This application is based upon and claims the benefit of priority of the prior Japanese Patent Application No. 2008-091901, filed on Mar. 31, 2008, the entire contents of which are incorporated herein by reference.
A certain aspect of the embodiments discussed herein is related to a memory device.
As a memory device for storing information, a type of information storing devices for encrypting information is well-known. For example, in a hard disk drive, information externally transmitted is encrypted with an encryption key and is then stored, and the encryption key is further encrypted by a user password and is stored, thereby reading the information upon inputting a proper password. Data stored into the information storing device can be commonly used by a plurality of users and management of a password suitable to the use of a plurality of users is demanded.
Herein, in a field of a network system, such a technology is well known that a management server of a password is provided for a system sharing information by a group having a plurality of users and a group password is managed (refer to, e.g., Japanese Laid-open Patent Publication No. 2007-49455). Upon changing the user belonging to the group in the system, the management server updates the group password, and the updated group password is distributed to all users in the group.
According to an aspect of an embodiment, a method of controlling a memory device connectable to a host for sending out a command to the memory device, has storing a plurality of first keys which are accessible by a plurality of passwords, respectively, encrypting a second key for encrypting and decrypting data to produce an encrypted second key by using one of the first keys, and storing the encrypted second key, decrypting the encrypted second key by using one of the first keys and encrypting or decrypting data by the second key upon receipt of a command from the host to encrypt or decrypt the data, and receiving, upon receipt of a command for renewing the second key from the host, a renewed second key, encrypting the renewed second key with one of the first keys, and storing the encrypted renewed second key.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed.
Data D91 inputted externally along a broken line from the HDD 9 is encrypted by a data encrypting/decrypting unit 95 in the HDD 9 shown in
The data D91 stored to the HDD 9 can be externally used by the HDD 9 by inputting any of the three passwords P91 to P93.
In the reading processing shown in
Values of the encryption data Dm91 and the data key K91 stored to the magnetic disk 98 in the HDD 9 are fixed without updating. Then, in illegal decryption of the third party, a risk for decrypting the data rises as the time passes. Therefore, the value of the data key K is preferably updated, thereby decrypting again the data on the magnetic disk.
The change of the data key is instructed (in step S96). Then, the HDD 9 decrypts the encryption data key Km 91 by using one of a password inputted in response to the instruction, i.e., the three passwords P91 to P93, the current data key K91 is obtained, and the obtained data key K91 is changed to a data key K91N having another value (in step S97).
The HDD 9 encrypts the changed data key K91N by using the inputted password, and stores the encrypted key to the magnetic disk 98 (in step S98). Further, the encryption data Dm91 stored to the magnetic disk 98 is temporarily read, is then decrypted by the data key K91 before changing, is encrypted by the changed data key K91N, and is stored to the magnetic disk 98 (in step S99). As mentioned above, the change of the data key and re-encryption of the data end.
However, the data key is changed in the processing shown in
In the processing for changing the data key as mentioned with reference to FIG. 3, upon inputting the password P92 of the three passwords P91, P92, and P93, the encryption data key Km92 can be decrypted by using the inputted password P92, and the value of the obtained data key K92 can be changed. Although the data key K92N whose value is changed can be encrypted and stored with the inputted passwords P92, the data key K92N cannot be encrypted with the remaining passwords P91 and P93 that are not inputted. As a consequence, one of a plurality of users having passwords embodies the processing for changing the data key in the HDD 9, new data keys of the remaining users cannot be obtained, and data in the magnetic disk cannot be used.
Unlike the network system, an information storing device that is used as an auxiliary device of the computer has one password that can be simultaneously inputted, and does not keep and manage the password. Therefore, a new data key cannot be re-encrypted with a password other than the inputted passwords P92.
Hereinafter, a description will be given of the information storing device with the basic structure and the applying structure thereof according to an embodiment with reference to the drawings.
An HDD 1 shown in
The HDD 1 comprises: an interface (I/F) for receiving and transmitting data and a command from/to the host computer H 11; a data encrypting/decrypting unit 15 that encrypts and decrypts the data; a magnetic disk 18 to which the data is recorded; an MPU(Micro Processing Unit) 19 as a control unit; and a flash ROM 20.
The I/F 11 receives, from the host computer H, a data writing command, a data reading command, and a key updating command. The MPU 19 controls units in the HDD 1 in response to the command received by the I/F 11 and executes processing.
In the case of the data writing command, data received in response to the command is encrypted by using a key in the data encrypting/decrypting unit 15. The encrypted data is written to the magnetic disk 18. Further, in the case of receiving the data reading command, the data read from the magnetic disk 18 is decrypted by using a key in the data encrypting/decrypting unit 15, and the decrypted data is outputted from the I/F 11 to the host computer H.
The flash ROM 20 stores firmware and a constant as a program executable by the MPU 19. The MPU 19 executes the firmware stored in the flash ROM 20, thereby executing various processing. The flash ROM 20 also stores a variable.
The data encrypting/decrypting unit 15 encrypts and decrypts the data. The data encrypting/decrypting unit 15 uses AES (Advanced Encryption Standard) for encryption and decryption and can alternatively use an algorithm of another common-key system such as triple DES in addition to AES.
A password is transmitted to the HDD 1 from the host computer H. Then, the data writing command and the data reading command are transmitted to the HDD 1 from the host computer H. The MPU 19 generates a common key supplied to the data encrypting/decrypting unit 15 by using the password transmitted from the host computer H. In the HDD 1, data can be commonly used by a plurality of users. Different passwords are allocated to the users. All users to which the passwords are allocated can read and use the data stored to the HDD 1 by another user. The host computer H transmits the password corresponding to the user who uses the host computer H to the HDD 1 together with the data writing command and the data reading command. The MPU in the HDD 1 generates a common shared key supplied to the data encrypting/decrypting unit 15 from all the allocated passwords. Further, the MPU 19 updates the shared key in response to the key updating command, and updates the data stored to the magnetic disk 18 to contents encrypted with the shared key changed. Incidentally, the HDD 1 comprises a drive device that drives the magnetic disk 18 and a RAM that stores operation data of the MPU 19. However, the components and well-known parts and functions will not be specifically described and the drawings thereof will be omitted.
The HDD 1 comprises: a data input/output unit A that receives and transmits the data to an external host computer H of the HDD 1; a password input unit B that receives the password from the host computer H; a data encrypting/decrypting unit 15 that encrypts and decrypts the data; an information storing unit 18A that stores the encrypted data; a first-key encrypting/decrypting unit 191 that encrypts and decrypts a shared key K1 used for encryption/decryption in the data encrypting/decrypting unit 15; a first key storing unit 18B stores an encrypting shared key Km1 encrypted by the first-key encrypting/decrypting unit 191; a second-key encrypting/decrypting unit 192 that encrypts and decrypts an intermediate key X1 used for encrypting and decrypting the shared key K1; a second-key storing unit 18C that stores the encrypted intermediate keys Xm1 to Xm3; and a key updating unit 193 that updates the key. The information storing unit 18A, the first key storing unit 18B, and the second-key storing unit 18C comprise the magnetic disk 18 shown in
The data input/output unit A receives data D from the host computer H in the data writing processing, and supplies the data D to the data encrypting/decrypting unit 15. Further, the data input/output unit A outputs, to the host computer H, the information generated by the data encrypting/decrypting unit 15 in the data reading processing.
The data encrypting/decrypting unit 15 encrypts data D1 received from the host computer H by the data input/output unit A in the data writing processing of the HDD 1, encrypts the data D1 with the shared key K1, and generates encryption data. The encryption data Dm1 encrypted by the data encrypting/decrypting unit 15 is stored to the information storing unit 18A. Further, the data encrypting/decrypting unit 15 receives the shared key K1 in the data reading processing of the HDD 1, decrypts the encryption data Dm1 stored in the information storing unit 18A with the shared key K1, and generates the data D1. The decrypted data D1 is transmitted to the data input/output unit A. As mentioned above, the shared key K1 is used for encryption and decryption in the data encrypting/decrypting unit 15. Herein, the encryption function of the data encrypting/decrypting unit 15 corresponds to an example of the information encrypting unit in the basic structure, and the decrypting function of the data encrypting/decrypting unit 15 corresponds to an example of the information decrypting unit in the basic structure. Further, the shared key K1 corresponds to an example of the first key in the basic structure.
The first key storing unit 18B stores the encrypting a shared key Km1 obtained by encrypting the shared key K1 with the intermediate key X1.
The first-key encrypting/decrypting unit 191 decrypts the encrypting shared key Km1 stored in the first key storing unit 18B with the intermediate key X1, thereby generating the shared key K1. The generated shared key K1 is inputted to the data encrypting/decrypting unit 15. Further, the first-key encrypting/decrypting unit 191 encrypts the shared key upon updating the shared key K1. As an algorithm for encrypting and decrypting the first-key encrypting/decrypting unit 191, e.g., an algorithm of another common-key system such as triple DES can be alternatively used in addition to AES. The intermediate key X1 is used for encrypting and decrypting the shared key K1. Herein, the first-key encrypting/decrypting unit 191 corresponds to an example of the first-key decrypting unit in the basic structure. Further, the intermediate key X1 corresponds to an example of the second key in the basic structure.
The second-key storing unit 18C stores a plurality of encryption intermediate keys Xm (Xm1, Xm2, Xm3) obtained by encrypting the intermediate key X1 with a plurality of passwords P (P1, P2, and P3). The first encryption intermediate key Xm1 is obtained by encrypting the intermediate key X1 with the first password P1, the second encryption intermediate key Xm2 is obtained by encrypting the intermediate key X1 with the second password P2, and the third intermediate key Xm3 is obtained by encrypting the intermediate key X1 with the third password P3.
The password input unit B inputs the passwords P1, P2, and P3 transmitted from the host computer H to the second-key encrypting/decrypting unit 192.
The second-key encrypting/decrypting unit 192 decrypts any of the encryption intermediate keys Xm1 to Xm3 stored in the second-key storing unit 18C encrypted with the inputted password with the password and generates the intermediate key X1. The encryption intermediate keys Xm1, Xm2, and Xm3 are obtained by encrypting the intermediate key X1 with the corresponding one of the passwords P1, P2, and P3, and are decrypted with the corresponding one of the passwords P1, P2, and P3 on the contrary of the decryption so as to obtain the common intermediate key X1. The generated intermediate key X1 is inputted to the first-key encrypting/decrypting unit 191. As an algorithm for encrypting and decrypting the second-key encrypting/decrypting unit 192, e.g., AES is used and an algorithm of another common-key system such as triple DES can be alternatively used in addition to AES. The passwords P1, P2, and P3 are used for encrypting and decrypting the intermediate key X1. Herein, the second-key encrypting/decrypting unit 192 corresponds to an example of the second-key decrypting unit in the basic structure. Further, the passwords P1, P2, and P3 correspond to examples of the third key in the basic structure.
The key updating unit 193 receives the key updating command, and generates a new shared key K2 in place of the shared key K1. The data encrypting/decrypting unit 15 encrypts the data generated with the original shared key K1 with the new shared key K2, and the encryption data Dm1 stored in the information storing unit 18A is rewritten with the new data Dm2. Further, the key updating unit 193 encrypts the new shared key K2 with the intermediate key X1, then generates the encrypting shared key Km2, and rewrites the encrypting shared key Km1 stored in the first key storing unit 18B. More specifically, the key updating unit 193 allows the first-key encrypting/decrypting unit 191 to encrypt the shared key K2.
Next, a description will be given of processing in the HDD 1.
Upon transmitting the data reading command from the host computer H (refer to
When it is determined the password received in the determining processing in step S12 is correct (YES in step S12), the encryption intermediate key Xm stored in the second encrypting/decrypting unit 192 is then decrypted by the second-key encrypting/decrypting unit 192 with the password, thereby generating the intermediate key X1 (in step S13).
Subsequently, the first-key encrypting/decrypting unit 191 decrypts the encrypting shared key Km1 stored in the first key storing unit 18B with the intermediate key X1 generated by the second-key encrypting/decrypting unit 192, thereby generating the shared key K1 (in step S14). Subsequently, the data encrypting/decrypting unit 15 decrypts the encryption data Dm1 stored in the information storing unit 18A with the shared key K1 generated by the first-key encrypting/decrypting unit 191, thereby generating the data D1 (in step S15).
Subsequently, the data input/output unit A outputs the data D1 generated by the data encrypting/decrypting unit 15 to the host computer H (in step S16). Thus, the data D1 is outputted in response to the reading command with the password.
The above description is given of the processing in response to the data reading command. The data writing processing in response to the data writing command is also common to the processing shown in steps S11 to S14 in
The HDD 1 receives the key updating command from the host computer H (in step S21). Then, the key updating unit 193 changes the present shared key K1 to the shared key K2 (in step S22). The key updating unit 193 more specifically generates the shared key K2 having a value different from the current shared key K1. A new value of the shared key K2 can be arbitrarily determined by a random number.
Subsequently, the key updating unit 193 encrypts a new shared key K2 with the intermediate key X1 and stores the encrypted new shared key K2 (in step S23). More specifically, the key updating unit 193 allows the first-key encrypting/decrypting unit 191 to encrypt the new shared key K2 with the intermediate key X1, thereby generating the encrypting shared key Km2 and storing the encrypting shared key Km2 to the first key storing unit 18B.
Subsequently, the key updating unit 193 re-encrypts the data with the changed shared key K2 (in step S24). More specifically, the key updating unit 193 first allows the data encrypting/decrypting unit 15 to decrypt the encryption data Dm11in the information storing unit 18A before changing with the shared key K1, thereby generating the data D1. The key updating unit 193 subsequently allows the data encrypting/decrypting unit 15 to encrypt the generated data D1 with the new shared key K2, thereby generating new encryption data Dm2. The key updating unit 193 further allows the information storing unit 18A to store the new encryption data Dm2. With the processing insteps S22 to S24, the shared key K2 is updated and the information in the information storing unit 18A is re-encrypted with the updated shared key K2.
The execution of the processing for updating the key as shown in
As shown in
Next, a description will be given of an information storing device according to the second embodiment. According to the second embodiment, the same components as described above are designated by the same components, and different points from those according to the first embodiment will be described.
An HDD 2 according to the second embodiment has the same hardware structure as that of the HDD 1 shown in
Upon decrypting the encryption intermediate keys Xm, the second-key encrypting/decrypting unit 292 in the HDD 2 decrypts the encryption intermediate keys Xm stored in the second-key storing unit 18C with the password P, by AES. Further, the product serial No. α stored in the flash ROM 20 is added, thereby setting an intermediate key Y1. The first-key encrypting/decrypting unit 191 in the HDD 2 encrypts/decrypts the shared key with the intermediate key Y1.
Further, when a second-key encrypting/decrypting unit 292 encrypts the intermediate key Y1, the product serial No. α is excluded from the intermediate key Y1 and the encryption is performed with AES.
In the HDD 2 of the second embodiment, the intermediate key Y1 is varied depending on the products. Therefore, if the intermediate key Y1 of the HDD 2 is externally extracted by the third party with some method, the extracted intermediate key us moved, i.e., is stored to another product, the data on the magnetic disk is not normally decrypted. Therefore, the illegal use of the data can be suppressed.
According to the second embodiment, the product serial No. is included in the key necessary for generating the shared key K. Next, a description will be given of an information storing device in which information included in the key can be arbitrarily selected according to the third embodiment. Hereinbelow, according to the third embodiment, the same components as those according to the first and second embodiments are designated by the same reference numerals, and different points will be described.
An HDD 3 according to the third embodiment has the same hardware structure as that of the HDD 1 shown in
The encrypting shared key Km1 stored in the first key storing unit 38B in the HDD 3 is obtained by encrypting the shared key K1 with a combination of the intermediate key X1 and the encrypting variable β. Further, the first-key encrypting/decrypting unit 391 in the HDD 3 decrypts the encrypting shared key Km1 stored in the first key storing unit 38B with a combination of the intermediate key X1 and the encrypting variable β, thereby generating the shared key K1.
The HDD 3 receives the key updating command from the host computer H (in step S31), and the key updating unit 193 changes the current shared key K1 to the shared key K2 (in step S32). Processing in steps S31 and S32 is similar to the processing in steps S21 and S22 shown in
Subsequently, the key updating unit 193 encrypts a new shared key K2 with a key obtained by combining the intermediate key X1 and the encrypting variable 1, and stores the encrypted key (in step S33). The key updating unit 193 allows the first key storing unit 38B to store the shared key Km2 for encryption generated by the encryption.
Thereafter, the key updating unit 193 re-encrypts the data the data with the changed shared key K2 (in step S34). The processing in step S34 is similar to the processing in step S24 in
In the HDD 3 according to the third embodiment, the encrypting shared key Km1 obtained by encrypting the shared key K1 with a combination of the intermediate key X1 and the encrypting variable β is stored to the first key storing unit 38B. Further, the encrypting variable β is stored to a specific address in the variable value storing unit 30, and is changed by the encrypting variable command. Therefore, the third party cannot easily analogy the encrypting variable β. Therefore, the illegal use of the data is suppressed.
Incidentally, according to the embodiments, the third embodiment in which the intermediate key and the encrypting variable β are combined and the second embodiment in which the intermediate key includes the product serial No. α are described as different ones. However, the encrypting variable β and the product serial No. α may be combined, that is, the product serial No. α may be included in the intermediate key and a key obtained by combining the intermediate key and the encrypting variable β may be used as a decryption key.
Further, according to the embodiments, the three passwords P1, P2, and P3 are described as a plurality of third keys in the basic structure. Furthermore, the number of the third keys is not limited to three and may be alternatively two or no-less-than four.
In addition, according to the embodiments, the example of the HDD is described as the information storing device in the basic structure and the applying structure. Alternatively, the information storing device is not limited to the HDD, and may be a device having a magneto-optical disk device or another recording medium.
In addition, according to the embodiments, as the first-key decrypting unit and the second-key decrypting unit in the basic structure, the examples of the operation with the data reading processing and the data writing processing are described. However, in order to prevent the decryption of the first key and the second key every data reading processing and every data writing processing, in the first-key decrypting unit and the second-key decrypting unit, the processing in steps S12 to S14 shown in
As mentioned above, with the basic structure of the information storing device, upon updating the key, the information and the first key stored to the information storing unit are updated without changing a plurality of third keys allowed to users.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiments of the present inventions have been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
Number | Date | Country | Kind |
---|---|---|---|
2008-091901 | Mar 2008 | JP | national |