JPH06195268A - Ic memory card and method/device for protecting data - Google Patents

Abstract

PURPOSE:To protect data written into an IC memory card. CONSTITUTION:At the time of writing data into the IC memory card 11, first key data K1 is loaded on a pattern generator 15 and pattern data P is sequentially generated. A ciphering part 13a executes ciphering calculation by using data D and pattern data P, executes address conversion calculation by using second key data K2 and a data storage destination address A2, and writes ciphered data D' into the position of the IC memory card 11, which an obtained address A2' shows. At the time of reading data from the IC memory card 11, first key data K1 is loaded on the pattern generator 15 and a pattern data string P similar to that at the time of writing data is generated. A decoding part 13b executes address conversion calculation by using the data read address A2 and second key data K2 and executes decoding calculation by using data D' which is read from the position of the IC memory card 11 shown by obtained address A2' and pattern data P.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an IC memory card used as an external storage medium of a computer device and a data protection method and device thereof.

[0002]

2. Description of the Related Art An IC memory card is a business card-sized thin card in which memory is mounted. There are ROM cards, RAM cards for storing data, etc., and advantages such as small size, high speed access and high reliability. have. Such an IC memory card is a PCMCIA (Personal Computer Memory)
Card International Association)
Its mechanical shape, pin arrangement, data read / write timing, etc. are specified. In Japan, the Japan Electronic Industry Development Association JEIDA (Japan Electric Industry Development)
Association) has adopted the standardization proposal of PCMCIA.

A computer device using an IC memory card as an external storage medium is designed according to the PCMCIA specifications, and any computer device can read / write or copy data more freely than any IC memory card. . That is, the data recorded in the IC memory card can be easily browsed by any personal computer having an IC memory card slot. However, it is extremely inconvenient for others to freely read / write or copy the data created by themselves in terms of keeping confidential information of stored information and protecting copyright of software. Therefore, conventionally, the address data of the memory card is converted into another address by the encrypted data held by the system, and the data is stored in the storage area designated by the converted address.
(See, for example, JP-A-2-139648). By doing so, the arrangement of the data in the memory card becomes random, and the data cannot be read in the correct order in other systems, and the data can be kept confidential.

[0004]

However, in the conventional method, since only address data is encrypted (address conversion), there is a possibility that it may be decrypted and the degree of confidentiality is weak. By the way, it does not make sense to copy data from an IC memory card (master card) in which predetermined data is recorded, but it may be desired that any computer device can view the recorded data as long as it is a master card. For example, when renting a master card like video software or CD software, or when recording information on an IC memory card (master card) brought in by a buyer like an information vending machine and selling the information. Etc. However, the conventional method has a problem that such requirements cannot be satisfied.

SUMMARY OF THE INVENTION In view of the above, an object of the present invention is to provide an IC memory card capable of enhancing confidentiality by encrypting data to be written in the IC memory card and converting the address into another address, and a data protection method and apparatus thereof. Is to provide. Another object of the present invention is to make it impossible to reproduce data even if the data is copied from an IC memory card (master card) in which predetermined data is recorded, and it is a copyright-effective IC memory card and a data protection method thereof. It is to provide a device.

[0006]

FIG. 1 is a diagram for explaining the principle of the present invention. Reference numeral 11 is an IC memory card, 12 is a processing unit (CPU) of the computer device, 13a is an encryption unit for performing an encryption operation on the data D to be written in the IC memory card and performing an address conversion operation on the storage destination address A2, and 13b.
Is a plain culture section that performs a plain culture operation on the data D ′ read from the IC memory card, 14 is a main memory (RAM), 1
Reference numeral 5 is a pattern generator which is loaded with the first key data K1 as initial pattern data when writing and reading data to and from the IC memory card and subsequently generates different pattern data P. 16 is obtained by address conversion. The read / write control unit writes the encrypted data in the position of the IC memory card indicated by the given address or reads the encrypted data.

[0007]

When writing data to the IC memory card 11, the preset first key data K1 is loaded into the pattern generator 15 as initial pattern data, and the pattern generator sequentially generates different pattern data P. The encryption unit 13a (FIG. 1 (a)) is an IC
An encryption operation is performed using the data D written in the memory card 11 and the pattern data P output from the pattern generator 15, and the preset second key data K2 and the data storage destination address A2 in the IC memory card 11 are used. Address translation operation using
The read / write controller 16 writes the encrypted data D'to the position of the IC memory card indicated by the address A2 'obtained by the address conversion. When reading data from the IC memory card 11, the first key data K1 is loaded into the pattern generator 15 as initial pattern data, and the pattern generator generates the same pattern data string as when writing data. Flat culture section 13b (Fig. 1
In (b), an address conversion operation is performed using the data read address A2 and the second key data K2, and the read / write control unit 16 is operated to generate encrypted data from the position of the IC memory card 11 indicated by the conversion address A2 '. And the pattern data P output from the pattern generator 15 is used to perform the plain culture operation.
Incidentally, as the encryption and the plain culture operation, an exclusive OR operation, addition and subtraction, etc. can be adopted.

As described above, since the data to be written in the IC memory card is encrypted and the encrypted data is written to the address obtained by the address conversion, the confidentiality can be enhanced. Further, since the data is encrypted by using the pattern data generated from the pattern generator in a pseudo-random manner, the confidentiality can be made stronger. Furthermore, the first key data loaded into the pattern generator is changed, the first key data is loaded into the pattern generator every time the IC memory card is accessed a predetermined number of times, and the shift bit number of the pattern generator is changed. By doing so, encryption can be complicated and confidentiality can be further strengthened. Also, the first and second key data K1, K2
By using the same data as, or by making a part of the first key data K1 the second key data K2, encryption and plain culture can be performed by storing only the first key data K1. .

Further, the first and second key data K1, K2
Is written in advance in the ROM area of the IC memory card, and the first and second key data written in each IC memory card are made different. With this configuration, even if the data recorded in the RAM area of the master card is copied to another IC memory card, the first and second key data stored in the ROM area of the copy card and the encrypted data are encrypted. The original key data cannot be restored from the copy card because the first and second key data at the time of doing so are different. Therefore, there is no point in copying the master card, copy protection is possible, and the copyright is valid. Further, the first and second key data K1 and K2 are written in the memory of the computer device in advance, and are written in the memory of each device.
The second key data is made different. If you do this, even if you copy the master card,
Since the key data K1 and K2 are different in each device, the encrypted data cannot be restored unless the device that created the master card makes copying by another person meaningless. That is, it is possible to prevent copying and is effective in terms of copyright. Further, in this case, even with the master card, data cannot be restored unless the device that created the master card, and confidentiality can be kept extremely strong. Furthermore, the first and second
If the key data K1 and K2 are written in the RAM area of the IC memory card, there is an advantage that the first and second key data can be changed.

[0010]

【Example】

(a) Overall configuration of the first embodiment of the present invention FIG. 2 is a configuration diagram of the first embodiment of the present invention. Reference numeral 11 is an IC memory card as an external storage medium, 12 is a processing unit (CPU) of the computer device, 13 is a program memory (ROM) for storing firmware for various controls, and 13a is data to be written in the IC memory card 11. Encryption firmware (encryption unit) for encrypting the write address and converting the write address to another address, 1
Reference numeral 3b is a flat culture firmware (flat culture section) for flattening the data read from the IC memory card into the original data. Reference numeral 14 denotes a main storage unit (RA
M) and 15 are pattern generators that generate pattern data used for data encryption and plain culture, 16
Is a memory card control unit (read / write control unit) for writing the encrypted data in the position of the IC memory card indicated by the address obtained by the address conversion and for reading the encrypted data from the IC memory card position, 17
Is a display unit such as a CRT or a liquid crystal panel, 18 is a keyboard, 19 is an auxiliary storage device such as a hard disk or a floppy disk, and 20 is a bus.

The pattern generator 15 writes a data into the IC memory card 10 and reads a data from the IC memory card, respectively.
Key data K1 is loaded as initial pattern data, and different pattern data are sequentially generated. The encryption firmware (encryption unit) 13a uses the pattern data output from the pattern generator 15 to encrypt the data to be written in the IC memory card 11, and the flat culture firmware (plain culture unit) 13b uses the pattern data. The encrypted data read from the IC memory card 11 is flattened into the original data.

[0012] IC memory card IC memory card 11, as shown in FIG. 3, ROM
Attribute memory area 11a and RAM as an area
A common memory area 11b is provided as an area. The attribute memory area 11a is an area specified by the PCMCIA, and the type of IC memory card (ROM card or RAM card)
, Capacity, and other data are stored, and it is specified that the manufacturer can freely use the data. The memory space of the attribute memory area 11a and the common memory area 11b is designated by a combination of 1-bit REG and address data. When REG = "1", the attribute memory area is designated, and when REG = "0". The common memory area is designated for the. In a predetermined storage area of the attribute memory area 11a, first key data K1 for encrypting the data to be written in the common memory area 11b and a second key data K2 used for address conversion.
Key data K2 of each is written. The first key data K1 is composed of, for example, 2 bytes, the second key data K2 is composed of 1 byte, and the first key data K
There are 2 ¹⁶ types of data as 1 and 2 ⁸ types of data as the second data K2. The first and second key data K1 and K2 written in each IC memory card are different for each IC memory card.

[0013] Pattern generator pattern generator 15, as shown in FIG. 4, a shift register SFTRG of 16 bits, two exclusive OR gates (EXOR gates) EXOR1, EXOR
Have two. In the shift register SFTRG,
In principle, the output of the previous stage is connected to the input of the next stage, and the output of the final stage is connected to the input terminal of the first stage. Further, the output of the fifth stage S5 of the shift register SFTRG and the final stage S16
Is output to the exclusive logic gate EXOR1 and its output is connected to the input terminal of the sixth stage S6. Furthermore,
The output of the twelfth stage S12 and the output of the final stage S16 are input to the exclusive logic gate EXOR2, and the output thereof is the thirteenth stage S
It is connected to 13 input terminals. IC memory card 1
When writing data to 1 and reading data from the IC memory card, each byte of the shift register SFTRG has 2 bytes (16 bits) of the first key data K.
1 is initialized, and thereafter, the stored contents are shifted each time a shift command SFT is generated, and 1-byte pattern data P (p _{1 to} p ₈ ) is output from the first stage S1 to the eighth stage S8. Has become. That is, the pattern generator 15
Is designed to sequentially generate different pattern data P at a shift command generation cycle T according to a polynomial (1 + x ⁵ + x ¹² + x ¹⁶ ) and output the same pattern data string for each N · T. It is also possible to configure to shift by 2 bits or more by a shift command. The encryption process and the plain culture process will be described below.

Encryption Process FIG. 5 is a flow chart of the encryption process by the encryption firmware 13a. It is assumed that the file stored in the main storage unit 14 is written to the IC memory card 11 in 1-byte units. When a command to write a predetermined file stored in the main storage device 14 to the IC memory card 11 is generated, the CPU 12 follows the encrypted firmware 13a and starts the reading start position A of the data forming the file.
1, the data amount L, and the head write address A2 of the IC memory card 11 are determined (step 101). Then,
Attribute memory area 11 of IC memory card 11
The first and second key data K1 and K2 are read from a (step 102), and the first key data K1 is loaded into the pattern generator 15 (step 10).
3). Then, the 1-byte pattern data P is read and held by the pattern generator 15 (step 104), and the 1-byte data D is read from the address A1 of the main memory 14 (step 105).

Next, the CPU 12 performs an exclusive OR operation between the corresponding bits of the data D and the pattern data P for encryption (step 106), and at the same time, the lower 1 byte of the write address A2 and the second key. An address is converted by executing an exclusive OR operation between corresponding bits of the data K2 (step 107). When the encrypted data D'and the converted address A2 'are obtained, the encrypted data D'is written in the storage area of the IC memory card 11 designated by the address A2' (step 108). When the writing is completed, the CPU 12 reads the read address A1 and the write address A2.
Are incremented together (step 109), a shift command is output to the pattern generator 15, and the contents of the shift register SFTRG (see FIG. 4) are shifted to the right by one bit (step 110). Thereafter, the write data number TLCNT (initial value is 0) is incremented, and it is checked whether the write data number is equal to the data amount L (step 111). If TLCNT = L, the file writing process is ended. However, if TLCNT <L, the process returns to step 104, the same processing is repeated for the next data, and finally all the data is encrypted and written to the address converted address.

[0016] plaintext processing 6 is a flow diagram of the decryption process by the decryption firmware 13b, a case of reading the file stored in the IC memory card 11 to main memory 14. I
When a command to read a predetermined file stored in the C memory card 11 to the main storage device 14 is issued, the CPU
12 determines the read start position A2 of the file, the data amount L, and the head write address A1 in the main storage device according to the plaintext firmware 13b (step 201). Next, the first and second key data K is read from the attribute memory area 11a of the IC memory card 11.
While reading 1 and K2 (step 202), the first key data K1 is loaded into the pattern generator 15 (step 203).

The CPU 12 then reads the read address A2.
Of the lower one byte of the second key data K2 and the corresponding bit of the second key data K2 are executed to perform address conversion (step 204), and the IC memory indicated by the address A2 'obtained by the address conversion. The data D'is read from the storage area of the card 11 (step 205). The data D'is encrypted when written. Thereafter, the CPU 12 reads the 1-byte pattern data P from the pattern generator 15 (step 206),
The exclusive OR operation between the corresponding bits of the data D'and the pattern data P is executed to perform plain culture (step 20).
7).

When the original data D is obtained by the plain culture, the data is stored in the address A1 of the main memory 14 (step 208), and then the read address A2 of the IC memory card and the write address A1 of the main memory. Are both incremented (step 209), a shift command is output to the pattern generator 15, and the shift register SF
Shift the contents of TRG to the right by one bit (step 2
10). After that, the read data number TLCNT (initial value is 0) is incremented, and the read data number becomes the data amount L.
Is checked (step 211), and TLCN
If T = L, the file reading process is terminated. However, if TLCNT <L, the process returns to step 204, the same processing is repeated for the next data, and finally the file is read into the main storage device while flattening all the data.
Although the second key data K2 is 1 byte, it may be 2 bytes.

As described above, since the data to be written in the IC memory card is encrypted and the encrypted data is written to the address obtained by the address conversion, the confidentiality can be strengthened. Also, the first and second key data K
Since 1 and K2 are written in the ROM area of the IC memory card in advance and the first and second key data written in each IC memory card are made different, the data recorded in the RAM area of the master card is Even if you copy to another IC memory card, the RO of the copy card
Since the first and second key data stored in the M area are different from the first and second key data when encrypted, the original data cannot be restored from the copy card. Therefore, there is no point in copying the master card, and copying can be prevented. From the viewpoint of copy protection, the first and second key data K1 are stored in the ROM area of the IC memory card.
It is not necessary to store both K2 and only one may be stored.

(B) Modified Example The pattern generator 15 (FIG. 4) has a shift command SFT.
Whenever, occurs, the contents of the shift register 15a are shifted to the right one bit at a time to generate different pattern data sequentially. When the shift is repeated N times, the initial state is restored, and the same operation is repeated thereafter. By the way, there are cases where it is desired to confirm the Mth data from the beginning of a certain file. In such a case, it is necessary to read the encrypted data D'from the IC memory card 11 for plain writing. The pattern data P required for plain culture is obtained by loading the first key data K1 into the pattern generator 15 and shifting it M times.
Is large, it takes a considerable time until the desired pattern data is obtained. Especially, since the number of bits of the shift register is 16, M may be a very large number.
It takes too long to check the data.

Therefore, when data is encrypted and written in the IC memory card 11, the first key data K1 is loaded into the pattern generator 15 every time a predetermined number m of data is written. In this way, the pattern data P output from the pattern generator 15 repeats the same pattern data string in m cycles. Therefore,
The pattern data P required for plain culture can be obtained by loading the first key data K1 into the pattern generator 15 and then shifting up to m times, and the data can be confirmed in a short time.

FIG. 7 is a diagram for explaining the pattern data repeatedly. (A) shows the case where the first key data K1 is set only at the start of writing, and (b) shows the first data every m (= 512) data writing. When key data K1 of is set, (c) is m
First key data K every time (= 512) data is written.
This is the case where 1 '(≠ K1) is set. In the case of FIG. 7A, the same pattern data string is repeated in N cycles,
In the case of FIGS. 7B and 7C, the same pattern data string is repeated in m (= 512) cycles. Further, as is clear from FIGS. 7 (b) and 7 (c), the pattern data strings generated by making the first key data K1, K1 'different can be made different. Therefore, by changing K1 and m, a variety of pattern data can be output, and the data can be confirmed in a short time.

Encryption Process FIG. 8 is a flow chart of the encryption process in the modified example. The same parts as those in the flow chart of FIG. 5 are designated by the same step numbers. When a command to write a predetermined file stored in the main storage device 14 to the IC memory card 11 is generated, the CPU 12 follows the encrypted firmware 13a and starts the reading start position A of the data forming the file.
1, the data amount L, and the head write address A2 of the IC memory card 11 are determined (step 101). Then,
Attribute memory area 11 of IC memory card 11
The first and second key data K1 and K2 are read from a (step 102), and the first key data K1 is loaded into the pattern generator 15 (step 10).
3).

After that, the CPU 12 determines the number of write data.
COUNT is cleared to zero (step 103A), 1-byte pattern data P is read from the pattern generator 15 and held (step 104), and 1-byte data D is read from the address A1 of the main memory 14 (step 105). ). Next, the CPU 12 performs an exclusive OR operation between the corresponding bits of the data D and the pattern data P for encryption (step 106), and at the same time, between the corresponding address of the write address A2 and the second key data K2. An exclusive OR operation is executed to convert the address A2 into A2 '(step 107). When the encrypted data D'and the conversion address A2 'are obtained, the IC memory card 11 which indicates the encrypted data D'by the address A2'
(Step 108).

When the writing is completed, the CPU 12 increments both the read address A1 and the write address A2 (step 109). Then, COUNT is incremented (step 109A), and it is checked whether COUNT = 512 (step 109B). If COUNT <512, a shift command is output to the pattern generator 15,
The contents of the shift register SFTRG are shifted right by 1 bit (step 110). Then, the total write data number TLCNT (initial value is 0) is incremented, and it is checked whether the write data number is equal to the data amount L (step 111). If TLCNT = L, the file writing process is ended. However, if TLCNT <L, the process returns to step 104 and the same process is repeated for the next data. On the other hand, in step 109B, COUN
If T = 512, the pattern generator 15
Key data K1 of
2), COUNT is cleared to 0 (step 113), the total write data number TLCNT is incremented, and the process of step 111 is executed.

Plain Culture Processing FIG. 9 is a flow chart of the plain culture processing in the modified example, and the same parts as those in the flow chart of FIG. 6 are given the same step numbers. When a command to read a predetermined file stored in the IC memory card 11 to the main storage device 14 is issued, the CPU 12 follows the flat culture firmware 13b to read the read start position A2 of the file, the data amount L,
The head write address A1 in the main memory is determined (step 201). Next, IC memory card 11
The first and second key data K1 and K2 are read from the attribute memory area 11a of
2), using the first key data K1 as the pattern generator 1
5 (step 203), read data number CO
UNT is cleared to zero (step 203A).

Then, the CPU 12 reads the read address A.
2 and the corresponding bit of the second key data K2 are subjected to an exclusive OR operation to convert the address A2 into A2 '(step 204), and the storage of the IC memory card 11 designated by the converted address A2'. The encrypted data D'is read from the area (step 205). Next, the CPU 12 reads the 1-byte pattern data P from the pattern generator 15 (step 206), executes an exclusive OR operation between the corresponding bits of the data D'and the pattern data P, and performs plain culture (step 207). .

When the original data D is obtained by the plain culture, the data is stored in the address A1 of the main memory 14 (step 208), and the read address A2 of the IC memory card and the write address A1 of the main memory are both stored. Increment (step 209). Then, COUNT is incremented (step 209A), and it is checked whether COUNT = 512 (step 209B). If COUNT <512, a shift command is output to the pattern generator 15,
The contents of the shift register SFTRG are shifted right by 1 bit (step 210). Thereafter, the total read data number TLCNT (initial value is 0) is incremented, and it is checked whether the read data number is equal to the data amount L (step 211). If TLCNT = L, the file read processing is ended. However, if TLCNT <L, the process returns to step 204 and the same process is repeated for the next data. On the other hand, in step 209B, COUN
If T = 512, the pattern generator 15
Key data K1 of (step 21
2), COUNT is cleared to 0 (step 213), the total read data number TLCNT is incremented, and the process of step 111 is executed.

(C) Overall configuration of the second embodiment of the present invention FIG. 10 is a configuration diagram of the second embodiment of the present invention.
The same parts as those in the above embodiment are designated by the same reference numerals. The difference from the first embodiment is that an encryption unit 21 and a plaintext unit 22 each equipped with a pattern generator are provided.
That is, the encryption calculation is performed by the above, and the decryption calculation is performed by the plain culture unit 22. In FIG. 10, reference numeral 11 denotes an IC memory card as an external storage medium, which has the configuration shown in FIG. 3, and the attribute memory area 11a includes first and second IC memory cards.
Key data K1 and K2 are written. Reference numeral 12 is a processing unit (CPU) of the computer apparatus, and 13 is a program memory (RO for storing firmware for various controls).
M), 13a 'is encrypted firmware for performing encryption processing, 13b' is plain culture firmware for performing plain culture processing, 14 is a main storage unit (RAM) for storing data,
Reference numeral 21 is an encryption unit for encrypting data, and 22 is a plain culture unit for restoring the encrypted data read from the IC memory card 11 to the original data. The encryption unit 21 encrypts the data to be written in the IC memory card 11 using the pattern data output from the built-in pattern generator,
The plain culture unit 22 similarly restores the data read from the IC memory card based on the pattern data output from the built-in pattern generator. Reference numeral 16 is a memory card control unit (read / write control unit) that writes encrypted data to the position of the IC memory card indicated by the encrypted address and reads the encrypted data, and 17 is a CRT, liquid crystal panel, or the like. Is a display unit, 18 is a keyboard, 19 is an auxiliary storage device such as a hard disk or a floppy disk, and 20 is a bus.

The encryption unit encrypting unit 21, as shown in FIG. 11, a pattern generator 31 for outputting a pattern data P to be used during encryption, the bit corresponding EXOR circuit for encrypting data D by performing an exclusive OR operation 32 and a bit-corresponding EXOR circuit 33 for converting the address data A2 into another address A2 'by an exclusive OR operation.
The pattern generator 31 has the same structure as the pattern generator 15 shown in FIG. The bit-corresponding EXOR circuit 32 performs a bit-corresponding exclusive OR operation between the 1-byte pattern data P output from the pattern generator 31 and the 1-byte write data D, and outputs the encrypted data D ′. The bit-corresponding EXOR circuit 33 performs a bit-corresponding exclusive OR operation between the 1-byte second key data K2 and the lower 1 byte of the data storage destination address A2 to convert the address A2 into another address A2 '.

[0031] As decrypting unit decrypting unit 22 shown in FIG. 12, a pattern generator 41 for outputting a pattern data P to be used during decryption, bit decrypt the encrypted data D 'by the exclusive OR operation A corresponding EXOR circuit 42 and a bit corresponding EXOR circuit 43 for converting the address data A2 into A2 'by an exclusive OR operation are provided. The pattern generator 41 has the same structure as the pattern generator 15 shown in FIG. Bit-compatible EX
The OR circuit 42 performs an exclusive OR operation on bits corresponding to the 1-byte pattern data P output from the pattern generator 41 and the 1-byte encrypted data D ′ to restore the original data D and output it. The bit-corresponding EXOR circuit 43 performs a bit-corresponding exclusive OR operation between the 1-byte second key data K2 and the lower 1-byte of the data storage destination address A2 to convert the address A2 to another address A2 '.

The predetermined file stored in the encryption processing main memory 14 is stored in the IC.
When a command to write to the memory card 11 occurs, C
The PU 12 reads out the position A1 of the data forming the file according to the encrypted firmware 13a ', the data amount L, the head write address A of the IC memory card 11.
Determine 2. Then, the first and second key data K1 and K2 are read from the attribute memory area 11a of the IC memory card 11 and loaded into the pattern generator 31 of the encryption unit 21. Thereafter, the 1-byte data D is read from the address A1 in the main memory 14, and the data D and the write address A2 are input to the encryption unit 21. The bit correspondence EXOR circuit 32 of the encryption unit 21 performs an exclusive OR operation between the corresponding bits of the data D and the pattern data P output from the pattern generator 31 to encrypt the data D into D ′, or Bit-compatible EX
The OR circuit 33 executes an exclusive OR operation between the lower 8 bits of the write address A2 and the corresponding bit of the second key data K2 to convert the address A2 into A2 '.

When the CPU 12 finds the encrypted data D'and the encrypted address A2 ', it controls the memory card controller 16 to indicate the encrypted data D'at the address A2'.
Write to the storage area of the C memory card 11. And CP
When the writing is completed, U12 increments both the read address A1 and the write address A2, outputs a shift command to the encryption unit 21, and outputs the pattern generator 31.
The contents of the shift register SFTRG in is shifted right by one bit. Thereafter, similarly, the file is encrypted and written in a random address position.

When a command for reading a predetermined file stored in the flat culture processing IC memory card 11 to the main memory 14 is issued, the CP
The U12 determines the read start position A2 of the file, the data amount L, and the head write address A1 in the main storage device according to the plain culture firmware 13b '. Then, the first and second key data K1 and K2 are read from the attribute memory area 11a of the IC memory card 11 and loaded into the pattern generator 41 of the plain culture unit 22. The bit-corresponding EXOR circuit 43 of the plaintext section 22 executes an exclusive OR operation between the lower 8 bits of the write address A2 and the corresponding bit of the second key data K2 to convert the address A2 into A2 '. Translated address A2 '
Then, the CPU 12 controls the memory card controller 16 to control the IC memory card 11 designated by the address A2 '.
The data D ′ is read from the storage area of and is input to the flat culture section 22.

EXOR circuit 4 for bit of the flat culture section 22
2 performs an exclusive OR operation between corresponding bits of the encrypted data D ′ and the pattern data P output from the pattern generator 41 to restore the original data D. CP
U12 stores the data D in the address A1 of the main memory unit 14, and then reads the read address A2 of the IC memory card.
And the write address A1 of the main storage device are both incremented, a shift command is output to the pattern generator 41 of the plain culture unit 22, and the contents of the shift register SFTRG are shifted right by 1 bit. After that, the file is read into the main storage device in the same manner as above.

(D) Third Embodiment of the Invention In the first and second embodiments, the first and second key data K1,
This is the case where K2 is stored in the attribute memory area 11a of the IC memory card 11, but these data can also be stored in the memory of the computer device. Figure 1
3 is a configuration diagram of a third embodiment of the present invention in such a case,
The same parts as those in the first embodiment shown in FIG. 2 are designated by the same reference numerals. The difference from the first embodiment is that the ROM 13 stores the first and second key data K1 and K2. This third
In the embodiment, the first and second key data K1, K2
If different for each computer device, the data is encrypted by a predetermined computer device and the IC memory card 1
When the data is stored in 1, the data written in the IC memory card cannot be restored by another computer device, and the confidentiality can be strengthened.

(E) Fourth Embodiment In the above embodiments, the first and second key data are stored in the ROM area of the IC memory card or the memory of the computer device. It can also be stored in an area (common memory area). Figure 1
4 is a common memory area 11b in the IC memory card
14A is an example in which the first and second key data K1 and K2 are stored at a predetermined address of FIG. 14A. In the case of an IC memory card having an attribute memory area 11a, FIG.
(b) is an IC that does not have the attribute memory area 11b
This is the case for memory cards. The fourth embodiment in which the first and second key data are stored in the common area of the IC memory card 11 has an advantage that the key data can be easily changed.

In the above, the storage locations of the first and second key data are the same, but the first and second key data K1 and K2 are used.
Storage location (ROM, RAM area of IC memory card,
Even if the ROM etc. of the device are changed, the same effect as the embodiment can be obtained. Further, in the above, the first and second key data K
Although 1 and K2 are different, the same data can be used, or a part of the first key data K1 can be used as the second key data K2.
Encryption and plain culture are possible only by storing the key data of. Furthermore, although the encryption operation and the plain culture operation have been described as being the exclusive OR operation (EXOR operation), the encryption operation and the plain culture operation can be encrypted and the plain culture even if they are EXNOR operations. Also, encryption and plain culture can be performed even if the encryption operation is addition or subtraction corresponding to bits and the plain culture operation is subtraction or addition corresponding to bits. Although the present invention has been described above with reference to the embodiments, the present invention can be variously modified in accordance with the gist of the present invention described in the claims,
The present invention does not exclude these.

[0039]

As described above, according to the present invention, since both the data to be written in the IC memory card and the address data are encrypted, the confidentiality can be made strong, and the pattern data generated from the pattern generator in a pseudo-random manner can be used. Since the data is encrypted, the confidentiality can be made stronger.
Further, according to the present invention, the pattern data generation is varied by loading the first key data into the pattern generator and changing the shift bit number of the pattern generator each time the IC memory card is accessed a predetermined number of times. The data stored in the IC memory card can be strongly protected. Further, according to the present invention, the same data is used as the first and second key data K1 and K2, or a part of the first key data is used as the second key data, thereby Encryption and plain culture can be done by only storing key data of.

Further, according to the present invention, the first and second key data K1 and K2 are written in the ROM area of the IC memory card in advance, and the first and second key data to be written in each IC memory card. Since the data is recorded in the RAM area of the master card differently, the original data cannot be flattened even if the data recorded in the RAM area of the master card is copied to another IC memory card. Therefore, it makes no sense to copy the master card, and copy protection is possible.
It is valid for copyright. Furthermore, according to the present invention, the first and second key data K1 and K2 are written in advance in the memory of the computer device so that the first and second key data written in the memory of each device are different. Therefore, the IC memory card in which the data is written by the predetermined computer device can not improve the confidentiality of the data by the other computer device, and the confidentiality can be remarkably improved, and the copying by another person can be meaningless. That is, it is possible to prevent copying and is effective in copyright protection. Further, according to the present invention, since the first and second key data are stored in the RAM area of the IC memory card, the key data can be changed.

[Brief description of drawings]

FIG. 1 is a diagram illustrating the principle of the present invention.

FIG. 2 is a configuration diagram of a first embodiment of the present invention.

FIG. 3 is an explanatory diagram of a memory space of an IC memory card.

FIG. 4 is a configuration diagram of a pattern generator.

FIG. 5 is a flow chart of encryption.

FIG. 6 is a flow diagram of a flat culture.

FIG. 7 is an explanatory diagram of repeated pattern data.

FIG. 8 is a flowchart of encryption in a modified example.

FIG. 9 is a flowchart of a flat culture in a modified example.

FIG. 10 is a configuration diagram of a second embodiment of the present invention.

FIG. 11 is a configuration diagram of an encryption unit.

FIG. 12 is a block diagram of a flat culture department.

FIG. 13 is a configuration diagram of a third embodiment of the present invention.

FIG. 14 is an explanatory diagram of a fourth embodiment for storing key data in the common area of the IC memory card.

[Explanation of symbols]

 10 ... IC memory card 12 ... Computer system processing unit (CPU) 13a ... Encryption unit 13b ... Plain culture unit 14 ... Main memory unit (RAM) 15 ... Pattern generator 16 ... Read / write control Department

 ─────────────────────────────────────────────────── ─── Continuation of front page (72) Inventor Yoshimasa Kadooka 1015 Kamiodanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Fujitsu Limited

Claims (14)

[Claims] 1. A data protection device for an IC memory card, which protects data recorded in an IC memory card used as an external storage medium of a computer device, comprising: writing data to an IC memory card; At the time of reading, the preset first key data K1 is loaded as the initial pattern data, and thereafter, the pattern generator that sequentially generates different pattern data and the data to be written to the IC memory card when writing the data to the IC memory card And an encryption operation is performed using the pattern data output from the pattern generator, and second preset key data K2 and I
Encryption operation means for performing an address conversion operation using the data storage destination address in the C memory card, and writing the encrypted data in the position of the IC memory card indicated by the address obtained by the address conversion, and instructed Read / write control means for reading data from the IC memory card position, and when data is read from the IC memory card, an address conversion operation is performed using the second key data K2 and the data read address, and the address conversion operation is performed. Data of an IC memory card, comprising: data read from the position of the IC memory card indicated by the given address; and flat culture means for performing a flat culture operation using the pattern data output from the pattern generator. Protective device. 2. The first and second key data K1 and K2
2. The data protection device for an IC memory card according to claim 1, wherein the same data is used as, or a part of common data is used. 3. The first and second key data K1 and K2
3. The data of the IC memory card according to claim 1 or 2, characterized in that the first key data and the second key data are made different for each IC memory card while the data is written in the ROM area of the IC memory card in advance. Protective device. 4. The first and second key data K1 and K2
3. The data protection device for an IC memory card according to claim 1 or 2, characterized in that the first key data and the second key data are made different for each computer device while being written in advance in the memory of the computer device. 5. The first and second key data K1 and K2
The data protection device for an IC memory card according to claim 1 or 2, wherein the data is stored in a RAM area of the IC memory card. 6. The IC according to claim 1, wherein the encryption operation and the plain culture operation are exclusive OR operations.
Memory card data protection device. 7. The data protection device for an IC memory card according to claim 1, wherein the encryption operation is a bit-compatible addition or subtraction, and the plain culture operation is a bit-compatible subtraction or addition. 8. The data protection device for an IC memory card according to claim 1, wherein the first key data is loaded into the pattern generator each time the IC memory card is accessed a predetermined number of times. 9. A data protection method for an IC memory card, which protects data recorded in an IC memory card used as an external storage medium of a computer device, which is preset when writing data to the IC memory card. The key data K1 of 1 is loaded into the pattern generator as the initial pattern data, different pattern data is sequentially generated from the pattern generator, and the encryption operation is performed using the data to be written in the IC memory card and the pattern data output from the pattern generator. At the same time, the address conversion operation is performed using the preset second key data K2 and the data storage destination address in the IC memory card, and the encryption is performed at the position of the IC memory card indicated by the address obtained by the address conversion. The de When writing data and reading data from the IC memory card,
Key data K1 of No. 2 is loaded as an initial pattern data into the pattern generator, the pattern data sequence which is the same as that at the time of writing is sequentially generated from the pattern generator, and the address conversion operation is performed using the data read address and the second key data K2 A data protection method for an IC memory card, which comprises performing a flat culture operation using the data read from the position of the IC memory card indicated by the address obtained by the address conversion and the pattern data output from the pattern generator. . 10. The first and second key data K1, K
10. The data protection method for an IC memory card according to claim 9, wherein 2 is written in the ROM area of the IC memory card in advance, and the first and second key data are made different for each IC memory card. 11. The first and second key data K1, K
10. The data protection method for an IC memory card according to claim 9, wherein 2 is written in the memory of the computer device in advance, and the first and second key data are made different for each computer device. 12. The first and second key data K1, K
10. The data protection method for an IC memory card according to claim 9, wherein the data is stored in the RAM area of the IC memory card. 13. The I according to claim 9, wherein the encryption operation and the plain culture operation are exclusive OR operations.
C Memory card data protection device. 14. In an IC memory card used as an external storage medium of a computer device, a ROM area and a RAM area are provided in the IC memory card, and key data used for encrypting data stored in the RAM area and / or Key data used for address conversion of data storage and read addresses are written in the ROM area in advance.
C memory card.