Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-02-03
2004-08-17
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S182000, C713S183000, C713S184000, C713S152000, C713S152000
Reexamination Certificate
active
06779121
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a storage apparatus, an access control apparatus for a recording medium and an access control method for a recording medium, having a function of preventing a third party from unjustly accessing to the recording medium using a password. More particularly, this invention relates to a technology for improving the security by recording a coded password produced by coding a user password with a one-way function on the recording medium.
BACKGROUND OF THE INVENTION
In recent years, storage apparatuses including various types of recording media are being developed. In particular, with the spread of personal computers, the storage apparatuses generally use removable media, such as magneto-optical disks, floppy disks, and optical disks as the recording media. Although the recording media of this type have the advantage of easy handling because of their small size and light weight, they have also the disadvantages that they can easily be taken away by a third party and the data can easily be stolen or altered. Therefore, passwords or the like have been conventionally used to prevent stealing and alteration of the data.
In a conventional storage apparatus, in order to improve the security by preventing unauthorized access (reading/writing and deletion) by a third party, a password is set in advance in a recording medium and an internal memory of the device. When a user inputs a password (the user may be an authorized person or a third party), it is compared with the already recorded password, and access to the recording medium is permitted only when the two passwords match.
The storage apparatus explained above is described in detail in Japanese Patent Application Laid-Open Nos. SHO 57-150117, SHO 60-189531, SHO 63-175955, and HEI 01-309120. In a storage apparatus of this type, the password recorded in the recording medium and internal memory of the device is an unprocessed data, namely which has not been subjected to any processing, or data which is almost analogous to the unprocessed data.
Such an access control by password checking is useful when, for example, a removable recording medium on which images, music data, application programs, or the like are recorded is to be rent to the user. In other words, in this case, by recording a password on a recording medium, it is possible to permit only a specified user to access to the recording medium.
By the way, it is mentioned in the above that a password written in the recording medium and the internal memory of the device is unprocessed data or almost analogous to the unprocessed data. Even when the password is unprocessed data, it is possible to prevent unauthorized access by general users by performing the above-described password checking or by recording the password in a recording area which can not be read by any known command.
However, in a service center providing a maintenance service (for defects) for the storage apparatus and the recording medium, when a service person inputs a hidden maintenance command categorized as a “service command”, the user password can be read out from the recording medium. Moreover, there is another method of physically obtaining the password with the use of a test and repair tool. Thus, a malicious service person can obtain the user password using the service command and access to the recording medium with the use of this user password. In short, it is actually possible to steal, alter and delete data on the recording medium in the service center, and hence it would be a serious security hole.
Such security problems may be solved by following the procedure shown in FIG.
6
. Specifically, when a recording medium (including a storage apparatus) has some defect, the user U
1
(or the user U
2
) brings the defective recording medium to the service center SV
1
(or the service center SV
2
). In this case, in order to avoid the security hole, the authority in the service center SV
1
or SV
2
only listens to the problems with the recording medium, but does not actually provide a service to the defect.
The recording medium is then sealed for confidential reasons in the service center SV
1
or SV
2
and sent to an expert H. The expert H is a person who is exclusively appointed for providing a service to defects and it is supposed that he does not do anything with the data inside. The expert H analyzes the defect in the recording medium, and then informs the user U
1
(or the user U
2
) of the result of analysis and returns the recording medium to the user U
1
(or the user U
2
).
However, according to the procedure shown in
FIG. 6
, in order to achieve a quick reply/return to the user U
1
(user U
2
), it is necessary to employ many experts H who are hired at high salary. Consequently, there is a problem that the costs of service and maintenance are increased.
Moreover, if many experts H are hired, it would raise a possibility that the information relating to the above-mentioned service command is leaked out to general users. In such a case, because a certain user might know a user password of a recording medium belonging to another person and unjustly access to the recording medium, an authorized user will be anxious. Therefore, the quality of the customer service will be lowered. Meanwhile, a magnetic strip card as another example of the recording medium also assures the security by password checking. In the case of the magnetic strip card, however, the password can be obtained by applying magnetic powder or the like to a recorded area, without using a special device.
SUMMARY OF THE INVENTION
In view of the above-mentioned problems, an object of the present invention is to provide a storage apparatus, an access control apparatus for a recording medium and an access control method for a recording medium, capable of improving the security of the recording medium, reducing the costs of service and maintenance, and improving the customer service.
According to one aspect of this invention, when the user inputs a password, a coding unit codes this password using a one-way function. A password coded in the same manner is already stored in the recording medium and a reading unit reads this password. A checking unit compares the password (coded) input by the user and the password read out from the recording medium. An access control unit permits the access to the recording medium if the two passwords match and prohibits the access when they do not. The password input by an unauthorized person will not match with the password recorded on the recording. Therefore, access to the recording medium by the unauthorized person can be prohibited.
The “one-way function” means a function having such characteristics that a value Y (in this case, the coded password) of the function is relatively easily obtained from an input Y (in this case, the user password), but it is difficult to obtain an input x from the value Y based on the current mathematical knowledge. For instance, it has been known that it is relatively easy to multiply large prime numbers together, but it is difficult to obtain the original two prime numbers by resolving the product into factors. Moreover, for prime numbers p and q, it has been known that it is easy to calculate the power of the prime number p with the prime number q as a devisor, but it is extremely difficult to perform the reverse calculation, for certain values of the prime numbers p and q.
Further, since the one-way function is used in order to code the passwords, the third party (including a service person for maintaining the recording medium, etc.) can not derive the user password from the coded password because of the characteristics of the one-way function. Thus, according to the invention of the above aspect, since in reality the third party can not obtain the user password by using whatever means, it is possible to prevent unauthorized access to the recording medium, thereby achieving a significant improvement in the security.
Moreover, since a highly secure recording medium can be provided for the users, the customer service can
Kobayashi Hiroyuki
Uchida Yoshiaki
Fujitsu Limited
Greer Burns & Crain Ltd.
Peeso Thomas R.
LandOfFree
Storage apparatus access control apparatus for a recording... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Storage apparatus access control apparatus for a recording..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Storage apparatus access control apparatus for a recording... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3314235