Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
2000-07-20
2002-09-24
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S182000, C713S184000, C380S277000, C380S284000
Reexamination Certificate
active
06457126
ABSTRACT:
TECHNICAL FIELD
This invention relates to a storage device employed as an external storage device and the like of computers, etc., and more particularly to a storage device which stores data in an encrypted form.
BACKGROUND ART
As the computer technology is advancing, the necessity to protect any top secret information increases. Thus, the importance of the encryption technique, for encrypting and storing data and transmitting the data, has been enhanced. For example, in this encryption technique, an encrypting key is stored in a storage device, data is encrypted using this stored encrypting key and stored in a memory, and the data read out from the memory is decrypted using this encrypting key.
In a case where such an encrypting key is common to all storage devices, if an encrypting key corresponding to one single storage device is leaked out, any other encrypting keys corresponding to other mass-produced storage devices are to be leaked out as well. This may lead to the possibility of deciphering the stored data.
Different encrypting keys may possibly be set to the respective storage devices, however, this increases the number of manufacturing processes and the manufacturing cost of the storage devices.
The technique, for encrypting the whole data on the computer so as to store the data in a memory card and decrypting the data read out from the memory card on the computer, is also known. According to this method, if communications between the computer and the storage device is monitored, its encrypting key may be lead out.
This invention has been made in consideration of the above facts. It is accordingly an object of this invention to provided a storage device which has a function for encrypting and decrypting data and wherein top secret information, such as an encrypting key or the like, is unlikely to be leaked out.
Another object thereof is to provide a storage device whose encrypting key can not be leaked out, even if another encrypting key corresponding to another storage device is leaked out.
DISCLOSURE OF INVENTION
In order to achieve the above-described objects, a storage device for storing data, according to the first aspect of this invention, may comprise:
a rewritable non-volatile memory (
11
) storing data; and
controlling means (
12
) for accessing said non-volatile memory, and said storage device being characterized in that:
a first encrypting key is stored in said non-volatile memory, a second encrypting key is stored in said controlling means and the first encrypting key is encrypted using the second encrypting key; and
said controlling means includes
key decrypting means (
12
) for decrypting the first encrypting key using the second encrypting key,
writing means (
12
) for encrypting data using the first encrypting key decrypted by said key decrypting means, and writing the encrypted data in said non-volatile memory, and
reading means (
12
) for reading out data from said non-volatile memory, and decrypting the read data using the first encrypting key which is decrypted by said key decrypting means.
According to this storage device, the first and second encrypting keys are employed and are separately stored. The first encrypting key is encrypted with the second encrypting key. Thus, as compared to the case where there is only one encrypting key, there is less possibility that such encrypting keys are leaked out. Hence, data is unlikely to be stolen.
Particularly, because the first encrypting key is stored in the rewritable non-volatile memory, the first encrypting key may be prepared uniquely for each device or for every certain number of devices. Therefore, even if the second encrypting key is lead out, it is difficult to decipher the entire data stored in all storage devices.
The non-volatile memory is so prepared as to store data. Thus, even if the first encrypting key stored therein, there is no increase in the cost performance.
The second encrypting key is common to a plurality of storage devices, and the first encrypting key is an encrypting key common to a part of said storage devices each storing the same second encrypting key or individually prepared for each of the storage devices storing the same second encrypting key. According to this structure, different encrypting keys may be prepared respectively for various devices.
The non-volatile memory may include a flash memory (
11
); and
the controlling means may include a mask ROM (Read Only Memory) (
15
) storing the second encrypting key. The mask ROM is suited to be mass-produced, thus data including the second encrypting key can be manufactured at row rates. On the other hand, the flash memory is rewritable, so that different first encrypting keys can be prepared for the respective devices or for every certain number of devices, and can be recorded therein.
A password may be retrieved, and the encrypted first encrypting key may be decrypted only in a case where a proper password is input. In this case, the first encrypting key may be encrypted with the third encrypting key which is generated based on the second encrypting key and a password, and may be stored in said non-volatile memory; and the key decrypting means may include
means for inputting the password,
means for generating a third encrypting key based on the input password, and
means (
16
) for decrypting the encrypted first encrypting key using the second encrypting key and the generated third encrypting key.
The key decrypting means may include a decrypting program and means (
16
) for executing the decrypting program; and
the decrypting program may be stored in said non-volatile memory. According to this structure, the encrypting program in accordance with the password may appropriately be recorded in the non-volatile memory.
The key decrypting means, the writing means and said reading means may stores the decrypted first encrypting key, and include a volatile memory (
13
) which is protected from any external access. The decrypted first encrypting key may be stored in a RAM (Random Access Memory), etc., and used. If the storage contents of the RAM are to be externally read out, data stored in the non-volatile memory is to be deciphered. Thus, it is preferred that the volatile memory be protected from any external access.
The said non-volatile memory may include a flash memory (
11
).
The controlling means may include key generation means (
16
) for generating the first encrypting key, encrypting the generated first encrypting key using the second encrypting key, and storing the encrypted first encrypting key in said non-volatile memory. According to this structure, the storage device itself generates the first encrypting key, and is used in encrypting/decrypting data.
The key generation means may generate the first encrypting key based on an input password. According to this structure, it becomes even harder to specify the first encrypting key.
The second encrypting key may be an encrypting key common to the plurality of storage devices. According to this structure, the controlling means may include a mask ROM storing the encrypting key common to the plurality of devices, thereby to reduce the cost performance.
A storage device according to the second aspect of this invention may comprise:
a rewritable non-volatile memory (
11
) storing a first encrypting key and data; and
controlling means (
12
) for storing a second encrypting key and accessing said non-volatile memory, and said storage device being characterized in that said controlling means includes
writing means (
16
) for encrypting data using the first and second encrypting keys, and writing the data into said non-volatile memory, and
reading means (
16
) for reading data from said non-volatile memory and decrypting the read data using the first and second encrypting keys, and outputting the data.
According to this structure, the data stored in the non-volatile memory is encrypted using a plurality of encrypting keys. Hence, unless both encrypting keys are lead out, the data stored in the non-volatile memory can not be decrypted. Therefore, as compared to the case where a
Asada Kazunori
Era Satoshi
Hiraka Seiji
Nakamura Yasuhiro
Luce Forward Hamilton & Scripps LLP
Peeso Thomas R.
Tokyo Electron Device Limited
LandOfFree
Storage device, an encrypting/decrypting device and method... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Storage device, an encrypting/decrypting device and method..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Storage device, an encrypting/decrypting device and method... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2852346