program is returned to (steps 4d and 4e). .

The PC card driver of the present embodiment manages the PC card installation state from the start to the end of the computer main body for each drive to which the PC card is assigned via the main computer. Is held as a detachment flag.

When the PC card 1d is properly attached, the contents of the I / O request received by the I / O request discrimination processing unit 1b5 are analyzed and the data I / O
The processing unit 1b11 performs processing according to the contents of the I / O request (steps 4f to 4i ').

Here, the flow of processing corresponding to main data I / O requests will be described. (PC card format processing) When the I / O request received by the I / O request discrimination processing unit 1b5 is in the format, the PC card driver uses the input / output processing unit 1b3 via the display device 1c of the computer main body.
A selection screen is displayed to prompt the user to select whether to format the PC card with the data encryption and decryption processing function (step 4).
f, 4g).

As a result, when the user selects the format with the data encryption / decryption function, the password data input processing unit 1b6 uses it to generate key data for data encryption / decryption. Display a screen prompting the user to enter password data (step 4
h, 4i).

Then, based on the input password, the encryption / decryption key generation processing unit 1b7 generates encryption / decryption key data to be used in the data encryption and decryption processing, and displays it on the display device 1c. It is displayed and announced to the user (step 4j). Then, the password data input by the user is stored in the attribute memory 1d2 in the PC card 1d via the controller 1d3, and the memory in the PC card 1d is formatted by referring to the block management information data 1b12 and the like (step 4k). . Then, the status value is set in the status data in the format command program, and the process is returned to the command program (step 4l).

When the user selects the format without data encryption and decryption processing in the step of confirming the format with data encryption and decryption (step 4g), the normal format processing is performed and the status value After setting, return the process to the command program.

(Data write processing) When the received I / O request is a data write by the I / O request discrimination processing unit 1b5, this PC card driver causes the removal flag corresponding to the drive in which the PC card 1d is inserted. And the attribute memory 1d2 in the PC card 1d are checked (step 4n). As a result, the PC card 1d formatted for data encryption is
If the access right has not been acquired via the access check processing unit 1b8 (for example, the access check has never been performed, or the card has been inserted or removed after the access check), the access check processing unit 1b8.
Then, the input screen of the data encryption / decryption key data is displayed on the screen via the display device 1c, and the user is prompted to input the data encryption / decryption key data (steps 4o and 4p).

Then, the data encrypted by the user is encrypted /
In order to determine whether the decryption key data is valid, data encryption / decryption key data is generated from the password data stored in the attribute memory 1d2 in the PC card 1d and the comparison is performed. If the comparison result shows that the key data match, the key data is used to encrypt the target write data by the encryption processing unit 1b9, and then the common data is sent via the controller 1d3 and the data in the attribute memory 1d2. It is stored in the memory 1d1 (steps 4t, 4v). Then, after setting the status value, the process is returned to the write command (step 4w).

If the result of comparison of the data encryption / decryption key data does not match, an error message is displayed on the screen of the display device 1c, an error status value is set, and the write command is processed. Return (Step 4q
~ 4s).

If the PC card 1d has not been removed since the access right was obtained by the access check processing unit 1b8, it is considered unnecessary to perform the access check step, and the data is encrypted without the access check. Turn into. If the password data does not exist in the attribute memory of the PC card 1d, the data write is performed as usual without performing the access check and the data encryption step.

(Data read process) The I / O request discrimination processing unit 1b5 performs the process when the received I / O request is a data read process, which is almost the same as the flow of the data write process described above. Instead of the decryption step, the data decryption step is performed there.

That is, the I / O request discrimination processing unit 1
When the received I / O request is a data read by b5, this PC card driver checks the state of the removable flag corresponding to the drive in which the PC card 1d is inserted and the attribute memory 1d2 in the PC card 1d. (Step 4y). As a result, when the PC card 1d formatted for data encryption has not acquired the access right via the access check processing unit 1b8 (for example, the access check has never been performed or the card has not been accessed after the access check). The access check processing unit 1b8 displays an input screen of key data for data encryption and decryption on the screen by the access check processing unit 1b8, and the user performs data encryption / decryption. Prompt for key data (step 4)
z, 4a ').

Then, the data entered by the user is encrypted /
In order to determine whether the decryption key data is valid, data encryption / decryption key data is generated from the password data stored in the attribute memory 1d2 in the PC card 1d and the comparison is performed. If the key data match as a result of the comparison, the key data is used to read and decrypt the target encrypted data, and then the encrypted data is passed to the request source (steps 4e 'and 4g'). Then, after setting the status value, the process is returned to the write command (step 4h ').

If the result of comparison of the data encryption / decryption key data is a mismatch, an error message is displayed on the screen of the display device 1c, an error status value is set, and the read command is processed. Return (Step 4)
b'-4d '). In addition, the access check processing unit 1b8
If the PC card 1d has not been removed since the access right was obtained in step 1, it is considered that the access check step need not be performed, and the data is decrypted without the access check. When the password data does not exist in the attribute memory of the PC card 1d, the data read is performed as usual without performing the access check and the data decryption step.

According to the above procedure, not the key data actually used for encryption and decryption of data but the password data input by the user to generate the key data is stored in the PC card 1d. As a result, the key data does not physically exist inside the card, and even if a third party can obtain the password data by analyzing the data in the PC card, it becomes difficult to decrypt the data. . Therefore, the confidentiality of the data can be maintained.

In consideration of the feature of the PC card 1d that is detachably attached to the computer system for use, when the access check is not performed on the PC card 1d initially set as the encryption card, or when the access is not performed. If the card is removed after the check,
An access right check is performed in response to the data write / read request. In this access right check, the user is prompted to enter the key data instead of the password, and this is compared with the key data generated from the password read from the portable storage medium. When it is determined that the user has the access right, the write data is encrypted, the encrypted data is written / the encrypted data is read, and the encrypted data is decrypted in response to the data write / read request. Therefore, even if the PC card 1d is attached or detached, the access right can be correctly determined.

As described above, by performing the data I / O control through the data encryption and decryption processing, the personal computer can be carried and can be detachably attached to the computer system for use. It is possible to realize access control suitable for maintaining security of a portable storage medium such as the PC card 14.

In FIG. 4, it is determined whether or not an access check is performed each time data is written / read. In the card recognition process executed when the encrypted PC card 1d is newly installed. If the access check is performed, the access check may be omitted thereafter until the card is attached / detached.

The card recognition processing and I / O processing procedures in this case are shown in FIGS. 5 and 6, respectively. PC card 1d
The PC card dry performs the card recognition process according to the procedure of FIG. 5 every time is attached to the computer main body. That is, it is checked whether or not the password is stored in the mounted PC card 1d and whether or not it is an encryption card (step S11). If it is not an encryption card,
It is recognized as a normal non-encrypted card (step S14).

In the case of the encryption card in which the password is stored, the PC card dry prompts the user to input the data encryption / decryption key data. Then, in order to determine whether the data encryption / decryption key data input by the user is valid, the data encryption / decryption key data is read from the password data stored in the attribute memory 1d2 in the PC card 1d. Is generated and compared (step S12). As a result of the comparison, if they match, the valid card is recognized as a valid encrypted card (steps S13 and S15), and if they do not match, an error is notified (step S16).

When the card subjected to such recognition processing is used without being attached or detached, the processing of FIG. 6 is performed in response to the data write request and the data request.

That is, the I / O request discrimination processing unit 1
When the received I / O request is a data write according to b5 (step S21), the PC card driver checks whether the write target card is recognized as an encrypted card (step S22). If it is recognized as an encrypted card, the write data is encrypted using the key data already generated in the formatting process and then written in the card (steps S23 and S24). If the card is not an encryption card, data is immediately written without encryption (step S24).

Similarly, when the received I / O request is a data read (step S25), this PC card driver checks whether or not the read target card is recognized as an encrypted card ( Step S2
6). When it is recognized as an encrypted card, the stored data is decrypted and read out by using the key data already generated in the formatting process (steps S27 and S28). If the card is not an encryption card, the data is immediately read out without decryption (step S
28).

It should be noted that the present invention is not limited to the above-described embodiment, and the user is required to select the setting of the PC card format with the data encryption and decryption functions, and the password or the encryption / decryption key data. As an announcement means for prompting an input, a voice announcement by an audio output device may be used. Further, as the data encryption and decryption processing, the method is not specifically described in the present embodiment, but the method may be a secret key encryption method or a public key encryption method.
Further, when checking the access right, the number of retries until the key data match may be set a plurality of times. Further, in the present embodiment, it is described that the password data stored in the PC card is stored in the attribute memory in the PC card, but it may be stored in the common memory.

[0057]

As described above, according to the present invention,
Data can be concealed in units of portable storage media such as PC cards. Furthermore, in the concealment,
The storage medium does not store the key data that is actually used for data encryption and decryption, but only the password data that is the source for generating the key data. By doing so, the confidentiality cannot be released only by analyzing the storage medium by a third party. Therefore, it is possible to realize access control suitable for maintaining security of a portable storage medium, which is characterized in that it is carried in an individual unit and is detachably attached to a computer system for use.

[Brief description of drawings]

FIG. 1 is a block diagram showing the configuration of a computer system to which an access control method according to an embodiment of the present invention is applied.

FIG. 2 is a PC used in the computer system of the embodiment.
The figure for demonstrating the data management structure of a card.

FIG. 3 is a PC used in the computer system of the embodiment.
The figure for demonstrating the data structure of the attribute memory of a card.

FIG. 4 is an exemplary flowchart illustrating a flow of access control processing in the computer system of the same embodiment.

FIG. 5 is an exemplary flowchart illustrating the flow of card recognition processing in the computer system of the same embodiment.

FIG. 6 shows I when the card recognition process of FIG. 5 is performed.
6 is a flowchart illustrating the flow of the / O processing.

[Explanation of symbols]

1b ... Processing control device, 1d ... PC card, 1b4 ... Attachment detection processing section, 1b5 ... I / O request discrimination processing section, 1
b6 ... Password data input section, 1b7 ... Encryption / decryption key generation processing section, 1b8 ... Access check processing section, 1b9 ... Data encryption processing section, 1b10 ... Data decryption processing section, 1b11 ... Data I / O processing Department.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Internal reference number FI Technical display location H04L 9/08 H04L 9/00 601Z 9/32 673A

Claims (3)

[Claims] 1. An access control method used in a computer system in which a portable storage medium is detachably mounted, wherein the data stored in the portable storage medium is encrypted / decrypted based on a password input by a user. Key data for generating and presenting it to the user, and storing the input password in the portable storage medium to initialize the portable storage medium, and the initialized portable storage medium. An encryption / decryption key from an input password read from the portable storage medium when the medium is attached to the computer system or when a data write / read request is issued to the attached portable storage medium. Data is generated, and the generated encryption / decryption key data and the encryption / decryption input by the user The presence or absence of the access right to the portable storage medium is determined based on the comparison result with the key data, and when the access right is determined, the write data is encrypted in response to the data write / read request to the portable storage medium. Encryption and writing of encrypted data /
An access control method comprising reading encrypted data and decrypting the encrypted data. 2. The access control method according to claim 1, wherein attachment / detachment of the portable storage medium is detected, and the access right / absence determination process is performed every time the portable storage medium is attached. 3. An access control method used in a computer system in which a PC card is detachably mounted, and a key for encrypting / decrypting data stored in the PC card based on a password input by a user. By generating the data and presenting it to the user and storing the input password in the PC card,
The PC card is initialized as an encryption card, and when the initialized PC card is installed in the computer system or when a data write / read request is issued to the installed PC card, the PC The encryption / decryption key data is generated from the input password read from the card, and based on the comparison result of the generated encryption / decryption key data and the encryption / decryption key data input by the user. The above P
The presence or absence of the access right to the C card is determined, and when it is determined to have the access right, the write data is encrypted and the encrypted data is written / the encrypted data is read according to the data write / read request to the PC card. And an access control method characterized by performing the decryption.