Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-07-06
2004-02-03
Jean, Frantz B. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S193000
Reexamination Certificate
active
06687835
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to a command authorization method. More specifically, the present invention relates to a command authorization method for discriminating legitimate from illegitimate incoming commands transmitted from an external device such as a computer.
2. Description of Related Art
As recording media onto which a user can freely write data, magneto-optical disks (MO), digital video disks (DVD), floppy disks (FD), and mini disks (MD) are known. The drive device for driving such recording media is generally connected to a computer via a SCSI interface, and writes data onto and reads data from the recording medium according to commands transmitted from the computer.
Normally, a recording medium is provided with a first level that stores a number peculiar to the medium, a second level that stores designated information, and a third level that stores arbitrary electronic data. The first level is a data reading possible, but overwriting impossible area (i.e., read-only). The second level is a read/overwrite by user impossible area. The third level is an area the user can use freely.
To protect copyrights in the electronic data of computer programs and electronic publications, consideration has been given to encrypting the electronic data with a predetermined encryption key and storing it in the third level. The idea in this case is to store permission information in the second level as the basis of the right of access to the electronic data stored in the third level. Based on the permission information a legitimate user can accordingly decode and use the electronic data. Herein, when distributing recording media in which electronic data has been stored, a key for decoding can be stored in the second level as the permission information. Further, wherein a user later obtains right of access for using the electronic data stored onto the recording medium, the configuration may be such that the permission information in the second level is replaced with predetermined data, and the electronic data is decoded.
Wherein this is made the case, it is necessary for the user to send designated commands from the computer end for reading and for writing predetermined information that is stored in the second level. Since the second level of the recording medium is an area into and from which writing/reading by a user is normally not possible, a given command should be executed discriminating whether it is by a legitimate user. Conventionally, the configuration is to establish user passwords, such that wherein a given command is sent from the computer end, the command is transmitted in assigning a relation to the password.
In the foregoing situation, whether a given command is from a legitimate user is discriminated by a command associated with the password independently authorizing the given command. Nevertheless, if a third party parses the command associated with the password, it becomes possible for the given command to issue, deteriorating the security level. Especially, since it is possible to monitor the data bus between the computer and the drive, conceivably it is relatively easy to obtain the password by parsing commands transmitted from the computer.
SUMMARY OF THE INVENTION
An object of the present invention is to maintain high security by a command authorization method that prevents third-party issued commands from impersonating normal commands from a user.
A command authorization method according to the present invention abstracts authorization information from received commands, compares the authorization information with collating information, and executes commands corresponding to the received commands if the authorization information coincides with the collating information.
The command authorization method can be configured such that the authorization information can be abstracted from an authorization codes stored in the received commands.
The command authorization method can also be configured such that the authorization code is a non-repeating number, and the authorization code is renewed each time the commands are transmitted from the transmitting end.
The command authorization method can also be configured such that the authorization codes are generated from time sequence information or random numbers.
The command authorization method can also be configured such that the authorization codes are generated from a random number series table having a coordinate address, wherein the authorization codes are renewed by renewing the coordinate address each time commands are transmitted from the transmitting end.
The command authorization method can also be configured such that the authorization information is abstracted from a plurality of the authorization codes stored in the received commands.
The command authorization method can also be configured such that arguments in the received commands are encrypted with either the authorization codes or a key generated from the authorization codes.
The command authorization method can also be configured such that the authorization information is generated by abstracting the authorization code stored in the received commands and arraying the authorization codes in time sequence, and executing commands in accordance with the received commands if the authorization information coincides with the collating information.
The command authorization method can also be configured such that the authorization information is generated by abstracting the authorization codes stored in the received commands and arraying the authorization codes in time sequence, and if the authorization information coincides with the collating information, adding/modifying arguments in the received commands and executing commands in accordance with the received commands.
The command authorization method can also be configured such that wherein signals between transmission and reception are set to predetermined state if the authorization codes stored in the received commands are abstracted and execution of commands received in time sequence is terminated while under way.
The command authorization method can also be configured such that the authorization codes stored in the received commands when abstracted are stored in a predetermined memory area.
In accordance with the present invention, configurations such that specific commands execute based upon authorization information contained in ordinary commands are disclosed. The authorization information is made difficult to parse, enabling high security to be maintained.
REFERENCES:
patent: 5796943 (1998-08-01), Fujioka
patent: 6112187 (2000-08-01), Fukawa
patent: 6351813 (2002-02-01), Mooney et al.
patent: 5-257816 (1993-10-01), None
Bruce Schneier, Applied Cryptography second edition, 1996, pp. 15-17, 173-175.
Hasebe Takayuki
Hirano Hideyuki
Kotani Seigo
Fujitsu Limited
Jean Frantz B.
Song Hosuk
Staas & Halsey , LLP
LandOfFree
Command authorization method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Command authorization method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Command authorization method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3345891